numbus-server/templates/nix-config/podman/gitea.nix

{ config, pkgs, ... }:

let
  container_name = "gitea";
  compose_file = "podman/gitea/compose.yaml";
  config_dir = "/mnt/config/gitea";
  data_dir = "/mnt/data/gitea";
in

{
  config = {
    environment.etc."${compose_file}".text =
      /*
      yaml
      */
      ''
        services:
          gitea:
            image: gitea/gitea:latest
            container_name: ${container_name}
            networks:
              gitea_frontend:
              gitea_backend:
            volumes:
              - ${data_dir}:/data
              - /etc/timezone:/etc/timezone:ro
              - /etc/localtime:/etc/localtime:ro
            environment:
              - USER_UID=1000
              - USER_GID=1000
              - GITEA__database__DB_TYPE=postgres
              - GITEA__database__HOST=$POSTGRES_HOST:$POSTGRES_PORT
              - GITEA__database__NAME=$DB_NAME
              - GITEA__database__USER=$DB_USERNAME
              - GITEA__database__PASSWD=$DB_PASSWORD
              - GITEA__server__SSH_PORT=2424
              - GITEA__server__ROOT_URL=gitea.$DOMAIN_NAME
            labels:
              - traefik.enable=true
              - traefik.http.services.gitea.loadbalancer.server.port=3000
              - traefik.http.services.gitea.loadbalancer.server.scheme=http
              - traefik.http.routers.gitea-https.entrypoints=websecure
              - traefik.http.routers.gitea-https.rule=Host(`${container_name}.$DOMAIN_NAME`)
              - traefik.http.routers.gitea-https.tls=true
              - traefik.http.routers.gitea-https.tls.certresolver=cloudflare
            depends_on:
              - gitea-database
            restart: unless-stopped

          gitea-database:
            image: docker.io/library/postgres:17.5
            container_name: gitea-database
            environment:
              - POSTGRES_USER=$DB_USERNAME
              - POSTGRES_PASSWORD=$DB_PASSWORD
              - POSTGRES_DB=$DB_NAME
            networks:
              gitea_backend:
            volumes:
              - ${config_dir}:/var/lib/postgresql/data
            restart: unless-stopped

        networks:
          gitea_frontend:
            external: true
          gitea_backend:
            external: true
      '';

    systemd.services.gitea = {
      description = "Podman container : ${container_name}";
      after = [ "network.target" "traefik.service" ];
      requires = [ "network.target" ];
      wantedBy = ["multi-user.target"];
      path = [ pkgs.podman-compose ];

      serviceConfig = {
        Type = "exec";
        # Pull the latest image before running
        ExecStartPre = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} pull";
        # Bring the service up
        ExecStart = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} up --remove-orphans";
        # Take it down gracefully
        ExecStop = "${pkgs.podman-compose}/bin/podman-compose -f /etc/${compose_file} down";

        Restart = "on-failure";
      };
    };
  };
}