From ee9f5da83a83d4d5833ab79c3d0bf87c78246c6e Mon Sep 17 00:00:00 2001
From: Craige McWhirter <craige@mcwhirter.io>
Date: Wed, 16 Oct 2019 01:12:08 +1000
Subject: [PATCH] Added gitea_home

---
 Deployments/gitea_home.nix | 74 ++++++++++++++++++++++++++++++++++++++
 Hosts/pi-tri.nix           | 10 ++++++
 2 files changed, 84 insertions(+)
 create mode 100644 Deployments/gitea_home.nix

diff --git a/Deployments/gitea_home.nix b/Deployments/gitea_home.nix
new file mode 100644
index 0000000..71d4b66
--- /dev/null
+++ b/Deployments/gitea_home.nix
@@ -0,0 +1,74 @@
+# NixOps configuration for the hosts running Gitea
+
+{ config, pkgs, lib, ... }:
+
+{
+
+  services.gitea = {
+    enable = true;                                   # Enable Gitea
+    appName = "taigh,mcwhirter.io: Gitea Service";   # Give the site a name
+    database = {
+      type = "postgres";                             # Database type
+      passwordFile = "/run/keys/gitea-dbpass";       # Where to find the password
+    };
+    domain = "source.taigh.mcwhirter.io";            # Domain name
+    rootUrl = "http://source.taigh.mcwhirter.io/";   # Root web URL
+    httpPort = 3001;                                 # Provided unique port
+    extraConfig = let
+      docutils =
+        pkgs.python37.withPackages (ps: with ps; [
+          docutils                               # Provides rendering of ReStructured Text files
+          pygments                               # Provides syntax highlighting
+      ]);
+    in ''
+      [mailer]
+      ENABLED = true
+      FROM = "gitea@mcwhirter.io"
+      [service]
+      REGISTER_EMAIL_CONFIRM = true
+      [markup.restructuredtext]
+      ENABLED = true
+      FILE_EXTENSIONS = .rst
+      RENDER_COMMAND = ${docutils}/bin/rst2html.py
+      IS_INPUT_FILE = false
+    '';
+  };
+
+  services.postgresql = {
+    enable = true;                # Ensure postgresql is enabled
+    authentication = ''
+      local gitea all ident map=gitea-users
+    '';
+    identMap =                    # Map the gitea user to postgresql
+      ''
+        gitea-users gitea gitea
+      '';
+  };
+
+  services.nginx = {
+    enable = true;                                          # Enable Nginx
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    #recommendedTlsSettings = true;
+    virtualHosts."source.taigh.mcwhirter.io" = {            # Gitea hostname
+      #enableACME = true;                                    # Use ACME certs
+      #forceSSL = true;                                      # Force SSL
+      locations."/".proxyPass = "http://localhost:3001/";   # Proxy Gitea
+    };
+  };
+
+  # Configure firewall defaults:
+  networking = {
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 ];
+      trustedInterfaces = [ "lo" ];
+    };
+  };
+
+  #security.acme.certs = {
+  #    "source.mcwhirter.io".email = "craige@mcwhirter.io";
+  #};
+
+}
diff --git a/Hosts/pi-tri.nix b/Hosts/pi-tri.nix
index b8dc8fa..d9ae4d7 100644
--- a/Hosts/pi-tri.nix
+++ b/Hosts/pi-tri.nix
@@ -5,8 +5,18 @@
     { config, pkgs, lib, ... }:
 
     {
+      imports = [
+        ../Deployments/gitea_home.nix
+        ../Secrets/gitea_home.nix
+      ];
       deployment.targetHost = "10.69.0.203";
 
       networking.hostName = "pi-tri";      # Define your hostname.
+
+      environment.systemPackages = with pkgs; [
+        gnupg                 # GPL OpenPGP implementation
+        nix-zsh-completions   # ZSH completions for Nix, NixOS, and NixOps
+        nixops                # NixOS cloud provisioning and deployment tool
+      ];
     };
 }