nixos/hosts/makise/system/configuration/forgejo.nix

{ config
, lib
, pkgs
, ...
}:

{
  networking.firewall.allowedTCPPorts = [ 22 ];
  
  services.traefik.dynamicConfigOptions.http = {
    routers.forgejo = {
      rule = "Host(`git.dokkae.duckdns.org`)";
      service = "forgejo";
      entryPoints = [ "websecure" ];
      tls = { certResolver = "letsencrypt"; };
    };

    services.forgejo = {
      loadBalancer.servers = [
        { url = "http://localhost:3003"; }
      ];
    };
  };

  services.forgejo = {
    enable = true;
    database = {
      type = "postgres";
      host = "/run/postgresql";
      name = "forgejo";
      user = "forgejo";
    };

    lfs.enable = false;

    settings = {
      server = {
        DOMAIN = "localhost";
        PROTOCOL = "http";
        HTTP_PORT = 3003;

        # Used for web-displayed URL references.
        ROOT_URL = "https://git.dokkae.duckdns.org/";

        # SSH Settings
        SSH_DOMAIN = "git.dokkae.duckdns.org";
        SSH_PORT = 22;
        START_SSH_SERVER = false;
      };

      services = {
        # Can be temporarily disabled to allow registration of an admin user.
        # Admin account can manually create new users via web interface.
        DISABLE_REGISTRATION = true;
      };

      actions = {
        ENABLED = true;
        DEFAULT_ACTIONS_URL = "github";
      };

      # Optional email server configuration.
      # Test mails can be sent via: Profile Picture > Site Administration > Configuration >  Mailer Configuration
      mailer = {
        ENABLED = true;
        SMTP_ADDR = "smtp.gmail.com";
        FROM = "noreply@git.dokkae.duckdns.org";
        USER = "finnliry@gmail.com";
      };
    };

    secrets = {
      mailer.PASSWD = config.sops.secrets."forgejo/mailer/password".path;
    };
  };

  systemd.services.forgejo.preStart = let
    adminCmd = "${lib.getExe config.services.forgejo.package} admin user";
    pwdPath = config.sops.secrets."forgejo/admin/dokkae.cat/password".path;
    user = "dokkae.cat";
  in ''
    PASSWORD="$(cat "${pwdPath}" | tr -d '\n')"
    ${adminCmd} create --admin --email "finnliry@gmail.com" --username ${user} --password "$PASSWORD" || true
  '';
}