grimm-nixos-laptop/modules/gitea.nix

54 lines
1.3 KiB
Nix
Raw Normal View History

2024-05-08 21:50:08 +02:00
{
lib,
config,
inputs,
pkgs,
...
}:
2024-05-08 21:49:37 +02:00
let
inherit (config.networking) domain;
gitea_host = "git.${domain}";
gitea_port = 8081;
gitea_ssh_port = 2222;
2024-05-08 21:50:08 +02:00
in
{
2024-05-08 21:49:37 +02:00
services.gitea = {
enable = true;
settings = {
service.DISABLE_REGISTRATION = true;
server = {
HTTP_PORT = gitea_port;
ROOT_URL = "https://${gitea_host}/";
DISABLE_SSH = false;
SSH_DOMAIN = domain;
START_SSH_SERVER = true;
BUILTIN_SSH_SERVER_USER = "git";
SSH_PORT = gitea_ssh_port;
2024-05-08 21:50:08 +02:00
# SSH_LISTEN_HOST="::"; # fixme?
# SSH_AUTHORIZED_PRINCIPALS_ALLOW="username";
2024-05-08 21:49:37 +02:00
};
2024-05-08 21:50:08 +02:00
# log.LEVEL = "Debug";
2024-05-08 21:49:37 +02:00
"ssh.minimum_key_sizes".RSA = 2048;
"git.timeout".MIGRATE = 6000;
};
lfs.enable = true;
};
2024-05-08 21:50:08 +02:00
environment.systemPackages = with pkgs; [ gitea ];
2024-05-08 21:49:37 +02:00
2024-05-08 21:50:08 +02:00
security.acme.certs."${domain}".extraDomainNames = [ gitea_host ];
2024-05-08 21:49:37 +02:00
networking.firewall.allowedTCPPorts = [ gitea_ssh_port ];
services.nginx = {
enable = true;
virtualHosts."${gitea_host}" = {
serverName = gitea_host;
forceSSL = true;
useACMEHost = domain;
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}";
};
};
};
}