nix-dotfiles/hosts/tsuki/services/gitea/default.nix

152 lines
3.8 KiB
Nix

{ config, pkgs, unstable-pkgs, lib, secrets, ... }: let
cfg = config.services.gitea;
in {
security.pam.services."gitea".unixAuth = true;
users.users.git = {
description = "Gitea service";
home = config.services.gitea.stateDir;
useDefaultShell = true;
group = "gitea";
isSystemUser = true;
uid = config.ids.uids.git;
packages = with unstable-pkgs; [ gitea ];
};
users.groups."gitea".members = [ "nginx" ];
sops.secrets."postgres/gitea" = rec {
restartUnits = [ "gitea.service" ];
owner = config.services.gitea.user;
group = config.users.users.${owner}.group;
};
services.gitea = {
enable = true;
user = "git";
package = unstable-pkgs.gitea;
stateDir = "${config.machineVars.dataDrives.default}/var/gitea";
dump = {
enable = true;
interval = "weekly";
};
database = {
user = "gitea";
type = "postgres";
socket = "/var/run/postgresql";
createDatabase = false;
passwordFile = config.sops.secrets."postgres/gitea".path;
};
settings = {
server = {
PROTOCOL = "http+unix";
HTTP_ADDR = "/run/gitea/gitea.sock";
BUILTIN_SSH_SERVER_USER="git";
LANDING_PAGE = "/explore/repos";
ROOT_URL = "https://git.nani.wtf/";
DOMAIN = "git.nani.wtf";
};
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
OPENID_CONNECT_SCOPES = "email profile";
UPDATE_AVATAR = true;
ACCOUNT_LINKING = "auto";
USERNAME = "userid";
};
log.LEVEL = "Info";
database.LOG_SQL = false;
repository.DISABLE_STARS = true;
ui = {
DEFAULT_THEME = "monokai";
THEMES = lib.strings.concatStringsSep "," [
"gitea"
"arc-green"
# Custom
"monokai"
];
};
"ui.svg".RENDER = true;
indexer.REPO_INDEXER_ENABLED = true;
mailer = {
ENABLED = true;
FROM = "gitea@nani.wtf";
};
# Looking forward to the day I can uncomment this line
# federation.ENABLED = true;
packages.ENABLED = false;
# TODO: fix
# markup = let
# docutils = pkgs.python37.withPackages (ps: with ps; [
# docutils # Provides rendering of ReStructured Text files
# pygments # Provides syntax highlighting
# ]);
# in {
# restructuredtext = {
# ENABLED = true;
# FILE_EXTENSIONS = ".rst";
# RENDER_COMMAND = "${docutils}/bin/rst2html.py";
# IS_INPUT_FILE = false;
# };
# asciidoc = {
# ENABLED = true;
# FILE_EXTENSIONS = ".adoc,.asciidoc";
# RENDER_COMMAND = "${pkgs.asciidoctor}/bin/asciidoctor -e -a leveloffset=-1 --out-file=- -";
# IS_INPUT_FILE = false;
# };
# };
};
};
system.activationScripts.linkGiteaThemes.text = let
themes = pkgs.stdenv.mkDerivation {
pname = "gitea-themes";
version = "1.0.0";
src = ./themes;
buildInputs = with pkgs; [ lessc ];
buildPhase = ''
mkdir out
for f in $(find -name 'theme-*.less')
do
lessc $f out/''${f%.less}.css
done;
'';
installPhase = "mv out $out";
};
cssParentPath = "${config.services.gitea.stateDir}/custom/public";
cssPath = "${cssParentPath}/css";
in ''
if [[ ! -e "${cssPath}" ]]; then
printf "creating symlink at %s...\n" "${cssPath}"
mkdir -p "${cssParentPath}"
ln -s "${themes}" "${cssPath}"
elif [ -L "${cssPath}" ]; then
printf "replacing symlink at %s...\n" "${cssPath}"
rm ${cssPath}
ln -s "${themes}" "${cssPath}"
else
printf "ERROR: %s already exists and it is not a symlink\n" "${cssPath}"
_localstatus=1;
fi
'';
}