nixfiles/hosts/geon/gitea.nix

96 lines
2.5 KiB
Nix
Raw Permalink Normal View History

2021-03-13 15:32:44 +01:00
{ config, pkgs, lib, ... }:
{
services.openssh.ports = [ 2222 ];
services.gitea = {
enable = true;
appName = "Git: entr0py.de";
database = {
createDatabase = false;
type = "postgres";
name = "gitea";
user = "gitea";
socket = "/run/postgresql";
};
cookieSecure = true;
disableRegistration = true;
rootUrl = "https://git.entr0py.de/";
domain = "git.entr0py.de";
httpAddress = "127.0.0.1";
httpPort = 3000;
lfs.enable = true;
log.level = "Info";
ssh = {
enable = true;
clonePort = 2222;
};
settings = {
database = {
CHARSET = "utf8";
};
repository = {
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
DEFAULT_PRIVATE = true;
};
server = {
OFFLINE_MODE = true;
LANDING_PAGE = "explore";
};
mailer = {
enabled = false;
};
service = {
REGISTER_EMAIL_CONFIRM = false;
ENABLE_NOTIFY_MAIL = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
ENABLE_CAPTCHA = false;
REQUIRE_SIGNIN_VIEW = false;
DEFAULT_KEEP_EMAIL_PRIVATE = true;
DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
DEFAULT_ENABLE_TIMETRACKING = false;
};
picture = {
DISABLE_GRAVATAR = true;
ENABLE_FEDERATED_AVATAR = false;
};
openid = {
ENABLE_OPENID_SIGNIN = false;
ENABLE_OPENID_SIGNUP = false;
};
};
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_12;
ensureDatabases = [ "gitea" ];
ensureUsers = [
{
name = "gitea";
ensurePermissions."DATABASE gitea" = "ALL PRIVILEGES";
}
];
};
2021-06-14 16:36:30 +02:00
services.prometheus.exporters.postgres = {
enable = true;
port = 9101;
runAsLocalSuperUser = true;
openFirewall = true;
firewallFilter = "-i wg-monitoring -p tcp -m tcp --dport 9101";
};
2021-03-13 15:32:44 +01:00
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."git.entr0py.de" = { # Gitea hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3000/"; # Proxy Gitea
};
};
}