Docker gitea changes

2024-11-22 08:04:20 +01:00 · 2021-02-13 13:35:25 +01:00 · 2021-02-13 13:35:25 +01:00 · 0d81433c2d
parent 17bc131266
commit 0d81433c2d
4 changed files with 361 additions and 0 deletions
--- a/docker/gitea/config.nix
+++ b/docker/gitea/config.nix
@ -0,0 +1,7 @@
+{ pkgs, lib, config, ... }:
+{
+  security.oauth2JwtSecret = "STUFF";
+  security.internalToken = "STUFF";
+  security.secretKey = "STUFF";
+  lfs.lfsJwtSecret = "STUFF";
+}
--- a/docker/gitea/module.nix
+++ b/docker/gitea/module.nix
@ -0,0 +1,337 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config;
+
+  useMysql = cfg.database.type == "mysql";
+  usePostgresql = cfg.database.type == "postgres";
+  useSqlite = cfg.database.type == "sqlite3";
+
+  format = pkgs.formats.ini { mkKeyValue = generators.mkKeyValueDefault {} "="; };
+in
+
+
+{
+  options = {
+    run = mkOption {
+      type = types.package;
+      description = "Run gitea derivation.";
+    };
+
+    stateDir = mkOption {
+      default = "/gitea";
+      type = types.str;
+      description = "gitea data directory.";
+    };
+
+    uid = mkOption {
+      default = 5000;
+      type = types.int;
+      description = "gitea user id.";
+    };
+
+    gid = mkOption {
+      default = 5000;
+      type = types.int;
+      description = "gitea group id.";
+    };
+
+    logLevel = mkOption {
+      default = "Info";
+      type = types.enum [ "Info" "Debug" "Error" ];
+      description = "Log level for gitea logging.";
+    };
+
+    security = {
+      secretKey = mkOption {
+        type = types.str;
+        description = "gitea secret key.";
+      };
+
+      internalToken = mkOption {
+        type = types.str;
+        description = "gitea internal token.";
+      };
+
+      installLock = mkOption {
+        type = types.bool;
+        description = "gitea install lock.";
+        default = false; # TODO figure out what this actually does
+      };
+
+      oauth2JwtSecret = mkOption {
+        type = types.str;
+        description = "OAuth2 JWT secret.";
+      };
+    };
+
+    database = {
+      type = mkOption {
+        type = types.enum [ "sqlite3" "mysql" "postgres" ];
+        example = "mysql";
+        default = "sqlite3";
+        description = "Database engine to use.";
+      };
+
+      path = mkOption {
+        type = types.str;
+        default = "/data/gitea/gitea.db";
+        description = "Database file path, if sqlite3 is in use";
+      };
+
+      host = mkOption {
+        type = types.str;
+        default = "127.0.0.1";
+        description = "Database host address";
+      };
+
+      port = mkOption {
+        type = types.int;
+        default = (if !usePostgresql then 3306 else pg.port);
+        description = "Databa se host port.";
+      };
+
+      name = mkOption {
+        type = types.str;
+        default = "gitea";
+        description = "Database user.";
+      };
+
+      password = mkOption {
+        type = types.str;
+        default = "";
+        description = "Database password.";
+      };
+
+      createDatabase = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Whether to create a database automatically.";
+      };
+    };
+
+    ssh = {
+      enable = mkOption {
+        type = types.bool;
+        default = true;
+        description = "Enable external SSH feature.";
+      };
+
+      clonePort = mkOption {
+        type = types.int;
+        default = 22;
+        example = 2222;
+        description = ''
+          SSH port displayed in clone URL.
+          The option is required to configure a service when the external visible port
+          differs from the local listening port i.e. if port forwarding is used.
+        '';
+      };
+    };
+
+    lfs = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Enable git-lfs support.";
+      };
+
+      contentDir = mkOption {
+        type = types.str;
+        default = "${cfg.stateDir}/lfs";
+        description = "Where to store LFS files.";
+      };
+
+      lfsJwtSecret = mkOption {
+        type = types.str;
+        description = "LFS JWT Secret";
+      };
+    };
+
+    appName = mkOption {
+      type = types.str;
+      default = "gitea: Gitea Service";
+      description = "Application name.";
+    };
+
+    runMode = mkOption {
+      type = types.enum [ "dev" "prod" "test" ];
+      description = "run mode.";
+      default = "prod";
+    };
+
+    repositoryRoot = mkOption {
+      type = types.str;
+      default = # "${cfg.stateDir}/repositories"
+      "";
+      description = "Path to the git repositories.";
+    };
+
+    domain = mkOption {
+      type = types.str;
+      default = "localhost";
+      description = "Domain name of your server.";
+    };
+
+    rootUrl = mkOption {
+      type = types.str;
+      default = "http://localhost:3000/";
+      description = "Full public URL of gitea server.";
+    };
+
+    httpAddress = mkOption {
+      type = types.str;
+      default = "0.0.0.0";
+      description = "HTTP listen address.";
+    };
+
+    httpPort = mkOption {
+      type = types.int;
+      default = 3000;
+      description = "HTTP listen port.";
+    };
+
+    cookieSecure = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+      Marks session cookies as "secure" as a hint for browsers to only send
+      them via HTTPS. This option is recommend, if gitea is being served over HTTPS.
+    '';
+    };
+
+    staticRootPath = mkOption {
+      type = types.str;
+      default = "\${pkgs.gitea.data}";
+      example = "/var/lib/gitea/data";
+      description = "Upper level of template and static files path.";
+    };
+
+    disableRegistration = mkEnableOption "the registration lock" // {
+      description = ''
+      By default any user can create an account on this <literal>gitea</literal> instance.
+      This can be disabled by using this option.
+      <emphasis>Note:</emphasis> please keep in mind that this should be added after the initial
+      deploy unless <link linkend="opt-services.gitea.useWizard">services.gitea.useWizard</link>
+      is <literal>true</literal> as the first registered user will be the administrator if
+      no install wizard is used.
+    '';
+    };
+
+    settings = mkOption {
+      type = with types; attrsOf (attrsOf (oneOf [ bool int str ]));
+      default = {};
+      description = ''
+      Gitea configuration. Refer to <link xlink:href="https://docs.gitea.io/en-us/config-cheat-sheet/"/>
+      for details on supported values.
+    '';
+      example = literalExample ''
+      {
+        "cron.sync_external_users" = {
+          RUN_AT_START = true;
+          SCHEDULE = "@every 24h";
+          UPDATE_EXISTING = true;
+        };
+        mailer = {
+          ENABLED = true;
+          MAILER_TYPE = "sendmail";
+          FROM = "do-not-reply@example.org";
+          SENDMAIL_PATH = "''${pkgs.system-sendmail}/bin/sendmail";
+        };
+        other = {
+          SHOW_FOOTER_VERSION = false;
+        };
+      }
+    ''; 
+    };
+  };
+
+  config = {
+    settings = {
+      database = mkMerge [
+        {
+          DB_TYPE = cfg.database.type;
+        }
+        (mkIf (useMysql || usePostgresql) {
+          HOST = cfg.database.host + ":" + toString cfg.database.port;
+          NAME = cfg.database.name;
+          USER = cfg.database.user;
+          PASSWD = cfg.database.password;
+        })
+        (mkIf useSqlite {
+          PATH = cfg.database.path;
+        })
+        (mkIf usePostgresql {
+          SSL_MODE = "disable";
+        })
+      ];
+
+      repository = {
+        ROOT = cfg.repositoryRoot;
+      };
+
+      server = mkMerge [
+        {
+          DOMAIN = cfg.domain;
+          # STATIC_ROOT_PATH = cfg.staticRootPath;
+          LFS_JWT_SECRET = cfg.lfs.lfsJwtSecret;
+
+          HTTP_ADDR = cfg.httpAddress;
+          HTTP_PORT = cfg.httpPort;
+        }
+        (mkIf cfg.ssh.enable {
+          DISABLE_SSH = false;
+          SSH_PORT = cfg.ssh.clonePort;
+        })
+        (mkIf (!cfg.ssh.enable) {
+          DISABLE_SSH = true;
+        })
+        (mkIf cfg.lfs.enable {
+          LFS_START_SERVER = true;
+          LFS_CONTENT_PATH = cfg.lfs.contentDir;
+        })
+      ];
+
+      session = {
+        COOKIE_NAME = "session";
+        COOKIE_SECURE = cfg.cookieSecure;
+      };
+
+      security = with cfg.security; {
+        SECRET_KEY = secretKey;
+        INTERNAL_TOKEN = internalToken;
+        INSTALL_LOCK = installLock;
+      };
+
+      log = {
+        ROUTER = "console";
+        ROUTER_LOG_LEVEL = cfg.logLevel;
+      };
+
+      service = {
+        DISABLE_REGISTRATION = cfg.disableRegistration;
+      };
+
+      oauth2 = {
+        JWT_SECRET = cfg.security.oauth2JwtSecret;
+      };
+    };
+
+    run =
+      let
+        appIni = pkgs.writeText "app.ini" ''
+          APP_NAME=${cfg.appName}
+          RUN_USER=gitea
+          RUN_MODE=${cfg.runMode}
+
+          ${generators.toINI {} cfg.settings}
+        '';
+      in pkgs.writeShellScriptBin "run" ''
+         export GITEA_WORK_FIR=${cfg.stateDir}
+         exec /bin/gitea -c ${appIni}
+      '';
+
+  };
+}
--- a/docker/gitea/result
+++ b/docker/gitea/result
@ -0,0 +1 @@
+/nix/store/6cg3m50cm7jz6k308vab9p8pqxz27pfn-gitea.sh
--- a/docker/gitea/run.nix
+++ b/docker/gitea/run.nix
@ -0,0 +1,16 @@
+let
+  nixpkgs = import <nixpkgs> { system = "x86_64-linux"; };
+  eval = nixpkgs.lib.evalModules {
+    modules =
+      [ (import /module.nix) ] ++
+      (if (builtins.pathExists /config.nix) then [ (import /config.nix) ] else []);
+
+    args = {
+      pkgs = nixpkgs;
+      lib = nixpkgs.lib;
+    };
+  };
+in
+eval.config.run
+
+# export NIX_SSL_CERT_FILE=/etc/ssl/certs/ca-bundle.crt
				`@ -0,0 +1 @@`
				`/nix/store/6cg3m50cm7jz6k308vab9p8pqxz27pfn-gitea.sh`