nom-nom-nix-gc/modules/dundies/gitea.nix

{ config, pkgs, fetchFromGithub, callPackage, ... }:

{
  services.forgejo = {
    enable = true;
    settings = {
      server.SSH_PORT = 22;
      service.DISABLE_REGISTRATION = true;
      session.COOKIE_SECURE = true;
      server.PROTOCOL = "http+unix";
      server.ROOT_URL = "https://git.alternativebit.fr";
      server.DOMAIN = "git.alternativebit.fr";
      actions.ENABLED = true;
    };
    appName = "Alternativebit";
    lfs.enable = true;
  };

  services.nginx = {
    virtualHosts."git.alternativebit.fr" = {
      addSSL = true;
      enableACME = true;
      # TODO: Generalize this.
      # For now, we'll assume gitea is hosted on home.alternativebit.fr
      locations = {
        "/" = {
          proxyPass = "http://unix:/run/forgejo/forgejo.sock";
          extraConfig = ''
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
          '';
        };
      };
    };
  };
}