nix-server/modules/services/forgejo.nix

{ config, lib, pkgs, options, ... }:

with lib;
let
  cfg = config.modules.services.forgejo;

  theme = pkgs.fetchzip {
    url = "https://github.com/catppuccin/gitea/releases/download/v0.4.1/catppuccin-gitea.tar.gz";
    sha256 = "1wi4gi431b8hpmk6cr05jygplj76p6jwwlihajxz9131aqxym1fp";
    stripRoot = false;
  };
in {
  options.modules.services.forgejo = {
    enable = mkEnableOption "enable forgejo, a lightweight git server";
    domain = mkOption {
      type = types.str;
      default = "git.reidlab.online";
    };
    port = mkOption {
      type = types.int;
      default = 3000;
    };
  };

  config = mkIf cfg.enable {
    services = {
      forgejo = {
        enable = true;
        stateDir = "/var/lib/${cfg.domain}";
        database.type = "postgres";
        settings = {
          "DEFAULT" = {
          	APP_NAME = "reidlab's git instance";
          };
          "security" = {
            INSTALL_LOCK = true;
            PASSWORD_HASH_ALGO = "argon2";
            PASSWORD_CHECK_PWN = true;
          };
          "ui" = {
            THEMES =
              builtins.concatStringsSep
              ","
              (["auto"]
                ++ (map (name: removePrefix "theme-" (removeSuffix ".css" name))
                  (attrNames (builtins.readDir theme))));
            DEFAULT_THEME = "catppuccin-mocha-red";
          };
          "ui.meta" = {
            AUTHOR = "reidlab";
            DESCRIPTION = "reidlab's git instance";
          };
          "server" = {
            DOMAIN = cfg.domain;
            HTTP_PORT = cfg.port;
            ROOT_URL = "https://${cfg.domain}/";
          };
          "repository" = {
            DEFAULT_BRANCH = "main";
          };
          "picture" = {
            DISABLE_GRAVATAR = false;
            ENABLE_FEDERATED_AVATAR = true;
          };
          "service" = {
            ENABLE_CAPTCHA = false;
            REGISTER_EMAIL_CONFIRM = false;
            DEFAULT_KEEP_EMAIL_PRIVATE = true;
            DEFAULT_ENABLE_TIMETRACING = true;
            DISABLE_REGISTRATION = true;
          };
          "federation" = {
            ENABLED = true;
          };
        };
      };

      nginx.virtualHosts."${cfg.domain}" = {
        forceSSL = true;
        enableACME = true;
        locations."/".extraConfig = ''
          proxy_pass http://127.0.0.1:${toString cfg.port};
        '';
      };
    };

    systemd.services.forgejo = {
      preStart = mkAfter ''
        rm -rf ${config.services.forgejo.customDir}/public/assets
        mkdir -p ${config.services.forgejo.customDir}/public/assets
        ln -sf ${theme} ${config.services.forgejo.customDir}/public/assets/css
      '';
    };
  };
}