From 861d4d112fa200f64b465e5c98c713cf0fbe7e7c Mon Sep 17 00:00:00 2001
From: Grigory Shipunov <blame@oxapentane.com>
Date: Mon, 3 Feb 2025 21:38:51 +0000
Subject: [PATCH] basic forgejo config

---
 hosts/cloud/proxy/default.nix |  1 +
 hosts/cloud/proxy/git.nix     | 33 +++++++++++++++++++
 hosts/forgejo/forgejo.nix     | 62 +++++++++++++++++++++++++++++++++++
 3 files changed, 96 insertions(+)
 create mode 100644 hosts/cloud/proxy/git.nix
 create mode 100644 hosts/forgejo/forgejo.nix

diff --git a/hosts/cloud/proxy/default.nix b/hosts/cloud/proxy/default.nix
index 42430b1..483f126 100644
--- a/hosts/cloud/proxy/default.nix
+++ b/hosts/cloud/proxy/default.nix
@@ -6,6 +6,7 @@ in
   imports = [
     ./auth.nix
     ./dav.nix
+    ./git.nix
     ./immich.nix
     ./news.nix
   ];
diff --git a/hosts/cloud/proxy/git.nix b/hosts/cloud/proxy/git.nix
new file mode 100644
index 0000000..20ef08a
--- /dev/null
+++ b/hosts/cloud/proxy/git.nix
@@ -0,0 +1,33 @@
+{ ... }:
+{
+  services.nginx.upstreams.forgejo = {
+    servers = {
+      "10.89.88.15:3000" = { };
+      "[fd31:185d:722f::15]:3000" = { };
+    };
+  };
+
+  services.nginx.virtualHosts."git.oxapentane.com" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/" = {
+      proxyPass = "http://forgejo";
+      extraConfig = ''
+        client_max_body_size 50000M;
+
+        proxy_set_header Host              $host;
+        proxy_set_header X-Real-IP         $remote_addr;
+        proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
+        proxy_read_timeout 600s;
+        proxy_send_timeout 600s;
+        send_timeout 600s;
+      '';
+    };
+  };
+}
diff --git a/hosts/forgejo/forgejo.nix b/hosts/forgejo/forgejo.nix
new file mode 100644
index 0000000..378367c
--- /dev/null
+++ b/hosts/forgejo/forgejo.nix
@@ -0,0 +1,62 @@
+{ config, pkgs, lib, ... }:
+{
+  services.forgejo = {
+    enable = true;
+    package = pkgs.forgejo;
+    useWizard = false;
+    database = {
+      type = "postgres";
+      createDatabase = true;
+    };
+    lfs.enable = true;
+    settings = {
+      DEFAULT.APP_NAME = "0xa's compilable shitposts";
+      actions.ENABLED = false;
+      database.LOG_SQL = false;
+      indexer.REPO_INDEXER_ENABLED = true;
+      mailer.ENABLED = false;
+      packages.ENABLED = false;
+      session.COOKIE_SECURE = true;
+      server = {
+        DOMAIN = "git.oxapentane.com";
+        SSH_DOMAIN = "git.oxapentane.com";
+        ROOT_URL = "https://git.oxapentane.com/";
+        PROTOCOL = "http";
+        START_SSH_SERVER = true;
+        BUILTIN_SSH_SERVER_USER = "git";
+        SSH_LISTEN_HOST = "0.0.0.0";
+        SSH_PORT = 2222;
+        SSH_LISTEN_PORT = 2222;
+      };
+      # auth
+      service = {
+        REGISTER_EMAIL_CONFIRM = false;
+        DISABLE_REGISTRATION = true;
+      };
+      oauth2_client = {
+        ENABLE_AUTO_REGISTRATION = true;
+        USERNAME = "nickname";
+        ACCOUNT_LINKING = "login";
+      };
+    };
+  };
+
+  # expose forgejo cli
+  environment.systemPackages = let
+    cfg = config.services.forgejo;
+    forgejo-cli = pkgs.writeScriptBin "forgejo-cli" ''
+      #!${pkgs.runtimeShell}
+      cd ${cfg.stateDir}
+      sudo=exec
+      if [[ "$USER" != forgejo ]]; then
+        sudo='exec /run/wrappers/bin/sudo -u ${cfg.user} -g ${cfg.group} --preserve-env=GITEA_WORK_DIR --preserve-env=GITEA_CUSTOM'
+      fi
+      # Note that these variable names will change
+      export GITEA_WORK_DIR=${cfg.stateDir}
+      export GITEA_CUSTOM=${cfg.customDir}
+      $sudo ${lib.getExe cfg.package} "$@"
+  ''; in [
+    forgejo-cli
+  ];
+}
+