diff --git a/nixng/containers/gitea/default.nix b/nixng/containers/gitea/default.nix index 2667167..a47e1f9 100644 --- a/nixng/containers/gitea/default.nix +++ b/nixng/containers/gitea/default.nix @@ -1,141 +1,153 @@ -{ inputs, lib, ... }: -let - inherit (lib) - singleton; -in { + inputs, + lib, + ... +}: let + inherit + (lib) + singleton + ; +in { flake.nixngConfigurations.gitea = inputs.nixng.nglib.makeSystem { system = "x86_64-linux"; name = "nixng-gitea"; - inherit (inputs) - nixpkgs; - config = - { pkgs, ... }: - { - dumb-init = { - enable = true; - type.services = {}; - }; + inherit + (inputs) + nixpkgs + ; + config = {pkgs, ...}: { + dumb-init = { + enable = true; + type.services = {}; + }; - services.mysql = { - enable = true; + services.mysql = { + enable = true; - ensureDatabases = singleton "gitea"; - ensureUsers = singleton { - name = "gitea"; - ensurePermissions = { - "database.*" = "ALL PRIVILEGES"; - }; - }; - }; + package = pkgs.mariadb_105; - init.services.gitea.shutdownOnExit = true; - services.gitea = { - enable = true; - - appName = "Red Alder Gitea"; - runMode = "prod"; - user = "gitea"; - - secrets = { - secretKeyFile = "/secrets/secret_key"; - internalTokenFile = "/secrets/internal_token"; - jwtSecretFile = "/secrets/jwt_secret"; - lfsJwtSecretFile = "/secrets/lfs_jwt_secret"; - }; - - configuration = { - repository = { - ROOT = "/data/gitea/git/repositories"; - }; - - "repository.local" = { - LOCAL_COPY_PATH = "/data/gitea/tmp/local-repo"; - }; - - "repository.upload" = { - TEMP_PATH = "/data/gitea/gitea/uploads"; - }; - - server = { - APP_DATA_PATH = "/data/gitea"; - SSH_DOMAIN = "localhost"; - HTTP_PORT = 3000; - ROOT_URL = "https://gitea.redalder.org/"; - DISABLE_SSH = false; - SSH_PORT = 22; - SSH_LISTEN_PORT = 22; - LFS_START_SERVER = true; - LFS_CONTENT_PATH = "/data/gitea/git/lfs"; - DOMAIN = "localhost"; - LFS_JWT_SECRET = "#lfsJwtSecret#"; - OFFLINE_MODE = false; - }; - - database = { - DB_TYPE = "mysql"; - HOST = "/run/mysqld/mysqld.sock"; - NAME = "gitea"; - USER = "gitea"; - SCHEMA = ""; - SSL_MODE = "disable"; - CHARSET = "utf8"; - }; - - indexer = { - ISSUE_INDEXER_PATH = "/data/gitea/gitea/indexers/issues.bleve"; - REPO_INDEXER_PATH = "/data/gitea/gitea/indexers/repos.bleve"; - }; - session = { - PROVIDER_CONFIG = "/data/gitea/gitea/sessions"; - PROVIDER = "file"; - }; - - picture = { - AVATAR_UPLOAD_PATH = "/data/gitea/gitea/avatars"; - REPOSITORY_AVATAR_UPLOAD_PATH = "/data/gitea/gitea/repo-avatars"; - DISABLE_GRAVATAR = false; - ENABLE_FEDERATED_AVATAR = true; - }; - - attachment = { - PATH = "/data/gitea/gitea/attachments"; - }; - - security = { - INSTALL_LOCK = true; - SECRET_KEY = "#secretKey"; - INTERNAL_TOKEN = "#internalToken#"; - }; - - service = { - DISABLE_REGISTRATION = false; - REQUIRE_SIGNIN_VIEW = false; - REGISTER_EMAIL_CONFIRM = false; - ENABLE_NOTIFY_MAIL = false; - ALLOW_ONLY_EXTERNAL_REGISTRATION = false; - ENABLE_CAPTCHA = false; - DEFAULT_KEEP_EMAIL_PRIVATE = false; - DEFAULT_ALLOW_CREATE_ORGANIZATION = true; - DEFAULT_ENABLE_TIMETRACKING = true; - NO_REPLY_ADDRESS = "noreply.localhost"; - }; - - oauth2.JWT_SECRET = "#jwtSecret#"; - - mailer.ENABLED = false; - - openid = { - ENABLE_OPENID_SIGNIN = true; - ENABLE_OPENID_SIGNUP = true; - }; - - log = { - MODE = "console"; - LEVEL = "Debug"; - }; + ensureDatabases = singleton "gitea"; + ensureUsers = singleton { + name = "gitea"; + ensurePermissions = { + "gitea.*" = "ALL PRIVILEGES"; }; }; }; + + init.services.gitea.shutdownOnExit = false; + services.gitea = { + enable = true; + package = pkgs.gitea; + + secrets = { + secretKeyFile = "/secrets/secret_key"; + internalTokenFile = "/secrets/internal_token"; + jwtSecretFile = "/secrets/jwt_secret"; + lfsJwtSecretFile = "/secrets/lfs_jwt_secret"; + }; + + settings = { + appName = "Red Alder Gitea"; + runMode = "prod"; + runUser = "gitea"; + + DEFAULT = { + WORK_PATH = "/data/gitea"; + }; + + repository = { + ROOT = "/data/gitea/git/repositories"; + }; + + "repository.local" = { + LOCAL_COPY_PATH = "/data/gitea/tmp/local-repo"; + }; + + "repository.upload" = { + TEMP_PATH = "/data/gitea/gitea/uploads"; + }; + + server = { + APP_DATA_PATH = "/data/gitea"; + SSH_DOMAIN = "localhost"; + HTTP_PORT = 3000; + ROOT_URL = "https://gitea.redalder.org/"; + STATIC_ROOT_PATH = "${pkgs.gitea.data}"; + DISABLE_SSH = false; + SSH_PORT = 22; + SSH_LISTEN_PORT = 22; + LFS_START_SERVER = true; + LFS_CONTENT_PATH = "/data/gitea/git/lfs"; + DOMAIN = "localhost"; + LFS_JWT_SECRET = "#lfsJwtSecret#"; + OFFLINE_MODE = false; + }; + + database = { + DB_TYPE = "mysql"; + HOST = "/run/mysqld/mysqld.sock"; + NAME = "gitea"; + USER = "gitea"; + SCHEMA = ""; + SSL_MODE = "disable"; + CHARSET = "utf8"; + }; + + indexer = { + ISSUE_INDEXER_PATH = "/data/gitea/gitea/indexers/issues.bleve"; + REPO_INDEXER_PATH = "/data/gitea/gitea/indexers/repos.bleve"; + }; + session = { + PROVIDER_CONFIG = "/data/gitea/gitea/sessions"; + PROVIDER = "file"; + }; + + picture = { + AVATAR_UPLOAD_PATH = "/data/gitea/gitea/avatars"; + REPOSITORY_AVATAR_UPLOAD_PATH = "/data/gitea/gitea/repo-avatars"; + DISABLE_GRAVATAR = false; + ENABLE_FEDERATED_AVATAR = true; + }; + + attachment = { + PATH = "/data/gitea/gitea/attachments"; + }; + + security = { + INSTALL_LOCK = true; + SECRET_KEY = "#secretKey"; + INTERNAL_TOKEN = "#internalToken#"; + }; + + service = { + DISABLE_REGISTRATION = false; + REQUIRE_SIGNIN_VIEW = false; + REGISTER_EMAIL_CONFIRM = false; + ENABLE_NOTIFY_MAIL = false; + ALLOW_ONLY_EXTERNAL_REGISTRATION = false; + ENABLE_CAPTCHA = false; + DEFAULT_KEEP_EMAIL_PRIVATE = false; + DEFAULT_ALLOW_CREATE_ORGANIZATION = true; + DEFAULT_ENABLE_TIMETRACKING = true; + NO_REPLY_ADDRESS = "noreply.localhost"; + }; + + oauth2.JWT_SECRET = "#jwtSecret#"; + + mailer.ENABLED = false; + + openid = { + ENABLE_OPENID_SIGNIN = true; + ENABLE_OPENID_SIGNUP = true; + }; + + log = { + MODE = "console"; + LEVEL = "Debug"; + }; + }; + }; + }; }; }