update gitea config
This commit is contained in:
parent
bdca8e626c
commit
c673f7ba52
5
base.nix
5
base.nix
|
@ -18,7 +18,7 @@ in {
|
|||
type = types.str;
|
||||
example = "example@example.com";
|
||||
description = "Email of the admin, use for ACME and stuff";
|
||||
}
|
||||
};
|
||||
};
|
||||
config = {
|
||||
swapDevices = [
|
||||
|
@ -32,6 +32,9 @@ in {
|
|||
boot.kernelParams = [ "console=tty0" "console=ttyS0,115200"];
|
||||
services.qemuGuest.enable = true;
|
||||
|
||||
system.autoUpgrade.enable = true;
|
||||
system.autoUpgrade.allowReboot = true;
|
||||
|
||||
networking.hostName = "${cfg.name}";
|
||||
|
||||
time.timeZone = "Europe/Paris";
|
||||
|
|
43
pp-gitea.nix
43
pp-gitea.nix
|
@ -25,6 +25,11 @@ in
|
|||
};
|
||||
description= "The package for custom configs like theme.";
|
||||
};
|
||||
dbPasswordFile = mkOption {
|
||||
type = types.str;
|
||||
default = "/etc/gitea_db_pwd";
|
||||
description = "The file containing the database password. Be sure to secure it.";
|
||||
};
|
||||
};
|
||||
|
||||
config = {
|
||||
|
@ -38,8 +43,15 @@ in
|
|||
services.gitea.lfs.enable = true;
|
||||
services.gitea.domain = cfg.domain;
|
||||
# services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance
|
||||
services.gitea.database.passwordFile = "/var/lib/gitea/gitea-dbpassword";
|
||||
networking.firewall.allowedTCPPorts = [ 3000 ];
|
||||
services.gitea.database.passwordFile = cfg.dbPasswordFile;
|
||||
# Set the permittions for the db file
|
||||
system.activationScripts = {
|
||||
giteaDbFilePermission.text =
|
||||
''
|
||||
chmod 400 ${cfg.dbPasswordFile}
|
||||
chown ${config.services.gitea.user} ${cfg.dbPasswordFile}
|
||||
'';
|
||||
},
|
||||
environment.systemPackages = with pkgs; [
|
||||
gitea
|
||||
];
|
||||
|
@ -57,5 +69,32 @@ in
|
|||
DESCRIPTION = "Code everywhere";
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
# NGINX
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = cfgBase.admin_email;
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"${cfg.domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3000";
|
||||
extraConfig = ''
|
||||
proxy_set_header X-Forwarded-Host $host;
|
||||
proxy_set_header X-Forwarded-Server $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass_request_headers on;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue