From f10dd47c67af277cff6d47dd490502e92285ceae Mon Sep 17 00:00:00 2001 From: Histausse Date: Wed, 19 Apr 2023 23:24:14 +0200 Subject: [PATCH] update gitea config --- pp-gitea.nix | 33 +++++++++++++++++++++++++++++++-- 1 file changed, 31 insertions(+), 2 deletions(-) diff --git a/pp-gitea.nix b/pp-gitea.nix index 4fad29b..88c7c08 100644 --- a/pp-gitea.nix +++ b/pp-gitea.nix @@ -25,6 +25,11 @@ in }; description= "The package for custom configs like theme."; }; + dbPasswordFile = mkOption { + type = types.str; + default = "/etc/gitea_db_pwd"; + description = "The file containing the database password. Be sure to secure it."; + }; }; config = { @@ -38,8 +43,7 @@ in services.gitea.lfs.enable = true; services.gitea.domain = cfg.domain; # services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance - services.gitea.database.passwordFile = "/var/lib/gitea/gitea-dbpassword"; - networking.firewall.allowedTCPPorts = [ 3000 ]; + services.gitea.database.passwordFile = cfg.dbPasswordFile; environment.systemPackages = with pkgs; [ gitea ]; @@ -58,4 +62,29 @@ in }; }; }; + + security.acme.acceptTerms = true; + security.acme.defaults.email = cfgBase.admin_email; + services.nginx = { + enable = true; + virtualHosts = { + "${cfg.domain}" = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:3000"; + extraConfig = '' + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Host $host; + proxy_pass_request_headers on; + ''; + }; + }; + }; + }; + networking.firewall.allowedTCPPorts = [ 80 443 ]; }