nixos-config/config/services/gitea.nix

87 lines
2.7 KiB
Nix
Raw Normal View History

2022-01-17 09:53:15 +00:00
{ config, ... }: {
2022-02-18 13:17:35 +00:00
imports = [
../../modules/gitea.nix
2022-03-02 17:34:06 +00:00
../../modules/gateway-st.nix
2022-02-18 13:17:35 +00:00
];
2022-01-17 09:49:37 +00:00
services.gitea = {
enable = true;
appName = "Lotte's Git";
2022-01-17 09:53:15 +00:00
cookieSecure = true;
2022-01-17 09:49:37 +00:00
database = {
host = "localhost";
name = "gitea";
user = "gitea";
2022-01-17 10:36:05 +00:00
type = "postgres";
2022-01-17 09:49:37 +00:00
};
domain = "git.chir.rs";
httpAddress = "127.0.0.1";
lfs.enable = true;
rootUrl = "https://git.chir.rs/";
2022-01-30 13:09:25 +00:00
storageSecretFile = "/run/secrets/services/gitea";
2022-01-17 10:37:34 +00:00
settings = rec {
2022-01-17 09:49:37 +00:00
storage = {
STORAGE_TYPE = "minio";
2022-03-02 17:34:06 +00:00
MINIO_ENDPOINT = "localhost:7777";
2022-01-17 10:27:07 +00:00
MINIO_ACCESS_KEY_ID = "gitea";
2022-01-30 12:50:23 +00:00
MINIO_SECRET_ACCESS_KEY = "#storageSecret#";
2022-01-17 09:49:37 +00:00
MINIO_BUCKET = "gitea";
2022-03-02 17:34:06 +00:00
MINIO_USE_SSL = "false";
2022-01-17 09:49:37 +00:00
};
2022-01-17 12:48:48 +00:00
openid = {
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = true;
};
cache = {
2022-01-17 12:50:25 +00:00
ENABLED = config.services.redis.servers.gitea.enable;
2022-01-17 12:48:48 +00:00
ADAPTER = "redis";
2022-01-17 12:51:14 +00:00
HOST = "redis://${config.services.redis.servers.gitea.bind}:${toString config.services.redis.servers.gitea.port}/0";
2022-01-17 12:48:48 +00:00
};
session = {
PROVIDER = "redis";
PROVIDER_CONFIG = "redis://${config.services.redis.servers.gitea.bind}:${toString config.services.redis.servers.gitea.port}/1";
};
metrics = {
ENABLED = true;
ENABLED_ISSUE_BY_LABEL = true;
ENABLED_ISSUE_BY_REPOSITORY = true;
};
queue = {
TYPE = "redis";
CONN_STRING = "redis://${config.services.redis.servers.gitea.bind}:${toString config.services.redis.servers.gitea.port}/2";
};
2022-01-17 09:49:37 +00:00
};
};
2022-03-02 17:34:06 +00:00
services.storj-gateway.gitea = {
accessGrantFile = "/run/secrets/services/storj/gitea/accessGrant";
accessKeyFile = "/run/secrets/services/storj/gitea/accessKey";
secretKeyFile = "/run/secrets/services/storj/gitea/secretKey";
};
sops.secrets."services/storj/gitea/accessGrant".owner = "storj";
sops.secrets."services/storj/gitea/accessKey".owner = "storj";
sops.secrets."services/storj/gitea/secretKey".owner = "storj";
2022-01-17 09:53:15 +00:00
services.nginx.virtualHosts."git.chir.rs" = {
sslCertificate = "/var/lib/acme/chir.rs/cert.pem";
sslCertificateKey = "/var/lib/acme/chir.rs/key.pem";
locations."/" = {
proxyPass = "http://${config.services.gitea.httpAddress}:${toString config.services.gitea.httpPort}/";
proxyWebsockets = true;
};
};
2022-01-17 09:49:37 +00:00
services.postgresql.ensureDatabases = [ "gitea" ];
services.postgresql.ensureUsers = [{
name = "gitea";
ensurePermissions = { "DATABASE gitea" = "ALL PRIVILEGES"; };
}];
2022-01-17 12:50:25 +00:00
services.redis.servers.gitea = {
2022-01-17 12:48:48 +00:00
enable = true;
bind = "127.0.0.1";
databases = 3;
2022-01-23 09:55:17 +00:00
port = 6379;
2022-01-17 12:48:48 +00:00
};
2022-01-30 12:59:46 +00:00
sops.secrets."services/gitea" = { owner = "gitea"; };
2022-01-17 09:49:37 +00:00
}