infrastructure/machines/core-services-01/gitea.nix

{ config, ... }:

let
  my = config.my;
  port = 3000;
in
{
  imports = [ ./drone.nix ./drone-runners.nix ];
  services.gitea = {
    enable = true;
    domain = "git.${my.subZone}";
    rootUrl = "https://git.${my.subZone}/";
    httpAddress = "127.0.0.1";
    httpPort = port;
    database.type = "postgres";
    disableRegistration = false;
    settings = {
      openid = {
        ENABLE_OPENID_SIGNUP = true;
      };
      oauth2_account = {
        ENABLE_AUTO_REGISTRATION = true;
        USERNAME = "email";
      };
      service = {
        EMAIL_DOMAIN_WHITELIST = "ens.fr";
        ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
      };
    };
  };

  services.nginx = {
    enable = true;

    virtualHosts."git.${my.subZone}" = {
      enableACME = true;
      forceSSL = true;
      locations."/" = {
        proxyPass = "http://127.0.0.1:${toString port}";
      };
    };
  };
}