dotfiles/systems/x86_64-linux/git/default.nix

70 lines
1.2 KiB
Nix
Raw Normal View History

2024-10-31 02:30:16 +00:00
{
inputs,
config,
...
}: let
domain = "git.alejandr0angul0.dev";
2024-10-31 06:05:34 +00:00
secrets = config.age.secrets;
2024-10-31 02:30:16 +00:00
in {
imports = ["${inputs.nixpkgs}/nixos/modules/virtualisation/digital-ocean-config.nix"];
2024-10-31 06:05:34 +00:00
age.secrets.authKeyFile.file = ../../../secrets/tailscale_git_server.age;
2024-10-31 02:30:16 +00:00
aa = {
nix.enable = true;
services.forgejo = {
enable = true;
domain = domain;
};
services = {
openssh.enable = true;
2024-10-31 06:05:34 +00:00
tailscale = {
enable = true;
configureClientRouting = true;
};
2024-10-31 02:30:16 +00:00
};
};
nix.settings.auto-optimise-store = true;
nix.gc.dates = "03:15";
nix.gc.options = "-d";
2024-10-31 02:30:16 +00:00
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
};
2024-10-31 06:05:34 +00:00
services.tailscale = {
authKeyFile = secrets.authKeyFile.path;
extraUpFlags = ["--ssh"];
};
2024-10-31 02:30:16 +00:00
security.acme = {
acceptTerms = true;
defaults = {
email = config.aa.user.email;
group = "nginx";
};
};
networking.hostName = "git";
networking.firewall.allowedTCPPorts = [
# SSH
22
# HTTP(S)
80
443
];
virtualisation.digitalOcean = {
setRootPassword = true;
setSshKeys = true;
};
security.sudo.wheelNeedsPassword = false;
system.stateVersion = "24.05";
}