rice/hosts/ami/forgejo.nix

92 lines
2.3 KiB
Nix

{pkgs, ...}: let
port = 3000;
in {
imports = [
./forgejo-runner.nix
];
services = {
forgejo = {
enable = true;
package = pkgs.unstable.forgejo;
settings = {
DEFAULT.APP_NAME = "buffet's kitchen";
admin.SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true;
cron.ENABLED = true;
federation.ENABLED = true;
mailer = {
ENABLED = true;
PROTOCOL = "sendmail";
FROM = "buffet's kitchen <do-not-reply@buffets.kitchen>";
SENDMAIL_PATH = "${pkgs.system-sendmail}/bin/sendmail";
};
repository = {
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
};
server = {
DOMAIN = "buffets.kitchen";
ROOT_URL = "https://buffets.kitchen/";
HTTP_PORT = port;
};
service = {
DISABLE_REGISTRATION = true;
ENABLE_NOTIFY_MAIL = true;
};
"markup.asciidoc" = {
ENABLED = true;
NEED_POSTPROCESS = true;
FILE_EXTENSIONS = ".adoc,.asciidoc";
RENDER_COMMAND = ''"${pkgs.asciidoctor}/bin/asciidoctor -e --safe-mode=secure -a showtitle --out-file=- -"'';
IS_INPUT_FILE = false;
};
"markup.restructuredtext" = {
ENABLED = true;
NEED_POSTPROCESS = true;
FILE_EXTENSIONS = ".rst";
RENDER_COMMAND = ''"timeout 30s ${pkgs.pandoc}/bin/pandoc +RTS -M512M -RTS -f rst"'';
IS_INPUT_FILE = false;
};
};
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."buffets.kitchen" = {
useACMEHost = "buffet.sh";
forceSSL = true;
locations = {
"= /" = {
extraConfig = ''
return 303 https://$host/chef;
'';
};
"/" = {
proxyPass = "http://localhost:${toString port}";
};
"= /assets/img/logo.svg" = {
alias = ../../res/buffet_chef.png;
};
"= /assets/img/favicon.svg" = {
alias = ../../res/buffet_chef.png;
};
};
};
};
};
}