loptland: I have no idea how nginx works, also need to read up on ACME and LetsEncrypt

2024-11-06 19:54:03 +01:00 · 2024-11-06 19:54:03 +01:00 · 8d6c10ccdf
parent aa08b78056
commit 8d6c10ccdf
1 changed files with 29 additions and 7 deletions
--- a/systems/x86_64-linux/loptland/default.nix
+++ b/systems/x86_64-linux/loptland/default.nix
@ -8,6 +8,9 @@
 let
  inherit (lib.${namespace}) enabled;
  domainName = "v2202411240203293899.ultrasrv.de";
  forgejoPort = 3000;
  sopsFile = lib.snowfall.fs.get-file "secrets/secrets-loptland.yaml";
 in
 {
@ -16,10 +19,6 @@ in
  environment.systemPackages = [ pkgs.forgejo-cli ];
  sops.secrets = {
    domain = {
      inherit sopsFile;
    };
    forgejo_db_password = {
      inherit sopsFile;
    };
@ -33,18 +32,41 @@ in
    };
  };
  services.nginx = {
    enable = true;
    virtualHosts = {
      "git.${domainName}" = {
        locations."/" = {
          proxyPass = "http://localhost:${toString forgejoPort}/";
        };
      };
    };
  };
  services.forgejo = {
    enable = true;
    database.type = "postgres";
    lfs.enable = true;
    database = {
      passwordFile = config.sops.secrets.forgejo_db_password.path;
    };
-    # settings = {
+    settings = {
-    #   server.DOMAIN = config.sops.secrets.domain;
+      server = {
-    # };
+        DOMAIN = "git.${domainName}";
        ROOT_URL = "http://git.${domainName}:${toString forgejoPort}";
        HTTP_PORT = forgejoPort;
      };
      service.DISABLE_REGISTRATION = false;
    };
  };
  networking.firewall.allowedTCPPorts = [
    forgejoPort
    80
    443
  ];
  ${namespace} = {
    submodules = {
      basics = enabled;