ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues 1 Pull Requests 2 Actions 1 Packages Projects Releases Wiki Activity
Files
dfd04fe175e9c4516acd2a2a9905edf2cbf22a35
nix-dotfiles/systems/palatine-hill/gitea.nix
ahuston-0 f100febf99
All checks were successful
Check flake.lock / Check health of `flake.lock` (pull_request) Successful in 11s
Details
Check Nix flake / Perform Nix flake checks (pull_request) Successful in 3m22s
Details
kanidm user updates
2026-05-02 13:16:44 -04:00

127 lines
3.0 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
...
}:
let
base_path = "/ZFS/ZFS-primary/gitea";
in
{
services.gitea = {
enable = true;
appName = "Nayeonie's Trove";
database = {
type = "postgres";
passwordFile = config.sops.secrets."gitea/dbpass".path;
createDatabase = false;
host = "127.0.0.1";
name = "giteadb";
port = 5433;
};
settings = {
server = {
DOMAIN = "nayeonie.com";
ROOT_URL = "https://nayeonie.com/";
HTTP_PORT = 6443;
SSH_PORT = 2222;
SSH_LISTEN_PORT = 2223;
START_SSH_SERVER = true;
PUBLIC_URL_DETECTION = "auto";
};
repository = {
ENABLE_PUSH_CREATE_USER = true;
DEFAULT_MERGE_STYLE = "rebase-merge";
};
service = {
DISABLE_REGISTRATION = true;
};
openid = {
ENABLE_OPENID_SIGNIN = true;
ENABLE_OPENID_SIGNUP = false;
};
log = {
LEVEL = "Trace";
ENABLE_SSH_LOG = true;
};
"log.console-warn" = {
LEVEL = "Trace";
ENABLE_SSH_LOG = true;
};
cache = {
enabled = true;
dir = "";
host = "192.168.76.2";
port = "8088";
};
"storage.minio" = {
STORAGE_TYPE = "minio";
MINIO_ENDPOINT = "minio.nayeonie.com";
MINIO_BUCKET = "gitea";
MINIO_LOCATION = "us-east-1";
MINIO_USE_SSL = true;
MINIO_INSECURE_SKIP_VERIFY = false;
MINIO_BUCKET_LOOKUP_TYPE = "auto";
};
};
stateDir = base_path;
lfs.enable = true;
recommendedDefaults = true;
};
systemd.services.gitea = {
requires = [ "docker.service" ];
after = [ "docker.service" ];
};
systemd.services.gitea-kanidm-oidc-bootstrap = {
description = "Bootstrap Gitea Kanidm OIDC auth source";
wantedBy = [ "multi-user.target" ];
requires = [ "gitea.service" ];
after = [ "gitea.service" ];
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "root";
};
path = [
config.services.gitea.package
pkgs.coreutils
pkgs.gnugrep
];
script = ''
set -eu
APP_INI="${config.services.gitea.customDir}/conf/app.ini"
if gitea admin auth list --config "$APP_INI" | grep -Fq "Kanidm OIDC"; then
exit 0
fi
gitea admin auth add-oauth \
--config "$APP_INI" \
--name "Kanidm OIDC" \
--provider openidConnect \
--key "gitea" \
--secret "$(<${config.sops.secrets."kanidm/gitea_oidc_client_secret".path})" \
--auto-discover-url "https://auth.nayeonie.com/oauth2/openid/gitea/.well-known/openid-configuration" \
--scopes openid \
--scopes profile \
--scopes email \
--full-name-claim-name name \
--group-claim-name groups \
--required-claim-name groups \
--required-claim-value gitea-users \
--admin-group gitea-users
'';
};
networking.firewall.allowedTCPPorts = [ 6443 ];
sops.secrets = {
"gitea/dbpass".owner = "gitea";
"gitea/minio".owner = "gitea";
};
}
Reference in New Issue View Git Blame Copy Permalink