# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

# NixOS-WSL specific options are documented on the NixOS-WSL repository:
# https://github.com/nix-community/NixOS-WSL

{
  config,
  lib,
  pkgs,
  ...
}:
let
  cfg = config.services.forgejo;
  srv = cfg.settings.server;
in
{
  imports = [
    ./shared/system.nix
    ./shared/dev_user.nix
    ./shared/docker.nix
    ./shared/ssh.nix
  ];

  security.acme = {
    defaults.email = "michael.huebner@ptspaper.de";
    acceptTerms = true;
  };

  services = {
    nginx = {
      enable = true;
      virtualHosts.${srv.DOMAIN} = {
        forceSSL = true;
        enableACME = true;
        extraConfig = ''
          client_max_body_size 512M;

          proxy_set_header Host $host;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header X-Forwarded-Proto $scheme;
        '';
        locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
      };
    };

    forgejo = {
      enable = true;
      database.type = "postgres";
      lfs.enable = true;
      settings = {
        server = {
          DOMAIN = "pts-paper.de";
          ROOT_URL = "https://${srv.DOMAIN}";
          HTTP_PORT = 3000;
          SSH_PORT = 62;
        };
        service.DISABLE_REGISTRATION = true;
        actions = {
          ENABLED = true;
          DEFAULT_ACTIONS_URL = "github";
        };
        mailer = {
          ENABLED = true;
          PROTOCOL = "smtp";
          SMTP_ADDR = "80.151.91.109";
          SMTP_PORT = 25;
          FROM = "noreply@ptspaper.de";
          USER = "noreply@ptspaper.de";
        };
      };
      dump = {
        enable = true;
        interval = "20:00";
        type = "tar.gz";
        file = "forgejo_backup";
        backupDir = "/backups";
      };
      package = pkgs.forgejo.overrideAttrs (
        prev: {
          postInstall = builtins.concatStringsSep "\n" [
            prev.postInstall
            ''
              chmod -R u+w $data/templates/custom/
              cp ${./home.tmpl} $data/templates/custom/
              chmod -R u-w $data/templates/custom/
            ''
          ];
        }
      );
    };

    openssh = {
      ports = [ 62 ];
      settings = {
        AllowUsers = [ "forgejo" ];
      };
    };

    renovate = {
      enable = true;
      schedule = "1 h";
      credentials = {
        RENOVATE_TOKEN = "/etc/renovate/token";
      };
      settings = {
        endpoint = "http://localhost/api/v1/";
        persistRepoData = true;
        platform = "forgejo";
        autodiscover = true;
        onboardingConfig = {
          extends = [ "config:recommended" ];
        };
        prCommitsPerRunLimit = 0;
      };
    };
  };
}