diff --git a/modules/services/server/default.nix b/modules/services/server/default.nix index 770eee2..c593745 100644 --- a/modules/services/server/default.nix +++ b/modules/services/server/default.nix @@ -12,7 +12,7 @@ [ ./postgresql.nix - #./gitea.nix + ./gitea.nix ./nextcloud.nix ./matrix.nix ./coturn.nix diff --git a/modules/services/server/gitea.nix b/modules/services/server/gitea.nix index 198fcf5..22b82cc 100644 --- a/modules/services/server/gitea.nix +++ b/modules/services/server/gitea.nix @@ -8,27 +8,25 @@ services.gitea = { enable = true; dump.enable = true; - rootUrl = "https://git2.kabtop.de" + rootUrl = "https://git2.kabtop.de"; lfs.enable = true; - httpAdress = "localhost"; + httpAddress = "localhost"; dump.type = "tar.xz"; domain = "git2.kabtop.de"; -# database.type = "postgres"; -# database.user = "gitea"; -# database.name = "giteadb" -# database.passwordFile = config.age.secrets."services/gitea/databasePassword".path; + database.type = "postgres"; + database.user = "gitea"; + database.name = "giteadb" + database.passwordFile = config.age.secrets."services/gitea/databasePassword".path; appName = "Kabtop Git"; -# mailerPasswordFile = config.age.secrets."services/gitea/mailerPassword".path; + mailerPasswordFile = config.age.secrets."services/gitea/mailerPassword".path; settings = { - RUN_MODE = "prod"; server = { START_SSH_SERVER = true; SSH_PORT = 2222; - SSH_SERVER_CIPHERS = ""; - SSH_SERVER_KEY_EXCHANGES = ""; - SSH_SERVER_MACS = ""; +# SSH_SERVER_CIPHERS = ""; +# SSH_SERVER_KEY_EXCHANGES = ""; +# SSH_SERVER_MACS = ""; ENABLE_GZIP = true; - #LFS_JWT_SECRET = "secret123"; }; security = { MIN_PASSWORD_LENGTH = 8; @@ -54,36 +52,41 @@ # ENABLE_AUTO_REGISTRATION = true; # }; time = { - DEFAULT_UI_LOCATION = "Europe/Berlin" + DEFAULT_UI_LOCATION = "Europe/Berlin"; }; other = { SHOW_FOOTER_VERSION = false; - } + }; session.COOKIE_SECURE = true; service.DISABLE_REGISTRATION = true; }; + extraConfig = '' + [database] + HOST = 127.0.0.1:5432 + ''; + }; - services.nginx = { - enable = true; - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - recommendedProxySettings = true; - virtualHosts = { - "${config.services.gitea.domain}" = { - enableACME = true; - forceSSL = true; - locations."/".proxyPass = "http://localhost:3000"; - }; - }; + services.nginx = { + enable = true; + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + recommendedProxySettings = true; + virtualHosts = { + "${config.services.gitea.domain}" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://localhost:3000"; + }; + }; -# age.secrets."services/gitea/mailerPassword" = { -# file = ../../../secrets/services/gitea/mailerPassword.age; -# owner = "gitea"; -# }; - age.secrets."services/gitea/databasePassword" = { - file = ../../../secrets/services/gitea/databasePassword.age; - owner = "gitea"; - }; + age.secrets."services/gitea/mailerPassword" = { + file = ../../../secrets/services/gitea/mailerPassword.age; + owner = "gitea"; + }; + age.secrets."services/gitea/databasePassword" = { + file = ../../../secrets/services/gitea/databasePassword.age; + owner = "gitea"; + }; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 477a136..cebc20d 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -44,5 +44,4 @@ in "services/nextcloud/dbpassFile.age".publicKeys = servers ++ users; "services/gitea/databasePassword.age".publicKeys = servers ++ users; "services/gitea/mailerPassword.age".publicKeys = servers ++ users; - "services/gitea/extraConfig.age".publicKeys = servers ++ users; } diff --git a/secrets/services/gitea/extraConfig.age b/secrets/services/gitea/extraConfig.age deleted file mode 100644 index 60dccf9..0000000 Binary files a/secrets/services/gitea/extraConfig.age and /dev/null differ