73 lines
1.9 KiB
Nix
73 lines
1.9 KiB
Nix
{config, ...}: let
|
|
sshExposeIp = "0.0.0.0"; # TODO: change this to the public-facing IP for prod (and ideally hardcode it somewhere else)
|
|
sshIntPort = 14022;
|
|
httpIntPort = 14020;
|
|
dom = "git.min.rip"; # TODO: hardcoding
|
|
pBase = "/srv/gitea";
|
|
pGitea = "${pBase}/gitea";
|
|
pRunner = "${pBase}/runner";
|
|
in {
|
|
services.nginx = {
|
|
virtualHosts.${dom} = {
|
|
forceSSL = true;
|
|
enableACME = true;
|
|
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString httpIntPort}";
|
|
};
|
|
};
|
|
streamConfig = ''
|
|
upstream gitea {
|
|
server 127.0.0.1:${toString sshIntPort};
|
|
}
|
|
|
|
server {
|
|
listen ${sshExposeIp}:22;
|
|
proxy_timeout 20s;
|
|
proxy_pass gitea;
|
|
}
|
|
''; # May not support IPv6, i'm unsure..
|
|
};
|
|
|
|
# Auto-create directories we need
|
|
systemd.tmpfiles.rules = [
|
|
"d ${pBase} 0750 1000 1000 - -"
|
|
"d ${pGitea} 0750 1000 1000 - -"
|
|
"d ${pRunner} 0750 1000 1000 - -"
|
|
];
|
|
|
|
virtualisation.oci-containers.containers.gitea = {
|
|
image = "docker.io/gitea/gitea:1.21.4";
|
|
environment = {
|
|
USER_UID = "1000";
|
|
USER_GID = "1000";
|
|
GITEA_WORK_DIR = "/data/gitea";
|
|
GITEA_CUSTOM = "/data/gitea";
|
|
GITEA_APP_INI = "/data/gitea/conf/app.ini";
|
|
};
|
|
volumes = [
|
|
"${pGitea}:/data"
|
|
"/etc/localtime:/etc/localtime:ro"
|
|
];
|
|
ports = [
|
|
"${toString httpIntPort}:3000/tcp"
|
|
"${toString sshIntPort}:22/tcp"
|
|
];
|
|
};
|
|
|
|
sops.secrets."svc-gitea-runner-env" = {};
|
|
|
|
virtualisation.oci-containers.containers.gitea-runner = {
|
|
image = "docker.io/gitea/act_runner:0.2.6-dind-rootless";
|
|
environment = {
|
|
GITEA_INSTANCE_URL = "https://${dom}/";
|
|
DOCKER_HOST = "unix:///var/run/user/1000/docker.sock";
|
|
};
|
|
environmentFiles = [config.sops.secrets."svc-gitea-runner-env".path];
|
|
volumes = [
|
|
"${pRunner}:/data"
|
|
];
|
|
extraOptions = ["--privileged"];
|
|
};
|
|
}
|