mkModule gitea
This commit is contained in:
mjallen18
@@ -6,32 +6,20 @@
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.${namespace}.services.gitea;
|
||||
name = "gitea";
|
||||
cfg = config.${namespace}.services.${name};
|
||||
rootUrl = "https://gitea.${namespace}.dev/";
|
||||
mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path;
|
||||
metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path;
|
||||
|
||||
# Create reverse proxy configuration using mkReverseProxy
|
||||
reverseProxyConfig = lib.${namespace}.mkReverseProxy {
|
||||
name = "gitea";
|
||||
subdomain = cfg.reverseProxy.subdomain;
|
||||
url = "http://${cfg.localAddress}:${toString cfg.httpPort}";
|
||||
middlewares = cfg.reverseProxy.middlewares;
|
||||
};
|
||||
|
||||
traefik = {
|
||||
"${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable {
|
||||
reverseProxies = [ reverseProxyConfig ];
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
imports = [ ./options.nix ];
|
||||
config =
|
||||
mkIf cfg.enable {
|
||||
giteaConfig = lib.${namespace}.mkModule {
|
||||
inherit config name;
|
||||
description = "Gitea";
|
||||
options = { };
|
||||
moduleConfig = {
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
stateDir = cfg.dataDir;
|
||||
stateDir = "${cfg.configDir}/gitea";
|
||||
user = "nix-apps";
|
||||
group = "jallen-nas";
|
||||
mailerPasswordFile = mailerPasswordFile;
|
||||
@@ -39,12 +27,12 @@ in
|
||||
settings = {
|
||||
server = {
|
||||
DOMAIN = "jallen-nas";
|
||||
HTTP_ADDR = "0.0.0.0";
|
||||
HTTP_PORT = cfg.httpPort;
|
||||
HTTP_ADDR = cfg.listenAddress;
|
||||
HTTP_PORT = cfg.port;
|
||||
PROTOCOL = "http";
|
||||
ROOT_URL = rootUrl;
|
||||
START_SSH_SERVER = true;
|
||||
SSH_PORT = cfg.sshPort;
|
||||
SSH_PORT = 2222;
|
||||
};
|
||||
service = {
|
||||
REGISTER_EMAIL_CONFIRM = false;
|
||||
@@ -58,6 +46,9 @@ in
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
// traefik;
|
||||
};
|
||||
};
|
||||
in
|
||||
{
|
||||
imports = [ giteaConfig ];
|
||||
}
|
||||
|
||||
@@ -1,116 +0,0 @@
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
namespace,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
cfg = config.${namespace}.services.gitea;
|
||||
rootUrl = "https://gitea.mjallen.dev/";
|
||||
dataDir = "/var/lib/gitea";
|
||||
secretsDir = "/run/secrets/jallen-nas/gitea";
|
||||
mailerPasswordFile = config.sops.secrets."jallen-nas/gitea/mail-key".path;
|
||||
metricsTokenFile = config.sops.secrets."jallen-nas/gitea/metrics-key".path;
|
||||
giteaUid = config.users.users.nix-apps.uid;
|
||||
giteaGid = config.users.groups.jallen-nas.gid;
|
||||
|
||||
serviceConfig = {
|
||||
services.gitea = {
|
||||
enable = true;
|
||||
stateDir = dataDir;
|
||||
mailerPasswordFile = mailerPasswordFile;
|
||||
metricsTokenFile = metricsTokenFile;
|
||||
settings = {
|
||||
server = {
|
||||
DOMAIN = "jallen-nas";
|
||||
HTTP_ADDR = "0.0.0.0";
|
||||
HTTP_PORT = cfg.httpPort;
|
||||
PROTOCOL = "http";
|
||||
ROOT_URL = rootUrl;
|
||||
START_SSH_SERVER = true;
|
||||
SSH_PORT = cfg.sshPort;
|
||||
};
|
||||
service = {
|
||||
REGISTER_EMAIL_CONFIRM = false;
|
||||
ENABLE_CAPTCHA = false;
|
||||
DISABLE_REGISTRATION = true;
|
||||
ENABLE_OPENID_SIGNIN = false;
|
||||
ENABLE_LDAP_SIGNIN = false;
|
||||
ENABLE_SSH_SIGNIN = true;
|
||||
ENABLE_BUILTIN_SSH_SERVER = true;
|
||||
ENABLE_REVERSE_PROXY_AUTHENTICATION = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
users = {
|
||||
users.gitea = {
|
||||
isSystemUser = true;
|
||||
isNormalUser = false;
|
||||
uid = lib.mkForce giteaUid;
|
||||
group = "gitea";
|
||||
extraGroups = [ "keys" ];
|
||||
};
|
||||
groups = {
|
||||
gitea = {
|
||||
gid = lib.mkForce giteaGid;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# Create and set permissions for required directories
|
||||
system.activationScripts.gitea-dirs = ''
|
||||
mkdir -p /var/lib/gitea
|
||||
chown -R gitea:gitea /var/lib/gitea
|
||||
chmod -R 775 /var/lib/gitea
|
||||
mkdir -p /run/secrets/jallen-nas
|
||||
chown -R gitea:gitea /run/secrets/jallen-nas
|
||||
chmod -R 775 /run/secrets/jallen-nas
|
||||
'';
|
||||
};
|
||||
|
||||
bindMounts = {
|
||||
"${dataDir}" = {
|
||||
hostPath = cfg.dataDir;
|
||||
isReadOnly = false;
|
||||
};
|
||||
secrets = {
|
||||
hostPath = secretsDir;
|
||||
isReadOnly = true;
|
||||
mountPoint = secretsDir;
|
||||
};
|
||||
};
|
||||
|
||||
# Create reverse proxy configuration using mkReverseProxy
|
||||
reverseProxyConfig = lib.${namespace}.mkReverseProxy {
|
||||
name = "gitea";
|
||||
subdomain = cfg.reverseProxy.subdomain;
|
||||
url = "http://${cfg.localAddress}:${toString cfg.httpPort}";
|
||||
middlewares = cfg.reverseProxy.middlewares;
|
||||
};
|
||||
|
||||
containerConfig =
|
||||
(lib.${namespace}.mkContainer {
|
||||
name = "gitea";
|
||||
localAddress = cfg.localAddress;
|
||||
ports = [
|
||||
cfg.httpPort
|
||||
cfg.sshPort
|
||||
];
|
||||
bindMounts = bindMounts;
|
||||
config = serviceConfig;
|
||||
})
|
||||
{ inherit lib; };
|
||||
|
||||
giteaConfig = {
|
||||
"${namespace}".services.traefik = lib.mkIf cfg.reverseProxy.enable {
|
||||
reverseProxies = [ reverseProxyConfig ];
|
||||
};
|
||||
}
|
||||
// containerConfig;
|
||||
in
|
||||
{
|
||||
imports = [ ./options.nix ];
|
||||
config = mkIf cfg.enable giteaConfig;
|
||||
}
|
||||
@@ -1,29 +0,0 @@
|
||||
{ lib, namespace, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.${namespace}.services.gitea = {
|
||||
enable = mkEnableOption "gitea service";
|
||||
|
||||
httpPort = mkOption {
|
||||
type = types.int;
|
||||
default = 80;
|
||||
};
|
||||
|
||||
sshPort = mkOption {
|
||||
type = types.int;
|
||||
default = 22;
|
||||
};
|
||||
|
||||
localAddress = mkOption {
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
};
|
||||
|
||||
dataDir = mkOption {
|
||||
type = types.str;
|
||||
default = "";
|
||||
};
|
||||
|
||||
reverseProxy = lib.${namespace}.mkReverseProxyOpt;
|
||||
};
|
||||
}
|
||||
Reference in New Issue
Block a user