{ config, pkgs, lib, ... }: with lib; let name = "forgejo"; cfg = config.services.skynet."${name}"; domain_base = "${cfg.domain.base}.${cfg.domain.tld}"; domain_full = "${cfg.domain.sub}.${domain_base}"; in { imports = [ ]; options.services.skynet."${name}" = { enable = mkEnableOption "Skynet Forgejo"; domain = { tld = mkOption { type = types.str; default = "ie"; }; base = mkOption { type = types.str; default = "skynet"; }; sub = mkOption { type = types.str; default = name; }; }; forgejo = { port = mkOption { type = types.port; default = 3000; }; }; }; config = mkIf cfg.enable { # age.secrets.forgejo-mailer-password = { # file = ../../secrets/forgejo/mailer-password.age; # mode = "400"; # owner = "forgejo"; # }; services.skynet.acme.domains = [ "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" ]; # using https://nixos.org/manual/nixos/stable/index.html#module-services-gitlab as a guide services.skynet.dns.records = [ { record = cfg.domain.sub; r_type = "CNAME"; value = config.services.skynet.host.name; } ]; services.nginx.virtualHosts = { # main site "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}" = { forceSSL = true; useACMEHost = "skynet"; locations."/" = { proxyPass = "http://localhost:${toString cfg.forgejo.port}"; extraConfig = '' client_max_body_size 1000M; ''; }; }; }; # for signing reasons programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; services.forgejo = { enable = true; package = pkgs.forgejo; database.type = "sqlite3"; # Enable support for Git Large File Storage lfs.enable = true; settings = { server = { DOMAIN = "${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; # You need to specify this to remove the port from URLs in the web UI. ROOT_URL = "https://${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}/"; HTTP_PORT = cfg.forgejo.port; }; # You can temporarily allow registration to create an admin user. service.DISABLE_REGISTRATION = true; # Add support for actions, based on act: https://github.com/nektos/act actions = { ENABLED = true; DEFAULT_ACTIONS_URL = "github"; }; # Allow for signing off merge requests # "repository.signing" = { # SIGNING_KEY = "5B2DED0FE9F8627A"; # SIGNING_NAME = "Skynet"; # SIGNING_EMAIL = "forgejo@glados.skynet.ie"; # MERGES = "always"; # }; # Sending emails is completely optional # You can send a test email from the web UI at: # Profile Picture > Site Administration > Configuration > Mailer Configuration # mailer = { # ENABLED = true; # SMTP_ADDR = "mail.${cfg.domain.base}.${cfg.domain.tld}"; # FROM = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; # USER = "noreply@${cfg.domain.sub}.${cfg.domain.base}.${cfg.domain.tld}"; # }; }; # mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path; }; }; }