From 30ab1e3e178ce6b5bc065a0494ff9484bf9f5ac7 Mon Sep 17 00:00:00 2001
From: koalasat <koalasat@satstralia.com>
Date: Sun, 16 Feb 2025 11:11:50 +0100
Subject: [PATCH] Include gitea

---
 docker-compose.yml    |  9 +++++++++
 gitea/.gitkeep        |  0
 nginx/conf/nginx.conf | 37 +++++++++++++++++++++++++++++++++++++
 3 files changed, 46 insertions(+)
 create mode 100644 gitea/.gitkeep

diff --git a/docker-compose.yml b/docker-compose.yml
index 383c158..15c9fd0 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -12,6 +12,15 @@ services:
       - /etc/letsencrypt/:/etc/nginx/ssl/:ro
     network_mode: host
     command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
+  gitea:
+    image: docker.io/gitea/gitea:nightly
+    container_name: gitea
+    restart: always
+    network_mode: host
+    volumes:
+      - ./gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
   tor:
     build: ./tor
     restart: always
diff --git a/gitea/.gitkeep b/gitea/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/nginx/conf/nginx.conf b/nginx/conf/nginx.conf
index 3c8aa58..20b2463 100644
--- a/nginx/conf/nginx.conf
+++ b/nginx/conf/nginx.conf
@@ -28,6 +28,22 @@ server {
     }
 }
 
+server {
+    listen 80;
+    listen [::]:80;
+
+    server_name git.robosats.org;
+    server_tokens off;
+
+    location /.well-known/acme-challenge {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://git.robosats.org$request_uri;
+    }
+}
+
 server {
     listen 80;
     listen [::]:80;
@@ -86,6 +102,27 @@ server {
     }
 }
 
+server {
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+
+    server_name git.robosats.org;
+
+    ssl_certificate /etc/nginx/ssl/live/git.robosats.org/fullchain.pem;
+    ssl_certificate_key /etc/nginx/ssl/live/git.robosats.org/privkey.pem;
+
+    location / {
+    	proxy_set_header   X-Real-IP $remote_addr;
+    	proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
+    	proxy_set_header   Host $host;
+    	proxy_pass         http://127.0.0.1:8080;
+    	proxy_http_version 1.1;
+    	proxy_set_header   Upgrade $http_upgrade;
+	    proxy_set_header   Connection "upgrade";
+    }
+}
+
 server {
     listen 443 ssl;
     listen [::]:443 ssl;