home-server-config/forgejo.nix

{
  domainName,
  ...
}:
{
  services = {
    forgejo = {
      enable = true;
      settings = {
        server = {
          ROOT_URL = "https://git.${domainName}/";
          PROTOCOL = "http";
          DOMAIN = "git.${domainName}";
          SSH_PORT = 2222;
        };
        session.COOKIE_SECURE = true;
        service.DISABLE_REGISTRATION = true;
      };
    };
    nginx.virtualHosts."git.${domainName}" = {
      forceSSL = true;
      enableACME = true;
      extraConfig = ''
          client_max_body_size 512M;
        '';
      locations = {
        "/" = {
          proxyPass = "http://localhost:3000";
          extraConfig = ''
              proxy_set_header Host $host;
              proxy_set_header X-Real-IP $remote_addr;
              proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
              proxy_set_header X-Forwarded-Proto $scheme;
            '';
        };
      };
    };
  };
}