New service: Forgejo

2025-10-07 22:52:54 +02:00 · 2025-10-07 22:52:54 +02:00 · 0ba7940dba
commit 0ba7940dba
parent 3947745bec
8 changed files with 190 additions and 0 deletions
--- a/modules/services/forgejo.nix
+++ b/modules/services/forgejo.nix
@ -0,0 +1,103 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+let
+  cfg = config.my.services.forgejo;
+  httpPort = 3000;
+in
+{
+
+  options.my.services.forgejo = {
+    enable = lib.mkEnableOption "Enable Forgejo code repository";
+
+    stateDir = lib.mkOption {
+      type = lib.types.path;
+      default = "/var/lib/forgejo/media";
+      description = "Directory with Immich will store media files";
+    };
+
+    settings = lib.mkOption {
+      default = { };
+      description = ''
+        Settings for Forgejo
+      '';
+    };
+
+    secrets = lib.mkOption {
+      description = "Secrets declared ";
+      type = lib.types.submodule {
+        freeformType = with lib.types; attrsOf (attrsOf path);
+        options = { };
+      };
+      default = { };
+    };
+
+    proxy = {
+      enable = lib.mkEnableOption "Set the proxy entry for this service";
+
+      domain = lib.mkOption {
+        default = "example.com";
+        type = lib.types.str;
+        description = ''
+          The domain where Caddy is reachable
+        '';
+      };
+
+      subdomain = lib.mkOption {
+        default = "git";
+        type = lib.types.str;
+        description = ''
+          The subdomain where Immich is reachable
+        '';
+      };
+
+      host = lib.mkOption {
+        default = "localhost";
+        type = lib.types.str;
+        description = ''
+          host name where the service is running
+        '';
+      };
+
+    };
+  };
+
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+
+      services.forgejo = {
+        enable = true;
+        lfs.enable = true;
+        stateDir = cfg.stateDir;
+        secrets = cfg.secrets;
+        database = {
+          createDatabase = true;
+          type = "postgres";
+        };
+        settings = lib.recursiveUpdate {
+          server = {
+            DOMAIN = "git.${cfg.proxy.domain}";
+            ROOT_URL = "https://git.${cfg.proxy.domain}";
+            HTTP_PORT = httpPort;
+            SSH_PORT = 2222;
+          };
+        } cfg.settings;
+      };
+
+      networking.firewall.allowedTCPPorts = [ httpPort ];
+
+    })
+
+    (lib.mkIf cfg.proxy.enable {
+      services.caddy = with cfg.proxy; {
+        virtualHosts."${subdomain}.${domain}".extraConfig = ''
+          reverse_proxy http://${host}:${toString httpPort}
+          import cloudflare_${domain}
+        '';
+      };
+    })
+  ];
+}