service: gitea&nginx

2026-01-27 11:59:50 +00:00
parent a4b60e72a8
commit 1463b7fe63
6 changed files with 85 additions and 12 deletions
--- a/modules/services/gitea.nix
+++ b/modules/services/gitea.nix
@@ -1,4 +1,9 @@
-{ inputs, pkgs, ... }:
+{
+  inputs,
+  pkgs,
+  secrets,
+  ...
+}:
 {
  imports = [
    inputs.catppuccin.nixosModules.catppuccin
@@ -23,6 +28,17 @@
      type = "sqlite3";
    };

+    settings = {
+      server = {
+        ROOT_URL = "https://git.colorsky.fun:8443";
+        DOMAIN = "git.colorsky.fun";
+      };
+      mailer = {
+        ENABLED = true;
+        PROTOCOL = "smtp+starttls";
+      }
+      // secrets.strings.gitea.mailer;
+    };
  };

  users.groups.git = { };
--- a/modules/services/nignx.nix
+++ b/modules/services/nignx.nix
@@ -1,3 +1,33 @@
-{ ... }:
+{ secrets, ... }:

-{ }
+{
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."git.colorsky.fun" = {
+      forceSSL = true;
+      useACMEHost = "colorsky.fun";
+      locations."/".proxyPass = "http://localhost:3000";
+
+      extraConfig = ''
+        listen [::]:8443 ssl;
+      '';
+    };
+    virtualHosts."192.168.68.59" = { };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "i@colorsky.fun";
+    certs."colorsky.fun" = {
+      domain = "*.colorsky.fun";
+      dnsProvider = "cloudflare";
+      dnsPropagationCheck = true;
+
+      group = "nginx";
+
+      environmentFile = secrets.files.cloudflare-api-key;
+    };
+  };
+}