{ config, pkgs, lib, ... }: let cfg = config.services.git-forge; inherit (lib) mkIf mkOption types; in { options.services.git-forge = { enable = mkOption { type = types.bool; default = false; description = "Enable the git forge service (Forgejo)"; }; domain = mkOption { type = types.str; default = "git.lagraula.fr"; description = "Domain name for the Forgejo instance"; }; sshPort = mkOption { type = types.port; default = 2222; description = "SSH port for Git operations (avoid conflict with host SSH on 22)"; }; httpPort = mkOption { type = types.port; default = 3000; description = "HTTP port for the Forgejo web interface"; }; dataDir = mkOption { type = types.str; default = "/var/lib/forgejo"; description = "Data directory for Forgejo repositories and database"; }; databaseType = mkOption { type = types.enum [ "sqlite3" "postgres" "mysql" ]; default = "sqlite3"; description = "Database backend type"; }; settings = mkOption { type = types.attrsOf types.anything; default = { }; description = "Additional Forgejo settings (merged into services.forgejo.settings)"; }; }; config = mkIf cfg.enable { # Use the built-in NixOS forgejo module services.forgejo = { enable = true; package = pkgs.forgejo; settings = lib.recursiveUpdate { server = { DOMAIN = cfg.domain; HTTP_PORT = cfg.httpPort; HTTP_ADDR = "0.0.0.0"; ROOT_URL = "https://${cfg.domain}"; SSH_PORT = cfg.sshPort; SSH_LISTEN_PORT = cfg.sshPort; }; service = { DISABLE_REGISTRATION = false; }; "repository".ROOT = "${cfg.dataDir}/repos"; } (lib.mapAttrs (section: values: lib.mapAttrs (key: value: lib.mkDefault value) values) cfg.settings); database = { type = cfg.databaseType; }; dump = { type = "tar.zst"; }; # LXC container specifics - use the existing forgejo user stateDir = cfg.dataDir; }; # Open firewall ports for HTTP and SSH (git protocol) networking.firewall = lib.mkIf config.services.forgejo.enable { allowedTCPPorts = [ cfg.httpPort cfg.sshPort ]; }; }; }