alex/nixos-configs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Apply nixfmt

Browse Source
This commit is contained in:
Alexander Heldt
2024-09-02 21:55:26 +02:00
parent bda8def5fe
commit f15701f426
61 changed files with 803 additions and 488 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
hosts/tadpole/modules/gitea/default.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, lib, config, ... }:
{
pkgs,
lib,
config,
...
}:
let
conf = config.mod.gitea;
gitDomain = "git.${conf.baseDomain}";
@@ -26,7 +31,7 @@ in
webfingerAccounts = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
default = [ ];
description = "The accounts that should be listed";
};
};
@@ -47,7 +52,7 @@ in
message = "There is no cert configured for ${conf.baseDomain} used by webfinger";
}
{
assertion = conf.webfingerEnable && conf.webfingerAccounts != [];
assertion = conf.webfingerEnable && conf.webfingerAccounts != [ ];
message = "Option 'mod.gitea.webfingerAccounts' cannot be empty";
}
];
@@ -81,38 +86,43 @@ in
services.nginx = {
virtualHosts."${conf.baseDomain}" =
let
mkWebfinger = account:
pkgs.writeTextDir (lib.escapeURL "acct:${account}") (lib.generators.toJSON {} {
subject = "acct:${account}";
links = [{
rel = "http://openid.net/specs/connect/1.0/issuer";
href = "https://${gitDomain}";
}];
});
mkWebfinger =
account:
pkgs.writeTextDir (lib.escapeURL "acct:${account}") (
lib.generators.toJSON { } {
subject = "acct:${account}";
links = [
{
rel = "http://openid.net/specs/connect/1.0/issuer";
href = "https://${gitDomain}";
}
];
}
);
webfingerRoot = pkgs.symlinkJoin {
name = "${gitDomain}-webfinger";
paths = builtins.map mkWebfinger conf.webfingerAccounts;
};
in
lib.mkIf conf.webfingerEnable {
forceSSL = true;
useACMEHost = conf.baseDomain;
lib.mkIf conf.webfingerEnable {
forceSSL = true;
useACMEHost = conf.baseDomain;
locations."/.well-known/webfinger" = {
root = webfingerRoot;
locations."/.well-known/webfinger" = {
root = webfingerRoot;
extraConfig = ''
add_header Access-Control-Allow-Origin "*";
default_type "application/jrd+json";
types { application/jrd+json json; }
if ($arg_resource) {
rewrite ^(.*)$ /$arg_resource break;
}
return 400;
'';
};
extraConfig = ''
add_header Access-Control-Allow-Origin "*";
default_type "application/jrd+json";
types { application/jrd+json json; }
if ($arg_resource) {
rewrite ^(.*)$ /$arg_resource break;
}
return 400;
'';
};
};
virtualHosts."${gitDomain}" = {
forceSSL = true;