Compare commits
No commits in common. "9cecd28e9aee1ea9320c24ba11a866a9495f385b" and "3841eb663f0ca53422ff920f0a2bb071caabfbc5" have entirely different histories.
9cecd28e9a
...
3841eb663f
7 changed files with 64 additions and 92 deletions
|
@ -2,9 +2,8 @@
|
||||||
description = "Lyns flake";
|
description = "Lyns flake";
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05";
|
||||||
sops-nix.url = "github:Mic92/sops-nix";
|
|
||||||
};
|
};
|
||||||
outputs = { self, nixpkgs, sops-nix }@inputs: {
|
outputs = { self, nixpkgs }@inputs: {
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
"forgejo" = nixpkgs.lib.nixosSystem {
|
"forgejo" = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
@ -13,7 +12,6 @@
|
||||||
# old configuration file can still take effect.
|
# old configuration file can still take effect.
|
||||||
# Note: configuration.nix itself is also a Nixpkgs Module,
|
# Note: configuration.nix itself is also a Nixpkgs Module,
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
sops-nix.nixosModules.sops
|
|
||||||
];
|
];
|
||||||
specialArgs = {
|
specialArgs = {
|
||||||
inherit inputs;
|
inherit inputs;
|
||||||
|
|
|
@ -1,12 +1,16 @@
|
||||||
{ config, pkgs, lib, inputs, ... }: with lib.meta; {
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page
|
||||||
|
# and in the NixOS manual (accessible by running `nixos-help`).
|
||||||
|
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
# comment in backup.nix for borgbackuping forgejo
|
||||||
|
#./backup.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# will this work?
|
|
||||||
users.lyn.enable = true;
|
|
||||||
services.forgejo.enable = true;
|
|
||||||
# Write path for borgbackup repos for backup.nix
|
# Write path for borgbackup repos for backup.nix
|
||||||
_module.args.borgrepolistfile = ./borgrepos;
|
_module.args.borgrepolistfile = ./borgrepos;
|
||||||
|
|
||||||
|
@ -25,6 +29,16 @@
|
||||||
# Set your time zone.
|
# Set your time zone.
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
|
users.users.lyn = {
|
||||||
|
isNormalUser = true;
|
||||||
|
extraGroups = [ "wheel"];
|
||||||
|
openssh.authorizedKeys.keys = [
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC7NUaBJOYgMnT2uUUUSB7gKaqqbgxXDghBkRqSGuZrAZzZYHlHH7nM6Re7+yOYMSoJGLaB4iaUDLSBBnyA6pLI= nixos_gitea@secretive.MacBook-Pro-(2).local"
|
||||||
|
];
|
||||||
|
packages = with pkgs; [
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
# List packages installed in system profile. To search, run:
|
# List packages installed in system profile. To search, run:
|
||||||
# $ nix search wget
|
# $ nix search wget
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
@ -34,6 +48,9 @@
|
||||||
curl
|
curl
|
||||||
htop
|
htop
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Enable the OpenSSH daemon.
|
# Enable the OpenSSH daemon.
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
|
@ -45,6 +62,44 @@
|
||||||
};
|
};
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
};
|
};
|
||||||
|
#Forgejo
|
||||||
|
services.forgejo = {
|
||||||
|
enable = true;
|
||||||
|
settings.server = {
|
||||||
|
ROOT_URL = "https://git.shibe.pro";
|
||||||
|
DOMAIN = "git.shibe.pro";
|
||||||
|
HTTP_PORT = 48540;
|
||||||
|
OFFLINE_MODE = true; # disable gravatar, CDN
|
||||||
|
};
|
||||||
|
settings.actions = {
|
||||||
|
ENABLED = true;
|
||||||
|
};
|
||||||
|
settings."repository.upload" = {
|
||||||
|
FILE_MAX_SIZE = 4095;
|
||||||
|
MAX_FILES = 20;
|
||||||
|
};
|
||||||
|
settings."attachment" = {
|
||||||
|
MAX_SIZE = 4095;
|
||||||
|
MAX_FILES = 20;
|
||||||
|
};
|
||||||
|
|
||||||
|
settings.service = {
|
||||||
|
DISABLE_REGISTRATION = true;
|
||||||
|
DEFAULT_KEEP_EMAIL_PRIVATE = true;
|
||||||
|
};
|
||||||
|
database = {
|
||||||
|
user = "forgejo";
|
||||||
|
passwordFile = "/etc/nixos/forgejo-dbpassword";
|
||||||
|
name = "forgejodb";
|
||||||
|
type = "mysql";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
# Allow forgejo user to adjust authorized_keys dynamically
|
||||||
|
services.openssh.extraConfig = ''
|
||||||
|
Match User forgejo
|
||||||
|
AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys
|
||||||
|
'';
|
||||||
|
|
||||||
#enable qemu-guestagent
|
#enable qemu-guestagent
|
||||||
services.qemuGuest.enable = true;
|
services.qemuGuest.enable = true;
|
||||||
|
@ -54,7 +109,9 @@
|
||||||
# Firewall stuff:
|
# Firewall stuff:
|
||||||
networking.firewall.enable = true;
|
networking.firewall.enable = true;
|
||||||
networking.firewall.allowPing = true;
|
networking.firewall.allowPing = true;
|
||||||
|
|
||||||
|
# Open ports in the firewall.
|
||||||
|
networking.firewall.allowedTCPPorts = [48540 ];
|
||||||
# networking.firewall.allowedUDPPorts = [ ... ];
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
||||||
# Or disable the firewall altogether.
|
# Or disable the firewall altogether.
|
||||||
# networking.firewall.enable = false;
|
# networking.firewall.enable = false;
|
||||||
|
|
|
@ -1,8 +0,0 @@
|
||||||
{lib, config, ...}: {
|
|
||||||
lib.meta.enable = list: lib.genAttrs
|
|
||||||
list
|
|
||||||
(name:
|
|
||||||
${name}.enable = true;
|
|
||||||
)
|
|
||||||
;
|
|
||||||
}
|
|
|
@ -1,23 +0,0 @@
|
||||||
{lib, config, ...}: {
|
|
||||||
lib.mkLocalModule = pathInterpolation: optDesc: config: let
|
|
||||||
#example_input = ./some/subdir/MARKER/a/b/c/d/e/f/g;
|
|
||||||
marker = "local-modules";
|
|
||||||
splitAfterMarker = marker: input: builtins.foldl' (acc: new:
|
|
||||||
if acc == false then # marker not found yet
|
|
||||||
if new == marker then [] else acc
|
|
||||||
else # marker found
|
|
||||||
if builtins.typeOf new == "string"
|
|
||||||
then acc ++ [new]
|
|
||||||
else acc
|
|
||||||
) false (builtins.split "/" (builtins.toString input));
|
|
||||||
path = splitAfterMarker marker pathInterpolation;
|
|
||||||
inputs = {
|
|
||||||
#optDesc = "enable this";
|
|
||||||
inherit optDesc: config;
|
|
||||||
};
|
|
||||||
mod = {config, ...}: {
|
|
||||||
options = lib.setAttrsByPath path (lib.mkEnableOption inputs.optDesc);
|
|
||||||
config = lib.mkIf (lib.getAttrByPath path config) inputs.config;
|
|
||||||
};
|
|
||||||
in mod;
|
|
||||||
}
|
|
|
@ -1,41 +0,0 @@
|
||||||
{pkgs, lib, config}:
|
|
||||||
with lib with builtins; {
|
|
||||||
services.forgejo = {
|
|
||||||
enable = true;
|
|
||||||
settings.server = {
|
|
||||||
ROOT_URL = "https://git.shibe.pro";
|
|
||||||
DOMAIN = "git.shibe.pro";
|
|
||||||
HTTP_PORT = 48540;
|
|
||||||
OFFLINE_MODE = true; # disable gravatar, CDN
|
|
||||||
};
|
|
||||||
settings.actions = {
|
|
||||||
ENABLED = true;
|
|
||||||
};
|
|
||||||
settings."repository.upload" = {
|
|
||||||
FILE_MAX_SIZE = 4095;
|
|
||||||
MAX_FILES = 20;
|
|
||||||
};
|
|
||||||
settings."attachment" = {
|
|
||||||
MAX_SIZE = 4095;
|
|
||||||
MAX_FILES = 20;
|
|
||||||
};
|
|
||||||
|
|
||||||
settings.service = {
|
|
||||||
DISABLE_REGISTRATION = true;
|
|
||||||
DEFAULT_KEEP_EMAIL_PRIVATE = true;
|
|
||||||
};
|
|
||||||
database = {
|
|
||||||
user = "forgejo";
|
|
||||||
passwordFile = "/etc/nixos/forgejo-dbpassword";
|
|
||||||
name = "forgejodb";
|
|
||||||
type = "mysql";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Allow forgejo user to adjust authorized_keys dynamically
|
|
||||||
services.openssh.extraConfig = ''
|
|
||||||
Match User forgejo
|
|
||||||
AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys
|
|
||||||
'';
|
|
||||||
networking.firewall.allowedTCPPorts = [48540];
|
|
||||||
}
|
|
|
@ -1,8 +0,0 @@
|
||||||
{lib, config, ...}:{
|
|
||||||
users.users.lyn = {
|
|
||||||
isNormalUser = true;
|
|
||||||
extraGroups = [ "wheel"];
|
|
||||||
packages = with pkgs; [
|
|
||||||
];
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,3 +0,0 @@
|
||||||
{lib, config, ...}: lib.mkLocalModule ./. "Lyn SSH user config" {
|
|
||||||
users.users.lyn.openssh.authorizedKeys.keys = ["ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC7NUaBJOYgMnT2uUUUSB7gKaqqbgxXDghBkRqSGuZrAZzZYHlHH7nM6Re7+yOYMSoJGLaB4iaUDLSBBnyA6pLI= nixos_gitea@secretive.MacBook-Pro-(2).local"];
|
|
||||||
}
|
|
Loading…
Reference in a new issue