42 lines
915 B
Nix
42 lines
915 B
Nix
{ config, lib, ... }:
|
|
|
|
let
|
|
domain = "git.giugl.io";
|
|
network = import ./network.nix;
|
|
in
|
|
{
|
|
architect.firewall.openTCP = [ config.services.gitea.settings.server.SSH_PORT ];
|
|
|
|
services.gitea = {
|
|
enable = true;
|
|
database.type = "sqlite3";
|
|
domain = domain;
|
|
appName = "Gitea";
|
|
rootUrl = "https://${domain}";
|
|
settings = {
|
|
server = {
|
|
LFS_START_SERVER = true;
|
|
SSH_PORT = 22;
|
|
};
|
|
openid.enable_openid_signin = true;
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts.${domain} = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:3000";
|
|
# it does not work, it breaks gitea's web portal
|
|
# extraConfig = auth_block { access_role = "git"; };
|
|
};
|
|
};
|
|
|
|
networking.extraHosts = ''
|
|
${network.architect-lan} ${domain}
|
|
${network.architect-wg} ${domain}
|
|
${network.architect-ts} ${domain}
|
|
'';
|
|
|
|
}
|