commit 6093a0e27a9d82539864151ca25d24a71136294b
Author: Hannes <hannesvolkmann@icloud.com>
Date:   Fri Aug 30 23:04:47 2024 +0200

    initial commit featuring my forgejo server for the start

diff --git a/configuration.nix b/configuration.nix
new file mode 100644
index 0000000..d1f1fb0
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,142 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running `nixos-help`).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+      # comment in backup.nix for borgbackuping forgejo 
+      #./backup.nix
+    ];
+  # Write path for borgbackup repos for backup.nix
+  _module.args.borgrepolistfile = ./borgrepos;
+
+  # Enable Flakes and the new command-line tool
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+  # Set default editor to vim
+  environment.variables.EDITOR = "vim";
+  # Use UEFI
+  boot.loader.systemd-boot.enable = true;
+
+  # Use the GRUB 2 boot loader.
+  #boot.loader.grub.enable = true;
+  #boot.loader.grub.device = "/dev/sda";
+
+  networking.hostName = "forgejo"; # Define your hostname.
+  # Set your time zone.
+  time.timeZone = "Europe/Berlin";
+
+  users.users.lyn = {
+    	isNormalUser = true;
+   	extraGroups = [ "wheel"];
+    	openssh.authorizedKeys.keys = [
+		"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC7NUaBJOYgMnT2uUUUSB7gKaqqbgxXDghBkRqSGuZrAZzZYHlHH7nM6Re7+yOYMSoJGLaB4iaUDLSBBnyA6pLI= nixos_gitea@secretive.MacBook-Pro-(2).local"
+	];
+	packages = with pkgs; [
+    ];
+};
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  environment.systemPackages = with pkgs; [
+    git
+    vim 
+    wget
+    curl
+    htop
+  ];
+  
+ 
+
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+	enable = true;
+	settings = {
+		X11Forwarding = true;
+		PermitRootLogin = "no";
+		PasswordAuthentication = false;
+	};
+	openFirewall = true;
+  };
+  #Forgejo
+  services.forgejo = {
+    enable = true;
+    settings.server = {
+      ROOT_URL = "https://git.shibe.pro";
+      DOMAIN = "git.shibe.pro";
+      HTTP_PORT = 48540;
+      OFFLINE_MODE = true; # disable gravatar, CDN
+    };
+    settings.actions = {
+       ENABLED = true;
+    };
+    settings."repository.upload" = {
+	FILE_MAX_SIZE = 4095;
+	MAX_FILES = 20;
+    };
+    settings."attachment" = {
+        MAX_SIZE = 4095;
+        MAX_FILES = 20;
+    };
+
+    settings.service = {
+	DISABLE_REGISTRATION = true;
+	DEFAULT_KEEP_EMAIL_PRIVATE = true;
+    };
+    database = {
+      user = "forgejo";
+      passwordFile = "/etc/nixos/forgejo-dbpassword";
+      name = "forgejodb";
+      type = "mysql";
+    };
+  };
+
+  # Allow forgejo user to adjust authorized_keys dynamically
+  services.openssh.extraConfig = ''
+    Match User forgejo
+      AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys
+  '';
+
+  #enable qemu-guestagent
+  services.qemuGuest.enable = true;
+  # Disable password checking for wheel group users so we can solely rely on ssh keys
+  security.sudo.wheelNeedsPassword = false;
+
+  # Firewall stuff:
+  networking.firewall.enable = true;
+  networking.firewall.allowPing = true;
+ 
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [48540 ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;
+
+  # Copy the NixOS configuration file and link it from the resulting system
+  # (/run/current-system/configuration.nix). This is useful in case you
+  # accidentally delete configuration.nix.
+  # system.copySystemConfiguration = true;
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It's perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "24.05"; # Did you read the comment?
+ 
+  system.autoUpgrade = {
+	enable = true;
+	allowReboot = true;
+  };
+nix.gc = {
+    automatic = true;
+    persistent = true;
+    options = "--delete-older-than 8d";
+  };
+}
+
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..7ced256
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,23 @@
+{
+  description = "Lyns flake";
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
+  };
+  outputs = { self, nixpkgs }@inputs: {
+  nixosConfigurations = {
+    "forgejo" = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+	modules = [
+          # Import the configuration.nix here, so that the
+          # old configuration file can still take effect.
+          # Note: configuration.nix itself is also a Nixpkgs Module,
+          ./configuration.nix
+        ];
+	specialArgs = { 
+		inherit inputs;
+		flake = self;
+	};
+    };
+  };
+};
+}
diff --git a/forgenite/hardware-configuration.nix b/forgenite/hardware-configuration.nix
new file mode 100644
index 0000000..077f043
--- /dev/null
+++ b/forgenite/hardware-configuration.nix
@@ -0,0 +1,38 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/c02b5921-2932-4050-9789-40d62ad77af8";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/019D-9B08";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/a03ad96f-5ac0-44e9-9bd0-b58d799d51c4"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp6s18.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}