nixos-config/hosts/crossbox/forgejo.nix

{ config, pkgs, lib, ... }:

{
  services.forgejo = {
    enable = true;
    
    # Set data directory
    stateDir = "/srv/forgejo";
    
    # Database configuration
    database = {
      type = "sqlite3";
      path = "/srv/forgejo/data/forgejo.db";
    };
    
    # Server settings
    settings = {
      server = {
        DOMAIN = "forgejo.binning.net";
        SSH_DOMAIN = "ssh.binning.net";
        SSH_PORT = 2222;
        ROOT_URL = "https://forgejo.binning.net/";
        HTTP_ADDR = "127.0.0.1";
        HTTP_PORT = 3000;
      };
      
      # Repository settings - uses default: /srv/forgejo/repositories
      # No need to override repository.ROOT as the default location is good
      
      service = {
        DISABLE_REGISTRATION = true;  # Set to true to disable new user registration
      };
      
      # Session and security
      session = {
        COOKIE_SECURE = true;  # Since we're using HTTPS
      };
      
      # Recommended security settings
      security = {
        INSTALL_LOCK = true;
      };
    };
  };
  
  # Ensure the data directory exists with proper permissions
  systemd.tmpfiles.rules = [
    "d /srv/forgejo 0750 forgejo forgejo -"
    "d /srv/forgejo/data 0750 forgejo forgejo -"
  ];
}