gitea: Use a hardened systemd unit instead of a container
This commit is contained in:
parent
d6bb65f739
commit
99ca90be92
GPG key ID:
49670FD774E43268
2 changed files with 27 additions and 45 deletions
|
|
@ -38,7 +38,7 @@
|
||||||
useDHCP = false;
|
useDHCP = false;
|
||||||
interfaces.eth0.useDHCP = true;
|
interfaces.eth0.useDHCP = true;
|
||||||
|
|
||||||
firewall.allowedTCPPorts = [80 443 2222 2221 21025];
|
firewall.allowedTCPPorts = [80 443 2222 21025];
|
||||||
};
|
};
|
||||||
|
|
||||||
time.timeZone = "Europe/London";
|
time.timeZone = "Europe/London";
|
||||||
|
|
@ -82,7 +82,6 @@
|
||||||
domain = config.services.nginx.domain;
|
domain = config.services.nginx.domain;
|
||||||
in {
|
in {
|
||||||
"${domain}" = proxyPassToPort 3002 {serverAliases = ["www.${domain}"];};
|
"${domain}" = proxyPassToPort 3002 {serverAliases = ["www.${domain}"];};
|
||||||
"gitea.${domain}" = proxyPassToPort 3000 {};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,48 +1,31 @@
|
||||||
{config, ...}: {
|
{config, ...}: let
|
||||||
users = {
|
domain = "gitea.${config.services.nginx.domain}";
|
||||||
extraUsers.gitea = {
|
in {
|
||||||
uid = config.ids.uids.git;
|
services.gitea = {
|
||||||
isSystemUser = true;
|
inherit domain;
|
||||||
description = "Gitea Service";
|
enable = true;
|
||||||
group = config.users.extraGroups.gitea.name;
|
|
||||||
};
|
httpAddress = "127.0.0.1";
|
||||||
extraGroups.gitea = {gid = config.ids.gids.git;};
|
database.type = "postgres";
|
||||||
|
|
||||||
|
ssh.clonePort = 2222;
|
||||||
|
rootUrl = "https://${domain}/";
|
||||||
|
cookieSecure = true;
|
||||||
|
|
||||||
|
appName = "Gitea: Git with a cup of tea";
|
||||||
|
disableRegistration = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualisation.pods.gitea = {
|
# Set up SSL
|
||||||
hostname = "gitea.tlater.net";
|
services.nginx.virtualHosts."${domain}" = let
|
||||||
publish = ["3000:3000" "2221:2221"];
|
inherit (config.services.gitea) httpAddress httpPort;
|
||||||
network = "slirp4netns";
|
in {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
extraConfig = ''
|
||||||
|
add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always;
|
||||||
|
'';
|
||||||
|
|
||||||
containers = {
|
locations."/".proxyPass = "http://${httpAddress}:${toString httpPort}";
|
||||||
gitea = {
|
|
||||||
image = "gitea/gitea:latest";
|
|
||||||
volumes = ["gitea:/data:Z" "/etc/localtime:/etc/localtime:ro"];
|
|
||||||
dependsOn = ["postgres"];
|
|
||||||
|
|
||||||
environment = {
|
|
||||||
DB_TYPE = "postgres";
|
|
||||||
DB_HOST = "localhost:5432";
|
|
||||||
DB_NAME = "gitea";
|
|
||||||
DB_USER = "gitea";
|
|
||||||
|
|
||||||
USER_UID = toString config.users.extraUsers.gitea.uid;
|
|
||||||
USER_GID = toString config.users.extraGroups.gitea.gid;
|
|
||||||
|
|
||||||
RUN_MODE = "prod";
|
|
||||||
DOMAIN = "gitea.tlater.net";
|
|
||||||
SSH_PORT = "2221";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
postgres = {
|
|
||||||
image = "postgres:alpine";
|
|
||||||
environment = {
|
|
||||||
POSTGRES_DB = "gitea";
|
|
||||||
POSTGRES_USER = "gitea";
|
|
||||||
};
|
|
||||||
volumes = ["gitea-postgres-14:/var/lib/postgresql/data"];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue