Initial Gitea conf

2025-01-15 00:33:35 +02:00 · 2025-01-15 00:33:35 +02:00 · c1f7c5b93a
commit c1f7c5b93a
parent 98192942be
1 changed files with 66 additions and 0 deletions
--- a/services/gitea.nix
+++ b/services/gitea.nix
@ -0,0 +1,66 @@
+{ config, ... }:
+{
+  imports = [ ./acme-dns.nix ];
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+  networking.firewall.allowedUDPPorts = [ 443 ];
+
+  services = {
+    gitea = {
+      enable = true;
+      lfs.enable = true;
+      appName = "Gitea for Vili Sinervä";
+      mailerPasswordFile = "${config.services.gitea.stateDir}/smtp_pass"; # TODO
+
+      settings = {
+        repository = {
+          ENABLE_PUSH_CREATE_USER = true;
+        };
+        ui = {
+          DEFAULT_SHOW_FULL_NAME = true;
+          meta.AUTHOR = "Gitea, hosted by Vili Sinervä";
+        };
+        server = {
+          DOMAIN = "gitea.vsinerva.fi";
+          HTTP_PORT = 8000;
+          ROOT_URL = "https://${config.services.gitea.settings.server.DOMAIN}";
+        };
+        # service.DISABLE_REGISTRATION = true; # Disable for initial setup
+        session.COOKIE_SECURE = true;
+        mailer = {
+          ENABLED = true;
+          SMTP_ADDR = "smtp.gmail.com";
+          SMTP_PORT = 587;
+          USER = "vmsskv12@gmail.com"; # Password set in file
+          FROM = "gitea@vsinerva.fi";
+        };
+        cron = {
+          ENABLED = true;
+          RUN_AT_START = true;
+        };
+        time.DEFAULT_UI_LOCATION = "Europe/Helsinki";
+      };
+    };
+
+    nginx = {
+      enable = true;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedTlsSettings = true;
+      recommendedProxySettings = true;
+
+      virtualHosts.${config.services.gitea.settings.server.DOMAIN} = {
+        forceSSL = true;
+        kTLS = true;
+        enableACME = true;
+        acmeRoot = null;
+        locations."/" = {
+          proxyPass = "http://localhost:8000";
+        };
+      };
+    };
+  };
+}