# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # NixOS-WSL specific options are documented on the NixOS-WSL repository: # https://github.com/nix-community/NixOS-WSL { config, lib, pkgs, ... }: let cfg = config.services.forgejo; srv = cfg.settings.server; in { imports = [ ./shared/system.nix ./shared/dev_user.nix ./shared/docker.nix ./shared/ssh.nix ]; services.openssh.settings.AllowUsers = [ "pipeline" "david" ]; security.acme = { defaults.email = "michael.huebner@ptspaper.de"; acceptTerms = true; }; users.users = { # connection only via ssh key pipeline = { isNormalUser = true; home = "/home/pipeline"; description = "User used by forgejo runners to connect to this system"; extraGroups = [ "docker" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPB9tvEWgxrhK0pUs9RJrdreNX1EBxJ/nrz57qzP48Uk michaelh@michael-node" ]; }; # connection only via ssh key david = { isNormalUser = true; home = "/home/david"; description = "User used by forgejo runners to connect to this system for david"; extraGroups = [ "docker" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICfwHVorfUjbCXmJeVNtb2uP4FHcRI6ITpQDjnIeb7sI root@nixos" ]; }; }; networking = { firewall = { allowedTCPPorts = [ 3000 ]; allowedTCPPortRanges = [ { from = 8000; to = 8020; } ]; }; }; services = { mysql = { enable = true; package = pkgs.mariadb; settings = { mysqld = { port = 8000; }; }; }; nginx = { enable = true; virtualHosts = { "88.99.218.181" = { forceSSL = true; enableACME = true; locations."/".proxyPass = "http://localhost:28080"; }; }; }; }; }