# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

# NixOS-WSL specific options are documented on the NixOS-WSL repository:
# https://github.com/nix-community/NixOS-WSL

{ config, lib, pkgs, ... }:
let
  cfg = config.services.forgejo;
  srv = cfg.settings.server;
in
{
  imports = [
    # include NixOS-WSL modules
    <nixos-wsl/modules>
  ];

  wsl.enable = true;
  wsl.defaultUser = "nixos";

  system.stateVersion = "24.11";

  nix = {
    settings = {
      experimental-features = [ "nix-command" "flakes" ];
    };
  };

  environment.systemPackages = with pkgs; [
    git
  ];

  virtualisation.docker = {
    enable = true;
  };

  security.acme = {
    defaults.email = "michael.huebner@ptspaper.de";
    acceptTerms = true;
  };

  services = {
    endlessh = {
      enable = true;
      port = 22;
    };

    openssh = {
      enable = true;
      ports = [ 23 ];
    };

    nginx = {
      enable = true;
      virtualHosts.${srv.DOMAIN} = {
        forceSSL = true;
        enableACME = true;
        extraConfig = ''
          client_max_body_size 512M;
        '';
        locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
      };
    };

    forgejo = {
      enable = true;
      database.type = "postgres";
      lfs.enable = true;
      settings = {
        server = {
          DOMAIN = "localhost";
          ROOT_URL = "https://${srv.DOMAIN}";
          HTTP_PORT = 3000;
          SSH_PORT = 62;
        };
        service.DISABLE_REGISTRATION = true;
        actions = {
          ENABLED = true;
          DEFAULT_ACTIONS_URL = "github";
        };
      };
    };

    renovate = {
      enable = true;
      schedule = "TODO";
      settings = {
        endpoint = "http://<url>.de/api/v1/";
        token = "";
        persistRepoData = true;
        platform = "forgejo";
        autodiscover = true;
        onboardingConfig= {
          extends= ["config:recommended"];
        };
        prCommitsPerRunLimit= 0;
      };
    };

    cron = {
      enable = true;
      systemCronJobs = [
        "* * * * *  root   ls -l / > /tmp/cronout 2>&1"
      ];
    };
  };
}