grimm-nix-server/modules/gitea.nix

{ lib, config, inputs, pkgs, ... }:
let
  inherit (config.networking) domain;
  gitea_host = "git.${domain}";
  gitea_port = 8081;
  gitea_ssh_port = 2222;
in {
  services.gitea = {
    enable = true;
    settings = {
      service.DISABLE_REGISTRATION = true;
      server = {
        HTTP_PORT = gitea_port;
        ROOT_URL = "https://${gitea_host}/";
        DISABLE_SSH = false;
        SSH_DOMAIN = domain;
        START_SSH_SERVER = true;
        BUILTIN_SSH_SERVER_USER = "git";
        SSH_PORT = gitea_ssh_port;
#        SSH_LISTEN_HOST="::"; # fixme?
#         SSH_AUTHORIZED_PRINCIPALS_ALLOW="username";
      };
#      log.LEVEL = "Debug";
      "ssh.minimum_key_sizes".RSA = 2048;
      "git.timeout".MIGRATE = 6000;
    };
    lfs.enable = true;
  };


  security.acme.certs."${domain}".extraDomainNames = [ gitea_host];
  networking.firewall.allowedTCPPorts = [ gitea_ssh_port ];

  services.nginx = {
    enable = true;
    virtualHosts."${gitea_host}" = {
      serverName = gitea_host;
      forceSSL = true;
      useACMEHost = domain;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}";
      };
    };
  };
}
split config into different modules. Hope i didn't break anything :) 2023-12-28 15:32:47 +01:00			`{ lib, config, inputs, pkgs, ... }:`
			`let`
domain config 2024-05-08 20:45:41 +02:00			`inherit (config.networking) domain;`
			`gitea_host = "git.${domain}";`
split config into different modules. Hope i didn't break anything :) 2023-12-28 15:32:47 +01:00			`gitea_port = 8081;`
misc updates 2024-05-08 20:23:42 +02:00			`gitea_ssh_port = 2222;`
split config into different modules. Hope i didn't break anything :) 2023-12-28 15:32:47 +01:00			`in {`
			`services.gitea = {`
			`enable = true;`
			`settings = {`
			`service.DISABLE_REGISTRATION = true;`
			`server = {`
			`HTTP_PORT = gitea_port;`
			`ROOT_URL = "https://${gitea_host}/";`
misc updates 2024-05-08 20:23:42 +02:00			`DISABLE_SSH = false;`
domain config 2024-05-08 20:45:41 +02:00			`SSH_DOMAIN = domain;`
misc updates 2024-05-08 20:23:42 +02:00			`START_SSH_SERVER = true;`
			`BUILTIN_SSH_SERVER_USER = "git";`
			`SSH_PORT = gitea_ssh_port;`
			`# SSH_LISTEN_HOST="::"; # fixme?`
			`# SSH_AUTHORIZED_PRINCIPALS_ALLOW="username";`
split config into different modules. Hope i didn't break anything :) 2023-12-28 15:32:47 +01:00			`};`
			`# log.LEVEL = "Debug";`
switch to t2bot fork for bridge, fix some misc 2024-02-11 18:54:01 +01:00			`"ssh.minimum_key_sizes".RSA = 2048;`
misc updates 2024-05-08 20:23:42 +02:00			`"git.timeout".MIGRATE = 6000;`
split config into different modules. Hope i didn't break anything :) 2023-12-28 15:32:47 +01:00			`};`
			`lfs.enable = true;`
			`};`
misc updates 2024-05-08 20:23:42 +02:00

domain config 2024-05-08 20:45:41 +02:00			`security.acme.certs."${domain}".extraDomainNames = [ gitea_host];`
misc updates 2024-05-08 20:23:42 +02:00			`networking.firewall.allowedTCPPorts = [ gitea_ssh_port ];`
split config into different modules. Hope i didn't break anything :) 2023-12-28 15:32:47 +01:00
			`services.nginx = {`
			`enable = true;`
			`virtualHosts."${gitea_host}" = {`
			`serverName = gitea_host;`
			`forceSSL = true;`
domain config 2024-05-08 20:45:41 +02:00			`useACMEHost = domain;`
split config into different modules. Hope i didn't break anything :) 2023-12-28 15:32:47 +01:00			`locations."/" = {`
some cleanup 2023-12-31 09:57:22 +01:00			`proxyPass = "http://127.0.0.1:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}";`
split config into different modules. Hope i didn't break anything :) 2023-12-28 15:32:47 +01:00			`};`
			`};`
			`};`
			`}`