initial commit

hosts/geon/configuration.nix

@@ -0,0 +1,40 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  imports =
+    [ # Include the results of the hardware scan.
+        ./hardware-configuration.nix
+        ../../common/common.nix
+        ../../common/netdata.nix
+        ../../common/kvm.nix
+        ./gitea.nix
+    ];
+
+  # Use the systemd-boot EFI boot loader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "geon";
+  networking.useDHCP = false;
+  networking.interfaces.ens18.useDHCP = true;
+  networking.interfaces.ens18.ipv6.addresses = [{
+    address = "2a01:4f8:c010:61dc:200::500:1";
+    prefixLength = 72;
+  }];
+
+  networking.defaultGateway6 = {
+    address = "2a01:4f8:c010:61dc:200::1";
+    interface = "ens18";
+  };
+
+  clerie.monitoring = {
+    enable = true;
+    id = "201";
+    privKeyFile = "/run/keys/wg-geon_priv";
+    pubkey = "WlVtrmfqZs6acvi185ovDn6NS2sZQkQNUf2oG0/QIx0=";
+  };
+}

hosts/geon/gitea.nix

@@ -0,0 +1,89 @@
+ { config, pkgs, lib, ... }:
+
+{
+  services.openssh.ports = [ 2222 ];
+  services.gitea = {
+    enable = true;
+    appName = "Git: entr0py.de";
+    database = {
+      createDatabase = false;
+      type = "postgres";
+      name = "gitea";
+      user = "gitea";
+      socket = "/run/postgresql";
+    };
+    cookieSecure = true;
+    disableRegistration = true;
+    rootUrl = "https://git.entr0py.de/";
+    domain = "git.entr0py.de";
+    httpAddress =  "127.0.0.1";
+    httpPort = 3000;
+    lfs.enable = true;
+    log.level = "Info";
+    ssh = {
+      enable = true;
+      clonePort = 2222;
+    };
+    settings = {
+      database = {
+        CHARSET = "utf8";
+      };
+      repository = {
+        ENABLE_PUSH_CREATE_USER = true;
+        ENABLE_PUSH_CREATE_ORG = true;
+        DEFAULT_PRIVATE = true;
+      };
+      server = {
+        OFFLINE_MODE = true;
+        LANDING_PAGE = "explore";
+      };
+      mailer = {
+        enabled = false;
+      };
+      service = {
+        REGISTER_EMAIL_CONFIRM = false;
+        ENABLE_NOTIFY_MAIL = false;
+        ALLOW_ONLY_EXTERNAL_REGISTRATION = false;
+        ENABLE_CAPTCHA = false;
+        REQUIRE_SIGNIN_VIEW = false;
+        DEFAULT_KEEP_EMAIL_PRIVATE = true;
+        DEFAULT_ALLOW_CREATE_ORGANIZATION = true;
+        DEFAULT_ENABLE_TIMETRACKING = false;
+      };
+      picture = {
+        DISABLE_GRAVATAR = true;
+        ENABLE_FEDERATED_AVATAR = false;
+      };
+      openid = {
+        ENABLE_OPENID_SIGNIN = false;
+        ENABLE_OPENID_SIGNUP = false;
+      };
+    };
+  };
+
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_12;
+    ensureDatabases = [ "gitea" ];
+    ensureUsers = [
+      {
+        name = "gitea";
+        ensurePermissions."DATABASE gitea" = "ALL PRIVILEGES";
+      }
+    ];
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  services.nginx = {
+    enable = true;                                          # Enable Nginx
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."git.entr0py.de" = {                  # Gitea hostname
+      enableACME = true;                                    # Use ACME certs
+      forceSSL = true;                                      # Force SSL
+      locations."/".proxyPass = "http://localhost:3000/";   # Proxy Gitea
+    };
+  };
+}

hosts/geon/hardware-configuration.nix

@@ -0,0 +1,30 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/e46b795c-491c-4559-93e9-09477b6b4c81";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/B6EC-6AEE";
+      fsType = "vfat";
+    };
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/3a94c2d1-c565-4bf5-ab1f-8db82fa069d7"; }
+    ];
+
+}