dotfiles/nixos/boxes/vpsfree1/gitea.nix

141 lines
3.4 KiB
Nix
Raw Normal View History

2023-08-13 17:00:41 +01:00
{
config,
pkgs,
inputs,
lib,
system,
...
}: let
2023-07-23 08:14:38 +01:00
unstable = inputs.nixpkgs-nixos-unstable;
package = unstable.legacyPackages."${system}".gitea;
2022-10-25 21:23:22 +01:00
httpPort = 8083;
sshPort = 22;
2022-10-25 21:23:22 +01:00
domain = "git.cyplo.dev";
2022-12-04 00:07:26 +00:00
emailDomain = "peninsula.industries";
2022-10-25 21:23:22 +01:00
baseurl = "https://${domain}";
path = "/var/lib/gitea";
2022-12-04 00:07:26 +00:00
mailgunSmtpSecretName = "gitea-mailgun-smtp-password";
mailgunSmtpPasswordPath = "/run/secrets/${mailgunSmtpSecretName}";
uid = 2051;
gid = 3051;
systemUserName = "gitea";
systemGroupName = "gitea";
users = {
users."${systemUserName}" = {
inherit uid;
isSystemUser = true;
isNormalUser = false;
group = systemGroupName;
};
groups."${systemGroupName}" = {
inherit gid;
2023-08-13 17:00:41 +01:00
members = ["${systemUserName}" "nginx"];
2022-12-04 00:07:26 +00:00
};
};
2022-10-25 21:23:22 +01:00
in {
2023-08-13 17:00:41 +01:00
imports = [../nginx.nix];
2022-10-25 21:23:22 +01:00
2022-12-04 00:07:26 +00:00
inherit users;
2023-08-13 17:00:41 +01:00
boot.kernel.sysctl = {"net.ipv4.ip_unprivileged_port_start" = 0;};
systemd.services.systemd-sysctl.enable = lib.mkForce true;
2023-08-13 17:00:41 +01:00
networking.firewall.allowedTCPPorts = [sshPort];
2022-10-25 21:23:22 +01:00
services.nginx = {
virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:" + toString httpPort;
2022-10-25 21:23:22 +01:00
};
};
};
};
2022-12-04 00:07:26 +00:00
sops.secrets."${mailgunSmtpSecretName}" = {
sopsFile = ./mailgun.sops.yaml;
path = mailgunSmtpPasswordPath;
owner = systemUserName;
group = systemGroupName;
};
2023-07-23 08:14:38 +01:00
containers.gitea = {
2022-10-25 21:23:22 +01:00
autoStart = true;
forwardPorts = [
{
2022-11-08 17:06:20 +00:00
inherit httpPort;
2022-10-25 21:23:22 +01:00
containerPort = httpPort;
}
{
containerPort = sshPort;
hostPort = sshPort;
2022-10-25 21:23:22 +01:00
}
];
bindMounts = {
"${path}" = {
hostPath = "${path}";
isReadOnly = false;
};
2022-12-04 00:07:26 +00:00
"${mailgunSmtpPasswordPath}" = {
hostPath = "${mailgunSmtpPasswordPath}";
isReadOnly = true;
};
2022-10-25 21:23:22 +01:00
};
2023-08-13 17:00:41 +01:00
config = {
config,
pkgs,
lib,
...
}: {
2023-07-06 22:41:43 +01:00
system.stateVersion = "23.05";
2023-08-13 17:00:41 +01:00
users =
users
// {
mutableUsers = false;
allowNoPasswordLogin = true;
};
disabledModules = ["services/misc/gitea.nix"];
imports = ["${unstable}/nixos/modules/services/misc/gitea.nix"];
2022-10-25 21:23:22 +01:00
services.gitea = {
enable = true;
2023-07-23 08:14:38 +01:00
inherit package;
2022-10-25 21:23:22 +01:00
stateDir = path;
2022-12-04 00:07:26 +00:00
user = systemUserName;
mailerPasswordFile = mailgunSmtpPasswordPath;
lfs.enable = true;
settings = {
2022-12-02 20:35:46 +00:00
service.DISABLE_REGISTRATION = true;
security.INSTALL_LOCK = true;
oauth2.ENABLE = false;
log.LEVEL = "Info";
2023-06-01 22:10:18 +01:00
actions.ENABLED = true;
2023-04-17 17:03:34 +01:00
"markup.mermaid" = {
ENABLED = true;
FILE_EXTENSIONS = ".md";
2023-08-13 17:00:41 +01:00
RENDER_COMMAND = "${pkgs.asciidoc-full}/bin/asciidoc --out-file=- -";
2023-04-17 17:03:34 +01:00
IS_INPUT_FILE = false;
};
server = {
ROOT_URL = baseurl;
DOMAIN = domain;
START_SSH_SERVER = true;
SSH_PORT = sshPort;
HTTP_PORT = httpPort;
SSH_LISTEN_PORT = sshPort;
DISABLE_SSH = false;
};
2022-12-04 00:07:26 +00:00
mailer = {
ENABLED = true;
FROM = "git.cyplo.dev <gitea@${emailDomain}>";
MAILER_TYPE = "smtp";
HOST = "smtp.eu.mailgun.org:465";
IS_TLS_ENABLED = true;
USER = "postmaster@${emailDomain}";
};
2022-10-25 21:23:22 +01:00
};
};
};
};
}