Attempting to migrate off digga...

hosts/profiles/gitea/default.nix

@@ -0,0 +1,67 @@
+{ config, lib, pkgs, ... }:
+
+{
+  services.gitea = {
+    enable = true;
+    appName = "Sealight Git Forge";
+    domain = "git.sealight.xyz";
+    rootUrl = "https://git.sealight.xyz";
+    httpPort = 3001;
+    extraConfig = ''
+      [markup.restructuredtext]
+      ENABLED = true
+      FILE_EXTENSIONS = .rst
+      RENDER_COMMAND = "timeout 30s pandoc +RTS -M512M -RTS -f rst"
+      IS_INPUT_FILE = false
+    '';
+    database = {
+      type = "postgres";
+      # passwordFile = "/run/secrets/gitea-dbpass"; # TODO supplied by agenix
+      password = "somethingunknowablesorry";
+    };
+    settings = {
+      metrics = {
+        ENABLED = true;
+      };
+      repository = {
+        DEFAULT_BRANCH = "main";
+      };
+    };
+  };
+
+  environment.systemPackages = [ pkgs.pandoc ];
+
+  services.postgresql = {
+    enable = true; # Ensure postgresql is enabled
+    authentication = ''
+      local gitea all ident map=gitea-users
+    '';
+    identMap = # Map the gitea user to postgresql
+      ''
+        gitea-users gitea gitea
+      '';
+    # ensureDatabases = [ "gitea" ];
+    ensureUsers = [
+      { name = "gitea"; ensurePermissions."DATABASE gitea" = "ALL PRIVILEGES"; }
+    ];
+    # TODO
+    # initialScript # set password for gitea user
+  };
+
+  services.nginx = {
+    enable = true; # Enable Nginx
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."git.sealight.xyz" = {
+      # Gitea hostname
+      enableACME = true; # Use ACME certs
+      forceSSL = true; # Force SSL
+      locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea
+    };
+  };
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  security.acme.defaults.email = "anish+acme@lakhwara.com";
+  security.acme.acceptTerms = true;
+}