136 lines
4 KiB
Nix
136 lines
4 KiB
Nix
|
{ config, pkgs, lib, ... }:
|
||
|
|
||
|
let hostname = "nix-git.pleshevski.ru"; in
|
||
|
{
|
||
|
services.postgresql.package = pkgs.postgresql_14;
|
||
|
|
||
|
programs.git = {
|
||
|
enable = true;
|
||
|
config = {
|
||
|
user = {
|
||
|
email = "gitea@noreply.pleshevski.ru";
|
||
|
name = "Gitea";
|
||
|
signingKey = "7B1C00B534537C0E";
|
||
|
};
|
||
|
gpg.program = "/run/current-system/sw/bin/gpg";
|
||
|
commit.gpgSign = true;
|
||
|
tag.gpgSign = true;
|
||
|
core = {
|
||
|
quotePath = false;
|
||
|
commitGraph = true;
|
||
|
};
|
||
|
receive = {
|
||
|
advertisePushOptions = true;
|
||
|
procReceiveRefs = "refs/for";
|
||
|
};
|
||
|
gc.writeCommitGraph = true;
|
||
|
};
|
||
|
};
|
||
|
|
||
|
programs.gnupg.agent.enable = true;
|
||
|
|
||
|
services.gitea = {
|
||
|
enable = true;
|
||
|
httpPort = 9901;
|
||
|
domain = hostname;
|
||
|
rootUrl = "https://${hostname}";
|
||
|
appName = "Pleshevskiy Git Repositories";
|
||
|
mailerPasswordFile = config.age.secrets.gitea-mailserver-passfile.path;
|
||
|
database = {
|
||
|
type = "postgres";
|
||
|
host = "/run/postgresql";
|
||
|
port = config.services.postgresql.port;
|
||
|
};
|
||
|
lfs.enable = true;
|
||
|
settings = {
|
||
|
log = {
|
||
|
LEVEL = "Debug";
|
||
|
ENABLE_SSH_LOG = true;
|
||
|
};
|
||
|
database = {
|
||
|
CHARSET = "utf8";
|
||
|
LOG_SQL = false;
|
||
|
};
|
||
|
server.DISABLE_ROUTER_LOG = true;
|
||
|
service = {
|
||
|
ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
|
||
|
DEFAULT_KEEP_EMAIL_PRIVATE = false;
|
||
|
DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
|
||
|
DEFAULT_ENABLE_TIMETRACKING = true;
|
||
|
DEFAULT_ENABLE_DEPENDENCIES = false;
|
||
|
DISABLE_REGISTRATION = true;
|
||
|
ENABLE_NOTIFY_MAIL = false;
|
||
|
ENABLE_CAPTCHA = false;
|
||
|
ENABLE_TIMETRACKING = false;
|
||
|
REQUIRE_SIGNIN_VIEW = false;
|
||
|
REGISTER_EMAIL_CONFIRM = false;
|
||
|
NO_REPLY_ADDRESS = "noreply.pleshevski.ru";
|
||
|
};
|
||
|
repository = {
|
||
|
DISABLE_MIGRATIONS = false;
|
||
|
DISABLE_HTTP_GIT = false;
|
||
|
DISABLE_STARS = true;
|
||
|
DEFAULT_BRANCH = "main";
|
||
|
DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = true;
|
||
|
};
|
||
|
"repository.signing" = {
|
||
|
#SIGNING_EMAIL = "gitea@noreply.pleshevski.ru";
|
||
|
#SIGNING_NAME = "Gitea";
|
||
|
#SIGNING_KEY = "E1DDBF5A1406BB987779A85F55B75599806CD426";
|
||
|
SIGNING_KEY = "default";
|
||
|
DEFAULT_TRUST_MODEL = "collaboratorcommiter";
|
||
|
MERGES = "pubkey,basesigned,commitssigned";
|
||
|
};
|
||
|
"repository.local" = {
|
||
|
LOCAL_COPY_PATH = "${config.services.gitea.stateDir}/tmp/local-repo";
|
||
|
};
|
||
|
"repository.upload" = {
|
||
|
TEMP_PATH = "${config.services.gitea.stateDir}/uploads";
|
||
|
ALLOWED_TYPES = "image/*";
|
||
|
};
|
||
|
"repository.pull-request" = {
|
||
|
WORK_IN_PROGRESS_PREFIXES = "Draft:,[Draft]:,WIP:,[WIP]:";
|
||
|
};
|
||
|
indexer = {
|
||
|
ISSUE_INDEXER_PATH = "${config.services.gitea.stateDir}/indexers/issues.bleve";
|
||
|
};
|
||
|
sessions = {
|
||
|
PROVIDER = "file";
|
||
|
PROVIDER_CONFIG = "${config.services.gitea.stateDir}/sessions";
|
||
|
};
|
||
|
picture = {
|
||
|
AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/avatars";
|
||
|
REPOSITORY_AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/repo-avatars";
|
||
|
DISABLE_GRAVATAR = false;
|
||
|
ENABLE_FEDERATED_AVATAR = true;
|
||
|
};
|
||
|
attachment = {
|
||
|
PATH = "${config.services.gitea.stateDir}/attachments";
|
||
|
};
|
||
|
mailer = {
|
||
|
ENABLED = true;
|
||
|
MAILER_TYPE = "smtp";
|
||
|
FROM = "\"${config.services.gitea.appName}\" <no-reply@pleshevski.ru>";
|
||
|
USER = "dmitriy@pleshevski.ru";
|
||
|
HOST = "mail.pleshevski.ru:465";
|
||
|
};
|
||
|
openid = {
|
||
|
ENABLE_OPENID_SIGNIN = true;
|
||
|
ENABLE_OPENID_SIGNUP = false;
|
||
|
};
|
||
|
};
|
||
|
};
|
||
|
|
||
|
services.nginx.virtualHosts.${hostname} = {
|
||
|
enableACME = true;
|
||
|
forceSSL = true;
|
||
|
locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}/";
|
||
|
};
|
||
|
|
||
|
age.secrets.gitea-mailserver-passfile = {
|
||
|
file = ../../../secrets/mailserver-users-jan-passfile.age;
|
||
|
owner = config.services.gitea.user;
|
||
|
group = "gitea";
|
||
|
};
|
||
|
}
|