nix-config/hosts/vps1/gitea.nix

{
  inputs,
  config,
  lib,
  pkgs,
  ...
}:
let
  domain = "git.vimium.com";
in
{
  users = {
    users.git = {
      isSystemUser = true;
      useDefaultShell = true;
      group = "git";
      extraGroups = [ "gitea" ];
      home = config.services.gitea.stateDir;
    };
    groups.git = { };
  };

  services.nginx = {
    upstreams.gitea = {
      servers = {
        "unix:${config.services.gitea.settings.server.HTTP_ADDR}" = { };
      };
    };
    virtualHosts = {
      "${domain}" = {
        forceSSL = true;
        enableACME = true;
        locations."/".proxyPass = "http://gitea";
      };
    };
  };

  systemd.tmpfiles.rules = [
    "d '${config.services.gitea.customDir}/public/assets/css' 0750 ${config.services.gitea.user} ${config.services.gitea.group} - -"
    "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github.css' - - - - ${inputs.gitea-github-theme}/theme-github.css"
    "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-auto.css' - - - - ${inputs.gitea-github-theme}/theme-github-auto.css"
    "L+ '${config.services.gitea.customDir}/public/assets/css/theme-github-dark.css' - - - - ${inputs.gitea-github-theme}/theme-github-dark.css"
  ];

  services.gitea = rec {
    package = pkgs.unstable.gitea;
    enable = true;
    user = "git";
    appName = "Vimium Git";
    stateDir = "/var/lib/gitea";
    repositoryRoot = "${stateDir}/repositories";
    database = {
      type = "sqlite3";
      inherit user;
      path = "${stateDir}/gitea.db";
    };
    lfs = {
      enable = true;
      contentDir = "${stateDir}/lfs";
    };
    settings = {
      server = {
        DOMAIN = config.networking.domain;
        LANDING_PAGE = "explore";
        OFFLINE_MODE = true;
        PROTOCOL = "http+unix";
        SSH_USER = "git";
        SSH_DOMAIN = "${domain}";
        SSH_PORT = lib.head config.services.openssh.ports;
        ROOT_URL = "https://${domain}/";
      };
      service.DISABLE_REGISTRATION = true;
      session.COOKIE_SECURE = true;
      log = {
        ROOT_PATH = "${stateDir}/log";
        "logger.router.MODE" = "";
      };
      ui = {
        THEMES = "gitea,arc-green,github,github-auto,github-dark";
        DEFAULT_THEME = "github-dark";
      };
      actions.ENABLED = true;
      indexer = {
        REPO_INDEXER_ENABLED = true;
      };
      packages.CHUNKED_UPLOAD_PATH = lib.mkForce "${stateDir}/data/tmp/package-upload";
    };
  };
}