From 7a1006318aa02c429ae17e51329472f55c2d949e Mon Sep 17 00:00:00 2001
From: Mike Barnes <mike@grousemedia.com>
Date: Thu, 18 Jul 2024 13:08:37 +1000
Subject: [PATCH] Forgejo config files

---
 forgejo/app.ini                    | 73 ++++++++++++++++++++++++++++++
 forgejo/nginx/git.chinwag.org.conf | 24 ++++++++++
 forgejo/systemd/forgejo.service    | 19 ++++++++
 3 files changed, 116 insertions(+)
 create mode 100644 forgejo/app.ini
 create mode 100644 forgejo/nginx/git.chinwag.org.conf
 create mode 100644 forgejo/systemd/forgejo.service

diff --git a/forgejo/app.ini b/forgejo/app.ini
new file mode 100644
index 0000000..68071af
--- /dev/null
+++ b/forgejo/app.ini
@@ -0,0 +1,73 @@
+APP_NAME = Chinwag Code
+RUN_USER = git
+RUN_MODE = prod
+WORK_PATH = /var/lib/forgejo
+
+[security]
+INTERNAL_TOKEN = 
+INSTALL_LOCK   = true
+SECRET_KEY     = 
+
+[database]
+DB_TYPE  = postgres
+HOST     = 127.0.0.1:5432
+NAME     = forgejo
+USER     = forgejo
+PASSWD   = 
+SSL_MODE = disable
+
+[repository]
+ROOT               = /var/lib/forgejo/data/forgejo-repositories
+MAX_CREATION_LIMIT = 5
+DEFAULT_BRANCH     = main
+
+[server]
+SSH_DOMAIN       = git.chinwag.org
+DOMAIN           = git.chinwag.org
+HTTP_PORT        = 3000
+ROOT_URL         = https://git.chinwag.org/
+LOCAL_ROOT_URL   = http://localhost:3000/
+DISABLE_SSH      = false
+SSH_PORT         = 22
+LFS_START_SERVER = true
+LFS_JWT_SECRET   = 
+OFFLINE_MODE     = false
+
+[mailer]
+ENABLED		= true
+SMTP_ADDR	= 
+SMTP_PORT	= 
+FROM		= 
+USER		= 
+PASSWD		= 
+
+[service]
+REGISTER_EMAIL_CONFIRM            = true
+ENABLE_NOTIFY_MAIL                = true
+DISABLE_REGISTRATION              = false
+ALLOW_ONLY_EXTERNAL_REGISTRATION  = true
+ENABLE_CAPTCHA                    = true
+REQUIRE_SIGNIN_VIEW               = false
+DEFAULT_KEEP_EMAIL_PRIVATE        = false
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+DEFAULT_ENABLE_TIMETRACKING       = true
+NO_REPLY_ADDRESS                  = noreply.chinwag.org
+
+[picture]
+DISABLE_GRAVATAR        = false
+ENABLE_FEDERATED_AVATAR = true
+
+[openid]
+ENABLE_OPENID_SIGNIN = true
+ENABLE_OPENID_SIGNUP = true
+
+[session]
+PROVIDER = file
+
+[log]
+MODE      = file
+LEVEL     = Info
+ROOT_PATH = /var/lib/forgejo/log
+
+[oauth2]
+JWT_SECRET = 
diff --git a/forgejo/nginx/git.chinwag.org.conf b/forgejo/nginx/git.chinwag.org.conf
new file mode 100644
index 0000000..5063178
--- /dev/null
+++ b/forgejo/nginx/git.chinwag.org.conf
@@ -0,0 +1,24 @@
+server {
+	listen 443 ssl http2;
+	listen [::]:443 ssl http2;
+	server_name git.chinwag.org;
+
+	access_log /var/log/nginx/git.chinwag.org-access.log;
+	error_log /var/log/nginx/git.chinwag.org-error.log;
+
+	ssl_certificate                 /etc/letsencrypt/live/git.chinwag.org/fullchain.pem;
+	ssl_certificate_key             /etc/letsencrypt/live/git.chinwag.org/privkey.pem;
+
+	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
+
+	location = /robots.txt {
+		allow all;
+		log_not_found off;
+		access_log off;
+	}
+
+	location / {
+		proxy_pass http://127.0.0.1:3000;
+		proxy_set_header Host $host;
+	}
+}
diff --git a/forgejo/systemd/forgejo.service b/forgejo/systemd/forgejo.service
new file mode 100644
index 0000000..d9d3720
--- /dev/null
+++ b/forgejo/systemd/forgejo.service
@@ -0,0 +1,19 @@
+[Unit]
+Description=Forgejo (Beyond coding. We forge.)
+After=syslog.target
+After=network.target
+Wants=postgresql.service
+After=postgresql.service
+
+[Service]
+RestartSec=2s
+Type=simple
+User=git
+Group=git
+WorkingDirectory=/var/lib/forgejo/
+ExecStart=/usr/local/bin/forgejo web --config /etc/forgejo/app.ini
+Restart=always
+Environment=USER=git HOME=/var/forgejo FORGEJO_WORK_DIR=/var/lib/forgejo
+
+[Install]
+WantedBy=multi-user.target