Update gitea service config + configure for sops.
This commit is contained in:
parent
9d78b39bd0
commit
08c9606679
2 changed files with 8 additions and 17 deletions
|
@ -10,13 +10,11 @@ mkIf (elem "gitea" config.machine.services) {
|
||||||
in {
|
in {
|
||||||
enable = true;
|
enable = true;
|
||||||
user = "git";
|
user = "git";
|
||||||
domain = domain;
|
|
||||||
rootUrl = "http://${domain}/";
|
|
||||||
database = {
|
database = {
|
||||||
type = "mysql";
|
type = "mysql";
|
||||||
user = "git";
|
user = "git";
|
||||||
name = "gitea";
|
name = "gitea";
|
||||||
passwordFile = "${cfg.secretPath}/gitea_db";
|
passwordFile = config.sops.secrets."services/gitea/dbPass".path;
|
||||||
};
|
};
|
||||||
settings = {
|
settings = {
|
||||||
repository = {
|
repository = {
|
||||||
|
@ -30,6 +28,11 @@ mkIf (elem "gitea" config.machine.services) {
|
||||||
COOKIE_REMEMBER_NAME = "gitea_userauth";
|
COOKIE_REMEMBER_NAME = "gitea_userauth";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
server = {
|
||||||
|
DOMAIN = domain;
|
||||||
|
ROOT_URL = "https://${domain}/";
|
||||||
|
};
|
||||||
|
|
||||||
service = {
|
service = {
|
||||||
DISABLE_REGISTRATION = (lib.mkForce true);
|
DISABLE_REGISTRATION = (lib.mkForce true);
|
||||||
};
|
};
|
||||||
|
@ -39,20 +42,8 @@ mkIf (elem "gitea" config.machine.services) {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# mysql = let
|
|
||||||
# cfg = config.services.gitea.database;
|
|
||||||
# in {
|
|
||||||
# ensureDatabases = [ cfg.name ];
|
|
||||||
# ensureUsers = [{
|
|
||||||
# name = cfg.user;
|
|
||||||
# ensurePermissions = {
|
|
||||||
# "${cfg.name}.*" = "ALL PRIVILEGES";
|
|
||||||
# };
|
|
||||||
# }];
|
|
||||||
# };
|
|
||||||
};
|
};
|
||||||
|
sops.secrets."services/gitea/dbPass" = {};
|
||||||
users.users.git = {
|
users.users.git = {
|
||||||
description = "Gitea Service";
|
description = "Gitea Service";
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
|
|
|
@ -12,7 +12,7 @@ with lib;
|
||||||
|
|
||||||
location @node {
|
location @node {
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
proxy_pass http://${config.services.gitea.httpAddress}:${toString config.services.gitea.httpPort};
|
proxy_pass http://${config.services.gitea.settings.server.HTTP_ADDR}:${toString config.services.gitea.settings.server.HTTP_PORT};
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header Host $host;
|
proxy_set_header Host $host;
|
||||||
|
|
Loading…
Reference in a new issue