From 8121044bf22bdd4d9aef5f6f9b02fb2319cbd9a7 Mon Sep 17 00:00:00 2001
From: ctsk <9384305+ctsk@users.noreply.github.com>
Date: Sun, 17 Sep 2023 18:29:04 +0200
Subject: [PATCH] [gitea] Deploy

---
 lib/modules/gitea/default.nix    | 48 ++++++++++++++++++++++++++++++++
 lib/systems/fugitive/default.nix | 23 ++++++++++++++-
 2 files changed, 70 insertions(+), 1 deletion(-)
 create mode 100644 lib/modules/gitea/default.nix

diff --git a/lib/modules/gitea/default.nix b/lib/modules/gitea/default.nix
new file mode 100644
index 0000000..4cf5e17
--- /dev/null
+++ b/lib/modules/gitea/default.nix
@@ -0,0 +1,48 @@
+{config, pkgs, ...}:
+
+let
+
+  cfg = config.services.gitea;
+  domain = "source.ctsk.dev";
+  port = 10010;
+
+in {
+  services.gitea = {
+    stateDir = "/srv/gitea";
+    appName = "WITHOUT WARRANTY OF ANY KIND";
+    database = {
+      type = "sqlite3";
+    };
+    settings = {
+      server = {
+        ROOT_URL = "https://${domain}";
+        HTTP_ADDRESS = "127.0.0.1";
+        HTTP_PORT = port;
+        SSH_USER = "git";
+        SSH_PORT = 2324;
+        LANDING_PAGE = "explore";
+      };
+      service = {
+        DISABLE_REGISTRATION = true;
+        DISABLE_USERS_PAGE = true;
+      };
+      repository = {
+        ENABLE_PUSH_CREATE_USER = true;
+      };
+    };
+  };
+
+  services.nginx.virtualHosts."${domain}" = {
+    forceSSL = true;
+    enableACME = true;
+    locations."/".proxyPass = "http://127.0.0.1:${toString port}";
+  };
+
+  systemd.tmpfiles.rules = [
+    ''L+ ${cfg.stateDir}/custom/public/assets/img/logo.svg - - - - ${pkgs.logo.svg}''
+    ''L+ ${cfg.stateDir}/custom/public/assets/img/logo.png - - - - ${pkgs.logo.png."512x512"}''
+  ];
+
+  environment.systemPackages = [ pkgs.gitea ];
+
+}
\ No newline at end of file
diff --git a/lib/systems/fugitive/default.nix b/lib/systems/fugitive/default.nix
index c156454..8f4a385 100644
--- a/lib/systems/fugitive/default.nix
+++ b/lib/systems/fugitive/default.nix
@@ -1,15 +1,27 @@
 { impermanence, pkgs, ... }:
+
+let 
+
+  ports = {
+    ssh = [ 2322 2323 2324 ];
+    gitea = 10010;
+  };
+
+in
 {
 
   imports = [
     ./hardware.nix
+    ../../modules/gitea
     ../../users/christian
   ];
 
   services = {
+    gitea.enable = true;
+    nginx.enable = true;
     openssh = {
       enable = true;
-      ports = [ 2322 2323 2324 ];
+      ports = ports.ssh;
     };
   };
 
@@ -23,6 +35,11 @@
     };
   };
 
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [ 80 443 ];
+  };
+
   security = {
     sudo = {
       wheelNeedsPassword = false;
@@ -30,6 +47,10 @@
         Defaults lecture = never
       '';
     };
+    acme = {
+      acceptTerms = true;
+      defaults.email = "cert@ctsk.xyz";
+    };
   };
 
   nix.settings = {