diff --git a/flake.nix b/flake.nix index 49e46e6..811961d 100644 --- a/flake.nix +++ b/flake.nix @@ -59,6 +59,7 @@ nixng/containers/email/dovecot.nix nixng/containers/email/postfix nixng/containers/ds3os + nixng/containers/gitea nixng/containers/syncthing overlays/udp-over-tcp.nix diff --git a/nixng/containers/gitea/default.nix b/nixng/containers/gitea/default.nix new file mode 100644 index 0000000..2667167 --- /dev/null +++ b/nixng/containers/gitea/default.nix @@ -0,0 +1,141 @@ +{ inputs, lib, ... }: +let + inherit (lib) + singleton; +in +{ + flake.nixngConfigurations.gitea = inputs.nixng.nglib.makeSystem { + system = "x86_64-linux"; + name = "nixng-gitea"; + inherit (inputs) + nixpkgs; + config = + { pkgs, ... }: + { + dumb-init = { + enable = true; + type.services = {}; + }; + + services.mysql = { + enable = true; + + ensureDatabases = singleton "gitea"; + ensureUsers = singleton { + name = "gitea"; + ensurePermissions = { + "database.*" = "ALL PRIVILEGES"; + }; + }; + }; + + init.services.gitea.shutdownOnExit = true; + services.gitea = { + enable = true; + + appName = "Red Alder Gitea"; + runMode = "prod"; + user = "gitea"; + + secrets = { + secretKeyFile = "/secrets/secret_key"; + internalTokenFile = "/secrets/internal_token"; + jwtSecretFile = "/secrets/jwt_secret"; + lfsJwtSecretFile = "/secrets/lfs_jwt_secret"; + }; + + configuration = { + repository = { + ROOT = "/data/gitea/git/repositories"; + }; + + "repository.local" = { + LOCAL_COPY_PATH = "/data/gitea/tmp/local-repo"; + }; + + "repository.upload" = { + TEMP_PATH = "/data/gitea/gitea/uploads"; + }; + + server = { + APP_DATA_PATH = "/data/gitea"; + SSH_DOMAIN = "localhost"; + HTTP_PORT = 3000; + ROOT_URL = "https://gitea.redalder.org/"; + DISABLE_SSH = false; + SSH_PORT = 22; + SSH_LISTEN_PORT = 22; + LFS_START_SERVER = true; + LFS_CONTENT_PATH = "/data/gitea/git/lfs"; + DOMAIN = "localhost"; + LFS_JWT_SECRET = "#lfsJwtSecret#"; + OFFLINE_MODE = false; + }; + + database = { + DB_TYPE = "mysql"; + HOST = "/run/mysqld/mysqld.sock"; + NAME = "gitea"; + USER = "gitea"; + SCHEMA = ""; + SSL_MODE = "disable"; + CHARSET = "utf8"; + }; + + indexer = { + ISSUE_INDEXER_PATH = "/data/gitea/gitea/indexers/issues.bleve"; + REPO_INDEXER_PATH = "/data/gitea/gitea/indexers/repos.bleve"; + }; + session = { + PROVIDER_CONFIG = "/data/gitea/gitea/sessions"; + PROVIDER = "file"; + }; + + picture = { + AVATAR_UPLOAD_PATH = "/data/gitea/gitea/avatars"; + REPOSITORY_AVATAR_UPLOAD_PATH = "/data/gitea/gitea/repo-avatars"; + DISABLE_GRAVATAR = false; + ENABLE_FEDERATED_AVATAR = true; + }; + + attachment = { + PATH = "/data/gitea/gitea/attachments"; + }; + + security = { + INSTALL_LOCK = true; + SECRET_KEY = "#secretKey"; + INTERNAL_TOKEN = "#internalToken#"; + }; + + service = { + DISABLE_REGISTRATION = false; + REQUIRE_SIGNIN_VIEW = false; + REGISTER_EMAIL_CONFIRM = false; + ENABLE_NOTIFY_MAIL = false; + ALLOW_ONLY_EXTERNAL_REGISTRATION = false; + ENABLE_CAPTCHA = false; + DEFAULT_KEEP_EMAIL_PRIVATE = false; + DEFAULT_ALLOW_CREATE_ORGANIZATION = true; + DEFAULT_ENABLE_TIMETRACKING = true; + NO_REPLY_ADDRESS = "noreply.localhost"; + }; + + oauth2.JWT_SECRET = "#jwtSecret#"; + + mailer.ENABLED = false; + + openid = { + ENABLE_OPENID_SIGNIN = true; + ENABLE_OPENID_SIGNUP = true; + }; + + log = { + MODE = "console"; + LEVEL = "Debug"; + }; + }; + }; + }; + }; +}