# Sources for this configuration:
# - https://forgejo.org/docs/latest/admin/reverse-proxy/

{ config, pkgs, ... }:

{
  services.nginx = {
    enable = true;

    virtualHosts."git.hamburg.ccc.de" = {
      default = true;
      forceSSL = true;
      enableACME = true;

      listen = [
        {
          addr = "0.0.0.0";
          port = 80;
        }
        {
          addr = "0.0.0.0";
          port = 443;
          ssl = true;
        }
      ];

      locations."/" = {
        proxyPass = "${config.services.forgejo.settings.server.PROTOCOL}://${config.services.forgejo.settings.server.HTTP_ADDR}:${builtins.toString config.services.forgejo.settings.server.HTTP_PORT}";
      };

      # Disallow crawling archives to save disk space.
      # See: https://forgejo.org/docs/latest/admin/search-engines-indexation/
      locations."/robots.txt" = {
        return = "200 \"User-agent: *\\nDisallow: /*/*/archive/\\n\"";
      };
    };

    # Disable checking of client request body size to make container registry
    # image uploads work.
    clientMaxBodySize = "0";
  };

  networking.firewall.allowedTCPPorts = [ 80 443 ];
  networking.firewall.allowedUDPPorts = [ 443 ];
}