2023-04-10 19:18:19 +02:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
with lib;
|
|
|
|
let
|
|
|
|
cfgBase = config.base;
|
|
|
|
cfg = config.services.ppGitea;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
options.services.ppGitea = {
|
|
|
|
domain = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = "git.${cfgBase.domainName}";
|
|
|
|
example = "git.example.com";
|
|
|
|
description = "The domain of the server";
|
|
|
|
};
|
|
|
|
disableRegistration = mkOption {
|
|
|
|
type = types.bool;
|
|
|
|
default = true;
|
|
|
|
description = "Must be set to `false` for the initial deployement";
|
|
|
|
};
|
|
|
|
customPackage = mkOption {
|
|
|
|
type = types.package;
|
|
|
|
default = pkgs.fetchgit {
|
|
|
|
url = "https://git.mineau.eu/histausse/gitea_custom";
|
|
|
|
sha256 = "0r1kjkn0mkfyp2lb8j59frh1vnd1m54swpqwiasvg77r04ibfmn5";
|
|
|
|
};
|
|
|
|
description= "The package for custom configs like theme.";
|
|
|
|
};
|
2023-04-19 23:24:14 +02:00
|
|
|
dbPasswordFile = mkOption {
|
|
|
|
type = types.str;
|
|
|
|
default = "/etc/gitea_db_pwd";
|
|
|
|
description = "The file containing the database password. Be sure to secure it.";
|
|
|
|
};
|
2023-04-10 19:18:19 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
config = {
|
|
|
|
|
|
|
|
services.gitea.appName = "git";
|
|
|
|
services.gitea.stateDir = "/var/lib/gitea"; # default value
|
|
|
|
services.gitea.enable = true;
|
2023-04-17 21:56:36 +02:00
|
|
|
services.gitea.rootUrl = "https://${cfg.domain}/";
|
2023-04-10 19:18:19 +02:00
|
|
|
services.gitea.settings.service.DISABLE_REGISTRATION = lib.mkForce cfg.disableRegistration; # Only set after initial deploy
|
|
|
|
services.gitea.settings.session.COOKIE_SECURE = lib.mkForce true; # Why do I need to override this???
|
|
|
|
services.gitea.lfs.enable = true;
|
|
|
|
services.gitea.domain = cfg.domain;
|
|
|
|
# services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance
|
2023-04-19 23:24:14 +02:00
|
|
|
services.gitea.database.passwordFile = cfg.dbPasswordFile;
|
2023-04-10 19:18:19 +02:00
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
gitea
|
|
|
|
];
|
|
|
|
systemd.services.gitea.environment.GITEA_CUSTOM = "${config.services.gitea.stateDir}/custom";
|
|
|
|
systemd.services.gitea.preStart = lib.mkAfter ''
|
|
|
|
find ${config.services.gitea.stateDir}/ -type d -exec chmod u+w {} \;
|
|
|
|
cp -f -s -r ${cfg.customPackage}/* ${config.services.gitea.stateDir}/custom/
|
|
|
|
'';
|
|
|
|
services.gitea.settings = {
|
|
|
|
ui = {
|
|
|
|
THEMES = "gitea,arc-green,plex,aquamarine,dark,dracula,hotline,organizr,space-gray,hotpink,onedark,overseerr,nord";
|
|
|
|
DEFAULT_THEME = "dark";
|
|
|
|
};
|
|
|
|
"ui.meta" = {
|
|
|
|
DESCRIPTION = "Code everywhere";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
2023-04-19 23:24:14 +02:00
|
|
|
|
|
|
|
security.acme.acceptTerms = true;
|
|
|
|
security.acme.defaults.email = cfgBase.admin_email;
|
|
|
|
services.nginx = {
|
|
|
|
enable = true;
|
|
|
|
virtualHosts = {
|
|
|
|
"${cfg.domain}" = {
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://127.0.0.1:3000";
|
|
|
|
extraConfig = ''
|
|
|
|
proxy_set_header X-Forwarded-Host $host;
|
|
|
|
proxy_set_header X-Forwarded-Server $host;
|
|
|
|
proxy_set_header X-Real-IP $remote_addr;
|
|
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
proxy_set_header X-Forwarded-Proto $scheme;
|
|
|
|
proxy_set_header Host $host;
|
|
|
|
proxy_pass_request_headers on;
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
2023-04-10 19:18:19 +02:00
|
|
|
}
|