{ config, pkgs, lib, ... }: with lib; let # Version tagging giteaVersion = "1.25.4-rootless"; databaseVersion = "18-alpine"; # Helper helper = import ./lib.nix { inherit config pkgs lib; }; cfg = config.numbus.services.gitea; # Container config name = "gitea"; in helper.mkPodmanService { inherit name; description = "Gitea, your own self-hosted git platform"; defaultPort = "3000"; dataDirEnabled = false; generatedSecrets = { DB_NAME = "xkcdpass -n 2 -d -"; DB_USERNAME = "xkcdpass -n 2 -d -"; DB_PASSWORD = "xkcdpass -n 8 -d -"; }; middlewares = [ "secureHeaders" ]; dirPermissions = [ "100999:100 ${cfg.configDir}" "100999:100 ${cfg.configDir}/data" "100999:100 ${cfg.configDir}/config" "100999:100 ${cfg.configDir}/database" ]; composeText = '' services: gitea-server: image: docker.gitea.com/gitea:${giteaVersion} container_name: gitea-server hostname: gitea-server user: '1000:1000' networks: gitea: ports: - "${cfg.port}:3000/tcp" volumes: - ${cfg.configDir}/data:/var/lib/gitea - ${cfg.configDir}/config:/etc/gitea - /etc/localtime:/etc/localtime:ro environment: - GITEA__database__DB_TYPE=postgres - GITEA__database__HOST=gitea-database:5432 - GITEA__database__NAME=$DB_NAME - GITEA__database__USER=$DB_USERNAME - GITEA__database__PASSWD=$DB_PASSWORD - GITEA__server__SSH_PORT=2424 - GITEA__server__ROOT_URL=https://${cfg.subdomain}.${config.numbus.services.domain} depends_on: - gitea-database security_opt: - no-new-privileges:true cap_drop: - NET_RAW restart: unless-stopped gitea-database: image: docker.io/library/postgres:${databaseVersion} container_name: gitea-database hostname: gitea-database user: '1000:1000' networks: gitea: volumes: - ${cfg.configDir}/database:/var/lib/postgresql environment: - POSTGRES_USER=$DB_USERNAME - POSTGRES_PASSWORD=$DB_PASSWORD - POSTGRES_DB=$DB_NAME security_opt: - no-new-privileges:true cap_drop: - NET_RAW restart: unless-stopped volumes: gitea_database: name: gitea_database networks: gitea: name: gitea driver: bridge ''; }