From c026887236e8bdf38eb2c902c6182dcb39340b7a Mon Sep 17 00:00:00 2001
From: Mohammad Rafiq <rafiq@rrv.sh>
Date: Wed, 9 Jul 2025 03:46:10 +0800
Subject: [PATCH] feat(nix): add forgejo module and enable for server

---
 nix/manifest.nix                        | 11 ++++--
 nix/modules/server/web-apps/forgejo.nix | 47 +++++++++++++++++++++++++
 2 files changed, 56 insertions(+), 2 deletions(-)
 create mode 100644 nix/modules/server/web-apps/forgejo.nix

diff --git a/nix/manifest.nix b/nix/manifest.nix
index 9c5e4be..3b7f542 100644
--- a/nix/manifest.nix
+++ b/nix/manifest.nix
@@ -64,8 +64,15 @@
             postgresql.enable = true;
           };
           web-apps = {
-            librechat.enable = true;
-            librechat.domain = "chat.bwfiq.com";
+            librechat = {
+              enable = true;
+              domain = "chat.bwfiq.com";
+            };
+            forgejo = {
+              enable = true;
+              domain = "git.rrv.sh";
+              openFirewall = true;
+            };
           };
         };
       };
diff --git a/nix/modules/server/web-apps/forgejo.nix b/nix/modules/server/web-apps/forgejo.nix
new file mode 100644
index 0000000..5beb028
--- /dev/null
+++ b/nix/modules/server/web-apps/forgejo.nix
@@ -0,0 +1,47 @@
+{ lib, config, ... }:
+let
+  inherit (lib.lists) singleton optional;
+  inherit (config.flake.lib.options) mkPortOption;
+  inherit (config.flake.lib.services) mkWebApp;
+in
+{
+  flake.modules.nixos.default =
+    { config, ... }:
+    let
+      cfg = config.server.web-apps.forgejo;
+      upstreamCfg = config.services.forgejo;
+    in
+    mkWebApp {
+      inherit config;
+      name = "forgejo";
+      defaultPort = 3000;
+      persistDirs = singleton {
+        directory = upstreamCfg.stateDir;
+        inherit (upstreamCfg) user group;
+      };
+      extraOptions = {
+        sshPort = mkPortOption 2222;
+      };
+      extraConfig = {
+        networking.firewall.allowedTCPPorts = optional cfg.openFirewall cfg.sshPort;
+        services.forgejo = {
+          enable = true;
+          settings = {
+            server = {
+              DOMAIN = cfg.domain;
+              ROOT_URL = "https://${cfg.domain}/";
+              HTTP_PORT = cfg.port;
+              START_SSH_SERVER = true;
+              SSH_PORT = cfg.sshPort;
+            };
+            repository = {
+              USE_COMPAT_SSH_URI = false;
+              ENABLE_PUSH_CREATE_USER = true;
+              ENABLE_PUSH_CREATE_ORG = true;
+            };
+            "repository.signing".FORMAT = "ssh";
+          };
+        };
+      };
+    };
+}