{ config , lib , pkgs , ... }: let cfg = config.server; in { services.nginx.virtualHosts."git.${cfg.domainName}" = let inherit (config.services.forgejo) settings; in { quic = true; enableACME = true; forceSSL = true; locations."/".proxyPass = "http://${lib.quoteListenAddr settings.server.HTTP_ADDR}:${toString settings.server.HTTP_PORT}"; locations."= /robots.txt".extraConfig = '' return 200 ${builtins.toJSON '' User-agent: * Disallow: /mirrors/nixpkgs Disallow: /chayleaf/nixpkgs ''}; ''; }; services.forgejo = { enable = true; database = { createDatabase = false; type = "postgres"; user = "gitea"; name = "gitea"; passwordFile = "/secrets/forgejo_db_password"; }; lfs.enable = true; settings = { federation.ENABLED = true; "git.timeout" = { DEFAULT = 6000; MIGRATE = 60000; MIRROR = 60000; GC = 120; }; mailer = { ENABLED = true; FROM = "Forgejo "; PROTOCOL = "smtp"; SMTP_ADDR = "mail.${cfg.domainName}"; SMTP_PORT = 587; USER = "noreply@${cfg.domainName}"; PASSWD = cfg.unhashedNoreplyPassword; FORCE_TRUST_SERVER_CERT = true; }; session = { COOKIE_SECURE = true; }; server = { ROOT_URL = "https://git.${cfg.domainName}"; HTTP_ADDR = "::1"; HTTP_PORT = 3310; DOMAIN = "git.${cfg.domainName}"; # START_SSH_SERVER = true; # SSH_PORT = 2222; }; service = { DISABLE_REGISTRATION = true; REGISTER_EMAIL_CONFIRM = true; }; cache = { ADAPTER = "redis"; HOST = "redis+socket://${config.services.redis.servers.forgejo.unixSocket}"; }; }; }; systemd.services.forgejo = { wants = [ "redis-forgejo.service" ]; after = [ "redis-forgejo.service" ]; }; users.users.forgejo.extraGroups = [ config.services.redis.servers.forgejo.user ]; services.redis.servers.forgejo = { enable = true; }; services.nginx.virtualHosts."cloud.${cfg.domainName}" = { quic = true; enableACME = true; forceSSL = true; }; services.nextcloud = { enable = true; package = pkgs.nextcloud29; autoUpdateApps.enable = true; # TODO: use socket auth and remove the next line database.createLocally = false; config = { adminpassFile = "/var/lib/nextcloud/admin_password"; dbpassFile = "/var/lib/nextcloud/db_password"; dbtype = "pgsql"; dbhost = "/run/postgresql"; }; phpOptions."opcache.interned_strings_buffer" = "16"; settings.overwriteprotocol = "https"; hostName = "cloud.${cfg.domainName}"; https = true; }; services.qbittorrent-nox.enable = true; services.qbittorrent-nox.ui.port = 19642; services.qbittorrent-nox.torrent.port = 45522; services.jellyfin.enable = true; services.nginx.virtualHosts."home.${cfg.domainName}".locations = { "/torrent/" = { extraConfig = '' proxy_pass http://127.0.0.1:${toString config.services.qbittorrent-nox.ui.port}/; proxy_http_version 1.1; proxy_set_header Host 127.0.0.1:30000; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-For $remote_addr; proxy_cookie_path / "/; Secure"; ''; }; "/jelly/" = { proxyPass = "http://127.0.0.1:8096"; proxyWebsockets = true; }; }; }