Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

host gitea on firewall

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2023-12-02 00:10:36 +01:00
parent c8c72bcb0c
commit 13aa3b6dc1
1 changed files with 20 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

79
hosts/fw.cloonar.com/modules/gitea.nix
View File

@@ -1,74 +1,35 @@
{ config, ... }: { config, ... }:
let let
domain = "git.cloonar.com"; domain = "git.cloonar.com";
ip = "10.42.97.3";
in in
{
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
proxyPass = "https://${ip}/"; proxyPass = "http://localhost:3001/";
}; };
}; };
users.users.gitea = { services.gitea = {
isSystemUser = true; enable = true;
group = "gitea"; appName = "Cloonar Gitea server"; # Give the site a name
home = "/var/lib/gitea"; settings = {
createHome = true; server = {
}; ROOT_URL = "https://${domain}/";
users.groups.gitea = { }; HTTP_PORT = 3001;
users.groups.docker.members = [ "gitea" ]; DOMAIN = domain;
environment.etc."gitea/app.ini".text = ''
APP_NAME = Cloonar Gitea server
RUN_USER = gitea
RUN_MODE = prod
[cron.update_checker]
ENABLED=false
[openid]
ENABLE_OPENID_SIGNIN=false
ENABLE_OPENID_SIGNUP=true
WHITELISTED_URIS=auth.cloonar.com
[server]
DISABLE_SSH=false
DOMAIN=git.cloonar.com
HTTP_ADDR=0.0.0.0
HTTP_PORT=443
PROTOCOL=https
ROOT_URL=https://git.cloonar.com/
SSH_PORT=22
CERT_FILE=/bitnami/gitea/ssl/fullchain.pem
KEY_FILE=/bitnami/gitea/ssl/key.pem
[service]
ALLOW_ONLY_EXTERNAL_REGISTRATION=true
DISABLE_REGISTRATION=false
SHOW_REGISTRATION_BUTTON=false
[webhook]
ALLOWED_HOST_LIST=drone.cloonar.com
'';
# TODO: check if we can run docker service as other user than root
virtualisation = {
oci-containers.containers = {
gitea = {
image = "bitnami/gitea:1";
volumes = [
"/var/lib/gitea:/bitnami/gitea"
"/etc/gitea/app.ini:/bitnami/gitea/custom/conf/app.ini:ro"
"/var/lib/acme/git.cloonar.com:/bitnami/gitea/ssl:ro"
];
extraOptions = [
"--ip=${ip}"
];
}; };
openid = {
ENABLE_OPENID_SIGNIN = false;
ENABLE_OPENID_SIGNUP = true;
WHITELISTED_URIS = "auth.example.com";
};
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false;
};
webhook.ALLOWED_HOST_LIST = "drone.cloonar.com";
}; };
}; };
} }