diff --git a/configuration.nix b/configuration.nix index a0145d5..e533a59 100644 --- a/configuration.nix +++ b/configuration.nix @@ -8,6 +8,7 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix + ./forgejo.nix ]; # Bootloader. @@ -52,17 +53,6 @@ Defaults timestamp_timeout=120 ''; - services.forgejo = { - enable = true; - settings = { - server = { - ROOT_URL = "https://git.${domainName}/"; - PROTOCOL = "http"; - DOMAIN = "git.${domainName}"; - }; - service.DISABLE_REGISTRATION = true; - }; - }; services.logind.settings.Login = { HandleLidSwitch = "ignore"; @@ -144,24 +134,6 @@ }; }; }; - "git.${domainName}" = { - forceSSL = true; - enableACME = true; - extraConfig = '' - client_max_body_size 512M; - ''; - locations = { - "/" = { - proxyPass = "http://localhost:3000"; - extraConfig = '' - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - ''; - }; - }; - }; }; }; security.acme = { diff --git a/forgejo.nix b/forgejo.nix new file mode 100644 index 0000000..c11acbb --- /dev/null +++ b/forgejo.nix @@ -0,0 +1,37 @@ +{ + domainName, + ... +}: +{ + services = { + forgejo = { + enable = true; + settings = { + server = { + ROOT_URL = "https://git.${domainName}/"; + PROTOCOL = "http"; + DOMAIN = "git.${domainName}"; + }; + service.DISABLE_REGISTRATION = true; + }; + }; + nginx.virtualHosts."git.${domainName}" = { + forceSSL = true; + enableACME = true; + extraConfig = '' + client_max_body_size 512M; + ''; + locations = { + "/" = { + proxyPass = "http://localhost:3000"; + extraConfig = '' + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + ''; + }; + }; + }; + }; +}