Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

services: gitea add secrets

Browse Source
This commit is contained in:
Kabbone
2023-01-03 16:52:23 +01:00
parent 4c77497369
commit 1a41b8ceb5
5 changed files with 102 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
modules/services/server/gitea.nix
View File

@@ -7,21 +7,23 @@
{
services.gitea = {
enable = true;
#dump.enable = true;
rootUrl = "https://git.kabtop.de"
dump.enable = true;
rootUrl = "https://git2.kabtop.de"
lfs.enable = true;
httpAdress = "localhost";
dump.type = "tar.xz";
domain = "git.kabtop.de";
domain = "git2.kabtop.de";
database.type = "postgres";
database.user = "gitea";
#database.password = "secret123";
database.name = "giteadb"
database.passwordFile = config.age.secrets."services/gitea/databasePassword".path;
appName = "Kabtop Git";
# mailerPasswordFile = config.age.secrets."services/gitea/mailerPassword".path;
settings = {
RUN_MODE = "prod";
server = {
START_SSH_SERVER = true;
SSH_PORT = 2222;
SSH_SERVER_CIPHERS = "";
SSH_SERVER_KEY_EXCHANGES = "";
SSH_SERVER_MACS = "";
@@ -33,10 +35,10 @@
PASSWORD_CHECK_PWN = true;
PASSWORD_HASH_ALGO = "argon2";
};
oauth2 = {
ENABLE = true;
#JWT_SECRET = "secret123";
};
# oauth2 = {
# ENABLE = true;
# #JWT_SECRET = "secret123";
# };
repository = {
MAX_CREATION_LIMIT = 100;
};
@@ -44,29 +46,30 @@
SHOW_USER_EMAIL = false;
DEFAULT_THEME = "arc-green";
};
openid = {
ENABLE_OPENID_SIGNIN = true;
WHITELISTED_URIS = "https://auth.kabtop.de";
};
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
};
mailer = {
ENABLED = true;
SUBJECT_PREFIX = "Kabtop Gitea";
HOST = "in-v3.mailjet.com:587";
PROTOCOL = "";
FROM = '"Kabtop Gitea" <postmaster@kabtop.de>';
USER = "secrest123";
PASSWD = "secret123";
MAILER_TYPE = "smtp";
};
# openid = {
# ENABLE_OPENID_SIGNIN = true;
# WHITELISTED_URIS = "https://auth.kabtop.de";
# };
# oauth2_client = {
# ENABLE_AUTO_REGISTRATION = true;
# };
time = {
DEFAULT_UI_LOCATION = "Europe/Berlin"
};
other = {
SHOW_FOOTER_VERSION = false;
}
session.COOKIE_SECURE = true;
service.DISABLE_REGISTRATION = true;
};
# age.secrets."services/gitea/mailerPassword" = {
# file = ../../../secrets/services/gitea/mailerPassword.age;
# owner = "gitea";
# };
age.secrets."services/gitea/databasePassword" = {
file = ../../../secrets/services/gitea/databasePassword.age;
owner = "gitea";
};
}