diff --git a/flake.lock b/flake.lock index 852cab5..e62f023 100644 --- a/flake.lock +++ b/flake.lock @@ -36,11 +36,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1769018530, - "narHash": "sha256-MJ27Cy2NtBEV5tsK+YraYr2g851f3Fl1LpNHDzDX15c=", + "lastModified": 1769170682, + "narHash": "sha256-oMmN1lVQU0F0W2k6OI3bgdzp2YOHWYUAw79qzDSjenU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "88d3861acdd3d2f0e361767018218e51810df8a1", + "rev": "c5296fdd05cfa2c187990dd909864da9658df755", "type": "github" }, "original": { @@ -53,7 +53,24 @@ "root": { "inputs": { "catppuccin": "catppuccin", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_2", + "secrets": "secrets" + } + }, + "secrets": { + "locked": { + "lastModified": 1769514557, + "narHash": "sha256-nJOWEsRw7C2hrrC9xf74oAq3dLJEXq71M2bbdO+DUpw=", + "ref": "refs/heads/main", + "rev": "6aa45be13cc08dc2518b6b749df5e81975ed6df4", + "shallow": true, + "type": "git", + "url": "ssh://git@git.colorsky.fun/Sky/secrets" + }, + "original": { + "shallow": true, + "type": "git", + "url": "ssh://git@git.colorsky.fun/Sky/secrets" } } }, diff --git a/flake.nix b/flake.nix index 0296272..ac9c219 100644 --- a/flake.nix +++ b/flake.nix @@ -1,17 +1,19 @@ { inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; - # napcat = { - # url = "https://github.com/initialencounter/napcat.nix"; - # }; catppuccin.url = "github:catppuccin/nix"; + + secrets.url = "git+ssh://git@git.colorsky.fun/Sky/secrets?shallow=1"; }; + outputs = - inputs@{ nixpkgs, ... }: + inputs@{ nixpkgs, secrets, ... }: { nixosConfigurations = { macmini = inputs.nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs; }; + specialArgs = { + inherit inputs secrets; + }; system = "x86_64-linux"; modules = [ ./host/macmini.nix diff --git a/host/macmini.nix b/host/macmini.nix index 8c9ab30..6904958 100644 --- a/host/macmini.nix +++ b/host/macmini.nix @@ -13,6 +13,7 @@ ../modules/system/boot.nix ../modules/system/networking.nix + ../modules/system/nix.nix ../modules/programs/bash ../modules/programs/tools.nix diff --git a/modules/services/gitea.nix b/modules/services/gitea.nix index 1590c83..81384d9 100644 --- a/modules/services/gitea.nix +++ b/modules/services/gitea.nix @@ -1,4 +1,9 @@ -{ inputs, pkgs, ... }: +{ + inputs, + pkgs, + secrets, + ... +}: { imports = [ inputs.catppuccin.nixosModules.catppuccin @@ -23,6 +28,17 @@ type = "sqlite3"; }; + settings = { + server = { + ROOT_URL = "https://git.colorsky.fun:8443"; + DOMAIN = "git.colorsky.fun"; + }; + mailer = { + ENABLED = true; + PROTOCOL = "smtp+starttls"; + } + // secrets.strings.gitea.mailer; + }; }; users.groups.git = { }; diff --git a/modules/services/nignx.nix b/modules/services/nignx.nix index 5bd3e36..a5d5878 100644 --- a/modules/services/nignx.nix +++ b/modules/services/nignx.nix @@ -1,3 +1,33 @@ -{ ... }: +{ secrets, ... }: -{ } +{ + services.nginx = { + enable = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + virtualHosts."git.colorsky.fun" = { + forceSSL = true; + useACMEHost = "colorsky.fun"; + locations."/".proxyPass = "http://localhost:3000"; + + extraConfig = '' + listen [::]:8443 ssl; + ''; + }; + virtualHosts."192.168.68.59" = { }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "i@colorsky.fun"; + certs."colorsky.fun" = { + domain = "*.colorsky.fun"; + dnsProvider = "cloudflare"; + dnsPropagationCheck = true; + + group = "nginx"; + + environmentFile = secrets.files.cloudflare-api-key; + }; + }; +} diff --git a/modules/system/nix.nix b/modules/system/nix.nix new file mode 100644 index 0000000..c2d2eb2 --- /dev/null +++ b/modules/system/nix.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; +}