{ config, pkgs, lib, domain, ... }: { sops.secrets = { "postgres-pw" = { owner = config.services.gitea.user; }; }; environment.systemPackages = with pkgs; [ gitea ]; services.gitea = { enable = true; package = pkgs.gitea; group = "gitea"; # default user = "gitea"; # default appName = "NxGit"; stateDir = "/var/lib/gitea"; # default useWizard = false; # default # camoHmacKeyFile = ; customDir = "${config.services.gitea.stateDir}/custom"; # default database = { createDatabase = false; # default host = "127.0.0.1"; # default port = 5432; passwordFile = config.sops.secrets."postgres-pw".path; # path = "${config.services.gitea.stateDir}/data/gitea.db"; # default # socket = "/run/postgresql"; socket = null; type = "postgres"; name = "gitea"; # default user = "gitea"; # default }; # dump = { # enable = true; # backupDir = "${config.services.gitea.stateDir}/dump"; # default # file = null; # default # interval = "daily"; # type = "zip"; # default # }; # extraConfig = null; # default # lfs = { # enable = false; # default # contentDir = "${config.services.gitea.stateDir}/data/lfs"; # default # }; # mailerPasswordFile = null; # default # metricsTokenFile = null; # default repositoryRoot = "${config.services.gitea.stateDir}/repositories"; # default settings = { log = { LEVEL = "Info"; # LEVEL = "Error"; ROOT_PATH = "${config.services.gitea.stateDir}/log"; # default }; # i18n = { # LANGS = "en-US"; # }; server = { DISABLE_SSH = false; # default SSH_PORT = 20022; # DOMAIN = "pw2.${domain}"; # HTTP_ADDR = "${config.services.gitea.settings.server.DOMAIN}:${toString config.services.gitea.settings.server.HTTP_PORT}/"; # HTTP_PORT = 3000; # default # PROTOCOL = "http"; # default # ROOT_URL = "https:pw2.${domain}/"; # default STATIC_ROOT_PATH = "${config.services.gitea.stateDir}/static"; }; session = { COOKIE_SECURE = true; }; service = { DISABLE_REGISTRATION = true; }; }; }; } # APP_NAME = Gitea: Git with a cup of tea # RUN_MODE = prod # RUN_USER = git # WORK_PATH = /data/gitea # [repository] # ROOT = /data/git/repositories # ENABLE_PUSH_CREATE_ORG = true # ENABLE_PUSH_CREATE_USER = true # [repository.local] # LOCAL_COPY_PATH = /data/gitea/tmp/local-repo # [repository.upload] # TEMP_PATH = /data/gitea/uploads # [server] # APP_DATA_PATH = /data/gitea # DOMAIN = git.nx2.site # SSH_DOMAIN = git.nx2.site # HTTP_PORT = 3000 # ROOT_URL = https://git.nx2.site/ # DISABLE_SSH = false # SSH_PORT = 22 # SSH_LISTEN_PORT = 22 # LFS_START_SERVER = true # LFS_JWT_SECRET = aitnnoway # OFFLINE_MODE = false # [database] # PATH = /data/gitea/gitea.db # DB_TYPE = postgres # HOST = giteadb:5432 # NAME = gitea # USER = gitea # PASSWD = -lkjlkj # LOG_SQL = false # SCHEMA = # SSL_MODE = disable # [indexer] # ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve # [session] # PROVIDER_CONFIG = /data/gitea/sessions # PROVIDER = file # [picture] # AVATAR_UPLOAD_PATH = /data/gitea/avatars # REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars # [attachment] # PATH = /data/gitea/attachments # [log] # MODE = console # LEVEL = info # ROOT_PATH = /data/gitea/log # [security] # INSTALL_LOCK = true # SECRET_KEY = # REVERSE_PROXY_LIMIT = 1 # REVERSE_PROXY_TRUSTED_PROXIES = * # INTERNAL_TOKEN = faaaaakeeyJuYmYiOjE3MTMxMTAzMjN9.iliwlrfZDTb8oL296gpXRYhC-6_AJdjePO7dk3NT-PE # PASSWORD_HASH_ALGO = pbkdf2 # [service] # DISABLE_REGISTRATION = true # REQUIRE_SIGNIN_VIEW = false # REGISTER_EMAIL_CONFIRM = false # ENABLE_NOTIFY_MAIL = false # ALLOW_ONLY_EXTERNAL_REGISTRATION = false # ENABLE_CAPTCHA = false # DEFAULT_KEEP_EMAIL_PRIVATE = false # DEFAULT_ALLOW_CREATE_ORGANIZATION = true # DEFAULT_ENABLE_TIMETRACKING = true # NO_REPLY_ADDRESS = noreply.nx2.site # [lfs] # PATH = /data/git/lfs # [mailer] # ENABLED = true # SMTP_ADDR = smtp.gmail.com # SMTP_PORT = 587 # FROM = git@nx2.site # USER = lennart.kurzweg.lk@gmail.com # PASSWD = "ihh" # [openid] # ENABLE_OPENID_SIGNIN = true # ENABLE_OPENID_SIGNUP = false # [cron.update_checker] # ENABLED = false # [repository.pull-request] # DEFAULT_MERGE_STYLE = merge # [repository.signing] # DEFAULT_TRUST_MODEL = committer # [oauth2] # JWT_SECRET = redavt