nix-infra/config/hosts/forgejo/nginx.nix

{ config, ... }:
{
  services.nginx = {
    enable = true;
    virtualHosts."git.nekover.se" = {
      forceSSL = true;
      enableACME = true;
      listen = [
        {
          addr = "0.0.0.0";
          port = 80;
        }
        {
          addr = "0.0.0.0";
          port = 8443;
          ssl = true;
          extraParameters = [ "proxy_protocol" ];
        }
      ];

      locations."/" = {
        proxyPass = "${config.services.forgejo.settings.server.PROTOCOL}://${config.services.forgejo.settings.server.HTTP_ADDR}:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}";
      };

      # Disallow crawling archives to save disk space.
      # See: https://forgejo.org/docs/latest/admin/search-engines-indexation/
      locations."/robots.txt" = {
        return = "200 \"User-agent: *\\nDisallow: /*/*/archive/\\n\"";
      };

      extraConfig = ''
        set_real_ip_from 10.202.41.100;
        real_ip_header proxy_protocol;
      '';
    };
  };
}
Add forgejo host 2024-01-28 03:31:28 +01:00			`{ config, ... }:`
			`{`
			`services.nginx = {`
			`enable = true;`
			`virtualHosts."git.nekover.se" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`listen = [`
			`{`
			`addr = "0.0.0.0";`
			`port = 80;`
			`}`
			`{`
			`addr = "0.0.0.0";`
			`port = 8443;`
			`ssl = true;`
			`extraParameters = [ "proxy_protocol" ];`
			`}`
			`];`

			`locations."/" = {`
			`proxyPass = "${config.services.forgejo.settings.server.PROTOCOL}://${config.services.forgejo.settings.server.HTTP_ADDR}:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}";`
			`};`

			`# Disallow crawling archives to save disk space.`
			`# See: https://forgejo.org/docs/latest/admin/search-engines-indexation/`
			`locations."/robots.txt" = {`
			`return = "200 \"User-agent: \\nDisallow: //*/archive/\\n\"";`
			`};`

			`extraConfig = ''`
			`set_real_ip_from 10.202.41.100;`
			`real_ip_header proxy_protocol;`
			`'';`
			`};`
			`};`
			`}`