sydnix/modules/nixos/deertopia/gitea.nix

{ config, lib, pkgs, ... }:

let
  cfg = config.sydnix.deertopia.gitea;
  commas = lib.concatStringsSep ",";
in {
  options.sydnix.deertopia.gitea = {
    enable = lib.mkEnableOption "Gitea";
  };

  config = lib.mkIf cfg.enable {
    sydnix.impermanence.directories = [
      {
	directory = config.services.gitea.stateDir;
	inherit (config.services.gitea) user group;
      }
    ];

    sydnix.deertopia.nginx.vhosts."git" = {
      directory = null;
      vhost = {
        forceSSL = true;
        enableACME = true;
        locations."/".extraConfig =
          let port = builtins.toString config.services.gitea
                      .settings.server.HTTP_PORT;
          in ''
            proxy_pass http://127.0.0.1:${port}/;
          '';
      };
    };

    users.users.git = {
      description = "Gitea Service";
      home = config.services.gitea.stateDir;
      useDefaultShell = true;
      group = config.services.gitea.group;
      isSystemUser = true;
    };

    users.groups.git = { };

    # sudo -u git gitea admin auth add-ldap --name gitea --port 3890 --bind-dn 'uid=gitea,ou=people,dc=deertopia,dc=net' --bind-password «password» --user-search-base 'ou=people,dc=deertopia,dc=net' --user-filter '(&(memberof=cn=git,ou=groups,dc=deertopia,dc=net)(|(uid=%[1]s)(mail=%[1]s)))' --username-attribute uid --firstname-attribute givenName --surname-attribute sn --email-attribute mail --avatar-attribute jpegPhoto --security-protocol unencrypted --host 127.0.0.1 --config /var/lib/gitea/custom/conf/app.ini --synchronize-users

    sydnix.sops.secrets.gitea-mailer-password = {
      mode = "0440";
      owner = "git";
      group = "git";
    };

    services.gitea = {
      enable = true;
      user = "git";
      group = "git";
      appName = "GupHub"; # Name per my dear Astrid ♥!!!!!
      mailerPasswordFile = config.sops.secrets.gitea-mailer-password.path;
      settings = {
	server = {
	  ROOT_URL = "https://git.deertopia.net/";
	  HTTP_PORT = 3000;
	  DOMAIN = "deertopia.net";
	};
	service = {
	  DISABLE_REGISTRATION = true;
          ENABLE_NOTIFY_MAIL = true;
	};
        "repository.pull-request" = {
          CLOSE_KEYWORDS = commas [
            # en
            "close" "closes" "closed" "fix" "fixes" "fixed" "resolve"
            "resolves" "resolved"
            # tok
            "pini e"
            # ko
            "해결" "해결합니다" "해결했다"
            "종료" "종료합니다" "중료한다" "중료해" "중료하다"
            "수정" "수정했습니다" "중료한다" "중료해" "중료하다"
          ];
          REOPEN_KEYWORDS = commas [
            # en
            "reopen" "reopens" "reopened"
            # tok
            "open sin e" "pakala sin e"
            "li pakala sin" "li pakalan sin"
            # ko
            "재개" "재개합니다" "다시 열기" "다시 엽니다" "다시 여다"
            "다시 연다"
          ];
          WORK_IN_PROGRESS_PREFIXES = commas [
            # en
            "WIP:" "[WIP]"
            # tok
            "pini ala:" "awen pali:"
            # ko
            "공사 중:" "공사중:" "중:" "[중]" "中:" "[中]"
          ];
        };
        mailer = {
          ENABLED = true;
          FROM = "Gitea <no-reply@deertopia.net>";
          PROTOCOL = "smtps";
          SMTP_ADDR = "smtp.fastmail.com";
          SMTP_PORT = 465;
          USER = "msyds@deertopia.net";
        };
      };
    };
  };
}