From c673f7ba52cf9b4b4b04341b4be59304131c65d9 Mon Sep 17 00:00:00 2001
From: Histausse <histausse@protonmail.com>
Date: Wed, 19 Apr 2023 23:24:14 +0200
Subject: [PATCH] update gitea config

---
 base.nix     |  5 ++++-
 pp-gitea.nix | 43 +++++++++++++++++++++++++++++++++++++++++--
 2 files changed, 45 insertions(+), 3 deletions(-)

diff --git a/base.nix b/base.nix
index 856b01c..42ac293 100644
--- a/base.nix
+++ b/base.nix
@@ -18,7 +18,7 @@ in {
       type = types.str;
       example = "example@example.com";
       description = "Email of the admin, use for ACME and stuff";
-    }
+    };
   };
   config = {
     swapDevices = [
@@ -31,6 +31,9 @@ in {
   
     boot.kernelParams = [ "console=tty0" "console=ttyS0,115200"];
     services.qemuGuest.enable = true;
+
+    system.autoUpgrade.enable = true;
+    system.autoUpgrade.allowReboot = true;
   
     networking.hostName = "${cfg.name}";
   
diff --git a/pp-gitea.nix b/pp-gitea.nix
index 4fad29b..50b66fe 100644
--- a/pp-gitea.nix
+++ b/pp-gitea.nix
@@ -25,6 +25,11 @@ in
       };
       description= "The package for custom configs like theme.";
     };
+    dbPasswordFile = mkOption {
+      type = types.str;
+      default = "/etc/gitea_db_pwd";
+      description = "The file containing the database password. Be sure to secure it.";
+    };
   };
 
   config = {
@@ -38,8 +43,15 @@ in
     services.gitea.lfs.enable = true;
     services.gitea.domain = cfg.domain;
     # services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance
-    services.gitea.database.passwordFile = "/var/lib/gitea/gitea-dbpassword";
-    networking.firewall.allowedTCPPorts = [ 3000 ];
+    services.gitea.database.passwordFile = cfg.dbPasswordFile;
+    # Set the permittions for the db file
+    system.activationScripts = {
+      giteaDbFilePermission.text = 
+      ''
+        chmod 400 ${cfg.dbPasswordFile}
+        chown ${config.services.gitea.user} ${cfg.dbPasswordFile}
+      '';
+    },
     environment.systemPackages = with pkgs; [
       gitea
     ];
@@ -57,5 +69,32 @@ in
         DESCRIPTION = "Code everywhere";
       };
     };
+  
+
+    # NGINX
+    security.acme.acceptTerms = true;
+    security.acme.defaults.email = cfgBase.admin_email;
+    services.nginx = {
+        enable = true;
+        virtualHosts = {
+          "${cfg.domain}" = {
+            forceSSL = true;
+            enableACME = true;
+            locations."/" = {
+              proxyPass = "http://127.0.0.1:3000";
+              extraConfig = ''
+                proxy_set_header X-Forwarded-Host $host;
+                proxy_set_header X-Forwarded-Server $host;
+                proxy_set_header X-Real-IP $remote_addr;
+                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+                proxy_set_header X-Forwarded-Proto $scheme;
+                proxy_set_header Host $host;
+                proxy_pass_request_headers on;
+              '';
+            };
+          };
+        };
+      };
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
   };
 }