Browse Source

Added a production NixOps deployment

master
Craige McWhirter 10 months ago
parent
commit
f840f81679
Signed by: craige <craige@mcwhirter.com.au> GPG Key ID: A4122FF3971B6865
1 changed files with 67 additions and 0 deletions
  1. +67
    -0
      version-management/gitea_for_NixOps.nix

+ 67
- 0
version-management/gitea_for_NixOps.nix View File

@@ -0,0 +1,67 @@
# Example NixOps configuration for the hosts running Gitea
#
# Will need to be used with an appropriate sercets file. See: ../secrets.nix

{ config, pkgs, lib, ... }:

{

services.gitea = {
enable = true; # Enable Gitea
appName = "MyDomain: Gitea Service"; # Give the site a name
database = {
type = "postgres"; # Database type
passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password
};
domain = "source.mydomain.tld"; # Domain name
rootUrl = "https://source.mydomaain.tld/"; # Root web URL
httpPort = 3001; # Provided unique port
extraConfig = let
docutils =
pkgs.python37.withPackages (ps: with ps; [
docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting
]);
in ''
[mailer]
ENABLED = true
FROM = "gitea@mydomain.tld"
[service]
REGISTER_EMAIL_CONFIRM = true
[markup.restructuredtext]
ENABLED = true
FILE_EXTENSIONS = .rst
RENDER_COMMAND = ${docutils}/bin/rst2html.py
IS_INPUT_FILE = false
'';
};

services.postgresql = {
enable = true; # Ensure postgresql is enabled
authentication = ''
local gitea all ident map=gitea-users
'';
identMap = # Map the gitea user to postgresql
''
gitea-users gitea gitea
'';
};

services.nginx = {
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."source.MyDomain.tld" = { # Gitea hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea
};
};

security.acme.certs = {
"source.mydomain".email = "anEmail@mydomain.tld";
};

}

Loading…
Cancel
Save