thehedgehog/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix a lot of things

Browse source
This commit is contained in:
Mr Hedgehog 2022-06-10 16:19:43 -04:00
parent 6ef09611a2
commit 5bc777f61d
No known key found for this signature in database
19 changed files with 149 additions and 678 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

203
flake.lock
View file

@ -41,13 +41,29 @@
"type": "github"
}
},
"base16-schemes": {
"flake": false,
"locked": {
"lastModified": 1654840852,
"narHash": "sha256-qXwf/xBn7mkr/FVEH8WI2OT5rvwzqrH9/D/GVksUujk=",
"owner": "misterio77",
"repo": "base16-schemes",
"rev": "68547bc1f80cdb95698e6af53327211d5461f791",
"type": "github"
},
"original": {
"owner": "misterio77",
"repo": "base16-schemes",
"type": "github"
}
},
"cachix": {
"locked": {
"lastModified": 1654504017,
"narHash": "sha256-qBxRo2CTZRBZ6t1MLJ7VotpAnpBk4bBdlUI1cxrN8nk=",
"lastModified": 1654807735,
"narHash": "sha256-IiOjbptu1s07HTuyv2ONLrw/DcIUg3nX9MO1uEiUmP0=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "07a8317a793f3fa4d6f43674d09ae35bb6b7a6f8",
"rev": "a7f0b0832f9da86d25089ea2b4cacdea64072d7f",
"type": "github"
},
"original": {
@ -83,11 +99,11 @@
"rotate-text": "rotate-text"
},
"locked": {
"lastModified": 1652175409,
"narHash": "sha256-8EStP60lqDmVyeRJ9zdH64oAOHAPBlPa8oYqquVrw5Q=",
"lastModified": 1654863075,
"narHash": "sha256-aImsCFEGVNpzCK73k0XKMyvuiFrKU9metQBZOLETmdg=",
"owner": "nix-community",
"repo": "nix-doom-emacs",
"rev": "edbe868dd5f8bf447eaffd4cff85167d0771ce0f",
"rev": "e0189af753be92641ad3eb244ffaca497cb56f6f",
"type": "github"
},
"original": {
@ -135,11 +151,11 @@
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1654715984,
"narHash": "sha256-MSCr6D4yt2GgcnjZRP1PBhL5r7QwpMoW3BgjnovrM48=",
"lastModified": 1654889615,
"narHash": "sha256-QOBw0dibwUe5s7VYdZgIJ4AjKM8FnIVF2Hetv7cTCiA=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "0756dbd32d75990468b170339bb68aab5f595da7",
"rev": "e2d3ca22117b5d39c92f5014a14150c9b573f7de",
"type": "github"
},
"original": {
@ -299,22 +315,6 @@
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1627913399,
@ -330,7 +330,7 @@
"type": "github"
}
},
"flake-compat_5": {
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1641205782,
@ -346,7 +346,7 @@
"type": "github"
}
},
"flake-compat_6": {
"flake-compat_5": {
"flake": false,
"locked": {
"lastModified": 1650374568,
@ -515,30 +515,6 @@
"type": "github"
}
},
"home-manager-nixos": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixos-unstable"
],
"nmd": "nmd_2",
"nmt": "nmt_2",
"utils": "utils_2"
},
"locked": {
"lastModified": 1654628474,
"narHash": "sha256-Llm9X8Af15uC9IMStxqjCfO15WgYTqTnsQq8wMcpp5Q=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "70824bb5c790b820b189f62f643f795b1d2ade2e",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"lib-aggregate": {
"inputs": {
"flake-utils": "flake-utils_5",
@ -582,16 +558,16 @@
},
"neovim": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_2",
"neovim-flake": "neovim-flake",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1654676311,
"narHash": "sha256-lP0tPKAyz1BFUjJFSmTMzOGi9D7YfLOh4R/EC3wUpgM=",
"lastModified": 1654848955,
"narHash": "sha256-op14ngHHXvNiFZJ2elEcxOfa4S00iUXc2xDtGayBuQ0=",
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"rev": "0367f1f4a36afd5446d76c240bfa2ca782ea41aa",
"rev": "b57a05a4f762d08f13b38fe43145580188ee0b5f",
"type": "github"
},
"original": {
@ -610,11 +586,11 @@
},
"locked": {
"dir": "contrib",
"lastModified": 1654617332,
"narHash": "sha256-nXE6z01X91TQhSRdyKoWIn7hNWHJxkW+UEHuKOwt1/8=",
"lastModified": 1654843232,
"narHash": "sha256-u7t5150uc3bHBttMrgVKogGGJ6Q+KMV7pHODpLMRJC8=",
"owner": "neovim",
"repo": "neovim",
"rev": "3cd22a34852b7453eecb4715806cc09dcc226e0c",
"rev": "6eaf10502c99e96704daa07987f73658d6c4d68a",
"type": "github"
},
"original": {
@ -625,12 +601,15 @@
}
},
"nix-colors": {
"inputs": {
"base16-schemes": "base16-schemes"
},
"locked": {
"lastModified": 1642257683,
"narHash": "sha256-j1AdA6zRD4eqLhMqXXlvdP+ePoGCfAFIepodZ1kcjNs=",
"lastModified": 1654847660,
"narHash": "sha256-Mjdh3ackWoxkNBIcfXyqPlAc4mNe0EtZvb1cmgcyd+I=",
"owner": "~misterio",
"repo": "nix-colors",
"rev": "b26e7acb111b5ab1c8c1f05a79ab5f6aaeb62d3a",
"rev": "81c0629d3a9a77e2a1d0b381a91760e34149a97d",
"type": "sourcehut"
},
"original": {
@ -662,11 +641,11 @@
]
},
"locked": {
"lastModified": 1654714858,
"narHash": "sha256-P5k90jPOgRwRO18S+bMUUReKethbEKD05P0pljaTdLQ=",
"lastModified": 1654775507,
"narHash": "sha256-NPkQiaz6Oo5EuWj5hRXMKebAhAfiVtnklii0imR85dE=",
"owner": "guibou",
"repo": "nixGL",
"rev": "a8ea94984e64cf134d1aea66c1e3bbc25bfe1c25",
"rev": "1cce2dd704829504d057dacc71daf1c00951460d",
"type": "github"
},
"original": {
@ -729,11 +708,11 @@
},
"nixos-unstable": {
"locked": {
"lastModified": 1654593855,
"narHash": "sha256-c+SyXvj7THre87OyIdZfRVR+HhI/g1ZDrQ3VUtTuHkU=",
"lastModified": 1654682581,
"narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "033bd4fa9a8fbe0c68a88e925d9a884161044b25",
"rev": "e0169d7a9d324afebf5679551407756c77af8930",
"type": "github"
},
"original": {
@ -745,11 +724,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1654665288,
"narHash": "sha256-7blJpfoZEu7GKb84uh3io/5eSJNdaagXD9d15P9iQMs=",
"lastModified": 1654845941,
"narHash": "sha256-uXulXu4BQ9ch1ItV0FlL2Ns8X83m6unT5h/0X//VRLQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "43ecbe7840d155fa933ee8a500fb00dbbc651fc8",
"rev": "7b3e907a6fef935794b5049c2c57c519853deb90",
"type": "github"
},
"original": {
@ -790,7 +769,7 @@
},
"nixpkgs-update": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_3",
"mmdoc": "mmdoc",
"nixpkgs": "nixpkgs_4"
},
@ -810,11 +789,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1654593855,
"narHash": "sha256-c+SyXvj7THre87OyIdZfRVR+HhI/g1ZDrQ3VUtTuHkU=",
"lastModified": 1654682581,
"narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "033bd4fa9a8fbe0c68a88e925d9a884161044b25",
"rev": "e0169d7a9d324afebf5679551407756c77af8930",
"type": "github"
},
"original": {
@ -826,11 +805,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1654665288,
"narHash": "sha256-7blJpfoZEu7GKb84uh3io/5eSJNdaagXD9d15P9iQMs=",
"lastModified": 1654845941,
"narHash": "sha256-uXulXu4BQ9ch1ItV0FlL2Ns8X83m6unT5h/0X//VRLQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "43ecbe7840d155fa933ee8a500fb00dbbc651fc8",
"rev": "7b3e907a6fef935794b5049c2c57c519853deb90",
"type": "github"
},
"original": {
@ -857,11 +836,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1654593855,
"narHash": "sha256-c+SyXvj7THre87OyIdZfRVR+HhI/g1ZDrQ3VUtTuHkU=",
"lastModified": 1654682581,
"narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "033bd4fa9a8fbe0c68a88e925d9a884161044b25",
"rev": "e0169d7a9d324afebf5679551407756c77af8930",
"type": "github"
},
"original": {
@ -887,22 +866,6 @@
"type": "gitlab"
}
},
"nmd_2": {
"flake": false,
"locked": {
"lastModified": 1653339422,
"narHash": "sha256-8nc7lcYOgih3YEmRMlBwZaLLJYpLPYKBlewqHqx8ieg=",
"owner": "rycee",
"repo": "nmd",
"rev": "9e7a20e6ee3f6751f699f79c0b299390f81f7bcd",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmd",
"type": "gitlab"
}
},
"nmt": {
"flake": false,
"locked": {
@ -919,22 +882,6 @@
"type": "gitlab"
}
},
"nmt_2": {
"flake": false,
"locked": {
"lastModified": 1648075362,
"narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=",
"owner": "rycee",
"repo": "nmt",
"rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae",
"type": "gitlab"
},
"original": {
"owner": "rycee",
"repo": "nmt",
"type": "gitlab"
}
},
"nose": {
"flake": false,
"locked": {
@ -953,11 +900,11 @@
},
"nur": {
"locked": {
"lastModified": 1654718417,
"narHash": "sha256-aD2ZhqgG1V3kdWZH4J9ynosxaZggRZ2LPraGdO0kuXI=",
"lastModified": 1654842944,
"narHash": "sha256-vt/RS6W32xx96rmwm15tzSx9Xd0wg5p8qherY7H3+wo=",
"owner": "nix-community",
"repo": "nur",
"rev": "5e7f20d6cccd826b60e5c094bc5225eb6959b7b6",
"rev": "f378bcebe4455277d6deb118f11aaaad69db9e9a",
"type": "github"
},
"original": {
@ -1069,7 +1016,6 @@
"doom-emacs": "doom-emacs",
"emacs": "emacs",
"home-manager": "home-manager",
"home-manager-nixos": "home-manager-nixos",
"neovim": "neovim",
"nix-colors": "nix-colors",
"nixgl": "nixgl",
@ -1171,24 +1117,9 @@
"type": "github"
}
},
"utils_2": {
"locked": {
"lastModified": 1653893745,
"narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"vim-plugins": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_4",
"nixpkgs": [
"nixpkgs"
@ -1211,16 +1142,16 @@
"wayland": {
"inputs": {
"cachix": "cachix",
"flake-compat": "flake-compat_6",
"flake-compat": "flake-compat_5",
"lib-aggregate": "lib-aggregate",
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1654724348,
"narHash": "sha256-+M3kx+FODq2HJ30dEKifh11SkhXLpQiT+xMH0HzsHQs=",
"lastModified": 1654869145,
"narHash": "sha256-S/XQQ1rPPWR3Dk5FOD7QG+KPYPz1u2MTzatLjq1S4Vg=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "723eaadd68da9706f922ebcf413c5d48cedecc71",
"rev": "595181b17a12810c5e17f3f622ef7a5ccd48f970",
"type": "github"
},
"original": {

15
flake.nix
View file

@ -21,8 +21,6 @@
emacs.url = "github:nix-community/emacs-overlay";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
home-manager-nixos.url = "github:nix-community/home-manager";
home-manager-nixos.inputs.nixpkgs.follows = "nixos-unstable";
neovim.url = "github:nix-community/neovim-nightly-overlay";
nix-colors.url = "sourcehut:~misterio/nix-colors";
nixgl.url = "github:guibou/nixGL";
@ -51,7 +49,6 @@
doom-emacs,
emacs,
home-manager,
home-manager-nixos,
neovim,
nix-colors,
nixgl,
@ -95,7 +92,6 @@
lib = nixpkgs.lib;
in {
packages.${system} = {
"caddy" = pkgs.callPackage ./pkgs/caddy.nix {};
"nerdfont-symbols" = pkgs.callPackage ./pkgs/nerdfont-symbols.nix {};
"sway-launcher-desktop" = pkgs.callPackage ./pkgs/sway-launcher-desktop.nix {};
"taskwarrior-tui" = pkgs.callPackage ./pkgs/taskwarrior-tui.nix {};
@ -108,7 +104,7 @@
modules = [
./hosts/marvin/configuration.nix
./hosts/marvin/bootloader.nix
./modules/caddy.nix
./modules/agenix.nix
];
specialArgs = {inherit self inputs pkgs;};
};
@ -117,7 +113,6 @@
modules = [
./hosts/prefect/configuration.nix
./hosts/prefect/bootloader.nix
./modules/caddy.nix
];
specialArgs = {inherit self inputs;};
};
@ -126,11 +121,11 @@
modules = [
./hosts/zaphod/configuration.nix
./hosts/zaphod/bootloader.nix
inputs.home-manager-nixos.nixosModules.home-manager
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.mrhedgehog = lib.mkMerge [
home-manager.users.thehedgehog = lib.mkMerge [
./home.nix
doom-emacs.hmModule
nix-colors.homeManagerModule
@ -142,8 +137,8 @@
};
homeConfigurations.mrhedgehog = home-manager.lib.homeManagerConfiguration {
inherit pkgs system;
username = "mrhedgehog";
stateVersion = "22.05";
username = "thehedgehog";
stateVersion = "22.11";
homeDirectory = "/home/mrhedgehog";
configuration.imports = [
./home.nix

6
home.nix
View file

@ -110,9 +110,9 @@
"${config.home.homeDirectory}/.nix-profile/share/fonts";
recursive = true;
};
homeDirectory = "/home/mrhedgehog";
username = "mrhedgehog";
stateVersion = "22.05";
homeDirectory = pkgs.lib.mkForce "/home/mrhedgehog";
username = "thehedgehog";
stateVersion = "22.11";
sessionVariables = {
PASSWORD_STORE_ENABLE_EXTENSIONS = true;

1
hosts/common/nixpkgsConfig.nix
View file

@ -5,4 +5,5 @@
input-fonts.acceptLicense = true;
};
};
system.stateVersion = "22.11";
}

3
hosts/marvin/configuration.nix
View file

@ -4,7 +4,6 @@
inputs,
...
}: {
disabledModules = ["services/web-servers/caddy/default.nix"];
imports = [
# Common Config
../common/packages.nix
@ -23,7 +22,7 @@
# Running Services
./services/avahi.nix
./services/caddy.nix
./services/caddy/default.nix
./services/nix-serve.nix
./services/hydra.nix
];

BIN
hosts/marvin/secrets/cloudflare-ca.age Normal file
View file

Binary file not shown.

5
secrets/secrets.nix → hosts/marvin/secrets/secrets.nix
View file

@ -2,6 +2,9 @@ let
yubi = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTVGi3PItsbUhFgnFZlqo1iUggL4npMg94+9FsyhEPfShcQwJK2/jJzjv5S9KPuk3cY7aoqyVFLbnasSBZPXmscJmOiVNvtWvHoC3QPXvf3IAcVZ5KOLpY2NJlPx/pAb31C6ewtg8v3VlyhL4zEp6M+AGwXX51tFDh2GnYD+7SNF+aMhKCrX63syAhgPy3F8mZ2RIDLAu+lsYlwdpWRkSEv9kcjX/6+3QgUWjfPBaKEeYID22ihSuj7+AiuAt0gM4q0TY/Hpcx+qDLonrIuBnm1hMZDgbv//D0sHIUxJQkGTKTEbkZxoh0Qri7UV/V6l3mETaG40deuemMU7RFY7Khl8RajNZ+9z0FdquS/HCt8+fYQk6eLneJrMIQ1bI4awrtblG3P2Yf2QUu+H3kfCQe44R3WjUugTbNtumVgyQBzl2dzlIVn1pZBeyZy70XCgbaFKkDR8Y/qZiUoZ0afP3vTOXhkn5UBfutTKwUiSGh3S8Ge5YhNgKHWE2eQp1ckEm0IMJV/q5Nsw/yBBXj/kfD8ekz96LQ+gP5JFLq4EaipXI7FM4aZNOBUZU1l/sCEuq7m997nrBucTKqGm7Ho3rq7bgdj4f6GyUJXSMOM1cN61LLrRumZGGTH8WghVL7ligxZyNFcQoudR8jfpf4mrgRxipQOe1A2umvuufMr+l/bw==";
backup = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCyTiGctsHaTUlRJn2XQ/745dD0UWGWO8W0en8J5rf7BLI8lL/hPUmbNt45vC5754LXcBjnp1t/1FNgiGhvNZIWJpC+elBmhyMhg8z1exRZPD+as7XaH7scnij2vSbSphQFUqH433ggAGe77x5bc7wKFp9n7vj8G1u0JJxMEe1M7kNFY0+ShNtaHna3LxiQOVcW7qVlNKZP8Ol1V7kZLblRADCJMTYOXDIbktA8bbGRfGhbNjJGkL665qz36haYwb2i6A4sC7Y583N8ro8hIDG/ByJqwbl/Sz4rSxkT6G4+OdBvS6sa7TovNXHjmQCculMIltdog7UhgyBsim1sTzxAen3YyFRi1Cz/kLM0oH39m/W4IoMvJcNZCJ3ItLgy+lEVMd87jVOqfuq/hyjHVI0wJtU2Si2HTxv7aKL8gPzqXwbNH+nhkhlQ0ZH8zKVBunOgLDgsmGIky5X/T3bpWZpIoFkOR7AYrId/5dOeGM3pHhHb6woZ3SRubZ43Ah/VdJM=";
me = [yubi backup];
marvin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP60B1IOdfJRrDcCKajMV8YJNC01gSsccZi3DKHlS6YJ";
in {
"marvinCfToken.age".publicKeys = me;
"thehedgehog-pem.age".publicKeys = [ marvin yubi ];
"thehedgehog-key.age".publicKeys = [ marvin yubi ];
"cloudflare-ca.age".publicKeys = [ marvin yubi ];
}

BIN
hosts/marvin/secrets/thehedgehog-key.age Normal file
View file

Binary file not shown.

BIN
hosts/marvin/secrets/thehedgehog-pem.age Normal file
View file

Binary file not shown.

34
hosts/marvin/services/caddy.nix
View file

@ -1,34 +0,0 @@
{
lib,
pkgs,
config,
...
}: {
services.caddy = {
enable = true;
package = pkgs.my-pkgs.caddy.overrideAttrs ( old:{
plugins = ["github.com/caddy-dns/cloudflare" "github.com/greenpau/caddy-security"];
vendorSha256 = "sha256-1SBOXv2RGLlTT/mguPjTASU5AeQNIVySgVMgvu5BH6w=";
});
extraConfig = ''
cache.mrhedgehog.xyz {
tls {
dns cloudflare {env.CF_AUTH_TOKEN}
}
reverse_proxy http://localhost:5000
}
hydra.mrhedgehog.xyz {
tls {
dns cloudflare {env.CF_AUTH_TOKEN}
}
reverse_proxy http://localhost:3000
}
reddit.mrhedgehog.xyz {
tls {
dns cloudflare {env.CF_AUTH_TOKEN}
}
reverse_proxy http://localhost:4000
}
'';
};
}

44
hosts/marvin/services/caddy/default.nix Normal file
View file

@ -0,0 +1,44 @@
{
lib,
pkgs,
config,
...
}: {
services.caddy = {
enable = true;
email = "hedgehog@mrhedgehog.xyz";
# globalConfig = ''
# '';
virtualHosts = {
"cache.thehedgehog.me" = {
extraConfig = ''
import cf_tls
reverse_proxy http://localhost:5000
'';
};
"hydra.thehedgehog.me" = {
extraConfig = ''
import cf_tls
reverse_proxy http://localhost:3000
'';
};
"reddit.thehedgehog.me" = {
extraConfig = ''
import cf_tls
reverse_proxy http://localhost:4000
'';
};
};
extraConfig = ''
(cf_tls) {
tls ${config.age.secrets.thehedgehog-pem.path} ${config.age.secrets.thehedgehog-key.path} {
protocols tls1.3
client_auth {
mode require_and_verify
trusted_ca_cert_file ${config.age.secrets.cloudflare-ca.path}
}
}
}
'';
};
}

60
hosts/marvin/services/custom-caddy.nix
View file

@ -1,60 +0,0 @@
{
stdenv,
lib,
buildGoModule,
plugins ? [],
vendorSha256 ? "",
}:
with lib; let
imports = flip concatMapStrings plugins (pkg: "\t\t\t_ \"${pkg}\"\n");
main = ''
package main
import (
caddycmd "github.com/caddyserver/caddy/v2/cmd"
_ "github.com/caddyserver/caddy/v2/modules/standard"
${imports}
)
func main() {
caddycmd.Main()
}
'';
in
buildGoModule rec {
pname = "caddy";
version = "2.5.0";
subPackages = ["cmd/caddy"];
src = builtins.fetchGit {
url = "https://github.com/caddyserver/caddy.git";
rev = "a8bb4a665af358f61a7ac0eabac8df2110cb6a36";
};
inherit vendorSha256;
overrideModAttrs = _: {
preBuild = "echo '${main}' > cmd/caddy/main.go";
postInstall = "cp go.sum go.mod $out/ && ls $out/";
};
postPatch = ''
echo '${main}' > cmd/caddy/main.go
cat cmd/caddy/main.go
'';
postConfigure = ''
cp vendor/go.sum ./
cp vendor/go.mod ./
'';
meta = with lib; {
homepage = https://caddyserver.com;
description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
license = licenses.asl20;
maintainers = with maintainers; [rushmorem fpletz zimbatm];
};
}

0
hosts/marvin/services/default.nix
View file

1
hosts/prefect/configuration.nix
View file

@ -1,5 +1,4 @@
{ pkgs, lib, inputs, ... }: {
disabledModules = [ "services/web-servers/caddy/default.nix" ];
imports = [
# Common Config
../common/packages.nix

1
hosts/zaphod/configuration.nix
View file

@ -4,7 +4,6 @@
inputs,
...
}: {
disabledModules = ["services/web-servers/caddy/default.nix"];
imports = [
# Common Config
../common/packages.nix

24
modules/agenix.nix Normal file
View file

@ -0,0 +1,24 @@
# modules/agenix.nix -- encrypt secrets in nix store
{ options, config, inputs, lib, pkgs, ... }:
with builtins;
with lib;
# with lib.my;
let inherit (inputs) agenix;
secretsDir = "${toString ../hosts}/${config.networking.hostName}/secrets";
secretsFile = "${secretsDir}/secrets.nix";
in {
imports = [ agenix.nixosModules.age ];
environment.systemPackages = [ agenix.defaultPackage.x86_64-linux ];
age = {
secrets =
if pathExists secretsFile
then mapAttrs' (n: _: nameValuePair (removeSuffix ".age" n) {
file = "${secretsDir}/${n}";
}) (import secretsFile)
else {};
identityPaths = options.age.identityPaths.default;
};
}

344
modules/caddy.nix
View file

@ -1,344 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.caddy;
virtualHosts = attrValues cfg.virtualHosts;
acmeVHosts = filter (hostOpts: hostOpts.useACMEHost != null) virtualHosts;
mkVHostConf = hostOpts: let
sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory;
in ''
${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} {
bind ${concatStringsSep " " hostOpts.listenAddresses}
${optionalString (hostOpts.useACMEHost != null) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"}
log {
${hostOpts.logFormat}
}
${hostOpts.extraConfig}
}
'';
configFile = let
Caddyfile = pkgs.writeText "Caddyfile" ''
{
${cfg.globalConfig}
}
${cfg.extraConfig}
'';
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" {nativeBuildInputs = [cfg.package];} ''
${cfg.package}/bin/caddy fmt ${Caddyfile} > $out
'';
in
if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform
then Caddyfile-formatted
else Caddyfile;
acmeHosts = unique (catAttrs "useACMEHost" acmeVHosts);
mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix;
in {
imports = [
(mkRemovedOptionModule ["services" "caddy" "agree"] "this option is no longer necessary for Caddy 2")
(mkRenamedOptionModule ["services" "caddy" "ca"] ["services" "caddy" "acmeCA"])
(mkRenamedOptionModule ["services" "caddy" "config"] ["services" "caddy" "extraConfig"])
];
disabledModules = ["services/web-servers/caddy/default.nix"];
# interface
options.services.caddy = {
enable = mkEnableOption "Caddy web server";
user = mkOption {
default = "caddy";
type = types.str;
description = ''
User account under which caddy runs.
<note><para>
If left as the default value this user will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the Caddy service starts.
</para></note>
'';
};
group = mkOption {
default = "caddy";
type = types.str;
description = ''
Group account under which caddy runs.
<note><para>
If left as the default value this user will automatically be created
on system activation, otherwise you are responsible for
ensuring the user exists before the Caddy service starts.
</para></note>
'';
};
package = mkOption {
default = pkgs.my-pkgs.caddy;
defaultText = literalExpression "pkgs.caddy";
type = types.package;
description = ''
Caddy package to use.
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/caddy";
description = ''
The data directory for caddy.
<note>
<para>
If left as the default value this directory will automatically be created
before the Caddy server starts, otherwise you are responsible for ensuring
the directory exists with appropriate ownership and permissions.
</para>
<para>
Caddy v2 replaced <literal>CADDYPATH</literal> with XDG directories.
See <link xlink:href="https://caddyserver.com/docs/conventions#file-locations"/>.
</para>
</note>
'';
};
logDir = mkOption {
type = types.path;
default = "/var/log/caddy";
description = ''
Directory for storing Caddy access logs.
<note><para>
If left as the default value this directory will automatically be created
before the Caddy server starts, otherwise the sysadmin is responsible for
ensuring the directory exists with appropriate ownership and permissions.
</para></note>
'';
};
logFormat = mkOption {
type = types.lines;
default = ''
level ERROR
'';
example = literalExpression ''
mkForce "level INFO";
'';
description = ''
Configuration for the default logger. See
<link xlink:href="https://caddyserver.com/docs/caddyfile/options#log"/>
for details.
'';
};
configFile = mkOption {
type = types.path;
default = configFile;
defaultText = "A Caddyfile automatically generated by values from services.caddy.*";
example = literalExpression ''
pkgs.writeText "Caddyfile" '''
example.com
root * /var/www/wordpress
php_fastcgi unix//run/php/php-version-fpm.sock
file_server
''';
'';
description = ''
Override the configuration file used by Caddy. By default,
NixOS generates one automatically.
'';
};
adapter = mkOption {
default = "caddyfile";
example = "nginx";
type = types.str;
description = ''
Name of the config adapter to use.
See <link xlink:href="https://caddyserver.com/docs/config-adapters"/>
for the full list.
<note><para>
Any value other than <literal>caddyfile</literal> is only valid when
providing your own <option>configFile</option>.
</para></note>
'';
};
resume = mkOption {
default = false;
type = types.bool;
description = ''
Use saved config, if any (and prefer over any specified configuration passed with <literal>--config</literal>).
'';
};
globalConfig = mkOption {
type = types.lines;
default = "";
example = ''
debug
servers {
protocol {
experimental_http3
}
}
'';
description = ''
Additional lines of configuration appended to the global config section
of the <literal>Caddyfile</literal>.
Refer to <link xlink:href="https://caddyserver.com/docs/caddyfile/options#global-options"/>
for details on supported values.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
example.com {
encode gzip
log
root /srv/http
}
'';
description = ''
Additional lines of configuration appended to the automatically
generated <literal>Caddyfile</literal>.
'';
};
virtualHosts = mkOption {
type = with types; attrsOf (submodule (import ./vhost-options.nix {inherit cfg;}));
default = {};
example = literalExpression ''
{
"hydra.example.com" = {
serverAliases = [ "www.hydra.example.com" ];
extraConfig = '''
encode gzip
root /srv/http
''';
};
};
'';
description = ''
Declarative specification of virtual hosts served by Caddy.
'';
};
acmeCA = mkOption {
default = "https://acme-v02.api.letsencrypt.org/directory";
example = "https://acme-staging-v02.api.letsencrypt.org/directory";
type = with types; nullOr str;
description = ''
The URL to the ACME CA's directory. It is strongly recommended to set
this to Let's Encrypt's staging endpoint for testing or development.
Set it to <literal>null</literal> if you want to write a more
fine-grained configuration manually.
'';
};
email = mkOption {
default = null;
type = with types; nullOr str;
description = ''
Your email address. Mainly used when creating an ACME account with your
CA, and is highly recommended in case there are problems with your
certificates.
'';
};
};
# implementation
config = mkIf cfg.enable {
assertions =
[
{
assertion = cfg.adapter != "caddyfile" -> cfg.configFile != configFile;
message = "Any value other than 'caddyfile' is only valid when providing your own `services.caddy.configFile`";
}
]
++ map (name:
mkCertOwnershipAssertion {
inherit (cfg) group user;
cert = config.security.acme.certs.${name};
groups = config.users.groups;
})
acmeHosts;
services.caddy.extraConfig = concatMapStringsSep "\n" mkVHostConf virtualHosts;
services.caddy.globalConfig = ''
${optionalString (cfg.email != null) "email ${cfg.email}"}
${optionalString (cfg.acmeCA != null) "acme_ca ${cfg.acmeCA}"}
log {
${cfg.logFormat}
}
'';
systemd.packages = [cfg.package];
systemd.services.caddy = {
wants = map (hostOpts: "acme-finished-${hostOpts.useACMEHost}.target") acmeVHosts;
after = map (hostOpts: "acme-selfsigned-${hostOpts.useACMEHost}.service") acmeVHosts;
before = map (hostOpts: "acme-${hostOpts.useACMEHost}.service") acmeVHosts;
wantedBy = ["multi-user.target"];
startLimitIntervalSec = 14400;
startLimitBurst = 10;
serviceConfig = {
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
# If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
ExecStart = ["" "${cfg.package}/bin/caddy run --config ${cfg.configFile} --adapter ${cfg.adapter} ${optionalString cfg.resume "--resume"} --envfile ${cfg.envFile}"];
ExecReload = ["" "${cfg.package}/bin/caddy reload --config ${cfg.configFile} --adapter ${cfg.adapter}"];
ExecStartPre = "${cfg.package}/bin/caddy validate --config ${cfg.configFile} --adapter ${cfg.adapter}";
User = cfg.user;
Group = cfg.group;
ReadWriteDirectories = cfg.dataDir;
StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") ["caddy"];
LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") ["caddy"];
Restart = "on-abnormal";
SupplementaryGroups = mkIf (length acmeVHosts != 0) ["acme"];
# TODO: attempt to upstream these options
NoNewPrivileges = true;
PrivateDevices = true;
ProtectHome = true;
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
Environment = "\"CF_API_TOKEN=${cfg.token}\"";
};
};
users.users = optionalAttrs (cfg.user == "caddy") {
caddy = {
group = cfg.group;
uid = config.ids.uids.caddy;
home = cfg.dataDir;
};
};
users.groups = optionalAttrs (cfg.group == "caddy") {
caddy.gid = config.ids.gids.caddy;
};
security.acme.certs = let
reloads = map (useACMEHost: nameValuePair useACMEHost {reloadServices = ["caddy.service"];}) acmeHosts;
in
listToAttrs reloads;
};
}

59
pkgs/caddy.nix
View file

@ -1,59 +0,0 @@
{ lib, fetchFromGitHub, buildGoModule, plugins ? [], vendorSha256 ? "" }:
with lib;
let imports = flip concatMapStrings plugins (pkg: "\t\t\t_ \"${pkg}\"\n");
main = ''
package main
import (
caddycmd "github.com/caddyserver/caddy/v2/cmd"
_ "github.com/caddyserver/caddy/v2/modules/standard"
${imports}
)
func main() {
caddycmd.Main()
}
'';
in buildGoModule rec {
pname = "caddy";
version = "2.5.1";
proxyVendor = true;
subPackages = [ "cmd/caddy" ];
src = fetchFromGitHub {
owner = "caddyserver";
repo = "caddy";
rev = "v${version}";
sha256 = "sha256-xNCxzoNpXkj8WF9+kYJfO18ux8/OhxygkGjA49+Q4vY=";
};
inherit vendorSha256;
overrideModAttrs = (_: {
preBuild = "echo '${main}' > cmd/caddy/main.go";
postInstall = "cp go.sum go.mod $out/ && ls $out/";
});
postPatch = ''
echo '${main}' > cmd/caddy/main.go
cat cmd/caddy/main.go
'';
postConfigure = ''
cp vendor/go.sum ./
cp vendor/go.mod ./
'';
meta = {
homepage = https://caddyserver.com;
description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
license = licenses.asl20;
maintainers = with maintainers; [ Br1ght0ne techknowlogick mrhedgehog ];
};
}

27
secrets/marvinCfToken.age
View file

@ -1,27 +0,0 @@
age-encryption.org/v1
-> ssh-rsa fFaiTA
eO/2MjQ73Bk4nE1/Rm7FKY/4LJpxOMeXBhPD8qJLTNy0QJ8yP3ViAZ1sdrjiMDxM
F6kaN7in+msSVMsLMnk5/4nvWDedJ7ZwP8xfqplK4h6B/wmdv31DTOvfDT7y/U0y
KJD1hyVU7+2nELzeNJBfDpYewnbVuiQbOKsG2jQt80dqlu1TZ6TS6T8oyMiJMD4l
B18QJKiiW8sqa1kzuJE9wFy+vWYej0EnuMrs14ZxZv/kvVx8UjGUbSuaVwwOr4/Z
EhH0HS50WWV63BeekdBprL4Jcv7KzMw3Z89lh0o41tMgDiVodsbZqpfPd4d5pmI+
1p9uv+IcKeJ4vq4N32x6G4MzuuK32QprvQbbI2vMIx/TAo/axJ1YRWlclMN4DGA2
qqgJtwwwVa7uIZ+jyRofUNTpjk4ykJuEnWbsMEZYo/jzROpmq97Z9MNsdqF6onpz
XglpOKUwyjYFwmJbBI6/aIOmb+1X4IRoLJdeu4YigKgNrPO2hoVlbsq/8BlCuxWK
p2z390ku2av/pSbwigNfE05dpHN5DqKko7qQo/JlpV/nFs4WZvC4cPVNCseul3WS
xQ1jewCNaNkedV+L40rLxaA3PQYb8cdfhqREduLFVjRRN/h3eaepdE3MblZpriGE
7iaZxG4BXozWQSx4UzOJmxaN/ws3kHuO5hQ9/BNIWKY
-> ssh-rsa mXlurQ
WZHJgiKwuCaDpHCaxf2UEOdBKaLa6GFg48uqV0wDrsvY5uQ05lCYG5Fqf/WlJUMQ
K+riYUGdVPObXkWDqjPP7OulBc5PlE/+u+pB7AssKfVqy0thZXSIyMixJ051DqhI
tGEZbJ2z1CS7N7naM3uAvXODWMnd3s3gwyYAhz0a1WAjsizAtwsjBGPm/u1u7M2G
/gJONIWLc6yN3d5jlFgCt1Yew0qD6QbGjA0LJYLN+1UCl/HXpYrbJKO1XtZBbAmA
utw6XeMVP3OxEaF5iGadoomFzmg8Q7QzWIbr4ekR8YMPm0CYgQaP0A5TeNHu9puD
IItF0O1C9Xk9xeiEcR9F74Er+ghFLZbVHtvuK2WB/KiEflVYIcXpFTLUO1biua+z
1qE3WFi+qV6B8cETtsMKtQuA6aPIsR+E/D0xcp5vobhNqv8c7WWTexgCrS5OCxcz
uFudS2sMefQtcGEk/M4F+NcqpbQNF5YhOZCL9BCMIh8ie9kAwbfRoC6uPoB9b49t
-> V-grease "=~];r
QLouAtjBbzDfT9JDDCyGM4ACrlaTD9J/Kqkn
--- lWq/maOlPCnPw2IjrT7rpEV+zBayGBrV4vBSpId8/K8
¤8·E¾ãÜ«Ã(Y,1“W÷%õw QŒm&9]vî7ézV †³$õðêCD<43>Ô;8 ÁÇò0‡=p'¹ <0B>.©ƒz£3ÈQmÍ™…ãÿY1ŸŸ|σ