{ config , pkgs , lib , ... }: let cfg = config.dadada.forgejo; in { options.dadada.forgejo = { enable = lib.mkEnableOption "Enable forgejo"; }; config = lib.mkIf cfg.enable { services.forgejo = { enable = true; user = "gitea"; group = "gitea"; stateDir = "/var/lib/gitea"; database = { type = "postgres"; name = "gitea"; user = "gitea"; }; settings = { DEFAULT.APP_NAME = "dadada forgejo"; service = { DISABLE_REGISTRATION = true; }; sessions = { COOKIE_SECURE = true; }; server = { ROOT_URL = "https://git.dadada.li/"; PROTOCOL = "http+unix"; LANDING_PAGE = "explore"; OFFLINE_MODE = true; DISABLE_SSH = false; # Use built-in SSH server START_SSH_SERVER = true; SSH_PORT = 22; DOMAIN = "git.dadada.li"; }; picture = { DISABLE_GRAVATAR = true; REPOSITORY_AVATAR_FALLBACK = "random"; ENABLE_FEDERATED_AVATAR = false; }; other = { SHOW_FOOTER_BRANDING = false; SHOW_FOOTER_VERSION = false; SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; }; log = { DISABLE_ROUTER_LOG = true; LEVEL = "Error"; }; cache = { ENABLE = true; ADAPTER = "redis"; HOST = "network=unix,addr=${config.services.redis.servers.forgejo.unixSocket},db=0,pool_size=100,idle_timeout=180"; }; }; }; services.redis = { servers.forgejo = { enable = true; user = config.services.forgejo.user; }; vmOverCommit = true; }; services.nginx.virtualHosts."git.${config.networking.domain}" = { enableACME = true; forceSSL = true; locations."/".extraConfig = '' proxy_pass http://unix:/run/forgejo/forgejo.sock:/; ''; }; users.users.gitea = { home = "/var/lib/gitea"; useDefaultShell = true; group = "gitea"; isSystemUser = true; }; users.groups.gitea = { }; }; }