{ pkgs, lib, ... }: { name = "gitea"; config = { services.gitea = { enable = true; lfs.enable = true; appName = "githug"; # Give the site a name user = "git"; database = { type = "mysql"; host = "mariadb.containers"; port = 3306; name = "gitea"; user = "gitea"; createDatabase = false; passwordFile = ../secrets/gitea_mariadb_pass; }; settings = { server = { DOMAIN = "githug.xyz"; ROOT_URL = "https://githug.xyz/"; # COOKIE_SECURE = true; HTTP_PORT = 3001; OFFLINE_MODE = true; }; repository.ENABLE_PUSH_CREATE_USER = true; mailer.ENABLED = false; service = { REGISTER_EMAIL_CONFIRM = false; ENABLE_NOTIFY_EMAIL = false; DISABLE_REGISTRATION = true; }; }; }; services.openssh = { enable = true; settings = { PermitRootLogin = "no"; PasswordAuthentication = false; }; }; users.users.git = { home = "/var/lib/gitea"; group = "git"; shell = pkgs.bashInteractive; isSystemUser = true; }; users.groups.git = {}; }; ports = { tcp = [ 3001 22 ]; udp = []; http = 3001; forward = [ { container = 22; host = 22; proto = "tcp"; } ]; }; hosts = [ "githug.xyz" ]; volumes = [{ name = "gitea-statedir"; mountPoint = "/var/lib/gitea"; }]; hostConfig = { system.activationScripts.gitea-custom-files = let customs = pkgs.stdenv.mkDerivation { name = "gitea-custom"; src = ./..; phases = [ "installPhase" ]; installPhase = '' cp -r $src/resources/gitea-custom $out ''; }; in '' mkdir -p ${lib.hostVolumeDir}/gitea-statedir/custom rm -rf ${lib.hostVolumeDir}/gitea-statedir/custom/public rm -rf ${lib.hostVolumeDir}/gitea-statedir/custom/templates cp -rf ${customs}/public ${lib.hostVolumeDir}/gitea-statedir/custom cp -rf ${customs}/templates ${lib.hostVolumeDir}/gitea-statedir/custom ''; }; }