feat: setup gitea database secret

This commit is contained in:
Laureηt 2023-03-19 15:49:50 +01:00
parent 310eb89618
commit 76e6a1d9cc
Signed by: Laurent
SSH key fingerprint: SHA256:kZEpW8cMJ54PDeCvOhzreNr4FSh6R13CMGH/POoO8DI
2 changed files with 13 additions and 3 deletions

View file

@ -22,7 +22,7 @@
}; };
}; };
outputs = { nixpkgs, flake-utils, agenix, home-manager, webcord, ... }@inputs: outputs = { nixpkgs, flake-utils, agenix, home-manager, webcord, ... }:
# Provide colmena # Provide colmena
(flake-utils.lib.eachDefaultSystem (system: (flake-utils.lib.eachDefaultSystem (system:
@ -33,7 +33,7 @@
pkgs.colmena pkgs.colmena
pkgs.nixfmt pkgs.nixfmt
pkgs.git pkgs.git
inputs.agenix.packages.${system}.ragenix agenix.packages.${system}.ragenix
]; ];
}; };
})) // { })) // {

View file

@ -144,12 +144,22 @@
environment.systemPackages = with pkgs; [ htop ]; environment.systemPackages = with pkgs; [ htop ];
age.secrets.gitea = {
file = ../../secrets/gitea.age;
owner = "gitea";
group = "gitea";
};
age.identityPaths = [ "/root/.ssh/id_ed25519" ];
services.gitea = { services.gitea = {
enable = true; enable = true;
domain = "git.fainsin.bzh"; domain = "git.fainsin.bzh";
rootUrl = "https://git.fainsin.bzh"; rootUrl = "https://git.fainsin.bzh";
lfs.enable = true; lfs.enable = true;
database.type = "postgres"; database = {
type = "postgres";
passwordFile = config.age.secrets.gitea.path;
};
settings = { settings = {
service = { service = {
"DEFAULT_KEEP_EMAIL_PRIVATE" = true; "DEFAULT_KEEP_EMAIL_PRIVATE" = true;