{ config, lib, ... }: let cfg = config.services.gitea; in { services.gitea = { enable = true; appName = "Gitea in the jungle"; settings = { server = { ROOT_URL = "https://jungle.bsc.es/git/"; LOCAL_ROOT_URL = "https://jungle.bsc.es/git/"; LANDING_PAGE = "explore"; }; metrics.ENABLED = true; service = { DISABLE_REGISTRATION = true; REGISTER_MANUAL_CONFIRM = true; ENABLE_NOTIFY_MAIL = true; }; log.LEVEL = "Warn"; mailer = { ENABLED = true; FROM = "jungle-robot@bsc.es"; PROTOCOL = "sendmail"; SENDMAIL_PATH = "/run/wrappers/bin/sendmail"; SENDMAIL_ARGS = "--"; }; }; dump = { enable = false; # Do not enable NixOS module, use our custom systemd script below backupDir = "/vault/backup/gitea"; }; }; systemd.services.gitea-backup = let exe = lib.getExe cfg.package; in { description = "Gitea daily backup"; after = [ "gitea.service" ]; path = [ cfg.package ]; environment = { USER = cfg.user; HOME = cfg.stateDir; GITEA_WORK_DIR = cfg.stateDir; GITEA_CUSTOM = cfg.customDir; }; serviceConfig = { Type = "oneshot"; User = cfg.user; WorkingDirectory = cfg.dump.backupDir; }; script = '' name="gitea-dump-$(date +%a).${cfg.dump.type}" ${exe} dump --type ${cfg.dump.type} --file - >"$name.tmp" mv "$name.tmp" "$name" cp "$name" "/ceph/backup/gitea/$name" ''; }; # Create also the /ceph directories if needed systemd.tmpfiles.rules = [ "d /ceph/backup/gitea/ 0750 ${cfg.user} ${cfg.group} - -" "z /ceph/backup/gitea/ 0750 ${cfg.user} ${cfg.group} - -" ]; systemd.timers.gitea-backup = { description = "Update timer for gitea-backup"; partOf = [ "gitea-backup.service" ]; wantedBy = [ "timers.target" ]; timerConfig.OnCalendar = cfg.dump.interval; }; # Allow gitea user to send mail users.users.gitea.extraGroups = [ "mail-robot" ]; }