change unbound

2023-12-04 15:22:32 +01:00
parent 1dbba8eac6
commit cb01ec7e4c
2 changed files with 173 additions and 217 deletions
--- a/hosts/fw.cloonar.com/modules/gitea.nix
+++ b/hosts/fw.cloonar.com/modules/gitea.nix
@@ -15,87 +15,6 @@ in
  users.groups.gitea = {
    gid = 989;
  };
-  # services.nginx.virtualHosts."${domain}" = {
-  #   enableACME = true;
-  #   forceSSL = true;
-  #   locations."/" = {
-  #     proxyPass = "https://${ip}:443/";
-  #     extraConfig = ''
-  #       proxy_set_header=Host ${domain}
-  #     '';
-  #   };
-  # };
-  #
-  # environment.etc."gitea/app.ini".text = ''
-  #   APP_NAME = Cloonar Gitea server
-  #   RUN_MODE = prod
-  #
-  #   [cron.update_checker]
-  #   ENABLED=false
-  #
-  #   [database]
-  #   DB_TYPE=sqlite3
-  #   PATH=/bitnami/gitea/data/gitea.db
-  #
-  #   [openid]
-  #   ENABLE_OPENID_SIGNIN=false
-  #   ENABLE_OPENID_SIGNUP=true
-  #   WHITELISTED_URIS=auth.cloonar.com
-  #
-  #   [server]
-  #   DISABLE_SSH=false
-  #   DOMAIN=git.cloonar.com
-  #   HTTP_ADDR=0.0.0.0
-  #   HTTP_PORT=443
-  #   PROTOCOL=https
-  #   ROOT_URL=https://git.cloonar.com/
-  #   SSH_PORT=22
-  #   CERT_FILE=/ssl/fullchain.pem
-  #   KEY_FILE=/ssl/key.pem
-  #
-  #   [service]
-  #   ALLOW_ONLY_EXTERNAL_REGISTRATION=true
-  #   DISABLE_REGISTRATION=false
-  #   SHOW_REGISTRATION_BUTTON=false
-  #
-  #   [webhook]
-  #   ALLOWED_HOST_LIST=drone.cloonar.com
-  # '';
-  #
-  # virtualisation = {
-  #   oci-containers.containers = {
-  #     gitea = {
-  #       image = "gitea/gitea:1";
-  #       volumes = [
-  #         "/var/lib/gitea:/data"
-  #         "/etc/gitea/app.ini:/data/custom/conf/app.ini:ro"
-  #         "/var/lib/acme/git.cloonar.com:/ssl:ro"
-  #       ];
-  #       environment = {
-  #         USER_UID = builtins.toString config.users.users.gitea.uid;
-  #         USER_GID = builtins.toString config.users.groups.gitea.gid;
-  #       };
-  #       extraOptions = [
-  #         "--ip=${ip}"
-  #       ];
-  #     };
-  #     gitea = {
-  #       image = "gitea/gitea:1";
-  #       volumes = [
-  #         "/var/lib/gitea:/data"
-  #         "/etc/gitea/app.ini:/data/custom/conf/app.ini:ro"
-  #         "/var/lib/acme/git.cloonar.com:/ssl:ro"
-  #       ];
-  #       environment = {
-  #         USER_UID = builtins.toString config.users.users.gitea.uid;
-  #         USER_GID = builtins.toString config.users.groups.gitea.gid;
-  #       };
-  #       extraOptions = [
-  #         "--ip=${ip}"
-  #       ];
-  #     };
-  #   };
-  # };

  containers.gitea = {
    autoStart = true;
@@ -107,12 +26,12 @@ in
        isReadOnly = false;
      };
    };
-    # bindMounts = {
-    #   "/var/lib/acme/gitea/" = {
-    #     hostPath = "${security.acme.certs.${domain}.directory}";
-    #     isReadOnly = true;
-    #   };
-    # };
+    bindMounts = {
+      "/var/lib/acme/gitea/" = {
+        hostPath = "${config.security.acme.certs.${domain}.directory}";
+        isReadOnly = true;
+      };
+    };
    config = { lib, config, pkgs, ... }: {
      networking = {
        hostName = "gitea";
@@ -124,8 +43,6 @@ in
          allowedTCPPorts = [ 22 80 443 ];
        };
      };
-      # services.resolved.enable = true;
-
      # services.nginx.enable = true;
      # services.nginx.virtualHosts."${domain}" = {
      #   sslCertificate = "/var/lib/acme/gitea/fullchain.pem";