1 files changed, 165 insertions, 0 deletions

diff --git a/nixos/configuration.nix b/nixos/configuration.nix
new file mode 100644
index 0000000..30e0175
--- /dev/null
+++ b/nixos/configuration.nix
@@ -0,0 +1,165 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+
+{
+  # Automatic Upgrades
+  system.autoUpgrade.enable = true;
+  system.autoUpgrade.allowReboot = true;
+
+  imports =
+    [ # Include the results of the hardware scan.
+      /etc/nixos/hardware-configuration.nix
+    ];
+
+  # SYS PACKAGES
+  environment.systemPackages = [pkgs.vim pkgs.openssl pkgs.mc pkgs.highlight];
+
+  # SSH
+  services.openssh.enable = true;
+  services.openssh.permitRootLogin = "yes";
+
+  users.extraUsers.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpDKWgowf2Gl83b7LsLzwpeKteLWeEE+B3ukE23XAiPmrYnD552ufUnYmid4yItWhNRY4SVsLMCfrdQj8+wftVHNXwx+Y559djAYjkm7qmtBFTvUNPSgtHkX4eoLA79nCPXzd69SS3qkqM2oLGaNKJV9lqxUcaTo0KzKOy5wy7oxQau3w5zCN/kHtxU2ktXGKB6oGocfLi87jefelmoruxo604itpduq78cAhd5fcZy/uZLzNTWf1GdLuqy7ep68txfeRknJ3TKpbaAk+YOlv4AvA23nD7V1GAn757fwv6JpiGe6/VvzkrR8YFLA8sA3kC7Ev8QD1dAkK9S0jMuLzRdAtMWezr7SXNHVEFZ1MLXAbECVkqXOkM0toK8F5ulMfY5E40RWKkawZOr6iB+tHa199WphSgjhtm9frywBMBE/3J5i4purOhZHemmmxJyv4fmSKW42toyc+d6lj0fWBFo3QYWSZPOIpsYhAo4jRw+LHlYwJr7bNIPxKEjutSM5sbacM2Om0GYU+SfHnX4+P5GYaSoFY5SfsjWCpSaK98ngKuKHlBuK2oQczhmFJAFQsBQinpoTF63qfzDpUyfmquvOaDtV9GVMn3AsZemVS+yVXWHHT4ZdXYvSsbgujlM/bUyH/eGLBQnkWBU74W2OxusyFkyp8k7zLwxgj0/hfWew== Miguel_User@DESKTOP-4NH8M69" ];
+
+
+  # XMPP
+  services.ejabberd.enable = true;
+  services.ejabberd.configFile = "/etc/ejabberd.yaml";
+
+  # GITOLITE
+  services.gitolite.enable = true;
+  services.gitolite.extraGitoliteRc = "$RC{UMASK} = 0027;";
+  services.gitolite.adminPubkey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpDKWgowf2Gl83b7LsLzwpeKteLWeEE+B3ukE23XAiPmrYnD552ufUnYmid4yItWhNRY4SVsLMCfrdQj8+wftVHNXwx+Y559djAYjkm7qmtBFTvUNPSgtHkX4eoLA79nCPXzd69SS3qkqM2oLGaNKJV9lqxUcaTo0KzKOy5wy7oxQau3w5zCN/kHtxU2ktXGKB6oGocfLi87jefelmoruxo604itpduq78cAhd5fcZy/uZLzNTWf1GdLuqy7ep68txfeRknJ3TKpbaAk+YOlv4AvA23nD7V1GAn757fwv6JpiGe6/VvzkrR8YFLA8sA3kC7Ev8QD1dAkK9S0jMuLzRdAtMWezr7SXNHVEFZ1MLXAbECVkqXOkM0toK8F5ulMfY5E40RWKkawZOr6iB+tHa199WphSgjhtm9frywBMBE/3J5i4purOhZHemmmxJyv4fmSKW42toyc+d6lj0fWBFo3QYWSZPOIpsYhAo4jRw+LHlYwJr7bNIPxKEjutSM5sbacM2Om0GYU+SfHnX4+P5GYaSoFY5SfsjWCpSaK98ngKuKHlBuK2oQczhmFJAFQsBQinpoTF63qfzDpUyfmquvOaDtV9GVMn3AsZemVS+yVXWHHT4ZdXYvSsbgujlM/bUyH/eGLBQnkWBU74W2OxusyFkyp8k7zLwxgj0/hfWew== Miguel_User@DESKTOP-4NH8M69";
+
+  # GITWEB
+  services.gitweb.projectroot = "/var/lib/gitolite/repositories";
+  services.gitweb.gitwebTheme = true;
+  services.gitweb.extraConfig = ''
+				$site_name = "Gitweb of the Fools";
+				$logo_label = "Gitweb of the Fools";
+				$logo_url = "/gitweb";
+				$feature{'highlight'}{'default'} = [1];
+				$projects_list = "/var/lib/gitolite/projects.list";
+	     	                $strict_export = true;
+                                $per_request_config = 1;
+				our %highlight_basename;
+				$highlight_basename{'Dockerfile'} = 'Dockerfile';
+				$highlight_basename{'Makefile'} = 'Makefile';
+				our %highlight_ext;
+				$highlight_ext{'hs'} = 'haskell';
+				$highlight_ext{'go'} = 'go';
+				$highlight_ext{'yaml'} = 'yaml';
+				$highlight_ext{'md'} = 'markdown';
+				$highlight_ext{'lua'} = 'lua';
+				$highlight_ext{'modinfo'} = 'xml';
+				push @stylesheets, "/highlight.css";
+				'';
+
+  # CERTS
+  security.acme.acceptTerms = true;
+  security.acme.email = "m.i@gmx.at";
+
+  # NGINX
+  services.nginx.enable = true;
+
+  services.nginx.gitweb.enable = true;
+  services.nginx.gitweb.group = "gitolite";
+  services.nginx.gitweb.virtualHost = "comet.softwarefools.com";
+
+  services.nginx.virtualHosts."comet.softwarefools.com" = {
+    forceSSL = true;
+    enableACME = true;
+    root = "/var/www/comet.softwarefools.com";
+    locations."/gitweb/static/" = {
+	extraConfig = "expires 5m;";
+    };
+  };
+
+  # Use the GRUB 2 boot loader.
+  boot.loader.grub.enable = true;
+  boot.loader.grub.version = 2;
+  # boot.loader.grub.efiSupport = true;
+  # boot.loader.grub.efiInstallAsRemovable = true;
+  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
+  # Define on which hard drive you want to install Grub.
+  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
+
+  networking.hostName = "comet.softwarefools.com"; # Define your hostname.
+  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+
+  # The global useDHCP flag is deprecated, therefore explicitly set to false here.
+  # Per-interface useDHCP will be mandatory in the future, so this generated config
+  # replicates the default behaviour.
+  networking.useDHCP = false;
+  networking.interfaces.ens3.useDHCP = true;
+
+  # Configure network proxy if necessary
+  # networking.proxy.default = "http://user:password@proxy:port/";
+  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
+
+  # Select internationalisation properties.
+  # i18n.defaultLocale = "en_US.UTF-8";
+  # console = {
+  #   font = "Lat2-Terminus16";
+  #   keyMap = "us";
+  # };
+
+  # Set your time zone.
+  time.timeZone = "Europe/Warsaw";
+
+  # List packages installed in system profile. To search, run:
+  # $ nix search wget
+  # environment.systemPackages = with pkgs; [
+  #   wget vim
+  # ];
+
+  # Some programs need SUID wrappers, can be configured further or are
+  # started in user sessions.
+  # programs.mtr.enable = true;
+  # programs.gnupg.agent = {
+  #   enable = true;
+  #   enableSSHSupport = true;
+  #   pinentryFlavor = "gnome3";
+  # };
+
+  # FIREWALL
+  networking.firewall.enable = true;
+  networking.firewall.allowedTCPPorts = [ 80 443 5222 5223 5269 ];
+  # networking.firewall.allowedUDPPorts = [ ... ];
+  # Or disable the firewall altogether.
+
+  # Enable CUPS to print documents.
+  # services.printing.enable = true;
+
+  # Enable sound.
+  # sound.enable = true;
+  # hardware.pulseaudio.enable = true;
+
+  # Enable the X11 windowing system.
+  # services.xserver.enable = true;
+  # services.xserver.layout = "us";
+  # services.xserver.xkbOptions = "eurosign:e";
+
+  # Enable touchpad support.
+  # services.xserver.libinput.enable = true;
+
+  # Enable the KDE Desktop Environment.
+  # services.xserver.displayManager.sddm.enable = true;
+  # services.xserver.desktopManager.plasma5.enable = true;
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  # users.users.jane = {
+  #   isNormalUser = true;
+  #   extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
+  # };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "20.03"; # Did you read the comment?
+}