From 9c92bef2d9d5992cff5b46619dc2c1fbf3b3c2ff Mon Sep 17 00:00:00 2001
From: Craige McWhirter <craige@mcwhirter.io>
Date: Fri, 6 Sep 2019 11:05:32 +1000
Subject: [PATCH] Init of gitea deployment

---
 Deployments/gitea.nix | 63 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)
 create mode 100644 Deployments/gitea.nix

diff --git a/Deployments/gitea.nix b/Deployments/gitea.nix
new file mode 100644
index 0000000..7e96017
--- /dev/null
+++ b/Deployments/gitea.nix
@@ -0,0 +1,63 @@
+# NixOps configuration for the VMs running Gitea
+
+{ config, pkgs, lib, ... }:
+
+{
+
+  services.gitea = {
+    enable = true;                              # Enable Gitea
+    appName = "mcwhirter.io: Gitea Service";    # Give the site a name
+    database = {
+      type = "postgres";                        # Database type
+      password = "gitea";                       # Set the password
+    };
+    domain = "source.mcwhirter.io";             # Domain name
+    rootUrl = "https://source.mcwhirter.io/";   # Root web URL
+    httpPort = 3001;                            # Provided unique port
+    extraConfig = ''
+      [mailer]
+      ENABLED = true
+      FROM = "gitea@mcwhirter.io"
+      [service]
+      REGISTER_EMAIL_CONFIRM = true
+      [markup.restructuredtext]
+      ENABLED = true
+      FILE_EXTENSIONS = .rst
+      RENDER_COMMAND = /run/current-system/sw/bin/rst2html.py
+      IS_INPUT_FILE = false
+    '';
+  };
+
+  services.postgresql = {
+    enable = true;                # Ensure postgresql is enabled
+    identMap =                    # Map the gitea user to postgresql
+      ''
+        gitea-users gitea gitea
+      '';
+  };
+
+  services.nginx = {
+    enable = true;                                          # Enable Nginx
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."source.mcwhirter.io" = {                  # Gitea hostname
+      enableACME = true;                                    # Use ACME certs
+      forceSSL = true;                                      # Force SSL
+      locations."/".proxyPass = "http://localhost:3001/";   # Proxy Gitea
+    };
+  };
+
+  security.acme.certs = {
+      "source.mcwhirter.io".email = "craige@mcwhirter.io";
+  };
+
+  environment.systemPackages = with pkgs; [
+    ((python37.withPackages (ps: with ps; [
+      docutils                    # Provides rendering of ReStructured Text files
+      pygments                    # Provides syntax highlighting
+    ])).override({}))
+  ];
+
+}