Merge branch 'main' of codeberg.org:muon/home

modules/nixos/server/default.nix

@@ -16,5 +16,6 @@
     ./homebox.nix
     ./share.nix
     ./vault.nix
+    ./git.nix
   ];
 }

modules/nixos/server/git.nix

@@ -15,13 +15,13 @@ in with lib; {
   config = mkIf cfg.enable {
     services.forgejo = {
       enable = true;
-      stateDir = "/srv/forgejo";
       lfs.enable = true;
       settings.server = {
         HTTP_ADDR = "0.0.0.0";
         HTTP_PORT = port;
-        SSH_PORT = 91722;
+        SSH_PORT = 22917;
         DOMAIN = "git.muon.host";
+        ROOT_URL = "https://git.muon.host";
       };
     };
   };

modules/nixos/server/nginx.nix

@@ -53,7 +53,7 @@ in with lib; {
         # add_header Strict-Transport-Security $hsts_header;
 
         # Enable CSP for your services.
-        #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
+        add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
 
         # Minimize information leaked to other domains
         add_header 'Referrer-Policy' 'origin-when-cross-origin';
@@ -69,6 +69,9 @@ in with lib; {
 
         # required when the server wants to use HTTP Authentication
         proxy_pass_header Authorization;
+
+        # This is necessary to pass the correct IP to be hashed
+        real_ip_header X-Real-IP;
       '';
 
       virtualHosts = let