modules: services: use new nginx wrapper

And when not possible, document why. Note for the future: there is some repetition in some modules to configure the correct value of the subdomain, which I happen to know will line up correctly thanks to the nginx wrapper. A good way to refactor this in the future would involve avoiding this repetition, allowing use to query the correct domain in some way...
2021-08-24 23:05:10 +02:00 · 2021-08-24 23:05:10 +02:00 · 7032ddef37
commit 7032ddef37
parent 81e12969eb
19 changed files with 187 additions and 254 deletions
--- a/modules/services/gitea.nix
+++ b/modules/services/gitea.nix
@ -2,8 +2,6 @@
 { config, lib, ... }:
 let
  cfg = config.my.services.gitea;
-  domain = config.networking.domain;
-  giteaDomain = "gitea.${config.networking.domain}";
 in
 {
  options.my.services.gitea = with lib; {
@ -17,34 +15,38 @@ in
  };

  config = lib.mkIf cfg.enable {
-    services.gitea = {
-      enable = true;
+    services.gitea =
+      let
+        giteaDomain = "gitea.${config.networking.domain}";
+      in
+      {
+        enable = true;

-      appName = "Ambroisie's forge";
-      httpPort = cfg.port;
-      domain = giteaDomain;
-      rootUrl = "https://${giteaDomain}";
+        appName = "Ambroisie's forge";
+        httpPort = cfg.port;
+        domain = giteaDomain;
+        rootUrl = "https://${giteaDomain}";

-      user = "git";
-      lfs.enable = true;
+        user = "git";
+        lfs.enable = true;

-      useWizard = false;
-      disableRegistration = true;
+        useWizard = false;
+        disableRegistration = true;

-      # only send cookies via HTTPS
-      cookieSecure = true;
+        # only send cookies via HTTPS
+        cookieSecure = true;

-      database = {
-        type = "postgres"; # Automatic setup
-        user = "git"; # User needs to be the same as gitea user
+        database = {
+          type = "postgres"; # Automatic setup
+          user = "git"; # User needs to be the same as gitea user
+        };
+
+        # NixOS module uses `gitea dump` to backup repositories and the database,
+        # but it produces a single .zip file that's not very backup friendly.
+        # I configure my backup system manually below.
+        dump.enable = false;
      };

-      # NixOS module uses `gitea dump` to backup repositories and the database,
-      # but it produces a single .zip file that's not very backup friendly.
-      # I configure my backup system manually below.
-      dump.enable = false;
-    };
-
    users.users.git = {
      description = "Gitea Service";
      home = config.services.gitea.stateDir;
@ -60,12 +62,12 @@ in
    users.groups.git = { };

    # Proxy to Gitea
-    services.nginx.virtualHosts."${giteaDomain}" = {
-      forceSSL = true;
-      useACMEHost = domain;
-
-      locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}/";
-    };
+    my.services.nginx.virtualHosts = [
+      {
+        subdomain = "gitea";
+        inherit (cfg) port;
+      }
+    ];

    my.services.backup = {
      paths = [