X-Git-Url: https://gitweb.ps.run/flake_server/blobdiff_plain/1967a1ba5d8679be812b4075ad29337d07aa2ef6..ab10ca6517491131d4558d0b9fb8bd2798332894:/configuration.nix diff --git a/configuration.nix b/configuration.nix index 3015dc8..e7e0af5 100644 --- a/configuration.nix +++ b/configuration.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, chirp, ... }: { imports = @@ -19,15 +19,26 @@ # boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.package = pkgs.nixVersions.nix_2_28; - networking.hostName = "nixos"; # Define your hostname. + nix.gc = { + automatic = true; + options = "--delete-older-than 30d"; + }; + nix.optimise.automatic = true; + system.autoUpgrade = { + enable = true; + allowReboot = true; + }; + + networking.hostName = "pschdev"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. networking.firewall = { enable = true; - allowedTCPPorts = [ 80 443 ]; + allowedTCPPorts = [ 80 443 9418 ]; }; # Set your time zone. @@ -48,9 +59,6 @@ # Enable the X11 windowing system. # services.xserver.enable = true; - - - # Configure keymap in X11 # services.xserver.xkb.layout = "us"; # services.xserver.xkb.options = "eurosign:e,caps:escape"; @@ -87,14 +95,14 @@ # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - vim neovim wget file git - zig fzf bat + vim wget file git fzf bat + helix + gitui bintools - htop + btop htop + systemctl-tui tmux - forgejo - mbedtls pkg-config ]; @@ -104,6 +112,7 @@ group = "git"; home = "/srv/git"; createHome = true; + homeMode = "750"; shell = "${pkgs.git}/bin/git-shell"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQOPefMnq0qvFjYxlrdlSmUgyCbvV85gkfRykVlTnrn ps@nixos" @@ -115,6 +124,8 @@ enable = true; config = { init.defaultBranch = "main"; + user.name = "Patrick"; + user.email = "patrick.schoenberger@posteo.de"; }; }; @@ -145,17 +156,78 @@ services.caddy = { enable = true; + virtualHosts."psch.dev".extraConfig = '' + respond "hello :D" + ''; virtualHosts."chirp.psch.dev".extraConfig = '' - reverse_proxy http://127.0.0.1:8080 + reverse_proxy http://localhost:8080 { + request_buffers 8192 + } tls { protocols tls1.3 tls1.3 } ''; virtualHosts."git.psch.dev".extraConfig = '' - reverse_proxy http://127.0.0.1:3000 + redir / /cgit + reverse_proxy localhost:8082 ''; }; + # services.chirp = { + # enable = true; + # }; + users.users.chirp = { + isSystemUser = true; + group = "chirp"; + home = "/var/lib/chirp"; + createHome = true; + }; + users.groups.chirp = {}; + + systemd.services.chirp = { + description = "Chirp SystemD Service"; + wantedBy = ["multi-user.target"]; + after = ["network.target"]; + serviceConfig = { + WorkingDirectory = "/var/lib/chirp"; + ExecStart = "${chirp.packages.${pkgs.system}.default}/bin/chirp"; + Restart = "always"; + Type = "simple"; + User = "chirp"; + Group = "chirp"; + }; + }; + + services.gitDaemon = { + enable = true; + basePath = "/srv/git"; + repositories = [ "/srv/git" ]; + exportAll = true; + port = 9418; + }; + + services.lighttpd = { + enable = true; + document-root = "/srv/www"; + port = 8082; + + cgit = { + enable = true; + subdir = "cgit"; + configText = '' + scan-path=/srv/git + robots=noindex, nofollow + ''; + }; + gitweb.enable = true; + }; + users.users."lighttpd".extraGroups = [ "git" ]; + + services.gitweb = { + gitwebTheme = false; + projectroot = "/srv/git"; + }; + # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];