From b2be34b8fece71ea4ebe4ba02db4f7a2686e5856 Mon Sep 17 00:00:00 2001 From: Thiago Sposito Date: Wed, 4 Feb 2026 19:08:30 -0300 Subject: [PATCH] feat: expose nginx --- hosts/Nixcloud/default.nix | 11 ++++++++++- hosts/Nixcloud/forgejo.nix | 3 ++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/hosts/Nixcloud/default.nix b/hosts/Nixcloud/default.nix index 3ff32b6..dd56ec2 100644 --- a/hosts/Nixcloud/default.nix +++ b/hosts/Nixcloud/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ pkgs, ... }: { imports = [ ./hardware-configuration.nix @@ -16,9 +16,18 @@ zramSwap.enable = true; + environment.systemPackages = with pkgs; [ + git + ]; + networking.hostName = "srv1065175"; networking.domain = "hstgr.cloud"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + }; + services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjC5EuxC6un3StoRkn1X1Mv09Mx1icGfN5fnlWRfqFPtiwAusJA+q0p2MktujY/+kDOpzExtjbXP5CtW7zcUfeitO26BY0WH106P4ttsq/0zzq5pmPXxGn9crN7JqFp3f9LMlL0F+3Oa0mJ6HcS2UgQEUYS6ofJBV1CLeMfkv75F+iy7AG1V9EaT4pvwdmAJ+6XXSo+UtadWOZGlWVRETyDcxa2H/aS/e+JrQfeAHM9f9cyeZqO9OHFWmuzHDc2T014+OhzzWnLUC/nUc1KUELvha1cT1ViMbcF62cjQXxip/5GGsIkw+7PdJFTn3ITwRO1+06qs6WnO4ceh8wIyOblUgTfRvIXkB7nnanC3CupqLbT+s/HeRiwnI4aih7lDrB717dPTy/ZfNXqxy1K51bZzRTXzkY+oUF1eqG37KvGoFZ6Zjf8KMrtTWBhqdIWV/kY4ZBTtvtiU81iXEWbobcyTzsIzKtZhCrGt+KxFUYV90u+ts3jrFdHIsN/tIzuEKz2ZZ8f749u2Q9jgIwe1KLtTwmSDjAV5gkbnE7ZDMB82pTzlwdrZ/VkCIu3/EtoWq3Y+NrKL4OzWL74Tzgsn28jvsegrnz5Lp24zPpNmBzCgbkwPStFjvp16G6pUiTLAAn9YiBqYbbvDbGxun55QMwYORGsdk5hISaC/cPzaUKkQ== thiago@sposito.ch'' diff --git a/hosts/Nixcloud/forgejo.nix b/hosts/Nixcloud/forgejo.nix index 52189fe..5e74e92 100644 --- a/hosts/Nixcloud/forgejo.nix +++ b/hosts/Nixcloud/forgejo.nix @@ -7,7 +7,7 @@ in { security.acme = { acceptTerms = true; - defaults.email = "thiago@sposi.to"; + defaults.email = "th.spo@pm.me"; }; services.nginx = { @@ -15,6 +15,7 @@ in virtualHosts.${domain} = { forceSSL = true; enableACME = true; + # Allow HTTP initially for ACME challenge, will redirect to HTTPS once cert is ready extraConfig = '' client_max_body_size 512M; '';