nixos server with forgejo

2024-02-17 00:35:08 +00:00 · 2024-02-17 00:35:08 +00:00 · b5b763bd40
commit b5b763bd40
parent b1fc9f70e7
2 changed files with 109 additions and 60 deletions
--- a/hardware/alpine.nix
+++ b/hardware/alpine.nix
@ -13,7 +13,7 @@ in {

  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "sd_mod"];
  boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-amd"];
+  boot.kernelModules = [];
  boot.extraModulePackages = [];

  fileSystems."/" = {
@ -21,10 +21,10 @@ in {
    fsType = "ext4";
  };

-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/72d527de-fead-43d5-8f29-e06d2c584a18";
-    fsType = "ext4";
-  };
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/D8AA-8602";
+      fsType = "vfat";
+    };

  fileSystems."/mnt/disk1" = {
    device = "/dev/disk/by-uuid/caba0b6c-00d2-495a-8c04-67ea584f1a63";
@ -46,13 +46,15 @@ in {
    fsType = "ext4";
  };

-  # /etc/fstab
-
-  # /mnt/disk1:/mnt/disk2:/mnt/disk3 /mnt/storage mergerfs direct_io,use_ino,allow_other,minfreespace=50G,fsname=mergerfs,category.create=mfs,func.mkdir=epall 0 0
+  environment.systemPackages = with pkgs; [
+    mergerfs
+    mergerfs-tools
+    python3
+  ];

  fileSystems."/mnt/storage" = {
    device = "/mnt/disk1:/mnt/disk2:/mnt/disk3";
-    fsType = "mergerfs";
+    fsType = "fuse.mergerfs";
    depends = ["/mnt/disk1" "/mnt/disk2" "/mnt/disk3"];
    options = [
      "direct_io"
@ -65,19 +67,6 @@ in {
    ];
  };

-  # auto-generated-config: looks sus
-
-  # fileSystems."/mnt/storage" =
-  #   { device = "mergerfs";
-  #     fsType = "fuse.mergerfs";
-  #   };
-  #
-  # fileSystems."/srv/nfs/Media" =
-  #   { device = "/mnt/storage/media";
-  #     fsType = "none";
-  #     options = [ "bind" ];
-  #   };
-
  swapDevices = [
    {device = "/dev/disk/by-uuid/27ad4809-211f-4ae9-90da-d17d9c1df271";}
  ];
@ -89,6 +78,7 @@ in {
  networking.useDHCP = lib.mkDefault true;
  # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
  # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
+  networking.firewall.allowedTCPPorts = [ 22 53 80 443 ];

  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
@ -100,6 +90,9 @@ in {
    }
  ];

+  networking.hostName = "alpine";
+  networking.networkmanager.insertNameservers = ["1.1.1.1" "1.0.0.1"];
+
  services.snapraid = {
    enable = true;
    contentFiles = [
@ -118,4 +111,60 @@ in {
      "/mnt/parity1/SnapRAID.parity"
    ];
  };
+
+  virtualisation = {
+    podman = {
+      enable = true;
+    };
+  };
+
+  services.openssh = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "tristans.cloud" = {
+        forceSSL = true;
+        enableACME = true;
+        root = "/srv/www/tristans.cloud";
+      };
+      "git.tristans.cloud" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."~".proxyPass = "http://localhost:3000";
+      };
+    };
+  };
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "tristan@tristans.cloud";
+  };
+
+  services.ddclient = {
+    # enable = true;
+    protocol = "duckdns";
+    use = "if, if=enp4s0";
+    ssl = true;
+    username = "";
+    passwordFile = "/home/tristan/duckdnstoken";
+    domains = ["tlbean"];
+  };
+
+  services.forgejo = {
+    enable = true;
+    dump.enable = true;
+    lfs.enable = true;
+    settings = {
+      server = {
+        DOMAIN = "git.tristans.cloud";
+      };
+      service = {
+        DISABLE_REGISTRATION = true;
+      };
+    };
+  };
+
 }