|
|
|
@ -13,7 +13,7 @@ in |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; |
|
|
|
|
[ jq git gitolite lighttpd cgit ]; |
|
|
|
|
[ jq git gitolite gitea nginx ]; |
|
|
|
|
services.openssh.enable = true; |
|
|
|
|
networking.firewall.allowedTCPPorts = [ 22 80 443 ]; |
|
|
|
|
|
|
|
|
@ -29,15 +29,44 @@ in |
|
|
|
|
dataDir = "${storage-dir}/data/gitolite"; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
users.users.lighttpd.extraGroups = [ "gitolite" ]; |
|
|
|
|
services.gitea = { |
|
|
|
|
enable = true; |
|
|
|
|
stateDir = "${storage-dir}/data/gitea"; |
|
|
|
|
domain = "code.betamike.com"; |
|
|
|
|
rootUrl = "https://code.betamike.com"; |
|
|
|
|
|
|
|
|
|
# will be reverse proxied through nginx for TLS termination |
|
|
|
|
httpAddress = "localhost"; |
|
|
|
|
httpPort = 3000; |
|
|
|
|
|
|
|
|
|
# only send cookies over tls |
|
|
|
|
cookieSecure = true; |
|
|
|
|
|
|
|
|
|
# TODO: enable after initial setup |
|
|
|
|
disableRegistration = false; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
services.lighttpd.enable = true; |
|
|
|
|
services.lighttpd.cgit = { |
|
|
|
|
services.nginx = { |
|
|
|
|
enable = true; |
|
|
|
|
configText = '' |
|
|
|
|
source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py |
|
|
|
|
project-list=/srv/data/gitolite/projects.list |
|
|
|
|
scan-path=/srv/data/gitolite/repositories |
|
|
|
|
''; |
|
|
|
|
recommendedTlsSettings = true; |
|
|
|
|
recommendedOptimisation = true; |
|
|
|
|
recommendedGzipSettings = true; |
|
|
|
|
recommendedProxySettings = true; |
|
|
|
|
|
|
|
|
|
virtualHosts = { |
|
|
|
|
"code.betamike.com" = { |
|
|
|
|
enableACME = true; |
|
|
|
|
forceSSL = true; |
|
|
|
|
|
|
|
|
|
locations."/" = { |
|
|
|
|
proxyPass = "http://localhost:3000"; |
|
|
|
|
}; |
|
|
|
|
}; |
|
|
|
|
}; |
|
|
|
|
}; |
|
|
|
|
|
|
|
|
|
security.acme.acceptTerms = true; |
|
|
|
|
security.acme.certs = { |
|
|
|
|
"code.betamike.com".email = "mike@betamike.com"; |
|
|
|
|
}; |
|
|
|
|
} |
|
|
|
|