# # System notifications # { config, lib, pkgs, ... }: { services.gitea = { enable = true; dump.enable = false; lfs.enable = true; dump.type = "tar.xz"; database.type = "postgres"; database.user = "gitea"; database.name = "giteadb"; database.host = "127.0.0.1"; database.passwordFile = config.age.secrets."services/gitea/databasePassword".path; database.createDatabase = false; appName = "Kabtop Git"; mailerPasswordFile = config.age.secrets."services/gitea/mailerPassword".path; settings = { server = { ROOT_URL = "https://git.kabtop.de"; HTTP_ADDR = "localhost"; DOMAIN = "git.kabtop.de"; SSH_PORT = 2220; ENABLE_GZIP = true; }; security = { MIN_PASSWORD_LENGTH = 8; PASSWORD_CHECK_PWN = true; PASSWORD_HASH_ALGO = "argon2"; }; # oauth2 = { # ENABLE = true; # #JWT_SECRET = "secret123"; # }; repository = { MAX_CREATION_LIMIT = 100; }; ui = { SHOW_USER_EMAIL = false; DEFAULT_THEME = "arc-green"; }; # openid = { # ENABLE_OPENID_SIGNIN = true; # WHITELISTED_URIS = "https://auth.kabtop.de"; # }; # oauth2_client = { # ENABLE_AUTO_REGISTRATION = true; # }; time = { DEFAULT_UI_LOCATION = "Europe/Berlin"; }; other = { SHOW_FOOTER_VERSION = false; }; session.COOKIE_SECURE = true; service = { REGISTER_EMAIL_CONFIRM = true; DISABLE_REGISTRATION = true; }; actions = { ENABLED = true; }; }; }; services.nginx = { enable = true; recommendedTlsSettings = true; recommendedOptimisation = true; recommendedGzipSettings = true; recommendedProxySettings = true; virtualHosts = { "${config.services.gitea.settings.server.DOMAIN}" = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://localhost:3000"; }; }; }; age.secrets."services/gitea/mailerPassword" = { file = ../../../secrets/services/gitea/mailerPassword.age; owner = "gitea"; }; age.secrets."services/gitea/databasePassword" = { file = ../../../secrets/services/gitea/databasePassword.age; owner = "gitea"; }; }