haccfiles/services/gitea.nix

125 lines
3.5 KiB
Nix
Raw Normal View History

2022-07-09 17:36:24 +00:00
{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }:
{
containers.gitea = {
privateNetwork = true;
hostAddress = "192.168.100.1";
localAddress = "192.168.100.10";
autoStart = true;
bindMounts = {
"/persist" = {
hostPath = "/persist/containers/gitea";
isReadOnly = false;
};
};
path = (evalConfig {
hosts = { };
groups = { };
} ({ config, lib, pkgs, profiles, modules, sources, ... }: {
boot.isContainer = true;
networking.useDHCP = false;
users.users.root.hashedPassword = "";
2022-11-13 19:18:26 +00:00
system.stateVersion = "21.11";
2022-07-09 17:36:24 +00:00
imports = [ sources.nix-hexchen.nixosModules.profiles.nopersist ];
2022-07-09 17:36:24 +00:00
environment.systemPackages = [ pkgs.gitea ];
2022-08-01 16:39:46 +00:00
hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea";
2022-07-09 17:36:24 +00:00
nixpkgs.config.allowUnfree = true;
networking.firewall.enable = false;
networking.defaultGateway = {
address = "192.168.100.1";
interface = "eth0";
};
services.coredns = {
enable = true;
config = ''
.:53 {
forward . 1.1.1.1
}
'';
};
services.gitea = {
enable = true;
appName = "0x0: git for all creatures";
rootUrl = "https://git.infra4future.de/";
httpAddress = "0.0.0.0";
httpPort = 3000;
lfs.enable = true;
database.type = "postgres";
2022-07-09 17:39:40 +00:00
settings = {
repository = {
DEFAULT_PRIVATE = "public";
PREFERRED_LICENSES = "Unlicense";
DEFAULT_BRANCH = "main";
};
oauth2_client = {
ACCOUNT_LINKING = "auto";
ENABLE_AUTO_REGISTRATION = true;
};
2022-07-09 17:39:40 +00:00
"repository.pull-requests" = {
DEFAULT_MERGE_STYLE = "merge";
DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = true;
};
"repository.upload".FILE_MAX_SIZE = 1024;
server = {
LANDING_PAGE = "explore";
2022-07-22 16:50:00 +00:00
OFFLINE_MODE = true;
2022-07-09 17:39:40 +00:00
};
security = { INSTALL_LOCK = true; };
other = {
SHOW_FOOTER_VERSION = false;
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
};
cron = {
ENABLED = true;
NOTICE_ON_SUCCESS = true;
};
"cron.update_mirrors" = {
SCHEDULE = "@every 12h";
PULL_LIMIT = "-1";
PUSH_LIMIT = "-1";
};
"cron.git_gc_repos".ENABLED = true;
"cron.delete_old_actions".ENABLED = true;
log.LEVEL = "Info";
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
2022-07-09 17:36:24 +00:00
};
};
services.postgresqlBackup = {
enable = true;
databases = [ "gitea" ];
startAt = "*-*-* 23:45:00";
location = "/persist/backups/postgres";
};
services.openssh = {
enable = true;
passwordAuthentication = false;
listenAddresses = [ {
addr = "192.168.100.10";
port = 22;
} ];
extraConfig = ''
AcceptEnv GIT_PROTOCOL
'';
};
2022-07-09 17:36:24 +00:00
})).config.system.build.toplevel;
};
services.nginx.virtualHosts."git.infra4future.de" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://${config.containers.gitea.localAddress}:3000";
};
};
hexchen.nftables.nat.forwardPorts = [{
ports = [ 22 ];
destination = "${config.containers.gitea.localAddress}:22";
proto = "tcp";
}];
2022-07-09 17:36:24 +00:00
}