# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, ... } @ args:
{
imports =
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.package = pkgs.nixVersions.nix_2_28;
- networking.hostName = "nixos"; # Define your hostname.
- # Pick only one of the below networking options.
- # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
- # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
+ nix.gc = {
+ automatic = true;
+ options = "--delete-older-than 30d";
+ };
+ nix.optimise.automatic = true;
+ system.autoUpgrade = {
+ enable = true;
+ allowReboot = true;
+ };
+
+ networking.hostName = "pschdev"; # Define your hostname.
networking.firewall = {
enable = true;
- allowedTCPPorts = [ 80 443 9418 ];
+ allowedTCPPorts = [ 80 443 7777 9418 ];
};
# Set your time zone.
# useXkbConfig = true; # use xkb.options in tty.
};
- # Enable the X11 windowing system.
- # services.xserver.enable = true;
-
- # Configure keymap in X11
- # services.xserver.xkb.layout = "us";
- # services.xserver.xkb.options = "eurosign:e,caps:escape";
-
- # Enable CUPS to print documents.
- # services.printing.enable = true;
-
- # Enable sound.
- # hardware.pulseaudio.enable = true;
- # OR
- # services.pipewire = {
- # enable = true;
- # pulse.enable = true;
- # };
-
- # Enable touchpad support (enabled default in most desktopManager).
- # services.libinput.enable = true;
-
# Define a user account. Don't forget to set a password with ‘passwd’.
users.users.ps = {
isNormalUser = true;
];
};
+ users.users.live = {
+ isSystemUser = true;
+ group = "live";
+ home = "/srv/live";
+ createHome = true;
+ useDefaultShell = true;
+ };
+ users.groups.live = {};
+
security = {
polkit.enable = true;
sudo.wheelNeedsPassword = false;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
- vim neovim wget file git
- zig fzf bat
+ vim wget file git fzf bat
+ helix
+ gitui
bintools
- htop
+ btop htop
+ systemctl-tui
tmux
+ md4c
+ highlight
+ python312Packages.pygments
- forgejo
- mbedtls
pkg-config
];
+ environment.shellAliases = {
+ snrs = "sudo nixos-rebuild switch --flake /etc/nixos#default";
+ snrt = "sudo nixos-rebuild test --flake /etc/nixos#default";
+ snrb = "sudo nixos-rebuild boot --flake /etc/nixos#default";
+ senc = "sudo ${pkgs.helix}/bin/hx /etc/nixos/configuration.nix";
+ };
+
+ # git-hooks
+ system.activationScripts.githook =
+ let
+ githooksRepo = pkgs.fetchgit {
+ url = "git://psch.dev/git-hooks";
+ rev = "1071cff3ca2626dca967eb0989c0874764c460e2";
+ hash = "sha256-dvTchTWvIlsqkU+iYm11kVTPr2B2LrCAdhZkmOoLRzA=";
+ };
+ in
+ {
+ text = ''
+ PATH=$PATH:${lib.makeBinPath [ pkgs.git pkgs.sudo pkgs.python3 ]} sudo -u git ${githooksRepo}/git-hooks/post-receive
+ '';
+ };
+
# git
users.users.git = {
isSystemUser = true;
group = "git";
home = "/srv/git";
createHome = true;
+ homeMode = "750";
shell = "${pkgs.git}/bin/git-shell";
- openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQOPefMnq0qvFjYxlrdlSmUgyCbvV85gkfRykVlTnrn ps@nixos"
+ packages = with pkgs; [
+ python3 # for blog git-hook
];
};
users.groups.git = {};
};
};
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.mtr.enable = true;
- # programs.gnupg.agent = {
- # enable = true;
- # enableSSHSupport = true;
- # };
-
- # List services that you want to enable:
+ services.gitDaemon = {
+ enable = true;
+ basePath = "/srv/git";
+ repositories = [ "/srv/git" ];
+ exportAll = true;
+ port = 9418;
+ };
# Enable the OpenSSH daemon.
services.openssh = {
};
services.qemuGuest.enable = true;
# virtualisation.qemu.guestAgent.enable = true;
+ programs.mosh.enable = true;
+
services.caddy = {
enable = true;
virtualHosts."psch.dev".extraConfig = ''
- respond hello :D
+ basic_auth /julius_cam/* { test $2a$14$iKv0GlwavCunG0zQbaf2fOl4r4/8k8gDKUVUouu9Q3o.MfSDkp6Te }
+ root * /srv/www
+ file_server
'';
virtualHosts."chirp.psch.dev".extraConfig = ''
- reverse_proxy http://localhost:8080
- tls {
- protocols tls1.3 tls1.3
+ reverse_proxy http://localhost:8080 {
+ request_buffers 8192
}
'';
};
+ services.caddy.virtualHosts."git.psch.dev".extraConfig = ''
+ encode gzip zstd
- services.dbus.enable = true;
-
- # virtualHosts."git.psch.dev".extraConfig = ''
- # reverse_proxy unix//run/fcgiwrap.socket {
- # transport fastcgi {
- # split .cgi
- # }
- # }
- # '';
-
- # services.chirp = {
- # enable = true;
- # };
+ @assets path /cgit.css /cgit.png /favicon.ico /robots.txt
+ handle /cgithub/* {
+ file_server {
+ root /srv/cgithub
+ }
+ }
+ handle @assets {
+ file_server {
+ root ${pkgs.cgit}/cgit
+ }
+ }
+ handle {
+ reverse_proxy unix//run/fcgiwrap-git.sock {
+ transport fastcgi {
+ env CGIT_CONFIG ${pkgs.writeText "cgitrc" ''
+ snapshots=tar tar.gz zip
+ enable-git-config=1
+ enable-index-owner=0
+ section-from-path=1
+ virtual-root=/
+ module-link=/%s/commit/?id=%s
+ clone-url=https://git.psch.dev/$CGIT_REPO_URL git://psch.dev/$CGIT_REPO_URL ssh://git@psch.dev/~/$CGIT_REPO_URL
+ noplainemail=1
+ side-by-side-diffs=1
+ about-filter=${pkgs.writeShellScript "markdown-filter" ''
+ echo '<div class="markdown-body">'
+ ${pkgs.md4c}/bin/md2html --github --ftables
+ echo '</div>'
+ ''}
+ # source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+ head-include=/srv/cgithub/head-include.html
+ footer=/srv/cgithub/footer.html
+ readme=:readme.md
+ readme=:Readme.md
+ readme=:ReadMe.md
+ readme=:README.md
+ scan-path=/srv/git
+ ''}
+ env SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi
+ }
+ }
+ }
+ '';
+ # virtualHosts."git.psch.dev".extraConfig = ''
+ # reverse_proxy unix//run/anubis/anubis-cgit.sock
+ # '';
+ services.caddy.virtualHosts."gitweb.psch.dev".extraConfig = ''
+ handle /static/* {
+ file_server {
+ root ${pkgs.gitweb}
+ }
+ }
+ handle {
+ reverse_proxy unix//run/fcgiwrap-git.sock {
+ transport fastcgi {
+ env GITWEB_CONFIG ${pkgs.writeText "gitweb.conf" ''
+ $projectroot = "/srv/git";
+ $base_url = "/";
+ $feature{'pathinfo'}{'default'} = [1];
+ $default_projects_order = "age";
+ $omit_owner = true;
+ $site_html_head_string = "<meta xmlns=\"http://www.w3.org/1999/xhtml\" name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />";
+ ''}
+ env SCRIPT_FILENAME ${pkgs.gitweb}/gitweb.cgi
+ }
+ }
+ }
+ '';
+ # virtualHosts."gitweb.psch.dev".extraConfig = ''
+ # reverse_proxy unix//run/anubis/anubis-gitweb.sock
+ # '';
+
+ services.anubis = {
+ defaultOptions = {
+ user = "caddy";
+ group = "caddy";
+ };
+
+ # instances.cgit.settings.TARGET = "http://localhost:8082/cgit";
+ # instances.gitweb.settings.TARGET = "http://localhost:8082";
+ };
- # services."cgit".cgit = {
- # enable = true;
- # scanPath = "/srv/git";
- # };
+ services.fcgiwrap.instances."git" = {
+ process.user = "git";
+ process.group = "git";
+ socket.user = "caddy";
+ socket.group = "caddy";
+ };
- # Open ports in the firewall.
- # networking.firewall.allowedTCPPorts = [ ... ];
- # networking.firewall.allowedUDPPorts = [ ... ];
- # Or disable the firewall altogether.
- # networking.firewall.enable = false;
+ users.users.chirp = {
+ isSystemUser = true;
+ group = "chirp";
+ home = "/var/lib/chirp";
+ createHome = true;
+ };
+ users.groups.chirp = {};
+
+ systemd.services.chirp = {
+ description = "Chirp SystemD Service";
+ wantedBy = ["multi-user.target"];
+ after = ["network.target"];
+ serviceConfig = {
+ WorkingDirectory = "/var/lib/chirp";
+ ExecStart = "${args.inputs.chirp.packages.${pkgs.system}.default}/bin/chirp";
+ Restart = "always";
+ Type = "simple";
+ User = "chirp";
+ Group = "chirp";
+ };
+ };
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
projects / flake_server / blobdiff