# Forgejo Module
# Provides: Self-hosted Git service (Fork of Gitea)
#
# Usage:
#   myModules.forgejo = {
#     enable = true;
#     domain = "git.example.com";
#   };

{
  config,
  lib,
  pkgs,
  ...
}:

let
  cfg = config.myModules.forgejo;
in
{
  options.myModules.forgejo = {
    enable = lib.mkEnableOption "Forgejo Git service";

    port = lib.mkOption {
      type = lib.types.port;
      default = 3002;
      description = "Internal port to run Forgejo on";
    };

    domain = lib.mkOption {
      type = lib.types.str;
      example = "git.example.com";
      description = "Public domain name for Forgejo";
    };

    disableRegistration = lib.mkOption {
      type = lib.types.bool;
      default = true;
      description = "Disable public user registration";
    };
  };

  config = lib.mkIf cfg.enable {
    services.forgejo = {
      enable = true;
      database.type = "postgres";
      
      settings = {
        server = {
          DOMAIN = cfg.domain;
          ROOT_URL = "https://${cfg.domain}/";
          HTTP_ADDR = "127.0.0.1";
          HTTP_PORT = cfg.port;
          SSH_PORT = 2222;
        };
        service = {
          DISABLE_REGISTRATION = cfg.disableRegistration;
        };
        session = {
          COOKIE_SECURE = true;
        };
        security = {
          PASSWORD_COMPLEXITY = "lower,upper,digit,spec";
          MIN_PASSWORD_LENGTH = 12;
        };
      };
    };

    # Nginx Reverse Proxy
    myModules.nginx.domains."${cfg.domain}" = {
      port = cfg.port;
      extraConfig = ''
        client_max_body_size 512M;
      '';
    };

    # Open SSH port for Git
    networking.firewall.allowedTCPPorts = [ 2222 ];

    # Backups (Add Forgejo data to restic if backup module is enabled)
    myModules.backup.paths = [
      config.services.forgejo.stateDir
    ];
  };
}