gitea repo

hosts/vps_fz/boot.nix

@@ -0,0 +1,18 @@
+{
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/vda";
+  boot.loader.grub.useOSProber = false;
+
+  boot.initrd.luks.devices."luks-c2ab1085-f8ec-49df-a26b-ece597abc3b7".device = "/dev/disk/by-uuid/c2ab1085-f8ec-49df-a26b-ece597abc3b7";
+  # Setup keyfile
+  boot.initrd.secrets = {
+    "/boot/crypto_keyfile.bin" = null;
+  };
+
+  boot.loader.grub.enableCryptodisk = true;
+
+  boot.initrd.luks.devices."luks-938c9dc1-9c55-4152-bc69-4d8770518c90".keyFile = "/boot/crypto_keyfile.bin";
+  boot.initrd.luks.devices."luks-c2ab1085-f8ec-49df-a26b-ece597abc3b7".keyFile = "/boot/crypto_keyfile.bin";
+#  boot.loader.systemd-boot.enable = true;
+#  boot.loader.efi.canTouchEfiVariables = true;
+}

hosts/vps_fz/default.nix

@@ -0,0 +1,35 @@
+{ pkgs, inputs, config, lib, ... }:
+
+{
+  imports =
+    [
+    ./boot.nix
+    ./hardware.nix
+    ./server_config.nix
+    ../../modules/common
+    ../../modules/networking/ssh.nix
+    ../../modules/user
+    ../../modules/apps/00_tui_base.nix
+     inputs.home-manager.nixosModules.default
+     inputs.sops-nix.nixosModules.sops
+    ];
+
+  config = {
+
+    ### USER ###
+    user = "vps_fz";
+    host = "vps_fz";
+    sops_file = "vps_fz.yaml";
+
+    
+    ### NETWORKING ###
+    networking.enableIPv6 = false;
+    networking.firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 443 ];
+    };
+
+    system.stateVersion = "25.05";
+  };
+}
+

hosts/vps_fz/hardware.nix

@@ -0,0 +1,35 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/0b1c3bc9-4332-4950-bc20-20e7eb8aa003";
+      fsType = "ext4";
+    };
+
+  boot.initrd.luks.devices."luks-938c9dc1-9c55-4152-bc69-4d8770518c90".device = "/dev/disk/by-uuid/938c9dc1-9c55-4152-bc69-4d8770518c90";
+
+  swapDevices =
+    [ { device = "/dev/disk/by-uuid/7961b651-0b10-4fbf-a429-8e53a2b67b34"; }
+    ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

hosts/vps_fz/server_config.nix

@@ -0,0 +1,40 @@
+{ pkgs, inputs, config, lib, ... }: {
+
+  config = {
+
+    # fail2ban
+    services.fail2ban.enable = true;
+    services.openssh.settings.LogLevel = "VERBOSE";
+
+
+    # caddy
+    services.caddy = {
+      enable = true;
+      configFile = ../../dotfiles/caddy/Caddyfile;
+    };
+    networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+    # gitea
+    sops.secrets."gitea_dbpass" = {
+      owner = "gitea";
+      group = "gitea";
+    };
+
+    services.gitea = {
+      enable = true;
+      database = {
+        type = "postgres";   
+        passwordFile = config.sops.secrets."gitea_dbpass".path;
+      }; 
+      settings = {
+       server = {
+         DOMAIN = "gitea.fredzernia.com";
+         ROOT_URL = "https://gitea.fredzernia.com";
+         HTTP_PORT = 7904;
+       };
+       service.DISABLE_REGISTRATION = true;
+      };
+    };
+  };
+}
+