{ config, lib, pkgs, ... }: let theme = pkgs.fetchzip { url = "https://github.com/catppuccin/gitea/releases/download/v0.2.1/catppuccin-gitea.tar.gz"; sha256 = "sha256-HqVLW58lKPn81p3gTSjzkACHSBbmqPqeobAlJMubb8Y="; stripRoot = false; }; in { services.gitea = { enable = true; package = pkgs.gitea-nyx; database = { type = "postgres"; passwordFile = config.age.secrets."services/gitea/password-database".path; }; lfs.enable = true; appName = "nekowinston's Gitea"; settings = { actions.ENABLED = true; indexer = with config.services.elasticsearch; let indexer = "elasticsearch"; conn = "http://${listenAddress}:${toString port}"; in { ISSUE_INDEXER_CONN_STR = conn; ISSUE_INDEXER_TYPE = indexer; REPO_INDEXER_CONN_STR = conn; REPO_INDEXER_ENABLED = true; REPO_INDEXER_TYPE = indexer; }; repository = { ENABLE_PUSH_CREATE_USER = true; }; server = rec { DOMAIN = "git.winston.sh"; HTTP_ADDR = "127.0.0.1"; HTTP_PORT = 12492; ROOT_URL = "https://${DOMAIN}/"; }; service.DISABLE_REGISTRATION = true; session = { COOKIE_SECURE = true; SAME_SITE = "strict"; }; ui = { THEMES = builtins.concatStringsSep "," (["auto"] ++ (map (name: lib.removePrefix "theme-" (lib.removeSuffix ".css" name)) (builtins.attrNames (builtins.readDir theme)))); DEFAULT_THEME = "catppuccin-mocha-pink"; }; }; }; networking.firewall.allowedTCPPorts = [22]; systemd.services.gitea = { preStart = let inherit (config.services.gitea) stateDir; in lib.mkAfter '' rm -rf ${stateDir}/custom/public mkdir -p ${stateDir}/custom/public ln -sf ${theme} ${stateDir}/custom/public/css ''; }; age.secrets."services/gitea/password-database".owner = "gitea"; services.elasticsearch.enable = true; services.nginx.virtualHosts.${config.services.gitea.settings.server.DOMAIN} = { forceSSL = true; enableACME = false; useACMEHost = "winston.sh"; locations."/" = with config.services.gitea.settings.server; { extraConfig = "client_max_body_size 512M;"; proxyPass = "http://${HTTP_ADDR}:${toString HTTP_PORT}"; }; }; }