47 lines
1.1 KiB
Nix
47 lines
1.1 KiB
Nix
{ config, ... }: {
|
|
age.secrets.gitea = {
|
|
file = ../../../../secrets/gitea.age;
|
|
owner = "gitea";
|
|
group = "gitea";
|
|
};
|
|
age.identityPaths = [ "/root/.ssh/id_ed25519" ];
|
|
|
|
services.gitea = {
|
|
enable = true;
|
|
domain = "git.fainsin.bzh";
|
|
rootUrl = "https://git.fainsin.bzh";
|
|
lfs.enable = true;
|
|
database = {
|
|
type = "postgres";
|
|
passwordFile = config.age.secrets.gitea.path;
|
|
};
|
|
settings = {
|
|
service = {
|
|
"DEFAULT_KEEP_EMAIL_PRIVATE" = true;
|
|
"DISABLE_REGISTRATION" = true;
|
|
};
|
|
server = { "LANDING_PAGE" = "explore"; };
|
|
indexer = {
|
|
"REPO_INDEXER_ENABLED" = true;
|
|
"REPO_INDEXER_PATH" = "indexers/repos.bleve";
|
|
"UPDATE_BUFFER_LEN" = 20;
|
|
"MAX_FILE_SIZE" = 1048576;
|
|
"REPO_INDEXER_EXCLUDE" = "node_modules/**";
|
|
};
|
|
session = {
|
|
"PROVIDER" = "db";
|
|
"COOKIE_SECURE" = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."git.fainsin.bzh" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
proxyPass = "http://localhost:3000/";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
}
|