From 9cecd28e9aee1ea9320c24ba11a866a9495f385b Mon Sep 17 00:00:00 2001
From: Lyn <lynatic@noreply.git.shibe.pro>
Date: Sun, 1 Sep 2024 00:06:13 +0200
Subject: [PATCH] restructure

---
 hosts/forgenite/default.nix | 69 ++++---------------------------------
 meta/enable.nix             |  8 +++++
 meta/mkLocalModule.nix      | 23 +++++++++++++
 services/forgejo.nix        | 41 ++++++++++++++++++++++
 users/lyn/default.nix       |  8 +++++
 users/lyn/ssh.nix           |  3 ++
 6 files changed, 89 insertions(+), 63 deletions(-)
 create mode 100644 meta/enable.nix
 create mode 100644 meta/mkLocalModule.nix
 create mode 100644 services/forgejo.nix
 create mode 100644 users/lyn/default.nix
 create mode 100644 users/lyn/ssh.nix

diff --git a/hosts/forgenite/default.nix b/hosts/forgenite/default.nix
index d1f1fb0..22e2ff9 100644
--- a/hosts/forgenite/default.nix
+++ b/hosts/forgenite/default.nix
@@ -1,16 +1,12 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running `nixos-help`).
-
-{ config, pkgs, ... }:
-
-{
+{ config, pkgs, lib, inputs, ... }: with lib.meta; {
   imports =
     [
       ./hardware-configuration.nix
-      # comment in backup.nix for borgbackuping forgejo 
-      #./backup.nix
     ];
+
+  # will this work?
+  users.lyn.enable = true;
+  services.forgejo.enable = true;
   # Write path for borgbackup repos for backup.nix
   _module.args.borgrepolistfile = ./borgrepos;
 
@@ -29,16 +25,6 @@
   # Set your time zone.
   time.timeZone = "Europe/Berlin";
 
-  users.users.lyn = {
-    	isNormalUser = true;
-   	extraGroups = [ "wheel"];
-    	openssh.authorizedKeys.keys = [
-		"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC7NUaBJOYgMnT2uUUUSB7gKaqqbgxXDghBkRqSGuZrAZzZYHlHH7nM6Re7+yOYMSoJGLaB4iaUDLSBBnyA6pLI= nixos_gitea@secretive.MacBook-Pro-(2).local"
-	];
-	packages = with pkgs; [
-    ];
-};
-
   # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
@@ -48,9 +34,6 @@
     curl
     htop
   ];
-  
- 
-
 
   # Enable the OpenSSH daemon.
   services.openssh = {
@@ -62,44 +45,6 @@
 	};
 	openFirewall = true;
   };
-  #Forgejo
-  services.forgejo = {
-    enable = true;
-    settings.server = {
-      ROOT_URL = "https://git.shibe.pro";
-      DOMAIN = "git.shibe.pro";
-      HTTP_PORT = 48540;
-      OFFLINE_MODE = true; # disable gravatar, CDN
-    };
-    settings.actions = {
-       ENABLED = true;
-    };
-    settings."repository.upload" = {
-	FILE_MAX_SIZE = 4095;
-	MAX_FILES = 20;
-    };
-    settings."attachment" = {
-        MAX_SIZE = 4095;
-        MAX_FILES = 20;
-    };
-
-    settings.service = {
-	DISABLE_REGISTRATION = true;
-	DEFAULT_KEEP_EMAIL_PRIVATE = true;
-    };
-    database = {
-      user = "forgejo";
-      passwordFile = "/etc/nixos/forgejo-dbpassword";
-      name = "forgejodb";
-      type = "mysql";
-    };
-  };
-
-  # Allow forgejo user to adjust authorized_keys dynamically
-  services.openssh.extraConfig = ''
-    Match User forgejo
-      AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys
-  '';
 
   #enable qemu-guestagent
   services.qemuGuest.enable = true;
@@ -109,9 +54,7 @@
   # Firewall stuff:
   networking.firewall.enable = true;
   networking.firewall.allowPing = true;
- 
-  # Open ports in the firewall.
-  networking.firewall.allowedTCPPorts = [48540 ];
+
   # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;
diff --git a/meta/enable.nix b/meta/enable.nix
new file mode 100644
index 0000000..0f129b0
--- /dev/null
+++ b/meta/enable.nix
@@ -0,0 +1,8 @@
+{lib, config, ...}: {
+    lib.meta.enable = list: lib.genAttrs 
+	list 
+	(name: 
+	    ${name}.enable = true;
+	)
+    ;
+}
diff --git a/meta/mkLocalModule.nix b/meta/mkLocalModule.nix
new file mode 100644
index 0000000..b2171d9
--- /dev/null
+++ b/meta/mkLocalModule.nix
@@ -0,0 +1,23 @@
+{lib, config, ...}: {
+    lib.mkLocalModule = pathInterpolation: optDesc: config: let 
+    #example_input = ./some/subdir/MARKER/a/b/c/d/e/f/g;
+    marker = "local-modules";
+    splitAfterMarker = marker: input: builtins.foldl' (acc: new:
+      if acc == false then # marker not found yet
+        if new == marker then [] else acc
+      else # marker found
+        if builtins.typeOf new == "string" 
+          then acc ++ [new]
+          else acc
+    ) false (builtins.split "/" (builtins.toString input));
+    path = splitAfterMarker marker pathInterpolation;
+    inputs = {
+      #optDesc = "enable this";
+      inherit optDesc: config;
+    };
+    mod = {config, ...}: {
+      options = lib.setAttrsByPath path (lib.mkEnableOption inputs.optDesc);
+      config = lib.mkIf (lib.getAttrByPath path config) inputs.config;
+    };
+  in mod;
+}
diff --git a/services/forgejo.nix b/services/forgejo.nix
new file mode 100644
index 0000000..2adf26e
--- /dev/null
+++ b/services/forgejo.nix
@@ -0,0 +1,41 @@
+{pkgs, lib, config}:
+with lib with builtins; {
+  services.forgejo = {
+    enable = true;
+    settings.server = {
+      ROOT_URL = "https://git.shibe.pro";
+      DOMAIN = "git.shibe.pro";
+      HTTP_PORT = 48540;
+      OFFLINE_MODE = true; # disable gravatar, CDN
+    };
+    settings.actions = {
+       ENABLED = true;
+    };
+    settings."repository.upload" = {
+	FILE_MAX_SIZE = 4095;
+	MAX_FILES = 20;
+    };
+    settings."attachment" = {
+        MAX_SIZE = 4095;
+        MAX_FILES = 20;
+    };
+
+    settings.service = {
+	DISABLE_REGISTRATION = true;
+	DEFAULT_KEEP_EMAIL_PRIVATE = true;
+    };
+    database = {
+      user = "forgejo";
+      passwordFile = "/etc/nixos/forgejo-dbpassword";
+      name = "forgejodb";
+      type = "mysql";
+    };
+  };
+
+  # Allow forgejo user to adjust authorized_keys dynamically
+  services.openssh.extraConfig = ''
+    Match User forgejo
+      AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys
+  '';
+  networking.firewall.allowedTCPPorts = [48540];
+}
\ No newline at end of file
diff --git a/users/lyn/default.nix b/users/lyn/default.nix
new file mode 100644
index 0000000..fe21ce0
--- /dev/null
+++ b/users/lyn/default.nix
@@ -0,0 +1,8 @@
+{lib, config, ...}:{
+    users.users.lyn = {
+    isNormalUser = true;
+   	extraGroups = [ "wheel"];
+	  packages = with pkgs; [
+    ];
+}
+}
\ No newline at end of file
diff --git a/users/lyn/ssh.nix b/users/lyn/ssh.nix
new file mode 100644
index 0000000..80ac56f
--- /dev/null
+++ b/users/lyn/ssh.nix
@@ -0,0 +1,3 @@
+{lib, config, ...}: lib.mkLocalModule ./. "Lyn SSH user config" {
+    users.users.lyn.openssh.authorizedKeys.keys = ["ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC7NUaBJOYgMnT2uUUUSB7gKaqqbgxXDghBkRqSGuZrAZzZYHlHH7nM6Re7+yOYMSoJGLaB4iaUDLSBBnyA6pLI= nixos_gitea@secretive.MacBook-Pro-(2).local"];
+}
\ No newline at end of file