NixOS configs for new Redbrick deployment
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

88 lines
2.1 KiB

  1. let
  2. common = import ../common/variables.nix;
  3. stateDir = "/var/lib/gitea";
  4. repositoryRoot = "/zroot/git";
  5. in {
  6. users.users.git = {
  7. description = "Service user for gitea";
  8. isSystemUser = true;
  9. group = "gitea";
  10. shell = "/dev/null";
  11. home = "/dev/null";
  12. };
  13. services.gitea = {
  14. inherit stateDir repositoryRoot;
  15. enable = true;
  16. appName = "Redbrick";
  17. user = "git";
  18. domain = common.tld;
  19. httpPort = 3000;
  20. rootUrl = "https://git.${common.tld}/";
  21. database = {
  22. createDatabase = false;
  23. type = "postgres";
  24. host = "localhost";
  25. port = 5432;
  26. user = "gitea";
  27. name = "gitea";
  28. passwordFile = "/var/secrets/giteadb.secret";
  29. };
  30. extraConfig = ''
  31. [repository.upload]
  32. TEMP_PATH = ${stateDir}/uploads
  33. [server]
  34. SSH_DOMAIN = git.redbrick.dcu.ie
  35. DISABLE_SSH = false
  36. SSH_PORT = 10022
  37. LFS_START_SERVER = false
  38. OFFLINE_MODE = false
  39. [session]
  40. PROVIDER_CONFIG = ${stateDir}/sessions
  41. PROVIDER = file
  42. [picture]
  43. AVATAR_UPLOAD_PATH = ${stateDir}/avatars
  44. DISABLE_GRAVATAR = false
  45. ENABLE_FEDERATED_AVATAR = false
  46. [attachment]
  47. PATH = ${stateDir}/attachments
  48. [mailer]
  49. ENABLED = true
  50. HOST = mailhost.redbrick.dcu.ie:587
  51. FROM = gitea@redbrick.dcu.ie
  52. [service]
  53. REGISTER_EMAIL_CONFIRM = false
  54. ENABLE_NOTIFY_MAIL = true
  55. DISABLE_REGISTRATION = true
  56. ENABLE_CAPTCHA = false
  57. REQUIRE_SIGNIN_VIEW = false
  58. DEFAULT_KEEP_EMAIL_PRIVATE = false
  59. NO_REPLY_ADDRESS = noreply.redbrick.dcu.ie
  60. [security]
  61. INSTALL_LOCK = true
  62. SECRET_KEY = ZaAgYxsMt3
  63. INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTI2MDcxMDR9.T3CCdLpGcXvOzC_Wg7Uq8fN-YE3TCJPofGmiHnaypUg
  64. [openid]
  65. ENABLE_OPENID_SIGNUP = false
  66. ENABLE_OPENID_SIGNIN = false
  67. [oauth2]
  68. JWT_SECRET = 0l4Md3fIHiSXRVK4gFpvO2CFXqhb8qSzWLuHPioWUyo
  69. '';
  70. };
  71. networking.firewall.allowedTCPPorts = [ 3000 ];
  72. }