update gitea config

This commit is contained in:
Histausse 2023-04-19 23:24:14 +02:00
parent bdca8e626c
commit c673f7ba52
2 changed files with 45 additions and 3 deletions

View file

@ -18,7 +18,7 @@ in {
type = types.str;
example = "example@example.com";
description = "Email of the admin, use for ACME and stuff";
}
};
};
config = {
swapDevices = [
@ -31,6 +31,9 @@ in {
boot.kernelParams = [ "console=tty0" "console=ttyS0,115200"];
services.qemuGuest.enable = true;
system.autoUpgrade.enable = true;
system.autoUpgrade.allowReboot = true;
networking.hostName = "${cfg.name}";

View file

@ -25,6 +25,11 @@ in
};
description= "The package for custom configs like theme.";
};
dbPasswordFile = mkOption {
type = types.str;
default = "/etc/gitea_db_pwd";
description = "The file containing the database password. Be sure to secure it.";
};
};
config = {
@ -38,8 +43,15 @@ in
services.gitea.lfs.enable = true;
services.gitea.domain = cfg.domain;
# services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance
services.gitea.database.passwordFile = "/var/lib/gitea/gitea-dbpassword";
networking.firewall.allowedTCPPorts = [ 3000 ];
services.gitea.database.passwordFile = cfg.dbPasswordFile;
# Set the permittions for the db file
system.activationScripts = {
giteaDbFilePermission.text =
''
chmod 400 ${cfg.dbPasswordFile}
chown ${config.services.gitea.user} ${cfg.dbPasswordFile}
'';
},
environment.systemPackages = with pkgs; [
gitea
];
@ -57,5 +69,32 @@ in
DESCRIPTION = "Code everywhere";
};
};
# NGINX
security.acme.acceptTerms = true;
security.acme.defaults.email = cfgBase.admin_email;
services.nginx = {
enable = true;
virtualHosts = {
"${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass_request_headers on;
'';
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
};
}