wolumonde: add gitea

2022-07-30 10:13:13 +03:00 · 2022-07-30 10:13:13 +03:00 · 4e2c04ddcb
commit 4e2c04ddcb
parent 2e52ede5e7
2 changed files with 40 additions and 11 deletions
--- a/flake.lock
+++ b/flake.lock
@ -9,11 +9,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1659152758,
-        "narHash": "sha256-nbCRaXMAXfNvrqtWT2WtcYsf2Rym0Zv2WFJDmXk5sgY=",
+        "lastModified": 1659159653,
+        "narHash": "sha256-zWjN3LqgMMaVBM8g0KcDwdpiwbShWHRKWR0XcSVfBBA=",
        "owner": "yusdacra",
        "repo": "yusdacra.gitlab.io",
-        "rev": "420e525b8b8210e997748e500f55690fd89a8fca",
+        "rev": "3f0caa133aa557acc008fc3819203db813092cf2",
        "type": "gitlab"
      },
      "original": {
@ -219,11 +219,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1645050947,
-        "narHash": "sha256-BHPdruYD+6VAyfgsZ33jn00okHQZuxY6Veg4EUei85o=",
+        "lastModified": 1659159625,
+        "narHash": "sha256-TElL1iaIY/xrIX+JYsppKWa510R8aJDXWQJxjpyCVxo=",
        "owner": "yusdacra",
        "repo": "html.nix",
-        "rev": "18fa28319f4cdca933da8f413a3e3bcfb36d37b0",
+        "rev": "5bca7064e4de141f85b14a2c5262f204ac5f56bd",
        "type": "github"
      },
      "original": {
--- a/hosts/wolumonde/default.nix
+++ b/hosts/wolumonde/default.nix
@ -1,8 +1,13 @@
 {
  inputs,
  pkgs,
+  config,
+  lib,
  ...
-}: {
+}: let
+  personal = import "${inputs.self}/personal.nix";
+  email = personal.emails.short;
+in {
  imports = [
    ./hardware-configuration.nix
  ];
@ -31,22 +36,46 @@
      enableACME = true;
      forceSSL = true;
      root = "${inputs.blog.packages.${pkgs.system}.website}";
+      locations."/".extraConfig = ''
+        add_header cache-control max-age=1800;
+      '';
+    };
+    virtualHosts."git.gaze.systems" = {
+      enableACME = true;
+      forceSSL = true;
+      locations."/".proxyPass = "http://localhost:3001";
    };
  };
  security.acme = {
    acceptTerms = true;
    certs = {
-      "gaze.systems".email = "y.bera003.06@pm.me";
+      "gaze.systems".email = email;
+      "git.gaze.systems".email = email;
    };
  };

-  # sourcehut
+  # gitea
+  services.gitea = {
+    enable = true;
+    cookieSecure = true;
+    disableRegistration = true;
+    domain = "git.gaze.systems";
+    rootUrl = "https://git.gaze.systems/";
+    httpPort = 3001;
+  };

  # firewall stuffs
  networking.firewall = {
    enable = true;
-    allowedTCPPorts = [ 22 80 443 ];
-    allowedUDPPortRanges = [ ];
+    allowedTCPPorts = lib.flatten [
+      [22 80 443]
+      (
+        lib.optional
+        config.services.gitea.enable
+        config.services.gitea.httpPort
+      )
+    ];
+    allowedUDPPortRanges = [];
  };

  # nixinate for deployment