diff --git a/configuration/default.nix b/configuration/default.nix index bbe474c..0e854c6 100644 --- a/configuration/default.nix +++ b/configuration/default.nix @@ -38,7 +38,7 @@ useDHCP = false; interfaces.eth0.useDHCP = true; - firewall.allowedTCPPorts = [80 443 2222 2221 21025]; + firewall.allowedTCPPorts = [80 443 2222 21025]; }; time.timeZone = "Europe/London"; @@ -82,7 +82,6 @@ domain = config.services.nginx.domain; in { "${domain}" = proxyPassToPort 3002 {serverAliases = ["www.${domain}"];}; - "gitea.${domain}" = proxyPassToPort 3000 {}; }; }; diff --git a/configuration/services/gitea.nix b/configuration/services/gitea.nix index 5f9ebd0..cd99951 100644 --- a/configuration/services/gitea.nix +++ b/configuration/services/gitea.nix @@ -1,48 +1,31 @@ -{config, ...}: { - users = { - extraUsers.gitea = { - uid = config.ids.uids.git; - isSystemUser = true; - description = "Gitea Service"; - group = config.users.extraGroups.gitea.name; - }; - extraGroups.gitea = {gid = config.ids.gids.git;}; +{config, ...}: let + domain = "gitea.${config.services.nginx.domain}"; +in { + services.gitea = { + inherit domain; + enable = true; + + httpAddress = "127.0.0.1"; + database.type = "postgres"; + + ssh.clonePort = 2222; + rootUrl = "https://${domain}/"; + cookieSecure = true; + + appName = "Gitea: Git with a cup of tea"; + disableRegistration = true; }; - virtualisation.pods.gitea = { - hostname = "gitea.tlater.net"; - publish = ["3000:3000" "2221:2221"]; - network = "slirp4netns"; + # Set up SSL + services.nginx.virtualHosts."${domain}" = let + inherit (config.services.gitea) httpAddress httpPort; + in { + forceSSL = true; + enableACME = true; + extraConfig = '' + add_header Strict-Transport-Security "max-age=15552000; includeSubDomains" always; + ''; - containers = { - gitea = { - image = "gitea/gitea:latest"; - volumes = ["gitea:/data:Z" "/etc/localtime:/etc/localtime:ro"]; - dependsOn = ["postgres"]; - - environment = { - DB_TYPE = "postgres"; - DB_HOST = "localhost:5432"; - DB_NAME = "gitea"; - DB_USER = "gitea"; - - USER_UID = toString config.users.extraUsers.gitea.uid; - USER_GID = toString config.users.extraGroups.gitea.gid; - - RUN_MODE = "prod"; - DOMAIN = "gitea.tlater.net"; - SSH_PORT = "2221"; - }; - }; - - postgres = { - image = "postgres:alpine"; - environment = { - POSTGRES_DB = "gitea"; - POSTGRES_USER = "gitea"; - }; - volumes = ["gitea-postgres-14:/var/lib/postgresql/data"]; - }; - }; + locations."/".proxyPass = "http://${httpAddress}:${toString httpPort}"; }; }