{ pkgs, config, ... }: { services.forgejo = { enable = true; settings = { server = { DOMAIN = "git.4o1x5.dev"; ROOT_URL = "https://git.${config.networking.domain}/"; DISABLE_SSH = true; }; service.DISABLE_REGISTRATION = true; DEFAULT.APP_NAME = "2005's git server"; actions.ENABLED = true; }; database = { type = "postgres"; createDatabase = true; }; }; services.nginx = { virtualHosts = { "git.${config.networking.domain}" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = " http://127.0.0.1:3000"; }; extraConfig = '' client_max_body_size 8192M; access_log /var/log/nginx/$server_name-access.log json_analytics; ''; }; }; }; services.gitea-actions-runner.instances = { root = { enable = true; url = "http://127.0.0.1:3000"; tokenFile = config.age.secrets.forgejo-runner.path; settings = { container = { # TODO fix: networking # instead of using host, create a subnet that cannot contact other server on my network to avoid being haxxed network = "host"; }; }; labels = [ "ubuntu-latest:docker://gitea/runner-images:ubuntu-latest" ]; name = config.networking.hostname; }; }; }