{ pkgs, config, lib, ... }: let cfg = config.services.forgejo; in { services.forgejo = { enable = true; appName = "Eriedaberrie's Forgejo"; lfs.enable = true; settings = { server = { PROTOCOL = "http+unix"; ROOT_URL = "https://git.eriedaberrie.me/"; }; service = { COOKIE_SECURE = true; DISABLE_REGISTRATION = true; }; ui = { DEFAULT_THEME = "catppuccin-mocha-lavender"; THEMES = "catppuccin-mocha-lavender,forgejo-auto,forgejo-light,forgejo-dark,auto,gitea,arc-green"; }; "highlight.mapping" = { ".lock" = "json"; }; }; user = "git"; }; # Because the module only autocreates the user if it's the default name users.users = lib.mkIf (cfg.user != "forgejo") { ${cfg.user} = { inherit (cfg) group; description = "Forgejo Service"; home = cfg.stateDir; useDefaultShell = true; isSystemUser = true; }; }; systemd.tmpfiles.rules = let inherit (cfg) customDir user group; catppuccinSource = pkgs.fetchzip { url = "https://github.com/catppuccin/gitea/releases/download/v0.4.1/catppuccin-gitea.tar.gz"; hash = "sha256-14XqO1ZhhPS7VDBSzqW55kh6n5cFZGZmvRCtMEh8JPI="; stripRoot = false; }; fileName = "theme-catppuccin-mocha-lavender.css"; in [ "d '${customDir}/public' 0750 ${user} ${group} - -" "d '${customDir}/public/assets' 0750 ${user} ${group} - -" "d '${customDir}/public/assets/css' 0750 ${user} ${group} - -" "z '${customDir}/public' 0750 ${user} ${group} - -" "z '${customDir}/public/assets' 0750 ${user} ${group} - -" "z '${customDir}/public/assets/css' 0750 ${user} ${group} - -" "L+ '${customDir}/public/assets/css/${fileName}' - - - - ${catppuccinSource}/${fileName}" ]; services.nginx = { virtualHosts."git.eriedaberrie.me" = { forceSSL = true; useACMEHost = "eriedaberrie.me"; locations."/".proxyPass = "http://forgejo/"; }; upstreams.forgejo.servers."unix:${cfg.settings.server.HTTP_ADDR}" = { }; }; security.acme.certs."eriedaberrie.me".extraDomainNames = [ "git.eriedaberrie.me" ]; }