nixcfg/modules/gitea/default.nix

{
  config,
  pkgs,
  ...
}: {
  age.secrets = {
    sendmail_email_key_gitea = {
      file = ../../secrets/sendmail_email_key_gitea.age;
      owner = "gitea";
      group = "gitea";
    };

    gitea_actions_runner_token = {
      file = ../../secrets/gitea_actions_runner_token.age;
    };
  };

  services.gitea-actions-runner = {
    instances = {
      primary = {
        enable = true;
        name = "actions-runner";
        url = config.services.gitea.settings.server.ROOT_URL;
        tokenFile = config.age.secrets.gitea_actions_runner_token.path;
        labels = [
          "ubuntu-latest:docker://node:16-bullseye"
        ];
      };
    };
  };

  services.gitea = {
    enable = true;
    appName = "The Broccoli Patch";
    database = {
      type = "sqlite3";
    };
    dump = {
      enable = true;
      type = "tar.zst";
      file = "gitea.tar.zst";
      backupDir = "/var/backup";
      interval = "01:30";
    };
    settings = {
      server = {
        ROOT_URL = "https://git.broccoli.town/";
        HTTP_PORT = 3030;
        DOMAIN = "git.broccoli.town";
      };
      service = {
        REGISTER_EMAIL_CONFIRM = true;
        DISABLE_REGISTRATION = true;
        ENABLE_NOTIFY_MAIL = true;
        DEFAULT_KEEP_EMAIL_PRIVATE = true;
      };
      repository = {
        ENABLE_PUSH_CREATE_USER = true;
      };
      mailer = {
        ENABLED = true;
        FROM = "gitea@broccoli.town";
        SMTP_ADDR = "smtp.sendgrid.net";
        SMTP_PORT = 587;
        USER = "apikey";
      };
      actions = {
        ENABLED = true;
      };
    };
    mailerPasswordFile = config.age.secrets.sendmail_email_key_gitea.path;
  };
}