initial config with paste and git

2025-08-02 07:04:30 +00:00 · 2025-08-02 07:04:30 +00:00 · 8c7c87968e
commit 8c7c87968e
parent 6524349eee
4 changed files with 114 additions and 0 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -0,0 +1,61 @@
 { config, modulesPath, lib, pkgs, ... }:
 {
  imports = lib.optional (builtins.pathExists ./do-userdata.nix) ./do-userdata.nix ++ [
    (modulesPath + "/virtualisation/digital-ocean-config.nix")
    #./o-caddy.nix
    ./o-paste.nix
    ./o-git-forgejo.nix
    #./o-nocodb.nix
  ];
  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  environment.sessionVariables = { EDITOR = "nvim"; };
  environment.systemPackages = with pkgs; [
    lf
    ranger
    broot
    helix
    wget
    xh
    nushell
    zellij
    ripgrep
    fd
    caddy
  ];
  programs.bat.enable = true;
  programs.git.enable = true;
  programs.htop.enable = true;
  programs.mtr.enable = true;
  programs.neovim = {
    enable = true;
    defaultEditor = true;
    vimAlias = true;
    viAlias = true;
  };
  virtualisation.podman = {
    enable = true;
    dockerCompat = true;
  };
  services.openssh.enable = true;
  services.openssh.settings.PermitRootLogin = "yes";
  services.tailscale.enable = true;
  networking.firewall.allowedTCPPorts = [ 22 80 443 ];
  services.fail2ban.enable = true;
  system.stateVersion = "24.11";
  users.users.ntm = {
    isNormalUser = true;
    extraGroups = [ "wheel" "networkmanager" ];
    openssh.authorizedKeys.keys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdDBHNyxM+UsOgI37RKmOT53FeJOo5t0icWg3QhtoHMhErKc94todmQ+DL1XJRnUo2EWeL3Lzzhe4TRo0itAgpLdgSRe2AD/WKAJHb0uSIPVL6exBJcY31IP9L88H1MpZRvb1GdnKFtbDZ!DS*Z$P&?)SQWHNFROUIXE*W^(WJAVGJC@&%KGq9DsEI*@B$GHIPVPLU#LJD?DUFH&CVWIBOPZ+DXBLKB@NM@PKHAj)!WV%S(S^&#V#REYNTMs thinkpad key"
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDzEqS1MJBo/NUo2/QkU6PlFcGgReZ7k8W4MiFdC1Tn4HoH1O6SN1vdM87Mev4J2lRj9yF4MAoz+9PEfCJcuqN6S7dCWfSbo7GMs3V4sRGDhoJmCiTv9bqq0KrkdAqD/N3M+XVxrN9vIy7L4KKSptWmRkcE/R17EGq4eIe33a5g38wKxgP92JEtAJZTYTaJ4FbFkbty5qtFpjG5cCe170DJtlN3v4r7PGaEvOVSyBV7p7S6/PSO5Xk4ZlhiEQ+/Kyf7OWULVDmBV2p/kOTYdinWiDfpnWCAT2IIyqsrgVlwuj/JWexjpXsr7Fj9NBQYpKaHf423epemMbipUp+8fuNIoYJqhcR7E0UTdJAHkZwFe9TabIm6x9ekx97x9bifFgxdT78abZG8t98WvmXB1cnF9bH6QHXI9diTEIvYDJgRNvRbbVFKvNQProyDt+CBB+kUkBWKBbkxEuUYlFSL1Y9Yi48rL4l83eipf4pOT/0D0Evor4yIrDTZbC1k8n29Vec= ntm@yaupon"
    ];
  };
 }
--- a/flake.nix
+++ b/flake.nix
@ -0,0 +1,15 @@
 {
  inputs = {
    nixpkgs.url = "nixpkgs/nixos-unstable";
  };
  outputs = { self, nixpkgs }@attrs: {
    nixosConfigurations.matilda-gage = nixpkgs.lib.nixosSystem rec {
      pkgs = import nixpkgs { inherit system; config = { allowUnfree = true; };};
      system = "x86_64-linux";
      modules = [ ./configuration.nix
                  # This fixes nixpkgs (for e.g. "nix shell") to match the system nixpkgs
                  ({ config, pkgs, options, ... }: { nix.registry.nixpkgs.flake = nixpkgs; })
                ];
    };
  };
 }
--- a/o-git-forgejo.nix
+++ b/o-git-forgejo.nix
@ -0,0 +1,22 @@
 { config, pkgs, ... }:
 let
  domain = "gagegit.chicagotea.click";
 in
 {
  services.forgejo = {
    enable = true;
    settings = {
      mailer.ENABLED = false;
      server = {
        DOMAIN = domain;
        ROOT_URL = "https://${domain}/";
      };
      repository.ENABLE_PUSH_CREATE_USER = true;
      #service.DISABLE_REGISTRATION = true;
    };
  };
  services.caddy.virtualHosts.${domain}.extraConfig = ''
    reverse_proxy :3000
  '';
 }
--- a/o-paste.nix
+++ b/o-paste.nix
@ -0,0 +1,16 @@
 { config, pkgs, ... }:
 let
  domain = "gagepaste.chicagotea.click";
 in
 {
  services.microbin = {
    enable = true;
    settings = {
      MICROBIN_PORT = 8001; #9457
      MICROBIN_PUBLIC_PATH = "https://${domain}";
    };
  };
  services.caddy.virtualHosts.${domain}.extraConfig = ''
    reverse_proxy :3000
  '';
 }