Added gitea_home

2019-10-16 01:12:08 +10:00 · 2019-10-16 01:12:08 +10:00 · ee9f5da83a
parent 5d6b072190
commit ee9f5da83a
2 changed files with 84 additions and 0 deletions
--- a/Deployments/gitea_home.nix
+++ b/Deployments/gitea_home.nix
@ -0,0 +1,74 @@
+# NixOps configuration for the hosts running Gitea
+
+{ config, pkgs, lib, ... }:
+
+{
+
+  services.gitea = {
+    enable = true;                                   # Enable Gitea
+    appName = "taigh,mcwhirter.io: Gitea Service";   # Give the site a name
+    database = {
+      type = "postgres";                             # Database type
+      passwordFile = "/run/keys/gitea-dbpass";       # Where to find the password
+    };
+    domain = "source.taigh.mcwhirter.io";            # Domain name
+    rootUrl = "http://source.taigh.mcwhirter.io/";   # Root web URL
+    httpPort = 3001;                                 # Provided unique port
+    extraConfig = let
+      docutils =
+        pkgs.python37.withPackages (ps: with ps; [
+          docutils                               # Provides rendering of ReStructured Text files
+          pygments                               # Provides syntax highlighting
+      ]);
+    in ''
+      [mailer]
+      ENABLED = true
+      FROM = "gitea@mcwhirter.io"
+      [service]
+      REGISTER_EMAIL_CONFIRM = true
+      [markup.restructuredtext]
+      ENABLED = true
+      FILE_EXTENSIONS = .rst
+      RENDER_COMMAND = ${docutils}/bin/rst2html.py
+      IS_INPUT_FILE = false
+    '';
+  };
+
+  services.postgresql = {
+    enable = true;                # Ensure postgresql is enabled
+    authentication = ''
+      local gitea all ident map=gitea-users
+    '';
+    identMap =                    # Map the gitea user to postgresql
+      ''
+        gitea-users gitea gitea
+      '';
+  };
+
+  services.nginx = {
+    enable = true;                                          # Enable Nginx
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    #recommendedTlsSettings = true;
+    virtualHosts."source.taigh.mcwhirter.io" = {            # Gitea hostname
+      #enableACME = true;                                    # Use ACME certs
+      #forceSSL = true;                                      # Force SSL
+      locations."/".proxyPass = "http://localhost:3001/";   # Proxy Gitea
+    };
+  };
+
+  # Configure firewall defaults:
+  networking = {
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 ];
+      trustedInterfaces = [ "lo" ];
+    };
+  };
+
+  #security.acme.certs = {
+  #    "source.mcwhirter.io".email = "craige@mcwhirter.io";
+  #};
+
+}
--- a/Hosts/pi-tri.nix
+++ b/Hosts/pi-tri.nix
@ -5,8 +5,18 @@
    { config, pkgs, lib, ... }:

    {
+      imports = [
+        ../Deployments/gitea_home.nix
+        ../Secrets/gitea_home.nix
+      ];
      deployment.targetHost = "10.69.0.203";

      networking.hostName = "pi-tri";      # Define your hostname.
+
+      environment.systemPackages = with pkgs; [
+        gnupg                 # GPL OpenPGP implementation
+        nix-zsh-completions   # ZSH completions for Nix, NixOS, and NixOps
+        nixops                # NixOS cloud provisioning and deployment tool
+      ];
    };
 }