Move metrics,gitea,vaultwarden from voyager to defiant

2023-12-26 11:45:12 +01:00
parent bb2d4138ea
commit 7976c4820a
17 changed files with 78 additions and 49 deletions
--- a/hosts/defiant/services/gitea.nix
+++ b/hosts/defiant/services/gitea.nix
@@ -0,0 +1,62 @@
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.gitea;
+  domain = "git.feal.no";
+  httpPort = 3004;
+  sshPort = 2222;
+in {
+    services.gitea = {
+      enable = true;
+      appName = "felixalbs Gitea";
+      database.type = "postgres";
+      stateDir = "/tank/services/gitea";
+
+      settings = {
+        server = {
+          # Serve on local unix socket, exposed in hosts/defiant/services/nginx.nix
+          PROTOCOL = "http+unix";
+          DOMAIN = domain;
+          ROOT_URL = "https://${domain}";
+          LANDING_PAGE=''"/felixalb"'';
+
+          SSH_PORT = sshPort;
+          SSH_LISTEN_PORT = sshPort;
+          START_SSH_SERVER = true;
+          BUILTIN_SSH_SERVER_USER = "git";
+        };
+
+        service.DISABLE_REGISTRATION = true;
+        session.COOKIE_SECURE = true;
+
+        packages.ENABLED = false;
+        packages.CHUNKED_UPLOAD_PATH = "${cfg.stateDir}/tmp/package-upload";
+
+        oauth2_client = {
+          ENABLE_AUTO_REGISTRATION = true;
+          OPENID_CONNECT_SCOPES = "email profile openid";
+          UPDATE_AVATAR = true;
+          ACCOUNT_LINKING = "auto";
+          USERNAME = "email";
+        };
+
+        log.LEVEL = "Info";
+
+        database.LOG_SQL = false;
+
+        ui = {
+          THEMES="gitea,arc-green,nord";
+          DEFAULT_THEME="nord";
+        };
+      };
+
+      # TODO:
+      # - Backup
+      #   - services.gitea.dump?
+      #   - ZFS snapshots?
+      # - configure mailer
+    };
+
+    systemd.services.gitea.serviceConfig.WorkingDirectory = lib.mkForce "${cfg.stateDir}/work";
+
+    networking.firewall.allowedTCPPorts = [ sshPort ];
+}