Alejandra'd the configs

2026-02-06 19:07:12 +01:00 · 2026-02-06 19:07:12 +01:00 · cd0d39bdeb
commit cd0d39bdeb
parent 45ec1b2bdc
2 changed files with 66 additions and 57 deletions
--- a/nix-system-configs/forgejo/forgejo-localconfig.nix
+++ b/nix-system-configs/forgejo/forgejo-localconfig.nix
@ -152,12 +152,12 @@ in {
  # Forgejo configuration
  services.forgejo = {
    enable = true;
-      database = {
-        type = "postgres";
-        host = "10.1.1.251"; # IP of your database server
-        name = "forgejo";
-        user = "forgejo";
-        passwordFile = "/home/forgejoprg/password.txt"; # Store password in a separate file for security
+    database = {
+      type = "postgres";
+      host = "10.1.1.251"; # IP of your database server
+      name = "forgejo";
+      user = "forgejo";
+      passwordFile = "/home/forgejoprg/password.txt"; # Store password in a separate file for security
    };
    lfs.enable = true;

@ -190,15 +190,15 @@ in {
  boot.loader.systemd-boot.enable = lib.mkForce false;
  boot.loader.grub = {
    enable = true;
-    device = "/dev/vda";  # Install GRUB to the disk
-    efiSupport = false;   # Disable UEFI
+    device = "/dev/vda"; # Install GRUB to the disk
+    efiSupport = false; # Disable UEFI
  };
  boot.initrd.availableKernelModules = ["virtio_pci" "virtio_scsi" "ahci" "sd_mod" "virtio_blk"];

-fileSystems."/" = {
-  device = "/dev/vda1";
-  fsType = "ext4"; # Use "btrfs" or "xfs" if you formatted it differently
-};
+  fileSystems."/" = {
+    device = "/dev/vda1";
+    fsType = "ext4"; # Use "btrfs" or "xfs" if you formatted it differently
+  };



@ -364,7 +364,7 @@ fileSystems."/" = {

  # Use this clean static network configuration instead:
  networking.useDHCP = false;
-  networking.networkmanager.enable = false;  # Disable NetworkManager
+  networking.networkmanager.enable = false; # Disable NetworkManager

  networking.interfaces.ens18 = {
    ipv4.addresses = [
@ -382,7 +382,7 @@ fileSystems."/" = {

  # Explicitly set DNS
  networking.nameservers = ["10.1.1.2"];
-  
+
  # THE FOLLOWING CODE BLOCK IS FOR COPYING TO OTHER CONFIGURATIONS, NOT FOR THIS FILE
  nix.distributedBuilds = true;
  nix.buildMachines = [
--- a/nix-system-configs/traefik/traefik-config.nix
+++ b/nix-system-configs/traefik/traefik-config.nix
@ -30,9 +30,9 @@ in {
  ];

  # Bootloader - The given default one by NixOS is not to be trusted....
-    boot.loader.grub.enable = true;
-    boot.loader.grub.version = 2;
-    boot.loader.grub.device = "/dev/sda";
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  boot.loader.grub.device = "/dev/sda";

  networking.hostName = "nixos-traefik"; # Define your hostname.
  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
@ -59,11 +59,8 @@ in {
    LC_TIME = "en_AU.UTF-8";
  };

-
  # Enable Tailscale for secure remote access
-    services.tailscale.enable = true;
-
-
+  services.tailscale.enable = true;

  # Enable Seatd for Wayland sessions (needed for sway/seat management)
  services.seatd = {
@ -117,7 +114,6 @@ in {
    };
  };

-
  # SSH Agent authentication
  security.pam.sshAgentAuth.enable = true;

@ -128,11 +124,10 @@ in {
    allowReboot = false;
  };

-
  # Enable Traefik service
  services.traefik = {
    enable = true;
-    group = "acme";  # Add traefik to acme group so it can read certificates
+    group = "acme"; # Add traefik to acme group so it can read certificates

    staticConfigOptions = {
      entryPoints = {
@ -186,24 +181,24 @@ in {
        }
      ];

-        # HTTP Routers
-        http.routers = {
-          forgejo = {
-            rule = "Host(`git.prg-radio.org`)";
-            service = "forgejo";
-            entryPoints = ["websecure"];
-            tls = {};
-          };
+      # HTTP Routers
+      http.routers = {
+        forgejo = {
+          rule = "Host(`git.prg-radio.org`)";
+          service = "forgejo";
+          entryPoints = ["websecure"];
+          tls = {};
        };
+      };

-        # HTTP Services
-        http.services = {
-          forgejo.loadBalancer = {
-            servers = [
-              { url = "http://10.1.1.4:3000"; }
-            ];
-          };
+      # HTTP Services
+      http.services = {
+        forgejo.loadBalancer = {
+          servers = [
+            {url = "http://10.1.1.4:3000";}
+          ];
        };
+      };
    };
  };

@ -213,21 +208,20 @@ in {
    defaults.email = "dtu.prg@gmail.com";
    certs."prg-radio.org" = {
      domain = "*.prg-radio.org";
-      group = "acme";  # Use acme group
+      group = "acme"; # Use acme group
      dnsProvider = "cloudflare";
      environmentFile = "/home/traefikprg/cloudflare/cloudflare.env";
      # Reload traefik when certificate is renewed
-      reloadServices = [ "traefik.service" ];
+      reloadServices = ["traefik.service"];
    };
  };

  # Ensure traefik service waits for ACME certificates
  systemd.services.traefik = {
-    after = [ "acme-finished-prg-radio.org.target" ];
-    wants = [ "acme-finished-prg-radio.org.target" ];
+    after = ["acme-finished-prg-radio.org.target"];
+    wants = ["acme-finished-prg-radio.org.target"];
  };

-
  # Add extra system packages from example.nix (appended to existing list)
  environment.systemPackages = with pkgs; [
    wget
@ -292,7 +286,7 @@ in {
  };

  # Home Manager user configuration for traefikprg (from example.nix)
-  home-manager.users.traefikprg = { pkgs, ... }: {
+  home-manager.users.traefikprg = {pkgs, ...}: {
    home.packages = [
      pkgs.atool
      pkgs.httpie
@ -318,13 +312,28 @@ in {
      settings = {
        window = {
          opacity = 1.0;
-          padding = { x = 10; y = 10; };
+          padding = {
+            x = 10;
+            y = 10;
+          };
        };
        font = {
-          normal = { family = "Maple Mono NF"; style = "Regular"; };
-          bold = { family = "Maple Mono NF"; style = "Bold"; };
-          italic = { family = "Maple Mono NF"; style = "Italic"; };
-          bold_italic = { family = "Maple Mono NF"; style = "Bold Italic"; };
+          normal = {
+            family = "Maple Mono NF";
+            style = "Regular";
+          };
+          bold = {
+            family = "Maple Mono NF";
+            style = "Bold";
+          };
+          italic = {
+            family = "Maple Mono NF";
+            style = "Italic";
+          };
+          bold_italic = {
+            family = "Maple Mono NF";
+            style = "Bold Italic";
+          };
          size = 14.0;
        };
        colors = {
@ -346,7 +355,7 @@ in {
        logo_size = "small";
        pride_month_disable = false;
        pride_month_shown = [];
-        color_align = { mode = "horizontal"; };
+        color_align = {mode = "horizontal";};
      };
    };

@ -366,11 +375,11 @@ in {
    nameserver 10.1.1.2
  '';

-    # Open ports in the firewall.
-   networking.firewall.allowedTCPPorts = [ 80 443 ];
-   networking.firewall.allowedUDPPorts = [ 80 443 ];
-    # Or disable the firewall altogether.
-    # networking.firewall.enable = false;
+  # Open ports in the firewall.
+  networking.firewall.allowedTCPPorts = [80 443];
+  networking.firewall.allowedUDPPorts = [80 443];
+  # Or disable the firewall altogether.
+  # networking.firewall.enable = false;

  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
@ -379,4 +388,4 @@ in {
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "25.11"; # Did you read the comment?
-}
+}