{ config, lib, pkgs, ... }: with lib; mkIf (elem "forgejo" config.machine.services) { services = { forgejo = let cfg = config.machine; inherit ((findFirst (s: s.service == "forgejo") cfg cfg.vHosts)) domain; in { enable = true; package = pkgs.forgejo; user = "git"; database = { type = "mysql"; user = "git"; name = "forgejo"; passwordFile = config.sops.secrets."services/forgejo/dbPass".path; }; settings = { repository = { DISABLE_HTTP_GIT = false; USE_COMPAT_SSH_URI = true; }; security = { INSTALL_LOCK = true; COOKIE_USERNAME = "forgejo_username"; COOKIE_REMEMBER_NAME = "forgejo_userauth"; }; server = { DOMAIN = domain; ROOT_URL = "https://${domain}/"; }; service = { DISABLE_REGISTRATION = lib.mkForce true; }; session = { cookieSecure = true; }; }; }; }; sops.secrets."services/forgejo/dbPass" = { owner = "git"; group = "forgejo"; }; users.users.git = { description = "Forgejo Service"; isNormalUser = true; home = config.services.forgejo.stateDir; createHome = false; useDefaultShell = true; }; }