started forgejo config

modules/features/forgejo.nix

@@ -0,0 +1,62 @@
+{ self, inputs, ... }: {
+  flake.modules.nixos.forgejo = {config, pkgs, lib, ... }:
+    let
+      cfg = config.forgejo;
+    in
+    {
+      options.forgejo = {
+        enable = lib.mkEnableOption "Enable Forgejo backed with PostgreSQL";
+
+        port = lib.mkOption {
+          type = lib.types.port;
+          default = 3000;
+          description = "TCP port for the Forgejo web interface.";
+        };
+
+        openFirewall = lib.mkOption {
+          type = lib.types.bool;
+          default = true;
+          description = "Open the Forgejo web interface port in the firewall.";
+        };
+
+        https = lib.mkEnableOption "Open the Forgejo web interface port in the firewall.";
+      };
+
+      config = lib.mkIf cfg.enable {
+        networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [ cfg.port ];
+
+        services.forgejo = {
+          enable = true;
+          lfs.enable = true;
+          settings.server = lib.mkMerge [
+            {
+              HTTP_PORT = cfg.port;
+              DISABLE_SSH = true;
+            }
+            (lib.mkIf cfg.https {
+              ROOT_URL = "https://forgejo.john-stream.com";
+              PROTOCOL = "https";
+              COOKIE_SECURE = true;
+            })
+          ];
+
+          database = {
+            type = "postgres";
+            port = config.services.postgresql.settings.port;
+            # createDatabase = false;
+          };
+          # dump = {
+          #   enable = true;
+          #   interval = "12h";
+          # };
+        };
+
+        services.postgresql = {
+          enable = true;
+          settings = {
+
+          };
+        };
+      };
+    };
+}

modules/hosts/john-pc/default.nix

@@ -3,7 +3,7 @@ let
   username = "john";
   hostname = "john-pc-ubuntu";
 
-  testHost = "soteria";
+  testHost = "soteria"; # which host to test build
   testTarget = "fded:fb16:653e:25da:be24:11ff:fea0:753f"; # test-nix
   # testTarget = "fded:fb16:653e:25da:be24:11ff:fe89:1cc3"; # soteria
 

modules/hosts/soteria/soteria.nix

@@ -14,6 +14,7 @@ in
       nixos.docker
       nixos.mtls
       nixos.janus-ca
+      nixos.forgejo
       # nixos.restic-server
       # nixos.restic-envoy
       ({ pkgs, ... }: {
@@ -64,6 +65,8 @@ in
         environment.systemPackages = [
           inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.janus-ca
         ];
+
+        forgejo.enable = true;
       })
     ];
   };

modules/nix-tools/user.nix

@@ -18,15 +18,12 @@
         isNormalUser = true;
         home = "/home/${username}";
         shell = lib.mkIf config.programs.zsh.enable pkgs.zsh;
-        extraGroups = [
-          "input"
-          "networkmanager"
-        ] ++ lib.optionals isAdmin [
-          "docker"
-          "wheel"
-        ];
+        extraGroups = [ "input" "networkmanager" ]
+        ++ lib.optional isAdmin "wheel"
+        ++ lib.optional config.virtualisation.docker.enable "docker"
+        ++ lib.optional (isAdmin && config.services.forgejo.enable) config.services.forgejo.group
+        ++ lib.optional (isAdmin && config.services.postgresql.enable) config.services.postgresql.group;
       };
-
       
       security.sudo-rs.enable = lib.mkIf isAdmin true;