{ config, ... }: let domain = "git.cloonar.com"; ip = "10.42.97.3"; in { users.users.gitea = { isSystemUser = true; uid = 990; group = "gitea"; home = "/var/lib/gitea"; createHome = true; }; users.groups.gitea = { gid = 989; }; security.acme.certs."${domain}" = { domain = "${domain}"; }; containers.gitea = { autoStart = true; ephemeral = true; macvlans = [ "vserver" ]; bindMounts = { "/var/lib/gitea" = { hostPath = "/var/lib/gitea/"; isReadOnly = false; }; }; bindMounts = { "/var/lib/acme/gitea/" = { hostPath = "${config.security.acme.certs.${domain}.directory}"; isReadOnly = true; }; }; config = { lib, config, pkgs, ... }: { networking = { hostName = "gitea"; interfaces.mv-vserver = { useDHCP = true; }; firewall = { enable = true; allowedTCPPorts = [ 22 80 443 ]; }; }; # services.nginx.enable = true; # services.nginx.virtualHosts."${domain}" = { # sslCertificate = "/var/lib/acme/gitea/fullchain.pem"; # sslCertificateKey = "/var/lib/acme/gitea/key.pem"; # sslTrustedCertificate = "/var/lib/acme/gitea/chain.pem"; # forceSSL = true; # locations."/" = { # proxyPass = "http://localhost:3001/"; # }; # }; # # nixpkgs.config.permittedInsecurePackages = [ # "gitea-1.19.4" # ]; # # services.gitea = { # enable = true; # appName = "Cloonar Gitea server"; # Give the site a name # settings = { # server = { # ROOT_URL = "https://${domain}/"; # HTTP_PORT = 3001; # DOMAIN = domain; # }; # openid = { # ENABLE_OPENID_SIGNIN = false; # ENABLE_OPENID_SIGNUP = true; # WHITELISTED_URIS = "auth.example.com"; # }; # service = { # DISABLE_REGISTRATION = false; # ALLOW_ONLY_EXTERNAL_REGISTRATION = true; # SHOW_REGISTRATION_BUTTON = false; # }; # webhook.ALLOWED_HOST_LIST = "drone.cloonar.com"; # }; # }; # system.stateVersion = "23.05"; }; }; }