wip

flake.lock

@@ -866,11 +866,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1710695816,
+        "lastModified": 1712310679,
-        "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
+        "narHash": "sha256-XgC/a/giEeNkhme/AV1ToipoZ/IVm1MV2ntiK4Tm+pw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "614b4613980a522ba49f0d194531beddbb7220d3",
+        "rev": "72da83d9515b43550436891f538ff41d68eecc7f",
         "type": "github"
       },
       "original": {

hosts/phantom/default.nix

@@ -12,6 +12,7 @@
     ./writefreely.nix
     ./renawiki.nix
     ./email.nix
+    ./forgejo.nix
   ];
 
   # # Enable networking

hosts/phantom/forgejo.nix

@@ -0,0 +1,40 @@
+{ lib, pkgs, config, ... }:
+let
+  cfg = config.services.forgejo;
+  srv = cfg.settings.server;
+in
+{
+  services.nginx = {
+    virtualHosts.${cfg.settings.server.DOMAIN} = {
+      forceSSL = true;
+      enableACME = true;
+      extraConfig = ''
+        client_max_body_size 512M;
+      '';
+      locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
+    };
+  };
+
+  services.openssh = {
+    authorizedKeysFiles = [
+      "${config.services.forgejo.stateDir}/.ssh/authorized_keys"
+    ];
+    # Recommended by forgejo: https://forgejo.org/docs/latest/admin/recommendations/#git-over-ssh
+    settings.AcceptEnv = "GIT_PROTOCOL";
+  };
+
+  services.forgejo = {
+    enable = true;
+    database.type = "postgres";
+    lfs.enable = true;
+    settings = {
+      service.DISABLE_REGISTRATION = true;
+      server = {
+        DOMAIN = "git.lelgenio.xyz";
+        HTTP_PORT = 3000;
+        ROOT_URL = "${srv.PROTOCOL}://${srv.DOMAIN}/";
+        SSH_PORT = 9022;
+      };
+    };
+  };
+}

hosts/phantom/mastodon.nix

@@ -6,5 +6,6 @@
     smtp.fromAddress = "lelgenio@disroot.org";
     streamingProcesses = 2;
     extraConfig.SINGLE_USER_MODE = "true";
+    mediaAutoRemove.olderThanDays = 10;
   };
 }