111 lines
2.8 KiB
Nix
111 lines
2.8 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
inputs,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
# swap out Gitea stable for unstable
|
|
disabledModules = ["services/misc/gitea.nix"];
|
|
imports = ["${inputs.nixpkgs-unstable}/nixos/modules/services/misc/gitea.nix"];
|
|
services.gitea.package = pkgs.unstable.gitea;
|
|
|
|
age.secrets."services/gitea/password-database".owner = "gitea";
|
|
|
|
networking.firewall.allowedTCPPorts = [22];
|
|
|
|
services.elasticsearch.enable = true;
|
|
|
|
services.gitea = {
|
|
enable = true;
|
|
|
|
appName = "winston's gitea";
|
|
|
|
database = {
|
|
type = "postgres";
|
|
passwordFile = config.age.secrets."services/gitea/password-database".path;
|
|
};
|
|
|
|
lfs.enable = true;
|
|
|
|
settings = {
|
|
actions.ENABLED = true;
|
|
|
|
indexer = with config.services.elasticsearch; let
|
|
indexer = "elasticsearch";
|
|
conn = "http://${listenAddress}:${toString port}";
|
|
in {
|
|
REPO_INDEXER_ENABLED = true;
|
|
REPO_INDEXER_CONN_STR = conn;
|
|
REPO_INDEXER_TYPE = indexer;
|
|
ISSUE_INDEXER_CONN_STR = conn;
|
|
ISSUE_INDEXER_TYPE = indexer;
|
|
};
|
|
|
|
repository.ENABLE_PUSH_CREATE_USER = true;
|
|
|
|
server = rec {
|
|
DOMAIN = "git.winston.sh";
|
|
HTTP_ADDR = "127.0.0.1";
|
|
HTTP_PORT = 12492;
|
|
ROOT_URL = "https://${DOMAIN}/";
|
|
};
|
|
|
|
service.DISABLE_REGISTRATION = true;
|
|
|
|
session = {
|
|
COOKIE_SECURE = true;
|
|
SAME_SITE = "strict";
|
|
};
|
|
|
|
"ui.meta" = {
|
|
AUTHOR = "nekowinston";
|
|
DESCRIPTION = "winston's gitea instance";
|
|
};
|
|
|
|
other = {
|
|
SHOW_FOOTER_VERSION = false;
|
|
SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
|
|
SHOW_FOOTER_BRANDING = false;
|
|
};
|
|
};
|
|
};
|
|
|
|
services.gitea-actions-runner.instances = let
|
|
name = config.networking.hostName;
|
|
in {
|
|
${name} = {
|
|
inherit name;
|
|
enable = true;
|
|
url = config.services.gitea.settings.server.ROOT_URL;
|
|
tokenFile = config.age.secrets."services/gitea/runner-token".path;
|
|
labels = [
|
|
# provide a debian base with nodejs for actions
|
|
"debian-latest:docker://node:20-bullseye"
|
|
# fake the ubuntu name, because node provides no ubuntu builds
|
|
"ubuntu-latest:docker://node:20-bullseye"
|
|
];
|
|
};
|
|
};
|
|
|
|
systemd.services.gitea.preStart = let
|
|
inherit (config.services.gitea) stateDir;
|
|
in
|
|
lib.mkAfter ''
|
|
chmod u+w -R ${stateDir}/custom/**/*
|
|
# apply customizations
|
|
cp -Rf ${./gitea}/* ${stateDir}/custom
|
|
chmod u-w -R ${stateDir}/custom/**/*
|
|
'';
|
|
|
|
services.nginx.virtualHosts.${config.services.gitea.settings.server.DOMAIN} = {
|
|
forceSSL = true;
|
|
enableACME = false;
|
|
useACMEHost = "winston.sh";
|
|
|
|
locations."/" = with config.services.gitea.settings.server; {
|
|
extraConfig = "client_max_body_size 512M;";
|
|
proxyPass = "http://${HTTP_ADDR}:${toString HTTP_PORT}";
|
|
};
|
|
};
|
|
}
|