WS-KCNHUB/machines/kcnhub/servers/gitea.nix

67 lines
1.7 KiB
Nix
Raw Normal View History

2023-08-29 11:59:58 -04:00
{ pkgs, config, ...}: let
# Domain TBD
2023-10-26 13:07:56 -04:00
domain = "git.ws.kcnhub.com";
2023-08-29 11:59:58 -04:00
in {
services.gitea = {
enable = true;
database = {
type = "postgres";
socket = "/run/postgresql";
};
settings = {
server = {
HTTP_PORT = 5000;
2023-10-26 13:07:56 -04:00
ROOT_URL = "https://${domain}";
2023-08-29 11:59:58 -04:00
};
actions = {
ENABLED = true;
};
service.DISABLE_REGISTRATION = true;
2023-08-29 11:59:58 -04:00
};
};
2023-11-01 14:46:35 -04:00
# To allow gitea to access /etc/shadow for PAM authentication
users.users.gitea.extraGroups = [ "shadow" ];
2023-08-29 11:59:58 -04:00
# Services Runner running in nixos-container w/ host label
# This allows sharing of nix-store for caching actions builds
# ... Maybe I'll actually set this up. Some concern for clearing its
# cache and it overpopulating. Idk. We'll see.
# services.gitea-actions-runner.instances."nix-runner" = {
# enable = true;
# name = "nix-runner";
# url = "http://localhost:${config.services.gitea.settings.server.HTTP_PORT}";
# labels = [
# # don't require docker/podman
# "native:host"
# ];
# tokenFile = "/var/lib/gitea/runner_token";
# };
services.postgresql = {
enable = true;
port = 5432;
ensureUsers = [{
name = "gitea";
ensurePermissions = {
"DATABASE \"gitea\"" = "ALL PRIVILEGES";
};
ensureClauses = {
createdb = true;
};
}];
};
services.caddy.virtualHosts = {
2023-10-26 14:27:41 -04:00
"ws.kcnhub.com" = {
extraConfig = ''
redir "https://git.ws.kcnhub.com/DavidC/WS-KCNHUB/wiki"
'';
};
2023-08-29 11:59:58 -04:00
"${domain}" = {
2023-10-26 13:07:56 -04:00
extraConfig = ''
2023-08-29 11:59:58 -04:00
reverse_proxy 127.0.0.1:${toString config.services.gitea.settings.server.HTTP_PORT}
'';
};
};
}