From f783db55688028afe9b8ebbb270708dc00c2ffb8 Mon Sep 17 00:00:00 2001 From: Patrick Date: Fri, 23 May 2025 13:46:07 +0200 Subject: [PATCH] Update --- configuration.nix | 217 +++++++++++++++++++++++++++------------------- flake.lock | 14 +-- flake.nix | 1 + 3 files changed, 138 insertions(+), 94 deletions(-) diff --git a/configuration.nix b/configuration.nix index 8227bbb..d5931f8 100644 --- a/configuration.nix +++ b/configuration.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ config, lib, pkgs, chirp, ... }: +{ config, lib, pkgs, ... } @ args: { imports = @@ -32,13 +32,10 @@ }; networking.hostName = "pschdev"; # Define your hostname. - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. networking.firewall = { enable = true; - allowedTCPPorts = [ 80 443 9418 ]; + allowedTCPPorts = [ 80 443 7777 9418 ]; }; # Set your time zone. @@ -56,27 +53,6 @@ # useXkbConfig = true; # use xkb.options in tty. }; - # Enable the X11 windowing system. - # services.xserver.enable = true; - - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # hardware.pulseaudio.enable = true; - # OR - # services.pipewire = { - # enable = true; - # pulse.enable = true; - # }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.libinput.enable = true; - # Define a user account. Don't forget to set a password with ‘passwd’. users.users.ps = { isNormalUser = true; @@ -85,6 +61,15 @@ ]; }; + users.users.live = { + isSystemUser = true; + group = "live"; + home = "/srv/live"; + createHome = true; + useDefaultShell = true; + }; + users.groups.live = {}; + security = { polkit.enable = true; sudo.wheelNeedsPassword = false; @@ -103,10 +88,19 @@ systemctl-tui tmux md4c + highlight + python312Packages.pygments pkg-config ]; + environment.shellAliases = { + snrs = "sudo nixos-rebuild switch --flake /etc/nixos#default"; + snrt = "sudo nixos-rebuild test --flake /etc/nixos#default"; + snrb = "sudo nixos-rebuild boot --flake /etc/nixos#default"; + senc = "sudo ${pkgs.helix}/bin/hx /etc/nixos/configuration.nix"; + }; + # git users.users.git = { isSystemUser = true; @@ -117,6 +111,9 @@ shell = "${pkgs.git}/bin/git-shell"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQOPefMnq0qvFjYxlrdlSmUgyCbvV85gkfRykVlTnrn ps@nixos" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0mNZn4EWdIwXEGfqUwwJy5STaZLYWbeKqDd4MN8WIK root@nixos" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+1sLAf+I+o3aODJeDuNvbqKD1wokQyk6oX0ZGK8su5 root@pschdev" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN6sNqiMZpmRkiwjj5Dv0QljLObzhopwIsF0WDQbr/Hg ps@nixos" ]; }; users.groups.git = {}; @@ -130,15 +127,13 @@ }; }; - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: + services.gitDaemon = { + enable = true; + basePath = "/srv/git"; + repositories = [ "/srv/git" ]; + exportAll = true; + port = 9418; + }; # Enable the OpenSSH daemon. services.openssh = { @@ -156,28 +151,116 @@ # virtualisation.qemu.guestAgent.enable = true; programs.mosh.enable = true; + services.caddy = { enable = true; virtualHosts."psch.dev".extraConfig = '' - respond "hello :D" + root * /srv/www + file_server + ''; + virtualHosts."julius.psch.dev".extraConfig = '' + basic_auth { test $2a$14$iKv0GlwavCunG0zQbaf2fOl4r4/8k8gDKUVUouu9Q3o.MfSDkp6Te } + root * /srv/julius_cam + file_server ''; virtualHosts."chirp.psch.dev".extraConfig = '' reverse_proxy http://localhost:8080 { request_buffers 8192 } - tls { - protocols tls1.3 tls1.3 - } - ''; - virtualHosts."git.psch.dev".extraConfig = '' - redir / /cgit - reverse_proxy localhost:8082 ''; }; + services.caddy.virtualHosts."git.psch.dev".extraConfig = '' + encode gzip zstd + + @assets path /cgit.css /cgit.png /favicon.ico /robots.txt + handle /cgithub/* { + file_server { + root /srv/cgithub + } + } + handle @assets { + file_server { + root ${pkgs.cgit}/cgit + } + } + handle { + reverse_proxy unix//run/fcgiwrap-git.sock { + transport fastcgi { + env CGIT_CONFIG ${pkgs.writeText "cgitrc" '' + snapshots=tar tar.gz zip + enable-git-config=1 + enable-index-owner=0 + section-from-path=1 + virtual-root=/ + module-link=/%s/commit/?id=%s + clone-url=https://git.psch.dev/$CGIT_REPO_URL git://psch.dev/$CGIT_REPO_URL ssh://git@psch.dev:$CGIT_REPO_URL + noplainemail=1 + side-by-side-diffs=1 + about-filter=${pkgs.writeShellScript "markdown-filter" '' + echo '
' + ${pkgs.md4c}/bin/md2html --github --ftables + echo '
' + ''} + # source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + head-include=/srv/cgithub/head-include.html + footer=/srv/cgithub/footer.html + readme=:readme.md + readme=:Readme.md + readme=:ReadMe.md + readme=:README.md + scan-path=/srv/git + ''} + env SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi + } + } + } + ''; + # virtualHosts."git.psch.dev".extraConfig = '' + # reverse_proxy unix//run/anubis/anubis-cgit.sock + # ''; + services.caddy.virtualHosts."gitweb.psch.dev".extraConfig = '' + handle /static/* { + file_server { + root ${pkgs.gitweb} + } + } + handle { + reverse_proxy unix//run/fcgiwrap-git.sock { + transport fastcgi { + env GITWEB_CONFIG ${pkgs.writeText "gitweb.conf" '' + $projectroot = "/srv/git"; + $base_url = "/"; + $feature{'pathinfo'}{'default'} = [1]; + $default_projects_order = "age"; + $omit_owner = true; + $site_html_head_string = ""; + ''} + env SCRIPT_FILENAME ${pkgs.gitweb}/gitweb.cgi + } + } + } + ''; + # virtualHosts."gitweb.psch.dev".extraConfig = '' + # reverse_proxy unix//run/anubis/anubis-gitweb.sock + # ''; + + services.anubis = { + defaultOptions = { + user = "caddy"; + group = "caddy"; + }; + + # instances.cgit.settings.TARGET = "http://localhost:8082/cgit"; + # instances.gitweb.settings.TARGET = "http://localhost:8082"; + }; + + services.fcgiwrap.instances."git" = { + process.user = "git"; + process.group = "git"; + socket.user = "caddy"; + socket.group = "caddy"; + }; - # services.chirp = { - # enable = true; - # }; users.users.chirp = { isSystemUser = true; group = "chirp"; @@ -192,7 +275,7 @@ after = ["network.target"]; serviceConfig = { WorkingDirectory = "/var/lib/chirp"; - ExecStart = "${chirp.packages.${pkgs.system}.default}/bin/chirp"; + ExecStart = "${args.inputs.chirp.packages.${pkgs.system}.default}/bin/chirp"; Restart = "always"; Type = "simple"; User = "chirp"; @@ -200,46 +283,6 @@ }; }; - services.gitDaemon = { - enable = true; - basePath = "/srv/git"; - repositories = [ "/srv/git" ]; - exportAll = true; - port = 9418; - }; - - services.lighttpd = { - enable = true; - document-root = "/srv/www"; - port = 8082; - - cgit = { - enable = true; - subdir = "cgit"; - configText = '' - scan-path=/srv/git - robots=noindex, nofollow - readme=:readme.md - about-filter=${pkgs.writeShellScript "markdown" '' - ${pkgs.md4c}/bin/md2html --github --ftables - ''} - ''; - }; - gitweb.enable = true; - }; - users.users."lighttpd".extraGroups = [ "git" ]; - - services.gitweb = { - gitwebTheme = false; - projectroot = "/srv/git"; - }; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. diff --git a/flake.lock b/flake.lock index 8d45946..539333b 100644 --- a/flake.lock +++ b/flake.lock @@ -6,11 +6,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1744574273, - "narHash": "sha256-1Pxl3Ew+P+YW0XI1Jz/K0O2/9X1g610ggx71LAXGHQ0=", + "lastModified": 1745404365, + "narHash": "sha256-0EED3gWrmmWGlBgAISKgyTZN8mm6wuOyBk2AOkQz7Zs=", "ref": "refs/heads/main", - "rev": "d20342bd4fd63a9d098678c4a954c40fe48b7af7", - "revCount": 65, + "rev": "975845bfb7532dd679a4668e1ad1fda9424cd30d", + "revCount": 75, "submodules": true, "type": "git", "url": "git://psch.dev/chirp" @@ -74,11 +74,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1744440957, - "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", + "lastModified": 1747485343, + "narHash": "sha256-YbsZyuRE1tobO9sv0PUwg81QryYo3L1F3R3rF9bcG38=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", + "rev": "9b5ac7ad45298d58640540d0323ca217f32a6762", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 6a384df..cf77a57 100644 --- a/flake.nix +++ b/flake.nix @@ -12,6 +12,7 @@ nixosConfigurations = { default = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; + specialArgs = {inherit inputs;}; modules = [ ./configuration.nix { -- 2.50.1