hosts/antares/configuration.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121

{
  modulesPath,
  lib,
  pkgs,
  ...
}:
{
  imports = [
    (modulesPath + "/installer/scan/not-detected.nix")
    (modulesPath + "/profiles/qemu-guest.nix")
    ./disk-config.nix
  ];
  boot.loader.grub = {
    # no need to set devices, disko will add all devices that have a EF02 partition to the list already
    # devices = [ ];
    efiSupport = true;
    efiInstallAsRemovable = true;
  };
  services.openssh = {
    enable = true;
    settings = {
      PasswordAuthentication = false;
      PermitRootLogin = "no";
    };
    extraConfig = ''
      Match user git
        AllowTcpForwarding no
	AllowAgentForwarding no
	PasswordAuthentication no
	PermitTTY no
	X11Forwarding no
    '';
  };

  networking.hostName = "antares";
  time.timeZone = "Europe/Berlin";

  virtualisation.podman = {
    enable = true;
    dockerCompat = true;
    autoPrune = {
      enable = true;
      dates = "weekly";
      flags = [
        "--filter=until=24h"
	"--filter=label!=important"
      ];
    };
    defaultNetwork.settings.dns_enabled = true;

  };

  services.gitweb = {
    projectroot = "/srv/git";
    gitwebTheme = true;
    extraConfig = ''
      our $site_name = 'git.dkaiser.de';
      $omit_owner = true;
      $projects_list_description_width = 25;
    '';
  };

  services.nginx = {
    enable = true;

    gitweb = {
      enable = true;
      location = "";
      virtualHost = "git.dkaiser.de";
    };
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;

    virtualHosts."git.dkaiser.de" = {
      forceSSL = true;
      enableACME = true;
    };
  };

  security.acme = {
    acceptTerms = true;
    defaults = {
      email = "dominik-kaiser@mailbox.org";
    };
  };

  environment.systemPackages = map lib.lowPrio [
    pkgs.curl
    pkgs.gitMinimal
    pkgs.podman-compose
  ];

  users.users.dk = {
    isNormalUser = true;
    description = "Dominik Kaiser";
    extraGroups = [ "wheel" ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICtL2eG098LhkFPR4N5e44XMq60uvCUCOuKMYs5zjg6f"
    ];
  };
  users.users.git = {
    isSystemUser = true;
    description = "git";
    group = "git";
    home = "/srv/git";
    createHome = true;
    shell = "${pkgs.git}/bin/git-shell";
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICtL2eG098LhkFPR4N5e44XMq60uvCUCOuKMYs5zjg6f"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGzU5XXItAaMCLOLGvhWpd/i45v++68Ooo3rBpztS/kC"
    ];
  };

  users.groups.git = {};

  networking.firewall.allowedTCPPorts = [ 80 443 ];

  system.stateVersion = "24.05";
}