nixlab/config/nix02.nix

{ modulesPath, pkgs, unstable, config, ... }:

{
  imports = [
    # Include the default lxd configuration.
    "${modulesPath}/virtualisation/proxmox-lxc.nix"
    # Include the container-specific autogenerated configuration.
    ./lxd.nix
  ];

  networking = {
    dhcpcd.enable = false;
    useDHCP = false;
    useHostResolvConf = false;
    firewall.enable = false;
    nameservers = ["192.168.1.155" "1.1.1.1"];
  };

  environment.systemPackages = with pkgs; [
    git
    curl
    vim
  ];

  services.nginx = {
    enable = true; 
  };

  services.nginx.virtualHosts."forgejo.nix02.cluster" = {
    locations."/" = {
      proxyPass = "http://127.0.0.1:8312";
      proxyWebsockets = true;
    };
  };

  services.nginx.virtualHosts."forge.amy.mov" = {
    locations."/" = {
      proxyPass = "http://127.0.0.1:8312";
      proxyWebsockets = true;
    };
  };

  services.forgejo = {
    enable = true;
    package = unstable.forgejo;
    settings = {
      server = {
        HTTP_PORT = 8312;
        ROOT_URL = "https://forge.amy.mov";
      };
    };
    
    database = {
      createDatabase = false;
      
      type = "postgres";
      host = "nix01.cluster";
      name = "forgejo";
      user = "forgejo";
      passwordFile = config.age.secrets."forgejo.dbpass".path;
    };
  };

  services.authentik = {
    enable = true;
    environmentFile = config.age.secrets."authentik.env".path;

    nginx = {
      enable = true;
      enableACME = false;
      host = "auth.nix02.cluster";
    };

    createDatabase = false;
    
    settings = {
      postgresql = {
        host = "nix01.cluster";
        user = "authentik";
        password = "authentik";
        name = "authentik";
      };

      disable_startup_analytics = true;
      avatars = "initials";
    };
  };

  system.stateVersion = "24.11"; # Did you read the comment?
}
feat: moar nix 2025-06-18 21:41:53 +01:00			`{ modulesPath, pkgs, unstable, config, ... }:`

			`{`
			`imports = [`
			`# Include the default lxd configuration.`
			`"${modulesPath}/virtualisation/proxmox-lxc.nix"`
			`# Include the container-specific autogenerated configuration.`
			`./lxd.nix`
			`];`

			`networking = {`
			`dhcpcd.enable = false;`
			`useDHCP = false;`
			`useHostResolvConf = false;`
			`firewall.enable = false;`
			`nameservers = ["192.168.1.155" "1.1.1.1"];`
			`};`

			`environment.systemPackages = with pkgs; [`
			`git`
			`curl`
			`vim`
			`];`

			`services.nginx = {`
			`enable = true;`
			`};`

			`services.nginx.virtualHosts."forgejo.nix02.cluster" = {`
			`locations."/" = {`
			`proxyPass = "http://127.0.0.1:8312";`
			`proxyWebsockets = true;`
			`};`
			`};`

			`services.nginx.virtualHosts."forge.amy.mov" = {`
			`locations."/" = {`
			`proxyPass = "http://127.0.0.1:8312";`
			`proxyWebsockets = true;`
			`};`
			`};`

			`services.forgejo = {`
			`enable = true;`
			`package = unstable.forgejo;`
			`settings = {`
			`server = {`
			`HTTP_PORT = 8312;`
			`ROOT_URL = "https://forge.amy.mov";`
			`};`
			`};`

			`database = {`
			`createDatabase = false;`

			`type = "postgres";`
			`host = "nix01.cluster";`
			`name = "forgejo";`
			`user = "forgejo";`
			`passwordFile = config.age.secrets."forgejo.dbpass".path;`
			`};`
			`};`

			`services.authentik = {`
			`enable = true;`
			`environmentFile = config.age.secrets."authentik.env".path;`

			`nginx = {`
			`enable = true;`
			`enableACME = false;`
			`host = "auth.nix02.cluster";`
			`};`

			`createDatabase = false;`

			`settings = {`
			`postgresql = {`
			`host = "nix01.cluster";`
			`user = "authentik";`
			`password = "authentik";`
			`name = "authentik";`
			`};`

			`disable_startup_analytics = true;`
			`avatars = "initials";`
			`};`
			`};`

			`system.stateVersion = "24.11"; # Did you read the comment?`
			`}`