Migrate gitea instance to NixOS

Signed-off-by: Danila Fedorin <danila.fedorin@gmail.com>

configuration.nix

@@ -20,7 +20,14 @@ let
       };
     };
   };
-  allVirtualHosts = [webFiles] ++ map blog.virtualHostFor [productionSite draftSite];
+  gitea = {
+    "dev.danilafe.com" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/".proxyPass = "http://localhost:3000/";
+    };
+  };
+  allVirtualHosts = [gitea webFiles] ++ map blog.virtualHostFor [productionSite draftSite];
 in
   {
     imports = [
@@ -67,6 +74,45 @@ in
       virtualHosts = pkgs.lib.mkMerge allVirtualHosts;
     };
 
+    users.groups.gitea = {};
+    users.users.gitea = {
+      group = "gitea";
+      isSystemUser = true;
+    };
+    services.gitea = {
+      enable = true;
+      appName = "Daniel's Tiny Cup Of Tea";
+      stateDir = "/var/lib/gitea";
+
+      # Default database settings (sqlite3, 127.0.0.1, path) all what we want
+      database = {};
+
+      # Default server settings are fine, except we need to customize domain etc.
+      settings.server = {
+        DOMAIN = "dev.danilafe.com";
+        ROOT_URL = "https://dev.danilafe.com";
+        OFFLINE_MODE = false;
+	# STATIC_ROOT_PATH = "/var/lib/gitea/data";
+      };
+
+      # Default settings are fine.
+      settings.service = {};
+
+      # NixOS service overrides cookies to insecure, but Gitea default is secure
+      settings.session = {
+        COOKIE_SECURE = true;
+        PROVIDER = "file";
+      };
+
+      settings.security = {
+        INSTALL_LOCK = true;
+      };
+
+      settings.indexer = {
+        REPO_INDEXER_ENABLED = true;
+      };
+    };
+
     users.defaultUserShell = pkgs.zsh;
     programs.zsh.enable = true;
     programs.zsh.ohMyZsh = {