{ config , lib , pkgs , ... }: { networking.firewall.allowedTCPPorts = [ 22 ]; services.traefik.dynamicConfigOptions.http = { routers.forgejo = { rule = "Host(`git.dokkae.duckdns.org`)"; service = "forgejo"; entryPoints = [ "websecure" ]; tls = { certResolver = "letsencrypt"; }; }; services.forgejo = { loadBalancer.servers = [ { url = "http://localhost:3003"; } ]; }; }; services.forgejo = { enable = true; database = { type = "postgres"; host = "/run/postgresql"; name = "forgejo"; user = "forgejo"; }; lfs.enable = false; settings = { server = { DOMAIN = "localhost"; PROTOCOL = "http"; HTTP_PORT = 3003; # Used for web-displayed URL references. ROOT_URL = "https://git.dokkae.duckdns.org/"; # SSH Settings SSH_DOMAIN = "git.dokkae.duckdns.org"; SSH_PORT = 22; START_SSH_SERVER = false; }; services = { # Can be temporarily disabled to allow registration of an admin user. # Admin account can manually create new users via web interface. DISABLE_REGISTRATION = true; }; actions = { ENABLED = true; DEFAULT_ACTIONS_URL = "github"; }; # Optional email server configuration. # Test mails can be sent via: Profile Picture > Site Administration > Configuration > Mailer Configuration mailer = { ENABLED = true; SMTP_ADDR = "smtp.gmail.com"; FROM = "noreply@git.dokkae.duckdns.org"; USER = "finnliry@gmail.com"; }; }; secrets = { mailer.PASSWD = config.sops.secrets."forgejo/mailer/password".path; }; }; systemd.services.forgejo.preStart = let adminCmd = "${lib.getExe config.services.forgejo.package} admin user"; pwdPath = config.sops.secrets."forgejo/admin/dokkae.cat/password".path; user = "dokkae.cat"; in '' PASSWORD="$(cat "${pwdPath}" | tr -d '\n')" ${adminCmd} create --admin --email "finnliry@gmail.com" --username ${user} --password "$PASSWORD" || true ''; }