2023-06-04 01:59:35 +02:00
|
|
|
{ config, values, pkgs, ... }:
|
|
|
|
let
|
|
|
|
cfg = config.services.gitea;
|
2023-09-07 18:34:58 +02:00
|
|
|
domain = "git.pvv.ntnu.no";
|
2023-06-04 01:59:35 +02:00
|
|
|
sshPort = 2222;
|
|
|
|
in {
|
2023-09-16 22:26:44 +02:00
|
|
|
imports = [
|
|
|
|
./ci.nix
|
2024-04-11 09:28:03 +02:00
|
|
|
./import-users.nix
|
2023-09-16 22:26:44 +02:00
|
|
|
];
|
|
|
|
|
2023-06-04 01:59:35 +02:00
|
|
|
sops.secrets = {
|
|
|
|
"gitea/database" = {
|
|
|
|
owner = "gitea";
|
|
|
|
group = "gitea";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
services.gitea = {
|
|
|
|
enable = true;
|
|
|
|
stateDir = "/data/gitea";
|
|
|
|
appName = "PVV Git";
|
|
|
|
|
|
|
|
database = {
|
|
|
|
type = "postgres";
|
|
|
|
host = "postgres.pvv.ntnu.no";
|
|
|
|
port = config.services.postgresql.port;
|
|
|
|
passwordFile = config.sops.secrets."gitea/database".path;
|
|
|
|
createDatabase = false;
|
|
|
|
};
|
|
|
|
|
|
|
|
settings = {
|
|
|
|
server = {
|
|
|
|
DOMAIN = domain;
|
|
|
|
ROOT_URL = "https://${domain}/";
|
|
|
|
PROTOCOL = "http+unix";
|
|
|
|
SSH_PORT = sshPort;
|
2024-04-11 09:36:03 +02:00
|
|
|
START_SSH_SERVER = true;
|
2023-06-04 01:59:35 +02:00
|
|
|
};
|
2023-09-16 21:51:13 +02:00
|
|
|
indexer.REPO_INDEXER_ENABLED = true;
|
2023-06-04 01:59:35 +02:00
|
|
|
service.DISABLE_REGISTRATION = true;
|
|
|
|
session.COOKIE_SECURE = true;
|
|
|
|
database.LOG_SQL = false;
|
|
|
|
picture = {
|
|
|
|
DISABLE_GRAVATAR = true;
|
|
|
|
ENABLE_FEDERATED_AVATAR = false;
|
|
|
|
};
|
2023-09-16 21:51:13 +02:00
|
|
|
actions.ENABLED = true;
|
2023-06-04 01:59:35 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-09-07 18:34:58 +02:00
|
|
|
environment.systemPackages = [ cfg.package ];
|
|
|
|
|
2023-06-04 01:59:35 +02:00
|
|
|
services.nginx.virtualHosts."${domain}" = {
|
|
|
|
forceSSL = true;
|
|
|
|
enableACME = true;
|
2024-04-10 22:01:19 +02:00
|
|
|
kTLS = true;
|
2023-06-04 01:59:35 +02:00
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://unix:${cfg.settings.server.HTTP_ADDR}";
|
|
|
|
extraConfig = ''
|
|
|
|
client_max_body_size 512M;
|
|
|
|
'';
|
|
|
|
};
|
2024-04-11 10:47:49 +02:00
|
|
|
|
|
|
|
locations."/metrics" = {
|
|
|
|
proxyPass = "http://unix:${cfg.settings.server.HTTP_ADDR}";
|
|
|
|
extraConfig = ''
|
|
|
|
allow ${values.hosts.ildkule.ipv4};
|
|
|
|
allow ${values.hosts.ildkule.ipv6};
|
|
|
|
deny all;
|
|
|
|
'';
|
|
|
|
};
|
2023-06-04 01:59:35 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ sshPort ];
|
|
|
|
|
2024-04-11 09:36:03 +02:00
|
|
|
# Extra customization
|
|
|
|
|
|
|
|
services.gitea-themes.monokai = pkgs.gitea-theme-monokai;
|
|
|
|
|
|
|
|
systemd.services.install-gitea-customization = {
|
|
|
|
description = "Install extra customization in gitea's CUSTOM_DIR";
|
|
|
|
wantedBy = [ "gitea.service" ];
|
|
|
|
requiredBy = [ "gitea.service" ];
|
|
|
|
|
|
|
|
serviceConfig = {
|
|
|
|
Type = "oneshot";
|
|
|
|
User = cfg.user;
|
|
|
|
Group = cfg.group;
|
|
|
|
};
|
|
|
|
|
|
|
|
script = let
|
|
|
|
logo-svg = ../../../../assets/logo_blue_regular.svg;
|
|
|
|
logo-png = ../../../../assets/logo_blue_regular.png;
|
|
|
|
in ''
|
|
|
|
install -Dm444 ${logo-svg} ${cfg.customDir}/public/img/logo.svg
|
|
|
|
install -Dm444 ${logo-png} ${cfg.customDir}/public/img/logo.png
|
|
|
|
install -Dm444 ${./loading.apng} ${cfg.customDir}/public/img/loading.png
|
|
|
|
'';
|
|
|
|
};
|
2023-06-04 01:59:35 +02:00
|
|
|
}
|