users: add user alex

This reverts commit cdee22e165.

flake.nix

@@ -48,6 +48,7 @@
         ./modules/network/vpn/tailscale.nix
 
         ./modules/users/nico.nix
+        ./modules/users/alex.nix
         ./modules/hardware/secureboot.nix
         lanzaboote.nixosModules.lanzaboote
 

modules/services/forgejo.nix

@@ -17,8 +17,6 @@
         HTTP_PORT = 3000;
       };
 
-      security.REVERSE_PROXY_TRUSTED_PROXIES = "127.0.0.0/8,::1/128";
-
       service = {
         ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
         SHOW_REGISTRATION_BUTTON = false;
@@ -27,17 +25,6 @@
     };
   };
 
-  # configure anubis to prevent AI scrapers from overloading the git server.
-  services.anubis.instances.forgejo = {
-    enable = true;
-    settings = {
-      TARGET = "http://127.0.0.1:${toString config.services.forgejo.settings.server.HTTP_PORT}";
-      SERVE_ROBOTS_TXT = true;
-      BIND_NETWORK = "tcp";
-      BIND = ":3333";
-    };
-  };
-
   # forgejo has user keys under its own .ssh/authorizedKeys file.
   # nix blocks me from using users.users.<name>.openssh.authorizedKeys.keyFiles
   # in order to only allow that to the forgejo user as it has "/var"
@@ -46,10 +33,7 @@
   services.caddy.virtualHosts."git.${config.homelab.domain}" = {
     useACMEHost = config.homelab.domain;
     extraConfig = ''
-      reverse_proxy http://127.0.0.1${toString config.services.anubis.instances.forgejo.settings.BIND} {
+      reverse_proxy http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
-        header_up X-Real-Ip {remote_host}
-        header_up X-Http-Version {http.request.proto}
-      }
     '';
   };
 }

modules/users/alex.nix

@@ -0,0 +1,10 @@
+{ config, lib, pkgs, ...}:
+
+{
+  users.users.alex = {
+    description = "Alexander";
+    isNormalUser = true;
+    extraGroups = [ ];
+    shell = pkgs.zsh;
+  };
+}