nixos/server/gitea.nix

53 lines
1.5 KiB
Nix

{...}: {
imports = [./traefik.nix ./fail2ban.nix];
services.gitea = {
enable = true;
settings = {
server = {
ROOT_URL = "https://git.xenia.me.uk";
DOMAIN = "git.xenia.me.uk";
START_SSH_SERVER = true;
SSH_DOMAIN = "git.xenia.me.uk";
SSH_PORT = 2222;
SSH_LISTEN_PORT = 30922;
};
service.DISABLE_REGISTRATION = true;
ui = {
THEMES = "auto,gitea,arc-green,catppuccin-latte-lavender,catppuccin-frappe-lavender,catppuccin-macchiato-lavender,catppuccin-mocha-lavender";
};
};
appName = "Gitea";
};
services.traefik.dynamicConfigOptions = {
http = {
routers.gitea = {
rule = "Host(`git.xenia.me.uk`)";
entryPoints = ["http" "https"];
service = "gitea-websecure";
tls = {certResolver = "default";};
};
services.gitea-websecure.loadBalancer.servers = [{url = "http://localhost:3000";}];
};
tcp = {
routers.gitea-ssh = {
rule = "HostSNI(`git.xenia.me.uk`)";
entryPoints = ["ssh"];
service = "gitea-sshservice";
tls = {certResolver = "default";};
};
routers.gitea-ssh-local = {
rule = "ClientIP(`192.168.0.0/16`)";
entryPoints = ["ssh"];
service = "gitea-sshservice";
};
services.gitea-sshservice.loadBalancer.servers = [{address = "localhost:30922";}];
};
};
services.fail2ban.jails.gitea = ''
enabled = true
filter = sshd
ports = 30922
backend = systemd
'';
}