nixos-infra-framework/modules/services/git-forge/default.nix

{ config, pkgs, lib, ... }:

let
  cfg = config.services.git-forge;
  inherit (lib) mkIf mkOption types;
in

{
  options.services.git-forge = {
    enable = mkOption {
      type = types.bool;
      default = false;
      description = "Enable the git forge service (Forgejo)";
    };

    domain = mkOption {
      type = types.str;
      default = "git.lagraula.fr";
      description = "Domain name for the Forgejo instance";
    };

    sshPort = mkOption {
      type = types.port;
      default = 2222;
      description = "SSH port for Git operations (avoid conflict with host SSH on 22)";
    };

    httpPort = mkOption {
      type = types.port;
      default = 3000;
      description = "HTTP port for the Forgejo web interface";
    };

    dataDir = mkOption {
      type = types.str;
      default = "/var/lib/forgejo";
      description = "Data directory for Forgejo repositories and database";
    };

    databaseType = mkOption {
      type = types.enum [ "sqlite3" "postgres" "mysql" ];
      default = "sqlite3";
      description = "Database backend type";
    };

    settings = mkOption {
      type = types.attrsOf types.anything;
      default = { };
      description = "Additional Forgejo settings (merged into services.forgejo.settings)";
    };
  };

  config = mkIf cfg.enable {
    # Use the built-in NixOS forgejo module
    services.forgejo = {
      enable = true;
      package = pkgs.forgejo;
      settings = lib.recursiveUpdate {
        server = {
          DOMAIN = cfg.domain;
          HTTP_PORT = cfg.httpPort;
          HTTP_ADDR = "0.0.0.0";
          ROOT_URL = "https://${cfg.domain}";
          SSH_PORT = cfg.sshPort;
          SSH_LISTEN_PORT = cfg.sshPort;
        };
        service = {
          DISABLE_REGISTRATION = false;
        };
        "repository".ROOT = "${cfg.dataDir}/repos";
      } (lib.mapAttrs (section: values: lib.mapAttrs (key: value: lib.mkDefault value) values) cfg.settings);

      database = {
        type = cfg.databaseType;
      };

      dump = {
        type = "tar.zst";
      };

      # LXC container specifics - use the existing forgejo user
      stateDir = cfg.dataDir;
    };

    # Open firewall ports for HTTP and SSH (git protocol)
    networking.firewall = lib.mkIf config.services.forgejo.enable {
      allowedTCPPorts = [ cfg.httpPort cfg.sshPort ];
    };
  };
}