From a787a7dfc5336413016537c5bcd1d25822ae5b1a Mon Sep 17 00:00:00 2001 From: blake Date: Fri, 7 Nov 2025 17:10:37 -0600 Subject: [PATCH] fin gitea testing --- modules/homelab/gitea/default.nix.bak | 133 -------------------------- 1 file changed, 133 deletions(-) delete mode 100644 modules/homelab/gitea/default.nix.bak diff --git a/modules/homelab/gitea/default.nix.bak b/modules/homelab/gitea/default.nix.bak deleted file mode 100644 index 497cb4f..0000000 --- a/modules/homelab/gitea/default.nix.bak +++ /dev/null @@ -1,133 +0,0 @@ -{ pkgs, config, lib, ... }: - -let - service = "gitea"; - cfg = config.homelab.${service}; - sec = config.sops.secrets; - homelab = config.homelab; -in -{ - options.homelab.${service} = { - enable = lib.mkEnableOption "enables ${service}"; - - # set port options - port = lib.mkOption { - type = lib.types.int; - default = 7703; - description = "set port for ${service} (default: ${toString cfg.port}"; - }; - ssh_port = lib.mkOption { - type = lib.types.int; - default = 7567; - description = "set port for ${service} (default: ${toString cfg.port}"; - }; - url = lib.mkOption { - type = lib.types.str; - default = "git.${homelab.base_domain}"; - description = "set domain for ${service}"; - }; - data_dir = lib.mkOption { - type = lib.types.str; - default = "/var/lib/${service}"; - description = "set data directory for ${service}"; - }; - ids = lib.mkOption { - type = lib.types.int; - default = cfg.port; - description = "set uid and pid of ${service} user (matches port by default)"; - }; - backup = lib.mkOption { - type = lib.types.bool; - default = true; - description = "enable backups for ${service}"; - }; - motd = lib.mkOption { - type = lib.types.nullOr lib.types.str; - default = service; - }; - }; - - config = lib.mkIf cfg.enable { - - # declare ${service} group - users.groups.${service} = { gid = lib.mkForce cfg.ids; }; - - # declare ${service} user - users.users.${service} = { - description = lib.mkForce "${service} server user"; - uid = lib.mkForce cfg.ids; - isSystemUser = true; - shell = pkgs.bash; - home = cfg.data_dir; - createHome = true; - group = service; - extraGroups = []; - }; - - # declare the gitea service - services.gitea = { - enable = true; - user = "gitea"; - group = "gitea"; - stateDir = cfg.data_dir; - appName = "gitea"; - settings = { - server = { - ROOT_URL = "https://git.blakedheld.xyz"; - LOCAL_ROOT_URL = "https://git.snowbelle.lan"; - DOMAIN = "git.blakedheld.xyz"; - HTTP_PORT = cfg.port; - SSH_PORT = cfg.ssh_port; - START_SSH_SERVER = true; - ENABLE_PUSH_CREATE_USER = true; - ALLOW_LOCALNETWORKS = true; - ALLOWED_DOMAINS = "10.10.0.10"; - SKIP_TLS_VERIFY = true; - - }; - }; - database = { - passwordFile = "${toString config.sops.secrets."gitea_database_password".path}"; - }; - }; - - # override umask to make permissions work out - systemd.services.${service}.serviceConfig = { - UMask = lib.mkForce "0007"; - }; - - # open firewall - networking.firewall.allowedTCPPorts = [ cfg.port cfg.ssh_port ]; - - # add to caddy for reverse proxy - services.caddy.virtualHosts."${cfg.url}" = { - serverAliases = [ "git.${homelab.public_domain}" ]; - extraConfig = '' - tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path} - reverse_proxy localhost:${toString cfg.port} { - } - ''; - }; - - # add to glance - homelab.glance.links.services = [{ - title = service; - url = "https://git.${homelab.public_domain}"; - error-url = "http://${homelab.host_ip}:${toString cfg.port}"; - check-url = "http://${homelab.host_ip}:${toString cfg.port}"; - icon = "di:${service}"; }]; - - # manage secrets with sops - sops.secrets = { - "${service}_database_password" = { - owner = service; - group = service; - }; - }; - - # add to backups - homelab.backups.baks = { - ${service} = { paths = [ cfg.data_dir ]; }; - }; - }; -}