flake.nix

@@ -2,9 +2,8 @@
   description = "Lyns flake";
   inputs = {
     nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
-    sops-nix.url = "github:Mic92/sops-nix";
   };
-  outputs = { self, nixpkgs, sops-nix }@inputs: {
+  outputs = { self, nixpkgs }@inputs: {
   nixosConfigurations = {
     "forgejo" = nixpkgs.lib.nixosSystem {
         system = "x86_64-linux";
@@ -13,7 +12,6 @@
           # old configuration file can still take effect.
           # Note: configuration.nix itself is also a Nixpkgs Module,
           ./configuration.nix
-          sops-nix.nixosModules.sops
         ];
 	specialArgs = { 
 		inherit inputs;

hosts/forgenite/default.nix

@@ -1,12 +1,16 @@
-{ config, pkgs, lib, inputs, ... }: with lib.meta; {
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running `nixos-help`).
+
+{ config, pkgs, ... }:
+
+{
   imports =
     [
       ./hardware-configuration.nix
+      # comment in backup.nix for borgbackuping forgejo 
+      #./backup.nix
     ];
-
-  # will this work?
-  users.lyn.enable = true;
-  services.forgejo.enable = true;
   # Write path for borgbackup repos for backup.nix
   _module.args.borgrepolistfile = ./borgrepos;
 
@@ -25,6 +29,16 @@
   # Set your time zone.
   time.timeZone = "Europe/Berlin";
 
+  users.users.lyn = {
+    	isNormalUser = true;
+   	extraGroups = [ "wheel"];
+    	openssh.authorizedKeys.keys = [
+		"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC7NUaBJOYgMnT2uUUUSB7gKaqqbgxXDghBkRqSGuZrAZzZYHlHH7nM6Re7+yOYMSoJGLaB4iaUDLSBBnyA6pLI= nixos_gitea@secretive.MacBook-Pro-(2).local"
+	];
+	packages = with pkgs; [
+    ];
+};
+
   # List packages installed in system profile. To search, run:
   # $ nix search wget
   environment.systemPackages = with pkgs; [
@@ -35,6 +49,9 @@
     htop
   ];
   
+ 
+
+
   # Enable the OpenSSH daemon.
   services.openssh = {
 	enable = true;
@@ -45,6 +62,44 @@
 	};
 	openFirewall = true;
   };
+  #Forgejo
+  services.forgejo = {
+    enable = true;
+    settings.server = {
+      ROOT_URL = "https://git.shibe.pro";
+      DOMAIN = "git.shibe.pro";
+      HTTP_PORT = 48540;
+      OFFLINE_MODE = true; # disable gravatar, CDN
+    };
+    settings.actions = {
+       ENABLED = true;
+    };
+    settings."repository.upload" = {
+	FILE_MAX_SIZE = 4095;
+	MAX_FILES = 20;
+    };
+    settings."attachment" = {
+        MAX_SIZE = 4095;
+        MAX_FILES = 20;
+    };
+
+    settings.service = {
+	DISABLE_REGISTRATION = true;
+	DEFAULT_KEEP_EMAIL_PRIVATE = true;
+    };
+    database = {
+      user = "forgejo";
+      passwordFile = "/etc/nixos/forgejo-dbpassword";
+      name = "forgejodb";
+      type = "mysql";
+    };
+  };
+
+  # Allow forgejo user to adjust authorized_keys dynamically
+  services.openssh.extraConfig = ''
+    Match User forgejo
+      AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys
+  '';
 
   #enable qemu-guestagent
   services.qemuGuest.enable = true;
@@ -55,6 +110,8 @@
   networking.firewall.enable = true;
   networking.firewall.allowPing = true;
  
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [48540 ];
   # networking.firewall.allowedUDPPorts = [ ... ];
   # Or disable the firewall altogether.
   # networking.firewall.enable = false;

meta/enable.nix

@@ -1,8 +0,0 @@
-{lib, config, ...}: {
-    lib.meta.enable = list: lib.genAttrs 
-	list 
-	(name: 
-	    ${name}.enable = true;
-	)
-    ;
-}

meta/mkLocalModule.nix

@@ -1,23 +0,0 @@
-{lib, config, ...}: {
-    lib.mkLocalModule = pathInterpolation: optDesc: config: let 
-    #example_input = ./some/subdir/MARKER/a/b/c/d/e/f/g;
-    marker = "local-modules";
-    splitAfterMarker = marker: input: builtins.foldl' (acc: new:
-      if acc == false then # marker not found yet
-        if new == marker then [] else acc
-      else # marker found
-        if builtins.typeOf new == "string" 
-          then acc ++ [new]
-          else acc
-    ) false (builtins.split "/" (builtins.toString input));
-    path = splitAfterMarker marker pathInterpolation;
-    inputs = {
-      #optDesc = "enable this";
-      inherit optDesc: config;
-    };
-    mod = {config, ...}: {
-      options = lib.setAttrsByPath path (lib.mkEnableOption inputs.optDesc);
-      config = lib.mkIf (lib.getAttrByPath path config) inputs.config;
-    };
-  in mod;
-}

services/forgejo.nix

@@ -1,41 +0,0 @@
-{pkgs, lib, config}:
-with lib with builtins; {
-  services.forgejo = {
-    enable = true;
-    settings.server = {
-      ROOT_URL = "https://git.shibe.pro";
-      DOMAIN = "git.shibe.pro";
-      HTTP_PORT = 48540;
-      OFFLINE_MODE = true; # disable gravatar, CDN
-    };
-    settings.actions = {
-       ENABLED = true;
-    };
-    settings."repository.upload" = {
-	FILE_MAX_SIZE = 4095;
-	MAX_FILES = 20;
-    };
-    settings."attachment" = {
-        MAX_SIZE = 4095;
-        MAX_FILES = 20;
-    };
-
-    settings.service = {
-	DISABLE_REGISTRATION = true;
-	DEFAULT_KEEP_EMAIL_PRIVATE = true;
-    };
-    database = {
-      user = "forgejo";
-      passwordFile = "/etc/nixos/forgejo-dbpassword";
-      name = "forgejodb";
-      type = "mysql";
-    };
-  };
-
-  # Allow forgejo user to adjust authorized_keys dynamically
-  services.openssh.extraConfig = ''
-    Match User forgejo
-      AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys
-  '';
-  networking.firewall.allowedTCPPorts = [48540];
-}

users/lyn/default.nix

@@ -1,8 +0,0 @@
-{lib, config, ...}:{
-    users.users.lyn = {
-    isNormalUser = true;
-   	extraGroups = [ "wheel"];
-	  packages = with pkgs; [
-    ];
-}
-}

users/lyn/ssh.nix

@@ -1,3 +0,0 @@
-{lib, config, ...}: lib.mkLocalModule ./. "Lyn SSH user config" {
-    users.users.lyn.openssh.authorizedKeys.keys = ["ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC7NUaBJOYgMnT2uUUUSB7gKaqqbgxXDghBkRqSGuZrAZzZYHlHH7nM6Re7+yOYMSoJGLaB4iaUDLSBBnyA6pLI= nixos_gitea@secretive.MacBook-Pro-(2).local"];
-}