{ config, pkgs, ... }: let data = import ../../data.nix; in { imports = [ ./hardware-configuration.nix ./networking.nix # generated at runtime by nixos-infect ./mail-accounts.nix ../modules/common.nix ../modules/nix.nix ../modules/nginx.nix ]; boot.cleanTmpDir = true; zramSwap.enable = true; networking.hostName = "magenta"; services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan; security.acme = { acceptTerms = true; defaults.email = "dmitriy@pleshevski.ru"; }; # See: https://nixos-mailserver.readthedocs.io/en/latest/options.html mailserver = { enable = true; fqdn = "mail.pleshevski.ru"; domains = [ "pleshevski.ru" ]; # Use Let's Encrypt certificates. Note that this needs to set up a stripped # down nginx and opens port 80. certificateScheme = 3; hierarchySeparator = "/"; }; services.postgresql = { enable = true; package = pkgs.postgresql_14; }; programs.gnupg.agent.enable = true; services.gitea = { enable = true; httpPort = 9901; domain = "nix-git.pleshevski.ru"; rootUrl = "https://nix-git.pleshevski.ru"; appName = "Pleshevskiy Git Repositories"; mailerPasswordFile = config.age.secrets.gitea-mailserver-passfile.path; database = { type = "postgres"; host = "/run/postgresql"; port = config.services.postgresql.port; }; lfs.enable = true; settings = { log.LEVEL = "Error"; metrics.ENABLED = true; database.CHARSET = "utf8"; server.DISABLE_ROUTER_LOG = true; service = { ALLOW_ONLY_EXTERNAL_REGISTRATION = false; DEFAULT_KEEP_EMAIL_PRIVATE = false; DEFAULT_ALLOW_CREATE_ORGANIZATION = true; DEFAULT_ENABLE_TIMETRACKING = true; DEFAULT_ENABLE_DEPENDENCIES = false; DISABLE_REGISTRATION = true; ENABLE_NOTIFY_MAIL = false; ENABLE_CAPTCHA = false; ENABLE_TIMETRACKING = false; REQUIRE_SIGNIN_VIEW = false; REGISTER_EMAIL_CONFIRM = false; NO_REPLY_ADDRESS = "noreply.pleshevski.ru"; }; repository = { DISABLE_MIGRATIONS = false; DISABLE_HTTP_GIT = false; DISABLE_STARS = true; DEFAULT_BRANCH = "main"; DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = true; }; "repository.signing" = { SIGNING_KEY = "default"; DEFAULT_TRUST_MODEL = "collaboratorcommiter"; MERGES = "pubkey,basesigned,commitssigned"; }; "repository.local" = { LOCAL_COPY_PATH = "${config.services.gitea.stateDir}/tmp/local-repo"; }; "repository.upload" = { TEMP_PATH = "${config.services.gitea.stateDir}/uploads"; ALLOWED_TYPES = "image/*"; }; "repository.pull-request" = { WORK_IN_PROGRESS_PREFIXES = "Draft:,[Draft]:,WIP:,[WIP]:"; }; indexer = { ISSUE_INDEXER_PATH = "${config.services.gitea.stateDir}/indexers/issues.bleve"; }; sessions = { PROVIDER = "file"; PROVIDER_CONFIG = "${config.services.gitea.stateDir}/sessions"; }; picture = { AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/avatars"; REPOSITORY_AVATAR_UPLOAD_PATH = "${config.services.gitea.stateDir}/repo-avatars"; DISABLE_GRAVATAR = false; ENABLE_FEDERATED_AVATAR = true; }; attachment = { PATH = "${config.services.gitea.stateDir}/attachments"; }; mailer = { ENABLED = true; MAILER_TYPE = "smtp"; FROM = "\"${config.services.gitea.appName}\" "; USER = "dmitriy@pleshevski.ru"; HOST = "mail.pleshevski.ru:465"; }; openid = { ENABLE_OPENID_SIGNIN = true; ENABLE_OPENID_SIGNUP = false; }; }; }; services.nginx.virtualHosts."nix-git.pleshevski.ru" = { enableACME = true; forceSSL = true; locations."/".proxyPass = "http://localhost:${toString config.services.gitea.httpPort}/"; }; age.secrets.gitea-mailserver-passfile = { file = ../../secrets/mailserver-users-jan-passfile.age; owner = config.services.gitea.user; group = "gitea"; }; }