2022-10-18 00:42:23 +03:00
|
|
|
{ config, pkgs, lib, ... }:
|
|
|
|
|
2022-10-18 00:42:23 +03:00
|
|
|
let
|
2022-10-19 10:14:22 +03:00
|
|
|
hostname = "git.pleshevski.ru";
|
2022-10-18 00:42:23 +03:00
|
|
|
|
2022-10-21 03:07:10 +03:00
|
|
|
giteaCfg = config.services.gitea;
|
|
|
|
|
|
|
|
robotsTxt = pkgs.writeText "robots.txt" ''
|
|
|
|
User-agent: *
|
2023-03-03 10:52:13 +03:00
|
|
|
Disallow: /github
|
2023-03-09 14:15:44 +03:00
|
|
|
Disallow: /external
|
2022-10-21 03:07:10 +03:00
|
|
|
'';
|
2022-10-18 00:42:23 +03:00
|
|
|
in
|
2022-10-18 00:42:23 +03:00
|
|
|
{
|
|
|
|
services.postgresql.package = pkgs.postgresql_14;
|
|
|
|
|
|
|
|
services.gitea = {
|
|
|
|
enable = true;
|
|
|
|
httpPort = 9901;
|
|
|
|
domain = hostname;
|
|
|
|
rootUrl = "https://${hostname}";
|
|
|
|
appName = "Pleshevskiy Git Repositories";
|
2023-03-03 13:58:11 +03:00
|
|
|
mailerPasswordFile = config.age.secrets.gitea-smtp-passfile.path;
|
2022-10-18 00:42:23 +03:00
|
|
|
database = {
|
|
|
|
type = "postgres";
|
|
|
|
host = "/run/postgresql";
|
|
|
|
port = config.services.postgresql.port;
|
|
|
|
};
|
|
|
|
lfs.enable = true;
|
|
|
|
settings = {
|
|
|
|
log = {
|
2022-10-20 01:28:29 +03:00
|
|
|
LEVEL = "Info";
|
2022-10-18 00:42:23 +03:00
|
|
|
ENABLE_SSH_LOG = true;
|
|
|
|
};
|
|
|
|
database = {
|
|
|
|
CHARSET = "utf8";
|
|
|
|
LOG_SQL = false;
|
|
|
|
};
|
2022-10-19 13:46:00 +03:00
|
|
|
server = {
|
|
|
|
LANDING_PAGE = "explore";
|
|
|
|
};
|
2022-10-18 00:42:23 +03:00
|
|
|
service = {
|
|
|
|
ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
|
|
|
|
DEFAULT_KEEP_EMAIL_PRIVATE = false;
|
|
|
|
DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
|
|
|
|
DEFAULT_ENABLE_TIMETRACKING = true;
|
|
|
|
DEFAULT_ENABLE_DEPENDENCIES = false;
|
|
|
|
DISABLE_REGISTRATION = true;
|
|
|
|
ENABLE_NOTIFY_MAIL = false;
|
|
|
|
ENABLE_CAPTCHA = false;
|
|
|
|
ENABLE_TIMETRACKING = false;
|
|
|
|
REQUIRE_SIGNIN_VIEW = false;
|
|
|
|
REGISTER_EMAIL_CONFIRM = false;
|
|
|
|
NO_REPLY_ADDRESS = "noreply.pleshevski.ru";
|
|
|
|
};
|
|
|
|
repository = {
|
|
|
|
DISABLE_MIGRATIONS = false;
|
|
|
|
DISABLE_HTTP_GIT = false;
|
2023-03-03 13:58:29 +03:00
|
|
|
DISABLE_STARS = false;
|
2022-10-18 00:42:23 +03:00
|
|
|
DEFAULT_BRANCH = "main";
|
|
|
|
DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = true;
|
|
|
|
};
|
|
|
|
"repository.local" = {
|
2022-10-21 03:07:10 +03:00
|
|
|
LOCAL_COPY_PATH = "${giteaCfg.stateDir}/tmp/local-repo";
|
2022-10-18 00:42:23 +03:00
|
|
|
};
|
|
|
|
"repository.upload" = {
|
2022-10-21 03:07:10 +03:00
|
|
|
TEMP_PATH = "${giteaCfg.stateDir}/uploads";
|
2022-10-18 00:42:23 +03:00
|
|
|
ALLOWED_TYPES = "image/*";
|
|
|
|
};
|
|
|
|
"repository.pull-request" = {
|
|
|
|
WORK_IN_PROGRESS_PREFIXES = "Draft:,[Draft]:,WIP:,[WIP]:";
|
|
|
|
};
|
|
|
|
indexer = {
|
2022-10-21 03:07:10 +03:00
|
|
|
ISSUE_INDEXER_PATH = "${giteaCfg.stateDir}/indexers/issues.bleve";
|
2022-10-18 00:42:23 +03:00
|
|
|
};
|
|
|
|
sessions = {
|
|
|
|
PROVIDER = "file";
|
2022-10-21 03:07:10 +03:00
|
|
|
PROVIDER_CONFIG = "${giteaCfg.stateDir}/sessions";
|
2022-10-18 00:42:23 +03:00
|
|
|
};
|
|
|
|
picture = {
|
2022-10-21 03:07:10 +03:00
|
|
|
AVATAR_UPLOAD_PATH = "${giteaCfg.stateDir}/avatars";
|
|
|
|
REPOSITORY_AVATAR_UPLOAD_PATH = "${giteaCfg.stateDir}/repo-avatars";
|
2022-10-18 00:42:23 +03:00
|
|
|
DISABLE_GRAVATAR = false;
|
|
|
|
ENABLE_FEDERATED_AVATAR = true;
|
|
|
|
};
|
|
|
|
attachment = {
|
2022-10-21 03:07:10 +03:00
|
|
|
PATH = "${giteaCfg.stateDir}/attachments";
|
2022-10-18 00:42:23 +03:00
|
|
|
};
|
|
|
|
mailer = {
|
|
|
|
ENABLED = true;
|
|
|
|
MAILER_TYPE = "smtp";
|
2023-03-03 13:58:11 +03:00
|
|
|
SMTP_ADDR = "mail.pleshevski.ru";
|
|
|
|
SMTP_PORT = 465;
|
|
|
|
USER = "gitea@pleshevski.ru";
|
|
|
|
FROM = "\"${giteaCfg.appName}\" <gitea@pleshevski.ru>";
|
2022-10-18 00:42:23 +03:00
|
|
|
};
|
|
|
|
openid = {
|
|
|
|
ENABLE_OPENID_SIGNIN = true;
|
|
|
|
ENABLE_OPENID_SIGNUP = false;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2022-10-21 03:07:10 +03:00
|
|
|
systemd.services.gitea.preStart = lib.mkAfter ''
|
|
|
|
cp -f ${robotsTxt} ${giteaCfg.stateDir}/custom/robots.txt
|
|
|
|
'';
|
|
|
|
|
2023-03-04 23:22:03 +03:00
|
|
|
services.traefik.dynamicConfigOptions.http = {
|
2023-03-09 14:15:44 +03:00
|
|
|
routers.to_gitea = {
|
|
|
|
rule = "Host(`${hostname}`)";
|
|
|
|
entryPoints = [ "https" ];
|
|
|
|
tls.certResolver = "le";
|
|
|
|
service = "gitea";
|
2023-03-04 23:22:03 +03:00
|
|
|
};
|
|
|
|
services.gitea = {
|
|
|
|
loadBalancer.servers = [
|
|
|
|
{ url = "http://localhost:${toString giteaCfg.httpPort}"; }
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2023-03-03 13:58:11 +03:00
|
|
|
age.secrets.gitea-smtp-passfile = {
|
|
|
|
file = ../../../secrets/gitea-smtp-passfile.age;
|
2022-10-21 03:07:10 +03:00
|
|
|
owner = giteaCfg.user;
|
2022-10-18 00:42:23 +03:00
|
|
|
group = "gitea";
|
|
|
|
};
|
2022-10-20 01:28:29 +03:00
|
|
|
|
|
|
|
services.fail2ban.jails.gitea = ''
|
|
|
|
enabled = true
|
|
|
|
filter = gitea
|
|
|
|
findtime = 3600
|
|
|
|
bantime = 900
|
|
|
|
action = iptables-allports
|
|
|
|
'';
|
|
|
|
|
2022-10-21 03:07:10 +03:00
|
|
|
environment.etc."fail2ban/filter.d/gitea.conf".text = ''
|
2022-10-20 01:28:29 +03:00
|
|
|
[Definition]
|
|
|
|
failregex = .*Failed authentication attempt for .* from <HOST>
|
|
|
|
ignoreregex =
|
|
|
|
journalmatch = _SYSTEMD_UNIT=gitea.service
|
|
|
|
'';
|
2022-10-18 00:42:23 +03:00
|
|
|
}
|