2026-02-15 15:42:17 -08:00
|
|
|
{ ... }:
|
|
|
|
|
|
|
|
|
|
{
|
2026-02-15 15:51:28 -08:00
|
|
|
networking.firewall.interfaces.wg0.allowedTCPPorts = [
|
2026-02-24 21:52:15 -08:00
|
|
|
2222
|
2026-02-15 15:51:28 -08:00
|
|
|
3000
|
|
|
|
|
];
|
2026-02-15 15:42:17 -08:00
|
|
|
|
|
|
|
|
services.forgejo = {
|
|
|
|
|
enable = true;
|
|
|
|
|
settings.service.DISABLE_REGISTRATION = true;
|
2026-02-15 20:28:12 -08:00
|
|
|
settings.actions.ENABLED = true;
|
2026-02-15 15:42:17 -08:00
|
|
|
settings.server = {
|
|
|
|
|
DOMAIN = "forgejo.ellie.town";
|
|
|
|
|
ROOT_URL = "https://forgejo.ellie.town/";
|
|
|
|
|
HTTP_ADDR = "10.10.0.2";
|
|
|
|
|
HTTP_PORT = 3000;
|
2026-02-24 21:52:15 -08:00
|
|
|
START_SSH_SERVER = true;
|
2026-02-15 15:51:28 -08:00
|
|
|
SSH_DOMAIN = "forgejo.ellie.town";
|
|
|
|
|
SSH_PORT = 2222;
|
2026-02-24 21:52:15 -08:00
|
|
|
SSH_LISTEN_PORT = 2222;
|
2026-02-15 15:42:17 -08:00
|
|
|
};
|
|
|
|
|
};
|
2026-05-09 13:04:52 -07:00
|
|
|
|
|
|
|
|
# Forgejo binds HTTP to 10.10.0.2 (the wg0 inner address). Without this
|
|
|
|
|
# ordering, forgejo races wireguard at boot, fails to bind, and stays up
|
|
|
|
|
# only on its all-interfaces SSH listener — leaving the web UI 502'd.
|
2026-05-12 17:41:21 -07:00
|
|
|
# nixpkgs 25.11 routes networking.wireguard.interfaces through
|
|
|
|
|
# systemd-networkd, so the gate is network-online.target (which pulls in
|
|
|
|
|
# systemd-networkd-wait-online.service) rather than wireguard-wg0.service.
|
2026-05-09 13:04:52 -07:00
|
|
|
systemd.services.forgejo = {
|
2026-05-12 17:41:21 -07:00
|
|
|
after = [ "network-online.target" ];
|
|
|
|
|
wants = [ "network-online.target" ];
|
2026-05-09 13:04:52 -07:00
|
|
|
};
|
2026-02-15 15:42:17 -08:00
|
|
|
}
|
