machines/magenta: add gitea service

machines/magenta/default.nix

@@ -1,4 +1,4 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 
 let
   data = import ../../data.nix;
@@ -10,6 +10,7 @@ in
     ./mail-accounts.nix
     ../modules/common.nix
     ../modules/nix.nix
+    ../modules/nginx.nix
   ];
 
   boot.cleanTmpDir = true;
@@ -24,7 +25,6 @@ in
     defaults.email = "dmitriy@pleshevski.ru";
   };
 
-
   # See: https://nixos-mailserver.readthedocs.io/en/latest/options.html
   mailserver = {
     enable = true;
@@ -37,4 +37,33 @@ in
 
     hierarchySeparator = "/";
   };
+
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_14;
+  };
+
+  services.gitea = {
+    enable = true;
+    httpPort = 9901;
+    domain = "nix-git.pleshevski.ru";
+    rootUrl = "https://nix-git.pleshevski.ru";
+    database = {
+      type = "postgres";
+      host = "/run/postgresql";
+      port = config.services.postgresql.port;
+    };
+    settings = {
+      log.LEVEL = "Error";
+      service.DISABLE_REGISTRATION = true;
+      metrics.ENABLED = true;
+      server.DISABLE_ROUTER_LOG = true;
+    };
+  };
+
+  services.nginx.virtualHosts."nix-git.pleshevski.ru" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}/";
+  };
 }

machines/modules/nginx.nix

@@ -0,0 +1,11 @@
+{
+  services.nginx = {
+    enable = true;
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+}