haccfiles/parsons/forgejo.nix

{ config, lib, pkgs, ... }:

{
  hacc.containers.forgejo = {
    config = { lib, pkgs, ... }: {
      system.stateVersion = "21.11";

      environment.systemPackages = [ pkgs.forgejo ];

      hacc.bindMounts."/var/lib/forgejo" = "/persist/forgejo";

      services.forgejo = {
        enable = true;
        lfs.enable = true;
        database.type = "postgres";
        settings = {
          repository = {
            DEFAULT_PRIVATE = "public";
            PREFERRED_LICENSES = "Unlicense";
            DEFAULT_BRANCH = "main";
          };
          oauth2_client = {
            ACCOUNT_LINKING = "auto";
            ENABLE_AUTO_REGISTRATION = true;
          };
          "repository.pull-requests" = {
            DEFAULT_MERGE_STYLE = "merge";
            DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = true;
          };
          "repository.upload".FILE_MAX_SIZE = 1024;
          server = {
            LANDING_PAGE = "explore";
            OFFLINE_MODE = true;
            ROOT_URL = "https://git.infra4future.de";
            HTTP_PORT = 3000;
            HTTP_ADDR = "0.0.0.0";
          };
          security = { INSTALL_LOCK = true; };
          other = {
            SHOW_FOOTER_VERSION = false;
            SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
          };
          cron = {
            ENABLED = true;
            NOTICE_ON_SUCCESS = true;
          };
          "cron.update_mirrors" = {
            SCHEDULE = "@every 12h";
            PULL_LIMIT = "-1";
            PUSH_LIMIT = "-1";
          };
          "cron.git_gc_repos".ENABLED = true;
          "cron.delete_old_actions".ENABLED = true;
          log.LEVEL = "Info";
          service.DISABLE_REGISTRATION = true;
          session.COOKIE_SECURE = true;
          default.APP_NAME = "0x0: git for all creatures";
        };
      };
      services.postgresql.package = pkgs.postgresql_15;

      services.postgresqlBackup = {
        enable = true;
        databases = [ "forgejo" ];
        startAt = "*-*-* 23:45:00";
        location = "/persist/backups/postgres";
      };
      services.openssh = {
        enable = true;
        settings = {
          PasswordAuthentication = false;
          AcceptEnv = "GIT_PROTOCOL";
        };
      };
    };
  };

  services.nginx.virtualHosts."git.infra4future.de" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://${config.containers.forgejo.localAddress}:3000";
    };
  };
}