service: gitea&nginx

2026-01-27 11:59:50 +00:00
parent a4b60e72a8
commit 1463b7fe63
6 changed files with 85 additions and 12 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -36,11 +36,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1769018530,
-        "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=",
+        "lastModified": 1769170682,
+        "narHash": "sha256-oMmN1lVQU0F0W2k6OI3bgdzp2YOHWYUAw79qzDSjenU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "88d3861acdd3d2f0e361767018218e51810df8a1",
+        "rev": "c5296fdd05cfa2c187990dd909864da9658df755",
        "type": "github"
      },
      "original": {
@@ -53,7 +53,24 @@
    "root": {
      "inputs": {
        "catppuccin": "catppuccin",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_2",
+        "secrets": "secrets"
+      }
+    },
+    "secrets": {
+      "locked": {
+        "lastModified": 1769514557,
+        "narHash": "sha256-nJOWEsRw7C2hrrC9xf74oAq3dLJEXq71M2bbdO+DUpw=",
+        "ref": "refs/heads/main",
+        "rev": "6aa45be13cc08dc2518b6b749df5e81975ed6df4",
+        "shallow": true,
+        "type": "git",
+        "url": "ssh://git@git.colorsky.fun/Sky/secrets"
+      },
+      "original": {
+        "shallow": true,
+        "type": "git",
+        "url": "ssh://git@git.colorsky.fun/Sky/secrets"
      }
    }
  },
--- a/flake.nix
+++ b/flake.nix
@@ -1,17 +1,19 @@
 {
  inputs = {
    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
-    # napcat = {
-    #   url = "https://github.com/initialencounter/napcat.nix";
-    # };
    catppuccin.url = "github:catppuccin/nix";
+
+    secrets.url = "git+ssh://git@git.colorsky.fun/Sky/secrets?shallow=1";
  };
+
  outputs =
-    inputs@{ nixpkgs, ... }:
+    inputs@{ nixpkgs, secrets, ... }:
    {
      nixosConfigurations = {
        macmini = inputs.nixpkgs.lib.nixosSystem {
-          specialArgs = { inherit inputs; };
+          specialArgs = {
+            inherit inputs secrets;
+          };
          system = "x86_64-linux";
          modules = [
            ./host/macmini.nix
--- a/host/macmini.nix
+++ b/host/macmini.nix
@@ -13,6 +13,7 @@

    ../modules/system/boot.nix
    ../modules/system/networking.nix
+    ../modules/system/nix.nix

    ../modules/programs/bash
    ../modules/programs/tools.nix
--- a/modules/services/gitea.nix
+++ b/modules/services/gitea.nix
@@ -1,4 +1,9 @@
-{ inputs, pkgs, ... }:
+{
+  inputs,
+  pkgs,
+  secrets,
+  ...
+}:
 {
  imports = [
    inputs.catppuccin.nixosModules.catppuccin
@@ -23,6 +28,17 @@
      type = "sqlite3";
    };

+    settings = {
+      server = {
+        ROOT_URL = "https://git.colorsky.fun:8443";
+        DOMAIN = "git.colorsky.fun";
+      };
+      mailer = {
+        ENABLED = true;
+        PROTOCOL = "smtp+starttls";
+      }
+      // secrets.strings.gitea.mailer;
+    };
  };

  users.groups.git = { };
--- a/modules/services/nignx.nix
+++ b/modules/services/nignx.nix
@@ -1,3 +1,33 @@
-{ ... }:
+{ secrets, ... }:

-{ }
+{
+  services.nginx = {
+    enable = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."git.colorsky.fun" = {
+      forceSSL = true;
+      useACMEHost = "colorsky.fun";
+      locations."/".proxyPass = "http://localhost:3000";
+
+      extraConfig = ''
+        listen [::]:8443 ssl;
+      '';
+    };
+    virtualHosts."192.168.68.59" = { };
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "i@colorsky.fun";
+    certs."colorsky.fun" = {
+      domain = "*.colorsky.fun";
+      dnsProvider = "cloudflare";
+      dnsPropagationCheck = true;
+
+      group = "nginx";
+
+      environmentFile = secrets.files.cloudflare-api-key;
+    };
+  };
+}
--- a/modules/system/nix.nix
+++ b/modules/system/nix.nix
@@ -0,0 +1,7 @@
+{ ... }:
+{
+  nix.settings.experimental-features = [
+    "nix-command"
+    "flakes"
+  ];
+}