From 20e8bd96bd4c88dd3d74e7d92eac61f4b401e046 Mon Sep 17 00:00:00 2001
From: Thiago Sposito <th.spo@pm.me>
Date: Fri, 30 Jan 2026 15:25:37 -0300
Subject: [PATCH] chore: reconfigure nix cloud

---
 hosts/Nixcloud/default.nix                | 85 +++++++----------------
 hosts/Nixcloud/forgejo.nix                | 41 +++++++++++
 hosts/Nixcloud/hardware-configuration.nix | 18 +++--
 3 files changed, 73 insertions(+), 71 deletions(-)
 create mode 100644 hosts/Nixcloud/forgejo.nix

diff --git a/hosts/Nixcloud/default.nix b/hosts/Nixcloud/default.nix
index 848e7f2..3ff32b6 100644
--- a/hosts/Nixcloud/default.nix
+++ b/hosts/Nixcloud/default.nix
@@ -1,16 +1,11 @@
-{
-  config,
-  inputs,
-  lib,
-  pkgs,
-  ...
-}:
+{ ... }:
 {
   imports = [
     ./hardware-configuration.nix
     ./networking.nix
-
+    ./forgejo.nix
   ];
+
   boot.loader.grub = {
     enable = true;
     efiSupport = true; # Enable EFI features
@@ -18,69 +13,37 @@
   };
 
   boot.tmp.cleanOnBoot = true;
-  nix = {
-    registry = (lib.mapAttrs (_: flake: { inherit flake; })) (
-      (lib.filterAttrs (_: lib.isType "flake")) inputs
-    );
-
-    nixPath = [ "/etc/nix/path" ];
-
-    settings = {
-      download-buffer-size = "512M";
-      experimental-features = "nix-command flakes";
-      auto-optimise-store = true;
-    };
-  };
-
-  environment = {
-    shells = with pkgs; [ bash ];
-    etc = lib.mapAttrs' (name: value: {
-      name = "nix/path/${name}";
-      value.source = value.flake;
-    }) config.nix.registry;
-    systemPackages = with pkgs; [
-      git
-      sops
-      wget
-    ];
-  };
 
   zramSwap.enable = true;
-  programs = {
-    gnupg = {
-      agent = {
-        enableSSHSupport = true;
-        enable = true;
-        pinentryPackage = pkgs.pinentry-tty;
-      };
-    };
-  };
+
   networking.hostName = "srv1065175";
   networking.domain = "hstgr.cloud";
 
   services.openssh.enable = true;
-
-  users.users = {
-    root.openssh.authorizedKeys.keyFiles = [
-      (builtins.fetchurl {
-        url = "https://meta.sr.ht/~sposito.keys";
-        name = "sposito-srht-keys";
-        sha256 = "1a0qcpbdkmdhnhhqvcmf6rq7zmjap6kxiwrcmmgs0fbhrlcyhkmi";
-      })
-    ];
-    nimbus.isNormalUser = true;
-    nimbus.openssh.authorizedKeys.keys = [
-      (builtins.fetchurl {
-        url = "https://meta.sr.ht/~sposito.keys";
-        name = "sposito-srht-keys";
-        sha256 = "1a0qcpbdkmdhnhhqvcmf6rq7zmjap6kxiwrcmmgs0fbhrlcyhkmi";
-      })
-    ];
+  users.users.root.openssh.authorizedKeys.keys = [
+    ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjC5EuxC6un3StoRkn1X1Mv09Mx1icGfN5fnlWRfqFPtiwAusJA+q0p2MktujY/+kDOpzExtjbXP5CtW7zcUfeitO26BY0WH106P4ttsq/0zzq5pmPXxGn9crN7JqFp3f9LMlL0F+3Oa0mJ6HcS2UgQEUYS6ofJBV1CLeMfkv75F+iy7AG1V9EaT4pvwdmAJ+6XXSo+UtadWOZGlWVRETyDcxa2H/aS/e+JrQfeAHM9f9cyeZqO9OHFWmuzHDc2T014+OhzzWnLUC/nUc1KUELvha1cT1ViMbcF62cjQXxip/5GGsIkw+7PdJFTn3ITwRO1+06qs6WnO4ceh8wIyOblUgTfRvIXkB7nnanC3CupqLbT+s/HeRiwnI4aih7lDrB717dPTy/ZfNXqxy1K51bZzRTXzkY+oUF1eqG37KvGoFZ6Zjf8KMrtTWBhqdIWV/kY4ZBTtvtiU81iXEWbobcyTzsIzKtZhCrGt+KxFUYV90u+ts3jrFdHIsN/tIzuEKz2ZZ8f749u2Q9jgIwe1KLtTwmSDjAV5gkbnE7ZDMB82pTzlwdrZ/VkCIu3/EtoWq3Y+NrKL4OzWL74Tzgsn28jvsegrnz5Lp24zPpNmBzCgbkwPStFjvp16G6pUiTLAAn9YiBqYbbvDbGxun55QMwYORGsdk5hISaC/cPzaUKkQ== thiago@sposito.ch''
+    ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWstSULudWNwPQxyS2J7Qygw8CozDDy8WsPjsYzKPI9s0B/KLU0g1oX42bBvn4DgNpzGrpb6IGHpRQohStt7vcOxb9XpfhIOcIr45gU3k3lcPjh6vj8/ZoNQlRDIfxs83RDImvveYABuI/Hq42mLV1kI5qnQHaJxuW73AuYKNzE3Z3PUl5Kw6MgzSZ96QlpiQDn/js7ZTBF/YZ18kPh9E9O1y+EDhcJ4gn38rFIMYMG/KbJB22hYyYQHo0WkJlZ2jScnjv1op2yHPM4lfjOnnyL+LhOQLN8VrHayDWXtJcIW0nEKT+1R/7qkSH/5ELA2c/gznfkdTDzfG8+P3WAzNF openpgp:0xC25417F1''
+    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRAJaRuXqVeAs/Y5CeTbyc9lSbyvchkVqiML/yl6wbh thiago@Nixbook''
+  ];
+  users.users.nimbus = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" ];
   };
+
+  security.sudo.extraRules = [
+    {
+      users = [ "nimbus" ];
+      commands = [
+        {
+          command = "ALL";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+    }
+  ];
   system.stateVersion = "23.11";
   boot.kernelParams = [
     "console=tty1"
     "console=ttyS0,115200"
   ];
-  time.timeZone = "America/Sao_Paulo";
 }
diff --git a/hosts/Nixcloud/forgejo.nix b/hosts/Nixcloud/forgejo.nix
new file mode 100644
index 0000000..52189fe
--- /dev/null
+++ b/hosts/Nixcloud/forgejo.nix
@@ -0,0 +1,41 @@
+{ lib, config, ... }:
+let
+  cfg = config.services.forgejo;
+  srv = cfg.settings.server;
+  domain = "git.sposi.to";
+in
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "thiago@sposi.to";
+  };
+
+  services.nginx = {
+    enable = true;
+    virtualHosts.${domain} = {
+      forceSSL = true;
+      enableACME = true;
+      extraConfig = ''
+        client_max_body_size 512M;
+      '';
+      locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}";
+    };
+  };
+
+  services.forgejo = {
+    enable = true;
+    database.type = "sqlite3";
+    lfs.enable = true;
+    settings = {
+      server = {
+        DOMAIN = domain;
+        ROOT_URL = "https://${domain}/";
+        HTTP_PORT = 3000;
+      };
+      service.DISABLE_REGISTRATION = true;
+    };
+  };
+
+  services.forgejo.settings.server.SSH_PORT = lib.mkDefault (lib.head (config.services.openssh.ports or [ 22 ]));
+}
+
diff --git a/hosts/Nixcloud/hardware-configuration.nix b/hosts/Nixcloud/hardware-configuration.nix
index 147a8f5..566c4f3 100644
--- a/hosts/Nixcloud/hardware-configuration.nix
+++ b/hosts/Nixcloud/hardware-configuration.nix
@@ -1,9 +1,15 @@
 { modulesPath, lib, ... }:
 {
   imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-  boot.initrd.kernelModules = [ "nvme" ];
   boot.loader.grub.device = "nodev";
-  
+
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "xen_blkfront"
+    "vmw_pvscsi"
+  ];
+  boot.initrd.kernelModules = [ "nvme" ];
   fileSystems."/" = {
     device = "/dev/sda1";
     fsType = "ext4";
@@ -12,13 +18,5 @@
     device = "/dev/sda15";
     fsType = "vfat";
   };
-  
-  boot.initrd.availableKernelModules = [
-    "ata_piix"
-    "uhci_hcd"
-    "vmw_pvscsi"
-    "xen_blkfront"
-  ];
-  
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 }