#
# System notifications
#
{ config, lib, pkgs, ... }:
{
services.gitea = {
enable = true;
dump.enable = false;
lfs.enable = true;
dump.type = "tar.xz";
database.type = "postgres";
database.user = "gitea";
database.name = "giteadb";
database.host = "127.0.0.1";
database.passwordFile = config.age.secrets."services/gitea/databasePassword".path;
database.createDatabase = false;
appName = "Kabtop Git";
mailerPasswordFile = config.age.secrets."services/gitea/mailerPassword".path;
settings = {
server = {
ROOT_URL = "https://git.kabtop.de";
HTTP_ADDR = "localhost";
DOMAIN = "git.kabtop.de";
SSH_PORT = 2220;
ENABLE_GZIP = true;
LFS_START_SERVER = true;
LFS_ALLOW_PURE_SSH = true;
};
security = {
MIN_PASSWORD_LENGTH = 8;
PASSWORD_CHECK_PWN = true;
PASSWORD_HASH_ALGO = "argon2";
};
# oauth2 = {
# ENABLE = true;
# #JWT_SECRET = "secret123";
# };
repository = {
MAX_CREATION_LIMIT = 100;
};
ui = {
SHOW_USER_EMAIL = false;
DEFAULT_THEME = "gitea-dark";
};
# openid = {
# ENABLE_OPENID_SIGNIN = true;
# WHITELISTED_URIS = "https://auth.kabtop.de";
# };
# oauth2_client = {
# ENABLE_AUTO_REGISTRATION = true;
# };
time = {
DEFAULT_UI_LOCATION = "Europe/Berlin";
};
other = {
SHOW_FOOTER_VERSION = false;
};
session.COOKIE_SECURE = true;
service = {
REGISTER_EMAIL_CONFIRM = true;
DISABLE_REGISTRATION = true;
};
actions = {
ENABLED = true;
};
indexer = {
REPO_INDEXER_ENABLED = false;
};
};
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"${config.services.gitea.settings.server.DOMAIN}" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:3000";
};
};
};
age.secrets."services/gitea/mailerPassword" = {
file = ../../../secrets/services/gitea/mailerPassword.age;
owner = "gitea";
};
age.secrets."services/gitea/databasePassword" = {
file = ../../../secrets/services/gitea/databasePassword.age;
owner = "gitea";
};
}