From 836b890fab5b3a24ea1b0ff28f78f14b30b7d773 Mon Sep 17 00:00:00 2001 From: sora-ext Date: Mon, 11 May 2026 17:47:28 +0200 Subject: [PATCH] Add modules/server/containers/apps/gitea.nix --- modules/server/containers/apps/gitea.nix | 85 ++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 modules/server/containers/apps/gitea.nix diff --git a/modules/server/containers/apps/gitea.nix b/modules/server/containers/apps/gitea.nix new file mode 100644 index 0000000..c9b9de7 --- /dev/null +++ b/modules/server/containers/apps/gitea.nix @@ -0,0 +1,85 @@ +{ config, containerCfg, pkgs, lib, builder, name, ... }: +let + version = "latest"; + serverCfg = config.syscfg.server; +in { + + paths = [{ + path="${serverCfg.dataPath}/gitea/data"; + owner = "1000:1000"; + mode = "0755"; + }]; + containers = { + server = builder.mkContainer { + subdomain = containerCfg.subdomain; + image = "gitea/gitea:${version}"; + port = 8080; + ip = containerCfg.ip; + secret = name; + + extraEnv = { # app.ini -> GITEA__
__ = ""; + GITEA__DEFAULT__APP_NAME = if(containerCfg.extra ? name) then containerCfg.extra.name else "Gitea"; + GITEA__repository__DISABLED_REPO_UNITS = "repo.ext_issues,repo.ext_wiki"; + GITEA__repository__DISABLE_STARS = "true"; + GITEA__repository__DEFAULT_MERGE_STYLE = "squash"; + # GITEA__ui__THEMES = ""; + # GITEA__ui__DEFAULT_THEME = ""; + + # GITEA__security__SECRET_KEY = "SECRET_ENV"; + # GITEA__security__INTERNAL_TOKEN = "SECRET_ENV"; + # GITEA__database__PASSWD = "SECRET_ENV"; + # GITEA__mailer__PASSWD="SECRET_ENV"; + + GITEA__database__DB_TYPE = "postgres"; + GITEA__database__HOST = builder.host; + GITEA__database__NAME = "gitea_db"; + GITEA__database__USER = "gitea_user"; + + + GITEA__mailer__ENABLED = "true"; + GITEA__mailer__FROM = ""; + GITEA__mailer__PROTOCOL = "smtps"; + GITEA__mailer__SMTP_ADDR = ""; + GITEA__mailer__SMTP_PORT = ""; + GITEA__mailer__USER= ""; + + GITEA__server__DOMAIN = "${containerCfg.subdomain}.${serverCfg.hostDomain}"; + GITEA__server__ROOT_URL = "https://${containerCfg.subdomain}.${serverCfg.hostDomain}/"; + GITEA__server__PROTOCOL = "http"; + # GITEA__server__USE_PROXY_PROTOCOL = true; + GITEA__server__HTTP_PORT = "8080"; + GITEA__server__LFS_START_SERVER = "true"; + GITEA__security__INSTALL_LOCK = "true"; + + } // ( if serverCfg.containers?authentik then { + GITEA__service__ENABLE_BASIC_AUTHENTICATION = "false"; + GITEA__service__ENABLE_REVERSE_PROXY_AUTHENTICATION = "true"; + GITEA__service__ENABLE_REVERSE_PROXY_AUTHENTICATION_API = "true"; + GITEA__service__ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = "true"; + GITEA__service__ENABLE_REVERSE_PROXY_EMAIL = "true"; + GITEA__service__ENABLE_REVERSE_PROXY_FULL_NAME = "true"; + GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION = "true"; + GITEA__security__REVERSE_PROXY_LOGOUT_REDIRECT = "https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/outpost.goauthentik.io/"; + GITEA__security__REVERSE_PROXY_AUTHENTICATION_USER = "X-authentik-username"; + GITEA__security__REVERSE_PROXY_AUTHENTICATION_EMAIL = "X-authentik-email"; + GITEA__security__REVERSE_PROXY_AUTHENTICATION_FULL_NAME = "X-authentik-name"; + GITEA__security__RREVERSE_PROXY_LIMIT = "1"; + GITEA__security__REVERSE_PROXY_TRUSTED_PROXIES = "127.0.0.0/8,::1/128,10.0.0.0/8"; + } else {}); + extraLabels = { + "traefik.http.routers.${containerCfg.subdomain}-login.rule" = "Host(`${containerCfg.subdomain}.${serverCfg.hostDomain}`) && Path(`/user/login`) "; + "traefik.http.routers.${containerCfg.subdomain}-login.middlewares" = if serverCfg.containers?authentik then "authentik" else ""; + "traefik.http.routers.${containerCfg.subdomain}-login.priority" = "100"; + "traefik.http.routers.${containerCfg.subdomain}-login.entrypoints" = "web-secure"; + "traefik.http.routers.${containerCfg.subdomain}-login.tls" = "true"; + }; + + overrides = { + volumes = [ + "${serverCfg.dataPath}/gitea/data:/data" + ]; + ports = [ "2222:22" ]; + }; + }; + }; +} \ No newline at end of file