From 54a34f683ae8dd508f26e2782b9e2bdecb4accbf Mon Sep 17 00:00:00 2001
From: Kyren223 <Kyren223@proton.me>
Date: Sun, 29 Dec 2024 22:48:05 +0200
Subject: [PATCH] Setup gitea

---
 host/configuration.nix         |  2 ++
 nixosModules/actual-budget.nix |  1 -
 nixosModules/gitea.nix         | 50 ++++++++++++++++++++++++++++++++++
 nixosModules/secrets.yaml      |  5 ++--
 4 files changed, 55 insertions(+), 3 deletions(-)
 create mode 100644 nixosModules/gitea.nix

diff --git a/host/configuration.nix b/host/configuration.nix
index 0ece705..f308628 100644
--- a/host/configuration.nix
+++ b/host/configuration.nix
@@ -7,6 +7,7 @@
     ./../nixosModules/website.nix
     ./../nixosModules/auto-updade.nix
     ./../nixosModules/actual-budget.nix
+    ./../nixosModules/gitea.nix
   ];
 
   boot.loader.grub = {
@@ -35,6 +36,7 @@
   # Apps
   website.enable = true;
   actualBudget.enable = true;
+  gitea.enable = true
 
   # Automatically pull this config from git
   autoUpdate.enable = true;
diff --git a/nixosModules/actual-budget.nix b/nixosModules/actual-budget.nix
index 1be4bd9..10b1796 100644
--- a/nixosModules/actual-budget.nix
+++ b/nixosModules/actual-budget.nix
@@ -28,7 +28,6 @@
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header Host $host;
         '';
-
     };
   };
 }
diff --git a/nixosModules/gitea.nix b/nixosModules/gitea.nix
new file mode 100644
index 0000000..1bb8dc8
--- /dev/null
+++ b/nixosModules/gitea.nix
@@ -0,0 +1,50 @@
+{ pkgs, lib, config, ... }: {
+
+  imports = [
+    ./acme.nix
+  ];
+
+  options = {
+    gitea.enable = lib.mkEnableOption "enables gitea";
+  };
+
+  config = lib.mkIf config.gitea.enable {
+    # Open http and https ports to the public
+    networking.firewall.allowedTCPPorts = [ 443 80 ];
+
+    # Make sure acme module is active for the "kyren.codes" ssl cert
+    acme.enable = true;
+
+    services.nginx.virtualHosts."git.kyren.codes" = {
+        useACMEHost = "kyren.codes";
+        forceSSL = true;
+        locations."/".proxyPass = "http://localhost:3001/";
+    };
+
+    # Configure database
+    services.postgresql.enable = true;
+    services.postgresql = {
+      ensureDatabases = [ config.services.gitea.user ];
+      ensureUsers = [{
+          name = config.services.gitea.database.user;
+          ensurePermissions."DATABASE ${config.services.gitea.database.name}" = "ALL PRIVILEGES";
+      }];
+    };
+
+    sops.secrets.gitea-db-password = {
+      owner = config.services.gitea.user;
+    };
+
+    services.gitea = {
+      enable = true;
+      appName = "Kyren's Gitea";
+      domain = "git.kyren.codes";
+      database = {
+        type = "postgres";
+        passwordFile = config.sops.secrets.gitea-db-password.path;
+      };
+      rootUrl = "https://git.kyren.codes/";
+      httpPort = 3001;
+    };
+  };
+}
diff --git a/nixosModules/secrets.yaml b/nixosModules/secrets.yaml
index 49ae088..5d28976 100644
--- a/nixosModules/secrets.yaml
+++ b/nixosModules/secrets.yaml
@@ -1,5 +1,6 @@
 github-access-token: ENC[AES256_GCM,data:VXzObn7doHiMzHzzLaBp8Awe3lO256zUoC8u06APR2WQitvJZs1EIqJs92rA5aORny4J6EahBaKRlcrur8oxBfRSAYkzXrECNm6E8mDYFelKv3sjXlPC3KHvHWtNewkkOA8yDOjdvw7kQVWsqZcO73GxZtN6/LgNiZfW7HMC,iv:3jr6uz+3ZUmIXP9aeqzOtvrHZhbc7Wpbdi1ZA0L8r+I=,tag:4eaV7GsdGrP7sLZAPVIDyQ==,type:str]
 cloudflare-dns-api-token: ENC[AES256_GCM,data:NtHjCIgY3O3hMdscGeBHLTzgxnW3uvIdf4Pin/v41ZV1YdsPtz2rXA==,iv:r5jOfkYFUgadCePCTCGeoRtmnrSfRCPytxwUBdLX290=,tag:Fq69nnShzj7QcGT4cPGftA==,type:str]
+gitea-db-password: ENC[AES256_GCM,data:LHru7hpuT9dmEsfEfcsejfcyoNo2JHITmDzxcqHsj+XCBgQOroi9t+I57QN/Qs6+0Eq4wkSq3o2E,iv:mM9xzbXZK9JUMh078TvsNoMtb4g6dffQmRnYqC7UFf4=,tag:k3v1lKhdYSejoFgs3HTk2g==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -15,8 +16,8 @@ sops:
             b254YjZLRm9odks2Y1Erdk1NSU1CVncKnhMnBLjSLfMO3A7gTUI9vIRQvaK07I7k
             mQdtsGZM+1FqlbxsFIoqji+xrqAvcBQENott5+tuFM+ePT5EjQUYGg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-27T17:08:50Z"
-    mac: ENC[AES256_GCM,data:VC+m4Xa27AAIz3oe+SdonfcJpRRONA3EfoduxHQKsK3LohEd90tnwdQRMQ8TrZbghpxTUff2kAzr2TTyzbqw6wB0DK5+d1vlQmGgLEHiFxtFJtH/eA0F/0PLGmASOgQYGVhWC7taHHredaOsCVI1CwUyV0Uznkj48fWqoKHEfLU=,iv:L9npPtZdMkSnQ+Ha0rnuv6LDd6qIGcUoYULTZ2NtfKc=,tag:tQv5JukyN+ZCLvwZ90suFg==,type:str]
+    lastmodified: "2024-12-29T20:46:56Z"
+    mac: ENC[AES256_GCM,data:KUlfjIJ0y8SdWSoH44m5fdA0Qy5X4tawjjKREYYBzyiST3vR4+zywl5WPNS7kqslXYJJwuZ0zk28UwrnEnFov8VkZu/lM0814pD3S0NnFlZtmIrXiCmYlnkTIG8M/qWFenes99gzHdHgv6eUWlosDVdX02JeSN1OmsnlsEzdYZo=,iv:3cSgN2GW+zrlv0obtGSWvIagRmfBUH7OYT7xXMPjqm8=,tag:cdYplNXDjcfIAQa5z802Ig==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.1