Disable gitea registration

This reverts commit c357f0f9c5.

base.nix

@@ -162,8 +162,11 @@
   ######################################## Misc. ##################################################
   nixpkgs.config.allowUnfree = true;
 
-  # Easiest to use and most distros use this by default.
-  networking.networkmanager.enable = true;
+  networking = {
+    # Easiest to use and most distros use this by default.
+    networkmanager.enable = true;
+    tempAddresses = "disabled";
+  };
 
   users.mutableUsers = false; # Force all user management to happen throught nix-files
 

machine-confs/exoplasim.nix

@@ -29,6 +29,16 @@
     };
   };
 
+  services.ddclient = {
+    enable = true;
+    usev4 = "";
+    usev6 = "ifv6, ifv6=enp6s18";
+    username = "vsinerva.fi-dynexo";
+    domains = [ "exovpn.vsinerva.fi" ];
+    passwordFile = "/var/lib/ddclient/password";
+    server = "www.ovh.com";
+  };
+
   # User worker
   users.users.worker = {
     isNormalUser = true;

machine-confs/gitea.nix

@@ -0,0 +1,12 @@
+{ ... }:
+{
+  networking.hostName = "gitea";
+
+  imports = [
+    ../base.nix
+    ../services/gitea.nix
+  ];
+
+  # HARDWARE SPECIFIC
+  services.qemuGuest.enable = true;
+}

machine-confs/helium.nix

@@ -2,7 +2,6 @@
 {
   networking = {
     hostName = "helium";
-    tempAddresses = "disabled"; # For IP-based filtering to work better
 
     wg-quick.interfaces = {
       wg0 = {

machine-confs/lithium.nix

@@ -2,7 +2,6 @@
 {
   networking = {
     hostName = "lithium";
-    tempAddresses = "disabled"; # For IP-based filtering to work better
 
     wg-quick.interfaces = {
       wg0 = {

machine-confs/nat64.nix

@@ -4,7 +4,7 @@
 
   imports = [
     ../base.nix
-    #    ../services/nat64.nix
+    ../services/nat64.nix
   ];
 
   # HARDWARE SPECIFIC

services/gitea.nix

@@ -0,0 +1,64 @@
+{ config, ... }:
+{
+  imports = [ ./acme-dns.nix ];
+
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
+  networking.firewall.allowedUDPPorts = [ 443 ];
+
+  services = {
+    gitea = {
+      enable = true;
+      lfs.enable = true;
+      appName = "Gitea for Vili Sinervä";
+      mailerPasswordFile = "${config.services.gitea.stateDir}/smtp_pass"; # TODO
+
+      settings = {
+        repository = {
+          ENABLE_PUSH_CREATE_USER = true;
+        };
+        ui.DEFAULT_SHOW_FULL_NAME = true;
+        "ui.meta".AUTHOR = "Gitea, hosted by Vili Sinervä";
+        server = {
+          DOMAIN = "gitea.vsinerva.fi";
+          HTTP_PORT = 8000;
+          ROOT_URL = "https://${config.services.gitea.settings.server.DOMAIN}";
+        };
+        service.DISABLE_REGISTRATION = true; # Disable for initial setup
+        session.COOKIE_SECURE = true;
+        mailer = {
+          ENABLED = true;
+          SMTP_ADDR = "smtp.gmail.com";
+          SMTP_PORT = 587;
+          USER = "vmsskv12@gmail.com"; # Password set in file
+          FROM = "gitea@vsinerva.fi";
+        };
+        cron = {
+          ENABLED = true;
+          RUN_AT_START = true;
+        };
+        time.DEFAULT_UI_LOCATION = "Europe/Helsinki";
+      };
+    };
+
+    nginx = {
+      enable = true;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedTlsSettings = true;
+      recommendedProxySettings = true;
+
+      virtualHosts.${config.services.gitea.settings.server.DOMAIN} = {
+        forceSSL = true;
+        kTLS = true;
+        enableACME = true;
+        acmeRoot = null;
+        locations."/" = {
+          proxyPass = "http://localhost:8000";
+        };
+      };
+    };
+  };
+}

services/nat64.nix

@@ -5,42 +5,6 @@
       enable = true;
       nat64.default = {
         global.pool6 = "64:ff9b::/96"; # Default value made explicit for clarity
-
-        # Port forwarding
-        bib = [
-          {
-            # ExoPlaSim WireGuard
-            "protocol" = "UDP";
-            "ipv4 address" = "192.168.1.2#51821";
-            "ipv6 address" = "fd08:d473:bcca:1:210:3292:4922:b9aa#51821";
-          }
-        ];
-
-        pool4 = [
-          # Ports for static BIB entries
-          {
-            protocol = "UDP";
-            prefix = "192.168.1.2/32";
-            "port range" = "51821";
-          }
-
-          # Port ranges for dynamic translation
-          {
-            protocol = "TCP";
-            prefix = "192.168.1.2/32";
-            "port range" = "30001-50000";
-          }
-          {
-            protocol = "UDP";
-            prefix = "192.168.1.2/32";
-            "port range" = "30001-50000";
-          }
-          {
-            protocol = "ICMP";
-            prefix = "192.168.1.2/32";
-            "port range" = "30001-50000";
-          }
-        ];
       };
     };
   };

services/nextcloud.nix

@@ -28,6 +28,9 @@
 
     nginx = {
       recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedTlsSettings = true;
+      recommendedProxySettings = true;
 
       virtualHosts.${config.services.nextcloud.hostName} = {
         forceSSL = true;

services/vaultwarden.nix

@@ -36,6 +36,9 @@
     nginx = {
       enable = true;
       recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedTlsSettings = true;
+      recommendedProxySettings = true;
 
       virtualHosts."vaultwarden.vsinerva.fi" = {
         forceSSL = true;
@@ -43,7 +46,7 @@
         enableACME = true;
         acmeRoot = null;
         locations."/" = {
-          proxyPass = "http://127.0.0.1:8000";
+          proxyPass = "http://localhost:8000";
         };
       };
     };