nixos-config/config/services/gitea.nix

{ config, ... }: {
  imports = [
    /run/secrets/services/gitea.nix
  ];
  services.gitea = {
    enable = true;
    appName = "Lotte's Git";
    cookieSecure = true;
    database = {
      host = "localhost";
      name = "gitea";
      user = "gitea";
      type = "postgres";
    };
    domain = "git.chir.rs";
    dump.enable = true;
    httpAddress = "127.0.0.1";
    lfs.enable = true;
    rootUrl = "https://git.chir.rs/";
    settings = rec {
      lfs = {
        STORAGE_TYPE = "default";
      };
      storage = {
        STORAGE_TYPE = "minio";
        MINIO_ENDPOINT = "minio.int.chir.rs:443";
        MINIO_ACCESS_KEY_ID = "gitea";
        MINIO_BUCKET = "gitea";
        MINIO_USE_SSL = "true";
      };
      "storage.default" = storage;
    };
  };

  services.nginx.virtualHosts."git.chir.rs" = {
    forceSSL = true;
    http2 = true;
    listenAddresses = [ "0.0.0.0" "[::]" ];
    sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
    sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
    locations."/" = {
      proxyPass = "http://${config.services.gitea.httpAddress}:${toString config.services.gitea.httpPort}/";
      proxyWebsockets = true;
    };
  };

  services.postgresql.ensureDatabases = [ "gitea" ];
  services.postgresql.ensureUsers = [{
    name = "gitea";
    ensurePermissions = { "DATABASE gitea" = "ALL PRIVILEGES"; };
  }];

  systemd.services.gitea.serviceConfig.EnvironmentFile = "/run/secrets/services/gitea";
}
Add gitea vhost 2022-01-17 09:53:15 +00:00			`{ config, ... }: {`
Add impure secrets 2022-01-17 10:27:07 +00:00			`imports = [`
Move gitea secret to sops 2022-01-17 11:00:18 +00:00			`/run/secrets/services/gitea.nix`
Add impure secrets 2022-01-17 10:27:07 +00:00			`];`
Add gitea 2022-01-17 09:49:37 +00:00			`services.gitea = {`
			`enable = true;`
			`appName = "Lotte's Git";`
Add gitea vhost 2022-01-17 09:53:15 +00:00			`cookieSecure = true;`
Add gitea 2022-01-17 09:49:37 +00:00			`database = {`
			`host = "localhost";`
			`name = "gitea";`
			`user = "gitea";`
Make gitea use postgres 2022-01-17 10:36:05 +00:00			`type = "postgres";`
Add gitea 2022-01-17 09:49:37 +00:00			`};`
			`domain = "git.chir.rs";`
			`dump.enable = true;`
			`httpAddress = "127.0.0.1";`
			`lfs.enable = true;`
			`rootUrl = "https://git.chir.rs/";`
Add a settings.default storage 2022-01-17 10:37:34 +00:00			`settings = rec {`
Add gitea 2022-01-17 09:49:37 +00:00			`lfs = {`
Make gitea use postgres 2022-01-17 10:36:05 +00:00			`STORAGE_TYPE = "default";`
Add gitea 2022-01-17 09:49:37 +00:00			`};`
			`storage = {`
			`STORAGE_TYPE = "minio";`
Fix gitea endpoint 2022-01-17 10:05:02 +00:00			`MINIO_ENDPOINT = "minio.int.chir.rs:443";`
Add impure secrets 2022-01-17 10:27:07 +00:00			`MINIO_ACCESS_KEY_ID = "gitea";`
Add gitea 2022-01-17 09:49:37 +00:00			`MINIO_BUCKET = "gitea";`
			`MINIO_USE_SSL = "true";`
			`};`
Add a settings.default storage 2022-01-17 10:37:34 +00:00			`"storage.default" = storage;`
Add gitea 2022-01-17 09:49:37 +00:00			`};`
			`};`

Add gitea vhost 2022-01-17 09:53:15 +00:00			`services.nginx.virtualHosts."git.chir.rs" = {`
			`forceSSL = true;`
			`http2 = true;`
			`listenAddresses = [ "0.0.0.0" "[::]" ];`
			`sslCertificate = "/var/lib/acme/chir.rs/cert.pem";`
			`sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";`
			`locations."/" = {`
			`proxyPass = "http://${config.services.gitea.httpAddress}:${toString config.services.gitea.httpPort}/";`
			`proxyWebsockets = true;`
			`};`
			`};`

Add gitea 2022-01-17 09:49:37 +00:00			`services.postgresql.ensureDatabases = [ "gitea" ];`
			`services.postgresql.ensureUsers = [{`
			`name = "gitea";`
			`ensurePermissions = { "DATABASE gitea" = "ALL PRIVILEGES"; };`
			`}];`

			`systemd.services.gitea.serviceConfig.EnvironmentFile = "/run/secrets/services/gitea";`
			`}`