# Big thanks to Pyrox for their config! https://git.pyrox.dev/pyrox/nix/src/branch/main/hosts/marvin/services/git.nix { lib, pkgs, config, ... }: let rootDomain = "lgmrszd.xyz"; domain = "git.${rootDomain}"; cfg = config.services.forgejo; srv = cfg.settings.server; stateDir = "/var/lib/forgejo"; customDir = "${stateDir}/custom"; confDir = "${customDir}/conf"; in { services.nginx.virtualHosts.${domain} = { forceSSL = true; useACMEHost = "${rootDomain}"; extraConfig = '' client_max_body_size 512M; ''; locations."/" = { proxyPass = "http://127.0.0.1:${toString srv.HTTP_PORT}"; recommendedProxySettings = true; }; }; services.forgejo = { enable = true; inherit stateDir; inherit customDir; database = { type = "postgres"; createDatabase = true; passwordFile = config.sops.secrets."forgejo/db_password".path; }; settings = { server = { DOMAIN = domain; ROOT_URL = "https://${srv.DOMAIN}/"; HTTP_ADDR = "127.0.0.1"; HTTP_PORT = 3001; }; service.DISABLE_REGISTRATION = true; actions = { ENABLED = false; }; mailer = { ENABLED = false; }; }; }; sops.secrets."forgejo/db_password" = { sopsFile = ../secrets/forgejo.yaml; format = "yaml"; owner = "forgejo"; group = "forgejo"; }; }