aynish/helm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
helm/hosts/profiles/radicle-seed/default.nix
T
Anish Lakhwara cd8bb0fe0f migrate to radicle
2026-01-21 21:55:37 -08:00

86 lines
2.1 KiB
Nix
Raw Permalink Blame History

{
self,
config,
pkgs,
lib,
...
}:
let
# Custom radicle-explorer with our seed as preferred
customExplorer = pkgs.radicle-explorer.withConfig {
preferredSeeds = [
{
hostname = "git.sealight.xyz";
port = 443;
scheme = "https";
}
];
};
in
{
age.secrets.radicle-helix-key.file = "${self}/secrets/radicle-helix-key.age";
age.secrets.radicle-helix-key.owner = "radicle";
services.radicle = {
enable = true;
privateKeyFile = config.age.secrets.radicle-helix-key.path;
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA3x7XH24gEr8xHnt1qKQx38Se2AoXiUnb48/VwfL8/A git.sealight.xyz";
node = {
listenAddress = "0.0.0.0";
listenPort = 8776;
openFirewall = true;
};
settings = {
node = {
alias = "git.sealight.xyz";
externalAddresses = [ "git.sealight.xyz:8776" ];
connect = [ "z6MkoyrvcRdeGU5PyB2SbHj9mNj3nb5p34rZamkEz64GX1c3@10.0.69.4:8776" ];
seedingPolicy.default = "block";
};
};
httpd = {
enable = true;
listenAddress = "127.0.0.1";
listenPort = 8080;
# Don't use the module's nginx integration - we'll configure it manually
nginx = null;
};
};
# Configure nginx manually for radicle-explorer + httpd API
services.nginx.virtualHosts."git.sealight.xyz" = {
enableACME = true;
forceSSL = true;
# Serve radicle-explorer static files at root
root = customExplorer;
locations."/" = {
tryFiles = "$uri $uri/ /index.html";
index = "index.html";
};
# Proxy API requests to radicle-httpd
locations."/api" = {
proxyPass = "http://127.0.0.1:8080";
recommendedProxySettings = true;
};
# Proxy raw file access to radicle-httpd
locations."/raw" = {
proxyPass = "http://127.0.0.1:8080";
recommendedProxySettings = true;
};
# Proxy git protocol requests (rad:xxx) to radicle-httpd
# These are requests to /:rid/* where rid starts with "rad:"
locations."~ ^/rad:" = {
proxyPass = "http://127.0.0.1:8080";
recommendedProxySettings = true;
};
};
}
Reference in New Issue View Git Blame Copy Permalink