move forgejo to it's own module and enable fail2ban for it

os/hs/configuration.nix

@@ -8,6 +8,7 @@ let
     hs
   ];
   domain = "antoinev.freeboxos.fr";
+  utils = import ../utils.nix;
 in {
   imports = [
     ./hardware-configuration.nix
@@ -15,6 +16,7 @@ in {
     ./disks.nix
     ./backup.nix
     ../common.nix
+    ../forgejo.nix
     (import ../remote-disk-unlock.nix ["r8169"] sshKeys)
   ];
 
@@ -97,16 +99,7 @@ in {
     recommendedOptimisation = true;
     recommendedProxySettings = true;
     recommendedTlsSettings = true;
-    virtualHosts = let
-      reverseProxy = port: {
-        enableACME = true;
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://127.0.0.1:${builtins.toString port}";
-          proxyWebsockets = true;
-        };
-      };
-    in {
+    virtualHosts = {
       "immich.antoinevaure.fr" = {
         enableACME = true;
         forceSSL = true;
@@ -124,65 +117,16 @@ in {
         };
       };
 
-      "jellyfin.antoinevaure.fr" = (reverseProxy 8096);
+      "jellyfin.antoinevaure.fr" = (utils.reverseProxy 8096);
       # "sonarr.${domain}" = (reverseProxy 8989);
       # "radarr.${domain}" = (reverseProxy 7878);
       # "qbittorrent.${domain}" = (reverseProxy qbittorrentPort);
-      "git.antoinevaure.fr" = (reverseProxy 3000);
+      "git.antoinevaure.fr" = (utils.reverseProxy 3000);
       # "nextcloud.${domain}" = {
       #   enableACME = true;
       #   forceSSL = true;
       # };
-      "nixcache.antoinevaure.fr" = (reverseProxy config.services.nix-serve.port);
-    };
-  };
-
-  services.forgejo = {
-    enable = true;
-    lfs.enable = true;
-    settings = {
-      server = {
-        DOMAIN = "git.antoinevaure.fr";
-        ROOT_URL = "https://git.antoinevaure.fr/"; 
-        HTTP_PORT = 3000;
-      };
-      # You can temporarily allow registration to create an admin user.
-      service.DISABLE_REGISTRATION = true; 
-      # Add support for actions, based on act: https://github.com/nektos/act
-      actions = {
-        ENABLED = true;
-        # DEFAULT_ACTIONS_URL = "github";
-      };
-
-      repository = {
-        ENABLE_PUSH_CREATE_USER = true;
-        ENABLE_PUSH_CREATE_ORG = true;
-      };
-      # Sending emails is completely optional
-      # You can send a test email from the web UI at:
-      # Profile Picture > Site Administration > Configuration >  Mailer Configuration 
-      # mailer = {
-      #   ENABLED = true;
-      #   SMTP_ADDR = "mail.example.com";
-      #   FROM = "noreply@${srv.DOMAIN}";
-      #   USER = "noreply@${srv.DOMAIN}";
-      # };
-    };
-  };
-
-  services.gitea-actions-runner = {
-    package = pkgs.forgejo-actions-runner;
-    instances.default = {
-      enable = true;
-      name = "monolith";
-      url = "https://git.antoinevaure.fr";
-      # Obtaining the path to the runner token file may differ
-      # tokenFile should be in format TOKEN=<secret>, since it's EnvironmentFile for systemd
-      tokenFile = /root/forgejo_runner_token;
-      labels = [
-        "native:host"
-      ];
-      hostPackages = with pkgs; [ bash coreutils gitMinimal config.nix.package ];
+      "nixcache.antoinevaure.fr" = (utils.reverseProxy config.services.nix-serve.port);
     };
   };