From d3cb19d6f1d13b14aeded1d4ec10a4ff8debbcba Mon Sep 17 00:00:00 2001
From: Till <till@ktiu.net>
Date: Mon, 15 Dec 2025 17:04:24 +0100
Subject: [PATCH] forgejo, outline

---
 system/web-server/forgejo.nix | 76 +++++++++++++++++++++++++++++++++++
 system/web-server/outline.nix | 28 ++++++++-----
 2 files changed, 94 insertions(+), 10 deletions(-)
 create mode 100644 system/web-server/forgejo.nix

diff --git a/system/web-server/forgejo.nix b/system/web-server/forgejo.nix
new file mode 100644
index 0000000..2a816d0
--- /dev/null
+++ b/system/web-server/forgejo.nix
@@ -0,0 +1,76 @@
+{ lib, pkgs, config, ... }:
+
+let
+
+  cfg = config.services.forgejo;
+  srv = cfg.settings.server;
+
+in
+
+{
+
+  security.acme.certs."${config.networking.domain}".extraDomainNames = [
+    "outline.${config.networking.domain}"
+  ];
+
+  services.nginx = {
+    virtualHosts.${cfg.settings.server.DOMAIN} = {
+      forceSSL = true;
+      useACMEHost = config.networking.domain;
+      locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
+      extraConfig = ''
+        client_max_body_size 512M;
+      '';
+    };
+  };
+
+  services.forgejo = {
+
+    enable = true;
+
+    database.type = "postgres";
+    lfs.enable = true;
+
+    settings = {
+
+      server = {
+        DOMAIN = "git.${config.networking.domain}";
+        # You need to specify this to remove the port from URLs in the web UI.
+        ROOT_URL = "https://${srv.DOMAIN}/"; 
+        HTTP_PORT = 3000;
+      };
+
+      # You can temporarily allow registration to create an admin user.
+      # service.DISABLE_REGISTRATION = true; 
+      # Add support for actions, based on act: https://github.com/nektos/act
+
+      actions = {
+        ENABLED = true;
+        DEFAULT_ACTIONS_URL = "github";
+      };
+
+      # Sending emails is completely optional
+      # You can send a test email from the web UI at:
+      # Profile Picture > Site Administration > Configuration >  Mailer Configuration 
+
+      mailer = {
+        ENABLED = true;
+        SMTP_ADDR = "localhost";
+        FROM = "git@${config.networking.domain}";
+        # USER = "git@ktiu.net";
+      };
+    };
+
+    # secrets = {
+    #   mailer.PASSWD = config.age.secrets.forgejo-mailer-password.path;
+    # };
+
+  };
+
+  # age.secrets.forgejo-mailer-password = {
+  #   file = ../secrets/forgejo-mailer-password.age;
+  #   mode = "400";
+  #   owner = "forgejo";
+  # };
+}
+
diff --git a/system/web-server/outline.nix b/system/web-server/outline.nix
index e2f5cee..5840033 100644
--- a/system/web-server/outline.nix
+++ b/system/web-server/outline.nix
@@ -1,24 +1,32 @@
 { config, pkgs, ... }:
 
-let
+{
 
-  outline = {
-    hostname = "outline.${config.networking.domain}";
-    mail = "outline@${config.networking.domain}";
-  };
-
-in {
+  # environment.systemPackages = with pkgs; [
+  #   openssl
+  # ];
 
   services.outline = {
+
     enable = true;
-    publicUrl = "https://${outline.hostname}";
-    storage.storageType = "local";
+    publicUrl = "https://outline.${config.networking.domain}";
     defaultLanguage = "de_DE";
+    storage.storageType = "local";
+
+    # smtp = {
+    #   username = "kein_schlussstrich_hessen@systemli.org";
+    #   passwordFile = "/var/custom-access/outline-smtp-password.txt";
+    #   fromEmail = "kein_schlussstrich_hessen@systemli.org";
+    #   replyEmail = config.services.outline.smtp.fromEmail;
+    #   host = "mail.systemli.org";
+    #   # secure = false;
+    #   port = 465;
+    # };
 
     smtp = {
       username = "outline";
       passwordFile = "/dev/null";
-      fromEmail = outline.mail;
+      fromEmail = "outline@${config.networking.domain}";
       replyEmail = config.services.outline.smtp.fromEmail;
       host = "localhost";
       secure = false;