mio-ops/roles/gitea.nix

# NixOps configuration for the hosts running Gitea

{ config, pkgs, lib, ... }:

{

  services.gitea = {
    enable = true;                               # Enable Gitea
    appName = "mcwhirter.io: Gitea Service";     # Give the site a name
    database = {
      type = "postgres";                         # Database type
      passwordFile = "/run/keys/gitea-dbpass";   # Where to find the password
    };
    domain = "source.mcwhirter.io";              # Domain name
    rootUrl = "https://source.mcwhirter.io/";    # Root web URL
    httpPort = 3002;                             # Provided unique port
    settings = let
      docutils =
        pkgs.python37.withPackages (ps: with ps; [
          docutils                               # Provides rendering of ReStructured Text files
          pygments                               # Provides syntax highlighting
      ]);
    in {
      mailer = {
        ENABLED = true;
        FROM = "gitea@mcwhirter.io";
      };
      service = {
        REGISTER_EMAIL_CONFIRM = true;
      };
      "markup.restructuredtext" = {
        ENABLED = true;
        FILE_EXTENSIONS = ".rst";
        RENDER_COMMAND = "${docutils}/bin/rst2html.py";
        IS_INPUT_FILE = false;
      };
    };
  };

  services.postgresql = {
    enable = true;                # Ensure postgresql is enabled
    authentication = ''
      local gitea all ident map=gitea-users
    '';
    identMap =                    # Map the gitea user to postgresql
      ''
        gitea-users gitea gitea
      '';
    ensureDatabases = [ "gitea" ];    # Ensure the database persists
    ensureUsers = [
      {
        name = "gitea";               # Ensure the database user persists
        ensurePermissions = {         # Ensure the database permissions persist
          "DATABASE gitea" = "ALL PRIVILEGES";
          "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
        };
      }
    ];
  };

  services.nginx = {
    enable = true;                                          # Enable Nginx
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts."source.mcwhirter.io" = {                  # Gitea hostname
      enableACME = true;                                    # Use ACME certs
      forceSSL = true;                                      # Force SSL
      locations."/".proxyPass = "http://localhost:3002/";   # Proxy Gitea
    };
    virtualHosts."git.mcwhirter.io" = {                     # Hostname to be redirected
      enableACME = true;                                    # Use ACME certs
      forceSSL = true;                                      # Force SSL
      locations."/".proxyPass = "http://localhost:3002/";   # Proxy Gitea
      globalRedirect = "source.mcwhirter.io";               # Redirect permanently to the host
    };
    virtualHosts."code.mcwhirter.io" = {                    # Hostname to be redirected
      enableACME = true;                                    # Use ACME certs
      forceSSL = true;                                      # Force SSL
      locations."/".proxyPass = "http://localhost:3002/";   # Proxy Gitea
      globalRedirect = "source.mcwhirter.io";               # Redirect permanently to the host
    };
  };

  security.acme = {
    acceptTerms = true;
    certs = {
      "code.mcwhirter.io".email   = "craige@mcwhirter.io";
      "git.mcwhirter.io".email    = "craige@mcwhirter.io";
      "source.mcwhirter.io".email = "craige@mcwhirter.io";
    };
  };

  users.groups.keys.members = [ "gitea" ];   # Required due to NixOps issue #1204

}
Implemented secure passwords 2019-09-06 06:50:59 +00:00			`# NixOps configuration for the hosts running Gitea`
Init of gitea deployment 2019-09-06 01:05:32 +00:00
			`{ config, pkgs, lib, ... }:`

			`{`

			`services.gitea = {`
Implemented secure passwords 2019-09-06 06:50:59 +00:00			`enable = true; # Enable Gitea`
			`appName = "mcwhirter.io: Gitea Service"; # Give the site a name`
Init of gitea deployment 2019-09-06 01:05:32 +00:00			`database = {`
Implemented secure passwords 2019-09-06 06:50:59 +00:00			`type = "postgres"; # Database type`
			`passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password`
Init of gitea deployment 2019-09-06 01:05:32 +00:00			`};`
Implemented secure passwords 2019-09-06 06:50:59 +00:00			`domain = "source.mcwhirter.io"; # Domain name`
			`rootUrl = "https://source.mcwhirter.io/"; # Root web URL`
Shifted to port 3002 2020-08-10 11:32:34 +00:00			`httpPort = 3002; # Provided unique port`
gitea: Updated to using "settings". 2021-01-21 01:35:44 +00:00			`settings = let`
Implemented secure passwords 2019-09-06 06:50:59 +00:00			`docutils =`
			`pkgs.python37.withPackages (ps: with ps; [`
			`docutils # Provides rendering of ReStructured Text files`
			`pygments # Provides syntax highlighting`
			`]);`
gitea: Updated to using "settings". 2021-01-21 01:35:44 +00:00			`in {`
			`mailer = {`
			`ENABLED = true;`
			`FROM = "gitea@mcwhirter.io";`
			`};`
			`service = {`
			`REGISTER_EMAIL_CONFIRM = true;`
			`};`
			`"markup.restructuredtext" = {`
			`ENABLED = true;`
			`FILE_EXTENSIONS = ".rst";`
			`RENDER_COMMAND = "${docutils}/bin/rst2html.py";`
			`IS_INPUT_FILE = false;`
			`};`
			`};`
Init of gitea deployment 2019-09-06 01:05:32 +00:00			`};`

			`services.postgresql = {`
			`enable = true; # Ensure postgresql is enabled`
Implemented secure passwords 2019-09-06 06:50:59 +00:00			`authentication = ''`
			`local gitea all ident map=gitea-users`
			`'';`
Init of gitea deployment 2019-09-06 01:05:32 +00:00			`identMap = # Map the gitea user to postgresql`
			`''`
			`gitea-users gitea gitea`
			`'';`
Bumped to 20.03 2020-04-27 08:07:20 +00:00			`ensureDatabases = [ "gitea" ]; # Ensure the database persists`
			`ensureUsers = [`
			`{`
			`name = "gitea"; # Ensure the database user persists`
			`ensurePermissions = { # Ensure the database permissions persist`
			`"DATABASE gitea" = "ALL PRIVILEGES";`
Added database privileges 2020-05-04 08:56:22 +00:00			`"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";`
Bumped to 20.03 2020-04-27 08:07:20 +00:00			`};`
			`}`
			`];`
Init of gitea deployment 2019-09-06 01:05:32 +00:00			`};`

			`services.nginx = {`
			`enable = true; # Enable Nginx`
			`recommendedGzipSettings = true;`
			`recommendedOptimisation = true;`
			`recommendedProxySettings = true;`
			`recommendedTlsSettings = true;`
			`virtualHosts."source.mcwhirter.io" = { # Gitea hostname`
			`enableACME = true; # Use ACME certs`
			`forceSSL = true; # Force SSL`
Shifted to port 3002 2020-08-10 11:32:34 +00:00			`locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea`
Init of gitea deployment 2019-09-06 01:05:32 +00:00			`};`
Add redirections for old domains 2019-12-09 05:06:08 +00:00			`virtualHosts."git.mcwhirter.io" = { # Hostname to be redirected`
Added ACME terms and proxypass settings 2020-09-02 03:50:42 +00:00			`enableACME = true; # Use ACME certs`
			`forceSSL = true; # Force SSL`
			`locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea`
Add redirections for old domains 2019-12-09 05:06:08 +00:00			`globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host`
			`};`
			`virtualHosts."code.mcwhirter.io" = { # Hostname to be redirected`
Added ACME terms and proxypass settings 2020-09-02 03:50:42 +00:00			`enableACME = true; # Use ACME certs`
			`forceSSL = true; # Force SSL`
			`locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea`
Add redirections for old domains 2019-12-09 05:06:08 +00:00			`globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host`
			`};`
Init of gitea deployment 2019-09-06 01:05:32 +00:00			`};`

Added ACME terms and proxypass settings 2020-09-02 03:50:42 +00:00			`security.acme = {`
			`acceptTerms = true;`
			`certs = {`
			`"code.mcwhirter.io".email = "craige@mcwhirter.io";`
			`"git.mcwhirter.io".email = "craige@mcwhirter.io";`
Init of gitea deployment 2019-09-06 01:05:32 +00:00			`"source.mcwhirter.io".email = "craige@mcwhirter.io";`
Added ACME terms and proxypass settings 2020-09-02 03:50:42 +00:00			`};`
Init of gitea deployment 2019-09-06 01:05:32 +00:00			`};`

Added context comment 2019-10-18 05:53:29 +00:00			`users.groups.keys.members = [ "gitea" ]; # Required due to NixOps issue #1204`
Added gitea to keys group 2019-10-18 05:50:11 +00:00
Init of gitea deployment 2019-09-06 01:05:32 +00:00			`}`