{ config, lib, ... }: { options.aether = { inherit (import ../options.nix { inherit lib; }) domain https acmeEmail; forgejo = { subdomain = lib.mkOption { type = lib.types.nullOr lib.types.str; default = "git"; description = '' The subdomain to host the Forgejo instance under. If null, then Forgejo is hosted at the domain itself. ''; }; user = lib.mkOption { type = lib.types.str; default = "git"; description = '' The user to run Forgejo with. ''; }; createUser = lib.mkOption { type = lib.types.bool; default = true; description = '' Whether to create the Forgejo user automatically. ''; }; templates = lib.mkOption { type = lib.types.nullOr lib.types.path; default = null; description = '' A directory of templates for customizing Forgejo's appearance. ''; }; }; }; config = let cfg = config.aether.forgejo; forgejo = config.services.forgejo; srv = forgejo.settings.server; in { # Web server services.nginx.enable = true; services.nginx.virtualHosts.${srv.DOMAIN} = { forceSSL = config.aether.https; enableACME = config.aether.https; extraConfig = '' client_max_body_size 512M; ''; locations."/".proxyPass = "http://localhost:${builtins.toString srv.HTTP_PORT}"; }; security.acme.acceptTerms = config.aether.https; security.acme.defaults.email = cfg.acmeEmail; networking.firewall.allowedTCPPorts = [ 80 ] ++ lib.optional config.aether.https; # Forgejo services.forgejo = { enable = true; user = cfg.user; group = forgejo.user; database.user = forgejo.user; settings.server = { DOMAIN = lib.optionalString (!(builtins.isNull cfg.subdomain)) "${cfg.subdomain}." + config.aether.domain; ROOT_URL = "https://${srv.DOMAIN}/"; }; }; systemd.tmpfiles.rules = lib.optional (!(builtins.isNull cfg.templates)) "L+ ${cfg.stateDir}/custom/templates - - - - ${cfg.templates}"; } // lib.mkIf cfg.createUser { users.users.${forgejo.user} = { home = forgejo.stateDir; useDefaultShell = true; group = forgejo.group; isSystemUser = true; }; users.groups.${forgejo.group} = {}; }; }