From f8d5d6cd02fb4ba53d1aaef097d89ab13028b400 Mon Sep 17 00:00:00 2001 From: ThinkChaos Date: Tue, 13 Dec 2022 12:08:47 -0500 Subject: [PATCH 1/6] nixos/gitea: disable `createDatabase` assert when using sqlite Assert doesn't make sense in that case since `database.user` isn't used. --- nixos/modules/services/misc/gitea.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index e019e431a189..c2fc680d367f 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -359,7 +359,7 @@ in config = mkIf cfg.enable { assertions = [ - { assertion = cfg.database.createDatabase -> cfg.database.user == cfg.user; + { assertion = cfg.database.createDatabase -> useSqlite || cfg.database.user == cfg.user; message = "services.gitea.database.user must match services.gitea.user if the database is to be automatically provisioned"; } ]; From 184131f50dc568f971174b8a5d5033c363115c45 Mon Sep 17 00:00:00 2001 From: ThinkChaos Date: Tue, 13 Dec 2022 12:11:37 -0500 Subject: [PATCH 2/6] nixos/gitea: make service group configurable --- nixos/modules/services/misc/gitea.nix | 60 +++++++++++++++------------ 1 file changed, 34 insertions(+), 26 deletions(-) diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index c2fc680d367f..86a9b21b008e 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -66,6 +66,12 @@ in description = lib.mdDoc "User account under which gitea runs."; }; + group = mkOption { + type = types.str; + default = "gitea"; + description = lib.mdDoc "Group under which gitea runs."; + }; + database = { type = mkOption { type = types.enum [ "sqlite3" "mysql" "postgres" ]; @@ -457,29 +463,29 @@ in }; systemd.tmpfiles.rules = [ - "d '${cfg.dump.backupDir}' 0750 ${cfg.user} gitea - -" - "z '${cfg.dump.backupDir}' 0750 ${cfg.user} gitea - -" - "Z '${cfg.dump.backupDir}' - ${cfg.user} gitea - -" - "d '${cfg.lfs.contentDir}' 0750 ${cfg.user} gitea - -" - "z '${cfg.lfs.contentDir}' 0750 ${cfg.user} gitea - -" - "Z '${cfg.lfs.contentDir}' - ${cfg.user} gitea - -" - "d '${cfg.repositoryRoot}' 0750 ${cfg.user} gitea - -" - "z '${cfg.repositoryRoot}' 0750 ${cfg.user} gitea - -" - "Z '${cfg.repositoryRoot}' - ${cfg.user} gitea - -" - "d '${cfg.stateDir}' 0750 ${cfg.user} gitea - -" - "d '${cfg.stateDir}/conf' 0750 ${cfg.user} gitea - -" - "d '${cfg.stateDir}/custom' 0750 ${cfg.user} gitea - -" - "d '${cfg.stateDir}/custom/conf' 0750 ${cfg.user} gitea - -" - "d '${cfg.stateDir}/data' 0750 ${cfg.user} gitea - -" - "d '${cfg.stateDir}/log' 0750 ${cfg.user} gitea - -" - "z '${cfg.stateDir}' 0750 ${cfg.user} gitea - -" - "z '${cfg.stateDir}/.ssh' 0700 ${cfg.user} gitea - -" - "z '${cfg.stateDir}/conf' 0750 ${cfg.user} gitea - -" - "z '${cfg.stateDir}/custom' 0750 ${cfg.user} gitea - -" - "z '${cfg.stateDir}/custom/conf' 0750 ${cfg.user} gitea - -" - "z '${cfg.stateDir}/data' 0750 ${cfg.user} gitea - -" - "z '${cfg.stateDir}/log' 0750 ${cfg.user} gitea - -" - "Z '${cfg.stateDir}' - ${cfg.user} gitea - -" + "d '${cfg.dump.backupDir}' 0750 ${cfg.user} ${cfg.group} - -" + "z '${cfg.dump.backupDir}' 0750 ${cfg.user} ${cfg.group} - -" + "Z '${cfg.dump.backupDir}' - ${cfg.user} ${cfg.group} - -" + "d '${cfg.lfs.contentDir}' 0750 ${cfg.user} ${cfg.group} - -" + "z '${cfg.lfs.contentDir}' 0750 ${cfg.user} ${cfg.group} - -" + "Z '${cfg.lfs.contentDir}' - ${cfg.user} ${cfg.group} - -" + "d '${cfg.repositoryRoot}' 0750 ${cfg.user} ${cfg.group} - -" + "z '${cfg.repositoryRoot}' 0750 ${cfg.user} ${cfg.group} - -" + "Z '${cfg.repositoryRoot}' - ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}/conf' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}/custom' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}/custom/conf' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}/data' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.stateDir}/log' 0750 ${cfg.user} ${cfg.group} - -" + "z '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -" + "z '${cfg.stateDir}/.ssh' 0700 ${cfg.user} ${cfg.group} - -" + "z '${cfg.stateDir}/conf' 0750 ${cfg.user} ${cfg.group} - -" + "z '${cfg.stateDir}/custom' 0750 ${cfg.user} ${cfg.group} - -" + "z '${cfg.stateDir}/custom/conf' 0750 ${cfg.user} ${cfg.group} - -" + "z '${cfg.stateDir}/data' 0750 ${cfg.user} ${cfg.group} - -" + "z '${cfg.stateDir}/log' 0750 ${cfg.user} ${cfg.group} - -" + "Z '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -" # If we have a folder or symlink with gitea locales, remove it # And symlink the current gitea locales in place @@ -565,7 +571,7 @@ in serviceConfig = { Type = "simple"; User = cfg.user; - Group = "gitea"; + Group = cfg.group; WorkingDirectory = cfg.stateDir; ExecStart = "${exe} web --pid /run/gitea/gitea.pid"; Restart = "always"; @@ -614,12 +620,14 @@ in description = "Gitea Service"; home = cfg.stateDir; useDefaultShell = true; - group = "gitea"; + group = cfg.group; isSystemUser = true; }; }; - users.groups.gitea = {}; + users.groups = mkIf (cfg.group == "gitea") { + gitea = {}; + }; warnings = optional (cfg.database.password != "") "config.services.gitea.database.password will be stored as plaintext in the Nix store. Use database.passwordFile instead." ++ From f7b9a1c561e9c03bad210b9d98dc576a47d1e029 Mon Sep 17 00:00:00 2001 From: ThinkChaos Date: Mon, 27 Feb 2023 12:58:29 -0500 Subject: [PATCH 3/6] nixos/gitea: disable LFS related code when it is not configured --- nixos/modules/services/misc/gitea.nix | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index 86a9b21b008e..3679faf9ab91 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -399,7 +399,6 @@ in { DOMAIN = cfg.domain; STATIC_ROOT_PATH = toString cfg.staticRootPath; - LFS_JWT_SECRET = "#lfsjwtsecret#"; ROOT_URL = cfg.rootUrl; } (mkIf cfg.enableUnixSocket { @@ -412,8 +411,8 @@ in }) (mkIf cfg.lfs.enable { LFS_START_SERVER = true; + LFS_JWT_SECRET = "#lfsjwtsecret#"; }) - ]; session = { @@ -434,7 +433,7 @@ in JWT_SECRET = "#oauth2jwtsecret#"; }; - lfs = mkIf (cfg.lfs.enable) { + lfs = mkIf cfg.lfs.enable { PATH = cfg.lfs.contentDir; }; }; @@ -466,9 +465,6 @@ in "d '${cfg.dump.backupDir}' 0750 ${cfg.user} ${cfg.group} - -" "z '${cfg.dump.backupDir}' 0750 ${cfg.user} ${cfg.group} - -" "Z '${cfg.dump.backupDir}' - ${cfg.user} ${cfg.group} - -" - "d '${cfg.lfs.contentDir}' 0750 ${cfg.user} ${cfg.group} - -" - "z '${cfg.lfs.contentDir}' 0750 ${cfg.user} ${cfg.group} - -" - "Z '${cfg.lfs.contentDir}' - ${cfg.user} ${cfg.group} - -" "d '${cfg.repositoryRoot}' 0750 ${cfg.user} ${cfg.group} - -" "z '${cfg.repositoryRoot}' 0750 ${cfg.user} ${cfg.group} - -" "Z '${cfg.repositoryRoot}' - ${cfg.user} ${cfg.group} - -" @@ -490,6 +486,11 @@ in # If we have a folder or symlink with gitea locales, remove it # And symlink the current gitea locales in place "L+ '${cfg.stateDir}/conf/locale' - - - - ${cfg.package.out}/locale" + + ] ++ lib.optionals cfg.lfs.enable [ + "d '${cfg.lfs.contentDir}' 0750 ${cfg.user} ${cfg.group} - -" + "z '${cfg.lfs.contentDir}' 0750 ${cfg.user} ${cfg.group} - -" + "Z '${cfg.lfs.contentDir}' - ${cfg.user} ${cfg.group} - -" ]; systemd.services.gitea = { @@ -532,9 +533,11 @@ in ${exe} generate secret JWT_SECRET > ${oauth2JwtSecret} fi + ${lib.optionalString cfg.lfs.enable '' if [ ! -s ${lfsJwtSecret} ]; then ${exe} generate secret LFS_JWT_SECRET > ${lfsJwtSecret} fi + ''} if [ ! -s ${internalToken} ]; then ${exe} generate secret INTERNAL_TOKEN > ${internalToken} @@ -544,9 +547,12 @@ in ${replaceSecretBin} '#secretkey#' '${secretKey}' '${runConfig}' ${replaceSecretBin} '#dbpass#' '${cfg.database.passwordFile}' '${runConfig}' ${replaceSecretBin} '#oauth2jwtsecret#' '${oauth2JwtSecret}' '${runConfig}' - ${replaceSecretBin} '#lfsjwtsecret#' '${lfsJwtSecret}' '${runConfig}' ${replaceSecretBin} '#internaltoken#' '${internalToken}' '${runConfig}' + ${lib.optionalString cfg.lfs.enable '' + ${replaceSecretBin} '#lfsjwtsecret#' '${lfsJwtSecret}' '${runConfig}'" + ''} + ${lib.optionalString (cfg.mailerPasswordFile != null) '' ${replaceSecretBin} '#mailerpass#' '${cfg.mailerPasswordFile}' '${runConfig}' ''} From eba0db3c1cee4a04e6e39711f42a0788f90c5e75 Mon Sep 17 00:00:00 2001 From: ThinkChaos Date: Tue, 13 Dec 2022 12:53:31 -0500 Subject: [PATCH 4/6] nixos/gitea: add `customDir` option Use case is storing secrets in a non persistent directory as I manage them separately from this module. --- nixos/modules/services/misc/gitea.nix | 32 +++++++++++++++++---------- 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index 3679faf9ab91..086096631a40 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -57,7 +57,14 @@ in stateDir = mkOption { default = "/var/lib/gitea"; type = types.str; - description = lib.mdDoc "gitea data directory."; + description = lib.mdDoc "Gitea data directory."; + }; + + customDir = mkOption { + default = "${cfg.stateDir}/custom"; + defaultText = literalExpression ''"''${config.${opt.stateDir}}/custom"''; + type = types.str; + description = lib.mdDoc "Gitea custom directory. Used for config, custom templates and other options."; }; user = mkOption { @@ -470,15 +477,15 @@ in "Z '${cfg.repositoryRoot}' - ${cfg.user} ${cfg.group} - -" "d '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -" "d '${cfg.stateDir}/conf' 0750 ${cfg.user} ${cfg.group} - -" - "d '${cfg.stateDir}/custom' 0750 ${cfg.user} ${cfg.group} - -" - "d '${cfg.stateDir}/custom/conf' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.customDir}' 0750 ${cfg.user} ${cfg.group} - -" + "d '${cfg.customDir}/conf' 0750 ${cfg.user} ${cfg.group} - -" "d '${cfg.stateDir}/data' 0750 ${cfg.user} ${cfg.group} - -" "d '${cfg.stateDir}/log' 0750 ${cfg.user} ${cfg.group} - -" "z '${cfg.stateDir}' 0750 ${cfg.user} ${cfg.group} - -" "z '${cfg.stateDir}/.ssh' 0700 ${cfg.user} ${cfg.group} - -" "z '${cfg.stateDir}/conf' 0750 ${cfg.user} ${cfg.group} - -" - "z '${cfg.stateDir}/custom' 0750 ${cfg.user} ${cfg.group} - -" - "z '${cfg.stateDir}/custom/conf' 0750 ${cfg.user} ${cfg.group} - -" + "z '${cfg.customDir}' 0750 ${cfg.user} ${cfg.group} - -" + "z '${cfg.customDir}/conf' 0750 ${cfg.user} ${cfg.group} - -" "z '${cfg.stateDir}/data' 0750 ${cfg.user} ${cfg.group} - -" "z '${cfg.stateDir}/log' 0750 ${cfg.user} ${cfg.group} - -" "Z '${cfg.stateDir}' - ${cfg.user} ${cfg.group} - -" @@ -507,12 +514,12 @@ in # lfs_jwt_secret. # We have to consider this to stay compatible with older installations. preStart = let - runConfig = "${cfg.stateDir}/custom/conf/app.ini"; - secretKey = "${cfg.stateDir}/custom/conf/secret_key"; - oauth2JwtSecret = "${cfg.stateDir}/custom/conf/oauth2_jwt_secret"; - oldLfsJwtSecret = "${cfg.stateDir}/custom/conf/jwt_secret"; # old file for LFS_JWT_SECRET - lfsJwtSecret = "${cfg.stateDir}/custom/conf/lfs_jwt_secret"; # new file for LFS_JWT_SECRET - internalToken = "${cfg.stateDir}/custom/conf/internal_token"; + runConfig = "${cfg.customDir}/conf/app.ini"; + secretKey = "${cfg.customDir}/conf/secret_key"; + oauth2JwtSecret = "${cfg.customDir}/conf/oauth2_jwt_secret"; + oldLfsJwtSecret = "${cfg.customDir}/conf/jwt_secret"; # old file for LFS_JWT_SECRET + lfsJwtSecret = "${cfg.customDir}/conf/lfs_jwt_secret"; # new file for LFS_JWT_SECRET + internalToken = "${cfg.customDir}/conf/internal_token"; replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret"; in '' # copy custom configuration and generate a random secret key if needed @@ -585,7 +592,7 @@ in RuntimeDirectory = "gitea"; RuntimeDirectoryMode = "0755"; # Access write directories - ReadWritePaths = [ cfg.dump.backupDir cfg.repositoryRoot cfg.stateDir cfg.lfs.contentDir ]; + ReadWritePaths = [ cfg.customDir cfg.dump.backupDir cfg.repositoryRoot cfg.stateDir cfg.lfs.contentDir ]; UMask = "0027"; # Capabilities CapabilityBoundingSet = ""; @@ -618,6 +625,7 @@ in USER = cfg.user; HOME = cfg.stateDir; GITEA_WORK_DIR = cfg.stateDir; + GITEA_CUSTOM = cfg.customDir; }; }; From 2901c2f94e3b0688209000862a925162cb77b070 Mon Sep 17 00:00:00 2001 From: ThinkChaos Date: Tue, 13 Dec 2022 12:56:04 -0500 Subject: [PATCH 5/6] nixos/gitea: quote paths in preStart script --- nixos/modules/services/misc/gitea.nix | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index 086096631a40..fea264e0f97b 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -525,29 +525,29 @@ in # copy custom configuration and generate a random secret key if needed ${optionalString (!cfg.useWizard) '' function gitea_setup { - cp -f ${configFile} ${runConfig} + cp -f '${configFile}' '${runConfig}' - if [ ! -s ${secretKey} ]; then - ${exe} generate secret SECRET_KEY > ${secretKey} + if [ ! -s '${secretKey}' ]; then + ${exe} generate secret SECRET_KEY > '${secretKey}' fi # Migrate LFS_JWT_SECRET filename - if [[ -s ${oldLfsJwtSecret} && ! -s ${lfsJwtSecret} ]]; then - mv ${oldLfsJwtSecret} ${lfsJwtSecret} + if [[ -s '${oldLfsJwtSecret}' && ! -s '${lfsJwtSecret}' ]]; then + mv '${oldLfsJwtSecret}' '${lfsJwtSecret}' fi - if [ ! -s ${oauth2JwtSecret} ]; then - ${exe} generate secret JWT_SECRET > ${oauth2JwtSecret} + if [ ! -s '${oauth2JwtSecret}' ]; then + ${exe} generate secret JWT_SECRET > '${oauth2JwtSecret}' fi ${lib.optionalString cfg.lfs.enable '' - if [ ! -s ${lfsJwtSecret} ]; then - ${exe} generate secret LFS_JWT_SECRET > ${lfsJwtSecret} + if [ ! -s '${lfsJwtSecret}' ]; then + ${exe} generate secret LFS_JWT_SECRET > '${lfsJwtSecret}' fi ''} - if [ ! -s ${internalToken} ]; then - ${exe} generate secret INTERNAL_TOKEN > ${internalToken} + if [ ! -s '${internalToken}' ]; then + ${exe} generate secret INTERNAL_TOKEN > '${internalToken}' fi chmod u+w '${runConfig}' From 70cf02924e65c8c9c9faa55a240ef40b66ecf7ef Mon Sep 17 00:00:00 2001 From: ThinkChaos Date: Tue, 13 Dec 2022 12:58:10 -0500 Subject: [PATCH 6/6] nixos/gitea: convert more simple settings to freeform Also update `settings.server.PROTOCOL` to use non deprecated values. --- .../manual/release-notes/rl-2305.section.md | 2 + nixos/modules/services/misc/gitea.nix | 114 +++++++++--------- 2 files changed, 57 insertions(+), 59 deletions(-) diff --git a/nixos/doc/manual/release-notes/rl-2305.section.md b/nixos/doc/manual/release-notes/rl-2305.section.md index 73690ee3bb69..c5c818049d5d 100644 --- a/nixos/doc/manual/release-notes/rl-2305.section.md +++ b/nixos/doc/manual/release-notes/rl-2305.section.md @@ -419,6 +419,8 @@ In addition to numerous new and upgraded packages, this release has the followin - `k3s` can now be configured with an EnvironmentFile for its systemd service, allowing secrets to be provided without ending up in the Nix Store. +- `gitea` module options have been changed to be RFC042 conforming (i.e. some options were moved to be located under `services.gitea.settings`) + - `boot.initrd.luks.device.` has a new `tryEmptyPassphrase` option, this is useful for OEM's who need to install an encrypted disk with a future settable passphrase - Lisp gained a [manual section](https://nixos.org/manual/nixpkgs/stable/#lisp), documenting a new and backwards incompatible interface. The previous interface will be removed in a future release. diff --git a/nixos/modules/services/misc/gitea.nix b/nixos/modules/services/misc/gitea.nix index fea264e0f97b..a5d7a73dd06a 100644 --- a/nixos/modules/services/misc/gitea.nix +++ b/nixos/modules/services/misc/gitea.nix @@ -26,9 +26,18 @@ in imports = [ (mkRenamedOptionModule [ "services" "gitea" "cookieSecure" ] [ "services" "gitea" "settings" "session" "COOKIE_SECURE" ]) (mkRenamedOptionModule [ "services" "gitea" "disableRegistration" ] [ "services" "gitea" "settings" "service" "DISABLE_REGISTRATION" ]) + (mkRenamedOptionModule [ "services" "gitea" "domain" ] [ "services" "gitea" "settings" "server" "DOMAIN" ]) + (mkRenamedOptionModule [ "services" "gitea" "httpAddress" ] [ "services" "gitea" "settings" "server" "HTTP_ADDR" ]) + (mkRenamedOptionModule [ "services" "gitea" "httpPort" ] [ "services" "gitea" "settings" "server" "HTTP_PORT" ]) (mkRenamedOptionModule [ "services" "gitea" "log" "level" ] [ "services" "gitea" "settings" "log" "LEVEL" ]) (mkRenamedOptionModule [ "services" "gitea" "log" "rootPath" ] [ "services" "gitea" "settings" "log" "ROOT_PATH" ]) + (mkRenamedOptionModule [ "services" "gitea" "rootUrl" ] [ "services" "gitea" "settings" "server" "ROOT_URL" ]) (mkRenamedOptionModule [ "services" "gitea" "ssh" "clonePort" ] [ "services" "gitea" "settings" "server" "SSH_PORT" ]) + (mkRenamedOptionModule [ "services" "gitea" "staticRootPath" ] [ "services" "gitea" "settings" "server" "STATIC_ROOT_PATH" ]) + + (mkChangedOptionModule [ "services" "gitea" "enableUnixSocket" ] [ "services" "gitea" "settings" "server" "PROTOCOL" ] ( + config: if config.services.gitea.enableUnixSocket then "http+unix" else "http" + )) (mkRemovedOptionModule [ "services" "gitea" "ssh" "enable" ] "services.gitea.ssh.enable has been migrated into freeform setting services.gitea.settings.server.DISABLE_SSH. Keep in mind that the setting is inverted") ]; @@ -229,44 +238,6 @@ in description = lib.mdDoc "Path to the git repositories."; }; - domain = mkOption { - type = types.str; - default = "localhost"; - description = lib.mdDoc "Domain name of your server."; - }; - - rootUrl = mkOption { - type = types.str; - default = "http://localhost:3000/"; - description = lib.mdDoc "Full public URL of gitea server."; - }; - - httpAddress = mkOption { - type = types.str; - default = "0.0.0.0"; - description = lib.mdDoc "HTTP listen address."; - }; - - httpPort = mkOption { - type = types.port; - default = 3000; - description = lib.mdDoc "HTTP listen port."; - }; - - enableUnixSocket = mkOption { - type = types.bool; - default = false; - description = lib.mdDoc "Configure Gitea to listen on a unix socket instead of the default TCP port."; - }; - - staticRootPath = mkOption { - type = types.either types.str types.path; - default = cfg.package.data; - defaultText = literalExpression "package.data"; - example = "/var/lib/gitea/data"; - description = lib.mdDoc "Upper level of template and static files path."; - }; - mailerPasswordFile = mkOption { type = types.nullOr types.str; default = null; @@ -298,7 +269,7 @@ in }; } ''; - type = with types; submodule { + type = types.submodule { freeformType = format.type; options = { log = { @@ -316,6 +287,46 @@ in }; server = { + PROTOCOL = mkOption { + type = types.enum [ "http" "https" "fcgi" "http+unix" "fcgi+unix" ]; + default = "http"; + description = lib.mdDoc ''Listen protocol. `+unix` means "over unix", not "in addition to."''; + }; + + HTTP_ADDR = mkOption { + type = types.either types.str types.path; + default = if lib.hasSuffix "+unix" cfg.settings.server.PROTOCOL then "/run/gitea/gitea.sock" else "0.0.0.0"; + defaultText = literalExpression ''if lib.hasSuffix "+unix" cfg.settings.server.PROTOCOL then "/run/gitea/gitea.sock" else "0.0.0.0"''; + description = lib.mdDoc "Listen address. Must be a path when using a unix socket."; + }; + + HTTP_PORT = mkOption { + type = types.port; + default = 3000; + description = lib.mdDoc "Listen port. Ignored when using a unix socket."; + }; + + DOMAIN = mkOption { + type = types.str; + default = "localhost"; + description = lib.mdDoc "Domain name of your server."; + }; + + ROOT_URL = mkOption { + type = types.str; + default = "http://${cfg.settings.server.DOMAIN}:${toString cfg.settings.server.HTTP_PORT}/"; + defaultText = literalExpression ''"http://''${config.services.gitea.settings.server.DOMAIN}:''${toString config.services.gitea.settings.server.HTTP_PORT}/"''; + description = lib.mdDoc "Full public URL of gitea server."; + }; + + STATIC_ROOT_PATH = mkOption { + type = types.either types.str types.path; + default = cfg.package.data; + defaultText = literalExpression "config.${opt.package}.data"; + example = "/var/lib/gitea/data"; + description = lib.mdDoc "Upper level of template and static files path."; + }; + DISABLE_SSH = mkOption { type = types.bool; default = false; @@ -402,25 +413,10 @@ in ROOT = cfg.repositoryRoot; }; - server = mkMerge [ - { - DOMAIN = cfg.domain; - STATIC_ROOT_PATH = toString cfg.staticRootPath; - ROOT_URL = cfg.rootUrl; - } - (mkIf cfg.enableUnixSocket { - PROTOCOL = "http+unix"; - HTTP_ADDR = "/run/gitea/gitea.sock"; - }) - (mkIf (!cfg.enableUnixSocket) { - HTTP_ADDR = cfg.httpAddress; - HTTP_PORT = cfg.httpPort; - }) - (mkIf cfg.lfs.enable { - LFS_START_SERVER = true; - LFS_JWT_SECRET = "#lfsjwtsecret#"; - }) - ]; + server = mkIf cfg.lfs.enable { + LFS_START_SERVER = true; + LFS_JWT_SECRET = "#lfsjwtsecret#"; + }; session = { COOKIE_NAME = lib.mkDefault "session"; @@ -522,7 +518,7 @@ in internalToken = "${cfg.customDir}/conf/internal_token"; replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret"; in '' - # copy custom configuration and generate a random secret key if needed + # copy custom configuration and generate random secrets if needed ${optionalString (!cfg.useWizard) '' function gitea_setup { cp -f '${configFile}' '${runConfig}'