Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
cb01ec7e4c540d82dddde4e6fd720dfaea00eb0b
nixos/hosts/fw.cloonar.com/modules/gitea.nix
Dominik Polakovics cb01ec7e4c change unbound
2023-12-04 15:22:32 +01:00

88 lines
2.3 KiB
Nix
Raw Blame History

{ config, ... }:
let
domain = "git.cloonar.com";
ip = "10.42.97.3";
in
{
users.users.gitea = {
isSystemUser = true;
uid = 990;
group = "gitea";
home = "/var/lib/gitea";
createHome = true;
};
users.groups.gitea = {
gid = 989;
};
containers.gitea = {
autoStart = true;
ephemeral = true;
macvlans = [ "vserver" ];
bindMounts = {
"/var/lib/gitea" = {
hostPath = "/var/lib/gitea/";
isReadOnly = false;
};
};
bindMounts = {
"/var/lib/acme/gitea/" = {
hostPath = "${config.security.acme.certs.${domain}.directory}";
isReadOnly = true;
};
};
config = { lib, config, pkgs, ... }: {
networking = {
hostName = "gitea";
interfaces.mv-vserver = {
useDHCP = true;
};
firewall = {
enable = true;
allowedTCPPorts = [ 22 80 443 ];
};
};
# services.nginx.enable = true;
# services.nginx.virtualHosts."${domain}" = {
# sslCertificate = "/var/lib/acme/gitea/fullchain.pem";
# sslCertificateKey = "/var/lib/acme/gitea/key.pem";
# sslTrustedCertificate = "/var/lib/acme/gitea/chain.pem";
# forceSSL = true;
# locations."/" = {
# proxyPass = "http://localhost:3001/";
# };
# };
#
# nixpkgs.config.permittedInsecurePackages = [
# "gitea-1.19.4"
# ];
#
# services.gitea = {
# enable = true;
# appName = "Cloonar Gitea server"; # Give the site a name
# settings = {
# server = {
# ROOT_URL = "https://${domain}/";
# HTTP_PORT = 3001;
# DOMAIN = domain;
# };
# openid = {
# ENABLE_OPENID_SIGNIN = false;
# ENABLE_OPENID_SIGNUP = true;
# WHITELISTED_URIS = "auth.example.com";
# };
# service = {
# DISABLE_REGISTRATION = false;
# ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
# SHOW_REGISTRATION_BUTTON = false;
# };
# webhook.ALLOWED_HOST_LIST = "drone.cloonar.com";
# };
# };
#
system.stateVersion = "23.05";
};
};
}
Reference in New Issue View Git Blame Copy Permalink