add gitea

2022-03-10 19:12:07 +03:00 · 2022-03-10 19:12:07 +03:00 · 537c46caf6
commit 537c46caf6
parent 47a19a007d
4 changed files with 48 additions and 9 deletions
--- a/machines/NixOS-CT/default.nix
+++ b/machines/NixOS-CT/default.nix
@ -3,10 +3,10 @@
    ./hardware-configuration.nix
    inputs.self.nixosRoles.container

-    nginx
-    coturn
    fail2ban
+    gitea
    mailserver
+    nginx
    vaultwarden
  ];

--- a/profiles/servers/gitea.nix
+++ b/profiles/servers/gitea.nix
@ -0,0 +1,33 @@
+{ pkgs, config, lib, ... }:
+{
+  secrets.gitea = {
+    owner = "gitea";
+  };
+
+  services.gitea = {
+    enable = true;
+    appName = "AtaraxiaDev's Gitea Instance";
+    cookieSecure = true;
+    database = {
+      type = "postgres";
+      passwordFile = config.secrets.gitea.decrypted;
+    };
+    disableRegistration = true;
+    domain = "code.ataraxiadev.com";
+    httpPort = 6000;
+    lfs.enable = true;
+    rootUrl = "https://code.ataraxiadev.com";
+    stateDir = "/gitea/data";
+    # ssh = {
+    #   enable = true;
+    #   clonePort = 2222;
+    # };
+    # settings = {
+    #   server = {
+    #     START_SSH_SERVER = true;
+    #     SSH_LISTEN_HOST = "0.0.0.0";
+    #     SSH_LISTEN_PORT = 2222;
+    #   };
+    # };
+  };
+}
--- a/profiles/servers/nginx.nix
+++ b/profiles/servers/nginx.nix
@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }: {
  security.acme = {
    acceptTerms = true;
-    email = "ataraxiadev@ataraxiadev.com";
+    defaults.email = "ataraxiadev@ataraxiadev.com";
    certs = {
      "ataraxiadev.com" = {
        webroot = "/var/lib/acme/acme-challenge";
@ -15,6 +15,7 @@
          "stats.ataraxiadev.com"
          "startpage.ataraxiadev.com"
          "vw.ataraxiadev.com"
+          "code.ataraxiadev.com"
        ];
      };
    };
@ -57,7 +58,7 @@
          extraConfig = ''
            proxy_set_header X-Forwarded-For $remote_addr;
          '';
-        } // hardened;
+        };
      } // default;
      "matrix:443" = {
        serverAliases = [
@ -75,8 +76,8 @@
          ssl = true;
        }];
        locations."/" = {
-          proxyPass = "http://matrix-ct:81";
-        } // proxySettings // hardened;
+          proxyPass = "http://matrix.pve:81";
+        } // proxySettings;
      } // default;
      "matrix:8448" = {
        serverAliases = [ "matrix.ataraxiadev.com" ];
@ -86,8 +87,8 @@
          ssl = true;
        }];
        locations."/" = {
-          proxyPass = "http://matrix-ct:8449";
-        } // proxySettings // hardened;
+          proxyPass = "http://matrix.pve:8449";
+        } // proxySettings;
      } // default;
      "startpage.ataraxiadev.com" = {
        locations."/" = {
@ -112,6 +113,11 @@
          proxyPass = "http://localhost:8812";
        } // proxySettings // hardened;
      } // default;
+      "code.ataraxiadev.com" = {
+        locations."/" = {
+          proxyPass = "http://localhost:6000";
+        } // proxySettings // hardened;
+      } // default;
    };
  };

--- a/profiles/servers/vaultwarden.nix
+++ b/profiles/servers/vaultwarden.nix
@ -6,7 +6,7 @@

  services.vaultwarden = {
    enable = true;
-    backupDir = "/backups/vaultwarden";
+    # backupDir = "/backups/vaultwarden";
    config = {
      domain = "https://vw.ataraxiadev.com";
      extendedLogging = true;