2021-03-01 15:27:18 +01:00
|
|
|
{ config, lib, pkgs, ... }:
|
2021-02-21 13:04:36 +01:00
|
|
|
let
|
|
|
|
cfg = config.services.gitea;
|
|
|
|
in
|
|
|
|
{
|
2021-03-01 15:27:18 +01:00
|
|
|
sops.secrets.gitea-mail = {
|
|
|
|
owner = cfg.user;
|
|
|
|
sopsFile = ../secrets.yaml;
|
|
|
|
};
|
|
|
|
systemd.services.gitea.serviceConfig.SupplementaryGroups = lib.singleton "keys";
|
2021-02-21 13:04:36 +01:00
|
|
|
|
|
|
|
services.gitea = {
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
rootUrl = "https://git.sbruder.de/";
|
|
|
|
appName = "sbrudergit";
|
|
|
|
cookieSecure = true;
|
|
|
|
log.level = "Warn";
|
|
|
|
lfs = {
|
|
|
|
enable = true;
|
|
|
|
contentDir = "/data/gitea/lfs/";
|
|
|
|
};
|
|
|
|
enableUnixSocket = true;
|
|
|
|
ssh = {
|
|
|
|
clonePort = 2022;
|
|
|
|
};
|
|
|
|
database.type = "postgres";
|
2021-03-01 15:27:18 +01:00
|
|
|
mailerPasswordFile = config.sops.secrets.gitea-mail.path;
|
2021-02-21 13:04:36 +01:00
|
|
|
settings = {
|
|
|
|
mailer = {
|
|
|
|
ENABLED = true;
|
|
|
|
HOST = "vueko.sbruder.de:587";
|
|
|
|
FROM = "gitea@sbruder.de";
|
|
|
|
USER = "gitea@sbruder.de";
|
|
|
|
};
|
|
|
|
avatar = {
|
|
|
|
DISABLE_GRAVATAR = true;
|
|
|
|
};
|
|
|
|
server = {
|
|
|
|
# privacy
|
|
|
|
DISABLE_ROUTER_LOG = true;
|
|
|
|
OFFLINE_MODE = true;
|
|
|
|
|
|
|
|
# internal ssh server
|
|
|
|
BUILTIN_SSH_SERVER_USER = "git";
|
|
|
|
START_SSH_SERVER = true;
|
2021-04-04 11:18:34 +02:00
|
|
|
SSH_SERVER_HOST_KEYS = "ssh/gitea.ed25519,ssh/gitea.rsa";
|
2021-02-21 13:04:36 +01:00
|
|
|
};
|
|
|
|
service = {
|
|
|
|
DEFAULT_KEEP_EMAIL_PRIVATE = true;
|
|
|
|
ENABLE_NOTIFY_MAIL = true;
|
|
|
|
NO_REPLY_ADDRESS = "users.git.sbruder.de";
|
|
|
|
REGISTER_EMAIL_CONFIRM = true;
|
|
|
|
};
|
2021-04-19 14:35:42 +02:00
|
|
|
session = {
|
|
|
|
PROVIDER = "file";
|
|
|
|
};
|
2021-02-21 13:04:36 +01:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ cfg.ssh.clonePort ];
|
|
|
|
|
|
|
|
services.nginx.virtualHosts."git.sbruder.de" = {
|
|
|
|
enableACME = true;
|
|
|
|
forceSSL = true;
|
|
|
|
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://unix:/run/gitea/gitea.sock";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|