service: gitea&nginx

flake.lock

@@ -36,11 +36,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1769018530,
+        "lastModified": 1769170682,
-        "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
+        "narHash": "sha256-oMmN1lVQU0F0W2k6OI3bgdzp2YOHWYUAw79qzDSjenU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
+        "rev": "c5296fdd05cfa2c187990dd909864da9658df755",
         "type": "github"
       },
       "original": {
@@ -53,7 +53,24 @@
     "root": {
       "inputs": {
         "catppuccin": "catppuccin",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_2",
+        "secrets": "secrets"
+      }
+    },
+    "secrets": {
+      "locked": {
+        "lastModified": 1769514557,
+        "narHash": "sha256-nJOWEsRw7C2hrrC9xf74oAq3dLJEXq71M2bbdO+DUpw=",
+        "ref": "refs/heads/main",
+        "rev": "6aa45be13cc08dc2518b6b749df5e81975ed6df4",
+        "shallow": true,
+        "type": "git",
+        "url": "ssh://git@git.colorsky.fun/Sky/secrets"
+      },
+      "original": {
+        "shallow": true,
+        "type": "git",
+        "url": "ssh://git@git.colorsky.fun/Sky/secrets"
       }
     }
   },

flake.nix

@@ -1,17 +1,19 @@
 {
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-    # napcat = {
-    #   url = "https://github.com/initialencounter/napcat.nix";
-    # };
     catppuccin.url = "github:catppuccin/nix";
+
+    secrets.url = "git+ssh://git@git.colorsky.fun/Sky/secrets?shallow=1";
   };
+
   outputs =
-    inputs@{ nixpkgs, ... }:
+    inputs@{ nixpkgs, secrets, ... }:
     {
       nixosConfigurations = {
         macmini = inputs.nixpkgs.lib.nixosSystem {
-          specialArgs = { inherit inputs; };
+          specialArgs = {
+            inherit inputs secrets;
+          };
           system = "x86_64-linux";
           modules = [
             ./host/macmini.nix

host/macmini.nix

@@ -13,6 +13,7 @@
 
     ../modules/system/boot.nix
     ../modules/system/networking.nix
+    ../modules/system/nix.nix
 
     ../modules/programs/bash
     ../modules/programs/tools.nix

modules/services/gitea.nix

@@ -1,4 +1,9 @@
-{ inputs, pkgs, ... }:
+{
+  inputs,
+  pkgs,
+  secrets,
+  ...
+}:
 {
   imports = [
     inputs.catppuccin.nixosModules.catppuccin
@@ -23,6 +28,17 @@
       type = "sqlite3";
     };
 
+    settings = {
+      server = {
+        ROOT_URL = "https://git.colorsky.fun:8443";
+        DOMAIN = "git.colorsky.fun";
+      };
+      mailer = {
+        ENABLED = true;
+        PROTOCOL = "smtp+starttls";
+      }
+      // secrets.strings.gitea.mailer;
+    };
   };
 
   users.groups.git = { };

modules/services/nignx.nix

@@ -1,3 +1,33 @@
-{ ... }:
+{ secrets, ... }:
 
-{ }
+{
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."git.colorsky.fun" = {
+      forceSSL = true;
+      useACMEHost = "colorsky.fun";
+      locations."/".proxyPass = "http://localhost:3000";
+
+      extraConfig = ''
+        listen [::]:8443 ssl;
+      '';
+    };
+    virtualHosts."192.168.68.59" = { };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "i@colorsky.fun";
+    certs."colorsky.fun" = {
+      domain = "*.colorsky.fun";
+      dnsProvider = "cloudflare";
+      dnsPropagationCheck = true;
+
+      group = "nginx";
+
+      environmentFile = secrets.files.cloudflare-api-key;
+    };
+  };
+}

modules/system/nix.nix

@@ -0,0 +1,7 @@
+{ ... }:
+{
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+}