From 0fff727149e6bda4f25242a6a7d571f844bc32ce Mon Sep 17 00:00:00 2001
From: Jalil Arfaoui <jalil@arfaoui.net>
Date: Fri, 15 Nov 2024 18:56:08 +0100
Subject: [PATCH] add forgejo

---
 configuration.nix |  6 +++++-
 forgejo.nix       | 54 +++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 59 insertions(+), 1 deletion(-)
 create mode 100644 forgejo.nix

diff --git a/configuration.nix b/configuration.nix
index f7dc4e6..bfd0cfe 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -1,7 +1,11 @@
 { config, pkgs, lib, ... }:
 
 {
-  imports = [ <nixpkgs/nixos/modules/virtualisation/openstack-config.nix> ./gandicloud.nix ];
+  imports = [
+    <nixpkgs/nixos/modules/virtualisation/openstack-config.nix>
+    ./gandicloud.nix
+    ./forgejo.nix
+  ];
 
   environment.systemPackages = with pkgs; [
     vim
diff --git a/forgejo.nix b/forgejo.nix
new file mode 100644
index 0000000..4d58687
--- /dev/null
+++ b/forgejo.nix
@@ -0,0 +1,54 @@
+{ lib, pkgs, config, ... }:
+let
+  srv = config.services.forgejo.settings.server;
+in
+{
+  services.nginx = {
+    virtualHosts.${config.services.forgejo.settings.server.DOMAIN} = {
+      forceSSL = true;
+      enableACME = true;
+      extraConfig = ''
+        client_max_body_size 512M;
+      '';
+      locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
+    };
+  };
+
+  services.forgejo = {
+    enable = true;
+    database.type = "postgres";
+    # Enable support for Git Large File Storage
+    lfs.enable = true;
+    settings = {
+      server = {
+        DOMAIN = "forge.tiqa.fr";
+        # You need to specify this to remove the port from URLs in the web UI.
+        ROOT_URL = "https://${srv.DOMAIN}/";
+        HTTP_PORT = 3000;
+      };
+      # You can temporarily allow registration to create an admin user.
+#      service.DISABLE_REGISTRATION = true;
+      # Add support for actions, based on act: https://github.com/nektos/act
+      actions = {
+        ENABLED = true;
+        DEFAULT_ACTIONS_URL = "github";
+      };
+      # Sending emails is completely optional
+      # You can send a test email from the web UI at:
+      # Profile Picture > Site Administration > Configuration >  Mailer Configuration
+      mailer = {
+        ENABLED = true;
+        SMTP_ADDR = "mail.example.com";
+        FROM = "jalil@arfaoui.net";
+        USER = "jalil@arfaoui.net";
+      };
+    };
+    mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
+  };
+
+  age.secrets.forgejo-mailer-password = {
+    file = /root/forgejoMailerPassord;
+    mode = "400";
+    owner = "forgejo";
+  };
+}