# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-{ config, lib, pkgs, ... }:
+{ config, lib, pkgs, chirp, ... }:
{
imports =
# boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
nix.settings.experimental-features = [ "nix-command" "flakes" ];
+ nix.package = pkgs.nixVersions.nix_2_28;
- networking.hostName = "nixos"; # Define your hostname.
+ nix.gc = {
+ automatic = true;
+ options = "--delete-older-than 30d";
+ };
+ nix.optimise.automatic = true;
+ system.autoUpgrade = {
+ enable = true;
+ allowReboot = true;
+ };
+
+ networking.hostName = "pschdev"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.firewall = {
enable = true;
- allowedTCPPorts = [ 80 443 ];
+ allowedTCPPorts = [ 80 443 9418 ];
};
# Set your time zone.
# Enable the X11 windowing system.
# services.xserver.enable = true;
-
-
-
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
- vim neovim wget file git
- zig fzf bat
+ vim wget file git fzf bat
+ helix
+ gitui
bintools
- htop
+ btop htop
+ systemctl-tui
tmux
+ md4c
- forgejo
- mbedtls
pkg-config
];
group = "git";
home = "/srv/git";
createHome = true;
+ homeMode = "750";
shell = "${pkgs.git}/bin/git-shell";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQOPefMnq0qvFjYxlrdlSmUgyCbvV85gkfRykVlTnrn ps@nixos"
enable = true;
config = {
init.defaultBranch = "main";
+ user.name = "Patrick";
+ user.email = "patrick.schoenberger@posteo.de";
};
};
};
services.qemuGuest.enable = true;
# virtualisation.qemu.guestAgent.enable = true;
+ programs.mosh.enable = true;
services.caddy = {
enable = true;
+ virtualHosts."psch.dev".extraConfig = ''
+ respond "hello :D"
+ '';
virtualHosts."chirp.psch.dev".extraConfig = ''
- reverse_proxy http://127.0.0.1:8080
+ reverse_proxy http://localhost:8080 {
+ request_buffers 8192
+ }
tls {
protocols tls1.3 tls1.3
}
'';
virtualHosts."git.psch.dev".extraConfig = ''
- reverse_proxy http://127.0.0.1:3000
+ redir / /cgit
+ reverse_proxy localhost:8082
'';
};
+ # services.chirp = {
+ # enable = true;
+ # };
+ users.users.chirp = {
+ isSystemUser = true;
+ group = "chirp";
+ home = "/var/lib/chirp";
+ createHome = true;
+ };
+ users.groups.chirp = {};
+
+ systemd.services.chirp = {
+ description = "Chirp SystemD Service";
+ wantedBy = ["multi-user.target"];
+ after = ["network.target"];
+ serviceConfig = {
+ WorkingDirectory = "/var/lib/chirp";
+ ExecStart = "${chirp.packages.${pkgs.system}.default}/bin/chirp";
+ Restart = "always";
+ Type = "simple";
+ User = "chirp";
+ Group = "chirp";
+ };
+ };
+
+ services.gitDaemon = {
+ enable = true;
+ basePath = "/srv/git";
+ repositories = [ "/srv/git" ];
+ exportAll = true;
+ port = 9418;
+ };
+
+ services.lighttpd = {
+ enable = true;
+ document-root = "/srv/www";
+ port = 8082;
+
+ cgit = {
+ enable = true;
+ subdir = "cgit";
+ configText = ''
+ scan-path=/srv/git
+ robots=noindex, nofollow
+ readme=:readme.md
+ about-filter=${pkgs.writeShellScript "markdown" ''
+ ${pkgs.md4c}/bin/md2html --github --ftables
+ ''}
+ '';
+ };
+ gitweb.enable = true;
+ };
+ users.users."lighttpd".extraGroups = [ "git" ];
+
+ services.gitweb = {
+ gitwebTheme = false;
+ projectroot = "/srv/git";
+ };
+
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
projects / flake_server / blobdiff