nixos/services: add gitea server

nixos/services: add nginx base configuration
nixos/networking: add its own fqdn to extraHosts
2026-05-03 00:12:31 +02:00 · 2026-05-03 00:12:31 +02:00 · 2026-05-03 00:12:31 +02:00 · 2026-05-03 00:12:31 +02:00 · 2026-05-03 00:11:27 +02:00
8 changed files with 93 additions and 1 deletions
@@ -1,4 +1,6 @@
 {
  error = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDzdpxex2GlFVf5G2qsh3Ixa/XCMjnbq4JSTmAev7WYJ error.nointernet@gmail.com";
  javalsai = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCufzCHLqMfuHpKKisd9Y+3l6hudbQQyaHg1lgQs5XEO58f0dIoUK3gc8iVO6dGGeY5q2o0cDcildHiT0PYc96rq7WJLCY00mAuclEuhmRSPjsei2IT3rWTawIheD2tWq+vAQjIBKibYWnVYwNOsbR3Zz1uKG/LNqqDnyYO/t4iMmhO1qcl6j8dRVBtzWYu3TnTrwx45sj54Y9hqZZiwB1xlzhHznSw6YPOe51hUO/yUtXKF2FCyfG7LHELZBMXkPQD6h4mDu+QNPN2D5RGd+Q5WzHcXcrXH/DvogVW6g3YGpBjTNKllCjGJYdYgjcjzQOS3I8ZOL6CUQzcZt2QwO3P42s4cjGzBwIub2zFnMOCyGgbKCYh3G7KKcde9qAX0yl8k+XNPIletJAV7pDrivzmgRLdy3iWud+q8TytkDLhcd/7g+pE6FE8y3IbejwXGNUn8CXJOKWH5zk0MVWSpNqz+6rlV43iPb4yuO7TFVnzuw/wKyOoc8RlFGEb/XLXwPs=";
+  max = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDxVfJhzPDZ108UjB3Vj/akzlzYn27kyAw29AuYAr7gvG5vrqhLUYYmK8t+ZVWVpc1g6cK7OF1oUn2E5Qfmy6wqyZQXftAZ4OcRS0MB71W1bAcRq3rGe6KQDm8RSEeygX+zO+2Z6zQmVWgPr/I+JFQZ8wiWdP8X8djqTRdhqUD+SR3ZgTcnY3aLmeB/I56rcZQ3lKIeg/pEsyQ8weptlV0rTWamna6Z7Nw48VwWNSI+6EqfW2/4/edm0Ue8jMNqNZ0yx+kHJbudPgZgSR1SiR2rqlEEUaiQJQQV3VdY4DhGm7143ZSKUxyKlfTuQ7qR1zSIg6f5V71A37ik9YiSbBlOZO86swR4qHESoMNf608IuqRt2NdALHwozFPUCu16qnhu5JTk8twSAzrAhOk5zWQj1LYMoQEBhcFSmwir/1gE71NSjYtqXGVAdfkVmZ4uqG5+a1D7H3VXWOqu/j839M045O1ZBY6X3lKDsEJ1Z1+LCl/NojWnvPtJUHYI6+SdQ6k=";
+  vectorum = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwfPaylCSN7ZqB6Trz8CmQlyzf0NUIy06uschdIOkdzjUNe/dPGbyEFZy/4SDBhg585x8hwfhfYjLGrneYq+O42DBDTDKxduWnIdl5zgPRqt7jB59jkukf9WUdpUdZsKCM5K97HCnizNEKGRnYllVPVQSapPhOm5dZlUD9YVv1UqbDuxtWOLvArkL52e9T+yL6FagRg6NPqA70MXPMk+S2H7lotFVxP2Eg//BCaQ0/H1vhNy6P4N6LLq3sVK1DSJyd2v8zHkdb2Zo0/Ygukol10KizSsEcihm8+bXp699uSgWIsaIQgDZlE1yx2iabmzQST1kL9+USnZZBZ+KxwtLCCI8mpCv6sxlhq2Zzim5HvsyMYM+zdHWIn1s2c6mEl4ntBAB4s5wAggS5Gjh/BfJLSvGsTFMC/XYX4gWFXynY5NlcopeENL2Afg4gbQvKkxYkWB/TMZWuqj5c5kCy+7F0881DpYxapq6kQ6IE4gkGiEQdhVFGWEFoV/k9iHrl6aanqvFtvuBHHgkXAGPpHAZDVZdp9lU0tqNQIM/eGINq4Or6wd9XDYyj5ezDEBxx1pPgweUDZrNe9+vKR+3AwbzB/XQPxTCcjd4d7Yx58jPLflFP1dDYT+3bvp+vA7UpHcJnISbVNu0SiSaIqLYhwDj1od5l6JDfRCqnMF1T59nRCQ==";
 }
@@ -4,6 +4,7 @@
  lib,
  pkgs,
  self,
+  config,
  ...
 }:
 let
@@ -92,11 +93,29 @@ in
  networking = {
    networkmanager.enable = true;

+    extraHosts =
+      let
+        subdomains = [ "" ".git" ];
+      in
+      builtins.foldl' (
+        hosts-acc: domain-prefix:
+        let
+          host = "${domain-prefix}${config.networking.fqdn}";
+        in
+        hosts-acc
+        + ''
+          127.0.0.1 ${host}
+          ::1 ${host}
+        ''
+      ) "" subdomains;
+
    firewall = {
      enable = true;

      allowedTCPPorts = [
        22
+        80
+        443
      ];
    };
  };
@@ -31,5 +31,7 @@ in
 {
  flake.nixosConfigurations = {
    tuxcord-ca = mkSystem "tuxcord-ca" "x86_64-linux";
+
+    tuxcord-test = mkSystem "tuxcord-test" "x86_64-linux";
  };
 }
@@ -5,4 +5,5 @@
  ];

  time.timeZone = "Canada/Eastern";
+  networking.fqdn = "tuxcord.net";
 }
@@ -0,0 +1,3 @@
+{
+  networking.fqdn = "tuxcord.test";
+}
@@ -1,9 +1,11 @@
 {
  imports = [
    ./fail2ban.nix
-    ./sysctl.nix
+    ./gitea.nix
    ./host.nix
+    ./nginx.nix
    ./snapper.nix
    ./substituters.nix
+    ./sysctl.nix
  ];
 }
@@ -0,0 +1,27 @@
+{ config, lib, ... }:
+{
+  services.gitea = {
+    enable = true;
+
+    appName = "Tuxcord's Gitea";
+    database.type = "mysql";
+
+    lfs.enable = true;
+
+    settings.server.DOMAIN = config.networking.fqdn;
+    # settings.server.ROOT_URL = "https://git.tuxcord.net/"; ? would also depend on ssl status
+    settings.server.HTTP_PORT = 3000;
+
+    settings.service.DISABLE_REGISTRATION = true;
+    settings.service.REQUIRE_SIGNIN_VIEW = false;
+
+    settings.repository.ENABLE_PUSH_CREATE_USER = true;
+    settings.repository.ENABLE_PUSH_CREATE_ORG = true;
+    settings.repository.DEFAULT_BRANCH = "main";
+
+    # settings.ui.DEFAULT_THEME = "...";
+
+    # TODO: once we have email setup this would be nice
+    settings.mailer.ENABLED = true;
+  };
+}
@@ -0,0 +1,36 @@
+{ config, lib, ... }:
+let
+  fqdn = config.networking.fqdn;
+
+  mkVhost =
+    attrs:
+    {
+      forceSSL = false; # TODO: tweak per host
+    }
+    // attrs;
+
+  mkProxy = port: {
+    proxyPass = "http://127.0.0.1:${toString port}/";
+  };
+in
+{
+  services.nginx = {
+    enable = true;
+
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+
+    # services.nginx.virtualHosts."${fqdn}" = {
+    #   addSSL = true;
+    #   root = "/var/www/myhost.org";
+    #   default = true;
+    # };
+
+    virtualHosts."git.${fqdn}" = mkVhost {
+      locations."/" = mkProxy config.services.gitea.settings.server.HTTP_PORT;
+    };
+  };
+}
Author	SHA1	Message	Date
javalsai	c1748e7124	nixos/services: add gitea server Check / Nix flake (push) Has been cancelled Details Lint / Nix expressions (push) Has been cancelled Details	2026-05-03 00:12:31 +02:00
javalsai	e8cfe4c750	nixos/services: add nginx base configuration	2026-05-03 00:12:31 +02:00
javalsai	6ce06f0f84	nixos/networking: add its own fqdn to extraHosts	2026-05-03 00:12:31 +02:00
javalsai	eaa2460f63	nixos/hosts: add tuxcord-vm host configuration	2026-05-03 00:12:31 +02:00
javalsai	55a7f9836b	lib/ssh: add deadvey's and mememan's keys Check / Nix flake (push) Has been cancelled Details Lint / Nix expressions (push) Has been cancelled Details	2026-05-03 00:11:27 +02:00