89 lines
2.3 KiB
Nix
89 lines
2.3 KiB
Nix
{
|
|
services = {
|
|
postgresql = {
|
|
ensureDatabases = [ "dev" ];
|
|
ensureUsers = [
|
|
{
|
|
name = "dev";
|
|
ensureDBOwnership = true;
|
|
}
|
|
];
|
|
};
|
|
authelia.instances.main.settings.access_control.rules = [
|
|
{
|
|
domain = "dev.thewordnerd.info";
|
|
policy = "bypass";
|
|
}
|
|
];
|
|
};
|
|
|
|
containers.dev = {
|
|
autoStart = true;
|
|
privateNetwork = true;
|
|
hostAddress = "192.168.0.1";
|
|
localAddress = "192.168.0.2";
|
|
config =
|
|
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}:
|
|
{
|
|
services.gitea = {
|
|
enable = true;
|
|
appName = "Nolan's projects";
|
|
settings = {
|
|
server = {
|
|
ROOT_URL = "https://dev.thewordnerd.info";
|
|
DOMAIN = "dev.thewordnerd.info";
|
|
DISABLE_SSH = true;
|
|
LANDING_PAGE = "explore";
|
|
};
|
|
service = {
|
|
DISABLE_REGISTRATION = true;
|
|
# ENABLE_REVERSE_PROXY_AUTHENTICATION = true;
|
|
# ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true;
|
|
};
|
|
security = {
|
|
REVERSE_PROXY_AUTHENTICATION_USER = "Remote-User";
|
|
REVERSE_PROXY_AUTHENTICATION_EMAIL = "Remote-Email";
|
|
REVERSE_PROXY_AUTHENTICATION_FULL_NAME = "Remote-Name";
|
|
REVERSE_PROXY_TRUSTED_PROXIES = "192.168.0.0/24";
|
|
};
|
|
};
|
|
lfs.enable = true;
|
|
database = {
|
|
type = "postgres";
|
|
name = "dev";
|
|
user = "dev";
|
|
socket = "/run/postgresql";
|
|
createDatabase = false;
|
|
};
|
|
};
|
|
networking = {
|
|
firewall.allowedTCPPorts = [ 3000 ];
|
|
useHostResolvConf = lib.mkForce false;
|
|
};
|
|
services.resolved.enable = true;
|
|
environment.sessionVariables = {
|
|
PATH = [ "${pkgs.gitea}/bin" ];
|
|
GITEA_WORK_DIR = "/var/lib/gitea";
|
|
};
|
|
};
|
|
bindMounts = {
|
|
"/run/postgresql" = {
|
|
hostPath = "/run/postgresql";
|
|
};
|
|
};
|
|
};
|
|
|
|
services.caddy.virtualHosts."dev.thewordnerd.info".extraConfig = ''
|
|
forward_auth localhost:9091 {
|
|
uri /api/authz/forward-auth
|
|
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
|
|
}
|
|
reverse_proxy dev:3000
|
|
'';
|
|
}
|