Compare commits

...

2 commits

Author SHA1 Message Date
Lyn
9cecd28e9a restructure 2024-09-01 00:06:13 +02:00
Lyn
a597470f2b add soaps support to flake 2024-08-31 00:23:59 +02:00
7 changed files with 92 additions and 64 deletions

View file

@ -2,8 +2,9 @@
description = "Lyns flake";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
sops-nix.url = "github:Mic92/sops-nix";
};
outputs = { self, nixpkgs }@inputs: {
outputs = { self, nixpkgs, sops-nix }@inputs: {
nixosConfigurations = {
"forgejo" = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
@ -12,6 +13,7 @@
# old configuration file can still take effect.
# Note: configuration.nix itself is also a Nixpkgs Module,
./configuration.nix
sops-nix.nixosModules.sops
];
specialArgs = {
inherit inputs;

View file

@ -1,16 +1,12 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, ... }:
{
{ config, pkgs, lib, inputs, ... }: with lib.meta; {
imports =
[
./hardware-configuration.nix
# comment in backup.nix for borgbackuping forgejo
#./backup.nix
];
# will this work?
users.lyn.enable = true;
services.forgejo.enable = true;
# Write path for borgbackup repos for backup.nix
_module.args.borgrepolistfile = ./borgrepos;
@ -29,16 +25,6 @@
# Set your time zone.
time.timeZone = "Europe/Berlin";
users.users.lyn = {
isNormalUser = true;
extraGroups = [ "wheel"];
openssh.authorizedKeys.keys = [
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC7NUaBJOYgMnT2uUUUSB7gKaqqbgxXDghBkRqSGuZrAZzZYHlHH7nM6Re7+yOYMSoJGLaB4iaUDLSBBnyA6pLI= nixos_gitea@secretive.MacBook-Pro-(2).local"
];
packages = with pkgs; [
];
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
@ -48,9 +34,6 @@
curl
htop
];
# Enable the OpenSSH daemon.
services.openssh = {
@ -62,44 +45,6 @@
};
openFirewall = true;
};
#Forgejo
services.forgejo = {
enable = true;
settings.server = {
ROOT_URL = "https://git.shibe.pro";
DOMAIN = "git.shibe.pro";
HTTP_PORT = 48540;
OFFLINE_MODE = true; # disable gravatar, CDN
};
settings.actions = {
ENABLED = true;
};
settings."repository.upload" = {
FILE_MAX_SIZE = 4095;
MAX_FILES = 20;
};
settings."attachment" = {
MAX_SIZE = 4095;
MAX_FILES = 20;
};
settings.service = {
DISABLE_REGISTRATION = true;
DEFAULT_KEEP_EMAIL_PRIVATE = true;
};
database = {
user = "forgejo";
passwordFile = "/etc/nixos/forgejo-dbpassword";
name = "forgejodb";
type = "mysql";
};
};
# Allow forgejo user to adjust authorized_keys dynamically
services.openssh.extraConfig = ''
Match User forgejo
AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys
'';
#enable qemu-guestagent
services.qemuGuest.enable = true;
@ -109,9 +54,7 @@
# Firewall stuff:
networking.firewall.enable = true;
networking.firewall.allowPing = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [48540 ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;

8
meta/enable.nix Normal file
View file

@ -0,0 +1,8 @@
{lib, config, ...}: {
lib.meta.enable = list: lib.genAttrs
list
(name:
${name}.enable = true;
)
;
}

23
meta/mkLocalModule.nix Normal file
View file

@ -0,0 +1,23 @@
{lib, config, ...}: {
lib.mkLocalModule = pathInterpolation: optDesc: config: let
#example_input = ./some/subdir/MARKER/a/b/c/d/e/f/g;
marker = "local-modules";
splitAfterMarker = marker: input: builtins.foldl' (acc: new:
if acc == false then # marker not found yet
if new == marker then [] else acc
else # marker found
if builtins.typeOf new == "string"
then acc ++ [new]
else acc
) false (builtins.split "/" (builtins.toString input));
path = splitAfterMarker marker pathInterpolation;
inputs = {
#optDesc = "enable this";
inherit optDesc: config;
};
mod = {config, ...}: {
options = lib.setAttrsByPath path (lib.mkEnableOption inputs.optDesc);
config = lib.mkIf (lib.getAttrByPath path config) inputs.config;
};
in mod;
}

41
services/forgejo.nix Normal file
View file

@ -0,0 +1,41 @@
{pkgs, lib, config}:
with lib with builtins; {
services.forgejo = {
enable = true;
settings.server = {
ROOT_URL = "https://git.shibe.pro";
DOMAIN = "git.shibe.pro";
HTTP_PORT = 48540;
OFFLINE_MODE = true; # disable gravatar, CDN
};
settings.actions = {
ENABLED = true;
};
settings."repository.upload" = {
FILE_MAX_SIZE = 4095;
MAX_FILES = 20;
};
settings."attachment" = {
MAX_SIZE = 4095;
MAX_FILES = 20;
};
settings.service = {
DISABLE_REGISTRATION = true;
DEFAULT_KEEP_EMAIL_PRIVATE = true;
};
database = {
user = "forgejo";
passwordFile = "/etc/nixos/forgejo-dbpassword";
name = "forgejodb";
type = "mysql";
};
};
# Allow forgejo user to adjust authorized_keys dynamically
services.openssh.extraConfig = ''
Match User forgejo
AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys
'';
networking.firewall.allowedTCPPorts = [48540];
}

8
users/lyn/default.nix Normal file
View file

@ -0,0 +1,8 @@
{lib, config, ...}:{
users.users.lyn = {
isNormalUser = true;
extraGroups = [ "wheel"];
packages = with pkgs; [
];
}
}

3
users/lyn/ssh.nix Normal file
View file

@ -0,0 +1,3 @@
{lib, config, ...}: lib.mkLocalModule ./. "Lyn SSH user config" {
users.users.lyn.openssh.authorizedKeys.keys = ["ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC7NUaBJOYgMnT2uUUUSB7gKaqqbgxXDghBkRqSGuZrAZzZYHlHH7nM6Re7+yOYMSoJGLaB4iaUDLSBBnyA6pLI= nixos_gitea@secretive.MacBook-Pro-(2).local"];
}