From 2c387448ba2e7fe505bdea5e2f9b0dfe06b23813 Mon Sep 17 00:00:00 2001
From: Giulio De Pasquale <git@depasquale.giugl.io>
Date: Mon, 5 Jun 2023 04:41:10 +0200
Subject: [PATCH] gitea: vhost

---
 hosts/architect/gitea.nix | 28 ++++++++--------------------
 1 file changed, 8 insertions(+), 20 deletions(-)

diff --git a/hosts/architect/gitea.nix b/hosts/architect/gitea.nix
index b3ce7ae..62eb732 100644
--- a/hosts/architect/gitea.nix
+++ b/hosts/architect/gitea.nix
@@ -2,12 +2,15 @@
 
 let
   domain = "git.giugl.io";
-
-  utilities = import ./utilities.nix { inherit lib config; };
-  inherit (utilities) architectInterfaceAddress;
 in
 {
-  architect.firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ];
+  architect = {
+    firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ];
+    vhost.${domain} = {
+      dnsInterfaces = [ "lan" "tailscale" "wireguard" ];
+      locations."/".port = config.services.gitea.settings.server.HTTP_PORT;
+    };
+  };
 
   services.gitea = {
     enable = true;
@@ -20,24 +23,9 @@ in
         DOMAIN = domain;
         ROOT_URL = "https://${domain}";
         SSH_PORT = 22;
+        HTTP_PORT = 3001;
       };
       openid.enable_openid_signin = true;
     };
   };
-
-  services.nginx.virtualHosts.${domain} = {
-    forceSSL = true;
-    enableACME = true;
-    locations."/" = {
-      proxyPass = "http://127.0.0.1:3000";
-      # it does not work, it breaks gitea's web portal
-      #  extraConfig = auth_block { access_role = "git"; };
-    };
-  };
-
-  networking.extraHosts = ''
-    ${architectInterfaceAddress "lan"} ${domain}
-    ${architectInterfaceAddress "wireguard"} ${domain}
-    ${architectInterfaceAddress "tailscale"} ${domain}
-  '';
 }