{ modulesPath, pkgs, lib, ... }: {
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
networking.hostName = "lunasa";
zramSwap.enable = true;
services.openssh.enable = true;
boot.tmp.cleanOnBoot = true;
boot.loader.grub.device = "/dev/sda";
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
boot.initrd.kernelModules = [ "nvme" ];
fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
nix = {
package = pkgs.nixVersions.nix_2_22;
settings = {
auto-optimise-store = lib.mkDefault true;
experimental-features = [ "nix-command" "flakes" "ca-derivations" ];
};
};
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoDv47WF/WGsIn47xdmkNeScQSF3yTzLhaZoR+kFUJy"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOXWOPpEDdVUQEFLucXbxmOhW64QXbCu6lF8vRLlKyoT"
];
networking.firewall.allowedTCPPorts = [
80
443
25565 # minecraft
];
services.forgejo = {
enable = true;
lfs.enable = true;
settings = {
server = {
DOMAIN = "git.nazrin.limited";
ROOT_URL = "https://git.nazrin.limited/";
HTTP_PORT = 3000;
};
service.DISABLE_REGISTRATION = true;
repository = {
ENABLE_PUSH_CREATE_USER = true;
ENABLE_PUSH_CREATE_ORG = true;
};
actions = {
enabled = true;
DEFAULT_ACTIONS_URL = "github";
};
};
};
services.caddy = {
enable = true;
email = "shadows@with.al";
virtualHosts = {
"git.nazrin.limited" = {
extraConfig = ''
reverse_proxy localhost:3000
'';
};
};
};
services.tailscale.enable = true;
networking.nftables = {
enable = true;
ruleset = ''
table ip nat {
chain PREROUTING {
type nat hook prerouting priority dstnat; policy accept;
iifname "enp1s0" tcp dport 25565 dnat to 100.66.105.22:25565
}
}
'';
};
networking.nat = {
enable = true;
internalInterfaces = [ "enp1s0" ];
externalInterface = "tailscale0";
forwardPorts = [{
destination = "100.66.105.22:25565";
proto = "tcp";
sourcePort = 25565;
}];
};
system.stateVersion = "23.11";
}