63 lines
1.7 KiB
Nix
63 lines
1.7 KiB
Nix
{
|
|
pkgs,
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
cfg = config.services.gogsHome;
|
|
in {
|
|
options.services.gogsHome = {
|
|
enable = lib.mkEnableOption "Pre-Configured gogs service";
|
|
passwordFile = with lib;
|
|
mkOption {
|
|
type = types.str;
|
|
description = "Password file for the database";
|
|
};
|
|
addr.v4 = with lib;
|
|
mkOption {
|
|
type = types.str;
|
|
description = "v4-Address to listen on";
|
|
};
|
|
addr.v6 = with lib;
|
|
mkOption {
|
|
type = types.str;
|
|
description = "v6-Address to listen on";
|
|
};
|
|
stateDir = with lib;
|
|
mkOption {
|
|
type = types.str;
|
|
description = "Root path for all the data";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
services.gogs = {
|
|
inherit (cfg) stateDir;
|
|
enable = true;
|
|
appName = "Malte's Secret Git Stash";
|
|
cookieSecure = true;
|
|
database.passwordFile = cfg.passwordFile;
|
|
httpPort = 10219;
|
|
rootUrl = "https://git.home/";
|
|
domain = "git.home";
|
|
# FIXME: Remove after upstream fix of database type
|
|
extraConfig = ''
|
|
[database]
|
|
TYPE = sqlite3
|
|
'';
|
|
};
|
|
|
|
services.nginx.virtualHosts.${config.services.gogs.domain} = {
|
|
addSSL = true;
|
|
listenAddresses = [cfg.addr.v4 "[${cfg.addr.v6}]"];
|
|
sslTrustedCertificate = pkgs.writeText "ca.crt" (builtins.readFile ../secrets/ca.crt);
|
|
sslCertificateKey = config.sops.secrets."nginx-cert-key".path;
|
|
sslCertificate = config.sops.secrets."nginx-cert-crt".path;
|
|
locations."/" = {
|
|
proxyPass = "http://${config.services.gogs.httpAddress}:${toString config.services.gogs.httpPort}";
|
|
proxyWebsockets = true;
|
|
};
|
|
};
|
|
};
|
|
}
|