# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running `nixos-help`). { config, pkgs, ... }: { imports = [ ./hardware-configuration.nix # comment in backup.nix for borgbackuping forgejo ./backup.nix ]; # Write path for borgbackup repos for backup.nix _module.args.borgrepolistfile = ./borgrepos; # Enable Flakes and the new command-line tool nix.settings.experimental-features = [ "nix-command" "flakes" ]; # Set default editor to vim environment.variables.EDITOR = "vim"; # Use UEFI boot.loader.systemd-boot.enable = true; # Use the GRUB 2 boot loader. #boot.loader.grub.enable = true; #boot.loader.grub.device = "/dev/sda"; networking.hostName = "forgejo"; # Define your hostname. # Set your time zone. time.timeZone = "Europe/Berlin"; users.users.lyn = { isNormalUser = true; extraGroups = [ "wheel"]; openssh.authorizedKeys.keys = [ "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBC7NUaBJOYgMnT2uUUUSB7gKaqqbgxXDghBkRqSGuZrAZzZYHlHH7nM6Re7+yOYMSoJGLaB4iaUDLSBBnyA6pLI= nixos_gitea@secretive.MacBook-Pro-(2).local" ]; packages = with pkgs; [ ]; }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ git vim wget curl htop ]; # Enable the OpenSSH daemon. services.openssh = { enable = true; settings = { X11Forwarding = true; PermitRootLogin = "no"; PasswordAuthentication = false; }; openFirewall = true; }; #Forgejo services.forgejo = { enable = true; settings.server = { ROOT_URL = "https://git.shibe.pro"; DOMAIN = "git.shibe.pro"; HTTP_PORT = 48540; OFFLINE_MODE = true; # disable gravatar, CDN }; settings.actions = { ENABLED = true; }; settings."repository.upload" = { FILE_MAX_SIZE = 4095; MAX_FILES = 20; }; settings."attachment" = { MAX_SIZE = 4095; MAX_FILES = 20; }; settings.service = { DISABLE_REGISTRATION = true; DEFAULT_KEEP_EMAIL_PRIVATE = true; }; database = { user = "forgejo"; passwordFile = "/etc/nixos/forgejo-dbpassword"; name = "forgejodb"; type = "mysql"; }; }; # Allow forgejo user to adjust authorized_keys dynamically services.openssh.extraConfig = '' Match User forgejo AuthorizedKeysFile ${config.users.users.forgejo.home}/.ssh/authorized_keys ''; #enable qemu-guestagent services.qemuGuest.enable = true; # Disable password checking for wheel group users so we can solely rely on ssh keys security.sudo.wheelNeedsPassword = false; # Firewall stuff: networking.firewall.enable = true; networking.firewall.allowPing = true; # Open ports in the firewall. networking.firewall.allowedTCPPorts = [48540 ]; # networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. # networking.firewall.enable = false; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. # system.copySystemConfiguration = true; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It's perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "24.05"; # Did you read the comment? system.autoUpgrade = { enable = true; allowReboot = true; }; nix.gc = { automatic = true; persistent = true; options = "--delete-older-than 8d"; }; }