Add forgejo container

hosts/v-th-ctr-01/home.nix

@@ -41,6 +41,7 @@
         nginx.enable = true;
         caddy.enable = true;
         kanidm.enable = true;
+        forgejo.enable = true;
       };
     };
 

modules/home/containers/caddy.nix

@@ -44,7 +44,12 @@ in {
 
         @kanidm host auth.tbmrs.nl
         handle @kanidm {
-          reverse_proxy https://auth.tbmrs.nl:8443
+          reverse_proxy https://auth.tbmrs.nl
+        }
+
+        @forgejo host git.tbmrs.nl
+        handle @forgejo {
+          reverse_proxy forgejo:3000
         }
       }
     '';

modules/home/containers/forgejo.nix

@@ -0,0 +1,32 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.settings.containers.forgejo;
+in {
+  options = {
+    settings.containers.forgejo.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Enable forgejo container
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.podman.containers.forgejo = {
+      image = "codeberg.org/forgejo/forgejo:11";
+      network = "proxy";
+      volumes = [
+        "%h/containers/forgejo/data:/data" 
+      ];
+      environment = {
+        FORGEJO__service__ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
+        FORGEJO__service__SHOW_REGISTRATION_BUTTON = false;
+        FORGEJO__service__ENABLE_PASSWORD_SIGNIN_FORM = false;
+      };
+    };
+  };
+}

modules/home/containers/kanidm.nix

@@ -28,7 +28,7 @@ in {
       ];
       environment = {
         KANIDM_VERSION = "2";
-        KANIDM_BINDADDRESS = "[::]:8443";
+        KANIDM_BINDADDRESS = "[::]:443";
         KANIDM_DB_PATH = "/data/kanidm.db";
         KANIDM_TLS_CHAIN = "/data/keys/wildcard_.tbmrs.nl.crt";
         KANIDM_TLS_KEY = "/data/keys/wildcard_.tbmrs.nl.key";

modules/home/default.nix

@@ -27,5 +27,6 @@
     ./containers/caddy.nix
     ./containers/kanidm.nix
     ./containers/nginx.nix
+    ./containers/forgejo.nix
   ];
 }