flake/modules/nixos/services/forgejo.nix

{
  lib,
  config,
  ...
}:
{
  config = lib.mkMerge [
    (lib.mkIf config.osbmModules.services.forgejo.enable {
      services.forgejo = {
        enable = true;
        lfs.enable = true;
        dump = {
          enable = true;
          type = "zip";
          interval = "01:01";
        };
        settings = {
          DEFAULT = {
            APP_NAME = "osbm's self hosted git service";
          };
          server = {
            DOMAIN = "git.osbm.dev";
            ROOT_URL = "https://git.osbm.dev/";
          };
          "ui.meta" = {
            AUTHOR = "osbm";
            DESCRIPTION = "\"After all, all devices have their dangers. The discovery of speech introduced communication and lies.\" -Isaac Asimov";
            KEYWORDS = "git,self-hosted,gitea,forgejo,osbm,open-source,nix,nixos";
          };
          service = {
            DISABLE_REGISTRATION = true;
            LANDING_PAGE = "/osbm";
          };
        };
      };
    })

    (lib.mkIf
      (config.osbmModules.services.cloudflared.enable && config.osbmModules.services.forgejo.enable)
      {
        services.cloudflared.tunnels = {
          "eb9052aa-9867-482f-80e3-97a7d7e2ef04" = {
            default = "http_status:404";
            credentialsFile = "/home/osbm/.cloudflared/eb9052aa-9867-482f-80e3-97a7d7e2ef04.json";
            ingress = {
              "${config.services.forgejo.settings.server.DOMAIN}" = {
                service = "http://localhost:3000";
              };
            };
          };
        };
      }
    )
    (lib.mkIf (config.osbmModules.services.nginx.enable && config.osbmModules.services.forgejo.enable) {
      services.nginx.virtualHosts."${config.services.forgejo.settings.server.DOMAIN}" = {
        forceSSL = true;
        enableACME = true;
        locations."/".proxyPass = "http://localhost:3000";
        locations."/".proxyWebsockets = true;
      };
    })

    (lib.mkIf
      (
        config.osbmModules.services.forgejo.enable
        && config.osbmModules.hardware.disko.zfs.root.impermanenceRoot
      )
      {
        # environment.persistence."/persist" = {
        #   directories = [
        #     {
        #       directory = "/var/lib/forgejo";
        #       user = config.services.forgejo.user;
        #       group = config.services.forgejo.group;
        #       mode = "0750";
        #     }
        #   ];
        # };

        # # forgejo-secrets service keep giving error
        # systemd.services."forgejo-secrets" = {
        #   wants = [ "var-lib-forgejo.mount" ];
        #   after = [ "var-lib-forgejo.mount" ];
        # };

        # fuckass thing
        services.forgejo.stateDir = "/persist/var/lib/forgejo";
      }
    )
  ];
}