Merge pull request #173669 from SuperSandro2000/gitea (df977350) · Commits · nix / nixpkgs

nixos/modules/services/misc/gitea.nix

+78 −77

Original line number	Diff line number	Diff line
		@@ -10,6 +10,7 @@ let
		useMysql = cfg.database.type == "mysql";
		usePostgresql = cfg.database.type == "postgres";
		useSqlite = cfg.database.type == "sqlite3";
		format = pkgs.formats.ini { };
		configFile = pkgs.writeText "app.ini" ''
		APP_NAME = ${cfg.appName}
		RUN_USER = ${cfg.user}
		@@ -22,6 +23,16 @@ let
		in

		{
		imports = [
		(mkRenamedOptionModule [ "services" "gitea" "cookieSecure" ] [ "services" "gitea" "settings" "session" "COOKIE_SECURE" ])
		(mkRenamedOptionModule [ "services" "gitea" "disableRegistration" ] [ "services" "gitea" "settings" "service" "DISABLE_REGISTRATION" ])
		(mkRenamedOptionModule [ "services" "gitea" "log" "level" ] [ "services" "gitea" "settings" "log" "LEVEL" ])
		(mkRenamedOptionModule [ "services" "gitea" "log" "rootPath" ] [ "services" "gitea" "settings" "log" "ROOT_PATH" ])
		(mkRenamedOptionModule [ "services" "gitea" "ssh" "clonePort" ] [ "services" "gitea" "settings" "server" "SSH_PORT" ])

		(mkRemovedOptionModule [ "services" "gitea" "ssh" "enable" ] "services.gitea.ssh.enable has been migrated into freeform setting services.gitea.settings.server.DISABLE_SSH. Keep in mind that the setting is inverted")
		];

		options = {
		services.gitea = {
		enable = mkOption {
		@@ -49,20 +60,6 @@ in
		description = lib.mdDoc "gitea data directory.";
		};

		log = {
		rootPath = mkOption {
		default = "${cfg.stateDir}/log";
		defaultText = literalExpression ''"''${config.${opt.stateDir}}/log"'';
		type = types.str;
		description = lib.mdDoc "Root path for log files.";
		};
		level = mkOption {
		default = "Info";
		type = types.enum [ "Trace" "Debug" "Info" "Warn" "Error" "Critical" ];
		description = lib.mdDoc "General log level.";
		};
		};

		user = mkOption {
		type = types.str;
		default = "gitea";
		@@ -85,7 +82,7 @@ in

		port = mkOption {
		type = types.port;
		default = (if !usePostgresql then 3306 else pg.port);
		default = if !usePostgresql then 3306 else pg.port;
		defaultText = literalExpression ''
		if config.${opt.database.type} != "postgresql"
		then 3306
		@@ -192,25 +189,6 @@ in
		};
		};

		ssh = {
		enable = mkOption {
		type = types.bool;
		default = true;
		description = lib.mdDoc "Enable external SSH feature.";
		};

		clonePort = mkOption {
		type = types.int;
		default = 22;
		example = 2222;
		description = lib.mdDoc ''
		SSH port displayed in clone URL.
		The option is required to configure a service when the external visible port
		differs from the local listening port i.e. if port forwarding is used.
		'';
		};
		};

		lfs = {
		enable = mkOption {
		type = types.bool;
		@@ -269,15 +247,6 @@ in
		description = lib.mdDoc "Configure Gitea to listen on a unix socket instead of the default TCP port.";
		};

		cookieSecure = mkOption {
		type = types.bool;
		default = false;
		description = lib.mdDoc ''
		Marks session cookies as "secure" as a hint for browsers to only send
		them via HTTPS. This option is recommend, if gitea is being served over HTTPS.
		'';
		};

		staticRootPath = mkOption {
		type = types.either types.str types.path;
		default = gitea.data;
		@@ -293,20 +262,7 @@ in
		description = lib.mdDoc "Path to a file containing the SMTP password.";
		};

		disableRegistration = mkEnableOption "the registration lock" // {
		description = ''
		By default any user can create an account on this <literal>gitea</literal> instance.
		This can be disabled by using this option.

		<emphasis>Note:</emphasis> please keep in mind that this should be added after the initial
		deploy unless <link linkend="opt-services.gitea.useWizard">services.gitea.useWizard</link>
		is <literal>true</literal> as the first registered user will be the administrator if
		no install wizard is used.
		'';
		};

		settings = mkOption {
		type = with types; attrsOf (attrsOf (oneOf [ bool int str ]));
		default = {};
		description = lib.mdDoc ''
		Gitea configuration. Refer to <https://docs.gitea.io/en-us/config-cheat-sheet/>
		@@ -330,6 +286,68 @@ in
		};
		}
		'';
		type = with types; submodule {
		freeformType = format.type;
		options = {
		log = {
		ROOT_PATH = mkOption {
		default = "${cfg.stateDir}/log";
		defaultText = literalExpression ''"''${config.${opt.stateDir}}/log"'';
		type = types.str;
		description = "Root path for log files.";
		};
		LEVEL = mkOption {
		default = "Info";
		type = types.enum [ "Trace" "Debug" "Info" "Warn" "Error" "Critical" ];
		description = "General log level.";
		};
		};

		server = {
		DISABLE_SSH = mkOption {
		type = types.bool;
		default = false;
		description = "Disable external SSH feature.";
		};

		SSH_PORT = mkOption {
		type = types.int;
		default = 22;
		example = 2222;
		description = ''
		SSH port displayed in clone URL.
		The option is required to configure a service when the external visible port
		differs from the local listening port i.e. if port forwarding is used.
		'';
		};
		};

		service = {
		DISABLE_REGISTRATION = mkEnableOption "the registration lock" // {
		description = ''
		By default any user can create an account on this <literal>gitea</literal> instance.
		This can be disabled by using this option.

		<emphasis>Note:</emphasis> please keep in mind that this should be added after the initial
		deploy unless <link linkend="opt-services.gitea.useWizard">services.gitea.useWizard</link>
		is <literal>true</literal> as the first registered user will be the administrator if
		no install wizard is used.
		'';
		};
		};

		session = {
		COOKIE_SECURE = mkOption {
		type = types.bool;
		default = false;
		description = ''
		Marks session cookies as "secure" as a hint for browsers to only send
		them via HTTPS. This option is recommend, if gitea is being served over HTTPS.
		'';
		};
		};
		};
		};
		};

		extraConfig = mkOption {
		@@ -385,13 +403,6 @@ in
		HTTP_ADDR = cfg.httpAddress;
		HTTP_PORT = cfg.httpPort;
		})
		(mkIf cfg.ssh.enable {
		DISABLE_SSH = false;
		SSH_PORT = cfg.ssh.clonePort;
		})
		(mkIf (!cfg.ssh.enable) {
		DISABLE_SSH = true;
		})
		(mkIf cfg.lfs.enable {
		LFS_START_SERVER = true;
		LFS_CONTENT_PATH = cfg.lfs.contentDir;
		@@ -400,8 +411,7 @@ in
		];

		session = {
		COOKIE_NAME = "session";
		COOKIE_SECURE = cfg.cookieSecure;
		COOKIE_NAME = lib.mkDefault "session";
		};

		security = {
		@@ -410,15 +420,6 @@ in
		INSTALL_LOCK = true;
		};

		log = {
		ROOT_PATH = cfg.log.rootPath;
		LEVEL = cfg.log.level;
		};

		service = {
		DISABLE_REGISTRATION = cfg.disableRegistration;
		};

		mailer = mkIf (cfg.mailerPasswordFile != null) {
		PASSWD = "#mailerpass#";
		};
		@@ -502,7 +503,7 @@ in
		replaceSecretBin = "${pkgs.replace-secret}/bin/replace-secret";
		in ''
		# copy custom configuration and generate a random secret key if needed
		${optionalString (cfg.useWizard == false) ''
		${optionalString (!cfg.useWizard) ''
		function gitea_setup {
		cp -f ${configFile} ${runConfig}

		@@ -622,10 +623,10 @@ in

		# Create database passwordFile default when password is configured.
		services.gitea.database.passwordFile =
		(mkDefault (toString (pkgs.writeTextFile {
		mkDefault (toString (pkgs.writeTextFile {
		name = "gitea-database-password";
		text = cfg.database.password;
		})));
		}));

		systemd.services.gitea-dump = mkIf cfg.dump.enable {
		description = "gitea dump";

Admin message