{ services = { postgresql = { ensureDatabases = [ "dev" ]; ensureUsers = [ { name = "dev"; ensureDBOwnership = true; } ]; }; authelia.instances.main.settings.access_control.rules = [ { domain = "dev.thewordnerd.info"; policy = "bypass"; } ]; }; containers.dev = { autoStart = true; privateNetwork = true; hostAddress = "192.168.0.1"; localAddress = "192.168.0.2"; config = { config, pkgs, lib, ... }: { services.gitea = { enable = true; appName = "Nolan's projects"; settings = { server = { ROOT_URL = "https://dev.thewordnerd.info"; DOMAIN = "dev.thewordnerd.info"; DISABLE_SSH = true; LANDING_PAGE = "explore"; }; service = { DISABLE_REGISTRATION = true; # ENABLE_REVERSE_PROXY_AUTHENTICATION = true; # ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true; }; security = { REVERSE_PROXY_AUTHENTICATION_USER = "Remote-User"; REVERSE_PROXY_AUTHENTICATION_EMAIL = "Remote-Email"; REVERSE_PROXY_AUTHENTICATION_FULL_NAME = "Remote-Name"; REVERSE_PROXY_TRUSTED_PROXIES = "192.168.0.0/24"; }; }; lfs.enable = true; database = { type = "postgres"; name = "dev"; user = "dev"; socket = "/run/postgresql"; createDatabase = false; }; }; networking = { firewall.allowedTCPPorts = [ 3000 ]; useHostResolvConf = lib.mkForce false; }; services.resolved.enable = true; }; bindMounts = { "/run/postgresql/.s.PGSQL.5432" = { hostPath = "/run/postgresql/.s.PGSQL.5432"; }; }; }; services.caddy.virtualHosts."dev.thewordnerd.info".extraConfig = '' forward_auth localhost:9091 { uri /api/authz/forward-auth copy_headers Remote-User Remote-Groups Remote-Email Remote-Name } reverse_proxy dev:3000 ''; }