infrastructure/hosts/hydrogen/services/gitea/default.nix

53 lines
1.1 KiB
Nix
Raw Normal View History

2023-12-15 15:18:36 +00:00
{
config,
pkgs,
...
}: {
2023-04-14 20:47:57 +00:00
age.secrets.gitea = {
file = ../../../../secrets/gitea.age;
owner = "gitea";
group = "gitea";
};
2023-12-15 15:18:36 +00:00
age.identityPaths = ["/root/.ssh/id_ed25519"];
2023-04-14 20:47:57 +00:00
services.gitea = {
enable = true;
package = pkgs.forgejo;
2023-04-14 20:47:57 +00:00
lfs.enable = true;
database = {
type = "postgres";
passwordFile = config.age.secrets.gitea.path;
};
settings = {
service = {
DEFAULT_KEEP_EMAIL_PRIVATE = true;
DISABLE_REGISTRATION = true;
};
server = {
LANDING_PAGE = "explore";
ROOT_URL = "https://git.fainsin.bzh";
DOMAIN = "git.fainsin.bzh";
2023-04-14 20:47:57 +00:00
};
indexer = {
REPO_INDEXER_ENABLED = true;
REPO_INDEXER_PATH = "indexers/repos.bleve";
MAX_FILE_SIZE = 1048576;
REPO_INDEXER_EXCLUDE = "node_modules/**";
2023-04-14 20:47:57 +00:00
};
session = {
PROVIDER = "db";
COOKIE_SECURE = true;
2023-04-14 20:47:57 +00:00
};
};
};
services.nginx.virtualHosts."git.fainsin.bzh" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000/";
proxyWebsockets = true;
};
};
}