feat: Disable gitea again

2025-08-14 02:26:22 +05:30
parent f1bff496b8
commit 042bf432d8
3 changed files with 15 additions and 13 deletions
--- a/home/programs/default.nix
+++ b/home/programs/default.nix
@@ -2,7 +2,8 @@
  pkgs,
  device,
  ...
-}: {
+}:
+{
  imports = [
    ../../modules
    ./aichat.nix
@@ -17,7 +18,6 @@
    ./fzf.nix
    ./gh.nix
    ./git.nix
-    ./gitea.nix
    ./mpd.nix
    ./ncpamixer.nix
    ./nh.nix
@@ -48,7 +48,8 @@
    # ./template.nix
    # ./zellij.nix
  ];
-  home.packages = with pkgs;
+  home.packages =
+    with pkgs;
    [
      _1password-cli
      alejandra
@@ -84,6 +85,6 @@
      nerd-fonts.hasklug
      nerd-fonts.symbols-only
    ]
-    ++ lib.optionals device.isLinux []
-    ++ lib.optionals device.isDarwin [];
+    ++ lib.optionals device.isLinux [ ]
+    ++ lib.optionals device.isDarwin [ ];
 }
--- a/nixos/mirai/services/default.nix
+++ b/nixos/mirai/services/default.nix
@@ -1,5 +1,4 @@
-{ ... }:
-{
+{...}: {
  imports = [
    ./atuin.nix
    ./authelia.nix
--- a/nixos/mirai/services/gitea.nix
+++ b/nixos/mirai/services/gitea.nix
@@ -20,7 +20,6 @@
      "GITEA_REGISTRATION_TOKEN.env".content = ''
        TOKEN=${config.sops.placeholder."gitea/registration"}
      '';
-
    };
  };
  services = {
@@ -29,6 +28,9 @@
      lfs.enable = true;
      settings = {
        service = {
+          DISABLE_REGISTRATION = false;
+          ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
+          SHOW_REGISTRATION_BUTTON = false;
          ENABLE_REVERSE_PROXY_AUTHENTICATION = true;
          ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true;
        };
@@ -55,7 +57,7 @@
    gitea-actions-runner = {
      instances = {
        mirai = {
-          enable = true;
+          enable = false;
          name = "mirai";
          url = "https://git.darksailor.dev";
          labels = [
@@ -67,7 +69,6 @@
    };
    caddy = {
      virtualHosts."git.darksailor.dev".extraConfig = ''
-        # import auth
        reverse_proxy localhost:3000
      '';
    };
@@ -93,24 +94,25 @@
            oidc = {
              clients = [
                {
-                  client_name = "gitea";
+                  client_name = "Gitea: Darksailor";
                  client_id = "gitea";
                  client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/gitea/client_secret".path}" }}'';
                  public = false;
                  authorization_policy = "one_factor";
                  require_pkce = false;
+                  # pkce_challenge_method = "S256";
                  redirect_uris = [
                    "https://git.darksailor.dev/user/oauth2/authelia/callback"
                  ];
                  scopes = [
                    "openid"
-                    "profile"
                    "email"
+                    "profile"
                  ];
                  response_types = [ "code" ];
                  grant_types = [ "authorization_code" ];
                  userinfo_signed_response_alg = "none";
-                  token_endpoint_auth_method = "client_secret_post";
+                  token_endpoint_auth_method = "client_secret_basic";
                }
              ];
            };