# Big thanks to Pyrox for their config! https://git.pyrox.dev/pyrox/nix/src/branch/main/hosts/marvin/services/git.nix { lib, pkgs, config, data, ... }: let inherit (data.host) rootDomain; inherit (data.services.git) domain sshPort; cfg = config.services.forgejo; srv = cfg.settings.server; stateDir = "/var/lib/forgejo"; customDir = "${stateDir}/custom"; confDir = "${customDir}/conf"; in { services.nginx.virtualHosts.${domain} = { forceSSL = true; useACMEHost = "${rootDomain}"; extraConfig = '' client_max_body_size 512M; ''; locations."/" = { proxyPass = "http://127.0.0.1:${toString srv.HTTP_PORT}"; recommendedProxySettings = true; }; }; services.forgejo = { enable = true; inherit stateDir; inherit customDir; database = { type = "postgres"; createDatabase = true; passwordFile = config.sops.secrets."forgejo/db_password".path; }; settings = { server = { DOMAIN = domain; ROOT_URL = "https://${srv.DOMAIN}/"; HTTP_ADDR = "127.0.0.1"; HTTP_PORT = 3001; SSH_PORT = sshPort; }; DEFAULT = { APP_NAME = "Lgmrszd's git"; }; session = { PROVIDER = "db"; COOKIE_SECURE = true; COOKIE_NAME = "lgmgit-session"; DOMAIN = domain; GC_INTERVAL_TIME = 86400 * 7; SESSION_LIFE_TIME = 86400 * 7; }; service = { DISABLE_REGISTRATION = false; ALLOW_ONLY_INTERNAL_REGISTRATION = false; ALLOW_ONLY_EXTERNAL_REGISTRATION = true; SHOW_REGISTRATION_BUTTON = false; REGISTER_EMAIL_CONFIRM = false; DEFAULT_KEEP_EMAIL_PRIVATE = true; DEFAULT_ALLOW_CREATE_ORGANIZATION = false; }; repository = { MAX_CREATION_LIMIT = 0; ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT = false; ENABLE_PUSH_CREATE_USER = true; }; "ui.meta" = { AUTHOR = "Lgmrszd"; DESCRIPTION = "Lgmrszd's forgejo instance"; }; actions = { ENABLED = false; }; mailer = { ENABLED = false; }; }; }; sops.secrets."forgejo/db_password" = { sopsFile = ../secrets/forgejo.yaml; format = "yaml"; owner = "forgejo"; group = "forgejo"; }; }