{ config, lib, pkgs, profiles, modules, evalConfig, sources, ... }: { containers.gitea = { privateNetwork = true; hostAddress = "192.168.100.1"; localAddress = "192.168.100.10"; autoStart = true; bindMounts = { "/persist" = { hostPath = "/persist/containers/gitea"; isReadOnly = false; }; }; path = evalConfig ({ config, lib, pkgs, profiles, ... }: { system.stateVersion = "21.11"; imports = [ profiles.nopersist profiles.container ]; environment.systemPackages = [ pkgs.gitea ]; hexchen.bindmounts."/var/lib/gitea" = "/persist/gitea"; nixpkgs.config.allowUnfree = true; services.gitea = { enable = true; appName = "0x0: git for all creatures"; lfs.enable = true; database.type = "postgres"; settings = { repository = { DEFAULT_PRIVATE = "public"; PREFERRED_LICENSES = "Unlicense"; DEFAULT_BRANCH = "main"; }; oauth2_client = { ACCOUNT_LINKING = "auto"; ENABLE_AUTO_REGISTRATION = true; }; "repository.pull-requests" = { DEFAULT_MERGE_STYLE = "merge"; DEFAULT_MERGE_MESSAGE_ALL_AUTHORS = true; }; "repository.upload".FILE_MAX_SIZE = 1024; server = { LANDING_PAGE = "explore"; OFFLINE_MODE = true; ROOT_URL = "https://git.infra4future.de"; HTTP_PORT = 3000; HTTP_ADDR = "0.0.0.0"; }; security = { INSTALL_LOCK = true; }; other = { SHOW_FOOTER_VERSION = false; SHOW_FOOTER_TEMPLATE_LOAD_TIME = false; }; cron = { ENABLED = true; NOTICE_ON_SUCCESS = true; }; "cron.update_mirrors" = { SCHEDULE = "@every 12h"; PULL_LIMIT = "-1"; PUSH_LIMIT = "-1"; }; "cron.git_gc_repos".ENABLED = true; "cron.delete_old_actions".ENABLED = true; log.LEVEL = "Info"; service.DISABLE_REGISTRATION = true; session.COOKIE_SECURE = true; }; }; services.postgresqlBackup = { enable = true; databases = [ "gitea" ]; startAt = "*-*-* 23:45:00"; location = "/persist/backups/postgres"; }; services.openssh = { enable = true; listenAddresses = [ { addr = "192.168.100.10"; port = 22; } ]; settings = { PasswordAuthentication = false; AcceptEnv = "GIT_PROTOCOL"; }; }; }); }; services.nginx.virtualHosts."git.infra4future.de" = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://${config.containers.gitea.localAddress}:3000"; }; }; hexchen.nftables.nat.forwardPorts = [{ ports = [ 22 ]; destination = "${config.containers.gitea.localAddress}:22"; proto = "tcp"; }]; }