{ lib, config, inputs, pkgs, ... }: let inherit (config.networking) domain; gitea_host = "git.${domain}"; gitea_port = 8081; gitea_ssh_port = 2222; in { services.gitea = { enable = true; settings = { service.DISABLE_REGISTRATION = true; server = { HTTP_PORT = gitea_port; ROOT_URL = "https://${gitea_host}/"; DISABLE_SSH = false; SSH_DOMAIN = domain; START_SSH_SERVER = true; BUILTIN_SSH_SERVER_USER = "git"; SSH_PORT = gitea_ssh_port; # SSH_LISTEN_HOST="::"; # fixme? # SSH_AUTHORIZED_PRINCIPALS_ALLOW="username"; }; # log.LEVEL = "Debug"; "ssh.minimum_key_sizes".RSA = 2048; "git.timeout".MIGRATE = 6000; }; lfs.enable = true; }; environment.systemPackages = with pkgs; [ gitea ]; security.acme.certs."${domain}".extraDomainNames = [ gitea_host ]; networking.firewall.allowedTCPPorts = [ gitea_ssh_port ]; services.nginx = { enable = true; virtualHosts."${gitea_host}" = { serverName = gitea_host; forceSSL = true; useACMEHost = domain; locations."/" = { proxyPass = "http://127.0.0.1:${builtins.toString config.services.gitea.settings.server.HTTP_PORT}"; }; }; }; }