tsuki/gitea: use UNIX socket behind gitea

This commit is contained in:
Oystein Kristoffer Tveit 2023-07-12 23:30:39 +02:00
parent fd052eea5a
commit 5ea58f1b98
Signed by: oysteikt
GPG Key ID: 9F2F7D8250F35146

View File

@ -1,5 +1,6 @@
{ config, pkgs, unstable-pkgs, lib, secrets, ... }:
{
{ config, pkgs, unstable-pkgs, lib, secrets, ... }: let
cfg = config.services.gitea;
in {
security.pam.services."gitea".unixAuth = true;
users.users.git = {
@ -13,6 +14,8 @@
packages = with unstable-pkgs; [ gitea ];
};
users.groups."gitea".members = [ "nginx" ];
sops.secrets."postgres/gitea" = rec {
restartUnits = [ "gitea.service" ];
owner = config.services.gitea.user;
@ -22,10 +25,6 @@
services.gitea = {
enable = true;
user = "git";
rootUrl = "https://git.nani.wtf/";
domain = "git.nani.wtf";
httpPort = secrets.ports.gitea;
package = unstable-pkgs.gitea;
stateDir = "${config.machineVars.dataDrives.default}/var/gitea";
@ -36,16 +35,21 @@
};
database = {
type = "postgres";
user = "gitea";
passwordFile = config.sops.secrets."postgres/gitea".path;
type = "postgres";
socket = "/var/run/postgresql";
createDatabase = false;
passwordFile = config.sops.secrets."postgres/gitea".path;
};
settings = {
server = {
PROTOCOL = "http+unix";
HTTP_ADDR = "/run/gitea/gitea.sock";
BUILTIN_SSH_SERVER_USER="git";
LANDING_PAGE = "/explore/repos";
ROOT_URL = "https://git.nani.wtf/";
DOMAIN = "git.nani.wtf";
};
service.DISABLE_REGISTRATION = true;