{
services = {
postgresql = {
ensureDatabases = [ "dev" ];
ensureUsers = [
{
name = "dev";
ensureDBOwnership = true;
}
];
};
authelia.instances.main.settings.access_control.rules = [
{
domain = "dev.thewordnerd.info";
policy = "bypass";
}
];
};
containers.dev = {
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.0.1";
localAddress = "192.168.0.2";
config =
{
config,
pkgs,
lib,
...
}:
{
services.gitea = {
enable = true;
appName = "Nolan's projects";
settings = {
server = {
ROOT_URL = "https://dev.thewordnerd.info";
DOMAIN = "dev.thewordnerd.info";
DISABLE_SSH = true;
LANDING_PAGE = "explore";
};
service = {
DISABLE_REGISTRATION = true;
# ENABLE_REVERSE_PROXY_AUTHENTICATION = true;
# ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true;
};
security = {
REVERSE_PROXY_AUTHENTICATION_USER = "Remote-User";
REVERSE_PROXY_AUTHENTICATION_EMAIL = "Remote-Email";
REVERSE_PROXY_AUTHENTICATION_FULL_NAME = "Remote-Name";
REVERSE_PROXY_TRUSTED_PROXIES = "192.168.0.0/24";
};
};
lfs.enable = true;
database = {
type = "postgres";
name = "dev";
user = "dev";
socket = "/run/postgresql";
createDatabase = false;
};
};
networking = {
firewall.allowedTCPPorts = [ 3000 ];
useHostResolvConf = lib.mkForce false;
};
services.resolved.enable = true;
environment.sessionVariables = {
PATH = [ "${pkgs.gitea}/bin" ];
GITEA_WORK_DIR = "/var/lib/gitea";
};
};
bindMounts = {
"/run/postgresql" = {
hostPath = "/run/postgresql";
};
};
};
services.caddy.virtualHosts."dev.thewordnerd.info".extraConfig = ''
forward_auth localhost:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
reverse_proxy dev:3000
'';
}