From d45b834efacf148a8da4e2646aa689a5871e6667 Mon Sep 17 00:00:00 2001 From: Histausse Date: Wed, 19 Apr 2023 23:24:14 +0200 Subject: [PATCH] update gitea config --- pp-gitea.nix | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/pp-gitea.nix b/pp-gitea.nix index 4fad29b..bfdbb28 100644 --- a/pp-gitea.nix +++ b/pp-gitea.nix @@ -25,6 +25,11 @@ in }; description= "The package for custom configs like theme."; }; + dbPasswordFile = mkOption { + type = types.str; + default = "/etc/gitea_db_pwd"; + description = "The file containing the database password. Be sure to secure it."; + }; }; config = { @@ -38,8 +43,7 @@ in services.gitea.lfs.enable = true; services.gitea.domain = cfg.domain; # services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance - services.gitea.database.passwordFile = "/var/lib/gitea/gitea-dbpassword"; - networking.firewall.allowedTCPPorts = [ 3000 ]; + services.gitea.database.passwordFile = cfg.dbPasswordFile; environment.systemPackages = with pkgs; [ gitea ]; @@ -57,5 +61,32 @@ in DESCRIPTION = "Code everywhere"; }; }; + + + # NGINX + security.acme.acceptTerms = true; + security.acme.defaults.email = cfgBase.admin_email; + services.nginx = { + enable = true; + virtualHosts = { + "${cfg.domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + extraConfig = '' + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + proxy_pass_request_headers on; + ''; + }; + }; + }; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; }; }