move web services to services and expose web socket for searxng

1 files changed, 60 insertions, 0 deletions

diff --git a/modules/root/services/gitea.nix b/modules/root/services/gitea.nix
new file mode 100644
index 0000000..32c56db
--- /dev/null
+++ b/modules/root/services/gitea.nix
@@ -0,0 +1,60 @@
+{ lib, pkgs, config, userDetails, ... }:
+let
+	cfg = config.gitea;
+in {
+	options = {
+		gitea = {
+			enable = lib.mkEnableOption "enables gitea service";
+			hostAddress = lib.mkOption {
+				type = lib.types.str;
+				description = "hostAddress for the container";
+				default = "10.0.1.1";
+			};
+			localAddress = lib.mkOption {
+				type = lib.types.str;
+				description = "localAddress for the container";
+				default = "10.0.1.3";
+			};
+		};
+	};
+
+	config = lib.mkIf cfg.enable {
+		containers.gitea = {
+			autoStart = true;
+			privateNetwork = true;
+			hostAddress  = cfg.hostAddress;
+			localAddress = cfg.localAddress;
+
+			config = { lib, config, ... }: {
+				# Enable gitea service
+				services.gitea = {
+					enable = true;
+					user = "git";  # So ssh cloning uses git@gitea
+					settings = {
+						server = {
+							HTTP_PORT = 3000;  # Can't set as 80 without root permissions, use 3000 instead
+						};
+					};
+				};
+
+				# Networking, etc.
+				# Redirect 80 to 3000
+				networking.nftables = {
+					enable = true;
+					ruleset = ''
+						table ip nat {
+							chain prerouting {
+								type nat hook prerouting priority 0;
+								tcp dport 80 redirect to :3000
+							}
+						}
+					'';
+				};
+				networking.firewall.allowedTCPPorts = [ 3000 80 22 ];  # Still need to forward 3000 for nftables rule to work
+				networking.hostName = "gitea";
+
+				system.stateVersion = "25.05";
+			};
+		};
+	};
+}