47 lines
1.2 KiB
Nix
47 lines
1.2 KiB
Nix
{ lib, config, inputs, pkgs, ... }:
|
|
let
|
|
root_host = "grimmauld.de";
|
|
gitea_host = "git.${root_host}";
|
|
gitea_port = 8081;
|
|
gitea_ssh_port = 2222;
|
|
in {
|
|
services.gitea = {
|
|
enable = true;
|
|
settings = {
|
|
service.DISABLE_REGISTRATION = true;
|
|
server = {
|
|
HTTP_PORT = gitea_port;
|
|
ROOT_URL = "https://${gitea_host}/";
|
|
DISABLE_SSH = false;
|
|
SSH_DOMAIN = root_host;
|
|
START_SSH_SERVER = true;
|
|
BUILTIN_SSH_SERVER_USER = "git";
|
|
SSH_PORT = gitea_ssh_port;
|
|
# SSH_LISTEN_HOST="::"; # fixme?
|
|
# SSH_AUTHORIZED_PRINCIPALS_ALLOW="username";
|
|
};
|
|
# log.LEVEL = "Debug";
|
|
"ssh.minimum_key_sizes".RSA = 2048;
|
|
"git.timeout".MIGRATE = 6000;
|
|
};
|
|
lfs.enable = true;
|
|
};
|
|
|
|
|
|
security.acme.certs."${root_host}".extraDomainNames = [ gitea_host];
|
|
networking.firewall.allowedTCPPorts = [ gitea_ssh_port ];
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
virtualHosts."${gitea_host}" = {
|
|
serverName = gitea_host;
|
|
forceSSL = true;
|
|
useACMEHost = root_host;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}";
|
|
};
|
|
};
|
|
};
|
|
}
|
|
|