Basic forgejo server config

configuration.nix

@@ -6,7 +6,10 @@
 # https://github.com/nix-community/NixOS-WSL
 
 { config, lib, pkgs, ... }:
-
+let
+  cfg = config.services.forgejo;
+  srv = cfg.settings.server;
+in
 {
   imports = [
     # include NixOS-WSL modules
@@ -16,14 +19,7 @@
   wsl.enable = true;
   wsl.defaultUser = "nixos";
 
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It's perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "24.05"; # Did you read the comment?
+  system.stateVersion = "24.11";
 
   nix = {
     settings = {
@@ -31,100 +27,57 @@
     };
   };
 
-  environment = {
-    systemPackages = with pkgs; [
+  environment.systemPackages = with pkgs; [
     git
-      vim
-      wget
-      curl
-      htop
   ];
+
+  virtualisation.docker = {
+    enable = true;
   };
 
-  openproject = pkgs.fetchFromGithub {
-    owner = "bendlas";
-    repo = "openproject-nix";
-    rev = "";
-    sha256 = "";
+  security.acme = {
+    defaults.email = "michael.huebner@ptspaper.de";
+    acceptTerms = true;
   };
 
   services = {
+    endlessh = {
+      enable = true;
+      port = 22;
+    };
+
     openssh = {
       enable = true;
-      settings.PermitRootLogin = "yes";
+      ports = [ 23 ];
     };
-    redis = {
-      servers = {
-        # Queue, naming it "" makes it use default values.
-        "".enable = true;
 
-        socketio = {
+    nginx = {
       enable = true;
-          port = 12311;
-        };
-      };
-    };
-  };
-
-  networking = {
-    firewall = {
-      enable = false;
-    };
-  };
-
-  users = {
-    mutableUsers = false;
-
-    extraUsers = {
-      root = {
-        password = "root";
-      };
-    };
-
-    users = {
-      root = {
-
-      };
-      openproject = {
-        description = "User to run openproject";
-        group = "openproject";
-        isSystemUser = true;
-        home = "/var/lib/openproject";
-        createHome = true;
-      }
-    };
-  };
-
-  systemd = {
-    services = {
-      openproject = {
-        enable = true;
-        wantedBy = [ "multi-user.target" ];
-        after = [ "mysql.service" "redis.service" "redis-socketio.service" ];
-        description = "ERPNext";
-        confinement = {
-          enable = true;
-          packages = [ pkgs.mariadb-client pkgs.nodejs penv ];
-        };
-        script = ''
-          export PYTHON_PATH=${penv}/${pkgs.python3.sitePackages}
-          export PATH="${pkgs.mariadb-client}/bin:${pkgs.nodejs}/bin:${penv}/bin:$PATH"
-
-          # Initialize the DB
-          # Start the server
-
+      virtualHosts.${srv.DOMAIN} = {
+        forceSSL = true;
+        enableACME = true;
+        extraConfig = ''
+          client_max_body_size 512M;
         '';
-        serviceConfig = {
-          User = "erpnext";
-          NoNewPrivileges = true;
-          Type = "simple";
-          BindReadOnlyPaths = [
-            "/etc/hosts:/etc/hosts"
-            "${pkgs.openproject}:${pkgs.openproject}"
-          ];
-          BindPaths = [
-            "/var/lib/openproject:/var/libopenproject"
-          ];
+        locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
+      };
+    };
+
+    forgejo = {
+      enable = true;
+      database.type = "postgres";
+      lfs.enable = true;
+      settings = {
+        server = {
+          DOMAIN = "localhost";
+          ROOT_URL = "https://${srv.DOMAIN}";
+          HTTP_PORT = 3000;
+          SSH_PORT = 62;
+        };
+        service.DISABLE_REGISTRATION = true;
+        actions = {
+          ENABLED = true;
+          DEFAULT_ACTIONS_URL = "github";
         };
       };
     };