modules.services.gitea: add anubis proxy

2026-01-12 04:39:23 +08:00 · 2025-09-06 14:14:56 +08:00
parent b8533c6f3e
commit 1da5f62e4b
1 changed files with 44 additions and 42 deletions
--- a/modules/services/gitea.nix
+++ b/modules/services/gitea.nix
@@ -15,41 +15,53 @@ inputs:
  };
  config = let inherit (inputs.config.nixos.services) gitea; in inputs.lib.mkIf (gitea != null)
  {
-    services.gitea =
+    services =
    {
-      enable = true;
-      lfs.enable = true;
-      mailerPasswordFile = inputs.config.nixos.system.sops.secrets."gitea/mail".path;
-      database =
+      gitea =
      {
-        createDatabase = false;
-        type = "postgres";
-        passwordFile = inputs.config.nixos.system.sops.secrets."gitea/db".path;
+        enable = true;
+        lfs.enable = true;
+        mailerPasswordFile = inputs.config.nixos.system.sops.secrets."gitea/mail".path;
+        database =
+        {
+          createDatabase = false;
+          type = "postgres";
+          passwordFile = inputs.config.nixos.system.sops.secrets."gitea/db".path;
+        };
+        settings =
+        {
+          session.COOKIE_SECURE = true;
+          server =
+          {
+            ROOT_URL = "https://${gitea.hostname}";
+            DOMAIN = gitea.hostname;
+            HTTP_PORT = 3002;
+            SSH_DOMAIN = gitea.ssh.hostname;
+            SSH_PORT = inputs.lib.mkIf (gitea.ssh.port != null) gitea.ssh.port;
+          };
+          mailer =
+          {
+            ENABLED = true;
+            FROM = "bot@chn.moe";
+            PROTOCOL = "smtps";
+            SMTP_ADDR = "mail.chn.moe";
+            SMTP_PORT = 465;
+            USER = "bot@chn.moe";
+          };
+          service.DISABLE_REGISTRATION = true;
+          security.LOGIN_REMEMBER_DAYS = 365;
+          "git.timeout" = builtins.listToAttrs (builtins.map (n: { name = n; value = 1800; })
+            [ "DEFAULT" "MIGRATE" "MIRROR" "CLONE" "PULL" "GC" ]);
+        };
      };
-      settings =
+      anubis.instances.gitea.settings =
      {
-        session.COOKIE_SECURE = true;
-        server =
-        {
-          ROOT_URL = "https://${gitea.hostname}";
-          DOMAIN = gitea.hostname;
-          HTTP_PORT = 3002;
-          SSH_DOMAIN = gitea.ssh.hostname;
-          SSH_PORT = inputs.lib.mkIf (gitea.ssh.port != null) gitea.ssh.port;
-        };
-        mailer =
-        {
-          ENABLED = true;
-          FROM = "bot@chn.moe";
-          PROTOCOL = "smtps";
-          SMTP_ADDR = "mail.chn.moe";
-          SMTP_PORT = 465;
-          USER = "bot@chn.moe";
-        };
-        service.DISABLE_REGISTRATION = true;
-        security.LOGIN_REMEMBER_DAYS = 365;
-        "git.timeout" = builtins.listToAttrs (builtins.map (n: { name = n; value = 1800; })
-          [ "DEFAULT" "MIGRATE" "MIRROR" "CLONE" "PULL" "GC" ]);
+        OG_PASSTHROUGH = true;
+        TARGET = "http://127.0.0.1:3002";
+        BIND_NETWORK = "tcp";
+        BIND = "127.0.0.1:3003";
+        WEBMASTER_EMAIL = "chn@chn.moe";
+        SERVE_ROBOTS_TXT = true;
      };
    };
    nixos =
@@ -62,17 +74,7 @@ inputs:
      };
      services =
      {
-        nginx.https.${gitea.hostname}.location =
-        {
-          "/".proxy.upstream = "http://127.0.0.1:3002";
-          "/robots.txt".static.root =
-            let robotsFile = inputs.pkgs.fetchurl
-            {
-              url = "https://gitea.com/robots.txt";
-              sha256 = "144c5s3la4a85c9lygcnxhbxs3w5y23bkhhqx69fbp9yiqyxdkk2";
-            };
-            in "${inputs.pkgs.runCommand "robots.txt" {} "mkdir -p $out; cp ${robotsFile} $out/robots.txt"}";
-        };
+        nginx.https.${gitea.hostname}.location."/".proxy.upstream = "http://127.0.0.1:3003";
        postgresql.instances.gitea = {};
      };
    };