From 402144e422990d26a50b08a93f156888e89e3038 Mon Sep 17 00:00:00 2001
From: uku <hi@uku.moe>
Date: Sat, 18 May 2024 23:03:42 +0200
Subject: [PATCH] feat(etna): add forgejo

---
 systems/etna/default.nix |  1 +
 systems/etna/forgejo.nix | 42 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 43 insertions(+)
 create mode 100644 systems/etna/forgejo.nix

diff --git a/systems/etna/default.nix b/systems/etna/default.nix
index 5b90971..122be49 100644
--- a/systems/etna/default.nix
+++ b/systems/etna/default.nix
@@ -23,6 +23,7 @@ in {
       ./reposilite.nix
       ./uku.nix
       ./vaultwarden.nix
+      ./forgejo.nix
     ];
 
   age.secrets = mkSecrets {
diff --git a/systems/etna/forgejo.nix b/systems/etna/forgejo.nix
new file mode 100644
index 0000000..d3f185d
--- /dev/null
+++ b/systems/etna/forgejo.nix
@@ -0,0 +1,42 @@
+_: {
+  cfTunnels."git.uku3lig.net" = "http://localhost:3000";
+
+  services.forgejo = {
+      enable = true;
+
+      database = {
+        type = "postgres";
+        createDatabase = true;
+      };
+
+      settings = {
+        DEFAULT.APP_NAME = "uku's forge";
+
+        server = {
+          DISABLE_SSH = true;
+          ROOT_URL = "https://git.uku3lig.net";
+        };
+
+        service = {
+          ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
+          # TODO enable turnstile once it gets fixed
+          # see codeberg:forgejo/forgejo#3832
+          ENABLE_CAPTCHA = true;
+        };
+
+        oauth2 = {
+          # providers are configured in the admin panel
+          ENABLED = true;
+        };
+
+        "ui.meta" = {
+          AUTHOR = "uku's forge";
+          DESCRIPTION = "the place where literally nothing gets done";
+        };
+
+        "repository.signing" = {
+          DEFAULT_TRUST_MODEL = "committer";
+        };
+      };
+    };
+}