From 08c96066791a31a4849b73a33640d74df5063e13 Mon Sep 17 00:00:00 2001 From: derped Date: Sun, 10 Sep 2023 15:28:26 +0200 Subject: [PATCH] Update gitea service config + configure for sops. --- services/gitea.nix | 23 +++++++---------------- services/nginx_vHosts/gitea.nix | 2 +- 2 files changed, 8 insertions(+), 17 deletions(-) diff --git a/services/gitea.nix b/services/gitea.nix index 5991117..d19e041 100644 --- a/services/gitea.nix +++ b/services/gitea.nix @@ -10,13 +10,11 @@ mkIf (elem "gitea" config.machine.services) { in { enable = true; user = "git"; - domain = domain; - rootUrl = "http://${domain}/"; database = { type = "mysql"; user = "git"; name = "gitea"; - passwordFile = "${cfg.secretPath}/gitea_db"; + passwordFile = config.sops.secrets."services/gitea/dbPass".path; }; settings = { repository = { @@ -30,6 +28,11 @@ mkIf (elem "gitea" config.machine.services) { COOKIE_REMEMBER_NAME = "gitea_userauth"; }; + server = { + DOMAIN = domain; + ROOT_URL = "https://${domain}/"; + }; + service = { DISABLE_REGISTRATION = (lib.mkForce true); }; @@ -39,20 +42,8 @@ mkIf (elem "gitea" config.machine.services) { }; }; }; - -# mysql = let -# cfg = config.services.gitea.database; -# in { -# ensureDatabases = [ cfg.name ]; -# ensureUsers = [{ -# name = cfg.user; -# ensurePermissions = { -# "${cfg.name}.*" = "ALL PRIVILEGES"; -# }; -# }]; -# }; }; - + sops.secrets."services/gitea/dbPass" = {}; users.users.git = { description = "Gitea Service"; isNormalUser = true; diff --git a/services/nginx_vHosts/gitea.nix b/services/nginx_vHosts/gitea.nix index 84de3e7..78961da 100644 --- a/services/nginx_vHosts/gitea.nix +++ b/services/nginx_vHosts/gitea.nix @@ -12,7 +12,7 @@ with lib; location @node { client_max_body_size 0; - proxy_pass http://${config.services.gitea.httpAddress}:${toString config.services.gitea.httpPort}; + proxy_pass http://${config.services.gitea.settings.server.HTTP_ADDR}:${toString config.services.gitea.settings.server.HTTP_PORT}; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host;