{ config, lib, ... }: let domain = "git.giugl.io"; utilities = import ./utilities.nix { inherit lib config; }; inherit (utilities) architectInterfaceAddress; in { architect.firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ]; services.gitea = { enable = true; database.type = "sqlite3"; appName = "Gitea"; # https://github.com/NixOS/nixpkgs/issues/235442#issuecomment-1574329453 lfs.enable = true; settings = { server = { DOMAIN = domain; ROOT_URL = "https://${domain}"; SSH_PORT = 22; }; openid.enable_openid_signin = true; }; }; services.nginx.virtualHosts.${domain} = { forceSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:3000"; # it does not work, it breaks gitea's web portal # extraConfig = auth_block { access_role = "git"; }; }; }; networking.extraHosts = '' ${architectInterfaceAddress "lan"} ${domain} ${architectInterfaceAddress "wireguard"} ${domain} ${architectInterfaceAddress "tailscale"} ${domain} ''; }