From 6bded493359abfa3630f3aade7328ce439c8f733 Mon Sep 17 00:00:00 2001
From: Ryan Yin <xiaoyin_c@qq.com>
Date: Mon, 9 Sep 2024 16:20:24 +0800
Subject: [PATCH] feat: gitea - use scrypt instead of pbkdf_v2

---
 hosts/idols-aquamarine/gitea.nix | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/hosts/idols-aquamarine/gitea.nix b/hosts/idols-aquamarine/gitea.nix
index 91700e8a..12ed7617 100644
--- a/hosts/idols-aquamarine/gitea.nix
+++ b/hosts/idols-aquamarine/gitea.nix
@@ -1,5 +1,4 @@
-{pkgs, ...}: let
-in {
+{pkgs, ...}: {
   # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/misc/gitea.nix
   services.gitea = {
     enable = true;
@@ -32,6 +31,12 @@ in {
       # NOTE: The first registered user will be the administrator,
       # so this parameter should NOT be set before the first user registers!
       service.DISABLE_REGISTRATION = true;
+      # https://docs.gitea.com/administration/config-cheat-sheet#security-security
+      security = {
+        LOGIN_REMEMBER_DAYS = 31;
+        PASSWORD_HASH_ALGO = "scrypt";
+        MIN_PASSWORD_LENGTH = 10;
+      };
 
       # "cron.sync_external_users" = {
       #   RUN_AT_START = true;