system/nixos/hosts/magenta/services/gitea.nix

148 lines
4.1 KiB
Nix
Raw Normal View History

2023-03-20 22:23:34 +03:00
{ config, pkgs, lib, inputs, ... }:
2022-10-18 00:42:23 +03:00
2022-10-18 00:42:23 +03:00
let
2022-10-19 10:14:22 +03:00
hostname = "git.pleshevski.ru";
2022-10-18 00:42:23 +03:00
2022-10-21 03:07:10 +03:00
giteaCfg = config.services.gitea;
robotsTxt = pkgs.writeText "robots.txt" ''
User-agent: *
Disallow: /github
Disallow: /external
2022-10-21 03:07:10 +03:00
'';
2022-10-18 00:42:23 +03:00
in
2022-10-18 00:42:23 +03:00
{
services.postgresql.package = pkgs.postgresql_14;
services.gitea = {
enable = true;
httpPort = 9901;
2023-03-20 22:23:34 +03:00
package = inputs.nixpkgs_unstable.legacyPackages.${pkgs.system}.gitea;
2022-10-18 00:42:23 +03:00
domain = hostname;
rootUrl = "https://${hostname}";
2023-03-20 22:23:34 +03:00
appName = "Pleshevskiy's Gitea";
2023-03-03 13:58:11 +03:00
mailerPasswordFile = config.age.secrets.gitea-smtp-passfile.path;
2022-10-18 00:42:23 +03:00
database = {
type = "postgres";
host = "/run/postgresql";
port = config.services.postgresql.port;
};
lfs.enable = true;
settings = {
log = {
LEVEL = "Info";
2022-10-18 00:42:23 +03:00
ENABLE_SSH_LOG = true;
};
database = {
CHARSET = "utf8";
LOG_SQL = false;
};
2022-10-19 13:46:00 +03:00
server = {
LANDING_PAGE = "explore";
};
2022-10-18 00:42:23 +03:00
service = {
ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
DEFAULT_KEEP_EMAIL_PRIVATE = false;
DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
DEFAULT_ENABLE_TIMETRACKING = true;
DEFAULT_ENABLE_DEPENDENCIES = false;
DISABLE_REGISTRATION = true;
ENABLE_NOTIFY_MAIL = false;
ENABLE_CAPTCHA = false;
ENABLE_TIMETRACKING = false;
REQUIRE_SIGNIN_VIEW = false;
REGISTER_EMAIL_CONFIRM = false;
NO_REPLY_ADDRESS = "noreply.pleshevski.ru";
};
repository = {
DISABLE_MIGRATIONS = false;
DISABLE_HTTP_GIT = false;
2023-03-03 13:58:29 +03:00
DISABLE_STARS = false;
2022-10-18 00:42:23 +03:00
DEFAULT_BRANCH = "main";
DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false;
2022-10-18 00:42:23 +03:00
};
"repository.local" = {
2022-10-21 03:07:10 +03:00
LOCAL_COPY_PATH = "${giteaCfg.stateDir}/tmp/local-repo";
2022-10-18 00:42:23 +03:00
};
"repository.upload" = {
2022-10-21 03:07:10 +03:00
TEMP_PATH = "${giteaCfg.stateDir}/uploads";
2022-10-18 00:42:23 +03:00
ALLOWED_TYPES = "image/*";
};
"repository.pull-request" = {
WORK_IN_PROGRESS_PREFIXES = "Draft:,[Draft]:,WIP:,[WIP]:";
DEFAULT_MERGE_STYLE = "rebase";
POPULATE_SQUASH_COMMENT_WITH_COMMIT_MESSAGES = true;
2022-10-18 00:42:23 +03:00
};
indexer = {
2022-10-21 03:07:10 +03:00
ISSUE_INDEXER_PATH = "${giteaCfg.stateDir}/indexers/issues.bleve";
2022-10-18 00:42:23 +03:00
};
sessions = {
PROVIDER = "file";
2022-10-21 03:07:10 +03:00
PROVIDER_CONFIG = "${giteaCfg.stateDir}/sessions";
2022-10-18 00:42:23 +03:00
};
picture = {
2022-10-21 03:07:10 +03:00
AVATAR_UPLOAD_PATH = "${giteaCfg.stateDir}/avatars";
REPOSITORY_AVATAR_UPLOAD_PATH = "${giteaCfg.stateDir}/repo-avatars";
2022-10-18 00:42:23 +03:00
DISABLE_GRAVATAR = false;
ENABLE_FEDERATED_AVATAR = true;
};
attachment = {
2022-10-21 03:07:10 +03:00
PATH = "${giteaCfg.stateDir}/attachments";
2022-10-18 00:42:23 +03:00
};
mailer = {
ENABLED = true;
MAILER_TYPE = "smtp";
2023-03-03 13:58:11 +03:00
SMTP_ADDR = "mail.pleshevski.ru";
SMTP_PORT = 465;
USER = "gitea@pleshevski.ru";
FROM = "\"${giteaCfg.appName}\" <gitea@pleshevski.ru>";
2022-10-18 00:42:23 +03:00
};
openid = {
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = false;
};
# Don't check for new Gitea versions
"cron.update_checker".ENABLED = false;
2022-10-18 00:42:23 +03:00
};
};
2022-10-21 03:07:10 +03:00
systemd.services.gitea.preStart = lib.mkAfter ''
cp -f ${robotsTxt} ${giteaCfg.stateDir}/custom/robots.txt
'';
2023-03-04 23:22:03 +03:00
services.traefik.dynamicConfigOptions.http = {
routers.to_gitea = {
rule = "Host(`${hostname}`)";
entryPoints = [ "https" ];
tls.certResolver = "le";
service = "gitea";
2023-03-04 23:22:03 +03:00
};
services.gitea = {
loadBalancer.servers = [
{ url = "http://host.docker.internal:${toString giteaCfg.httpPort}"; }
2023-03-04 23:22:03 +03:00
];
};
};
2023-03-03 13:58:11 +03:00
age.secrets.gitea-smtp-passfile = {
2023-03-18 16:47:02 +03:00
file = ../../../../secrets/gitea-smtp-passfile.age;
2022-10-21 03:07:10 +03:00
owner = giteaCfg.user;
2022-10-18 00:42:23 +03:00
group = "gitea";
};
services.fail2ban.jails.gitea = ''
enabled = true
filter = gitea
findtime = 3600
bantime = 900
action = iptables-allports
'';
2022-10-21 03:07:10 +03:00
environment.etc."fail2ban/filter.d/gitea.conf".text = ''
[Definition]
failregex = .*Failed authentication attempt for .* from <HOST>
ignoreregex =
journalmatch = _SYSTEMD_UNIT=gitea.service
'';
2022-10-18 00:42:23 +03:00
}