84 lines
1.8 KiB
Nix
84 lines
1.8 KiB
Nix
{pkgs, ...}: {
|
|
networking.firewall.allowedTCPPorts = [80 443];
|
|
|
|
services.gitea = {
|
|
enable = true;
|
|
database = {
|
|
type = "sqlite3";
|
|
path = "/var/lib/gitea/data/gitea.db";
|
|
};
|
|
settings = {
|
|
server = {
|
|
ROOT_URL = "https://git.schmatzler.com/";
|
|
DOMAIN = "git.schmatzler.com";
|
|
HTTP_ADDR = "127.0.0.1";
|
|
HTTP_PORT = 3000;
|
|
};
|
|
service.DISABLE_REGISTRATION = true;
|
|
security.INSTALL_LOCK = true;
|
|
session = {
|
|
COOKIE_SECURE = true;
|
|
SAME_SITE = "strict";
|
|
};
|
|
api.ENABLE_SWAGGER = false;
|
|
server.LANDING_PAGE = "explore";
|
|
};
|
|
};
|
|
|
|
users.users.litestream.extraGroups = ["gitea"];
|
|
|
|
systemd.services.gitea.serviceConfig.ExecStartPost =
|
|
"+"
|
|
+ pkgs.writeShellScript "grant-gitea-permissions" ''
|
|
timeout=10
|
|
|
|
while [ ! -f /var/lib/gitea/data/gitea.db ];
|
|
do
|
|
if [ "$timeout" == 0 ]; then
|
|
echo "ERROR: Timeout while waiting for /var/lib/gitea/data/gitea.db."
|
|
exit 1
|
|
fi
|
|
|
|
sleep 1
|
|
|
|
((timeout--))
|
|
done
|
|
|
|
find /var/lib/gitea -type d -exec chmod -v 775 {} \;
|
|
find /var/lib/gitea -type f -exec chmod -v 660 {} \;
|
|
'';
|
|
|
|
services.litestream = {
|
|
enable = true;
|
|
environmentFile = "/run/secrets/litestream";
|
|
settings = {
|
|
dbs = [
|
|
{
|
|
path = "/var/lib/gitea/data/gitea.db";
|
|
replicas = [
|
|
{
|
|
type = "s3";
|
|
bucket = "gitea-litestream";
|
|
path = "gitea";
|
|
endpoint = "s3.eu-central-003.backblazeb2.com";
|
|
}
|
|
];
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
services.caddy = {
|
|
enable = true;
|
|
virtualHosts."git.schmatzler.com".extraConfig = ''
|
|
header {
|
|
Strict-Transport-Security "max-age=31536000; includeSubDomains"
|
|
X-Content-Type-Options "nosniff"
|
|
X-Frame-Options "DENY"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
}
|
|
reverse_proxy localhost:3000
|
|
'';
|
|
};
|
|
}
|