{ self, config, lib, pkgs, ... }: let cfg = config.services.forgejo; inherit (config.age) secrets; in { age.secrets = { forgejo-mailer = { file = self + /secrets/forgejo/mailer.age; mode = "400"; owner = cfg.user; }; forgejo-admin = { file = self + /secrets/forgejo/admin.age; mode = "400"; owner = cfg.user; }; }; services.forgejo = { enable = true; package = pkgs.forgejo; database.type = "postgres"; lfs.enable = true; dump = { enable = true; interval = "*-*-* 02:00:00"; backupDir = "/srv/backup/forgejo"; }; settings = { server = { DOMAIN = "forgejo.helveticanonstandard.net"; ROOT_URL = "https://${cfg.settings.server.DOMAIN}/"; HTTP_ADDR = "127.0.0.1"; HTTP_PORT = 8060; }; service = { DISABLE_REGISTRATION = true; ENABLE_NOTIFY_MAIL = true; }; # TODO: Enable federation = { ENABLED = false; SHARE_USER_STATISTICS = false; }; mailer = { ENABLED = true; SMTP_ADDR = "smtp.fastmail.com"; FROM = "tea@wrz.one"; USER = "lukas@wrz.one"; }; }; secrets.mailer.PASSWD = secrets.forgejo-mailer.path; }; # TODO systemd.services.forgejo.preStart = lib.getExe ( pkgs.writeShellApplication { name = "forgejo-init-admin"; runtimeInputs = [ cfg.package ]; text = let passwordFile = secrets.forgejo-admin.path; in '' admins=$(gitea admin user list --admin | wc --lines) admins=$((admins - 1)) if ((admins < 1)); then gitea admin user create \ --admin \ --email helvetica@helveticanonstandard.net \ --username helvetica \ --password "$(cat -- ${passwordFile})" fi ''; } ); services.nginx.virtualHosts.${cfg.settings.server.DOMAIN} = { enableACME = true; forceSSL = true; extraConfig = '' client_max_body_size 512M; ''; locations."/".proxyPass = let host = cfg.settings.server.HTTP_ADDR; port = builtins.toString cfg.settings.server.HTTP_PORT; in "http://${host}:${port}"; }; }