{ pkgs, lib, config, cfg, ... }: with lib; with builtins; { opt.domain = lib.mkOption {type = lib.types.str;}; services.forgejo = { enable = true; package = config.pkgsInstances.unstable.forgejo; settings.server = { ROOT_URL = "https://${cfg.domain}"; DOMAIN = cfg.domain; HTTP_PORT = 48540; OFFLINE_MODE = true; # disable gravatar, CDN }; settings.actions = { ENABLED = true; }; settings."repository.upload" = { FILE_MAX_SIZE = 4095; MAX_FILES = 20; }; settings."attachment" = { MAX_SIZE = 4095; MAX_FILES = 20; }; settings.service = { DISABLE_REGISTRATION = true; DEFAULT_KEEP_EMAIL_PRIVATE = true; }; database = { user = "forgejo"; passwordFile = config.sops.secrets."hosts/forgenite/forgejo_db_password".path; name = "forgejodb"; type = "mysql"; }; }; # Allow forgejo user to adjust authorized_keys dynamically services.openssh.extraConfig = '' Match User forgejo AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys ''; networking.firewall.allowedTCPPorts = [48540]; }