From cd0d39bdeb0c9aa7aa8a3da3a5ed4d2afad95f49 Mon Sep 17 00:00:00 2001 From: Christine Elisabeth Koppel Date: Fri, 6 Feb 2026 19:07:12 +0100 Subject: [PATCH] Alejandra'd the configs --- .../forgejo/forgejo-localconfig.nix | 28 +++--- nix-system-configs/traefik/traefik-config.nix | 95 ++++++++++--------- 2 files changed, 66 insertions(+), 57 deletions(-) diff --git a/nix-system-configs/forgejo/forgejo-localconfig.nix b/nix-system-configs/forgejo/forgejo-localconfig.nix index a13d382..b9d3717 100644 --- a/nix-system-configs/forgejo/forgejo-localconfig.nix +++ b/nix-system-configs/forgejo/forgejo-localconfig.nix @@ -152,12 +152,12 @@ in { # Forgejo configuration services.forgejo = { enable = true; - database = { - type = "postgres"; - host = "10.1.1.251"; # IP of your database server - name = "forgejo"; - user = "forgejo"; - passwordFile = "/home/forgejoprg/password.txt"; # Store password in a separate file for security + database = { + type = "postgres"; + host = "10.1.1.251"; # IP of your database server + name = "forgejo"; + user = "forgejo"; + passwordFile = "/home/forgejoprg/password.txt"; # Store password in a separate file for security }; lfs.enable = true; @@ -190,15 +190,15 @@ in { boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.grub = { enable = true; - device = "/dev/vda"; # Install GRUB to the disk - efiSupport = false; # Disable UEFI + device = "/dev/vda"; # Install GRUB to the disk + efiSupport = false; # Disable UEFI }; boot.initrd.availableKernelModules = ["virtio_pci" "virtio_scsi" "ahci" "sd_mod" "virtio_blk"]; -fileSystems."/" = { - device = "/dev/vda1"; - fsType = "ext4"; # Use "btrfs" or "xfs" if you formatted it differently -}; + fileSystems."/" = { + device = "/dev/vda1"; + fsType = "ext4"; # Use "btrfs" or "xfs" if you formatted it differently + }; @@ -364,7 +364,7 @@ fileSystems."/" = { # Use this clean static network configuration instead: networking.useDHCP = false; - networking.networkmanager.enable = false; # Disable NetworkManager + networking.networkmanager.enable = false; # Disable NetworkManager networking.interfaces.ens18 = { ipv4.addresses = [ @@ -382,7 +382,7 @@ fileSystems."/" = { # Explicitly set DNS networking.nameservers = ["10.1.1.2"]; - + # THE FOLLOWING CODE BLOCK IS FOR COPYING TO OTHER CONFIGURATIONS, NOT FOR THIS FILE nix.distributedBuilds = true; nix.buildMachines = [ diff --git a/nix-system-configs/traefik/traefik-config.nix b/nix-system-configs/traefik/traefik-config.nix index 2e93c8d..e05c25a 100644 --- a/nix-system-configs/traefik/traefik-config.nix +++ b/nix-system-configs/traefik/traefik-config.nix @@ -30,9 +30,9 @@ in { ]; # Bootloader - The given default one by NixOS is not to be trusted.... - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.device = "/dev/sda"; + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.device = "/dev/sda"; networking.hostName = "nixos-traefik"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. @@ -59,11 +59,8 @@ in { LC_TIME = "en_AU.UTF-8"; }; - # Enable Tailscale for secure remote access - services.tailscale.enable = true; - - + services.tailscale.enable = true; # Enable Seatd for Wayland sessions (needed for sway/seat management) services.seatd = { @@ -117,7 +114,6 @@ in { }; }; - # SSH Agent authentication security.pam.sshAgentAuth.enable = true; @@ -128,11 +124,10 @@ in { allowReboot = false; }; - # Enable Traefik service services.traefik = { enable = true; - group = "acme"; # Add traefik to acme group so it can read certificates + group = "acme"; # Add traefik to acme group so it can read certificates staticConfigOptions = { entryPoints = { @@ -186,24 +181,24 @@ in { } ]; - # HTTP Routers - http.routers = { - forgejo = { - rule = "Host(`git.prg-radio.org`)"; - service = "forgejo"; - entryPoints = ["websecure"]; - tls = {}; - }; + # HTTP Routers + http.routers = { + forgejo = { + rule = "Host(`git.prg-radio.org`)"; + service = "forgejo"; + entryPoints = ["websecure"]; + tls = {}; }; + }; - # HTTP Services - http.services = { - forgejo.loadBalancer = { - servers = [ - { url = "http://10.1.1.4:3000"; } - ]; - }; + # HTTP Services + http.services = { + forgejo.loadBalancer = { + servers = [ + {url = "http://10.1.1.4:3000";} + ]; }; + }; }; }; @@ -213,21 +208,20 @@ in { defaults.email = "dtu.prg@gmail.com"; certs."prg-radio.org" = { domain = "*.prg-radio.org"; - group = "acme"; # Use acme group + group = "acme"; # Use acme group dnsProvider = "cloudflare"; environmentFile = "/home/traefikprg/cloudflare/cloudflare.env"; # Reload traefik when certificate is renewed - reloadServices = [ "traefik.service" ]; + reloadServices = ["traefik.service"]; }; }; # Ensure traefik service waits for ACME certificates systemd.services.traefik = { - after = [ "acme-finished-prg-radio.org.target" ]; - wants = [ "acme-finished-prg-radio.org.target" ]; + after = ["acme-finished-prg-radio.org.target"]; + wants = ["acme-finished-prg-radio.org.target"]; }; - # Add extra system packages from example.nix (appended to existing list) environment.systemPackages = with pkgs; [ wget @@ -292,7 +286,7 @@ in { }; # Home Manager user configuration for traefikprg (from example.nix) - home-manager.users.traefikprg = { pkgs, ... }: { + home-manager.users.traefikprg = {pkgs, ...}: { home.packages = [ pkgs.atool pkgs.httpie @@ -318,13 +312,28 @@ in { settings = { window = { opacity = 1.0; - padding = { x = 10; y = 10; }; + padding = { + x = 10; + y = 10; + }; }; font = { - normal = { family = "Maple Mono NF"; style = "Regular"; }; - bold = { family = "Maple Mono NF"; style = "Bold"; }; - italic = { family = "Maple Mono NF"; style = "Italic"; }; - bold_italic = { family = "Maple Mono NF"; style = "Bold Italic"; }; + normal = { + family = "Maple Mono NF"; + style = "Regular"; + }; + bold = { + family = "Maple Mono NF"; + style = "Bold"; + }; + italic = { + family = "Maple Mono NF"; + style = "Italic"; + }; + bold_italic = { + family = "Maple Mono NF"; + style = "Bold Italic"; + }; size = 14.0; }; colors = { @@ -346,7 +355,7 @@ in { logo_size = "small"; pride_month_disable = false; pride_month_shown = []; - color_align = { mode = "horizontal"; }; + color_align = {mode = "horizontal";}; }; }; @@ -366,11 +375,11 @@ in { nameserver 10.1.1.2 ''; - # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 80 443 ]; - networking.firewall.allowedUDPPorts = [ 80 443 ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [80 443]; + networking.firewall.allowedUDPPorts = [80 443]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions @@ -379,4 +388,4 @@ in { # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "25.11"; # Did you read the comment? -} \ No newline at end of file +}