use forgejo in local system config

hosts/h001/containers/default.nix

@@ -1,13 +1,9 @@
-{ inputs }:
-let
-  common = inputs.common;
-in
 {
   ...
 }:
 {
   imports = [
-    common.nixosModules.containers.forgejo
+    ./forgejo.nix
     ./opengist.nix
     ./homarr.nix
     ./zitadel.nix
@@ -55,14 +51,7 @@ in
 
     virtualisation.oci-containers.backend = "podman";
 
-    security.acme.acceptTerms = true;
-    security.acme.defaults.email = "admin@joshuabell.xyz";
     services.nginx = {
-      enable = true;
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
       virtualHosts = {
         "localhost" = {
           locations."/" = {
@@ -70,13 +59,6 @@ in
           };
         };
 
-        # forgejo http traffic
-        "git.joshuabell.xyz" = {
-          locations."/" = {
-            proxyPass = "http://10.0.0.2:3000";
-          };
-        };
-
         "_" = {
           default = true;
           locations."/" = {
@@ -84,16 +66,6 @@ in
           };
         };
       };
-
-      # STREAMS
-      # Forgejo ssh
-      streamConfig = ''
-        server {
-          listen 3032;
-          proxy_pass 10.0.0.2:3032;
-        }
-      '';
-
     };
 
     networking.firewall.allowedTCPPorts = [

hosts/h001/containers/forgejo.nix

@@ -65,6 +65,25 @@ let
   };
 in
 {
+  services.nginx = {
+    virtualHosts = {
+      # forgejo http traffic
+      "git.joshuabell.xyz" = {
+        locations."/" = {
+          proxyPass = "http://10.0.0.2:3000";
+        };
+      };
+    };
+    # STREAMS
+    # Forgejo ssh
+    streamConfig = ''
+      server {
+        listen 3032;
+        proxy_pass 10.0.0.2:3032;
+      }
+    '';
+  };
+
   # Ensure users exists on host machine with same IDs as container
   inherit users;
 

hosts/h001/containers/opengist.nix

@@ -29,6 +29,8 @@ in
   '';
 
   services.nginx.virtualHosts."gist.joshuabell.xyz" = {
+    # enableACME = true;
+    # forceSSL = true;
     locations = {
       "/" = {
         proxyWebsockets = true;

hosts/h001/containers/zitadel.nix

@@ -68,6 +68,8 @@ in
   options = { };
   config = {
     services.nginx.virtualHosts."sso.joshuabell.xyz" = {
+      # enableACME = true;
+      # forceSSL = true;
       locations = {
         "/" = {
           proxyWebsockets = true;