{ lib, pkgs, config, ... }: let cfg = config.services.forgejo; srv = cfg.settings.server; fqdn = "git.symbiotrip.com"; smtpPassword = "Monaco55"; runnerToken = "PUT_RUNNER_REGISTRATION_TOKEN_HERE"; adminPassword = "2wiggyWah!"; adminUser = "jsutter"; adminEmail = "jsutter@symbiotrip.com"; in { security.acme.certs.${fqdn}.group = config.services.nginx.group; services.nginx.virtualHosts.${fqdn} = { forceSSL = true; enableACME = true; useACMEHost = fqdn; acmeRoot = null; extraConfig = '' client_max_body_size 512M; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; ''; locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; }; services.forgejo = { enable = true; database.type = "postgres"; lfs.enable = true; settings = { server = { DOMAIN = fqdn; ROOT_URL = "https://${fqdn}/"; HTTP_PORT = 3000; }; service.DISABLE_REGISTRATION = true; actions = { ENABLED = true; DEFAULT_ACTIONS_URL = "github"; }; mailer = { ENABLED = true; SMTP_ADDR = "mail.example.com"; FROM = "noreply@${fqdn}"; USER = "noreply@${fqdn}"; PASSWD = smtpPassword; }; }; }; # Create/ensure admin user systemd.services.forgejo.preStart = let adminCmd = "${lib.getExe cfg.package} admin user"; in '' ${adminCmd} create \ --admin \ --username ${adminUser} \ --email "${adminEmail}" \ --password "${adminPassword}" \ --must-change-password=false || true ''; # Actions runner (runs jobs in Docker containers per labels) virtualisation.docker.enable = true; services.gitea-actions-runner = { package = pkgs.forgejo-runner; instances.default = { enable = true; name = "warp"; url = "https://${fqdn}"; token = runnerToken; labels = [ "node-22:docker://node:22-bookworm" "nixos-latest:docker://nixos/nix" # "native:host" ]; }; }; }