2023-08-24 23:34:48 +03:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
2024-01-17 10:11:13 +02:00
|
|
|
pkgs,
|
2023-08-24 23:34:48 +03:00
|
|
|
myData,
|
|
|
|
...
|
2024-07-29 15:39:54 +03:00
|
|
|
}:
|
|
|
|
{
|
2023-08-24 23:34:48 +03:00
|
|
|
options.mj.services.gitea = with lib.types; {
|
|
|
|
enable = lib.mkEnableOption "Enable gitea";
|
|
|
|
};
|
|
|
|
|
|
|
|
config = lib.mkIf config.mj.services.gitea.enable {
|
|
|
|
users = {
|
|
|
|
users.git = {
|
|
|
|
description = "Gitea Service";
|
|
|
|
home = "/var/lib/gitea";
|
2023-09-23 22:46:14 +03:00
|
|
|
shell = "/bin/sh";
|
2023-08-24 23:34:48 +03:00
|
|
|
group = "gitea";
|
|
|
|
isSystemUser = true;
|
|
|
|
uid = myData.uidgid.gitea;
|
|
|
|
};
|
|
|
|
|
|
|
|
groups.gitea.gid = myData.uidgid.gitea;
|
|
|
|
};
|
|
|
|
|
|
|
|
services = {
|
|
|
|
gitea = {
|
|
|
|
enable = true;
|
|
|
|
user = "git";
|
|
|
|
database.user = "git";
|
|
|
|
settings = {
|
|
|
|
admin.DISABLE_REGULAR_ORG_CREATION = true;
|
|
|
|
api.ENABLE_SWAGGER = false;
|
|
|
|
mirror.ENABLED = false;
|
|
|
|
other.SHOW_FOOTER_VERSION = false;
|
2024-05-10 15:24:59 +03:00
|
|
|
packages.ENABLED = true;
|
2024-05-02 17:30:09 +03:00
|
|
|
repo-archive.ENABLED = false;
|
2023-08-24 23:34:48 +03:00
|
|
|
repository = {
|
|
|
|
DEFAULT_REPO_UNITS = "repo.code,repo.releases";
|
|
|
|
DISABLE_MIGRATIONS = true;
|
|
|
|
DISABLE_STARS = true;
|
|
|
|
ENABLE_PUSH_CREATE_USER = true;
|
|
|
|
};
|
|
|
|
security.LOGIN_REMEMBER_DAYS = 30;
|
|
|
|
server = {
|
2024-01-17 10:11:13 +02:00
|
|
|
STATIC_URL_PREFIX = "/static";
|
2023-08-24 23:34:48 +03:00
|
|
|
ENABLE_GZIP = true;
|
|
|
|
LANDING_PAGE = "/motiejus";
|
|
|
|
ROOT_URL = "https://git.jakstys.lt";
|
|
|
|
HTTP_ADDR = "127.0.0.1";
|
2023-08-25 09:41:42 +03:00
|
|
|
HTTP_PORT = myData.ports.gitea;
|
2023-08-24 23:34:48 +03:00
|
|
|
DOMAIN = "git.jakstys.lt";
|
|
|
|
};
|
|
|
|
service = {
|
|
|
|
DISABLE_REGISTRATION = true;
|
|
|
|
ENABLE_TIMETRACKING = false;
|
|
|
|
ENABLE_USER_HEATMAP = false;
|
|
|
|
SHOW_MILESTONES_DASHBOARD_PAGE = false;
|
|
|
|
COOKIE_SECURE = true;
|
|
|
|
};
|
2024-08-24 17:14:21 +03:00
|
|
|
session.COOKIE_SECURE = true;
|
2023-08-24 23:34:48 +03:00
|
|
|
log.LEVEL = "Error";
|
2023-09-07 19:46:47 +03:00
|
|
|
mailer = {
|
|
|
|
ENABLED = true;
|
|
|
|
FROM = "<noreply@jakstys.lt>";
|
|
|
|
PROTOCOL = "smtp";
|
|
|
|
SMTP_ADDR = "localhost";
|
|
|
|
SMTP_PORT = 25;
|
|
|
|
};
|
2023-08-24 23:34:48 +03:00
|
|
|
"service.explore".DISABLE_USERS_PAGE = true;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
openssh.extraConfig = ''
|
|
|
|
AcceptEnv GIT_PROTOCOL
|
|
|
|
'';
|
|
|
|
|
|
|
|
caddy = {
|
2024-08-03 13:30:10 +03:00
|
|
|
virtualHosts."git.jakstys.lt".extraConfig = ''
|
2024-01-17 10:11:13 +02:00
|
|
|
route /static/assets/* {
|
2024-06-16 23:09:41 +03:00
|
|
|
uri strip_prefix /static
|
2024-01-17 10:11:13 +02:00
|
|
|
file_server * {
|
2024-11-16 01:51:50 +02:00
|
|
|
root ${pkgs.compressDrvWeb pkgs.gitea.data { }}/public
|
2024-08-24 18:45:51 +03:00
|
|
|
precompressed zstd br gzip
|
2024-01-17 10:11:13 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-08-24 16:27:29 +03:00
|
|
|
header {
|
2024-08-24 17:10:23 +03:00
|
|
|
Strict-Transport-Security "max-age=15768000"
|
|
|
|
|
|
|
|
# https://github.com/go-gitea/gitea/issues/305#issuecomment-1049290764
|
2024-08-24 17:14:21 +03:00
|
|
|
Content-Security-Policy "frame-ancestors 'none'; default-src 'none'; connect-src 'self'; font-src 'self' data:; form-action 'self'; img-src 'self' https://ga-beacon.appspot.com https://raw.githubusercontent.com https://secure.gravatar.com https://sourcethemes.com; script-src 'self' 'unsafe-eval' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; worker-src 'self';"
|
2024-08-24 16:27:29 +03:00
|
|
|
X-Content-Type-Options "nosniff"
|
|
|
|
X-Frame-Options "DENY"
|
2024-10-10 05:52:35 +03:00
|
|
|
Alt-Svc "h3=\":443\"; ma=86400"
|
2024-08-24 16:27:29 +03:00
|
|
|
}
|
|
|
|
|
2023-08-25 09:41:42 +03:00
|
|
|
reverse_proxy 127.0.0.1:${toString myData.ports.gitea}
|
2023-08-24 23:34:48 +03:00
|
|
|
'';
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|