# A low-ressource, full-featured git forge. { config, lib, ... }: let cfg = config.my.services.gitea; domain = config.networking.domain; giteaDomain = "gitea.${config.networking.domain}"; in { options.my.services.gitea = with lib; { enable = mkEnableOption "Gitea"; port = mkOption { type = types.port; default = 3042; example = 8080; description = "Internal port"; }; }; config = lib.mkIf cfg.enable { services.gitea = { enable = true; appName = "Ambroisie's forge"; httpPort = cfg.port; domain = giteaDomain; rootUrl = "https://${giteaDomain}"; user = "git"; lfs.enable = true; useWizard = false; disableRegistration = true; # only send cookies via HTTPS cookieSecure = true; database = { type = "postgres"; # Automatic setup user = "git"; # User needs to be the same as gitea user }; # NixOS module uses `gitea dump` to backup repositories and the database, # but it produces a single .zip file that's not very backup friendly. # I configure my backup system manually below. dump.enable = false; }; users.users.git = { description = "Gitea Service"; home = config.services.gitea.stateDir; useDefaultShell = true; group = "git"; # The service for gitea seems to hardcode the group as # gitea, so, uh, just in case? extraGroups = [ "gitea" ]; isSystemUser = true; }; users.groups.git = { }; # Proxy to Gitea services.nginx.virtualHosts."${giteaDomain}" = { forceSSL = true; useACMEHost = domain; locations."/".proxyPass = "http://127.0.0.1:${toString cfg.port}/"; }; my.services.backup = { paths = [ config.services.gitea.lfs.contentDir config.services.gitea.repositoryRoot ]; }; }; }