system/machines/magenta/services/gitea.nix

{ config, pkgs, lib, ... }:

let hostname = "nix-git.pleshevski.ru"; in
{
  services.postgresql.package = pkgs.postgresql_14;

  programs.git = {
    enable = true;
    config = {
      user = {
        email = "gitea@noreply.pleshevski.ru";
        name = "Gitea";
        signingKey = "7B1C00B534537C0E";
      };
      gpg.program = "/run/current-system/sw/bin/gpg";
      commit.gpgSign = true;
      tag.gpgSign = true;
      core = {
        quotePath = false;
        commitGraph = true;
      };
      receive = {
        advertisePushOptions = true;
        procReceiveRefs = "refs/for";
      };
      gc.writeCommitGraph = true;
    };
  };

  programs.gnupg.agent.enable = true;

  services.gitea = {
    enable = true;
    httpPort = 9901;
    domain = hostname;
    rootUrl = "https://${hostname}";
    appName = "Pleshevskiy Git Repositories";
    mailerPasswordFile = config.age.secrets.gitea-mailserver-passfile.path;
    database = {
      type = "postgres";
      host = "/run/postgresql";
      port = config.services.postgresql.port;
    };
    lfs.enable = true;
    settings = {
      log = {
        LEVEL = "Debug";
        ENABLE_SSH_LOG = true;
      };
      database = {
        CHARSET = "utf8";
        LOG_SQL = false;
      };
      server.DISABLE_ROUTER_LOG = true;
      service = {
        ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
        DEFAULT_KEEP_EMAIL_PRIVATE = false;
        DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
        DEFAULT_ENABLE_TIMETRACKING = true;
        DEFAULT_ENABLE_DEPENDENCIES = false;
        DISABLE_REGISTRATION = true;
        ENABLE_NOTIFY_MAIL = false;
        ENABLE_CAPTCHA = false;
        ENABLE_TIMETRACKING = false;
        REQUIRE_SIGNIN_VIEW = false;
        REGISTER_EMAIL_CONFIRM = false;
        NO_REPLY_ADDRESS = "noreply.pleshevski.ru";
      };
      repository = {
        DISABLE_MIGRATIONS = false;
        DISABLE_HTTP_GIT = false;
        DISABLE_STARS = true;
        DEFAULT_BRANCH = "main";
        DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = true;
      };
      "repository.signing" = {
        #SIGNING_EMAIL = "gitea@noreply.pleshevski.ru";
        #SIGNING_NAME = "Gitea";
        #SIGNING_KEY = "E1DDBF5A1406BB987779A85F55B75599806CD426";
        SIGNING_KEY = "default";
        DEFAULT_TRUST_MODEL = "collaboratorcommiter";
        MERGES = "pubkey,basesigned,commitssigned";
      };
      "repository.local" = {
        LOCAL_COPY_PATH = "${config.services.gitea.stateDir}/tmp/local-repo";
      };
      "repository.upload" = {
        TEMP_PATH = "${config.services.gitea.stateDir}/uploads";
        ALLOWED_TYPES = "image/*";
      };
      "repository.pull-request" = {
        WORK_IN_PROGRESS_PREFIXES = "Draft:,[Draft]:,WIP:,[WIP]:";
      };
      indexer = {
        ISSUE_INDEXER_PATH = "${config.services.gitea.stateDir}/indexers/issues.bleve";
      };
      sessions = {
        PROVIDER = "file";
        PROVIDER_CONFIG = "${config.services.gitea.stateDir}/sessions";
      };
      picture = {
        AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/avatars";
        REPOSITORY_AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/repo-avatars";
        DISABLE_GRAVATAR = false;
        ENABLE_FEDERATED_AVATAR = true;
      };
      attachment = {
        PATH = "${config.services.gitea.stateDir}/attachments";
      };
      mailer = {
        ENABLED = true;
        MAILER_TYPE = "smtp";
        FROM = "\"${config.services.gitea.appName}\" <no-reply@pleshevski.ru>";
        USER = "dmitriy@pleshevski.ru";
        HOST = "mail.pleshevski.ru:465";
      };
      openid = {
        ENABLE_OPENID_SIGNIN = true;
        ENABLE_OPENID_SIGNUP = false;
      };
    };
  };

  services.nginx.virtualHosts.${hostname} = {
    enableACME = true;
    forceSSL = true;
    locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}/";
  };

  age.secrets.gitea-mailserver-passfile = {
    file = ../../../secrets/mailserver-users-jan-passfile.age;
    owner = config.services.gitea.user;
    group = "gitea";
  };
}
machines/magenta: restructure services 2022-10-18 00:42:23 +03:00			`{ config, pkgs, lib, ... }:`

			`let hostname = "nix-git.pleshevski.ru"; in`
			`{`
			`services.postgresql.package = pkgs.postgresql_14;`

			`programs.git = {`
			`enable = true;`
			`config = {`
			`user = {`
			`email = "gitea@noreply.pleshevski.ru";`
			`name = "Gitea";`
			`signingKey = "7B1C00B534537C0E";`
			`};`
			`gpg.program = "/run/current-system/sw/bin/gpg";`
			`commit.gpgSign = true;`
			`tag.gpgSign = true;`
			`core = {`
			`quotePath = false;`
			`commitGraph = true;`
			`};`
			`receive = {`
			`advertisePushOptions = true;`
			`procReceiveRefs = "refs/for";`
			`};`
			`gc.writeCommitGraph = true;`
			`};`
			`};`

			`programs.gnupg.agent.enable = true;`

			`services.gitea = {`
			`enable = true;`
			`httpPort = 9901;`
			`domain = hostname;`
			`rootUrl = "https://${hostname}";`
			`appName = "Pleshevskiy Git Repositories";`
			`mailerPasswordFile = config.age.secrets.gitea-mailserver-passfile.path;`
			`database = {`
			`type = "postgres";`
			`host = "/run/postgresql";`
			`port = config.services.postgresql.port;`
			`};`
			`lfs.enable = true;`
			`settings = {`
			`log = {`
			`LEVEL = "Debug";`
			`ENABLE_SSH_LOG = true;`
			`};`
			`database = {`
			`CHARSET = "utf8";`
			`LOG_SQL = false;`
			`};`
			`server.DISABLE_ROUTER_LOG = true;`
			`service = {`
			`ALLOW_ONLY_EXTERNAL_REGISTRATION = false;`
			`DEFAULT_KEEP_EMAIL_PRIVATE = false;`
			`DEFAULT_ALLOW_CREATE_ORGANIZATION = true;`
			`DEFAULT_ENABLE_TIMETRACKING = true;`
			`DEFAULT_ENABLE_DEPENDENCIES = false;`
			`DISABLE_REGISTRATION = true;`
			`ENABLE_NOTIFY_MAIL = false;`
			`ENABLE_CAPTCHA = false;`
			`ENABLE_TIMETRACKING = false;`
			`REQUIRE_SIGNIN_VIEW = false;`
			`REGISTER_EMAIL_CONFIRM = false;`
			`NO_REPLY_ADDRESS = "noreply.pleshevski.ru";`
			`};`
			`repository = {`
			`DISABLE_MIGRATIONS = false;`
			`DISABLE_HTTP_GIT = false;`
			`DISABLE_STARS = true;`
			`DEFAULT_BRANCH = "main";`
			`DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = true;`
			`};`
			`"repository.signing" = {`
			`#SIGNING_EMAIL = "gitea@noreply.pleshevski.ru";`
			`#SIGNING_NAME = "Gitea";`
			`#SIGNING_KEY = "E1DDBF5A1406BB987779A85F55B75599806CD426";`
			`SIGNING_KEY = "default";`
			`DEFAULT_TRUST_MODEL = "collaboratorcommiter";`
			`MERGES = "pubkey,basesigned,commitssigned";`
			`};`
			`"repository.local" = {`
			`LOCAL_COPY_PATH = "${config.services.gitea.stateDir}/tmp/local-repo";`
			`};`
			`"repository.upload" = {`
			`TEMP_PATH = "${config.services.gitea.stateDir}/uploads";`
			`ALLOWED_TYPES = "image/*";`
			`};`
			`"repository.pull-request" = {`
			`WORK_IN_PROGRESS_PREFIXES = "Draft:,[Draft]:,WIP:,[WIP]:";`
			`};`
			`indexer = {`
			`ISSUE_INDEXER_PATH = "${config.services.gitea.stateDir}/indexers/issues.bleve";`
			`};`
			`sessions = {`
			`PROVIDER = "file";`
			`PROVIDER_CONFIG = "${config.services.gitea.stateDir}/sessions";`
			`};`
			`picture = {`
			`AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/avatars";`
			`REPOSITORY_AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/repo-avatars";`
			`DISABLE_GRAVATAR = false;`
			`ENABLE_FEDERATED_AVATAR = true;`
			`};`
			`attachment = {`
			`PATH = "${config.services.gitea.stateDir}/attachments";`
			`};`
			`mailer = {`
			`ENABLED = true;`
			`MAILER_TYPE = "smtp";`
			`FROM = "\"${config.services.gitea.appName}\" <no-reply@pleshevski.ru>";`
			`USER = "dmitriy@pleshevski.ru";`
			`HOST = "mail.pleshevski.ru:465";`
			`};`
			`openid = {`
			`ENABLE_OPENID_SIGNIN = true;`
			`ENABLE_OPENID_SIGNUP = false;`
			`};`
			`};`
			`};`

			`services.nginx.virtualHosts.${hostname} = {`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}/";`
			`};`

			`age.secrets.gitea-mailserver-passfile = {`
			`file = ../../../secrets/mailserver-users-jan-passfile.age;`
			`owner = config.services.gitea.user;`
			`group = "gitea";`
			`};`
			`}`