# Sources for this configuration:
# - https://forgejo.org/
# - https://forgejo.org/docs/latest/
# - https://forgejo.org/docs/latest/admin/database-preparation/
# - https://forgejo.org/docs/latest/admin/config-cheat-sheet/
# - https://forgejo.org/docs/latest/admin/recommendations/
# - https://codeberg.org/forgejo/forgejo/src/branch/forgejo/docs/content/administration/reverse-proxies.en-us.md
# - https://forgejo.org/docs/latest/admin/email-setup/

{ pkgs, ... }:

{
  services.forgejo = {
    enable = true;
    package = pkgs.forgejo;
    database.type = "postgres";

    secrets = {
      mailer = {
        PASSWD = "/run/secrets/forgejo_git_smtp_password";
      };
    };

    settings = {
      DEFAULT = {
        APP_NAME = "CCCHH Git";
      };
      server = {
        DOMAIN = "git.hamburg.ccc.de";
        PROTOCOL = "http";
        HTTP_ADDR = "127.0.0.1";
        HTTP_PORT = 3000;
        ROOT_URL = "https://git.hamburg.ccc.de/";
        # LOCAL_ROOT_URL is apparently what Forgejo uses to access itself.
        # Doesn't need to be set.
        OFFLINE_MODE = true;
      };
      admin = {
        DISABLE_REGULAR_ORG_CREATION = false;
      };
      session = {
        COOKIE_SECURE = true;
      };
      "ui.meta" = {
        AUTHOR = "CCCHH Git";
        DESCRIPTION = "Git instance of the CCCHH.";
        KEYWORDS = "git,forge,forgejo,ccchh";
      };
      service = {
        ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
        DEFAULT_USER_VISIBILITY = "limited";
        DEFAULT_KEEP_EMAIL_PRIVATE = true;
        ENABLE_BASIC_AUTHENTICATION = false;
        ENABLE_NOTIFY_MAIL = true;
        AUTO_WATCH_NEW_REPOS = false;
        AUTO_WATCH_ON_CHANGES = false;
      };
      repo = {
        DEFAULT_REPO_UNITS = "repo.code,repo.issues,repo.pulls";
      };
      actions = {
        ENABLED = true;
        ARTIFACT_RETENTION_DAYS = 30;
      };
      mailer = {
        ENABLED = true;
        FROM = "no-reply@git.hamburg.ccc.de";
        PROTOCOL = "smtps";
        SMTP_ADDR = "cow.hamburg.ccc.de";
        SMTP_PORT = 465;
        USER = "no-reply@git.hamburg.ccc.de";
      };
      cache = {
        ENABLED = true;
        ADAPTER = "redis";
        HOST = "redis+socket:///run/redis-forgejo/redis.sock";
      };
      indexer = {
        ISSUE_INDEXER_TYPE = "elasticsearch";
        ISSUE_INDEXER_CONN_STR = "http://127.0.0.1:9200";
        REPO_INDEXER_ENABLED = true;
        REPO_INDEXER_TYPE = "elasticsearch";
        REPO_INDEXER_CONN_STR = "http://127.0.0.1:9200";
      };
    };
  };

  sops.secrets."forgejo_git_smtp_password" = {
    mode = "0440";
    owner = "forgejo";
    group = "forgejo";
    restartUnits = [ "forgejo.service" ];
  };
}