# NixOps configuration for the hosts running Gitea { config, pkgs, lib, ... }: { services.gitea = { enable = true; # Enable Gitea appName = "mcwhirter.io: Gitea Service"; # Give the site a name database = { type = "postgres"; # Database type passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password }; domain = "source.mcwhirter.io"; # Domain name rootUrl = "https://source.mcwhirter.io/"; # Root web URL httpPort = 3001; # Provided unique port extraConfig = let docutils = pkgs.python37.withPackages (ps: with ps; [ docutils # Provides rendering of ReStructured Text files pygments # Provides syntax highlighting ]); in '' [mailer] ENABLED = true FROM = "gitea@mcwhirter.io" [service] REGISTER_EMAIL_CONFIRM = true [markup.restructuredtext] ENABLED = true FILE_EXTENSIONS = .rst RENDER_COMMAND = ${docutils}/bin/rst2html.py IS_INPUT_FILE = false ''; }; services.postgresql = { enable = true; # Ensure postgresql is enabled authentication = '' local gitea all ident map=gitea-users ''; identMap = # Map the gitea user to postgresql '' gitea-users gitea gitea ''; }; services.nginx = { enable = true; # Enable Nginx recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts."source.mcwhirter.io" = { # Gitea hostname enableACME = true; # Use ACME certs forceSSL = true; # Force SSL locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea }; virtualHosts."git.mcwhirter.io" = { # Hostname to be redirected globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host }; virtualHosts."code.mcwhirter.io" = { # Hostname to be redirected globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host }; }; security.acme.certs = { "source.mcwhirter.io".email = "craige@mcwhirter.io"; }; users.groups.keys.members = [ "gitea" ]; # Required due to NixOps issue #1204 }