{ config, nixpkgs, ... }: let port = 3000; host = "git.dgnum.eu"; in { services = { forgejo = { enable = true; user = "git"; package = nixpkgs.unstable.forgejo; stateDir = "/var/lib/git"; database = { type = "postgres"; user = "git"; name = "git"; }; settings = { DEFAULT = { APP_NAME = "Forge git de la DGNum"; }; actions = { ENABLED = true; DEFAULT_ACTIONS_URL = "https://gitea.com"; }; admin = { DEFAULT_EMAIL_NOTIFICATIONS = "enabled"; }; log.LEVEL = "Warn"; mailer = { ENABLED = true; FROM = "git@infra.dgnum.eu"; PROTOCOL = "smtps"; SMTP_ADDR = "kurisu.lahfa.xyz"; SMTP_PORT = 465; USER = "web-services@infra.dgnum.eu"; }; server = { ROOT_URL = "https://${host}/"; DOMAIN = host; HTTP_ADDRESS = "127.0.0.1"; HTTP_PORT = port; APP_DATA_PATH = "/var/lib/git/data"; }; service = { EMAIL_DOMAIN_ALLOWLIST = "dgnum.eu,*"; ENABLE_NOTIFY_MAIL = true; DISABLE_REGISTRATION = false; REGISTER_EMAIL_CONFIRM = true; }; ui.THEMES = "forgejo-auto,forgejo-light,forgejo-dark"; "cron.cleanup_actions".ENABLED = true; "cron.delete_old_actions".ENABLED = true; "cron.git_gc_repos".ENABLED = true; "cron.update_checker".ENABLED = false; }; mailerPasswordFile = config.age.secrets."forgejo-mailer_password_file".path; }; nginx = { enable = true; virtualHosts.${host} = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; }; }; }; }; users.users.git = { description = "Git Service"; home = "/var/lib/git"; useDefaultShell = true; group = "git"; isSystemUser = true; }; users.groups.git = { }; age-secrets.matches."^forgejo-.*$" = { owner = "git"; }; dgn-backups.jobs.forgejo.settings.paths = builtins.map (dir: "/var/lib/git/${dir}") [ "custom" "data" "repositories" ".ssh" ]; dgn-backups.postgresDatabases = [ "git" ]; }