From 8d6c10ccdfb312bf916dfb1aeb47537284172284 Mon Sep 17 00:00:00 2001
From: Christoph Hollizeck <christoph.hollizeck@hey.com>
Date: Wed, 6 Nov 2024 19:54:03 +0100
Subject: [PATCH] loptland: I have no idea how nginx works, also need to read
 up on ACME and LetsEncrypt

---
 systems/x86_64-linux/loptland/default.nix | 36 ++++++++++++++++++-----
 1 file changed, 29 insertions(+), 7 deletions(-)

diff --git a/systems/x86_64-linux/loptland/default.nix b/systems/x86_64-linux/loptland/default.nix
index a52bf33..4e25861 100644
--- a/systems/x86_64-linux/loptland/default.nix
+++ b/systems/x86_64-linux/loptland/default.nix
@@ -8,6 +8,9 @@
 let
   inherit (lib.${namespace}) enabled;
 
+  domainName = "v2202411240203293899.ultrasrv.de";
+  forgejoPort = 3000;
+
   sopsFile = lib.snowfall.fs.get-file "secrets/secrets-loptland.yaml";
 in
 {
@@ -16,10 +19,6 @@ in
   environment.systemPackages = [ pkgs.forgejo-cli ];
 
   sops.secrets = {
-    domain = {
-      inherit sopsFile;
-    };
-
     forgejo_db_password = {
       inherit sopsFile;
     };
@@ -33,18 +32,41 @@ in
     };
   };
 
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "git.${domainName}" = {
+        locations."/" = {
+          proxyPass = "http://localhost:${toString forgejoPort}/";
+        };
+      };
+    };
+  };
+
   services.forgejo = {
     enable = true;
+    database.type = "postgres";
     lfs.enable = true;
     database = {
       passwordFile = config.sops.secrets.forgejo_db_password.path;
     };
-    # settings = {
-    #   server.DOMAIN = config.sops.secrets.domain;
-    # };
+    settings = {
+      server = {
+        DOMAIN = "git.${domainName}";
+        ROOT_URL = "http://git.${domainName}:${toString forgejoPort}";
+        HTTP_PORT = forgejoPort;
+      };
 
+      service.DISABLE_REGISTRATION = false;
+    };
   };
 
+  networking.firewall.allowedTCPPorts = [
+    forgejoPort
+    80
+    443
+  ];
+
   ${namespace} = {
     submodules = {
       basics = enabled;