gitea: format, enable declarative ldap
This commit is contained in:
parent
e39aed92b4
commit
76883a973b
|
@ -1,10 +1,12 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{ config, pkgs, lib, libS, ... }:
|
||||
|
||||
{
|
||||
c3d2.deployment.server = "server10";
|
||||
|
||||
microvm.mem = 4 * 1024;
|
||||
|
||||
environment.systemPackages = with pkgs; [ postgresql unzip ]; # used to restore database dumps
|
||||
|
||||
networking = {
|
||||
hostName = "gitea";
|
||||
firewall.allowedTCPPorts = [ 2222 ];
|
||||
|
@ -14,20 +16,23 @@
|
|||
gitea = rec {
|
||||
enable = true;
|
||||
appName = "Gitea: with a cup of Kolle Mate";
|
||||
domain = "gitea.c3d2.de";
|
||||
rootUrl = "https://${domain}/";
|
||||
|
||||
database.type = "postgres";
|
||||
|
||||
repositoryRoot = "/var/lib/gitea/repositories";
|
||||
|
||||
domain = "gitea.c3d2.de";
|
||||
lfs.enable = true;
|
||||
repositoryRoot = "/var/lib/gitea/repositories";
|
||||
rootUrl = "https://${domain}/";
|
||||
|
||||
dump = {
|
||||
# Is a nice feature once we have a dedicated backup storage.
|
||||
# For now it is disabled, since it delays `nixos-rebuild switch`.
|
||||
enable = false;
|
||||
backupDir = "/var/lib/gitea/dump";
|
||||
backupDir = "/var/backup/gitea/";
|
||||
};
|
||||
|
||||
ldap = {
|
||||
enable = true;
|
||||
adminGroup = "gitea-admins";
|
||||
bindPasswordFile = config.sops.secrets."gitea/ldapSearchUserPassword".path;
|
||||
};
|
||||
|
||||
settings = {
|
||||
|
@ -124,6 +129,11 @@
|
|||
};
|
||||
};
|
||||
|
||||
sops = {
|
||||
defaultSopsFile = ./secrets.yaml;
|
||||
secrets."gitea/ldapSearchUserPassword" = libS.sops.permissionForUser "gitea";
|
||||
};
|
||||
|
||||
programs.msmtp = {
|
||||
enable = true;
|
||||
accounts.default = {
|
||||
|
@ -137,7 +147,5 @@
|
|||
};
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [ postgresql unzip ]; # used to restore database dumps
|
||||
|
||||
system.stateVersion = "21.11";
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue