mio-ops/profiles/gitea.nix

99 lines
3.1 KiB
Nix
Raw Normal View History

2019-09-06 06:50:59 +00:00
# NixOps configuration for the hosts running Gitea
2019-09-06 01:05:32 +00:00
{ config, pkgs, lib, ... }:
{
services.gitea = {
2021-11-16 04:57:23 +00:00
enable = true; # Enable Gitea
appName = "mcwhirter.io: Gitea Service"; # Give the site a name
2019-09-06 01:05:32 +00:00
database = {
2021-11-16 04:57:23 +00:00
type = "postgres"; # Database type
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
2019-09-06 01:05:32 +00:00
};
2021-04-26 22:47:04 +00:00
disableRegistration = true;
2021-11-16 04:57:23 +00:00
domain = "source.mcwhirter.io"; # Domain name
rootUrl = "https://source.mcwhirter.io/"; # Root web URL
httpPort = 3002; # Provided unique port
2021-01-21 01:35:44 +00:00
settings = let
2021-11-16 04:57:23 +00:00
docutils = pkgs.python37.withPackages (ps:
with ps; [
docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting
]);
2021-01-21 01:35:44 +00:00
in {
mailer = {
ENABLED = true;
FROM = "gitea@mcwhirter.io";
};
2021-11-16 04:57:23 +00:00
repository = { DEFAULT_BRANCH = "consensus"; };
service = { REGISTER_EMAIL_CONFIRM = true; };
2021-01-21 01:35:44 +00:00
"markup.restructuredtext" = {
ENABLED = true;
FILE_EXTENSIONS = ".rst";
RENDER_COMMAND = "${docutils}/bin/rst2html.py";
IS_INPUT_FILE = false;
};
2021-04-26 23:14:02 +00:00
ui = {
2021-11-16 04:57:23 +00:00
DEFAULT_THEME = "gitea"; # Set the default theme
2021-04-26 23:14:02 +00:00
};
2021-01-21 01:35:44 +00:00
};
2019-09-06 01:05:32 +00:00
};
services.postgresql = {
2021-11-16 04:57:23 +00:00
enable = true; # Ensure postgresql is enabled
2019-09-06 06:50:59 +00:00
authentication = ''
local gitea all ident map=gitea-users
'';
2021-11-16 04:57:23 +00:00
identMap = # Map the gitea user to postgresql
2019-09-06 01:05:32 +00:00
''
gitea-users gitea gitea
'';
2021-11-16 04:57:23 +00:00
ensureDatabases = [ "gitea" ]; # Ensure the database persists
ensureUsers = [{
name = "gitea"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist
"DATABASE gitea" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
};
}];
2019-09-06 01:05:32 +00:00
};
services.nginx = {
2021-11-16 04:57:23 +00:00
enable = true; # Enable Nginx
2019-09-06 01:05:32 +00:00
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
2021-11-16 04:57:23 +00:00
virtualHosts."source.mcwhirter.io" = { # Gitea hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea
2019-09-06 01:05:32 +00:00
};
2021-11-16 04:57:23 +00:00
virtualHosts."git.mcwhirter.io" = { # Hostname to be redirected
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
2019-12-09 05:06:08 +00:00
};
2021-11-16 04:57:23 +00:00
virtualHosts."code.mcwhirter.io" = { # Hostname to be redirected
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea
globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host
2019-12-09 05:06:08 +00:00
};
2019-09-06 01:05:32 +00:00
};
security.acme = {
acceptTerms = true;
certs = {
2021-11-16 04:57:23 +00:00
"code.mcwhirter.io".email = "craige@mcwhirter.io";
"git.mcwhirter.io".email = "craige@mcwhirter.io";
2019-09-06 01:05:32 +00:00
"source.mcwhirter.io".email = "craige@mcwhirter.io";
};
2019-09-06 01:05:32 +00:00
};
2021-11-16 04:57:23 +00:00
users.groups.keys.members = [ "gitea" ]; # Required due to NixOps issue #1204
2019-10-18 05:50:11 +00:00
2019-09-06 01:05:32 +00:00
}