diff --git a/hosts/fw.cloonar.com/modules/gitea.nix b/hosts/fw.cloonar.com/modules/gitea.nix index 357f40a..2dea3f4 100644 --- a/hosts/fw.cloonar.com/modules/gitea.nix +++ b/hosts/fw.cloonar.com/modules/gitea.nix @@ -1,36 +1,66 @@ { config, ... }: let domain = "git.cloonar.com"; + ip = "10.42.97.3"; in { services.nginx.virtualHosts."${domain}" = { enableACME = true; forceSSL = true; locations."/" = { - proxyPass = "http://localhost:3001/"; + proxySetHeader = "Host ${domain}"; + proxyPass = "https://${ip}:443/"; }; }; - services.gitea = { - enable = true; - appName = "Cloonar Gitea server"; # Give the site a name - settings = { - server = { - ROOT_URL = "https://${domain}/"; - HTTP_PORT = 3001; - DOMAIN = domain; + environment.etc."gitea/app.ini".text = '' + APP_NAME = Cloonar Gitea server + RUN_MODE = prod + + [cron.update_checker] + ENABLED=false + + [database] + DB_TYPE=sqlite3 + + [openid] + ENABLE_OPENID_SIGNIN=false + ENABLE_OPENID_SIGNUP=true + WHITELISTED_URIS=auth.cloonar.com + + [server] + DISABLE_SSH=false + DOMAIN=git.cloonar.com + HTTP_ADDR=0.0.0.0 + HTTP_PORT=443 + PROTOCOL=https + ROOT_URL=https://git.cloonar.com/ + SSH_PORT=22 + CERT_FILE=/bitnami/gitea/ssl/fullchain.pem + KEY_FILE=/binami/gitea/ssl/key.pem + + [service] + ALLOW_ONLY_EXTERNAL_REGISTRATION=true + DISABLE_REGISTRATION=false + SHOW_REGISTRATION_BUTTON=false + + [webhook] + ALLOWED_HOST_LIST=drone.cloonar.com + ''; + + virtualisation = { + oci-containers.containers = { + gitea = { + image = "bitnami/gitea:1"; + volumes = [ + "/var/lib/gitea:/bitnami/gitea" + "/etc/gitea/app.ini:/bitnami/gitea/custom/conf/app.ini:ro" + "/var/lib/acme/git.cloonar.com:/bitnami/gitea/ssl:ro" + ]; + extraOptions = [ + "--ip=${ip}" + ]; }; - openid = { - ENABLE_OPENID_SIGNIN = false; - ENABLE_OPENID_SIGNUP = true; - WHITELISTED_URIS = "auth.example.com"; - }; - service = { - DISABLE_REGISTRATION = false; - ALLOW_ONLY_EXTERNAL_REGISTRATION = true; - SHOW_REGISTRATION_BUTTON = false; - }; - webhook.ALLOWED_HOST_LIST = "drone.cloonar.com"; }; }; }