From 55bc6030eb147cbe0f8826546bb15fca84ec7a67 Mon Sep 17 00:00:00 2001
From: Dict Xiong <me@beardic.cn>
Date: Wed, 19 Jun 2024 01:09:37 +0800
Subject: [PATCH] feat(g18-next): migrate gitea

---
 flake.lock                       |  6 ++---
 hosts/g18-next/configuration.nix | 45 +++++++++++++++++++++++++++++++-
 2 files changed, 47 insertions(+), 4 deletions(-)

diff --git a/flake.lock b/flake.lock
index 695bab1..16e2aa4 100644
--- a/flake.lock
+++ b/flake.lock
@@ -34,11 +34,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1716715802,
-        "narHash": "sha256-usk0vE7VlxPX8jOavrtpOqphdfqEQpf9lgedlY/r66c=",
+        "lastModified": 1718543737,
+        "narHash": "sha256-e8S/ODM1vkKHIexSVn9nIvne7vRO5M+35VAq/6JOYto=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e2dd4e18cc1c7314e24154331bae07df76eb582f",
+        "rev": "683aa7c4e385509ca651d49eeb35e58c7a1baad6",
         "type": "github"
       },
       "original": {
diff --git a/hosts/g18-next/configuration.nix b/hosts/g18-next/configuration.nix
index e255628..63e13e7 100644
--- a/hosts/g18-next/configuration.nix
+++ b/hosts/g18-next/configuration.nix
@@ -1,5 +1,10 @@
-{ config, lib, pkgs, ... }:
+{ inputs, config, lib, pkgs, ... }:
 
+let
+  unstable = import inputs.nixpkgs-unstable {
+    system = config.nixpkgs.system;
+  };
+in
 {
   imports =
     [
@@ -20,6 +25,7 @@
   boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
   boot.loader.grub.enable = true;
   boot.loader.grub.device = "/dev/vda";
+  # networking
   networking.hostName = lib.mkForce "g18-next";
   networking.hostId = "11f1fad0";
   systemd.network.networks."10-veth0" = {
@@ -39,6 +45,43 @@
       }
     ];
   };
+  networking.firewall.extraCommands = ''
+    iptables -A INPUT -s 192.168.122.1 -j ACCEPT
+  '';
+  # service: gitea
+  services.gitea = {
+    enable = true;
+    package = unstable.gitea;
+    stateDir = "/data0/lib/gitea";
+    database.type = "sqlite3";
+    settings = {
+      server = {
+        SSH_DOMAIN = "nasp.fit";
+        DOMAIN = "git.nasp.fit";
+        HTTP_PORT = 3000;
+        ROOT_URL = "https://git.nasp.fit/";
+        DISABLE_SSH = false;
+        SSH_PORT = 22;
+        OFFLINE_MODE = false;
+        START_SSH_SERVER = true;
+        BUILTIN_SSH_SERVER_USER = "git";
+      };
+      "repository.pull-request" = {
+        DEFAULT_MERGE_STYLE = "squash";
+      };
+      "repository.signing" = {
+        DEFAULT_TRUST_MODEL = "committer";
+      };
+      proxy = {
+        PROXY_ENABLED = true;
+        PROXY_URL = "http://192.168.255.1:20171";
+        PROXY_HOSTS = "github.com";
+      };
+    };
+  };
+  systemd.sockets.gitea.listenStreams = [ "22" ];
+  systemd.services.gitea.requires = [ "gitea.socket" ];
+
 
   system.stateVersion = "24.05";
 }