From 4e2c04ddcbaeb6fb8d24b8ac55ef0a14e0c8aa16 Mon Sep 17 00:00:00 2001 From: Yusuf Bera Ertan Date: Sat, 30 Jul 2022 10:13:13 +0300 Subject: [PATCH] wolumonde: add gitea --- flake.lock | 12 ++++++------ hosts/wolumonde/default.nix | 39 ++++++++++++++++++++++++++++++++----- 2 files changed, 40 insertions(+), 11 deletions(-) diff --git a/flake.lock b/flake.lock index bf6ceaf..b875806 100644 --- a/flake.lock +++ b/flake.lock @@ -9,11 +9,11 @@ ] }, "locked": { - "lastModified": 1659152758, - "narHash": "sha256-nbCRaXMAXfNvrqtWT2WtcYsf2Rym0Zv2WFJDmXk5sgY=", + "lastModified": 1659159653, + "narHash": "sha256-zWjN3LqgMMaVBM8g0KcDwdpiwbShWHRKWR0XcSVfBBA=", "owner": "yusdacra", "repo": "yusdacra.gitlab.io", - "rev": "420e525b8b8210e997748e500f55690fd89a8fca", + "rev": "3f0caa133aa557acc008fc3819203db813092cf2", "type": "gitlab" }, "original": { @@ -219,11 +219,11 @@ ] }, "locked": { - "lastModified": 1645050947, - "narHash": "sha256-BHPdruYD+6VAyfgsZ33jn00okHQZuxY6Veg4EUei85o=", + "lastModified": 1659159625, + "narHash": "sha256-TElL1iaIY/xrIX+JYsppKWa510R8aJDXWQJxjpyCVxo=", "owner": "yusdacra", "repo": "html.nix", - "rev": "18fa28319f4cdca933da8f413a3e3bcfb36d37b0", + "rev": "5bca7064e4de141f85b14a2c5262f204ac5f56bd", "type": "github" }, "original": { diff --git a/hosts/wolumonde/default.nix b/hosts/wolumonde/default.nix index 0e27e92..f554a94 100644 --- a/hosts/wolumonde/default.nix +++ b/hosts/wolumonde/default.nix @@ -1,8 +1,13 @@ { inputs, pkgs, + config, + lib, ... -}: { +}: let + personal = import "${inputs.self}/personal.nix"; + email = personal.emails.short; +in { imports = [ ./hardware-configuration.nix ]; @@ -31,22 +36,46 @@ enableACME = true; forceSSL = true; root = "${inputs.blog.packages.${pkgs.system}.website}"; + locations."/".extraConfig = '' + add_header cache-control max-age=1800; + ''; + }; + virtualHosts."git.gaze.systems" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://localhost:3001"; }; }; security.acme = { acceptTerms = true; certs = { - "gaze.systems".email = "y.bera003.06@pm.me"; + "gaze.systems".email = email; + "git.gaze.systems".email = email; }; }; - # sourcehut + # gitea + services.gitea = { + enable = true; + cookieSecure = true; + disableRegistration = true; + domain = "git.gaze.systems"; + rootUrl = "https://git.gaze.systems/"; + httpPort = 3001; + }; # firewall stuffs networking.firewall = { enable = true; - allowedTCPPorts = [ 22 80 443 ]; - allowedUDPPortRanges = [ ]; + allowedTCPPorts = lib.flatten [ + [22 80 443] + ( + lib.optional + config.services.gitea.enable + config.services.gitea.httpPort + ) + ]; + allowedUDPPortRanges = []; }; # nixinate for deployment