Marisa:added gitea service

hosts/servers/marisa.nix

@@ -1,4 +1,4 @@
-{lib, config, ...}:
+{config, pkgs, ...}:
 {
   imports = 
   [
@@ -11,5 +11,9 @@
     ./marisa/cachix.nix
     ../../configs/nvim.nix
   ];
+  environment.systemPackages = with pkgs; [
+    docker_compose
+  ];
+  virtualisation.docker.enable = true;
   system.stateVersion = "21.05";
 }

hosts/servers/marisa/networking.nix

@@ -1,8 +1,11 @@
-{config, ...}:
+{config, pkgs, ...}:
 {
   networking = {
     hostName = "Marisa";
-    firewall.allowedTCPPorts = [ 22 80 ];
+    firewall = {
+      allowedTCPPorts = [ 22 80 8000 6060 5001 ];
+      allowedUDPPorts = [ 17840 ];
+    };
     wireless = {
       enable = false;
       iwd.enable = true;
@@ -16,6 +19,22 @@
         } ];
       };
     };
+    wireguard.interfaces.wg0 = {
+      ips = [ "100.0.0.2/24" ];
+      listenPort = 17840;
+#       postSetup = "${pkgs.iproute}/bin/ip route add weirdnatto.in via 192.168.0.1";
+#       postShutdown = "${pkgs.iproute}/bin/ip route del weirdnatto.in via 192.168.0.1";
+      privateKeyFile = "/var/secrets/wg";
+      peers = [
+        {
+          #Oracle VM1
+          publicKey = "z0Y2VNEWcyVQVSqRHiwmiJ5/0MgSPM+HZfEcwIccSxM=";
+          allowedIPs = [ "100.0.0.0/24" ];
+          endpoint = "140.238.230.155:17840";
+          persistentKeepalive = 25;
+        }
+      ];
+    };
     defaultGateway = "192.168.0.1";
     nameservers = [ "1.1.1.1" "8.8.8.8" ];
   };

hosts/servers/marisa/services.nix

@@ -1,10 +1,61 @@
-{config, ...}:
+{lib, config, pkgs, ...}:
 {
   services = {
     openssh = {
       enable = true;
       permitRootLogin = "yes";
     };
-    tailscale.enable = true;
+    dovecot2 = {
+      enable = true;
+      enableImap = true;
+    };
+ /*   vault = {
+      enable = true;
+      address = "127.0.0.1:8000";
+      storageBackend = "postgresql";
+    };*/
+    postgresql = {
+      enable = true;
+      port = 6060;
+      enableTCPIP = true;
+      authentication = ''
+        local gitea all ident map=gitea-map
+        host all all 192.168.0.110/32 md5
+        '';
+      identMap = ''
+        gitea-map gitea gitea
+        '';
+    };
+    gitea = {
+      enable = true;
+      appName = "Natto Tea";
+      rootUrl = "https://git.weirdnatto.in/";
+      cookieSecure = true;
+      httpPort = 5001;
+      database = rec {
+        createDatabase = false;
+        port = 6060;
+        name = "gitea";
+        user = name;
+        passwordFile = "/var/secrets/gitea";
+        type = "postgres";
+      };
+      settings = {
+        oauth2_client = {
+          ENABLE_AUTO_REGISTRATION = true;
+          UPDATE_AVATAR = true;
+        };
+        ui = {
+          DEFAULT_THEME="arc-green";
+        };
+        security = {
+          LOGIN_REMEMBER_DAYS = 50;
+        };
+      };
+    };
   };
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJHingN2Aho+KGgEvBMjtoez+W1svl9uVoa4vG0d646j"
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPX1HDzWpoaOcU8GDEGuDzXgxkCpyeqxRR6gLs/8JgHw"
+  ];
 }

hosts/servers/pkgs.nix

@@ -2,10 +2,10 @@
 {
   environment.systemPackages = with pkgs; [
     git
-    gnumake
     htop
     vim
     wireguard
+    vault
   ];
   programs = {
     zsh = {