# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
-{ config, lib, pkgs, chirp, ... }:
+{ config, lib, pkgs, ... } @ args:
{
imports =
# boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
nix.settings.experimental-features = [ "nix-command" "flakes" ];
+ nix.settings.download-buffer-size = 500000000;
nix.package = pkgs.nixVersions.nix_2_28;
nix.gc = {
};
networking.hostName = "pschdev"; # Define your hostname.
- # Pick only one of the below networking options.
- # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
- # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
networking.firewall = {
enable = true;
- allowedTCPPorts = [ 80 443 9418 ];
+ allowedTCPPorts = [ 80 443 7777 9418 ];
};
# Set your time zone.
# useXkbConfig = true; # use xkb.options in tty.
};
- # Enable the X11 windowing system.
- # services.xserver.enable = true;
-
- # Configure keymap in X11
- # services.xserver.xkb.layout = "us";
- # services.xserver.xkb.options = "eurosign:e,caps:escape";
-
- # Enable CUPS to print documents.
- # services.printing.enable = true;
-
- # Enable sound.
- # hardware.pulseaudio.enable = true;
- # OR
- # services.pipewire = {
- # enable = true;
- # pulse.enable = true;
- # };
-
- # Enable touchpad support (enabled default in most desktopManager).
- # services.libinput.enable = true;
-
# Define a user account. Don't forget to set a password with ‘passwd’.
users.users.ps = {
isNormalUser = true;
];
};
+ users.users.live = {
+ isSystemUser = true;
+ group = "live";
+ home = "/srv/live";
+ createHome = true;
+ useDefaultShell = true;
+ };
+ users.groups.live = {};
+
security = {
polkit.enable = true;
sudo.wheelNeedsPassword = false;
btop htop
systemctl-tui
tmux
+ md4c
+ highlight
+ python312Packages.pygments
pkg-config
];
+ environment.shellAliases = {
+ snrs = "sudo nixos-rebuild switch --flake /etc/nixos#default";
+ snrt = "sudo nixos-rebuild test --flake /etc/nixos#default";
+ snrb = "sudo nixos-rebuild boot --flake /etc/nixos#default";
+ senc = "sudo ${pkgs.helix}/bin/hx /etc/nixos/configuration.nix";
+ };
+
+ # git-hooks
+ system.activationScripts.githook =
+ let
+ githooksRepo = pkgs.fetchgit {
+ url = "git://psch.dev/git-hooks";
+ rev = "1a40e097c8854d5a0e65c070addaa7e3337635c0";
+ hash = "sha256-KNKnP/3hhQQlildzRF+skYHtV+7Xg1MQMPi2DDEHGAI=";
+ };
+ in
+ {
+ text = ''
+ PATH=$PATH:${lib.makeBinPath [ pkgs.git pkgs.sudo pkgs.python3 ]} sudo -u git ${githooksRepo}/git-hooks/post-receive
+ '';
+ };
+
# git
users.users.git = {
isSystemUser = true;
createHome = true;
homeMode = "750";
shell = "${pkgs.git}/bin/git-shell";
- openssh.authorizedKeys.keys = [
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQOPefMnq0qvFjYxlrdlSmUgyCbvV85gkfRykVlTnrn ps@nixos"
+ packages = with pkgs; [
+ python3 # for blog git-hook
];
};
users.groups.git = {};
};
};
- # Some programs need SUID wrappers, can be configured further or are
- # started in user sessions.
- # programs.mtr.enable = true;
- # programs.gnupg.agent = {
- # enable = true;
- # enableSSHSupport = true;
- # };
-
- # List services that you want to enable:
+ services.gitDaemon = {
+ enable = true;
+ basePath = "/srv/git";
+ repositories = [ "/srv/git" ];
+ exportAll = true;
+ port = 9418;
+ };
# Enable the OpenSSH daemon.
services.openssh = {
};
services.qemuGuest.enable = true;
# virtualisation.qemu.guestAgent.enable = true;
+ programs.mosh.enable = true;
+
services.caddy = {
enable = true;
virtualHosts."psch.dev".extraConfig = ''
- respond "hello :D"
+ basic_auth /julius_cam/* { test $2a$14$iKv0GlwavCunG0zQbaf2fOl4r4/8k8gDKUVUouu9Q3o.MfSDkp6Te }
+ root * /srv/www
+ file_server
'';
virtualHosts."chirp.psch.dev".extraConfig = ''
reverse_proxy http://localhost:8080 {
request_buffers 8192
}
- tls {
- protocols tls1.3 tls1.3
- }
- '';
- virtualHosts."git.psch.dev".extraConfig = ''
- redir / /cgit
- reverse_proxy localhost:8082
'';
};
+ services.caddy.virtualHosts."git.psch.dev".extraConfig = ''
+ encode gzip zstd
+
+ @assets path /cgit.css /cgit.png /favicon.ico /robots.txt
+ handle /cgithub/* {
+ file_server {
+ root /srv/cgithub
+ }
+ }
+ handle @assets {
+ file_server {
+ root ${pkgs.cgit}/cgit
+ }
+ }
+ handle {
+ reverse_proxy unix//run/fcgiwrap-git.sock {
+ transport fastcgi {
+ env CGIT_CONFIG ${pkgs.writeText "cgitrc" ''
+ snapshots=tar tar.gz zip
+ enable-git-config=1
+ enable-index-owner=0
+ enable-log-filecount=1
+ enable-log-linecount=1
+ section-from-path=1
+ virtual-root=/
+ module-link=/%s/commit/?id=%s
+ clone-url=https://git.psch.dev/$CGIT_REPO_URL git://psch.dev/$CGIT_REPO_URL ssh://git@psch.dev/~/$CGIT_REPO_URL
+ noplainemail=1
+ side-by-side-diffs=1
+ about-filter=${pkgs.writeShellScript "markdown-filter" ''
+ echo '<div class="markdown-body">'
+ ${pkgs.md4c}/bin/md2html --github --ftables
+ echo '</div>'
+ ''}
+ # source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+ head-include=/srv/cgithub/head-include.html
+ footer=/srv/cgithub/footer.html
+ readme=:readme.md
+ readme=:Readme.md
+ readme=:ReadMe.md
+ readme=:README.md
+ scan-path=/srv/git
+ ''}
+ env SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi
+ }
+ }
+ }
+ '';
+ # virtualHosts."git.psch.dev".extraConfig = ''
+ # reverse_proxy unix//run/anubis/anubis-cgit.sock
+ # '';
+ services.caddy.virtualHosts."gitweb.psch.dev".extraConfig = ''
+ handle /static/* {
+ file_server {
+ root ${pkgs.gitweb}
+ }
+ }
+ handle {
+ reverse_proxy unix//run/fcgiwrap-git.sock {
+ transport fastcgi {
+ env GITWEB_CONFIG ${pkgs.writeText "gitweb.conf" ''
+ $projectroot = "/srv/git";
+ $base_url = "/";
+ $feature{'pathinfo'}{'default'} = [1];
+ $default_projects_order = "age";
+ $omit_owner = true;
+ $site_html_head_string = "<meta xmlns=\"http://www.w3.org/1999/xhtml\" name=\"viewport\" content=\"width=device-width, initial-scale=1.0\" />";
+ ''}
+ env SCRIPT_FILENAME ${pkgs.gitweb}/gitweb.cgi
+ }
+ }
+ }
+ '';
+ # virtualHosts."gitweb.psch.dev".extraConfig = ''
+ # reverse_proxy unix//run/anubis/anubis-gitweb.sock
+ # '';
+
+ services.anubis = {
+ defaultOptions = {
+ user = "caddy";
+ group = "caddy";
+ };
+
+ # instances.cgit.settings.TARGET = "http://localhost:8082/cgit";
+ # instances.gitweb.settings.TARGET = "http://localhost:8082";
+ };
+
+ services.fcgiwrap.instances."git" = {
+ process.user = "git";
+ process.group = "git";
+ socket.user = "caddy";
+ socket.group = "caddy";
+ };
- # services.chirp = {
- # enable = true;
- # };
users.users.chirp = {
isSystemUser = true;
group = "chirp";
after = ["network.target"];
serviceConfig = {
WorkingDirectory = "/var/lib/chirp";
- ExecStart = "${chirp.packages.${pkgs.system}.default}/bin/chirp";
+ ExecStart = "${args.inputs.chirp.packages.${pkgs.system}.default}/bin/chirp";
Restart = "always";
Type = "simple";
User = "chirp";
};
};
- services.gitDaemon = {
- enable = true;
- basePath = "/srv/git";
- repositories = [ "/srv/git" ];
- exportAll = true;
- port = 9418;
- };
-
- services.lighttpd = {
- enable = true;
- document-root = "/srv/www";
- port = 8082;
-
- cgit = {
- enable = true;
- subdir = "cgit";
- configText = ''
- scan-path=/srv/git
- robots=noindex, nofollow
- '';
- };
- gitweb.enable = true;
- };
- users.users."lighttpd".extraGroups = [ "git" ];
-
- services.gitweb = {
- gitwebTheme = false;
- projectroot = "/srv/git";
- };
-
- # Open ports in the firewall.
- # networking.firewall.allowedTCPPorts = [ ... ];
- # networking.firewall.allowedUDPPorts = [ ... ];
- # Or disable the firewall altogether.
- # networking.firewall.enable = false;
-
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
projects / flake_server / blobdiff