config/modules/services/gitea/default.nix

105 lines
3.1 KiB
Nix
Raw Normal View History

2023-08-24 23:34:48 +03:00
{
config,
lib,
2024-01-17 10:11:13 +02:00
pkgs,
2023-08-24 23:34:48 +03:00
myData,
...
2024-07-29 15:39:54 +03:00
}:
{
2023-08-24 23:34:48 +03:00
options.mj.services.gitea = with lib.types; {
enable = lib.mkEnableOption "Enable gitea";
};
config = lib.mkIf config.mj.services.gitea.enable {
users = {
users.git = {
description = "Gitea Service";
home = "/var/lib/gitea";
shell = "/bin/sh";
2023-08-24 23:34:48 +03:00
group = "gitea";
isSystemUser = true;
uid = myData.uidgid.gitea;
};
groups.gitea.gid = myData.uidgid.gitea;
};
services = {
gitea = {
enable = true;
user = "git";
database.user = "git";
settings = {
admin.DISABLE_REGULAR_ORG_CREATION = true;
api.ENABLE_SWAGGER = false;
mirror.ENABLED = false;
other.SHOW_FOOTER_VERSION = false;
2024-05-10 15:24:59 +03:00
packages.ENABLED = true;
2024-05-02 17:30:09 +03:00
repo-archive.ENABLED = false;
2023-08-24 23:34:48 +03:00
repository = {
DEFAULT_REPO_UNITS = "repo.code,repo.releases";
DISABLE_MIGRATIONS = true;
DISABLE_STARS = true;
ENABLE_PUSH_CREATE_USER = true;
};
security.LOGIN_REMEMBER_DAYS = 30;
server = {
2024-01-17 10:11:13 +02:00
STATIC_URL_PREFIX = "/static";
2023-08-24 23:34:48 +03:00
ENABLE_GZIP = true;
LANDING_PAGE = "/motiejus";
ROOT_URL = "https://git.jakstys.lt";
HTTP_ADDR = "127.0.0.1";
2023-08-25 09:41:42 +03:00
HTTP_PORT = myData.ports.gitea;
2023-08-24 23:34:48 +03:00
DOMAIN = "git.jakstys.lt";
};
service = {
DISABLE_REGISTRATION = true;
ENABLE_TIMETRACKING = false;
ENABLE_USER_HEATMAP = false;
SHOW_MILESTONES_DASHBOARD_PAGE = false;
COOKIE_SECURE = true;
};
2024-08-24 17:14:21 +03:00
session.COOKIE_SECURE = true;
2023-08-24 23:34:48 +03:00
log.LEVEL = "Error";
2023-09-07 19:46:47 +03:00
mailer = {
ENABLED = true;
FROM = "<noreply@jakstys.lt>";
PROTOCOL = "smtp";
SMTP_ADDR = "localhost";
SMTP_PORT = 25;
};
2023-08-24 23:34:48 +03:00
"service.explore".DISABLE_USERS_PAGE = true;
};
};
openssh.extraConfig = ''
AcceptEnv GIT_PROTOCOL
'';
caddy = {
2024-08-03 13:30:10 +03:00
virtualHosts."git.jakstys.lt".extraConfig = ''
2024-01-17 10:11:13 +02:00
route /static/assets/* {
2024-06-16 23:09:41 +03:00
uri strip_prefix /static
2024-01-17 10:11:13 +02:00
file_server * {
root ${pkgs.compressDrvWeb pkgs.gitea.data { }}/public
2024-08-24 18:45:51 +03:00
precompressed zstd br gzip
2024-01-17 10:11:13 +02:00
}
}
header {
2024-08-24 17:10:23 +03:00
Strict-Transport-Security "max-age=15768000"
# https://github.com/go-gitea/gitea/issues/305#issuecomment-1049290764
2024-08-24 17:14:21 +03:00
Content-Security-Policy "frame-ancestors 'none'; default-src 'none'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https://ga-beacon.appspot.com https://raw.githubusercontent.com https://secure.gravatar.com https://sourcethemes.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self';"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
2024-10-10 05:52:35 +03:00
Alt-Svc "h3=\":443\"; ma=86400"
}
2023-08-25 09:41:42 +03:00
reverse_proxy 127.0.0.1:${toString myData.ports.gitea}
2023-08-24 23:34:48 +03:00
'';
};
};
};
}