mio-ops/profiles/gitea_home.nix

77 lines
2 KiB
Nix
Raw Normal View History

2019-10-15 15:12:08 +00:00
# NixOps configuration for the hosts running Gitea
{
2022-03-07 14:26:15 +00:00
config,
pkgs,
lib,
...
}: {
2019-10-15 15:12:08 +00:00
services.gitea = {
2021-11-16 04:57:23 +00:00
enable = true; # Enable Gitea
appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name
2019-10-15 15:12:08 +00:00
database = {
2021-11-16 04:57:23 +00:00
type = "postgres"; # Database type
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
2019-10-15 15:12:08 +00:00
};
2021-11-16 04:57:23 +00:00
domain = "source.taigh.mcwhirter.io"; # Domain name
rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL
httpPort = 3001; # Provided unique port
2019-10-15 15:12:08 +00:00
extraConfig = let
2021-11-16 04:57:23 +00:00
docutils = pkgs.python37.withPackages (ps:
with ps; [
docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting
]);
2019-10-15 15:12:08 +00:00
in ''
[mailer]
ENABLED = true
FROM = "gitea@mcwhirter.io"
[service]
REGISTER_EMAIL_CONFIRM = true
[markup.restructuredtext]
ENABLED = true
FILE_EXTENSIONS = .rst
RENDER_COMMAND = ${docutils}/bin/rst2html.py
IS_INPUT_FILE = false
'';
};
services.postgresql = {
2021-11-16 04:57:23 +00:00
enable = true; # Ensure postgresql is enabled
2019-10-15 15:12:08 +00:00
authentication = ''
local gitea all ident map=gitea-users
'';
2022-03-07 14:26:15 +00:00
identMap =
# Map the gitea user to postgresql
2019-10-15 15:12:08 +00:00
''
gitea-users gitea gitea
'';
};
services.nginx = {
2021-11-16 04:57:23 +00:00
enable = true; # Enable Nginx
2019-10-15 15:12:08 +00:00
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
#recommendedTlsSettings = true;
2022-03-07 14:26:15 +00:00
virtualHosts."source.taigh.mcwhirter.io" = {
# Gitea hostname
2019-10-15 15:12:08 +00:00
#enableACME = true; # Use ACME certs
#forceSSL = true; # Force SSL
2021-11-16 04:57:23 +00:00
locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea
2019-10-15 15:12:08 +00:00
};
};
# Configure firewall defaults:
networking = {
firewall = {
enable = true;
2022-03-07 14:26:15 +00:00
allowedTCPPorts = [80];
trustedInterfaces = ["lo"];
2019-10-15 15:12:08 +00:00
};
};
#security.acme.certs = {
# "source.mcwhirter.io".email = "craige@mcwhirter.io";
#};
}