nx2/dotfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
1005cc522dc1ca0ca4a826d4fe75e6ec000601cf
dotfiles/system-modules/nx2site/gitea.nix
Lennart J. Kurzweg (Nx2) f5af726382 nx2site gitea and vaultwarden (working)
2024-11-20 01:24:57 +01:00

85 lines
2.3 KiB
Nix
Raw Blame History

{ config, pkgs, secrets, user, domain, ... }:
let git-user = "git"; in
{
sops.secrets = {
"postgres-pw" = { owner = config.services.gitea.user; };
};
environment.systemPackages = with pkgs; [
gitea
];
users = {
users = {
"${user}".extraGroups = [ git-user ];
"${git-user}" = {
isSystemUser = true;
group = git-user;
useDefaultShell = true;
home = config.services.gitea.stateDir;
openssh.authorizedKeys.keys = config.users.users."${user}".openssh.authorizedKeys.keys;
};
};
groups."${git-user}" = {};
};
services.gitea = {
enable = true;
package = pkgs.gitea;
group = git-user;
user = git-user;
appName = "NxGit";
stateDir = "/var/lib/gitea"; # default
useWizard = false; # default
# camoHmacKeyFile = ;
database = {
createDatabase = false; # default
host = "127.0.0.1"; # default
port = 5432;
passwordFile = config.sops.secrets."postgres-pw".path;
socket = null;
type = "postgres";
name = "gitea"; # default
user = "gitea"; # default
};
dump = {
enable = true;
backupDir = "/var/backup/gitea";
file = null; # default = chosen by gitea
interval = "daily";
type = "zip"; # default
};
# extraConfig = null; # default
# lfs = {
# enable = false; # default
# contentDir = "${config.services.gitea.stateDir}/data/lfs"; # default
# };
# mailerPasswordFile = null; # default
# metricsTokenFile = null; # default
# repositoryRoot = "${config.services.gitea.stateDir}/repositories"; # default
settings = {
log = {
LEVEL = "Info";
# LEVEL = "Error";
};
server = {
DISABLE_SSH = false; # default
START_SSH_SERVER = false; # default
SSH_LISTEN_HOST = "0.0.0.0";
SSH_PORT = secrets.ssh.port;
DOMAIN = "pw.${domain}";
SSH_DOMAIN = "ssh.${domain}";
# HTTP_ADDR = "${config.services.gitea.settings.server.DOMAIN}";
# HTTP_PORT = 3000; # default
# PROTOCOL = "http"; # default
# ROOT_URL = "https:pw.${domain}/"; # default
};
session = {
COOKIE_SECURE = true;
};
service = {
DISABLE_REGISTRATION = true;
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink