{ lib, config, pkgs, ... }: let cfg = config.my.services.forgejo; httpPort = 3000; sshPort = 22; in { options.my.services.forgejo = { enable = lib.mkEnableOption "Enable Forgejo code repository"; stateDir = lib.mkOption { type = lib.types.path; default = "/var/lib/forgejo/media"; description = "Directory with Immich will store media files"; }; settings = lib.mkOption { default = { }; description = '' Settings for Forgejo ''; }; secrets = lib.mkOption { description = "Secrets declared "; type = lib.types.submodule { freeformType = with lib.types; attrsOf (attrsOf path); options = { }; }; default = { }; }; proxy = { enable = lib.mkEnableOption "Set the proxy entry for this service"; domain = lib.mkOption { default = "example.com"; type = lib.types.str; description = '' The domain where Caddy is reachable ''; }; subdomain = lib.mkOption { default = "git"; type = lib.types.str; description = '' The subdomain where Immich is reachable ''; }; host = lib.mkOption { default = "localhost"; type = lib.types.str; description = '' host name where the service is running ''; }; }; }; config = lib.mkMerge [ (lib.mkIf cfg.enable { services.forgejo = { enable = true; lfs.enable = true; stateDir = cfg.stateDir; secrets = cfg.secrets; database = { createDatabase = true; type = "postgres"; }; settings = lib.recursiveUpdate { server = { DOMAIN = "git.${cfg.proxy.domain}"; ROOT_URL = "https://git.${cfg.proxy.domain}"; START_SSH_SERVER = true; SSH_PORT = sshPort; # Listen on all interfaces so git push/pull via SSH works from other hosts SSH_LISTEN_HOST = "0.0.0.0"; HTTP_PORT = httpPort; }; actions = { ENABLED = true; DEFAULT_ACTIONS_URL = "https://code.forgejo.org"; ARTIFACT_RETENTION_DAYS = 90; }; } cfg.settings; }; networking.firewall.allowedTCPPorts = [ httpPort sshPort ]; }) (lib.mkIf cfg.proxy.enable { services.caddy = with cfg.proxy; { virtualHosts."${subdomain}.${domain}".extraConfig = '' reverse_proxy http://${host}:${toString httpPort} import cloudflare_${domain} ''; }; }) ]; }