{ config, lib, pkgs, ... }: { hacc.containers.forgejo = { config = { lib, pkgs, ... }: { system.stateVersion = "21.11"; environment.systemPackages = [ pkgs.forgejo ]; hacc.bindMounts."/var/lib/forgejo" = "/persist/forgejo"; services.forgejo = { enable = true; package = pkgs.forgejo; lfs.enable = true; database.type = "postgres"; settings = { repository = { DEFAULT_PRIVATE = "public"; PREFERRED_LICENSES = "Unlicense"; DEFAULT_BRANCH = "main"; }; oauth2_client = { ACCOUNT_LINKING = "auto"; ENABLE_AUTO_REGISTRATION = true; }; "repository.pull-requests" = { DEFAULT_MERGE_STYLE = "merge"; DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = true; }; "repository.upload".FILE_MAX_SIZE = 1024; server = { LANDING_PAGE = "explore"; OFFLINE_MODE = true; ROOT_URL = "https://git.infra4future.de"; HTTP_PORT = 3000; HTTP_ADDR = "0.0.0.0"; }; security = { INSTALL_LOCK = true; }; other = { SHOW_FOOTER_VERSION = false; SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; }; cron = { ENABLED = true; NOTICE_ON_SUCCESS = true; }; "cron.update_mirrors" = { SCHEDULE = "@every 12h"; PULL_LIMIT = "-1"; PUSH_LIMIT = "-1"; }; "cron.git_gc_repos".ENABLED = true; "cron.delete_old_actions".ENABLED = true; log.LEVEL = "Info"; service.DISABLE_REGISTRATION = true; session.COOKIE_SECURE = true; default.APP_NAME = "0x0: git for all creatures"; }; }; services.postgresql.package = pkgs.postgresql_15; services.postgresqlBackup = { enable = true; databases = [ "forgejo" ]; startAt = "*-*-* 23:45:00"; location = "/persist/backups/postgres"; }; services.openssh = { enable = true; settings = { PasswordAuthentication = false; AcceptEnv = "GIT_PROTOCOL"; }; }; }; }; services.nginx.virtualHosts."git.infra4future.de" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://${config.containers.forgejo.localAddress}:3000"; }; }; }