···
1
+
{ config, lib, pkgs, ... }:
6
+
cfg = config.services.gitea;
7
+
configFile = pkgs.writeText "app.ini" ''
8
+
APP_NAME = ${cfg.appName}
9
+
RUN_USER = ${cfg.user}
13
+
DB_TYPE = ${cfg.database.type}
14
+
HOST = ${cfg.database.host}:${toString cfg.database.port}
15
+
NAME = ${cfg.database.name}
16
+
USER = ${cfg.database.user}
18
+
PATH = ${cfg.database.path}
21
+
ROOT = ${cfg.repositoryRoot}
24
+
DOMAIN = ${cfg.domain}
25
+
HTTP_ADDR = ${cfg.httpAddress}
26
+
HTTP_PORT = ${toString cfg.httpPort}
27
+
ROOT_URL = ${cfg.rootUrl}
28
+
STATIC_ROOT_PATH = ${cfg.staticRootPath}
31
+
COOKIE_NAME = session
32
+
COOKIE_SECURE = ${boolToString cfg.cookieSecure}
35
+
SECRET_KEY = #secretkey#
48
+
description = "Enable Gitea Service.";
51
+
useWizard = mkOption {
54
+
description = "Do not generate a configuration and use gitea' installation wizard instead. The first registered user will be administrator.";
57
+
stateDir = mkOption {
58
+
default = "/var/lib/gitea";
60
+
description = "gitea data directory.";
66
+
description = "User account under which gitea runs.";
71
+
type = types.enum [ "sqlite3" "mysql" "postgres" ];
73
+
default = "sqlite3";
74
+
description = "Database engine to use.";
79
+
default = "127.0.0.1";
80
+
description = "Database host address.";
86
+
description = "Database host port.";
92
+
description = "Database name.";
98
+
description = "Database user.";
101
+
password = mkOption {
105
+
The password corresponding to <option>database.user</option>.
106
+
Warning: this is stored in cleartext in the Nix store!
107
+
Use <option>database.passwordFile</option> instead.
111
+
passwordFile = mkOption {
112
+
type = types.nullOr types.path;
114
+
example = "/run/keys/gitea-dbpassword";
116
+
A file containing the password corresponding to
117
+
<option>database.user</option>.
123
+
default = "${cfg.stateDir}/data/gitea.db";
124
+
description = "Path to the sqlite3 database file.";
128
+
appName = mkOption {
130
+
default = "gitea: Gitea Service";
131
+
description = "Application name.";
134
+
repositoryRoot = mkOption {
136
+
default = "${cfg.stateDir}/repositories";
137
+
description = "Path to the git repositories.";
140
+
domain = mkOption {
142
+
default = "localhost";
143
+
description = "Domain name of your server.";
146
+
rootUrl = mkOption {
148
+
default = "http://localhost:3000/";
149
+
description = "Full public URL of gitea server.";
152
+
httpAddress = mkOption {
154
+
default = "0.0.0.0";
155
+
description = "HTTP listen address.";
158
+
httpPort = mkOption {
161
+
description = "HTTP listen port.";
164
+
cookieSecure = mkOption {
168
+
Marks session cookies as "secure" as a hint for browsers to only send
169
+
them via HTTPS. This option is recommend, if gitea is being served over HTTPS.
173
+
staticRootPath = mkOption {
175
+
default = "${pkgs.gitea.data}";
176
+
example = "/var/lib/gitea/data";
177
+
description = "Upper level of template and static files path.";
180
+
extraConfig = mkOption {
183
+
description = "Configuration lines appended to the generated gitea configuration file.";
188
+
config = mkIf cfg.enable {
190
+
systemd.services.gitea = {
191
+
description = "gitea";
192
+
after = [ "network.target" ];
193
+
wantedBy = [ "multi-user.target" ];
194
+
path = [ pkgs.gitea.bin ];
197
+
runConfig = "${cfg.stateDir}/custom/conf/app.ini";
198
+
secretKey = "${cfg.stateDir}/custom/conf/secret_key";
200
+
mkdir -p ${cfg.stateDir}
202
+
# copy custom configuration and generate a random secret key if needed
203
+
${optionalString (cfg.useWizard == false) ''
204
+
mkdir -p ${cfg.stateDir}/custom/conf
205
+
cp -f ${configFile} ${runConfig}
207
+
if [ ! -e ${secretKey} ]; then
208
+
head -c 16 /dev/urandom | base64 > ${secretKey}
211
+
KEY=$(head -n1 ${secretKey})
212
+
DBPASS=$(head -n1 ${cfg.database.passwordFile})
213
+
sed -e "s,#secretkey#,$KEY,g" \
214
+
-e "s,#dbpass#,$DBPASS,g" \
216
+
chmod 640 ${runConfig} ${secretKey}
219
+
mkdir -p ${cfg.repositoryRoot}
220
+
# update all hooks' binary paths
221
+
HOOKS=$(find ${cfg.repositoryRoot} -mindepth 4 -maxdepth 4 -type f -wholename "*git/hooks/*")
224
+
sed -ri 's,/nix/store/[a-z0-9.-]+/bin/gitea,${pkgs.gitea.bin}/bin/gitea,g' $HOOKS
225
+
sed -ri 's,/nix/store/[a-z0-9.-]+/bin/env,${pkgs.coreutils}/bin/env,g' $HOOKS
226
+
sed -ri 's,/nix/store/[a-z0-9.-]+/bin/bash,${pkgs.bash}/bin/bash,g' $HOOKS
227
+
sed -ri 's,/nix/store/[a-z0-9.-]+/bin/perl,${pkgs.perl}/bin/perl,g' $HOOKS
229
+
if [ ! -d ${cfg.stateDir}/conf/locale ]
231
+
mkdir -p ${cfg.stateDir}/conf
232
+
cp -r ${pkgs.gitea.out}/locale ${cfg.stateDir}/conf/locale
239
+
WorkingDirectory = cfg.stateDir;
240
+
ExecStart = "${pkgs.gitea.bin}/bin/gitea web";
241
+
Restart = "always";
246
+
HOME = cfg.stateDir;
247
+
GITEA_WORK_DIR = cfg.stateDir;
251
+
users = mkIf (cfg.user == "gitea") {
252
+
extraUsers.gitea = {
253
+
description = "Gitea Service";
254
+
home = cfg.stateDir;
259
+
warnings = optional (cfg.database.password != "")
260
+
''config.services.gitea.database.password will be stored as plaintext
261
+
in the Nix store. Use database.passwordFile instead.'';
263
+
# Create database passwordFile default when password is configured.
264
+
services.gitea.database.passwordFile =
265
+
(mkDefault (toString (pkgs.writeTextFile {
266
+
name = "gitea-database-password";
267
+
text = cfg.database.password;
pyrox.dev