nixos server with forgejo

hardware/alpine.nix

@@ -13,7 +13,7 @@ in {
 
   boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "sd_mod"];
   boot.initrd.kernelModules = [];
-  boot.kernelModules = ["kvm-amd"];
+  boot.kernelModules = [];
   boot.extraModulePackages = [];
 
   fileSystems."/" = {
@@ -21,10 +21,10 @@ in {
     fsType = "ext4";
   };
 
-  fileSystems."/boot" = {
-    device = "/dev/disk/by-uuid/72d527de-fead-43d5-8f29-e06d2c584a18";
-    fsType = "ext4";
-  };
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/D8AA-8602";
+      fsType = "vfat";
+    };
 
   fileSystems."/mnt/disk1" = {
     device = "/dev/disk/by-uuid/caba0b6c-00d2-495a-8c04-67ea584f1a63";
@@ -46,13 +46,15 @@ in {
     fsType = "ext4";
   };
 
-  # /etc/fstab
-
-  # /mnt/disk1:/mnt/disk2:/mnt/disk3 /mnt/storage mergerfs direct_io,use_ino,allow_other,minfreespace=50G,fsname=mergerfs,category.create=mfs,func.mkdir=epall 0 0
+  environment.systemPackages = with pkgs; [
+    mergerfs
+    mergerfs-tools
+    python3
+  ];
 
   fileSystems."/mnt/storage" = {
     device = "/mnt/disk1:/mnt/disk2:/mnt/disk3";
-    fsType = "mergerfs";
+    fsType = "fuse.mergerfs";
     depends = ["/mnt/disk1" "/mnt/disk2" "/mnt/disk3"];
     options = [
       "direct_io"
@@ -65,19 +67,6 @@ in {
     ];
   };
 
-  # auto-generated-config: looks sus
-
-  # fileSystems."/mnt/storage" =
-  #   { device = "mergerfs";
-  #     fsType = "fuse.mergerfs";
-  #   };
-  #
-  # fileSystems."/srv/nfs/Media" =
-  #   { device = "/mnt/storage/media";
-  #     fsType = "none";
-  #     options = [ "bind" ];
-  #   };
-
   swapDevices = [
     {device = "/dev/disk/by-uuid/27ad4809-211f-4ae9-90da-d17d9c1df271";}
   ];
@@ -89,6 +78,7 @@ in {
   networking.useDHCP = lib.mkDefault true;
   # networking.interfaces.eth0.useDHCP = lib.mkDefault true;
   # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true;
+  networking.firewall.allowedTCPPorts = [ 22 53 80 443 ];
 
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
@@ -100,6 +90,9 @@ in {
     }
   ];
 
+  networking.hostName = "alpine";
+  networking.networkmanager.insertNameservers = ["1.1.1.1" "1.0.0.1"];
+
   services.snapraid = {
     enable = true;
     contentFiles = [
@@ -118,4 +111,60 @@ in {
       "/mnt/parity1/SnapRAID.parity"
     ];
   };
+
+  virtualisation = {
+    podman = {
+      enable = true;
+    };
+  };
+
+  services.openssh = {
+    enable = true;
+    openFirewall = true;
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts = {
+      "tristans.cloud" = {
+        forceSSL = true;
+        enableACME = true;
+        root = "/srv/www/tristans.cloud";
+      };
+      "git.tristans.cloud" = {
+        forceSSL = true;
+        enableACME = true;
+        locations."~".proxyPass = "http://localhost:3000";
+      };
+    };
+  };
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "tristan@tristans.cloud";
+  };
+
+  services.ddclient = {
+    # enable = true;
+    protocol = "duckdns";
+    use = "if, if=enp4s0";
+    ssl = true;
+    username = "";
+    passwordFile = "/home/tristan/duckdnstoken";
+    domains = ["tlbean"];
+  };
+
+  services.forgejo = {
+    enable = true;
+    dump.enable = true;
+    lfs.enable = true;
+    settings = {
+      server = {
+        DOMAIN = "git.tristans.cloud";
+      };
+      service = {
+        DISABLE_REGISTRATION = true;
+      };
+    };
+  };
+
 }

home/default.nix

@@ -7,14 +7,14 @@
 # https://nix-community.github.io/home-manager/options.xhtml
 {
   imports = [
-    ./modules/terminal.nix
-    ./modules/scripts.nix
-    ./modules/email.nix
-    ./modules/mpd.nix
-    ./modules/menu.nix
-    ./modules/scripts.nix
+    # ./modules/terminal.nix
+    # ./modules/scripts.nix
+    # ./modules/email.nix
+    # ./modules/mpd.nix
+    # ./modules/menu.nix
+    # ./modules/scripts.nix
 
-    ./programs/scripts.nix
+    # ./programs/scripts.nix
     ./programs/neovim/.
     ./programs/helix.nix
     ./programs/git.nix
@@ -25,13 +25,13 @@
     }
   ];
 
-  programs.menu = {
-    package = pkgs.tofi;
-    dmenuCommand = "${pkgs.tofi}/bin/tofi --fuzzy-match true";
-    drunCommand = "${pkgs.tofi}/bin/tofi-drun --drun-launch true";
-  };
+  # programs.menu = {
+  #   package = pkgs.tofi;
+  #   dmenuCommand = "${pkgs.tofi}/bin/tofi --fuzzy-match true";
+  #   drunCommand = "${pkgs.tofi}/bin/tofi-drun --drun-launch true";
+  # };
 
-  roles.mpd.enable = true;
+  # roles.mpd.enable = true;
 
   programs.home-manager.enable = true;
 
@@ -51,17 +51,17 @@
     mosh
     ripgrep
     usbutils
-    wl-clipboard
+    # wl-clipboard
     du-dust
     htop
     libsixel
     yt-dlp
     ytfzf
-    playerctl
+    # playerctl
     neofetch
     tree
     ansible
-    quickemu
+    # quickemu
   ];
 
   services.udiskie = {
@@ -91,30 +91,30 @@
     };
   };
 
-  home.file.".icons/default".source = "${pkgs.vanilla-dmz}/share/icons/Vanilla-DMZ";
+  # home.file.".icons/default".source = "${pkgs.vanilla-dmz}/share/icons/Vanilla-DMZ";
 
-  home.file.".config/pipewire/pipewire.conf.d/raop-discover.conf".text = ''
-    context.modules = [
-      {
-        name = libpipewire-module-raop-discover
-        args = { }
-      }
-    ]
-  '';
-  services.kdeconnect = {
-    enable = true;
-    indicator = true;
-  };
+  # home.file.".config/pipewire/pipewire.conf.d/raop-discover.conf".text = ''
+  #   context.modules = [
+  #     {
+  #       name = libpipewire-module-raop-discover
+  #       args = { }
+  #     }
+  #   ]
+  # '';
+  # services.kdeconnect = {
+  #   enable = true;
+  #   indicator = true;
+  # };
 
-  programs.pandoc = {
-    enable = true;
-    defaults = {
-      metadata = {
-        author = "Tristan Beedell";
-      };
-      pdf-engine = "xelatex";
-    };
-  };
+  # programs.pandoc = {
+  #   enable = true;
+  #   defaults = {
+  #     metadata = {
+  #       author = "Tristan Beedell";
+  #     };
+  #     pdf-engine = "xelatex";
+  #   };
+  # };
 
   programs.direnv.enable = true;
 }