update gitea config

This commit is contained in:
Histausse 2023-04-19 23:24:14 +02:00
parent bdca8e626c
commit a36838a657
2 changed files with 45 additions and 3 deletions

View file

@ -18,7 +18,7 @@ in {
type = types.str; type = types.str;
example = "example@example.com"; example = "example@example.com";
description = "Email of the admin, use for ACME and stuff"; description = "Email of the admin, use for ACME and stuff";
} };
}; };
config = { config = {
swapDevices = [ swapDevices = [
@ -31,6 +31,9 @@ in {
boot.kernelParams = [ "console=tty0" "console=ttyS0,115200"]; boot.kernelParams = [ "console=tty0" "console=ttyS0,115200"];
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
system.autoUpgrade.enable = true;
system.autoUpgrade.allowReboot = true;
networking.hostName = "${cfg.name}"; networking.hostName = "${cfg.name}";

View file

@ -25,6 +25,11 @@ in
}; };
description= "The package for custom configs like theme."; description= "The package for custom configs like theme.";
}; };
dbPasswordFile = mkOption {
type = types.str;
default = "/etc/gitea_db_pwd";
description = "The file containing the database password. Be sure to secure it.";
};
}; };
config = { config = {
@ -38,8 +43,15 @@ in
services.gitea.lfs.enable = true; services.gitea.lfs.enable = true;
services.gitea.domain = cfg.domain; services.gitea.domain = cfg.domain;
# services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance # services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance
services.gitea.database.passwordFile = "/var/lib/gitea/gitea-dbpassword"; services.gitea.database.passwordFile = cfg.dbPasswordFile;
networking.firewall.allowedTCPPorts = [ 3000 ]; # Set the permittions for the db file
system.activationScripts = {
giteaDbFilePermission.text =
''
chmod 400 ${cfg.dbPasswordFile}
chown ${config.services.gitea.user} ${cfg.dbPasswordFile}
'';
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gitea gitea
]; ];
@ -57,5 +69,32 @@ in
DESCRIPTION = "Code everywhere"; DESCRIPTION = "Code everywhere";
}; };
}; };
# NGINX
security.acme.acceptTerms = true;
security.acme.defaults.email = cfgBase.admin_email;
services.nginx = {
enable = true;
virtualHosts = {
"${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass_request_headers on;
'';
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}; };
} }