{ self, config, pkgs, lib, ... }: let # Custom radicle-explorer with our seed as preferred customExplorer = pkgs.radicle-explorer.withConfig { preferredSeeds = [ { hostname = "git.sealight.xyz"; port = 443; scheme = "https"; } ]; }; in { age.secrets.radicle-helix-key.file = "${self}/secrets/radicle-helix-key.age"; age.secrets.radicle-helix-key.owner = "radicle"; services.radicle = { enable = true; privateKeyFile = config.age.secrets.radicle-helix-key.path; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3x7XH24gEr8xHnt1qKQx38Se2AoXiUnb48/VwfL8/A git.sealight.xyz"; node = { listenAddress = "0.0.0.0"; listenPort = 8776; openFirewall = true; }; settings = { node = { alias = "git.sealight.xyz"; externalAddresses = [ "git.sealight.xyz:8776" ]; connect = [ "z6MkoyrvcRdeGU5PyB2SbHj9mNj3nb5p34rZamkEz64GX1c3@10.0.69.4:8776" ]; seedingPolicy.default = "block"; }; }; httpd = { enable = true; listenAddress = "127.0.0.1"; listenPort = 8080; # Don't use the module's nginx integration - we'll configure it manually nginx = null; }; }; # Configure nginx manually for radicle-explorer + httpd API services.nginx.virtualHosts."git.sealight.xyz" = { enableACME = true; forceSSL = true; # Serve radicle-explorer static files at root root = customExplorer; locations."/" = { tryFiles = "$uri $uri/ /index.html"; index = "index.html"; }; # Proxy API requests to radicle-httpd locations."/api" = { proxyPass = "http://127.0.0.1:8080"; recommendedProxySettings = true; }; # Proxy raw file access to radicle-httpd locations."/raw" = { proxyPass = "http://127.0.0.1:8080"; recommendedProxySettings = true; }; # Proxy git protocol requests (rad:xxx) to radicle-httpd # These are requests to /:rid/* where rid starts with "rad:" locations."~ ^/rad:" = { proxyPass = "http://127.0.0.1:8080"; recommendedProxySettings = true; }; }; }