nixos/hosts/architect/gitea.nix

{ config, lib, ... }:

let
  domain = "git.giugl.io";
in
{
  architect = {
    firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ];
    vhost.${domain} = {
      dnsInterfaces = [ "lan" "tailscale" ];
      locations."/" = {
        port = config.services.gitea.settings.server.HTTP_PORT;
        allowWAN = true;
      };
    };
  };

  services.gitea = {
    enable = true;
    database.type = "sqlite3";
    appName = "Gitea";
    # https://github.com/NixOS/nixpkgs/issues/235442#issuecomment-1574329453
    lfs.enable = true;
    settings = {
      server = {
        DOMAIN = domain;
        ROOT_URL = "https://${domain}";
        SSH_PORT = 22;
        HTTP_PORT = 3001;
      };
      openid.enable_openid_signin = true;
    };
  };
}
architect: Refactored firewall settings. Added architect.firewall option 2023-02-14 23:19:52 +00:00			`{ config, lib, ... }:`
removed implicit use of network.nix. use domain names in each service conf file. restrict access to gdevices to sensitive services. 2021-12-08 16:39:00 +00:00
			`let`
			`domain = "git.giugl.io";`
gitea: Enable OpenID signin 2022-11-29 12:24:48 +00:00			`in`
			`{`
gitea: vhost 2023-06-05 03:41:10 +01:00			`architect = {`
			`firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ];`
			`vhost.${domain} = {`
architect: removed wireguard 2023-10-21 14:00:58 +01:00			`dnsInterfaces = [ "lan" "tailscale" ];`
gitea: allow WAN traffic 2023-11-16 12:28:06 +00:00			`locations."/" = {`
			`port = config.services.gitea.settings.server.HTTP_PORT;`
			`allowWAN = true;`
			`};`
gitea: vhost 2023-06-05 03:41:10 +01:00			`};`
			`};`
architect: Refactored firewall settings. Added architect.firewall option 2023-02-14 23:19:52 +00:00
reorganized services in files 2021-07-07 13:13:19 +01:00			`services.gitea = {`
formatting 2021-11-25 11:42:32 +00:00			`enable = true;`
			`database.type = "sqlite3";`
			`appName = "Gitea";`
gitea: move LFS setting into gitea.lfs 2023-06-03 00:46:08 +01:00			`# https://github.com/NixOS/nixpkgs/issues/235442#issuecomment-1574329453`
			`lfs.enable = true;`
gitea: Enable OpenID signin 2022-11-29 12:24:48 +00:00			`settings = {`
gitea: Renamed property to SSH_PORT 2022-12-01 13:27:05 +00:00			`server = {`
Initial move to 23.05 2023-05-27 23:16:46 +01:00			`DOMAIN = domain;`
			`ROOT_URL = "https://${domain}";`
gitea: Renamed property to SSH_PORT 2022-12-01 13:27:05 +00:00			`SSH_PORT = 22;`
gitea: vhost 2023-06-05 03:41:10 +01:00			`HTTP_PORT = 3001;`
gitea: Renamed property to SSH_PORT 2022-12-01 13:27:05 +00:00			`};`
gitea: Enable OpenID signin 2022-11-29 12:24:48 +00:00			`openid.enable_openid_signin = true;`
			`};`
reorganized services in files 2021-07-07 13:13:19 +01:00			`};`
			`}`