From 0a2c3d46e01095b89c814f0e2509214a7fdc61b7 Mon Sep 17 00:00:00 2001
From: Chris Toph <toph@ryot.foo>
Date: Thu, 16 Jan 2025 23:20:37 -0500
Subject: [PATCH] Initial setup for git (forgejo)

---
 host/komodo/default.nix                 | 30 ++++-----
 host/komodo/modules/forgejo/default.nix | 82 +++++++++++++++++++++++++
 2 files changed, 97 insertions(+), 15 deletions(-)
 create mode 100644 host/komodo/modules/forgejo/default.nix

diff --git a/host/komodo/default.nix b/host/komodo/default.nix
index 2b7abf2..78d895f 100644
--- a/host/komodo/default.nix
+++ b/host/komodo/default.nix
@@ -17,26 +17,26 @@
 
     # Local Modules
     ./modules/frp
+    ./modules/forgejo
     ./modules/komodo
   ];
 
   ## NETWORKING ##
   networking.firewall = {
     allowedTCPPorts = [
-      22
-      443
-      80
-      81
-      9120
-      3001
-      4041
-      5001
-      7475
-      8070
-      8080
-      8086
-      8090
-      9120
+      [REDACTED]
+      [REDACTED]
+      [REDACTED]
+      222 # GitTea SSH
+      [REDACTED]
+      [REDACTED]
+      3003 # GitTea
+      [REDACTED]
+      [REDACTED]
+      8080 # File Browser
+      [REDACTED]
+      [REDACTED]
+      [REDACTED]
     ];
 
     # Game Server Ports
@@ -48,7 +48,7 @@
     ];
 
     allowedUDPPorts = [
-      8089
+      8089 # Grafana
     ];
   };
 
diff --git a/host/komodo/modules/forgejo/default.nix b/host/komodo/modules/forgejo/default.nix
new file mode 100644
index 0000000..17e7c95
--- /dev/null
+++ b/host/komodo/modules/forgejo/default.nix
@@ -0,0 +1,82 @@
+# Configuration for Gitea instance
+
+{
+  config,
+  pkgs,
+  admin,
+  ...
+}:
+{
+  # Forgejo configuration
+  services.forgejo = {
+    enable = true;
+
+    stateDir = "/pool/forgejo";
+
+    # Settings
+    dump = {
+      # :D idk what this does
+      enable = false;
+      interval = "weekly";
+    };
+
+    settings = {
+      DEFAULT = {
+        # Configuration for Gitea
+        APP_NAME = "Ryot Git";
+        RUN_MODE = "dev";
+      };
+
+      server = {
+        # Configuration for reverse proxy
+        ROOT_URL = "https://git.ryot.foo/";
+        HTTP_ADDR = "0.0.0.0";
+        HTTP_PORT = 3003;
+        DOMAIN = "localhost";
+      };
+
+      repository = {
+        DEFAULT_PRIVATE = true;
+      };
+
+      ui = {
+        DEFAULT_THEME = "forgejo-dark";
+        SHOW_USER_EMAIL = false;
+      };
+
+      "ui.meta" = {
+        AUTHOR = "Ryot";
+        DESCRIPTION = "Ryot Gitea instance";
+        KEYWORDS = "";
+      };
+
+      security = {
+        INSTALL_LOCK = true;
+      };
+
+      session = {
+        SESSION_LIFE_TIME = 86400 * 7; # 1 week
+      };
+
+      picture = {
+        DISABLE_GRAVATAR = true;
+      };
+
+      "cron.sync_external_users".ENABLED = false;
+
+      log.LEVEL = "Info";
+      # Private server
+      service.DISABLE_REGISTRATION = false;
+      # Disable package manager functionality
+      packages.ENABLED = false;
+
+    };
+  };
+
+  users.users.forgejo.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIClZstYoT64zHnGfE7LMYNiQPN5/gmCt382lC+Ji8lrH PVE"
+  ];
+
+  # Give admin group access to forgejo config
+  users.users.${admin}.extraGroups = [ "forgejo" ];
+}