NixOS-Config/hosts/g18-next/configuration.nix

{ inputs, config, lib, pkgs, ... }:

let
  unstable = import inputs.nixpkgs-unstable {
    system = config.nixpkgs.system;
  };
in
{
  imports =
    [
      ./hardware-configuration.nix
      ../modules/nasp.nix
    ];
  nasp = {
    enable = true;
    gSeries = {
      enable = true;
      serial = 18;
    };
    registry.enable = false;
    nginx.enableCodeServer = false;
    nvidia.enable = false;
  };
  boot.loader.systemd-boot.enable = lib.mkForce false;
  boot.loader.efi.canTouchEfiVariables = lib.mkForce false;
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/vda";
  # networking
  networking.hostName = lib.mkForce "g18-next";
  networking.hostId = "11f1fad0";
  systemd.network.networks."10-veth0" = {
    matchConfig.Name = "enp1s0";
    networkConfig = {
      DHCP = "no";
      IPv6AcceptRA = true;
    };
    address = [ "192.168.122.118/24" ];
    routes = [
      {
        routeConfig = {
          Gateway = "192.168.122.1";
          GatewayOnLink = true;
          Metric = 90;
        };
      }
    ];
  };
  services.resolved.enable = true;
  networking.firewall.extraCommands = ''
    iptables -A INPUT -s 192.168.122.1 -j ACCEPT
  '';
  # service: gitea
  services.gitea = {
    enable = true;
    package = unstable.gitea;
    stateDir = "/data0/lib/gitea";
    database.type = "sqlite3";
    settings = {
      server = {
        SSH_DOMAIN = "nasp.fit";
        DOMAIN = "git.nasp.fit";
        HTTP_PORT = 3000;
        ROOT_URL = "https://git.nasp.fit/";
        DISABLE_SSH = false;
        SSH_PORT = 22;
        OFFLINE_MODE = false;
        START_SSH_SERVER = true;
        BUILTIN_SSH_SERVER_USER = "git";
      };
      "repository.pull-request" = {
        DEFAULT_MERGE_STYLE = "squash";
      };
      "repository.signing" = {
        DEFAULT_TRUST_MODEL = "committer";
      };
      proxy = {
        PROXY_ENABLED = true;
        PROXY_URL = "http://192.168.255.1:20171";
        PROXY_HOSTS = "github.com";
      };
    };
  };
  systemd.sockets.gitea.listenStreams = [ "22" ];
  systemd.services.gitea.requires = [ "gitea.socket" "data0.mount" ];
  systemd.services.gitea.after = [ "data0.mount" ];
  # service: influxdb
  services.influxdb2.enable = true;
  systemd.services.influxdb2.requires = [ "var-lib-influxdb2.mount" ];
  systemd.services.influxdb2.after = [ "var-lib-influxdb2.mount" ];
  fileSystems."/var/lib/influxdb2" = {
    depends = [ "/data0" ];
    device = "/data0/lib/influxdb";
    options = [ "bind" ];
  };
  # service: dnsmasq stub dns server
  services.dnsmasq = {
    enable = true;
    settings = {
      interface = [ "enp1s0" "lo" ];
      bind-interfaces = true;
      domain-needed = true;
      bogus-priv = true;
      no-resolv = true;
      no-poll = true;
      domain = "nasp";
      server = [
        "101.6.6.6"
        "1.1.1.1"
        "2001:da8::666"
        "/tsinghua.edu.cn/166.111.8.29"
        "/tsinghua.edu.cn/166.111.8.28"
      ];
    };
  };

  system.stateVersion = "24.05";
}