update gitea config

This commit is contained in:
Histausse 2023-04-19 23:24:14 +02:00
parent bdca8e626c
commit f10dd47c67

View file

@ -25,6 +25,11 @@ in
}; };
description= "The package for custom configs like theme."; description= "The package for custom configs like theme.";
}; };
dbPasswordFile = mkOption {
type = types.str;
default = "/etc/gitea_db_pwd";
description = "The file containing the database password. Be sure to secure it.";
};
}; };
config = { config = {
@ -38,8 +43,7 @@ in
services.gitea.lfs.enable = true; services.gitea.lfs.enable = true;
services.gitea.domain = cfg.domain; services.gitea.domain = cfg.domain;
# services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance # services.gitea.database.type = "postgres"; # Default is sqlite3, probably better for a small instance
services.gitea.database.passwordFile = "/var/lib/gitea/gitea-dbpassword"; services.gitea.database.passwordFile = cfg.dbPasswordFile;
networking.firewall.allowedTCPPorts = [ 3000 ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gitea gitea
]; ];
@ -58,4 +62,29 @@ in
}; };
}; };
}; };
security.acme.acceptTerms = true;
security.acme.defaults.email = cfgBase.admin_email;
services.nginx = {
enable = true;
virtualHosts = {
"${cfg.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
extraConfig = ''
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_pass_request_headers on;
'';
};
};
};
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
} }