{pkgs, ...}: { project.name = "git"; networks.dmz = { name = "dmz"; external = true; }; networks.transport = {}; services = { forgejo.service = { image = "codeberg.org/forgejo/forgejo:8.0.0"; container_name = "forgejo"; useHostStore = true; labels = { "traefik.enable" = "true"; "traefik.docker.network" = "dmz"; "traefik.http.services.forgejo.loadbalancer.server.port" = "3000"; "traefik.http.routers.forgejo.service" = "forgejo"; "traefik.http.routers.forgejo.entrypoints" = "websecure"; "traefik.http.routers.forgejo.rule" = "Host(`git.ghoscht.com`)"; "traefik.http.routers.forgejo.tls" = "true"; "traefik.http.routers.forgejo.tls.certresolver" = "letsencrypt"; "traefik.http.services.forgejo-external.loadbalancer.server.port" = "3000"; "traefik.http.routers.forgejo-external.service" = "forgejo-external"; "traefik.http.routers.forgejo-external.rule" = "Host(`git.ghoscht.com`)"; "traefik.http.routers.forgejo-external.entrypoints" = "websecure-external"; "traefik.http.routers.forgejo-external.tls" = "true"; "traefik.http.routers.forgejo-external.tls.certresolver" = "letsencrypt"; "diun.enable" = "true"; "diun.watch_repo" = "true"; "diun.sort_tags" = "semver"; "diun.include_tags" = "^\\d+\\.\\d+\\.\\d+$$"; "diun.exclude_tags" = "\\b\\d{4,}\\b"; }; volumes = [ "/storage/dataset/docker/git/forgejo_data:/data" "/etc/localtime:/etc/localtime:ro" ]; ports = [ "2222:22" ]; environment = { USER_UID = 1000; USER_GID = 1000; GITEA__database__DB_TYPE = "postgres"; GITEA__database__HOST = "git-db:5432"; }; env_file = [ "/home/ghoscht/.docker/git/forgejo.env" ]; restart = "unless-stopped"; networks = [ "dmz" "transport" ]; }; git-db.service = { image = "postgres:15.3-bullseye"; env_file = [ "/home/ghoscht/.docker/git/forgejo-db.env" ]; volumes = [ "/storage/dataset/docker/git/forgejo_db:/var/lib/postgresql/data" ]; restart = "unless-stopped"; networks = [ "transport" ]; }; }; }