From 20e8bd96bd4c88dd3d74e7d92eac61f4b401e046 Mon Sep 17 00:00:00 2001 From: Thiago Sposito Date: Fri, 30 Jan 2026 15:25:37 -0300 Subject: [PATCH 1/2] chore: reconfigure nix cloud --- hosts/Nixcloud/default.nix | 85 +++++++---------------- hosts/Nixcloud/forgejo.nix | 41 +++++++++++ hosts/Nixcloud/hardware-configuration.nix | 18 +++-- 3 files changed, 73 insertions(+), 71 deletions(-) create mode 100644 hosts/Nixcloud/forgejo.nix diff --git a/hosts/Nixcloud/default.nix b/hosts/Nixcloud/default.nix index 848e7f2..3ff32b6 100644 --- a/hosts/Nixcloud/default.nix +++ b/hosts/Nixcloud/default.nix @@ -1,16 +1,11 @@ -{ - config, - inputs, - lib, - pkgs, - ... -}: +{ ... }: { imports = [ ./hardware-configuration.nix ./networking.nix - + ./forgejo.nix ]; + boot.loader.grub = { enable = true; efiSupport = true; # Enable EFI features @@ -18,69 +13,37 @@ }; boot.tmp.cleanOnBoot = true; - nix = { - registry = (lib.mapAttrs (_: flake: { inherit flake; })) ( - (lib.filterAttrs (_: lib.isType "flake")) inputs - ); - - nixPath = [ "/etc/nix/path" ]; - - settings = { - download-buffer-size = "512M"; - experimental-features = "nix-command flakes"; - auto-optimise-store = true; - }; - }; - - environment = { - shells = with pkgs; [ bash ]; - etc = lib.mapAttrs' (name: value: { - name = "nix/path/${name}"; - value.source = value.flake; - }) config.nix.registry; - systemPackages = with pkgs; [ - git - sops - wget - ]; - }; zramSwap.enable = true; - programs = { - gnupg = { - agent = { - enableSSHSupport = true; - enable = true; - pinentryPackage = pkgs.pinentry-tty; - }; - }; - }; + networking.hostName = "srv1065175"; networking.domain = "hstgr.cloud"; services.openssh.enable = true; - - users.users = { - root.openssh.authorizedKeys.keyFiles = [ - (builtins.fetchurl { - url = "https://meta.sr.ht/~sposito.keys"; - name = "sposito-srht-keys"; - sha256 = "1a0qcpbdkmdhnhhqvcmf6rq7zmjap6kxiwrcmmgs0fbhrlcyhkmi"; - }) - ]; - nimbus.isNormalUser = true; - nimbus.openssh.authorizedKeys.keys = [ - (builtins.fetchurl { - url = "https://meta.sr.ht/~sposito.keys"; - name = "sposito-srht-keys"; - sha256 = "1a0qcpbdkmdhnhhqvcmf6rq7zmjap6kxiwrcmmgs0fbhrlcyhkmi"; - }) - ]; + users.users.root.openssh.authorizedKeys.keys = [ + ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjC5EuxC6un3StoRkn1X1Mv09Mx1icGfN5fnlWRfqFPtiwAusJA+q0p2MktujY/+kDOpzExtjbXP5CtW7zcUfeitO26BY0WH106P4ttsq/0zzq5pmPXxGn9crN7JqFp3f9LMlL0F+3Oa0mJ6HcS2UgQEUYS6ofJBV1CLeMfkv75F+iy7AG1V9EaT4pvwdmAJ+6XXSo+UtadWOZGlWVRETyDcxa2H/aS/e+JrQfeAHM9f9cyeZqO9OHFWmuzHDc2T014+OhzzWnLUC/nUc1KUELvha1cT1ViMbcF62cjQXxip/5GGsIkw+7PdJFTn3ITwRO1+06qs6WnO4ceh8wIyOblUgTfRvIXkB7nnanC3CupqLbT+s/HeRiwnI4aih7lDrB717dPTy/ZfNXqxy1K51bZzRTXzkY+oUF1eqG37KvGoFZ6Zjf8KMrtTWBhqdIWV/kY4ZBTtvtiU81iXEWbobcyTzsIzKtZhCrGt+KxFUYV90u+ts3jrFdHIsN/tIzuEKz2ZZ8f749u2Q9jgIwe1KLtTwmSDjAV5gkbnE7ZDMB82pTzlwdrZ/VkCIu3/EtoWq3Y+NrKL4OzWL74Tzgsn28jvsegrnz5Lp24zPpNmBzCgbkwPStFjvp16G6pUiTLAAn9YiBqYbbvDbGxun55QMwYORGsdk5hISaC/cPzaUKkQ== thiago@sposito.ch'' + ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCWstSULudWNwPQxyS2J7Qygw8CozDDy8WsPjsYzKPI9s0B/KLU0g1oX42bBvn4DgNpzGrpb6IGHpRQohStt7vcOxb9XpfhIOcIr45gU3k3lcPjh6vj8/ZoNQlRDIfxs83RDImvveYABuI/Hq42mLV1kI5qnQHaJxuW73AuYKNzE3Z3PUl5Kw6MgzSZ96QlpiQDn/js7ZTBF/YZ18kPh9E9O1y+EDhcJ4gn38rFIMYMG/KbJB22hYyYQHo0WkJlZ2jScnjv1op2yHPM4lfjOnnyL+LhOQLN8VrHayDWXtJcIW0nEKT+1R/7qkSH/5ELA2c/gznfkdTDzfG8+P3WAzNF openpgp:0xC25417F1'' + ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICRAJaRuXqVeAs/Y5CeTbyc9lSbyvchkVqiML/yl6wbh thiago@Nixbook'' + ]; + users.users.nimbus = { + isNormalUser = true; + extraGroups = [ "wheel" ]; }; + + security.sudo.extraRules = [ + { + users = [ "nimbus" ]; + commands = [ + { + command = "ALL"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; system.stateVersion = "23.11"; boot.kernelParams = [ "console=tty1" "console=ttyS0,115200" ]; - time.timeZone = "America/Sao_Paulo"; } diff --git a/hosts/Nixcloud/forgejo.nix b/hosts/Nixcloud/forgejo.nix new file mode 100644 index 0000000..52189fe --- /dev/null +++ b/hosts/Nixcloud/forgejo.nix @@ -0,0 +1,41 @@ +{ lib, config, ... }: +let + cfg = config.services.forgejo; + srv = cfg.settings.server; + domain = "git.sposi.to"; +in +{ + security.acme = { + acceptTerms = true; + defaults.email = "thiago@sposi.to"; + }; + + services.nginx = { + enable = true; + virtualHosts.${domain} = { + forceSSL = true; + enableACME = true; + extraConfig = '' + client_max_body_size 512M; + ''; + locations."/".proxyPass = "http://localhost:${toString srv.HTTP_PORT}"; + }; + }; + + services.forgejo = { + enable = true; + database.type = "sqlite3"; + lfs.enable = true; + settings = { + server = { + DOMAIN = domain; + ROOT_URL = "https://${domain}/"; + HTTP_PORT = 3000; + }; + service.DISABLE_REGISTRATION = true; + }; + }; + + services.forgejo.settings.server.SSH_PORT = lib.mkDefault (lib.head (config.services.openssh.ports or [ 22 ])); +} + diff --git a/hosts/Nixcloud/hardware-configuration.nix b/hosts/Nixcloud/hardware-configuration.nix index 147a8f5..566c4f3 100644 --- a/hosts/Nixcloud/hardware-configuration.nix +++ b/hosts/Nixcloud/hardware-configuration.nix @@ -1,9 +1,15 @@ { modulesPath, lib, ... }: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.kernelModules = [ "nvme" ]; boot.loader.grub.device = "nodev"; - + + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + "vmw_pvscsi" + ]; + boot.initrd.kernelModules = [ "nvme" ]; fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; @@ -12,13 +18,5 @@ device = "/dev/sda15"; fsType = "vfat"; }; - - boot.initrd.availableKernelModules = [ - "ata_piix" - "uhci_hcd" - "vmw_pvscsi" - "xen_blkfront" - ]; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; } From b2be34b8fece71ea4ebe4ba02db4f7a2686e5856 Mon Sep 17 00:00:00 2001 From: Thiago Sposito Date: Wed, 4 Feb 2026 19:08:30 -0300 Subject: [PATCH 2/2] feat: expose nginx --- hosts/Nixcloud/default.nix | 11 ++++++++++- hosts/Nixcloud/forgejo.nix | 3 ++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/hosts/Nixcloud/default.nix b/hosts/Nixcloud/default.nix index 3ff32b6..dd56ec2 100644 --- a/hosts/Nixcloud/default.nix +++ b/hosts/Nixcloud/default.nix @@ -1,4 +1,4 @@ -{ ... }: +{ pkgs, ... }: { imports = [ ./hardware-configuration.nix @@ -16,9 +16,18 @@ zramSwap.enable = true; + environment.systemPackages = with pkgs; [ + git + ]; + networking.hostName = "srv1065175"; networking.domain = "hstgr.cloud"; + networking.firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + }; + services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = [ ''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjC5EuxC6un3StoRkn1X1Mv09Mx1icGfN5fnlWRfqFPtiwAusJA+q0p2MktujY/+kDOpzExtjbXP5CtW7zcUfeitO26BY0WH106P4ttsq/0zzq5pmPXxGn9crN7JqFp3f9LMlL0F+3Oa0mJ6HcS2UgQEUYS6ofJBV1CLeMfkv75F+iy7AG1V9EaT4pvwdmAJ+6XXSo+UtadWOZGlWVRETyDcxa2H/aS/e+JrQfeAHM9f9cyeZqO9OHFWmuzHDc2T014+OhzzWnLUC/nUc1KUELvha1cT1ViMbcF62cjQXxip/5GGsIkw+7PdJFTn3ITwRO1+06qs6WnO4ceh8wIyOblUgTfRvIXkB7nnanC3CupqLbT+s/HeRiwnI4aih7lDrB717dPTy/ZfNXqxy1K51bZzRTXzkY+oUF1eqG37KvGoFZ6Zjf8KMrtTWBhqdIWV/kY4ZBTtvtiU81iXEWbobcyTzsIzKtZhCrGt+KxFUYV90u+ts3jrFdHIsN/tIzuEKz2ZZ8f749u2Q9jgIwe1KLtTwmSDjAV5gkbnE7ZDMB82pTzlwdrZ/VkCIu3/EtoWq3Y+NrKL4OzWL74Tzgsn28jvsegrnz5Lp24zPpNmBzCgbkwPStFjvp16G6pUiTLAAn9YiBqYbbvDbGxun55QMwYORGsdk5hISaC/cPzaUKkQ== thiago@sposito.ch'' diff --git a/hosts/Nixcloud/forgejo.nix b/hosts/Nixcloud/forgejo.nix index 52189fe..5e74e92 100644 --- a/hosts/Nixcloud/forgejo.nix +++ b/hosts/Nixcloud/forgejo.nix @@ -7,7 +7,7 @@ in { security.acme = { acceptTerms = true; - defaults.email = "thiago@sposi.to"; + defaults.email = "th.spo@pm.me"; }; services.nginx = { @@ -15,6 +15,7 @@ in virtualHosts.${domain} = { forceSSL = true; enableACME = true; + # Allow HTTP initially for ACME challenge, will redirect to HTTPS once cert is ready extraConfig = '' client_max_body_size 512M; '';