nixos-examples/version-management/gitea_for_NixOps.nix

# Example NixOps configuration for the hosts running Gitea
#
# Will need to be used with an appropriate sercets file. See: ../secrets.nix

{ config, pkgs, lib, ... }:

{

  services.gitea = {
    enable = true;                               # Enable Gitea
    appName = "MyDomain: Gitea Service";         # Give the site a name
    database = {
      type = "postgres";                         # Database type
      passwordFile = "/run/keys/gitea-dbpass";   # Where to find the password
    };
    domain = "source.mydomain.tld";              # Domain name
    rootUrl = "https://source.mydomaain.tld/";   # Root web URL
    httpPort = 3001;                             # Provided unique port
    extraConfig = let
      docutils =
        pkgs.python37.withPackages (ps: with ps; [
          docutils                               # Provides rendering of ReStructured Text files
          pygments                               # Provides syntax highlighting
      ]);
    in ''
      [mailer]
      ENABLED = true
      FROM = "gitea@mydomain.tld"
      [service]
      REGISTER_EMAIL_CONFIRM = true
      [markup.restructuredtext]
      ENABLED = true
      FILE_EXTENSIONS = .rst
      RENDER_COMMAND = ${docutils}/bin/rst2html.py
      IS_INPUT_FILE = false
    '';
  };

  services.postgresql = {
    enable = true;                # Ensure postgresql is enabled
    authentication = ''
      local gitea all ident map=gitea-users
    '';
    identMap =                    # Map the gitea user to postgresql
      ''
        gitea-users gitea gitea
      '';
  };

  services.nginx = {
    enable = true;                                          # Enable Nginx
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    virtualHosts."source.MyDomain.tld" = {                  # Gitea hostname
      enableACME = true;                                    # Use ACME certs
      forceSSL = true;                                      # Force SSL
      locations."/".proxyPass = "http://localhost:3001/";   # Proxy Gitea
    };
  };

  security.acme.certs = {
      "source.mydomain".email = "anEmail@mydomain.tld";
  };

}