diff --git a/configs/nixos/forgejo.nix b/configs/nixos/forgejo.nix index d0bf6ba..16d25d9 100644 --- a/configs/nixos/forgejo.nix +++ b/configs/nixos/forgejo.nix @@ -17,6 +17,7 @@ in { DOMAIN = "git.venberg.xyz"; ROOT_URL = "https://${srv.DOMAIN}"; HTTP_PORT = 3000; + SSH_PORT = 2222; ENABLE_GZIP = true; }; service.DISABLE_REGISTRATION = true; @@ -31,6 +32,8 @@ in { }; }; + services.openssh.ports = [srv.SSH_PORT]; + services.nginx.virtualHosts.${srv.DOMAIN} = { enableACME = true; forceSSL = true; @@ -44,6 +47,7 @@ in { "/var/lib/forgejo/custom" "/var/lib/forgejo/data" "/var/lib/forgejo/repositories" + "/var/lib/forgejo/.ssh" ]; preBackupCommands = "systemctl stop forgejo.service"; postBackupCommands = "systemctl start forgejo.service"; diff --git a/configs/nixos/sshd.nix b/configs/nixos/sshd.nix index 637243c..efba3af 100644 --- a/configs/nixos/sshd.nix +++ b/configs/nixos/sshd.nix @@ -11,8 +11,12 @@ ]; services.openssh = { enable = true; - settings.PermitRootLogin = "prohibit-password"; - settings.PasswordAuthentication = false; + ports = [22]; + openFirewall = true; + settings = { + PermitRootLogin = "prohibit-password"; + PasswordAuthentication = false; + }; }; # so we dont have to set TERM everytime we ssh in. environment.systemPackages = [pkgs.kitty.terminfo]; diff --git a/flake.nix b/flake.nix index 1610cbd..e6c88d5 100644 --- a/flake.nix +++ b/flake.nix @@ -45,13 +45,13 @@ #My nvim config. nvim-config = { - url = "git+ssh://forgejo@git.venberg.xyz/Gabe/nvim-config.git?shallow=1"; + url = "git+ssh://forgejo@git.venberg.xyz:2222/Gabe/nvim-config.git?shallow=1"; # url = "git+file:///home/gabe/nvim-config"; inputs.nixpkgs.follows = "nixpkgs"; }; nix-secrets = { - url = "git+ssh://forgejo@git.venberg.xyz/Gabe/nix-secrets.git?shallow=1"; + url = "git+ssh://forgejo@git.venberg.xyz:2222/Gabe/nix-secrets.git?shallow=1"; # url = "git+https://git.venberg.xyz/Gabe/nix-secrets.git?shallow=1"; flake = false; }; diff --git a/hosts/cirrostratus/default.nix b/hosts/cirrostratus/default.nix index 5a0e8e5..bc32fd1 100644 --- a/hosts/cirrostratus/default.nix +++ b/hosts/cirrostratus/default.nix @@ -28,6 +28,7 @@ inputs.nixpkgs.lib.nixosSystem { ../../configs/nixos/nginx-static.nix ../../configs/nixos/immich.nix ../../configs/nixos/homebox.nix + ../../configs/nixos/forgejo.nix ({ config, pkgs, diff --git a/hosts/cirrostratus/disk-config.nix b/hosts/cirrostratus/disk-config.nix index ee0f28b..013e6fb 100644 --- a/hosts/cirrostratus/disk-config.nix +++ b/hosts/cirrostratus/disk-config.nix @@ -69,6 +69,16 @@ mountpoint = "/storage"; }; datasets = { + # This does not reflect reality, + # I was stupid and didnt put /var/lib on zfs, + # so now I just have datasets for a few folders in it. + lib = { + type = "zfs_fs"; + options = { + compression = "zstd"; + mountpoint = "/var/lib"; + }; + }; postgres = { type = "zfs_fs"; options = { diff --git a/hosts/cirrus/default.nix b/hosts/cirrus/default.nix index 07afea4..5d600a9 100644 --- a/hosts/cirrus/default.nix +++ b/hosts/cirrus/default.nix @@ -19,7 +19,6 @@ inputs.nixpkgs.lib.nixosSystem { ../../configs/nixos/sshd.nix ../../configs/nixos/secrets.nix ../../configs/nixos/radicale.nix - ../../configs/nixos/forgejo.nix ../../configs/nixos/homepage.nix ../../configs/nixos/freshrss.nix ../../configs/nixos/soju.nix diff --git a/modules/nixos/restic.nix b/modules/nixos/restic.nix index c6246e5..0b209d2 100644 --- a/modules/nixos/restic.nix +++ b/modules/nixos/restic.nix @@ -133,7 +133,7 @@ paths = null; timerConfig = timer; pruneOpts = pruneOpts; - user = "root"; + user = "restic"; }; }) (