From 6c09df8fa0147c3dd3b928b89d449b2db02f4051 Mon Sep 17 00:00:00 2001
From: Tigor Hutasuhut <tigor.hutasuhut@gmail.com>
Date: Thu, 13 Jun 2024 18:59:07 +0700
Subject: [PATCH] forgejo: setup

---
 system/services/cockpit.nix |  8 +++-----
 system/services/default.nix |  1 +
 system/services/forgejo.nix | 22 ++++++++++++++++------
 3 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/system/services/cockpit.nix b/system/services/cockpit.nix
index 3f7a4e0..360715c 100644
--- a/system/services/cockpit.nix
+++ b/system/services/cockpit.nix
@@ -8,11 +8,9 @@ in
     environment.systemPackages = mkIf config.profile.podman.enable [
       (pkgs.callPackage ../packages/cockpit-podman.nix { })
     ];
-    sops.secrets."cockpit" = {
-      sopsFile = ../../secrets/caddy_reverse_proxy.yaml;
-      path = "/etc/caddy/sites-enabled/cockpit";
-      mode = "0440";
-    };
+    services.caddy.virtualHosts."cockpit.tigor.web.id".extraConfig = ''
+      reverse_proxy 0.0.0.0:9090
+    '';
     services.cockpit = {
       enable = true;
       openFirewall = true;
diff --git a/system/services/default.nix b/system/services/default.nix
index 278f398..a728034 100644
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -3,6 +3,7 @@
   imports = [
     ./caddy.nix
     ./cockpit.nix
+    ./forgejo.nix
     ./samba.nix
   ];
 }
diff --git a/system/services/forgejo.nix b/system/services/forgejo.nix
index 68260f5..8ab0a51 100644
--- a/system/services/forgejo.nix
+++ b/system/services/forgejo.nix
@@ -5,18 +5,28 @@ let
 in
 {
   config = mkIf cfg.enable {
-    sops.secrets."forgejo" = {
-      sopsFile = ../../secrets/caddy_reverse_proxy.yaml;
-      path = "/etc/caddy/sites-enabled/forgejo";
-      mode = "0440";
-    };
+    services.caddy.virtualHosts."git.tigor.web.id".extraConfig = ''
+      reverse_proxy * unix//run/forgejo/forgejo.sock
+    '';
+
 
     services.forgejo = {
       enable = true;
       settings = {
-        server.PROTOCOL = "http+unix";
+        server = {
+          PROTOCOL = "http+unix";
+          SSH_PORT = 2222;
+          DOMAIN = "git.tigor.web.id";
+          HTTP_PORT = 443;
+          ROOT_URL = "https://${config.services.forgejo.settings.server.DOMAIN}:${toString config.services.forgejo.settings.server.HTTP_PORT}";
+        };
+        service = {
+          DISABLE_REGISTRATION = true;
+        };
         session.COOKIE_SECURE = true;
       };
     };
+
+    networking.firewall.allowedTCPPorts = [ config.services.forgejo.settings.server.SSH_PORT ];
   };
 }