Compare commits
10 Commits
5a117927ac
...
a12677cc6c
| Author | SHA1 | Date | |
|---|---|---|---|
| a12677cc6c | |||
| b4d81a63b2 | |||
| 09ed3f2023 | |||
| 1deaf8c866 | |||
| 56921209cb | |||
| 4ac1f27987 | |||
| 9d4e3178bf | |||
| 0328e81bc8 | |||
| 551b7d4d7b | |||
| 9ba7987921 |
@@ -1,6 +1,6 @@
|
|||||||
# flake for blakes nixos config
|
# flake for blakes nixos config
|
||||||
# define new devices in outputs
|
# define new devices in outputs
|
||||||
# generation: 69 current 2025-10-07 23:14:40 25.05.20251001.5b5be50 6.12.49 *
|
# generation: 77 current 2025-10-08 00:10:23 25.05.20251001.5b5be50 6.12.49 *
|
||||||
{
|
{
|
||||||
description = "blakes nix config";
|
description = "blakes nix config";
|
||||||
inputs = {
|
inputs = {
|
||||||
|
|||||||
@@ -41,6 +41,7 @@ in
|
|||||||
description = lib.mkForce "gitea server user";
|
description = lib.mkForce "gitea server user";
|
||||||
uid = ids;
|
uid = ids;
|
||||||
isSystemUser = true;
|
isSystemUser = true;
|
||||||
|
shell = pkgs.bash;
|
||||||
home = "/var/lib/gitea";
|
home = "/var/lib/gitea";
|
||||||
createHome = true;
|
createHome = true;
|
||||||
group = "gitea";
|
group = "gitea";
|
||||||
@@ -59,6 +60,9 @@ in
|
|||||||
DOMAIN = "git.blakedheld.xyz";
|
DOMAIN = "git.blakedheld.xyz";
|
||||||
HTTP_PORT = cfg.port;
|
HTTP_PORT = cfg.port;
|
||||||
SSH_PORT = cfg.ssh_port;
|
SSH_PORT = cfg.ssh_port;
|
||||||
|
START_SSH_SERVER = true;
|
||||||
|
ENABLE_PUSH_CREATE_USER = true;
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
database = {
|
database = {
|
||||||
@@ -73,7 +77,7 @@ in
|
|||||||
networking.firewall.allowedTCPPorts = [ cfg.port cfg.ssh_port ];
|
networking.firewall.allowedTCPPorts = [ cfg.port cfg.ssh_port ];
|
||||||
|
|
||||||
# internal reverse proxy entry
|
# internal reverse proxy entry
|
||||||
services.nginx.virtualHosts."gitea.snowbelle.lan" = {
|
services.nginx.virtualHosts."git.snowbelle.lan" = {
|
||||||
enableACME = false;
|
enableACME = false;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
|
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
|
||||||
@@ -83,11 +87,11 @@ in
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
# external reverse proxy entry
|
# external reverse proxy entry
|
||||||
services.nginx.virtualHosts."gitea.blakedheld.xyz" = {
|
services.nginx.virtualHosts."git.blakedheld.xyz" = {
|
||||||
enableACME = false;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
|
# sslCertificate = config.sops.secrets."ssl_blakedheld_crt".path;
|
||||||
sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
|
# sslCertificateKey = config.sops.secrets."ssl_blakedheld_key".path;
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
proxyPass = "http://127.0.0.1:${toString cfg.port}";
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -63,7 +63,11 @@
|
|||||||
enable = true;
|
enable = true;
|
||||||
matchBlocks = {
|
matchBlocks = {
|
||||||
"git.blakedheld.xyz" = {
|
"git.blakedheld.xyz" = {
|
||||||
user = "git";
|
user = "gitea";
|
||||||
|
identityFile = "~/.ssh/id_snowbelle";
|
||||||
|
};
|
||||||
|
"git.snowbelle.lan" = {
|
||||||
|
user = "gitea";
|
||||||
identityFile = "~/.ssh/id_snowbelle";
|
identityFile = "~/.ssh/id_snowbelle";
|
||||||
};
|
};
|
||||||
"dockers" = {
|
"dockers" = {
|
||||||
|
|||||||
Reference in New Issue
Block a user