From d136aa65c5d9df70e493a8d02c0aa34a3a8b1e5d Mon Sep 17 00:00:00 2001
From: Grimmauld <soeren@benjos.de>
Date: Wed, 8 May 2024 20:23:42 +0200
Subject: [PATCH] misc updates

---
 authorizedKeys.nix     |  1 +
 flake.lock             | 60 +++++++++++++++++++++---------------------
 flake.nix              |  2 +-
 modules/gitea.nix      | 13 ++++++++-
 modules/puffer.nix     |  2 +-
 modules/toolchains.nix |  1 +
 6 files changed, 46 insertions(+), 33 deletions(-)

diff --git a/authorizedKeys.nix b/authorizedKeys.nix
index a7b42af..55144a6 100644
--- a/authorizedKeys.nix
+++ b/authorizedKeys.nix
@@ -3,4 +3,5 @@
 [
   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCy7X5ByG4/9y2XkQSnXcpMGnV5WPGUd+B6FaYCDNmPQ7xIZEteS+kCpu9oiMP6C/H/FT+i9DZvCflkzgdFAyujYLKRYaZbZ3K6F60qN0rkJ0z/ZO5c6rqwIwR6BEoB7dq5inkyH9fZ8/SI+PXxELmeWF9ehT7kkQC+o9Ujpcjd7ZuZllbAz4UQZFRbbpwdVJCEDenu9/63yuYbvMupgGk0edaTiFT0Q9MSzs/3pNP8xlAxmmZ3HzSjeF7gUzBF7CaIroTeguiUjSVybUEx48P8fy878t7dUZf4anEno9MS0B3aqfZvCKuuPdAUdeBfCbFHRqN7GuCylFIXGPe95Mxl grimmauld@grimmauld-nixos"
   "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQClLZhya2A7SoRSX2DNNM6OWgnGhtOFUor/WdyY59L0l6u5tEo9VyX5bCR84eo+uN4jyahSiGD1WC3RGIoNtHuSkKPxr0rqQhlbuyxraHGj7hOLhcGWRd2eIdsntbma7uPsn4zC0skKjpVNR7PU4LfSxti0gBhgq6uQhMtlfywwJshmwt55q7oT/zC449Uz2vyviy7sQ53R9YoOWEjB/+vU8jHxGlqLatXhOGKlBtrQxKm8PZ6jBYxAC6sGA4APIHWC3KC0S0X7wlmi42Dx9bbBm0rUjy095vRZ22fkE8x9OSTKDY/vFTLw5vwVMa8dACfA1Kc0+EpgOK77lZddeTvD grimmauld.de"
+  "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhM1Fk5ix4OZAdlfCxL891KxeEKpyIFrP5yYkC9mg7E grimmauld@grimmauld-nixos"
 ]
diff --git a/flake.lock b/flake.lock
index 6646eb6..97484cb 100644
--- a/flake.lock
+++ b/flake.lock
@@ -8,11 +8,11 @@
         "systems": "systems"
       },
       "locked": {
-        "lastModified": 1703433843,
-        "narHash": "sha256-nmtA4KqFboWxxoOAA6Y1okHbZh+HsXaMPFkYHsoDRDw=",
+        "lastModified": 1715101957,
+        "narHash": "sha256-fs5uVQFTfgb4L9pnhldeyTHNcYwn1U4nKYoCBJ6W3W4=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "417caa847f9383e111d1397039c9d4337d024bf0",
+        "rev": "07479c2e7396acaaaac5925483498154034ea80a",
         "type": "github"
       },
       "original": {
@@ -122,14 +122,14 @@
     },
     "nixos-matrix-modules": {
       "inputs": {
-        "nixpkgs-lib": "nixpkgs-lib"
+        "nixpkgs": "nixpkgs_3"
       },
       "locked": {
-        "lastModified": 1701507532,
-        "narHash": "sha256-Zzv8OFB7iilzDGe6z2t/j8qRtR23TN3N8LssGsvRWEA=",
+        "lastModified": 1710311999,
+        "narHash": "sha256-s0pT1NyrMgeolUojXXcnXQDymN7m80GTF7itCv0ZH20=",
         "ref": "refs/heads/master",
-        "rev": "046194cdadc50d81255a9c57789381ed1153e2b1",
-        "revCount": 56,
+        "rev": "6c9b67974b839740e2a738958512c7a704481157",
+        "revCount": 63,
         "submodules": true,
         "type": "git",
         "url": "https://github.com/dali99/nixos-matrix-modules"
@@ -186,28 +186,13 @@
         "type": "indirect"
       }
     },
-    "nixpkgs-lib": {
-      "locked": {
-        "lastModified": 1673743903,
-        "narHash": "sha256-sloY6KYyVOozJ1CkbgJPpZ99TKIjIvM+04V48C04sMQ=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "7555e2dfcbac1533f047021f1744ac8871150f9f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
-      }
-    },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1706826059,
-        "narHash": "sha256-N69Oab+cbt3flLvYv8fYnEHlBsWwdKciNZHUbynVEOA=",
+        "lastModified": 1714971268,
+        "narHash": "sha256-IKwMSwHj9+ec660l+I4tki/1NRoeGpyA2GdtdYpAgEw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "25e3d4c0d3591c99929b1ec07883177f6ea70c9d",
+        "rev": "27c13997bf450a01219899f5a83bd6ffbfc70d3c",
         "type": "github"
       },
       "original": {
@@ -234,11 +219,26 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1706732774,
-        "narHash": "sha256-hqJlyJk4MRpcItGYMF+3uHe8HvxNETWvlGtLuVpqLU0=",
+        "lastModified": 1706098335,
+        "narHash": "sha256-r3dWjT8P9/Ah5m5ul4WqIWD8muj5F+/gbCdjiNVBKmU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "b8b232ae7b8b144397fdb12d20f592e5e7c1a64d",
+        "rev": "a77ab169a83a4175169d78684ddd2e54486ac651",
+        "type": "github"
+      },
+      "original": {
+        "id": "nixpkgs",
+        "ref": "nixos-23.11",
+        "type": "indirect"
+      }
+    },
+    "nixpkgs_4": {
+      "locked": {
+        "lastModified": 1714906307,
+        "narHash": "sha256-UlRZtrCnhPFSJlDQE7M0eyhgvuuHBTe1eJ9N9AQlJQ0=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "25865a40d14b3f9cf19f19b924e2ab4069b09588",
         "type": "github"
       },
       "original": {
@@ -253,7 +253,7 @@
         "agenix": "agenix",
         "nixos-mailserver": "nixos-mailserver",
         "nixos-matrix-modules": "nixos-matrix-modules",
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_4",
         "nixpkgs-stable": "nixpkgs-stable"
       }
     },
diff --git a/flake.nix b/flake.nix
index c82003c..55ba558 100644
--- a/flake.nix
+++ b/flake.nix
@@ -41,7 +41,7 @@
           ./modules/email.nix
           ./modules/discord-matrix-bridge.nix
           ./modules/mastodon.nix
-          ./modules/folding.nix
+#          ./modules/folding.nix
           ./modules/toolchains.nix
 #          ./modules/ptero.nix
           agenix.nixosModules.default
diff --git a/modules/gitea.nix b/modules/gitea.nix
index 6b43e19..0e62f51 100644
--- a/modules/gitea.nix
+++ b/modules/gitea.nix
@@ -3,6 +3,7 @@ let
   root_host = "grimmauld.de";
   gitea_host = "git.${root_host}";
   gitea_port = 8081;
+  gitea_ssh_port = 2222;
 in {
   services.gitea = {
     enable = true;
@@ -11,14 +12,24 @@ in {
       server = {
         HTTP_PORT = gitea_port;
         ROOT_URL = "https://${gitea_host}/";
-        DISABLE_SSH = true;
+        DISABLE_SSH = false;
+        SSH_DOMAIN = root_host;
+        START_SSH_SERVER = true;
+        BUILTIN_SSH_SERVER_USER = "git";
+        SSH_PORT = gitea_ssh_port;
+#        SSH_LISTEN_HOST="::"; # fixme?
+#         SSH_AUTHORIZED_PRINCIPALS_ALLOW="username";
       };
 #      log.LEVEL = "Debug";
       "ssh.minimum_key_sizes".RSA = 2048;
+      "git.timeout".MIGRATE = 6000;
     };
     lfs.enable = true;
   };
+
+
   security.acme.certs."${root_host}".extraDomainNames = [ gitea_host];
+  networking.firewall.allowedTCPPorts = [ gitea_ssh_port ];
 
   services.nginx = {
     enable = true;
diff --git a/modules/puffer.nix b/modules/puffer.nix
index 0c364a8..e04513d 100644
--- a/modules/puffer.nix
+++ b/modules/puffer.nix
@@ -38,7 +38,7 @@ in {
 
   };
   security.acme.certs."${root_host}".extraDomainNames = [ puffer_host tlemap_host ];
-  networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 25566 25567 25568];
+  networking.firewall.allowedTCPPorts = [ puffer_sftp_port 25565 25566 25567 25568 7270 ];
 
 #  virtualisation.podman.enable = true;
   virtualisation.docker.enable = true;
diff --git a/modules/toolchains.nix b/modules/toolchains.nix
index 3b8fef4..8cd6eec 100644
--- a/modules/toolchains.nix
+++ b/modules/toolchains.nix
@@ -6,6 +6,7 @@ in {
     (writeShellScriptBin "systemd-owner" "systemctl show -pUser,UID $@")
     (writeShellScriptBin "nix-referrers" "nix-store --query --referrers $@")
     mkpasswd
+    node2nix
   ];
 
   programs.git = {