nixos-config/modules/system/forgejo.nix

{ config, lib, pkgs, ... }:

{
  services = {
    forgejo = {
      enable = true;
      lfs.enable = true;
      settings = {
        server = {
          HTTP_PORT = 12345;
        };
        service.DISABLE_REGISTRATION = true;
        actions = {
          ENABLED = true;
          DEFAULT_ACTIONS_URL = "github";
        };
        # mailer = {
        #   ENABLED = true;
        #   SMTP_ADDR = "mail.example.com";
        #   FROM = "noreply@${srv.DOMAIN}";
        #   USER = "noreply@${srv.DOMAIN}";
        # };
      };
      # mailerPasswordFile = config.age.secrets.forgejo-mailer-password.path;
    };

    # gitea-actions-runner = {
    #   package = pkgs.forgejo-actions-runner;
    #   instances.default = {
    #     enable = true;
    #     name = "monolith";
    #     url = "https://git.example.com";
    #     # Obtaining the path to the runner token file may differ
    #     # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
    #     tokenFile = config.age.secrets.forgejo-runner-token.path;
    #     labels = [
    #       "ubuntu-latest:docker://node:16-bullseye"
    #       "ubuntu-22.04:docker://node:16-bullseye"
    #       "ubuntu-20.04:docker://node:16-bullseye"
    #       "ubuntu-18.04:docker://node:16-buster"
    #       ## optionally provide native execution on the host:
    #       # "native:host"
    #     ];
    #   };
    # };
  };

  sops.secrets.forgejoemenel.owner = "forgejo";
  systemd.services.forgejo.preStart = let
    adminCmd = "${lib.getExe pkgs.forgejo} admin user";
    pwd = config.sops.secrets.forgejoemenel;
    user = "emenel"; # Note, Forgejo doesn't allow creation of an account named "admin"
  in ''
  ${adminCmd} create --admin --email "root@localhost" --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
  ## uncomment this line to change an admin user which was already created
  # ${adminCmd} change-password --username ${user} --password "$(tr -d '\n' < ${pwd.path})" || true
'';

}