nix-config/modules/nixos-modules/server/forgejo/proxy.nix

{
  lib,
  config,
  ...
}: let
  const = import ./const.nix;
  httpPort = const.httpPort;
in {
  options.services.forgejo = {
    reverseProxy = {
      domain = lib.mkOption {
        type = lib.types.str;
        description = "domain that forgejo will be hosted at";
        default = "git.jan-leila.com";
      };
      extraDomains = lib.mkOption {
        type = lib.types.listOf lib.types.str;
        description = "extra domains that should be configured for forgejo";
        default = [];
      };
    };
  };

  config = lib.mkIf (config.services.forgejo.enable && config.services.reverseProxy.enable) {
    services.reverseProxy.services.forgejo = {
      target = "http://localhost:${toString httpPort}";
      domain = config.services.forgejo.reverseProxy.domain;
      extraDomains = config.services.forgejo.reverseProxy.extraDomains;

      settings = {
        forwardHeaders.enable = true;
      };
    };

    networking.firewall.allowedTCPPorts = [
      config.services.forgejo.settings.server.SSH_LISTEN_PORT
    ];
  };
}