From 24a46b4c85160c0b5baabfd089c65fb563933a79 Mon Sep 17 00:00:00 2001
From: Ray Andrew <4437323+rayandrew@users.noreply.github.com>
Date: Fri, 27 Sep 2024 21:29:24 +0000
Subject: [PATCH] update

---
 flake.lock                  | 12 ++++-----
 flake.nix                   |  3 ++-
 hosts/git/configuration.nix | 51 +++++++++++++++++++++++++++++++++++--
 3 files changed, 57 insertions(+), 9 deletions(-)

diff --git a/flake.lock b/flake.lock
index 2f00321..7c231d1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -17,16 +17,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1726447378,
-        "narHash": "sha256-2yV8nmYE1p9lfmLHhOCbYwQC/W8WYfGQABoGzJOb1JQ=",
-        "owner": "nixos",
+        "lastModified": 1726583932,
+        "narHash": "sha256-zACxiQx8knB3F8+Ze+1BpiYrI+CbhxyWpcSID9kVhkQ=",
+        "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "086b448a5d54fd117f4dc2dee55c9f0ff461bdc1",
+        "rev": "658e7223191d2598641d50ee4e898126768fe847",
         "type": "github"
       },
       "original": {
-        "owner": "nixos",
-        "ref": "nixos-24.05",
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
diff --git a/flake.nix b/flake.nix
index 8cf6bf3..bb1bab3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,8 @@
   description = "Ray VPS config";
 
   inputs = {
-    nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
+    # nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
     hardware.url = "github:NixOS/nixos-hardware";
   };
 
diff --git a/hosts/git/configuration.nix b/hosts/git/configuration.nix
index f2249fd..5837af4 100644
--- a/hosts/git/configuration.nix
+++ b/hosts/git/configuration.nix
@@ -35,7 +35,9 @@
 
   users.users = {
     root = {
-      openssh.authorizedKeys.keys = [''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7uSjbOgWMdaEzRGlEKM7kvT7q6jnAEZPQELAH6WAEM'' ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID4/EIEDcL9c1najb9J9205DyaJA/4jjH5jeME3JihFk'' ];
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7uSjbOgWMdaEzRGlEKM7kvT7q6jnAEZPQELAH6WAEM"
+      ];
     };
     rayandrew = {
       initialPassword = "mamamia";
@@ -45,6 +47,19 @@
       ];
       extraGroups = ["wheel"];
     };
+    cgit = {
+      createHome = true;
+      isSystemUser = true;
+      shell = "${pkgs.git}/bin/git-shell";
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7uSjbOgWMdaEzRGlEKM7kvT7q6jnAEZPQELAH6WAEM"
+      ];
+      group = "cgit";
+    };
+  };
+
+  users.groups = {
+    cgit = {};
   };
 
   services.openssh = {
@@ -84,8 +99,11 @@
         ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ];
         ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ];
       };
-
     };
+    firewall.allowedTCPPorts = [
+      80
+      443
+    ];
   };
   services.udev.extraRules = ''
     ATTR{address}=="96:00:03:b7:a9:ed", NAME="eth0"
@@ -98,5 +116,34 @@
     };
   };
 
+  environment.systemPackages = with pkgs; [ 
+    vim 
+    htop
+  ];
+
+  services.cgit."git.rs.ht" = {
+    enable = true;
+    # mirrors = {
+    #   dotfiles = { owner = "thedroneely"; url = "https://github.com/tdro/dotfiles.git"; };
+    #   "thedroneely.com" = { owner = "thedroneely"; url = "https://github.com/tdro/thedroneely.com"; };
+    # clones = {
+    #   cgit = { owner = "thedroneely"; url = "https://git.zx2c4.com/cgit"; };
+    # };
+    scanPath = "/srv/cgit/repos";
+    extraConfig = ''
+      robots=noindex
+    '';
+  };
+
+  services.nginx.virtualHosts."git.rs.ht" = {
+    addSSL = true;
+    enableACME = true;
+  };
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "rs@rs.ht";
+  }; 
+
   system.stateVersion = "24.05";
 }