configuration.nix

{ pkgs, system, blog, web-files, ... }:
let
  productionSite = blog.english {
    ssl = true;
    host = "danilafe.com";
  };
  draftSite = blog.english {
    drafts = true;
    host = "drafts.danilafe.com";
  };
  webFiles = {
    "static.danilafe.com" = {
      root = web-files;
      forceSSL = true;
      enableACME = true;
      locations."/" = {
        extraConfig = ''
          add_header 'Access-Control-Allow-Origin' '*';
	'';
      };
    };
  };
  gitea = {
    "dev.danilafe.com" = {
      forceSSL = true;
      enableACME = true;
      locations."/".proxyPass = "http://localhost:3000/";
    };
  };
  allVirtualHosts = [gitea webFiles] ++ map blog.virtualHostFor [productionSite draftSite];
in
  {
    imports = [
      ./hardware-configuration.nix
      ./networking.nix # generated at runtime by nixos-infect
    ];

    system.stateVersion = "24.05";

    nix = {
      package = pkgs.nixVersions.latest;
      extraOptions = ''
        experimental-features = nix-command flakes
      '';
    };

    environment.systemPackages = with pkgs; [
      git
    ];

    boot.tmp.cleanOnBoot = true;
    networking.hostName = "nixos-droplet-v2";
    networking.firewall.allowPing = true;
    networking.firewall.allowedTCPPorts = [ 22 80 443 ];

    services.openssh.enable = true;
    users.users.root.openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXYJZfEOgccfCa3uQV9z2rHvGn4AuVnXbIDXv27HgEk vanilla@arch-xps" 
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOzk0SnRBJhpfNpPBgkReQoDpul2Egl2yJhRw7ldYEzF NixOS" 
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAoyFSuik6XRU2b+O4v9C1bc7rKJyjKgzUeaBaVNQKN6 vanilla-pinebook"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPjTgUFIwo/mtoB1kyj1zJ4QxAwLAgdvvePGXmLqjeY1 vanilla@Daniels-MBP.home"
    ];

    security.acme = {
      defaults.email = "danila.fedorin@gmail.com";
      acceptTerms = true;
    };

    users.groups.www = {};
    services.nginx = {
      enable = true;
      recommendedGzipSettings = true;
      recommendedProxySettings = true;
      virtualHosts = pkgs.lib.mkMerge allVirtualHosts;
    };

    users.groups.gitea = {};
    users.users.gitea = {
      group = "gitea";
      isSystemUser = true;
    };
    services.gitea = {
      enable = true;
      appName = "Daniel's Tiny Cup Of Tea";
      stateDir = "/var/lib/gitea";

      # Default database settings (sqlite3, 127.0.0.1, path) all what we want
      database = {};

      # Default server settings are fine, except we need to customize domain etc.
      settings.server = {
        DOMAIN = "dev.danilafe.com";
        ROOT_URL = "https://dev.danilafe.com";
        OFFLINE_MODE = false;
	# STATIC_ROOT_PATH = "/var/lib/gitea/data";
      };

      # Default settings are fine.
      settings.service = {};

      # NixOS service overrides cookies to insecure, but Gitea default is secure
      settings.session = {
        COOKIE_SECURE = true;
        PROVIDER = "file";
      };

      settings.security = {
        INSTALL_LOCK = true;
      };

      settings.indexer = {
        REPO_INDEXER_ENABLED = true;
      };
    };

    users.defaultUserShell = pkgs.zsh;
    programs.zsh.enable = true;
    programs.zsh.ohMyZsh = {
      enable = true;
      plugins = [ "git" ];
    };
  }
Host the static files required by the blog on a subdomain. Signed-off-by: Danila Fedorin <danila.fedorin@gmail.com> 2023-11-30 05:51:20 +00:00			`{ pkgs, system, blog, web-files, ... }:`
Update configuration to work with updated blog static flake 2023-04-11 02:57:45 +00:00			`let`
			`productionSite = blog.english {`
			`ssl = true;`
			`host = "danilafe.com";`
Initial commit of blog system! 2021-10-23 06:41:12 +00:00			`};`
Update configuration to work with updated blog static flake 2023-04-11 02:57:45 +00:00			`draftSite = blog.english {`
			`drafts = true;`
			`host = "drafts.danilafe.com";`
			`};`
Host the static files required by the blog on a subdomain. Signed-off-by: Danila Fedorin <danila.fedorin@gmail.com> 2023-11-30 05:51:20 +00:00			`webFiles = {`
			`"static.danilafe.com" = {`
			`root = web-files;`
			`forceSSL = true;`
			`enableACME = true;`
Fix the CORS header for static.danilafe.com Signed-off-by: Danila Fedorin <danila.fedorin@gmail.com> 2023-11-30 07:17:20 +00:00			`locations."/" = {`
			`extraConfig = ''`
			`add_header 'Access-Control-Allow-Origin' '*';`
			`'';`
			`};`
Host the static files required by the blog on a subdomain. Signed-off-by: Danila Fedorin <danila.fedorin@gmail.com> 2023-11-30 05:51:20 +00:00			`};`
			`};`
Migrate gitea instance to NixOS Signed-off-by: Danila Fedorin <danila.fedorin@gmail.com> 2025-12-27 03:39:41 +00:00			`gitea = {`
			`"dev.danilafe.com" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/".proxyPass = "http://localhost:3000/";`
			`};`
			`};`
			`allVirtualHosts = [gitea webFiles] ++ map blog.virtualHostFor [productionSite draftSite];`
Update configuration to work with updated blog static flake 2023-04-11 02:57:45 +00:00			`in`
			`{`
			`imports = [`
			`./hardware-configuration.nix`
			`./networking.nix # generated at runtime by nixos-infect`
			`];`
Initial commit of blog system! 2021-10-23 06:41:12 +00:00
Set state version and update deprecated configuration Signed-off-by: Danila Fedorin <danila.fedorin@gmail.com> 2023-12-30 23:06:19 +00:00			`system.stateVersion = "24.05";`

Update configuration to work with updated blog static flake 2023-04-11 02:57:45 +00:00			`nix = {`
Update to proper version of nix.package Signed-off-by: Danila Fedorin <danila.fedorin@gmail.com> 2024-05-14 02:45:47 +00:00			`package = pkgs.nixVersions.latest;`
Update configuration to work with updated blog static flake 2023-04-11 02:57:45 +00:00			`extraOptions = ''`
			`experimental-features = nix-command flakes`
			`'';`
			`};`
Initial commit of blog system! 2021-10-23 06:41:12 +00:00
Update configuration to work with updated blog static flake 2023-04-11 02:57:45 +00:00			`environment.systemPackages = with pkgs; [`
			`git`
			`];`
Initial commit of blog system! 2021-10-23 06:41:12 +00:00
Set state version and update deprecated configuration Signed-off-by: Danila Fedorin <danila.fedorin@gmail.com> 2023-12-30 23:06:19 +00:00			`boot.tmp.cleanOnBoot = true;`
Update configuration to work with updated blog static flake 2023-04-11 02:57:45 +00:00			`networking.hostName = "nixos-droplet-v2";`
			`networking.firewall.allowPing = true;`
			`networking.firewall.allowedTCPPorts = [ 22 80 443 ];`
Add goaccess dashboard module 2021-11-24 00:56:07 +00:00
Update configuration to work with updated blog static flake 2023-04-11 02:57:45 +00:00			`services.openssh.enable = true;`
			`users.users.root.openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJXYJZfEOgccfCa3uQV9z2rHvGn4AuVnXbIDXv27HgEk vanilla@arch-xps"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOzk0SnRBJhpfNpPBgkReQoDpul2Egl2yJhRw7ldYEzF NixOS"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAoyFSuik6XRU2b+O4v9C1bc7rKJyjKgzUeaBaVNQKN6 vanilla-pinebook"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPjTgUFIwo/mtoB1kyj1zJ4QxAwLAgdvvePGXmLqjeY1 vanilla@Daniels-MBP.home"`
Update to use the new blog flake 2021-10-23 08:00:32 +00:00			`];`
Initial commit of blog system! 2021-10-23 06:41:12 +00:00
Update configuration to work with updated blog static flake 2023-04-11 02:57:45 +00:00			`security.acme = {`
			`defaults.email = "danila.fedorin@gmail.com";`
			`acceptTerms = true;`
			`};`

			`users.groups.www = {};`
			`services.nginx = {`
			`enable = true;`
			`recommendedGzipSettings = true;`
			`recommendedProxySettings = true;`
			`virtualHosts = pkgs.lib.mkMerge allVirtualHosts;`
			`};`

Migrate gitea instance to NixOS Signed-off-by: Danila Fedorin <danila.fedorin@gmail.com> 2025-12-27 03:39:41 +00:00			`users.groups.gitea = {};`
			`users.users.gitea = {`
			`group = "gitea";`
			`isSystemUser = true;`
			`};`
			`services.gitea = {`
			`enable = true;`
			`appName = "Daniel's Tiny Cup Of Tea";`
			`stateDir = "/var/lib/gitea";`

			`# Default database settings (sqlite3, 127.0.0.1, path) all what we want`
			`database = {};`

			`# Default server settings are fine, except we need to customize domain etc.`
			`settings.server = {`
			`DOMAIN = "dev.danilafe.com";`
			`ROOT_URL = "https://dev.danilafe.com";`
			`OFFLINE_MODE = false;`
			`# STATIC_ROOT_PATH = "/var/lib/gitea/data";`
			`};`

			`# Default settings are fine.`
			`settings.service = {};`

			`# NixOS service overrides cookies to insecure, but Gitea default is secure`
			`settings.session = {`
			`COOKIE_SECURE = true;`
			`PROVIDER = "file";`
			`};`

			`settings.security = {`
			`INSTALL_LOCK = true;`
			`};`

			`settings.indexer = {`
			`REPO_INDEXER_ENABLED = true;`
			`};`
			`};`

Update configuration to work with updated blog static flake 2023-04-11 02:57:45 +00:00			`users.defaultUserShell = pkgs.zsh;`
			`programs.zsh.enable = true;`
			`programs.zsh.ohMyZsh = {`
			`enable = true;`
			`plugins = [ "git" ];`
			`};`
			`}`