From bf7d690ff5b1bd6b08829ef04f728745732c2dab Mon Sep 17 00:00:00 2001
From: Callum Leslie <git@cleslie.uk>
Date: Wed, 11 Sep 2024 14:58:28 +0100
Subject: [PATCH] forgejo

---
 hosts/hermes/default.nix     |  1 +
 hosts/hermes/forgejo.nix     | 39 ++++++++++++++++++++++++++++++++++++
 secrets/forgejo-password.age |  7 +++++++
 secrets/secrets.nix          |  1 +
 4 files changed, 48 insertions(+)
 create mode 100644 hosts/hermes/forgejo.nix
 create mode 100644 secrets/forgejo-password.age

diff --git a/hosts/hermes/default.nix b/hosts/hermes/default.nix
index 1c45a90..8c91497 100644
--- a/hosts/hermes/default.nix
+++ b/hosts/hermes/default.nix
@@ -8,5 +8,6 @@
     ./ssh.nix
     ./media.nix
     ./headscale.nix
+    ./forgejo.nix
   ];
 }
diff --git a/hosts/hermes/forgejo.nix b/hosts/hermes/forgejo.nix
new file mode 100644
index 0000000..f4d79c6
--- /dev/null
+++ b/hosts/hermes/forgejo.nix
@@ -0,0 +1,39 @@
+{
+  lib,
+  config,
+  ...
+}: let
+  domain = "git.cleslie.uk";
+in {
+  services = {
+    forgejo = {
+      enable = true;
+      database.type = "postgres";
+      settings = {
+        server = {
+          #DOMAIN = domain;
+          ROOT_URL = "https://${domain}";
+          HTTP_PORT = 3000;
+          SSH_PORT = builtins.head config.services.openssh.ports;
+        };
+        service.DISABLE_REGISTRATION = true;
+      };
+    };
+
+    caddy.virtualHosts.${domain}.extraConfig = ''
+      reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
+    '';
+  };
+
+  systemd.services.forgejo.preStart = ''
+    admin="${lib.getExe config.services.forgejo.package} admin user"
+    $admin create --admin --email "git@cleslie.uk" --username cleslie --password "$(tr -d '\n' < ${config.age.secrets.forgejo-password.path})" || true
+    # $admin change-password --username cleslie --password "$(tr -d '\n' < ${config.age.secrets.forgejo-password.path})" || true
+  '';
+
+  age.secrets."forgejo-password" = {
+    file = ../../secrets/forgejo-password.age;
+    mode = "400";
+    owner = "forgejo";
+  };
+}
diff --git a/secrets/forgejo-password.age b/secrets/forgejo-password.age
new file mode 100644
index 0000000..b34346e
--- /dev/null
+++ b/secrets/forgejo-password.age
@@ -0,0 +1,7 @@
+age-encryption.org/v1
+-> ssh-ed25519 /RyXeg IjBz5+4Rk9Rg+jBgKWo/B5IoZmq/wTCWcqZRB/5lhAU
+E2bov9sYropmovrjqTItnLLzgEECt6+9iD2zjHLvXbU
+-> ssh-ed25519 aSaoJQ Rjq+7b3BFCrUFuVQhvrpxm8i4D7jpkkLleu36r4cinM
+HpdvPeOUqUOxdcsnBd5QWiU00Di7xcKHLstI8Z9p6EM
+--- 3Ku+G1FBZdVdS31q7fKd68Ai+FkD1rJg0eSKpYLd+2c
+_ÎPEÚ ú#]¬È¼ìlX‚“"ý¬ba·4¢Õ–•Aƒl­G8Œsot ~ióþé#/ib¡Î1eôµ7Þ›³ÿù
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index b0f2843..5dec7e0 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -9,4 +9,5 @@ in {
   "wg-conf.age".publicKeys = keys.c ++ allSystems;
   "mesh-conf-infra.age".publicKeys = keys.c ++ allSystems;
   "mesh-conf-cleslie.age".publicKeys = keys.c ++ allSystems;
+  "forgejo-password.age".publicKeys = keys.c ++ [systems.hermes];
 }