depot/hosts/VEGAS/services/git/default.nix

59 lines
1.3 KiB
Nix
Raw Normal View History

2021-10-16 20:35:50 +03:00
{ config, lib, tools, ... }:
with tools.nginx;
let
inherit (tools.meta) domain;
in
{
2021-11-29 02:38:59 +02:00
reservePortsFor = [ "gitea" ];
2021-10-16 20:35:50 +03:00
age.secrets = {
giteaDBPassword = {
file = ../../../../secrets/gitea-db-credentials.age;
owner = "git";
group = "gitea";
mode = "0400";
};
};
services.nginx.virtualHosts = mappers.mapSubdomains {
2021-11-29 02:38:59 +02:00
git = vhosts.proxy "http://127.0.0.1:${config.portsStr.gitea}";
2021-10-16 20:35:50 +03:00
};
services.gitea = {
enable = true;
appName = "Private Void Gitea";
2021-11-29 02:38:59 +02:00
httpPort = config.ports.gitea;
2021-10-16 20:35:50 +03:00
domain = "git";
rootUrl = "https://git.${domain}";
disableRegistration = true;
# TODO: re-enable securely
ssh.enable = false;
user = "git";
log.level = "Warn";
database = {
createDatabase = false;
type = "postgres";
host = "127.0.0.1";
port = 5432;
name = "gitea";
user = "gitea";
passwordFile = config.age.secrets.giteaDBPassword.path;
};
2021-10-16 16:03:59 +03:00
# TODO: integrate branding content (css, images) into system closure
settings.ui = {
DEFAULT_THEME = "void";
THEMES = "void";
};
2021-10-16 20:35:50 +03:00
};
users.users.git = {
description = "Git Service";
home = config.services.gitea.stateDir;
useDefaultShell = true;
group = "gitea";
isSystemUser = true;
};
}