vps/hosts/git/configuration.nix

{
  inputs,
  lib,
  config,
  pkgs,
  ...
}: {
  imports = [
    inputs.hardware.nixosModules.common-cpu-intel
    ./hardware-configuration.nix
  ];

  nixpkgs = {
    overlays = [
    ];
    config = {
      allowUnfree = true;
    };
    hostPlatform = lib.mkDefault "x86_64-linux";
  };

  nix = let
    flakeInputs = lib.filterAttrs (_: lib.isType "flake") inputs;
  in {
    settings = {
      experimental-features = "nix-command flakes";
      flake-registry = "";
      nix-path = config.nix.nixPath;
    };
    channel.enable = false;

    registry = lib.mapAttrs (_: flake: {inherit flake;}) flakeInputs;
    nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
  };

  users.users = {
    root = {
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7uSjbOgWMdaEzRGlEKM7kvT7q6jnAEZPQELAH6WAEM"
      ];
    };
    rayandrew = {
      initialPassword = "mamamia";
      isNormalUser = true;
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7uSjbOgWMdaEzRGlEKM7kvT7q6jnAEZPQELAH6WAEM"
      ];
      extraGroups = ["wheel"];
    };
    git = {
      # createHome = true;
      # isSystemUser = lib.mkForce false;
      isNormalUser = true;
      # shell = "${pkgs.git}/bin/git-shell";
      openssh.authorizedKeys.keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7uSjbOgWMdaEzRGlEKM7kvT7q6jnAEZPQELAH6WAEM"
      ];
      group = "git";
    };
  };

  users.groups = {
    git = {};
  };

  services.openssh = {
    enable = true;
    settings = {
      PermitRootLogin = "yes";
      PasswordAuthentication = false;
    };
  };

  boot = {
    tmp.cleanOnBoot = true;
    loader.grub.device = "/dev/sda";
  };
  zramSwap.enable = true;

  networking = {
    hostName = "git";
    nameservers = [ "8.8.8.8" ];
    domain = "";
    defaultGateway = "172.31.1.1";
    defaultGateway6 = {
      address = "fe80::1";
      interface = "eth0";
    };
    dhcpcd.enable = false;
    usePredictableInterfaceNames = lib.mkForce false;
    interfaces = {
      eth0 = {
        ipv4.addresses = [
          { address="5.161.178.253"; prefixLength=32; }
        ];
        ipv6.addresses = [
          { address="2a01:4ff:f0:8a0::1"; prefixLength=64; }
          { address="fe80::9400:3ff:feb7:a9ed"; prefixLength=64; }
        ];
        ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ];
        ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ];
      };
    };
    firewall.allowedTCPPorts = [
      80
      443
    ];
  };
  services.udev.extraRules = ''
    ATTR{address}=="96:00:03:b7:a9:ed", NAME="eth0"
  '';

  programs = {
    git.enable = true;
    fish = {
      enable = true;
    };
  };

  environment.systemPackages = with pkgs; [ 
    vim 
    htop
  ];

  services.cgit."git.rs.ht" = {
    enable = true;
    # mirrors = {
    #   dotfiles = { owner = "thedroneely"; url = "https://github.com/tdro/dotfiles.git"; };
    #   "thedroneely.com" = { owner = "thedroneely"; url = "https://github.com/tdro/thedroneely.com"; };
    # clones = {
    #   cgit = { owner = "thedroneely"; url = "https://git.zx2c4.com/cgit"; };
    # };
    scanPath = "${config.services.gitolite.dataDir}/repositories";
    extraConfig = ''
      robots=noindex
    '';
    # user = "git";
    # group = "git";
  };

  services.gitolite = {
    enable = true;
    adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7uSjbOgWMdaEzRGlEKM7kvT7q6jnAEZPQELAH6WAEM";
    # user = "git";
    # group = "git";    
  };

  services.nginx.virtualHosts."git.rs.ht" = {
    forceSSL = true;
    enableACME = true;
  };

  security.acme = {
    acceptTerms = true;
    defaults.email = "rs@rs.ht";
  }; 

  system.stateVersion = "24.05";
}