{ config, pkgs, lib, ... }: { services.openssh.ports = [ 2222 ]; services.gitea = { enable = true; appName = "Git: entr0py.de"; database = { createDatabase = false; type = "postgres"; name = "gitea"; user = "gitea"; socket = "/run/postgresql"; }; cookieSecure = true; disableRegistration = true; rootUrl = "https://git.entr0py.de/"; domain = "git.entr0py.de"; httpAddress = "127.0.0.1"; httpPort = 3000; lfs.enable = true; log.level = "Info"; ssh = { enable = true; clonePort = 2222; }; settings = { database = { CHARSET = "utf8"; }; repository = { ENABLE_PUSH_CREATE_USER = true; ENABLE_PUSH_CREATE_ORG = true; DEFAULT_PRIVATE = true; }; server = { OFFLINE_MODE = true; LANDING_PAGE = "explore"; }; mailer = { enabled = false; }; service = { REGISTER_EMAIL_CONFIRM = false; ENABLE_NOTIFY_MAIL = false; ALLOW_ONLY_EXTERNAL_REGISTRATION = false; ENABLE_CAPTCHA = false; REQUIRE_SIGNIN_VIEW = false; DEFAULT_KEEP_EMAIL_PRIVATE = true; DEFAULT_ALLOW_CREATE_ORGANIZATION = true; DEFAULT_ENABLE_TIMETRACKING = false; }; picture = { DISABLE_GRAVATAR = true; ENABLE_FEDERATED_AVATAR = false; }; openid = { ENABLE_OPENID_SIGNIN = false; ENABLE_OPENID_SIGNUP = false; }; }; }; services.postgresql = { enable = true; package = pkgs.postgresql_12; ensureDatabases = [ "gitea" ]; ensureUsers = [ { name = "gitea"; ensurePermissions."DATABASE gitea" = "ALL PRIVILEGES"; } ]; }; services.prometheus.exporters.postgres = { enable = true; port = 9101; runAsLocalSuperUser = true; openFirewall = true; firewallFilter = "-i wg-monitoring -p tcp -m tcp --dport 9101"; }; networking.firewall.allowedTCPPorts = [ 80 443 ]; services.nginx = { enable = true; # Enable Nginx recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts."git.entr0py.de" = { # Gitea hostname enableACME = true; # Use ACME certs forceSSL = true; # Force SSL locations."/".proxyPass = "http://localhost:3000/"; # Proxy Gitea }; }; }