host gitea on firewall

2023-12-02 00:10:36 +01:00
parent c8c72bcb0c
commit 13aa3b6dc1
1 changed files with 20 additions and 59 deletions
--- a/hosts/fw.cloonar.com/modules/gitea.nix
+++ b/hosts/fw.cloonar.com/modules/gitea.nix
@@ -1,74 +1,35 @@
 { config, ... }:
 let
  domain = "git.cloonar.com";
-  ip = "10.42.97.3";
 in
-{
  services.nginx.virtualHosts."${domain}" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
-      proxyPass = "https://${ip}/";
+      proxyPass = "http://localhost:3001/";
    };
  };

-  users.users.gitea = {
-    isSystemUser = true;
-    group = "gitea";
-    home = "/var/lib/gitea";
-    createHome = true;
+  services.gitea = {
+    enable = true;
+    appName = "Cloonar Gitea server"; # Give the site a name
+    settings = {
+      server = {
+        ROOT_URL = "https://${domain}/";
+        HTTP_PORT = 3001;
+        DOMAIN = domain;
      };
-  users.groups.gitea = { };
-  users.groups.docker.members = [ "gitea" ];
-
-
-  environment.etc."gitea/app.ini".text = ''
-    APP_NAME = Cloonar Gitea server
-    RUN_USER = gitea
-    RUN_MODE = prod
-
-    [cron.update_checker]
-    ENABLED=false
-
-    [openid]
-    ENABLE_OPENID_SIGNIN=false
-    ENABLE_OPENID_SIGNUP=true
-    WHITELISTED_URIS=auth.cloonar.com
-
-    [server]
-    DISABLE_SSH=false
-    DOMAIN=git.cloonar.com
-    HTTP_ADDR=0.0.0.0
-    HTTP_PORT=443
-    PROTOCOL=https
-    ROOT_URL=https://git.cloonar.com/
-    SSH_PORT=22
-    CERT_FILE=/bitnami/gitea/ssl/fullchain.pem
-    KEY_FILE=/bitnami/gitea/ssl/key.pem
-
-    [service]
-    ALLOW_ONLY_EXTERNAL_REGISTRATION=true
-    DISABLE_REGISTRATION=false
-    SHOW_REGISTRATION_BUTTON=false
-
-    [webhook]
-    ALLOWED_HOST_LIST=drone.cloonar.com
-  '';
-
-  # TODO: check if we can run docker service as other user than root
-  virtualisation = {
-    oci-containers.containers = {
-      gitea = {
-        image = "bitnami/gitea:1";
-        volumes = [
-          "/var/lib/gitea:/bitnami/gitea"
-          "/etc/gitea/app.ini:/bitnami/gitea/custom/conf/app.ini:ro"
-          "/var/lib/acme/git.cloonar.com:/bitnami/gitea/ssl:ro"
-        ];
-        extraOptions = [
-          "--ip=${ip}"
-        ];
+      openid = {
+        ENABLE_OPENID_SIGNIN = false;
+        ENABLE_OPENID_SIGNUP = true;
+        WHITELISTED_URIS     = "auth.example.com";
      };
+      service = {
+        DISABLE_REGISTRATION                          = false;
+        ALLOW_ONLY_EXTERNAL_REGISTRATION              = true;
+        SHOW_REGISTRATION_BUTTON                      = false;
+      };
+      webhook.ALLOWED_HOST_LIST = "drone.cloonar.com";
    };
  };
 }