diff --git a/pp-gitea.nix b/pp-gitea.nix index ad28d2d..7fd47e8 100644 --- a/pp-gitea.nix +++ b/pp-gitea.nix @@ -12,10 +12,15 @@ in example = "git.example.com"; description = "The domain of the server"; }; - disableRegistration = mkOption { + openIdEnable = mkOption { type = types.bool; - default = true; - description = "Must be set to `false` for the initial deployement"; + default = false; + description = "If OpenId provider is setup and should be used exclusively."; + }; + openIdClientName = mkOption { + type = types.str; + default = ""; + description = "The name (id) of the openId client to use exclusively."; }; customPackage = mkOption { type = types.package; @@ -38,8 +43,10 @@ in services.gitea.stateDir = "/var/lib/gitea"; # default value services.gitea.enable = true; services.gitea.rootUrl = "https://${cfg.domain}/"; - services.gitea.settings.service.DISABLE_REGISTRATION = lib.mkForce cfg.disableRegistration; # Only set after initial deploy services.gitea.settings.session.COOKIE_SECURE = lib.mkForce true; # Why do I need to override this??? + #services.gitea.settings.service.DISABLE_REGISTRATION = lib.mkForce (!cfg.openIdEnable); + #services.gitea.settings.service.ALLOW_ONLY_EXTERNAL_REGISTRATION = cfg.openIdEnable; + #services.gitea.settings."openid".ENABLE_OPENID_SIGNUP = cfg.openIdEnable; services.gitea.lfs.enable = true; services.gitea.domain = cfg.domain; # services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance @@ -76,7 +83,7 @@ in security.acme.defaults.email = cfgBase.adminEmail; services.nginx = { enable = true; - virtualHosts = { + virtualHosts = lib.mkMerge { "${cfg.domain}" = { forceSSL = true; enableACME = true; @@ -92,6 +99,9 @@ in proxy_pass_request_headers on; ''; }; +# locations."/user/login" = lib.mkIf (cfg.openIdEnable) { +# globalRedirect = "$host/${cfg.openIdClientName}"; +# }; }; }; };