# Big thanks to Pyrox for their config! https://git.pyrox.dev/pyrox/nix/src/branch/main/hosts/marvin/services/git.nix { lib, pkgs, config, data, ... }: let inherit (data.host) rootDomain; inherit (data.services.git) domain sshPort; mailDomain = data.services.mailserver.domain; cfg = config.services.forgejo; srv = cfg.settings.server; stateDir = "/var/lib/forgejo"; customDir = "${stateDir}/custom"; confDir = "${customDir}/conf"; sops_opts = { sopsFile = ../secrets/forgejo.yaml; format = "yaml"; owner = "forgejo"; group = "forgejo"; }; in { services.nginx.virtualHosts.${domain} = { forceSSL = true; useACMEHost = "${rootDomain}"; extraConfig = '' client_max_body_size 512M; ''; locations."/" = { proxyPass = "http://127.0.0.1:${toString srv.HTTP_PORT}"; recommendedProxySettings = true; }; }; services.forgejo = { enable = true; inherit stateDir; inherit customDir; mailerPasswordFile = config.sops.secrets."forgejo/email_password".path; database = { type = "postgres"; createDatabase = true; passwordFile = config.sops.secrets."forgejo/db_password".path; }; settings = { server = { DOMAIN = domain; ROOT_URL = "https://${srv.DOMAIN}/"; HTTP_ADDR = "127.0.0.1"; HTTP_PORT = 3001; SSH_PORT = sshPort; }; DEFAULT = { APP_NAME = "Lgmrszd's git"; }; admin = { SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true; }; session = { PROVIDER = "db"; COOKIE_SECURE = true; COOKIE_NAME = "lgmgit-session"; DOMAIN = domain; GC_INTERVAL_TIME = 86400 * 7; SESSION_LIFE_TIME = 86400 * 7; }; service = { DISABLE_REGISTRATION = false; ALLOW_ONLY_INTERNAL_REGISTRATION = false; ALLOW_ONLY_EXTERNAL_REGISTRATION = true; SHOW_REGISTRATION_BUTTON = false; ENABLE_NOTIFY_MAIL = true; REGISTER_EMAIL_CONFIRM = false; DEFAULT_KEEP_EMAIL_PRIVATE = true; DEFAULT_ALLOW_CREATE_ORGANIZATION = false; }; oauth2_client = { REGISTER_EMAIL_CONFIRM = false; UPDATE_AVATAR = false; }; repository = { MAX_CREATION_LIMIT = 0; ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT = false; ENABLE_PUSH_CREATE_USER = true; }; "ui.meta" = { AUTHOR = "Lgmrszd"; DESCRIPTION = "Lgmrszd's forgejo instance"; }; actions = { ENABLED = false; }; mailer = { ENABLED = true; PROTOCOL = "smtps"; SMTP_ADDR = mailDomain; SMTP_PORT = 465; USER = "forgejo@${rootDomain}"; FROM = "Lgmrszd's Forgejo "; SENDMAIL_PATH = "/run/wrappers/bin/sendmail"; SENDMAIL_ARGS = "--"; }; "email.incoming" = { ENABLED = true; REPLY_TO_ADDRESS = "forgejo+%{token}@${domain}"; HOST = mailDomain; PORT = 993; USE_TLS = true; USERNAME = "forgejo@${rootDomain}"; PASSWORD = "#mailerpass#"; }; }; }; sops.secrets."forgejo/email_password" = sops_opts; sops.secrets."forgejo/db_password" = sops_opts; }