{ config, containerCfg, pkgs, lib, builder, name, ... }: let version = "latest"; serverCfg = config.syscfg.server; in { paths = [{ path="${serverCfg.dataPath}/gitea/data"; owner = "1000:1000"; mode = "0755"; }]; containers = { server = builder.mkContainer { subdomain = containerCfg.subdomain; image = "gitea/gitea:${version}"; port = 8080; ip = containerCfg.ip; secret = name; extraEnv = { # app.ini -> GITEA__
__ = ""; GITEA__DEFAULT__APP_NAME = if(containerCfg.extra ? name) then containerCfg.extra.name else "Gitea"; GITEA__repository__DISABLED_REPO_UNITS = "repo.ext_issues,repo.ext_wiki"; GITEA__repository__DISABLE_STARS = "true"; GITEA__repository__DEFAULT_MERGE_STYLE = "squash"; # GITEA__ui__THEMES = ""; # GITEA__ui__DEFAULT_THEME = ""; # GITEA__security__SECRET_KEY = "SECRET_ENV"; # GITEA__security__INTERNAL_TOKEN = "SECRET_ENV"; # GITEA__database__PASSWD = "SECRET_ENV"; # GITEA__mailer__PASSWD="SECRET_ENV"; GITEA__database__DB_TYPE = "postgres"; GITEA__database__HOST = builder.host; GITEA__database__NAME = "gitea_db"; GITEA__database__USER = "gitea_user"; GITEA__mailer__ENABLED = "true"; GITEA__mailer__FROM = ""; GITEA__mailer__PROTOCOL = "smtps"; GITEA__mailer__SMTP_ADDR = ""; GITEA__mailer__SMTP_PORT = ""; GITEA__mailer__USER= ""; GITEA__server__DOMAIN = "${containerCfg.subdomain}.${serverCfg.hostDomain}"; GITEA__server__ROOT_URL = "https://${containerCfg.subdomain}.${serverCfg.hostDomain}/"; GITEA__server__PROTOCOL = "http"; # GITEA__server__USE_PROXY_PROTOCOL = true; GITEA__server__HTTP_PORT = "8080"; GITEA__server__LFS_START_SERVER = "true"; GITEA__security__INSTALL_LOCK = "true"; } // ( if serverCfg.containers?authentik then { GITEA__service__ENABLE_BASIC_AUTHENTICATION = "false"; GITEA__service__ENABLE_REVERSE_PROXY_AUTHENTICATION = "true"; GITEA__service__ENABLE_REVERSE_PROXY_AUTHENTICATION_API = "true"; GITEA__service__ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = "true"; GITEA__service__ENABLE_REVERSE_PROXY_EMAIL = "true"; GITEA__service__ENABLE_REVERSE_PROXY_FULL_NAME = "true"; GITEA__service__ALLOW_ONLY_EXTERNAL_REGISTRATION = "true"; GITEA__security__REVERSE_PROXY_LOGOUT_REDIRECT = "https://${serverCfg.containers.authentik.subdomain}.${serverCfg.hostDomain}/outpost.goauthentik.io/"; GITEA__security__REVERSE_PROXY_AUTHENTICATION_USER = "X-authentik-username"; GITEA__security__REVERSE_PROXY_AUTHENTICATION_EMAIL = "X-authentik-email"; GITEA__security__REVERSE_PROXY_AUTHENTICATION_FULL_NAME = "X-authentik-name"; GITEA__security__RREVERSE_PROXY_LIMIT = "1"; GITEA__security__REVERSE_PROXY_TRUSTED_PROXIES = "127.0.0.0/8,::1/128,10.0.0.0/8"; } else {}); extraLabels = { "traefik.http.routers.${containerCfg.subdomain}-login.rule" = "Host(`${containerCfg.subdomain}.${serverCfg.hostDomain}`) && Path(`/user/login`) "; "traefik.http.routers.${containerCfg.subdomain}-login.middlewares" = if serverCfg.containers?authentik then "authentik" else ""; "traefik.http.routers.${containerCfg.subdomain}-login.priority" = "100"; "traefik.http.routers.${containerCfg.subdomain}-login.entrypoints" = "web-secure"; "traefik.http.routers.${containerCfg.subdomain}-login.tls" = "true"; }; overrides = { volumes = [ "${serverCfg.dataPath}/gitea/data:/data" ]; ports = [ "2222:22" ]; }; }; }; setup = { trigger = "server"; script = pkgs.writeShellScript "setup" '' # Define the command wrapper GT="${pkgs.podman}/bin/podman --events-backend=none exec --env-file ${config.sops.secrets."CUSTOM".path} -e DOMAIN=${serverCfg.hostDomain} -u git gitea-server gitea" $GT admin user create --username "\$DEFAULT_ADMIN_USERNAME" --password "\$DEFAULT_ADMIN_PASSWORD" --email "\$DEFAULT_ADMIN_EMAIL" --admin || true $GT admin user change --username "\$DEFAULT_ADMIN_USERNAME" --admin || true echo "Completed Gitea Setup" ''; }; }