# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # NixOS-WSL specific options are documented on the NixOS-WSL repository: # https://github.com/nix-community/NixOS-WSL { config, lib, pkgs, ... }: let cfg = config.services.forgejo; srv = cfg.settings.server; in { imports = [ ./shared/system.nix ./shared/dev_user.nix ./shared/docker.nix ./shared/ssh.nix ]; services.openssh.settings.AllowUsers = [ "pipeline" ]; users.users = { # connection only via ssh key pipeline = { isNormalUser = true; home = "/home/pipeline"; description = "User used by forgejo runners to connect to this system"; extraGroups = [ "docker" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPB9tvEWgxrhK0pUs9RJrdreNX1EBxJ/nrz57qzP48Uk michaelh@michael-node" ]; }; }; networking = { firewall = { allowedTCPPorts = [ 3000 ]; allowedTCPPortRanges = [ { from = 8000; to = 8020; } ]; }; }; services = { mysql = { enable = true; package = pkgs.mariadb; settings = { mysqld = { port = 8000; }; }; }; }; # only temporary samba server services.samba = { enable = true; securityType = "user"; openFirewall = true; settings = { global = { "workgroup" = "WORKGROUP"; "server string" = "smbnix"; "netbios name" = "smbnix"; "security" = "user"; #"use sendfile" = "yes"; #"max protocol" = "smb2"; # note: localhost is the ipv6 localhost ::1 "hosts allow" = "0.0.0.0/0"; "guest account" = "nobody"; "map to guest" = "bad user"; }; "public" = { "path" = "/mnt/Shares/Public"; "browseable" = "yes"; "read only" = "no"; "guest ok" = "yes"; "create mask" = "0644"; "directory mask" = "0755"; "force user" = "username"; "force group" = "groupname"; }; }; }; services.samba-wsdd = { enable = true; openFirewall = true; }; }