From 2c2c711dd98ab1a7706416f667d6c9045d42a69b Mon Sep 17 00:00:00 2001
From: Julia Lange <public@julialange.org>
Date: Mon, 24 Mar 2025 12:33:48 -0700
Subject: [PATCH] Forgejo, init with admin account and server config

Automatically creates an admin account with sops data. Not my favorite
process because user needs to know to change the sops password to be
owned by forgejo, otherwise good though.

Has a bunch of useful config settings for setting up a server easily.
Commit with that to follow.

Point of worry: SSH_PORT setting isn't set, and will probably need to be
set later to allow people to commit and similar to the repos.
---
 nixosModules/services/forgejo/service.nix | 40 +++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 nixosModules/services/forgejo/service.nix

diff --git a/nixosModules/services/forgejo/service.nix b/nixosModules/services/forgejo/service.nix
new file mode 100644
index 0000000..2a1b2c2
--- /dev/null
+++ b/nixosModules/services/forgejo/service.nix
@@ -0,0 +1,40 @@
+{ config, lib, ... }:
+
+{
+  options.forgejo = {
+    enable = lib.mkEnableOption "";
+    server = {
+      port = lib.mkOption { default = 4848; };
+      domain = lib.mkOption { type = lib.types.str; };
+    };
+    users = {
+      admin = {
+        enable = lib.mkEnableOption "creates an admin account";
+        username = lib.mkOption { type = lib.types.str; };
+        passwordFile = lib.mkOption {};
+      };
+    };
+  };
+
+  config = lib.mkIf config.forgejo.enable {
+    services.forgejo = {
+      enable = true;
+      settings = {
+        server = {
+          DOMAIN = config.forgejo.server.domain; #"winry.woach.me";
+          HTTP_PORT = config.forgejo.server.port;
+          ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}/";
+        };
+        # SSH_PORT = config.sshd.port;
+        session.COOKIE_SECURE = true;
+        service.DISABLE_REGISTRATION = true;
+      };
+    };
+
+    systemd.services.forgejo.preStart = lib.mkIf config.forgejo.users.admin.enable (let
+      adminCmd = "${lib.getExe config.services.forgejo.package}";
+    in ''
+      ${adminCmd} admin user create --admin --email "root@localhost" --username ${config.forgejo.users.admin.username} --password "$(tr -d '\n' < ${config.forgejo.users.admin.passwordFile})" || true
+    '');
+  };
+}