{ config, inputs, pkgs, ... }: { imports = [ inputs.sops-nix.nixosModules.sops ]; sops.secrets."services/forgejo/mailerPassword" = { sopsFile = ../../secrets/services/forgejo.yaml; owner = "forgejo"; }; services.forgejo = { enable = true; mailerPasswordFile = config.sops.secrets."services/forgejo/mailerPassword".path; database = { createDatabase = true; type = "postgres"; socket = "/run/postgresql"; }; dump = { enable = true; type = "tar.xz"; }; settings = { "cron.sync_external_users" = { RUN_AT_START = true; SCHEDULE = "@every 24h"; UPDATE_EXISTING = true; }; federation.ENABLED = true; log.LEVEL = "Info"; mailer = { ENABLED = true; PROTOCOL = "smtp+starttls"; FROM = "git@kyouma.net"; SMTP_ADDR = "mail.kyouma.net"; USER = "git@kyouma.net"; }; mirror.DEFAULT_INTERVAL = "1h"; session = { COOKIE_SECURE = true; PROVIDER = "db"; SESSION_LIFE_TIME = 2592000; }; server = { STATIC_URL_PREFIX = "/static"; PROTOCOL = "http+unix"; DOMAIN = "git.kyouma.net"; }; security = { LOGIN_REMEMBER_DAYS = 90; PASSWORD_HASH_ALGO = "argon2"; MIN_PASSWORD_LENGTH = 16; PASSWORD_COMPLEXITY = "spec"; }; service = { REGISTER_EMAIL_CONFIRM = true; ENABLE_NOTIFY_MAIL = true; ENABLE_CAPTCHA = true; DEFAULT_KEEP_EMAIL_PRIVATE = true; }; repository.ENABLE_PUSH_CREATE_USER = true; ui = { EXPLORE_PAGING_NUM = 50; ISSUE_PAGING_NUM = 50; MEMBERS_PAGING_NUM = 50; DEFAULT_THEME = "forgejo-dark"; SHOW_USER_EMAIL = false; }; }; }; kyouma.nginx.virtualHosts."git.kyouma.net" = { locations."/static/".alias = "${pkgs.forgejo.data}/public/"; locations."/" = { proxyPass = "http://unix:/run/forgejo/forgejo.socket"; }; }; security.acme.certs."git.kyouma.net" = {}; }