Move Gitea away from cert-store
This commit is contained in:
parent
89516c5477
commit
be6954f038
2 changed files with 12 additions and 9 deletions
|
|
@ -5,7 +5,6 @@
|
||||||
description = "Read-only access to certs";
|
description = "Read-only access to certs";
|
||||||
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys ++ [
|
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys ++ [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHj2PK6LHsanSqaz8Gf/VqHaurd5e6Y7KnZNBiHb9adT nextcloud"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHj2PK6LHsanSqaz8Gf/VqHaurd5e6Y7KnZNBiHb9adT nextcloud"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiJZWlmiEkVzlf5/KV/jKkCGlgp8mnEeCnwk/dhdctJ gitea"
|
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgIXTr7HxC13UNZP0UCALBRJuiDh4U0Nnd4GPIE4RQR vaultwarden"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgIXTr7HxC13UNZP0UCALBRJuiDh4U0Nnd4GPIE4RQR vaultwarden"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -1,16 +1,21 @@
|
||||||
{ config, ... }:
|
{ config, ... }:
|
||||||
{
|
{
|
||||||
imports = [ ./cert-store-client.nix ];
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
80
|
||||||
|
443
|
||||||
|
];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 443 ];
|
security.acme = {
|
||||||
networking.firewall.allowedUDPPorts = [ 443 ];
|
acceptTerms = true;
|
||||||
|
defaults.email = "vili.m.sinerva@gmail.com";
|
||||||
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
gitea = {
|
gitea = {
|
||||||
enable = true;
|
enable = true;
|
||||||
lfs.enable = true;
|
lfs.enable = true;
|
||||||
appName = "Gitea for Vili Sinervä";
|
appName = "Gitea for Vili Sinervä";
|
||||||
mailerPasswordFile = "${config.services.gitea.stateDir}/smtp_pass"; # TODO
|
mailerPasswordFile = "${config.services.gitea.stateDir}/smtp_pass";
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
repository = {
|
repository = {
|
||||||
|
|
@ -19,7 +24,7 @@
|
||||||
ui.DEFAULT_SHOW_FULL_NAME = true;
|
ui.DEFAULT_SHOW_FULL_NAME = true;
|
||||||
"ui.meta".AUTHOR = "Gitea, hosted by Vili Sinervä";
|
"ui.meta".AUTHOR = "Gitea, hosted by Vili Sinervä";
|
||||||
server = {
|
server = {
|
||||||
DOMAIN = "gitea.vsinerva.fi";
|
DOMAIN = "gitea.sinerva.eu";
|
||||||
HTTP_PORT = 8000;
|
HTTP_PORT = 8000;
|
||||||
ROOT_URL = "https://${config.services.gitea.settings.server.DOMAIN}";
|
ROOT_URL = "https://${config.services.gitea.settings.server.DOMAIN}";
|
||||||
};
|
};
|
||||||
|
|
@ -30,7 +35,7 @@
|
||||||
SMTP_ADDR = "smtp.gmail.com";
|
SMTP_ADDR = "smtp.gmail.com";
|
||||||
SMTP_PORT = 587;
|
SMTP_PORT = 587;
|
||||||
USER = "vmsskv12@gmail.com"; # Password set in file
|
USER = "vmsskv12@gmail.com"; # Password set in file
|
||||||
FROM = "gitea@vsinerva.fi";
|
FROM = "gitea@sinerva.eu";
|
||||||
};
|
};
|
||||||
cron = {
|
cron = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
|
|
@ -48,10 +53,9 @@
|
||||||
recommendedProxySettings = true;
|
recommendedProxySettings = true;
|
||||||
|
|
||||||
virtualHosts.${config.services.gitea.settings.server.DOMAIN} = {
|
virtualHosts.${config.services.gitea.settings.server.DOMAIN} = {
|
||||||
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
kTLS = true;
|
kTLS = true;
|
||||||
sslCertificate = "/mnt/acme/fullchain.pem";
|
|
||||||
sslCertificateKey = "/mnt/acme/key.pem";
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://localhost:8000";
|
proxyPass = "http://localhost:8000";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue