51 lines
1.3 KiB
Nix
51 lines
1.3 KiB
Nix
{config, ...}: let
|
|
forgejoPort = 8082;
|
|
in {
|
|
age.secrets."hidden_service/forgejo" = {
|
|
file = ../secrets/hidden_service/forgejo;
|
|
};
|
|
|
|
services = {
|
|
forgejo = {
|
|
enable = true;
|
|
lfs.enable = false;
|
|
settings.server = {
|
|
DOMAIN = "git.distrust.network";
|
|
HTTP_PORT = forgejoPort;
|
|
ROOT_URL = "https://git.distrust.network/";
|
|
SSH_PORT = builtins.head config.services.openssh.ports;
|
|
};
|
|
};
|
|
borgbackup.jobs."forgejo" = {
|
|
repo = "ssh://u506783@u506783.your-storagebox.de:23/./forgejo";
|
|
environment = {
|
|
BORG_RSH = "ssh -i ${config.age.secrets."borg_ed25519".path} -o 'StrictHostKeyChecking=no'";
|
|
};
|
|
paths = [
|
|
"/var/lib/forgejo"
|
|
];
|
|
encryption = {
|
|
mode = "passkey";
|
|
passCommand = "cat ${config.age.secrets."borg_pass".path}";
|
|
};
|
|
compression = "auto,lzma";
|
|
startAt = "daily";
|
|
prune.keep = {
|
|
daily = 7;
|
|
weekly = 4;
|
|
monthly = -1;
|
|
};
|
|
};
|
|
};
|
|
|
|
distrust.services."forgejo" = {
|
|
url = "https://git.distrust.network";
|
|
onion = {
|
|
url = "http://cr27k6asjs7skvjxs6smhqfam3wlvmft2f3iins44k6p6rmmfyolobqd.onion";
|
|
secretKey = config.age.secrets."hidden_service/forgejo".path;
|
|
};
|
|
virtualHostConfig = ''
|
|
reverse_proxy localhost:${toString forgejoPort}
|
|
'';
|
|
};
|
|
}
|