Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
bd9f1ce26037c0162767c7c1d0b366a0560c7912
nixos/hosts/fw.cloonar.com/modules/gitea.nix
Dominik Polakovics bd9f1ce260 many changes
2024-11-15 02:30:04 +01:00

127 lines
3.8 KiB
Nix
Raw Blame History

{ config, pkgs, ... }:
let
cids = import ../modules/staticids.nix;
domain = "git.cloonar.com";
user = {
isSystemUser = true;
uid = cids.uids.gitea;
group = "gitea";
home = "/var/lib/gitea";
createHome = true;
};
group = {
gid = cids.gids.gitea;
};
in
{
users.users.gitea = user;
users.groups.gitea = group;
security.acme.certs."${domain}" = {
group = "nginx";
};
containers.git = {
autoStart = true;
ephemeral = false; # because of ssh key
privateNetwork = true;
hostBridge = "server";
hostAddress = "10.42.97.1";
localAddress = "10.42.97.50/24";
bindMounts = {
"/var/lib/gitea" = {
hostPath = "/var/lib/gitea/";
isReadOnly = false;
};
"/var/lib/acme/gitea/" = {
hostPath = config.security.acme.certs.${domain}.directory;
isReadOnly = true;
};
"/run/secrets/gitea-mailer-password" = {
hostPath = config.sops.secrets.gitea-mailer-password.path;
};
};
config = { lib, config, pkgs, ... }: {
imports = [
../fleet.nix
];
environment.systemPackages = with pkgs; [
vim # my preferred editor
];
networking = {
hostName = "git";
useHostResolvConf = false;
defaultGateway = {
address = "10.42.96.1";
interface = "eth0";
};
firewall.enable = false;
nameservers = [ "10.42.97.1" ];
};
services.nginx.enable = true;
services.nginx.virtualHosts."${domain}" = {
sslCertificate = "/var/lib/acme/gitea/fullchain.pem";
sslCertificateKey = "/var/lib/acme/gitea/key.pem";
sslTrustedCertificate = "/var/lib/acme/gitea/chain.pem";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3001/";
};
};
services.gitea = {
enable = true;
appName = "Cloonar Gitea server"; # Give the site a name
mailerPasswordFile = "/run/secrets/gitea-mailer-password";
settings = {
server = {
ROOT_URL = "https://${domain}/";
HTTP_PORT = 3001;
DOMAIN = domain;
};
openid = {
ENABLE_OPENID_SIGNIN = false;
ENABLE_OPENID_SIGNUP = true;
WHITELISTED_URIS = "auth.cloonar.com";
};
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false;
};
mailer = {
ENABLED = true;
FROM = "Gitea Cloonar <gitea@cloonar.com>";
PROTOCOL = "smtp+starttls";
SMTP_ADDR = "mail.cloonar.com";
SMTP_PORT = 587;
USER = "gitea@cloonar.com";
};
actions.ENABLED=true;
};
};
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDN/2SAFm50kraB1fepAizox/QRXxB7WbqVbH+5OPalDT47VIJGNKOKhixQoqhABHxEoLxdf/C83wxlCVlPV9poLfDgVkA3Lyt5r3tSFQ6QjjOJAgchWamMsxxyGBedhKvhiEzcr/Lxytnoz3kjDG8fqQJwEpdqMmJoMUfyL2Rqp16u+FQ7d5aJtwO8EUqovhMaNO7rggjPpV/uMOg+tBxxmscliN7DLuP4EMTA/FwXVzcFNbOx3K9BdpMRAaSJt4SWcJO2cS2KHA5n/H+PQI7nz5KN3Yr/upJN5fROhi/SHvK39QOx12Pv7FCuWlc+oR68vLaoCKYhnkl3DnCfc7A7"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIRQuPqH5fdX3KEw7DXzWEdO3AlUn1oSmtJtHB71ICoH Generated By Termius"
];
users.users.gitea = user;
users.groups.gitea = group;
system.stateVersion = "23.05";
};
};
sops.secrets.gitea-runner = {};
sops.secrets.gitea-mailer-password = {
owner = "gitea";
restartUnits = [ "container@git.service" ];
};
}
Reference in New Issue View Git Blame Copy Permalink