From d4576c6287305d34bfedcd4a75cc87465dfee377 Mon Sep 17 00:00:00 2001 From: Danila Fedorin Date: Sat, 27 Dec 2025 03:39:41 +0000 Subject: [PATCH] Migrate gitea instance to NixOS Signed-off-by: Danila Fedorin --- configuration.nix | 48 ++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 47 insertions(+), 1 deletion(-) diff --git a/configuration.nix b/configuration.nix index 9c798b9..fc95a0e 100644 --- a/configuration.nix +++ b/configuration.nix @@ -20,7 +20,14 @@ let }; }; }; - allVirtualHosts = [webFiles] ++ map blog.virtualHostFor [productionSite draftSite]; + gitea = { + "dev.danilafe.com" = { + forceSSL = true; + enableACME = true; + locations."/".proxyPass = "http://localhost:3000/"; + }; + }; + allVirtualHosts = [gitea webFiles] ++ map blog.virtualHostFor [productionSite draftSite]; in { imports = [ @@ -67,6 +74,45 @@ in virtualHosts = pkgs.lib.mkMerge allVirtualHosts; }; + users.groups.gitea = {}; + users.users.gitea = { + group = "gitea"; + isSystemUser = true; + }; + services.gitea = { + enable = true; + appName = "Daniel's Tiny Cup Of Tea"; + stateDir = "/var/lib/gitea"; + + # Default database settings (sqlite3, 127.0.0.1, path) all what we want + database = {}; + + # Default server settings are fine, except we need to customize domain etc. + settings.server = { + DOMAIN = "dev.danilafe.com"; + ROOT_URL = "https://dev.danilafe.com"; + OFFLINE_MODE = false; + # STATIC_ROOT_PATH = "/var/lib/gitea/data"; + }; + + # Default settings are fine. + settings.service = {}; + + # NixOS service overrides cookies to insecure, but Gitea default is secure + settings.session = { + COOKIE_SECURE = true; + PROVIDER = "file"; + }; + + settings.security = { + INSTALL_LOCK = true; + }; + + settings.indexer = { + REPO_INDEXER_ENABLED = true; + }; + }; + users.defaultUserShell = pkgs.zsh; programs.zsh.enable = true; programs.zsh.ohMyZsh = {