[flake_server] / configuration.nix

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

{ config, lib, pkgs, ... } @ args:

{
  imports =
    [ # Include the results of the hardware scan.
      ./hardware-configuration.nix
    ];

  # Use the GRUB 2 boot loader.
  boot.loader.systemd-boot.enable = true;
  # boot.loader.grub.efiSupport = true;
  # boot.loader.grub.efiInstallAsRemovable = true;
  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
  # Define on which hard drive you want to install Grub.
  # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only

  nix.settings.experimental-features = [ "nix-command" "flakes" ];
  nix.settings.download-buffer-size = 500000000;
  nix.package = pkgs.nixVersions.nix_2_28;

  nix.gc = {
    automatic = true;
    options = "--delete-older-than 30d";
  };
  nix.optimise.automatic = true;
  system.autoUpgrade = {
    enable = true;
    allowReboot = true;
  };

  networking.hostName = "pschdev"; # Define your hostname.

  networking.firewall = {
    enable = true;
    allowedTCPPorts = [ 80 443 7777 9418 ];
  };

  # Set your time zone.
  time.timeZone = "Europe/Amsterdam";

  # Configure network proxy if necessary
  # networking.proxy.default = "http://user:password@proxy:port/";
  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";

  # Select internationalisation properties.
  i18n.defaultLocale = "de_DE.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "de-latin1-nodeadkeys";
    # useXkbConfig = true; # use xkb.options in tty.
  };

  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.ps = {
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    packages = with pkgs; [
    ];
  };

  users.users.live = {
    isSystemUser = true;
    group = "live";
    home = "/srv/live";
    createHome = true;
    useDefaultShell = true;
  };
  users.groups.live = {};

  security = {
    polkit.enable = true;
    sudo.wheelNeedsPassword = false;
  };

  # nixpkgs.config.allowUnfree = true;

  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
    vim wget file git fzf bat
    helix
    gitui
    bintools
    btop htop
    systemctl-tui
    tmux
    md4c
    highlight
    python312Packages.pygments

    pkg-config
  ];

  environment.shellAliases = {
    snrs = "sudo nixos-rebuild switch --flake /etc/nixos#default";
    snrt = "sudo nixos-rebuild test --flake /etc/nixos#default";
    snrb = "sudo nixos-rebuild boot --flake /etc/nixos#default";
    senc = "sudo ${pkgs.helix}/bin/hx /etc/nixos/configuration.nix";
  };

  # git-hooks
  system.activationScripts.githook =
    let
      githooksRepo = pkgs.fetchgit {
        url = "git://psch.dev/git-hooks";
        rev = "1a40e097c8854d5a0e65c070addaa7e3337635c0";
        hash = "sha256-KNKnP/3hhQQlildzRF+skYHtV+7Xg1MQMPi2DDEHGAI=";
      };
    in
    {
    text = ''
      PATH=$PATH:${lib.makeBinPath [ pkgs.git pkgs.sudo pkgs.python3 ]} sudo -u git ${githooksRepo}/git-hooks/post-receive
    '';
  };

  # git
  users.users.git = {
    isSystemUser = true;
    group = "git";
    home = "/srv/git";
    createHome = true;
    homeMode = "750";
    shell = "${pkgs.git}/bin/git-shell";
    packages = with pkgs; [
      python3 # for blog git-hook
    ];
  };
  users.groups.git = {};

  programs.git = {
    enable = true;
    config = {
      init.defaultBranch = "main";
      user.name = "Patrick";
      user.email = "patrick.schoenberger@posteo.de";
    };
  };

  services.gitDaemon = {
    enable = true;
    basePath = "/srv/git";
    repositories = [ "/srv/git" ];
    exportAll = true;
    port = 9418;
  };

  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
    extraConfig = ''
      Match user git
        AllowTcpForwarding no
        AllowAgentForwarding no
        PasswordAuthentication no
        PermitTTY no
        X11Forwarding no
    '';
  };
  services.qemuGuest.enable = true;
  # virtualisation.qemu.guestAgent.enable = true;
  programs.mosh.enable = true;


  services.caddy = {
    enable = true;
    virtualHosts."psch.dev".extraConfig = ''
      basic_auth /julius_cam/* { test $2a$14$iKv0GlwavCunG0zQbaf2fOl4r4/8k8gDKUVUouu9Q3o.MfSDkp6Te }
      root * /srv/www
      file_server
    '';
    virtualHosts."chirp.psch.dev".extraConfig = ''
      reverse_proxy http://localhost:8080 {
        request_buffers 8192
      }
    '';
  };
  services.caddy.virtualHosts."git.psch.dev".extraConfig = ''
    encode gzip zstd

    @assets path /cgit.css /cgit.png /favicon.ico /robots.txt
    handle /cgithub/* {
      file_server {
        root /srv/cgithub
      }
    }
    handle @assets {
      file_server {
        root ${pkgs.cgit}/cgit
      }
    }
    handle {
      reverse_proxy unix//run/fcgiwrap-git.sock {
        transport fastcgi {
          env CGIT_CONFIG ${pkgs.writeText "cgitrc" ''
            snapshots=tar tar.gz zip
            enable-git-config=1
            enable-index-owner=0
            enable-log-filecount=1
            enable-log-linecount=1
            section-from-path=1
            virtual-root=/
            module-link=/%s/commit/?id=%s
            clone-url=https://git.psch.dev/$CGIT_REPO_URL git://psch.dev/$CGIT_REPO_URL ssh://git@psch.dev/~/$CGIT_REPO_URL
            noplainemail=1
            side-by-side-diffs=1
            about-filter=${pkgs.writeShellScript "markdown-filter" ''
              echo '<div class="markdown-body">'
              ${pkgs.md4c}/bin/md2html --github --ftables
              echo '</div>'
            ''}
            # source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
            head-include=/srv/cgithub/head-include.html
            footer=/srv/cgithub/footer.html
            readme=:readme.md
            readme=:Readme.md
            readme=:ReadMe.md
            readme=:README.md
            scan-path=/srv/git
          ''}
          env SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi
        }
      }
    }
  '';
  # virtualHosts."git.psch.dev".extraConfig = ''
  #   reverse_proxy unix//run/anubis/anubis-cgit.sock
  # '';
  services.caddy.virtualHosts."gitweb.psch.dev".extraConfig = ''
    handle /static/* {
      file_server {
        root ${pkgs.gitweb}
      }
    }
    handle {
      reverse_proxy unix//run/fcgiwrap-git.sock {
        transport fastcgi {
          env GITWEB_CONFIG ${pkgs.writeText "gitweb.conf" ''
            $projectroot = "/srv/git";
            $base_url = "/";
            $feature{'pathinfo'}{'default'} = [1];
            $default_projects_order = "age";
            $omit_owner = true;
            $site_html_head_string = "<meta xmlns=\"http://www.w3.org/1999/xhtml\" name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />";
          ''}
          env SCRIPT_FILENAME ${pkgs.gitweb}/gitweb.cgi
        }
      }
    }
  '';
  # virtualHosts."gitweb.psch.dev".extraConfig = ''
  #   reverse_proxy unix//run/anubis/anubis-gitweb.sock
  # '';

  services.anubis = {
    defaultOptions = {
      user = "caddy";
      group = "caddy";
    };
    
    # instances.cgit.settings.TARGET = "http://localhost:8082/cgit";
    # instances.gitweb.settings.TARGET = "http://localhost:8082";
  };

  services.fcgiwrap.instances."git" = {
    process.user = "git";
    process.group = "git";
    socket.user = "caddy";
    socket.group = "caddy";
  };

  users.users.chirp = {
    isSystemUser = true;
    group = "chirp";
    home = "/var/lib/chirp";
    createHome = true;
  };
  users.groups.chirp = {};
  
  systemd.services.chirp = {
    description = "Chirp SystemD Service";
    wantedBy = ["multi-user.target"];
    after = ["network.target"];
    serviceConfig = {
      WorkingDirectory = "/var/lib/chirp";
      ExecStart = "${args.inputs.chirp.packages.${pkgs.system}.default}/bin/chirp";
      Restart = "always";
      Type = "simple";
      User = "chirp";
      Group = "chirp";
    };
  };

  # Copy the NixOS configuration file and link it from the resulting system
  # (/run/current-system/configuration.nix). This is useful in case you
  # accidentally delete configuration.nix.
  # system.copySystemConfiguration = true;

  # This option defines the first version of NixOS you have installed on this particular machine,
  # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
  #
  # Most users should NEVER change this value after the initial install, for any reason,
  # even if you've upgraded your system to a new NixOS release.
  #
  # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
  # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
  # to actually do that.
  #
  # This value being lower than the current NixOS release does NOT mean your system is
  # out of date, out of support, or vulnerable.
  #
  # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
  # and migrated your data accordingly.
  #
  # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
  system.stateVersion = "24.05"; # Did you read the comment?

}