rayandrew/vps
rayandrew/vps
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add gitea

Browse source
This commit is contained in:
Ray Andrew 2024-10-11 23:06:42 -05:00
parent f8747d528c
commit f6bf196be7
1 changed files with 121 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

167
hosts/git/configuration.nix
View file

@ -47,20 +47,6 @@
];
extraGroups = ["wheel"];
};
git = {
# createHome = true;
# isSystemUser = lib.mkForce false;
isNormalUser = true;
# shell = "${pkgs.git}/bin/git-shell";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7uSjbOgWMdaEzRGlEKM7kvT7q6jnAEZPQELAH6WAEM"
];
group = "git";
};
};
users.groups = {
git = {};
};
services.openssh = {
@ -120,40 +106,129 @@
environment.systemPackages = with pkgs; [
vim
htop
postgresql
unzip
];
services.cgit."git.rs.ht" = {
enable = true;
# mirrors = {
# dotfiles = { owner = "thedroneely"; url = "https://github.com/tdro/dotfiles.git"; };
# "thedroneely.com" = { owner = "thedroneely"; url = "https://github.com/tdro/thedroneely.com"; };
# clones = {
# cgit = { owner = "thedroneely"; url = "https://git.zx2c4.com/cgit"; };
# };
scanPath = "${config.services.gitolite.dataDir}/repositories";
extraConfig = ''
robots=noindex
'';
# user = "git";
# group = "git";
# Git
services = {
gitea = rec {
enable = true;
appName = "git.rs.ht";
domain = "git.rs.ht";
rootUrl = "https://${domain}/";
httpPort = 3003;
package = pkgs.unstable.gitea;
database.type = "postgres";
repositoryRoot = "/var/lib/gitea/repositories";
lfs.enable = true;
dump = {
# Is a nice feature once we have a dedicated backup storage.
# For now it is disabled, since it delays `nixos-rebuild switch`.
enable = false;
backupDir = "/var/lib/gitea/dump";
};
settings = {
actions = {
ENABLED = true;
};
cors = {
ALLOW_DOMAIN = config.services.gitea.domain;
ENABLED = true;
SCHEME = "https";
};
cron.ENABLED = true;
"cron.delete_generated_repository_avatars".ENABLED = true;
"cron.delete_old_actions".ENABLED = true;
"cron.delete_old_system_notices".ENABLED = true;
"cron.repo_health_check".TIMEOUT = "300s";
"cron.resync_all_sshkeys" = {
ENABLED = true;
RUN_AT_START = true;
};
database.LOG_SQL = false;
indexer.REPO_INDEXER_ENABLED = true;
log = {
LEVEL = "Info";
DISABLE_ROUTER_LOG = true;
};
mailer = {
ENABLED = false;
FROM = "git@rs.ht";
MAILER_TYPE = "sendmail";
SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
SENDMAIL_ARGS = "--";
};
other.SHOW_FOOTER_VERSION = false;
picture = {
# this also disables libravatar
DISABLE_GRAVATAR = false;
ENABLE_FEDERATED_AVATAR = true;
GRAVATAR_SOURCE = "libravatar";
REPOSITORY_AVATAR_FALLBACK = "random";
};
server = {
ENABLE_GZIP = true;
SSH_AUTHORIZED_KEYS_BACKUP = false;
SSH_DOMAIN = domain;
START_SSH_SERVER = giteaSshPort != 22;
SSH_PORT = giteaSshPort;
};
service = {
DISABLE_REGISTRATION = true;
NO_REPLY_ADDRESS = "no-reply@rs.ht";
REGISTER_EMAIL_CONFIRM = true;
ENABLE_NOTIFY_MAIL = true;
};
session = {
COOKIE_SECURE = lib.mkForce true;
PROVIDER = "db";
SAME_SITE = "strict";
};
"ssh.minimum_key_sizes" = {
ECDSA = -1;
RSA = 4095;
};
time.DEFAULT_UI_LOCATION = config.time.timeZone;
ui = {
DEFAULT_THEME = "arc-green";
EXPLORE_PAGING_NUM = 25;
FEED_PAGING_NUM = 50;
ISSUE_PAGING_NUM = 25;
};
};
};
nginx = {
enable = true;
virtualHosts."git.rs.ht" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}";
};
};
openssh = {
enable = true;
extraConfig = ''
Match User gitea
AllowAgentForwarding no
AllowTcpForwarding no
PermitTTY no
X11Forwarding no
'';
};
postgresql = {
package = pkgs.postgresql_15;
upgrade.stopServices = [ "gitea" ];
};
};
services.gitolite = {
enable = true;
adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7uSjbOgWMdaEzRGlEKM7kvT7q6jnAEZPQELAH6WAEM";
# user = "git";
# group = "git";
};
services.nginx.virtualHosts."git.rs.ht" = {
forceSSL = true;
enableACME = true;
};
security.acme = {
acceptTerms = true;
defaults.email = "rs@rs.ht";
};
system.stateVersion = "24.05";
}