feat: moar nix

config/nix02.nix

@@ -0,0 +1,90 @@
+{ modulesPath, pkgs, unstable, config, ... }:
+
+{
+  imports = [
+    # Include the default lxd configuration.
+    "${modulesPath}/virtualisation/proxmox-lxc.nix"
+    # Include the container-specific autogenerated configuration.
+    ./lxd.nix
+  ];
+
+  networking = {
+    dhcpcd.enable = false;
+    useDHCP = false;
+    useHostResolvConf = false;
+    firewall.enable = false;
+    nameservers = ["192.168.1.155" "1.1.1.1"];
+  };
+
+  environment.systemPackages = with pkgs; [
+    git
+    curl
+    vim
+  ];
+
+  services.nginx = {
+    enable = true; 
+  };
+
+  services.nginx.virtualHosts."forgejo.nix02.cluster" = {
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8312";
+      proxyWebsockets = true;
+    };
+  };
+
+  services.nginx.virtualHosts."forge.amy.mov" = {
+    locations."/" = {
+      proxyPass = "http://127.0.0.1:8312";
+      proxyWebsockets = true;
+    };
+  };
+
+  services.forgejo = {
+    enable = true;
+    package = unstable.forgejo;
+    settings = {
+      server = {
+        HTTP_PORT = 8312;
+        ROOT_URL = "https://forge.amy.mov";
+      };
+    };
+    
+    database = {
+      createDatabase = false;
+      
+      type = "postgres";
+      host = "nix01.cluster";
+      name = "forgejo";
+      user = "forgejo";
+      passwordFile = config.age.secrets."forgejo.dbpass".path;
+    };
+  };
+
+  services.authentik = {
+    enable = true;
+    environmentFile = config.age.secrets."authentik.env".path;
+
+    nginx = {
+      enable = true;
+      enableACME = false;
+      host = "auth.nix02.cluster";
+    };
+
+    createDatabase = false;
+    
+    settings = {
+      postgresql = {
+        host = "nix01.cluster";
+        user = "authentik";
+        password = "authentik";
+        name = "authentik";
+      };
+
+      disable_startup_analytics = true;
+      avatars = "initials";
+    };
+  };
+
+  system.stateVersion = "24.11"; # Did you read the comment?
+}