{ config, lib, ... }: let cfg = config.aether.forgejo; forgejo = config.services.forgejo; srv = forgejo.settings.server; in { imports = [ ./options.nix ]; # Web server services.nginx.enable = true; services.nginx.virtualHosts.${srv.DOMAIN} = { forceSSL = config.aether.https; enableACME = config.aether.https; extraConfig = '' client_max_body_size 512M; ''; locations."/".proxyPass = "http://localhost:${builtins.toString srv.HTTP_PORT}"; }; security.acme.acceptTerms = config.aether.https; security.acme.defaults.email = cfg.acmeEmail; networking.firewall.allowedTCPPorts = [ 80 ] ++ lib.optional config.aether.https 443; # Forgejo services.forgejo = { enable = true; user = cfg.user; group = forgejo.user; database.user = forgejo.user; settings.server = { DOMAIN = lib.optionalString (!(builtins.isNull cfg.subdomain)) "${cfg.subdomain}." + config.aether.domain; ROOT_URL = "https://${srv.DOMAIN}/"; }; }; systemd.tmpfiles.rules = lib.optional (!(builtins.isNull cfg.templates)) "L+ ${cfg.stateDir}/custom/templates - - - - ${cfg.templates}"; } // lib.mkIf cfg.createUser { users.users.${forgejo.user} = { home = forgejo.stateDir; useDefaultShell = true; group = forgejo.group; isSystemUser = true; }; users.groups.${forgejo.group} = {}; }