6f4068ff5c
- acme-dns for internal DNS-01 challenges - nsd for zone rz.ens.wtf - unbound for internal usage and resolutions - dokuwiki for network documentation - gitea for this very repository and many more - keycloak for SSO over all services - monitoring (netdata, grafana/influxdb soon) - netboot for easy provisioning of other machines Co-authored-by: Ryan Lahfa <ryan.lahfa@ens.fr>
29 lines
534 B
Nix
29 lines
534 B
Nix
{ config, ... }:
|
|
|
|
let
|
|
my = config.my;
|
|
port = 3000;
|
|
in
|
|
{
|
|
services.gitea = {
|
|
enable = true;
|
|
domain = "git.${my.subZone}";
|
|
rootUrl = "https://git.${my.subZone}/";
|
|
httpAddress = "127.0.0.1";
|
|
httpPort = port;
|
|
database.type = "postgres";
|
|
disableRegistration = true;
|
|
};
|
|
|
|
services.nginx = {
|
|
enable = true;
|
|
|
|
virtualHosts."git.${my.subZone}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."/" = {
|
|
proxyPass = "http://127.0.0.1:${toString port}";
|
|
};
|
|
};
|
|
};
|
|
}
|