flakes/modules/programs/gitea/default.nix

{config, ...}: let
  domain = "git.deku.moe";
  httpPort = 3001;
  sshPort = 22022;
in {
  age.secrets.gitea = {
    file = ../../../secrets/gitea.age;
    owner = config.services.gitea.user;
    group = config.services.gitea.user;
  };

  services.postgresql = {
    ensureDatabases = [config.services.gitea.user];
    ensureUsers = [
      {
        name = config.services.gitea.database.user;
        ensureDBOwnership = true;
      }
    ];
  };

  services.gitea = {
    enable = true;
    lfs.enable = true;
    user = "git";

    database = {
      type = "postgres";
      passwordFile = config.age.secrets.gitea.path;
    };

    settings = {
      actions = {
        ENABLED = true;
      };
      picture = {
        DISABLE_GRAVATAR = true;
      };
      server = {
        DOMAIN = domain;
        HTTP_ADDR = "127.0.0.1";
        HTTP_PORT = httpPort;
        ROOT_URL = "https://${domain}/";
        SSH_PORT = sshPort;
      };
      service = {
        DISABLE_REGISTRATION = true;
        SHOW_REGISTRATION_BUTTON = false;
      };
      session = {
        COOKIE_SECURE = true;
      };
      security = {
        LOGIN_REMEMBER_DAYS = 14;
        MIN_PASSWORD_LENGTH = 12;
        PASSWORD_COMPLEXITY = "lower,upper,digit,spec";
        PASSWORD_CHECK_PWN = true;
      };
      other = {
        SHOW_FOOTER_VERSION = false;
        SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
      };
    };
  };

  security.acme = {
    acceptTerms = true;
    email = "chinmaydpai@gmail.com";
  };
  services.nginx = {
    enable = true;
    recommendedProxySettings = true;
    recommendedOptimisation = true;
    recommendedGzipSettings = true;
    recommendedTlsSettings = true;

    virtualHosts = {
      "${domain}" = {
        serverName = "${domain}";
        enableACME = true;
        forceSSL = true;
        locations."/" = {
          proxyPass = "http://localhost:${toString httpPort}/";
        };
      };
    };
  };
}
lint: format gitea definition Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-26 22:16:36 +05:30			`{config, ...}: let`
feat: add agenix and gitea Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-26 21:15:09 +05:30			`domain = "git.deku.moe";`
			`httpPort = 3001;`
			`sshPort = 22022;`
			`in {`
			`age.secrets.gitea = {`
lint: format gitea definition Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-26 22:16:36 +05:30			`file = ../../../secrets/gitea.age;`
feat: add agenix and gitea Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-26 21:15:09 +05:30			`owner = config.services.gitea.user;`
			`group = config.services.gitea.user;`
			`};`

			`services.postgresql = {`
lint: format gitea definition Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-26 22:16:36 +05:30			`ensureDatabases = [config.services.gitea.user];`
feat: add agenix and gitea Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-26 21:15:09 +05:30			`ensureUsers = [`
			`{`
			`name = config.services.gitea.database.user;`
lint: format gitea definition Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-26 22:16:36 +05:30			`ensureDBOwnership = true;`
feat: add agenix and gitea Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-26 21:15:09 +05:30			`}`
			`];`
			`};`

			`services.gitea = {`
			`enable = true;`
			`lfs.enable = true;`
chore: change gitea user to git Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-27 01:24:06 +05:30			`user = "git";`
feat: add agenix and gitea Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-26 21:15:09 +05:30
			`database = {`
			`type = "postgres";`
			`passwordFile = config.age.secrets.gitea.path;`
			`};`

			`settings = {`
			`actions = {`
			`ENABLED = true;`
			`};`
			`picture = {`
			`DISABLE_GRAVATAR = true;`
			`};`
			`server = {`
			`DOMAIN = domain;`
			`HTTP_ADDR = "127.0.0.1";`
			`HTTP_PORT = httpPort;`
			`ROOT_URL = "https://${domain}/";`
			`SSH_PORT = sshPort;`
			`};`
			`service = {`
			`DISABLE_REGISTRATION = true;`
			`SHOW_REGISTRATION_BUTTON = false;`
			`};`
			`session = {`
			`COOKIE_SECURE = true;`
			`};`
			`security = {`
			`LOGIN_REMEMBER_DAYS = 14;`
			`MIN_PASSWORD_LENGTH = 12;`
			`PASSWORD_COMPLEXITY = "lower,upper,digit,spec";`
			`PASSWORD_CHECK_PWN = true;`
			`};`
			`other = {`
			`SHOW_FOOTER_VERSION = false;`
			`SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;`
			`};`
			`};`
			`};`

chore: add email to acme Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-26 21:35:07 +05:30			`security.acme = {`
			`acceptTerms = true;`
			`email = "chinmaydpai@gmail.com";`
			`};`
feat: add agenix and gitea Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-26 21:15:09 +05:30			`services.nginx = {`
			`enable = true;`
			`recommendedProxySettings = true;`
chore: add recommendedOptimisation to nginx Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-26 21:37:35 +05:30			`recommendedOptimisation = true;`
feat: add agenix and gitea Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-26 21:15:09 +05:30			`recommendedGzipSettings = true;`
			`recommendedTlsSettings = true;`
chore: add recommendedOptimisation to nginx Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-26 21:37:35 +05:30
feat: add agenix and gitea Signed-off-by: Chinmay D. Pai <chinmay.pai@zerodha.com> 2023-11-26 21:15:09 +05:30			`virtualHosts = {`
			`"${domain}" = {`
			`serverName = "${domain}";`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/" = {`
			`proxyPass = "http://localhost:${toString httpPort}/";`
			`};`
			`};`
			`};`
			`};`
			`}`