From 8c7c87968e50498bf5164a1bdb812520daaa026f Mon Sep 17 00:00:00 2001
From: bc <bc@lpl.org>
Date: Sat, 2 Aug 2025 07:04:30 +0000
Subject: [PATCH] initial config with paste and git

---
 configuration.nix | 61 +++++++++++++++++++++++++++++++++++++++++++++++
 flake.nix         | 15 ++++++++++++
 o-git-forgejo.nix | 22 +++++++++++++++++
 o-paste.nix       | 16 +++++++++++++
 4 files changed, 114 insertions(+)
 create mode 100644 configuration.nix
 create mode 100644 flake.nix
 create mode 100644 o-git-forgejo.nix
 create mode 100644 o-paste.nix

diff --git a/configuration.nix b/configuration.nix
new file mode 100644
index 0000000..813d4e4
--- /dev/null
+++ b/configuration.nix
@@ -0,0 +1,61 @@
+{ config, modulesPath, lib, pkgs, ... }:
+{
+  imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
+    (modulesPath + "/virtualisation/digital-ocean-config.nix")
+    #./o-caddy.nix
+    ./o-paste.nix
+    ./o-git-forgejo.nix
+    #./o-nocodb.nix
+  ];
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  environment.sessionVariables = { EDITOR = "nvim"; };
+  environment.systemPackages = with pkgs; [
+    lf
+    ranger
+    broot
+    helix
+    wget
+    xh
+    nushell
+    zellij
+    ripgrep
+    fd
+    caddy
+  ];
+
+  programs.bat.enable = true;
+  programs.git.enable = true;
+  programs.htop.enable = true;
+  programs.mtr.enable = true;
+  programs.neovim = {
+    enable = true;
+    defaultEditor = true;
+    vimAlias = true;
+    viAlias = true;
+  };
+
+  virtualisation.podman = {
+    enable = true;
+    dockerCompat = true;
+  };
+
+  services.openssh.enable = true;
+  services.openssh.settings.PermitRootLogin = "yes";
+  services.tailscale.enable = true;
+
+  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
+  services.fail2ban.enable = true;
+
+  system.stateVersion = "24.11";
+
+  users.users.ntm = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "networkmanager" ];
+    openssh.authorizedKeys.keys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdDBHNyxM+UsOgI37RKmOT53FeJOo5t0icWg3QhtoHMhErKc94todmQ+DL1XJRnUo2EWeL3Lzzhe4TRo0itAgpLdgSRe2AD/WKAJHb0uSIPVL6exBJcY31IP9L88H1MpZRvb1GdnKFtbDZ!DS*Z$P&?)SQWHNFROUIXE*W^(WJAVGJC@&%KGq9DsEI*@B$GHIPVPLU#LJD?DUFH&CVWIBOPZ+DXBLKB@NM@PKHAj)!WV%S(S^&#V#REYNTMs thinkpad key"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDzEqS1MJBo/NUo2/QkU6PlFcGgReZ7k8W4MiFdC1Tn4HoH1O6SN1vdM87Mev4J2lRj9yF4MAoz+9PEfCJcuqN6S7dCWfSbo7GMs3V4sRGDhoJmCiTv9bqq0KrkdAqD/N3M+XVxrN9vIy7L4KKSptWmRkcE/R17EGq4eIe33a5g38wKxgP92JEtAJZTYTaJ4FbFkbty5qtFpjG5cCe170DJtlN3v4r7PGaEvOVSyBV7p7S6/PSO5Xk4ZlhiEQ+/Kyf7OWULVDmBV2p/kOTYdinWiDfpnWCAT2IIyqsrgVlwuj/JWexjpXsr7Fj9NBQYpKaHf423epemMbipUp+8fuNIoYJqhcR7E0UTdJAHkZwFe9TabIm6x9ekx97x9bifFgxdT78abZG8t98WvmXB1cnF9bH6QHXI9diTEIvYDJgRNvRbbVFKvNQProyDt+CBB+kUkBWKBbkxEuUYlFSL1Y9Yi48rL4l83eipf4pOT/0D0Evor4yIrDTZbC1k8n29Vec= ntm@yaupon"
+    ];
+  };
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..2217f3b
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,15 @@
+{
+  inputs = {
+    nixpkgs.url = "nixpkgs/nixos-unstable";
+  };
+  outputs = { self, nixpkgs }@attrs: {
+    nixosConfigurations.matilda-gage = nixpkgs.lib.nixosSystem rec {
+      pkgs = import nixpkgs { inherit system; config = { allowUnfree = true; };};
+      system = "x86_64-linux";
+      modules = [ ./configuration.nix
+                  # This fixes nixpkgs (for e.g. "nix shell") to match the system nixpkgs
+                  ({ config, pkgs, options, ... }: { nix.registry.nixpkgs.flake = nixpkgs; })
+                ];
+    };
+  };
+}
diff --git a/o-git-forgejo.nix b/o-git-forgejo.nix
new file mode 100644
index 0000000..04f6f6e
--- /dev/null
+++ b/o-git-forgejo.nix
@@ -0,0 +1,22 @@
+{ config, pkgs, ... }:
+let
+  domain = "gagegit.chicagotea.click";
+in
+{
+
+  services.forgejo = {
+    enable = true;
+    settings = {
+      mailer.ENABLED = false;
+      server = {
+        DOMAIN = domain;
+        ROOT_URL = "https://${domain}/";
+      };
+      repository.ENABLE_PUSH_CREATE_USER = true;
+      #service.DISABLE_REGISTRATION = true;
+    };
+  };
+  services.caddy.virtualHosts.${domain}.extraConfig = ''
+    reverse_proxy :3000
+  '';
+}
diff --git a/o-paste.nix b/o-paste.nix
new file mode 100644
index 0000000..87e231e
--- /dev/null
+++ b/o-paste.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, ... }:
+let
+  domain = "gagepaste.chicagotea.click";
+in
+{
+  services.microbin = {
+    enable = true;
+    settings = {
+      MICROBIN_PORT = 8001; #9457
+      MICROBIN_PUBLIC_PATH = "https://${domain}";
+    };
+  };
+  services.caddy.virtualHosts.${domain}.extraConfig = ''
+    reverse_proxy :3000
+  '';
+}