Update gitea service config + configure for sops.

This commit is contained in:
Kevin Baensch 2023-09-10 15:28:26 +02:00
parent 9d78b39bd0
commit 08c9606679
Signed by: derped
GPG key ID: C0F1D326C7626543
2 changed files with 8 additions and 17 deletions

View file

@ -10,13 +10,11 @@ mkIf (elem "gitea" config.machine.services) {
in { in {
enable = true; enable = true;
user = "git"; user = "git";
domain = domain;
rootUrl = "http://${domain}/";
database = { database = {
type = "mysql"; type = "mysql";
user = "git"; user = "git";
name = "gitea"; name = "gitea";
passwordFile = "${cfg.secretPath}/gitea_db"; passwordFile = config.sops.secrets."services/gitea/dbPass".path;
}; };
settings = { settings = {
repository = { repository = {
@ -30,6 +28,11 @@ mkIf (elem "gitea" config.machine.services) {
COOKIE_REMEMBER_NAME = "gitea_userauth"; COOKIE_REMEMBER_NAME = "gitea_userauth";
}; };
server = {
DOMAIN = domain;
ROOT_URL = "https://${domain}/";
};
service = { service = {
DISABLE_REGISTRATION = (lib.mkForce true); DISABLE_REGISTRATION = (lib.mkForce true);
}; };
@ -39,20 +42,8 @@ mkIf (elem "gitea" config.machine.services) {
}; };
}; };
}; };
# mysql = let
# cfg = config.services.gitea.database;
# in {
# ensureDatabases = [ cfg.name ];
# ensureUsers = [{
# name = cfg.user;
# ensurePermissions = {
# "${cfg.name}.*" = "ALL PRIVILEGES";
# };
# }];
# };
}; };
sops.secrets."services/gitea/dbPass" = {};
users.users.git = { users.users.git = {
description = "Gitea Service"; description = "Gitea Service";
isNormalUser = true; isNormalUser = true;

View file

@ -12,7 +12,7 @@ with lib;
location @node { location @node {
client_max_body_size 0; client_max_body_size 0;
proxy_pass http://${config.services.gitea.httpAddress}:${toString config.services.gitea.httpPort}; proxy_pass http://${config.services.gitea.settings.server.HTTP_ADDR}:${toString config.services.gitea.settings.server.HTTP_PORT};
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host; proxy_set_header Host $host;