grimm-nixos-laptop/modules/gitea.nix

{
  lib,
  config,
  inputs,
  pkgs,
  ...
}:
let
  inherit (config.networking) domain;
  gitea_host = "git.${domain}";
  gitea_port = 8081;
  gitea_ssh_port = 2222;
in
{
  services.gitea = {
    enable = true;
    settings = {
      service.DISABLE_REGISTRATION = true;
      server = {
        HTTP_PORT = gitea_port;
        ROOT_URL = "https://${gitea_host}/";
        DISABLE_SSH = false;
        SSH_DOMAIN = domain;
        START_SSH_SERVER = true;
        BUILTIN_SSH_SERVER_USER = "git";
        SSH_PORT = gitea_ssh_port;
        #        SSH_LISTEN_HOST="::"; # fixme?
        #         SSH_AUTHORIZED_PRINCIPALS_ALLOW="username";
      };
      #      log.LEVEL = "Debug";
      "ssh.minimum_key_sizes".RSA = 2048;
      "git.timeout".MIGRATE = 6000;
    };
    lfs.enable = true;
  };

  environment.systemPackages = with pkgs; [ gitea ];

  security.acme.certs."${domain}".extraDomainNames = [ gitea_host ];
  networking.firewall.allowedTCPPorts = [ gitea_ssh_port ];

  services.nginx = {
    enable = true;
    virtualHosts."${gitea_host}" = {
      serverName = gitea_host;
      forceSSL = true;
      useACMEHost = domain;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}";
      };
    };
  };
}
fmt 2024-05-08 21:50:08 +02:00			`{`
			`lib,`
			`config,`
			`inputs,`
			`pkgs,`
			`...`
			`}:`
server config 2024-05-08 21:49:37 +02:00			`let`
			`inherit (config.networking) domain;`
			`gitea_host = "git.${domain}";`
			`gitea_port = 8081;`
			`gitea_ssh_port = 2222;`
fmt 2024-05-08 21:50:08 +02:00			`in`
			`{`
server config 2024-05-08 21:49:37 +02:00			`services.gitea = {`
			`enable = true;`
			`settings = {`
			`service.DISABLE_REGISTRATION = true;`
			`server = {`
			`HTTP_PORT = gitea_port;`
			`ROOT_URL = "https://${gitea_host}/";`
			`DISABLE_SSH = false;`
			`SSH_DOMAIN = domain;`
			`START_SSH_SERVER = true;`
			`BUILTIN_SSH_SERVER_USER = "git";`
			`SSH_PORT = gitea_ssh_port;`
fmt 2024-05-08 21:50:08 +02:00			`# SSH_LISTEN_HOST="::"; # fixme?`
			`# SSH_AUTHORIZED_PRINCIPALS_ALLOW="username";`
server config 2024-05-08 21:49:37 +02:00			`};`
fmt 2024-05-08 21:50:08 +02:00			`# log.LEVEL = "Debug";`
server config 2024-05-08 21:49:37 +02:00			`"ssh.minimum_key_sizes".RSA = 2048;`
			`"git.timeout".MIGRATE = 6000;`
			`};`
			`lfs.enable = true;`
			`};`

fmt 2024-05-08 21:50:08 +02:00			`environment.systemPackages = with pkgs; [ gitea ];`
server config 2024-05-08 21:49:37 +02:00
fmt 2024-05-08 21:50:08 +02:00			`security.acme.certs."${domain}".extraDomainNames = [ gitea_host ];`
server config 2024-05-08 21:49:37 +02:00			`networking.firewall.allowedTCPPorts = [ gitea_ssh_port ];`

			`services.nginx = {`
			`enable = true;`
			`virtualHosts."${gitea_host}" = {`
			`serverName = gitea_host;`
			`forceSSL = true;`
			`useACMEHost = domain;`
			`locations."/" = {`
			`proxyPass = "http://127.0.0.1:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}";`
			`};`
			`};`
			`};`
			`}`