nixos/server/gitea.nix

{...}: {
  imports = [./traefik.nix ./fail2ban.nix];
  services.gitea = {
    enable = true;
    settings = {
      server = {
        ROOT_URL = "https://git.xenia.me.uk";
        DOMAIN = "git.xenia.me.uk";
        START_SSH_SERVER = true;
        SSH_DOMAIN = "git.xenia.me.uk";
        SSH_PORT = 2222;
        SSH_LISTEN_PORT = 30922;
      };
      service.DISABLE_REGISTRATION = true;
      ui = {
        THEMES = "auto,gitea,arc-green,catppuccin-latte-lavender,catppuccin-frappe-lavender,catppuccin-macchiato-lavender,catppuccin-mocha-lavender";
      };
    };
    appName = "Gitea";
  };
  services.traefik.dynamicConfigOptions = {
    http = {
      routers.gitea = {
        rule = "Host(`git.xenia.me.uk`)";
        entryPoints = ["http" "https"];
        service = "gitea-websecure";
        tls = {certResolver = "default";};
      };
      services.gitea-websecure.loadBalancer.servers = [{url = "http://localhost:3000";}];
    };
    tcp = {
      routers.gitea-ssh = {
        rule = "HostSNI(`git.xenia.me.uk`)";
        entryPoints = ["ssh"];
        service = "gitea-sshservice";
        tls = {certResolver = "default";};
      };
      routers.gitea-ssh-local = {
        rule = "ClientIP(`192.168.0.0/16`)";
        entryPoints = ["ssh"];
        service = "gitea-sshservice";
      };
      services.gitea-sshservice.loadBalancer.servers = [{address = "localhost:30922";}];
    };
  };
  services.fail2ban.jails.gitea = ''
    enabled = true
    filter = sshd
    ports = 30922
    backend = systemd
  '';
}
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			`{...}: {`
			`imports = [./traefik.nix ./fail2ban.nix];`
Start adding fail2ban to server config 2023-05-16 11:04:48 +01:00			`services.gitea = {`
			`enable = true;`
Disable user registration 2023-05-16 15:45:02 +01:00			`settings = {`
			`server = {`
			`ROOT_URL = "https://git.xenia.me.uk";`
			`DOMAIN = "git.xenia.me.uk";`
Update ports used and relevant traefik configs 2023-05-25 17:05:25 +01:00			`START_SSH_SERVER = true;`
			`SSH_DOMAIN = "git.xenia.me.uk";`
Disable user registration 2023-05-16 15:45:02 +01:00			`SSH_PORT = 2222;`
Update ports used and relevant traefik configs 2023-05-25 17:05:25 +01:00			`SSH_LISTEN_PORT = 30922;`
Disable user registration 2023-05-16 15:45:02 +01:00			`};`
			`service.DISABLE_REGISTRATION = true;`
Add a catppuccin theme to gitea config (test) 2023-05-19 11:46:43 +01:00			`ui = {`
Add the extra catppuccin flavours 2023-05-19 12:03:52 +01:00			`THEMES = "auto,gitea,arc-green,catppuccin-latte-lavender,catppuccin-frappe-lavender,catppuccin-macchiato-lavender,catppuccin-mocha-lavender";`
Add a catppuccin theme to gitea config (test) 2023-05-19 11:46:43 +01:00			`};`
Add root url to gitea config 2023-05-16 15:42:05 +01:00			`};`
Start adding fail2ban to server config 2023-05-16 11:04:48 +01:00			`appName = "Gitea";`
			`};`
Update ports used and relevant traefik configs 2023-05-25 17:05:25 +01:00			`services.traefik.dynamicConfigOptions = {`
			`http = {`
			`routers.gitea = {`
			rule = "Host(`git.xenia.me.uk`)";
			`entryPoints = ["http" "https"];`
			`service = "gitea-websecure";`
			`tls = {certResolver = "default";};`
			`};`
			`services.gitea-websecure.loadBalancer.servers = [{url = "http://localhost:3000";}];`
			`};`
			`tcp = {`
			`routers.gitea-ssh = {`
			rule = "HostSNI(`git.xenia.me.uk`)";
			`entryPoints = ["ssh"];`
			`service = "gitea-sshservice";`
			`tls = {certResolver = "default";};`
			`};`
			`routers.gitea-ssh-local = {`
			rule = "ClientIP(`192.168.0.0/16`)";
			`entryPoints = ["ssh"];`
			`service = "gitea-sshservice";`
			`};`
			`services.gitea-sshservice.loadBalancer.servers = [{address = "localhost:30922";}];`
Formatting pass with alejandra 2023-05-17 17:10:18 +01:00			`};`
Initial add of gitea, add traefik for network routing 2023-05-11 11:54:42 +01:00			`};`
Extend fail2ban config for gitea 2023-05-16 11:31:36 +01:00			`services.fail2ban.jails.gitea = ''`
			`enabled = true`
			`filter = sshd`
Update ports used and relevant traefik configs 2023-05-25 17:05:25 +01:00			`ports = 30922`
Extend fail2ban config for gitea 2023-05-16 11:31:36 +01:00			`backend = systemd`
			`'';`
Initial add of gitea, add traefik for network routing 2023-05-11 11:54:42 +01:00			`}`