{ config, lib, pkgs, dgn-lib, ... }: let inherit (dgn-lib) setDefault; port = 3000; host = "git.dgnum.eu"; in { services.forgejo = { enable = true; user = "git"; package = pkgs.forgejo; stateDir = "/var/lib/git"; database = { type = "postgres"; user = "git"; name = "gitea"; passwordFile = config.age.secrets."forgejo-database_password_file".path; }; settings = { DEFAULT = { APP_NAME = "Forge git de la DGNum"; }; server = { ROOT_URL = "https://${host}/"; DOMAIN = host; HTTP_ADDRESS = "127.0.0.1"; HTTP_PORT = port; APP_DATA_PATH = "/var/lib/git/data"; }; service = { EMAIL_DOMAIN_ALLOWLIST = "dgnum.eu"; DISABLE_REGISTRATION = false; }; log.LEVEL = "Warn"; ui.THEMES = "forgejo-auto,forgejo-light,forgejo-dark"; actions = { ENABLED = true; DEFAULT_ACTIONS_URL = "https://gitea.com"; }; mailer = { ENABLED = false; FROM = "git@infra.dgnum.eu"; MAILER_TYPE = "smtp"; SMTP_ADDR = "kurisu.lahfa.xyz"; SMTP_PORT = 465; IS_TLS_ENABLED = true; USER = "web-services@infra.dgnum.eu"; }; }; # Dump configuration # dump = { # enable = false; # type = "tar.xz"; # file = "gitea.bk"; # }; # mailerPasswordFile = config.age.secrets."_ht-mail.pwd".path; }; services.nginx = { enable = true; virtualHosts.${host} = { enableACME = true; forceSSL = true; locations."/" = { proxyPass = "http://127.0.0.1:${toString port}"; }; }; }; users.users.git = { description = "Git Service"; home = "/var/lib/git"; useDefaultShell = true; group = "git"; isSystemUser = true; }; users.groups.git = { }; dgn-secrets.options = [ (setDefault { owner = "git"; } (builtins.filter (lib.hasPrefix "forgejo-") config.dgn-secrets.names)) ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; }