X-Git-Url: https://gitweb.ps.run/flake_server/blobdiff_plain/14b4c9f1028e9161b29ed10758ab5b23c5a857c1..fff3d136b792e85de28b9a3aa4a4686d18092e90:/configuration.nix diff --git a/configuration.nix b/configuration.nix index 4c1a2ba..8227bbb 100644 --- a/configuration.nix +++ b/configuration.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, chirp, ... }: { imports = @@ -21,7 +21,17 @@ nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.package = pkgs.nixVersions.nix_2_28; - networking.hostName = "nixos"; # Define your hostname. + nix.gc = { + automatic = true; + options = "--delete-older-than 30d"; + }; + nix.optimise.automatic = true; + system.autoUpgrade = { + enable = true; + allowReboot = true; + }; + + networking.hostName = "pschdev"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. @@ -85,14 +95,15 @@ # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - vim neovim wget file git - zig fzf bat + vim wget file git fzf bat + helix + gitui bintools - htop + btop htop + systemctl-tui tmux + md4c - forgejo - mbedtls pkg-config ]; @@ -102,6 +113,7 @@ group = "git"; home = "/srv/git"; createHome = true; + homeMode = "750"; shell = "${pkgs.git}/bin/git-shell"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQOPefMnq0qvFjYxlrdlSmUgyCbvV85gkfRykVlTnrn ps@nixos" @@ -142,38 +154,85 @@ }; services.qemuGuest.enable = true; # virtualisation.qemu.guestAgent.enable = true; + programs.mosh.enable = true; services.caddy = { enable = true; virtualHosts."psch.dev".extraConfig = '' - respond hello :D + respond "hello :D" ''; virtualHosts."chirp.psch.dev".extraConfig = '' - reverse_proxy http://localhost:8080 + reverse_proxy http://localhost:8080 { + request_buffers 8192 + } tls { protocols tls1.3 tls1.3 } ''; + virtualHosts."git.psch.dev".extraConfig = '' + redir / /cgit + reverse_proxy localhost:8082 + ''; }; - services.dbus.enable = true; - - # virtualHosts."git.psch.dev".extraConfig = '' - # reverse_proxy unix//run/fcgiwrap.socket { - # transport fastcgi { - # split .cgi - # } - # } - # ''; - # services.chirp = { # enable = true; # }; + users.users.chirp = { + isSystemUser = true; + group = "chirp"; + home = "/var/lib/chirp"; + createHome = true; + }; + users.groups.chirp = {}; + + systemd.services.chirp = { + description = "Chirp SystemD Service"; + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + serviceConfig = { + WorkingDirectory = "/var/lib/chirp"; + ExecStart = "${chirp.packages.${pkgs.system}.default}/bin/chirp"; + Restart = "always"; + Type = "simple"; + User = "chirp"; + Group = "chirp"; + }; + }; - # services."cgit".cgit = { - # enable = true; - # scanPath = "/srv/git"; - # }; + services.gitDaemon = { + enable = true; + basePath = "/srv/git"; + repositories = [ "/srv/git" ]; + exportAll = true; + port = 9418; + }; + + services.lighttpd = { + enable = true; + document-root = "/srv/www"; + port = 8082; + + cgit = { + enable = true; + subdir = "cgit"; + configText = '' + scan-path=/srv/git + robots=noindex, nofollow + readme=:readme.md + about-filter=${pkgs.writeShellScript "markdown" '' + ${pkgs.md4c}/bin/md2html --github --ftables + ''} + ''; + }; + gitweb.enable = true; + }; + users.users."lighttpd".extraGroups = [ "git" ]; + + services.gitweb = { + gitwebTheme = false; + projectroot = "/srv/git"; + }; # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ];