1 # Edit this configuration file to define what should be installed on
2 # your system. Help is available in the configuration.nix(5) man page, on
3 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
5 { config, lib, pkgs, inputs, ... } @ args:
9 [ # Include the results of the hardware scan.
10 ./hardware-configuration.nix
13 # Use the GRUB 2 boot loader.
14 boot.loader.systemd-boot.enable = true;
15 # boot.loader.grub.efiSupport = true;
16 # boot.loader.grub.efiInstallAsRemovable = true;
17 # boot.loader.efi.efiSysMountPoint = "/boot/efi";
18 # Define on which hard drive you want to install Grub.
19 # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
21 nix.settings.experimental-features = [ "nix-command" "flakes" ];
22 nix.settings.download-buffer-size = 500000000;
26 options = "--delete-older-than 30d";
28 nix.optimise.automatic = true;
29 system.autoUpgrade = {
34 networking.hostName = "netcup"; # Define your hostname.
36 networking.firewall = {
47 time.timeZone = "Europe/Amsterdam";
49 # Configure network proxy if necessary
50 # networking.proxy.default = "http://user:password@proxy:port/";
51 # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
53 # Select internationalisation properties.
54 i18n.defaultLocale = "de_DE.UTF-8";
56 font = "Lat2-Terminus16";
57 keyMap = "de-latin1-nodeadkeys";
58 # useXkbConfig = true; # use xkb.options in tty.
61 # Define a user account. Don't forget to set a password with ‘passwd’.
64 extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
65 packages = with pkgs; [
74 useDefaultShell = true;
76 users.groups.live = {};
80 sudo.wheelNeedsPassword = false;
83 nixpkgs.config.allowUnfree = true;
86 (inputs.ps-flakes.overlays.cgit)
87 (inputs.ps-flakes.overlays.gitweb)
88 (inputs.nix-minecraft.overlay)
91 # List packages installed in system profile. To search, run:
93 environment.systemPackages = with pkgs; [
94 vim wget file git fzf bat
104 python312Packages.pygments
109 environment.shellAliases = {
110 snrs = "sudo nixos-rebuild switch --flake /etc/nixos#default";
111 snrt = "sudo nixos-rebuild test --flake /etc/nixos#default";
112 snrb = "sudo nixos-rebuild boot --flake /etc/nixos#default";
113 senc = "sudo ${pkgs.helix}/bin/hx /etc/nixos/configuration.nix";
117 system.activationScripts.githook =
119 githooksRepo = pkgs.fetchgit {
120 url = "git://psch.dev/git-hooks";
121 rev = "1a40e097c8854d5a0e65c070addaa7e3337635c0";
122 hash = "sha256-KNKnP/3hhQQlildzRF+skYHtV+7Xg1MQMPi2DDEHGAI=";
127 PATH=$PATH:${lib.makeBinPath [ pkgs.git pkgs.sudo pkgs.python3 ]} sudo -u git ${githooksRepo}/git-hooks/post-receive
138 shell = "${pkgs.git}/bin/git-shell";
139 packages = with pkgs; [
140 python3 # for blog git-hook
143 users.groups.git = {};
148 init.defaultBranch = "main";
149 user.name = "Patrick";
150 user.email = "patrick.schoenberger@posteo.de";
154 services.gitDaemon = {
156 basePath = "/srv/git";
157 repositories = [ "/srv/git" ];
162 # Enable the OpenSSH daemon.
167 AllowTcpForwarding no
168 AllowAgentForwarding no
169 PasswordAuthentication no
174 services.qemuGuest.enable = true;
175 # virtualisation.qemu.guestAgent.enable = true;
176 programs.mosh.enable = true;
178 services.minecraft-servers = {
186 motd = "A Place on Earth";
190 package = pkgs.fabricServers.fabric-1_20_1;
192 # loaderVersion = "";
195 mods = pkgs.linkFarmFromDrvs "mods" (
196 builtins.attrValues {
197 Fabric-API = pkgs.fetchurl {
198 url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/UapVHwiP/fabric-api-0.92.6%2B1.20.1.jar";
199 sha256 = "sha256-Ds5QR22jaSERqwS3WUXFRY5w2YzQae78BEqz5Xl33us=";
201 GlitchCore = pkgs.fetchurl {
202 url = "https://cdn.modrinth.com/data/s3dmwKy5/versions/25HLOiOl/GlitchCore-fabric-1.20.1-0.0.1.1.jar";
203 sha256 = "sha256-+359QjXKv4OVR4vEKu9rv9u++JUd3x9w9zcZ4LJMmcw=";
205 TerraBlender = pkgs.fetchurl {
206 url = "https://cdn.modrinth.com/data/kkmrDlKT/versions/J1S3aA8i/TerraBlender-fabric-1.20.1-3.0.1.10.jar";
207 sha256 = "sha256-0C2aoszwkSZLD87wdkQSi4I7NCGgK/xAORoBqhzNCiQ=";
209 BiomesOPlenty = pkgs.fetchurl {
210 url = "https://cdn.modrinth.com/data/HXF82T3G/versions/eZaag2ca/BiomesOPlenty-fabric-1.20.1-19.0.0.96.jar";
211 sha256 = "sha256-A4Kp4TNMtzbE8Nhs8NACEG1qmEU6cJlQ678Ok5gx6nI=";
223 psch.dev ps.run pasch.cc {
228 @assets path /cgit.css /cgit.png /favicon.ico /robots.txt
236 root ${pkgs.cgit}/cgit
240 reverse_proxy unix//run/fcgiwrap-git.sock {
242 env CGIT_CONFIG ${pkgs.writeText "cgitrc" ''
243 snapshots=tar tar.gz zip
246 enable-log-filecount=1
247 enable-log-linecount=1
252 favicon=/git/favicon.ico
253 module-link=/%s/commit/?id=%s
254 clone-url=https://$HTTP_HOST/git/$CGIT_REPO_URL git://$HTTP_HOST/$CGIT_REPO_URL git@$HTTP_HOST:$CGIT_REPO_URL
257 about-filter=${pkgs.writeShellScript "markdown-filter" ''
258 echo '<div class="markdown-body">'
259 ${pkgs.md4c}/bin/md2html --github --ftables
262 # source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
263 head-include=/srv/cgithub/head-include.html
264 footer=/srv/cgithub/footer.html
271 env SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi
277 basic_auth /julius_cam/* { test $2a$14$iKv0GlwavCunG0zQbaf2fOl4r4/8k8gDKUVUouu9Q3o.MfSDkp6Te }
282 respond "The Website is under Construction."
285 reverse_proxy http://localhost:8080 {
294 # virtualHosts."git.psch.dev".extraConfig = ''
295 # reverse_proxy unix//run/anubis/anubis-cgit.sock
297 services.caddy.virtualHosts."gitweb.ps.run".extraConfig = ''
304 reverse_proxy unix//run/fcgiwrap-git.sock {
306 env GITWEB_CONFIG ${pkgs.writeText "gitweb.conf" ''
307 $projectroot = "/srv/git";
309 $feature{'pathinfo'}{'default'} = [1];
310 $default_projects_order = "age";
312 $site_html_head_string = "<meta xmlns=\"http://www.w3.org/1999/xhtml\" name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />";
314 env SCRIPT_FILENAME ${pkgs.gitweb}/gitweb.cgi
319 # virtualHosts."gitweb.psch.dev".extraConfig = ''
320 # reverse_proxy unix//run/anubis/anubis-gitweb.sock
329 # instances.cgit.settings.TARGET = "http://localhost:8082/cgit";
330 # instances.gitweb.settings.TARGET = "http://localhost:8082";
333 services.fcgiwrap.instances."git" = {
334 process.user = "git";
335 process.group = "git";
336 socket.user = "caddy";
337 socket.group = "caddy";
340 users.users.chirp = {
343 home = "/var/lib/chirp";
346 users.groups.chirp = {};
348 systemd.services.poster-splitter =
350 poster-splitter-src = "/var/lib/postersplitter/repo";
353 description = "Poster Splitter";
354 wantedBy = [ "multi-user.target" ];
355 after = [ "network.target" ];
361 WorkingDirectory = "${poster-splitter-src}";
363 ExecStart = "${pkgs.bash}/bin/bash -c 'PATH=$PATH:${lib.makeBinPath [ pkgs.bash pkgs.python3 ]} LD_LIBRARY_PATH=${pkgs.stdenv.cc.cc.lib}/lib/ /var/lib/postersplitter/run.sh'";
364 Restart = "on-failure";
373 "deploy-poster-splitter" = {
374 id = "deploy-poster-splitter";
375 response-message = "Deployed Poster Splitter";
376 execute-command = "/var/lib/postersplitter/deploy.sh";
377 command-working-directory = "/var/lib/postersplitter";
378 pass-environment-to-command = [
379 { source = "string"; envname = "PATH"; name = "${lib.makeBinPath [ pkgs.coreutils pkgs.sudo pkgs.systemd pkgs.openssh pkgs.git pkgs.bash pkgs.python3 pkgs.git ]}"; }
383 type = "payload-hmac-sha1";
387 name = "X-Hub-Signature";
394 services.caddy.virtualHosts."postersplitter.de".extraConfig = ''
395 # Route 1: Der Webhook
396 # Leitet Anfragen an /hooks/ an den Webhook-Dienst
397 @webhook path /hooks/*
399 reverse_proxy 127.0.0.1:8102
402 # Route 2: Die Flask App (alles andere)
403 # Muss NACH der Webhook-Route kommen
404 @all not path /hooks/*
406 reverse_proxy 127.0.0.1:8101
409 users.users.poster = {
412 home = "/var/lib/postersplitter";
414 useDefaultShell = true;
415 packages = with pkgs; [
419 users.groups.poster = {};
421 systemd.services.chirp = {
422 description = "Chirp SystemD Service";
423 wantedBy = ["multi-user.target"];
424 after = ["network.target"];
426 WorkingDirectory = "/var/lib/chirp";
427 ExecStart = "${args.inputs.chirp.packages.${pkgs.system}.default}/bin/chirp";
439 fqdn = "mail.psch.dev";
440 domains = [ "psch.dev" ];
442 # A list of all login accounts. To create the password hashes, use
443 # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
446 hashedPassword = "$2b$05$dd65mMjWxZNc.MK4YUwLgeRMInJHvwNTazptImrw4paRqyX/p4TQG";
447 aliases = ["p@psch.dev" "patrick@psch.dev"];
451 certificateScheme = "manual";
452 certificateFile = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.psch.dev/mail.psch.dev.crt";
453 keyFile = "/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.psch.dev/mail.psch.dev.key";
455 # security.acme.acceptTerms = true;
456 # security.acme.defaults.email = "patrick.schoenberger@posteo.de";
458 # Copy the NixOS configuration file and link it from the resulting system
459 # (/run/current-system/configuration.nix). This is useful in case you
460 # accidentally delete configuration.nix.
461 # system.copySystemConfiguration = true;
463 # This option defines the first version of NixOS you have installed on this particular machine,
464 # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
466 # Most users should NEVER change this value after the initial install, for any reason,
467 # even if you've upgraded your system to a new NixOS release.
469 # This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
470 # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
471 # to actually do that.
473 # This value being lower than the current NixOS release does NOT mean your system is
474 # out of date, out of support, or vulnerable.
476 # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
477 # and migrated your data accordingly.
479 # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
480 system.stateVersion = "24.05"; # Did you read the comment?
projects / flake_server / blob