From 2b2551e5bab4aa1902bc942c049242c27e754186 Mon Sep 17 00:00:00 2001
From: Inex Code <inex.code@selfprivacy.org>
Date: Sun, 30 Jun 2024 21:47:08 +0400
Subject: [PATCH] feat: add more service options and change Gitea to Forgejo

---
 sp-modules/bitwarden/module.nix  | 20 ++++++++++++---
 sp-modules/gitea/module.nix      | 42 ++++++++++++++++++++++++++------
 sp-modules/jitsi-meet/module.nix | 10 ++++++++
 3 files changed, 61 insertions(+), 11 deletions(-)

diff --git a/sp-modules/bitwarden/module.nix b/sp-modules/bitwarden/module.nix
index 292601c..cd0a38a 100644
--- a/sp-modules/bitwarden/module.nix
+++ b/sp-modules/bitwarden/module.nix
@@ -18,6 +18,18 @@ in
       default = "password";
       type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
     };
+    signupsAllowed = lib.mkOption {
+      default = true;
+      type = lib.types.bool;
+    };
+    sendsAllowed = lib.mkOption {
+      default = true;
+      type = lib.types.bool;
+    };
+    emergencyAccessAllowed = lib.mkOption {
+      default = true;
+      type = lib.types.bool;
+    };
   };
 
   config = lib.mkIf config.selfprivacy.modules.bitwarden.enable {
@@ -53,9 +65,11 @@ in
       backupDir = backup-dir;
       environmentFile = "${bitwarden-env}";
       config = {
-        domain = "https://${cfg.subdomain}.${sp.domain}/";
-        signupsAllowed = true;
-        rocketPort = 8222;
+        DOMAIN = "https://${cfg.subdomain}.${sp.domain}/";
+        SIGNUPS_ALLOWED = cfg.signupsAllowed;
+        ROCKET_PORT = 8222;
+        SENDS_ALLOWED = cfg.sendsAllowed;
+        EMERGENCY_ACCESS_ALLOWED = cfg.emergencyAccessAllowed;
       };
     };
     systemd.services.bitwarden-secrets = {
diff --git a/sp-modules/gitea/module.nix b/sp-modules/gitea/module.nix
index 51e28e1..623ec9e 100644
--- a/sp-modules/gitea/module.nix
+++ b/sp-modules/gitea/module.nix
@@ -1,4 +1,4 @@
-{ config, lib, ... }:
+{ config, lib, pkgs, ... }:
 let
   sp = config.selfprivacy;
   stateDir =
@@ -20,6 +20,29 @@ in
       default = "git";
       type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
     };
+    appName = lib.mkOption {
+      default = "SelfPrivacy git Service";
+      type = lib.types.str;
+    };
+    enableLfs = lib.mkOption {
+      default = true;
+      type = lib.types.bool;
+    };
+    forcePrivate = lib.mkOption {
+      default = false;
+      type = lib.types.bool;
+      description = "Force all new repositories to be private";
+    };
+    disableRegistration = lib.mkOption {
+      default = false;
+      type = lib.types.bool;
+      description = "Disable registration of new users";
+    };
+    requireSigninView = lib.mkOption {
+      default = false;
+      type = lib.types.bool;
+      description = "Require signin to view any page";
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -31,11 +54,8 @@ in
     };
     services.gitea = {
       enable = true;
+      package = pkgs.forgejo;
       inherit stateDir;
-      #      log = {
-      #        rootPath = "/var/lib/gitea/log";
-      #        level = "Warn";
-      #      };
       user = "gitea";
       database = {
         type = "sqlite3";
@@ -50,13 +70,15 @@ in
       #   clonePort = 22;
       # };
       lfs = {
-        enable = true;
+        enable = cfg.enableLfs;
         contentDir = "${stateDir}/lfs";
       };
-      appName = "SelfPrivacy git Service";
       repositoryRoot = "${stateDir}/repositories";
       #      cookieSecure = true;
       settings = {
+        DEFAULT = {
+          APP_NAME = "${cfg.appName}";
+        };
         server = {
           DOMAIN = "${cfg.subdomain}.${sp.domain}";
           ROOT_URL = "https://${cfg.subdomain}.${sp.domain}/";
@@ -77,7 +99,7 @@ in
           ENABLE_KANBAN_BOARD = true;
         };
         repository = {
-          FORCE_PRIVATE = false;
+          FORCE_PRIVATE = cfg.forcePrivate;
         };
         session = {
           COOKIE_SECURE = true;
@@ -86,6 +108,10 @@ in
           ROOT_PATH = "${stateDir}/log";
           LEVEL = "Warn";
         };
+        service = {
+          DISABLE_REGISTRATION = cfg.disableRegistration;
+          REQUIRE_SIGNIN_VIEW = cfg.requireSigninView;
+        };
       };
     };
     services.nginx.virtualHosts."${cfg.subdomain}.${sp.domain}" = {
diff --git a/sp-modules/jitsi-meet/module.nix b/sp-modules/jitsi-meet/module.nix
index 20db52f..3dae656 100644
--- a/sp-modules/jitsi-meet/module.nix
+++ b/sp-modules/jitsi-meet/module.nix
@@ -13,6 +13,10 @@ in
       default = "meet";
       type = lib.types.strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
     };
+    appName = lib.mkOption {
+      default = "Jitsi Meet";
+      type = lib.types.str;
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -23,6 +27,12 @@ in
       interfaceConfig = {
         SHOW_JITSI_WATERMARK = false;
         SHOW_WATERMARK_FOR_GUESTS = false;
+        APP_NAME = cfg.appName;
+      };
+      config = {
+        prejoinConfig = {
+          enabled = true;
+        };
       };
     };
     services.nginx.virtualHosts."${cfg.subdomain}.${domain}" = {