Added gitea module

modules/nixos/services/gitea/default.nix

@@ -0,0 +1,61 @@
+{
+  options,
+  config,
+  lib,
+  pkgs,
+  format,
+  ...
+}:
+with lib; let
+  cfg = config.aa.services.gitea;
+  gitea_cfg = config.services.gitea;
+in {
+  options.aa.services.gitea = with types; {
+    enable = mkEnableOption "gitea";
+    acmeCertName = mkOption {
+      type = str;
+      default = "";
+      description = ''
+        If set to a non-empty string, forces SSL with the supplied acme
+        certificate.
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.gitea = {
+      enable = true;
+      appName = "Internal Gitea server";
+      database = {
+        type = "postgres";
+      };
+
+      useWizard = false;
+
+      settings = {
+        server = {
+          DOMAIN = "gitea.kilonull.com";
+          ROOT_URL = "https://gitea.kilonull.com";
+          HTTP_PORT = 3001;
+        };
+
+        session.COOKIE_SECURE = true;
+        service.DISABLE_REGISTRATION = true;
+      };
+    };
+
+    services.nginx = {
+      enable = true;
+      virtualHosts."gitea.kilonull.com" =
+        {
+          locations."/" = {
+            proxyPass = "http://127.0.0.1:${toString gitea_cfg.settings.server.HTTP_PORT}";
+          };
+        }
+        // lib.optionalAttrs (cfg.acmeCertName != "") {
+          forceSSL = true;
+          useACMEHost = cfg.acmeCertName;
+        };
+    };
+  };
+}

systems/x86_64-linux/node/default.nix

@@ -47,6 +47,11 @@
       remoteTargetDatasets = ["tank/backups"];
       remoteTargetPublicKeys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAhA+9O2OBMDH1Xnj6isu36df5TOdZG8aEA4JpN2K60e syncoid@gospel"];
     };
+    services.gitea = {
+      enable = true;
+      acmeCertName = "kilonull.com";
+    };
+
     services.homeassistant = {
       enable = true;
       acmeCertName = "kilonull.com";