2021-10-16 20:35:50 +03:00
|
|
|
{ config, lib, tools, ... }:
|
|
|
|
with tools.nginx;
|
|
|
|
let
|
|
|
|
inherit (tools.meta) domain;
|
|
|
|
in
|
|
|
|
{
|
2021-11-29 02:38:59 +02:00
|
|
|
reservePortsFor = [ "gitea" ];
|
|
|
|
|
2021-10-16 20:35:50 +03:00
|
|
|
age.secrets = {
|
|
|
|
giteaDBPassword = {
|
|
|
|
file = ../../../../secrets/gitea-db-credentials.age;
|
|
|
|
owner = "git";
|
|
|
|
group = "gitea";
|
|
|
|
mode = "0400";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
services.nginx.virtualHosts = mappers.mapSubdomains {
|
2021-11-29 02:38:59 +02:00
|
|
|
git = vhosts.proxy "http://127.0.0.1:${config.portsStr.gitea}";
|
2021-10-16 20:35:50 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
services.gitea = {
|
|
|
|
enable = true;
|
|
|
|
appName = "Private Void Gitea";
|
2021-11-29 02:38:59 +02:00
|
|
|
httpPort = config.ports.gitea;
|
2021-10-16 20:35:50 +03:00
|
|
|
domain = "git";
|
|
|
|
rootUrl = "https://git.${domain}";
|
|
|
|
disableRegistration = true;
|
|
|
|
# TODO: re-enable securely
|
|
|
|
ssh.enable = false;
|
|
|
|
user = "git";
|
|
|
|
log.level = "Warn";
|
|
|
|
|
|
|
|
database = {
|
|
|
|
createDatabase = false;
|
|
|
|
type = "postgres";
|
|
|
|
host = "127.0.0.1";
|
|
|
|
port = 5432;
|
|
|
|
name = "gitea";
|
|
|
|
user = "gitea";
|
|
|
|
passwordFile = config.age.secrets.giteaDBPassword.path;
|
|
|
|
};
|
2021-10-16 16:03:59 +03:00
|
|
|
|
|
|
|
# TODO: integrate branding content (css, images) into system closure
|
|
|
|
settings.ui = {
|
|
|
|
DEFAULT_THEME = "void";
|
|
|
|
THEMES = "void";
|
|
|
|
};
|
2021-10-16 20:35:50 +03:00
|
|
|
};
|
|
|
|
|
|
|
|
users.users.git = {
|
|
|
|
description = "Git Service";
|
|
|
|
home = config.services.gitea.stateDir;
|
|
|
|
useDefaultShell = true;
|
|
|
|
group = "gitea";
|
|
|
|
isSystemUser = true;
|
|
|
|
};
|
|
|
|
}
|