thehedgehog/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

meta: format

Browse source
This commit is contained in:
Mr Hedgehog 2022-05-13 22:01:25 -04:00
parent a3a483fdbb
commit ed828497b9
No known key found for this signature in database
GPG key ID: A5F69F6C161FDA7E
22 changed files with 286 additions and 294 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
flake.nix
View file

@ -105,7 +105,8 @@
pkgs = pkgs;
modules = [
./modules/caddy.nix
./hosts/marvin/configuration.nix { inherit inputs pkgs; }
./hosts/marvin/configuration.nix
{inherit inputs pkgs;}
];
};
in {
@ -141,7 +142,7 @@
./hosts/marvin/bootloader.nix
./modules/caddy.nix
];
specialArgs = { inherit self inputs; };
specialArgs = {inherit self inputs;};
};
nixosConfigurations.zaphod = lib.nixosSystem {
system = "x86_64-linux";
@ -160,7 +161,7 @@
home-manager.extraSpecialArgs = {inherit pkgs system inputs nix-colors;};
}
];
specialArgs = { inherit self inputs nix-colors; };
specialArgs = {inherit self inputs nix-colors;};
};
nixosConfigurations.zaphod-iso = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
@ -179,7 +180,7 @@
home-manager.extraSpecialArgs = {inherit pkgs system inputs nix-colors;};
}
];
specialArgs = { inherit inputs nix-colors; };
specialArgs = {inherit inputs nix-colors;};
};
homeConfigurations.mrhedgehog = home-manager.lib.homeManagerConfiguration {

16
home.nix
View file

@ -6,7 +6,7 @@
nix-colors,
...
}: {
# }: let
# }: let
# Define Colorscheme
colorscheme = {
slug = "tokyonight";
@ -32,7 +32,7 @@
base0F = "c0caf5";
};
};
# in {
# in {
imports = [
# Wayland
# ./home/wayland/sway.nix
@ -53,6 +53,7 @@
./home/programs/nix-index.nix
./home/programs/nnn.nix
./home/programs/nushell.nix
./home/programs/pandoc.nix
./home/programs/rofi.nix
./home/programs/skim.nix
./home/programs/ssh/default.nix
@ -100,7 +101,9 @@
home = {
file.".icons/default".source = "${pkgs.phinger-cursors}/share/icons/phinger-cursors";
file.".local/share/fonts" = {
source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/.nix-profile/share/fonts";
source =
config.lib.file.mkOutOfStoreSymlink
"${config.home.homeDirectory}/.nix-profile/share/fonts";
recursive = true;
};
homeDirectory = "/home/mrhedgehog";
@ -113,9 +116,7 @@
XDG_DATA_DIRS = "/home/mrhedgehog/.nix-profile/share:/home/mrhedgehog/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share";
GNUPGHOME = "/home/mrhedgehog/.gnupg";
};
language = {
base = "en_US.utf8";
};
language = {base = "en_US.utf8";};
};
programs = {
home-manager.enable = true;
@ -132,7 +133,8 @@
};
xdg.configFile = {
"nvim/init.generated.lua".text = config.programs.neovim.generatedConfigs.lua;
"nvim/init.generated.lua".text =
config.programs.neovim.generatedConfigs.lua;
};
fonts.fontconfig.enable = true;

21
home/packages.nix
View file

@ -1,9 +1,15 @@
{pkgs, ...}: let
myPythonPackages = python-packages:
with python-packages; [
# pkgs.my-nixpkgs.python3Packages.gasp
black
grip
isort
nose
nose2
poetry
pyflakes
pygobject3
pytest
pyxdg
tkinter
];
@ -20,12 +26,15 @@ in {
btrfs-progs
buku
bukubrow
cargo
ccid
clipman
cmake
cmus
dex
discord
dxvk
editorconfig-core-c
element-desktop-wayland
emacs-all-the-icons-fonts
fd
@ -33,8 +42,11 @@ in {
# freetube
fzf
gnupg
graphviz
greetd.greetd
greetd.tuigreet
gnuplot
html-tidy
input-fonts
josm
kde-gtk-config
@ -49,11 +61,15 @@ in {
my-pkgs.tokyo-night-gtk
networkmanager_dmenu
nixgl.nixGLIntel
nixfmt
nodePackages.stylelint
nodePackages.js-beautify
nyxt
obsidian
pcmanfm
pcsclite
pcsclite.bin
pipenv
playerctl
proton-caller
protontricks
@ -65,6 +81,9 @@ in {
ripgrep
ripgrep-all
rsync
rustc
rust-analyzer
shellcheck
sumneko-lua-language-server
steam
steam-run

71
home/programs/emacs/default.nix
View file

@ -1,73 +1,14 @@
{pkgs, config, ...}:
let
customEmacs = pkgs.runCommand "hello" {
buildInputs = [ pkgs.makeWrapper ];
} ''
mkdir $out
ln -s ${pkgs.emacsPgtkNativeComp}/* $out
rm $out/bin
mkdir $out/bin
ln -s ${pkgs.emacsPgtkNativeComp}/bin/* $out/bin
rm $out/bin/emacs
makeWrapper ${pkgs.emacsPgtkNativeComp}/bin/emacs $out/bin/emacs \
--prefix PATH : "${pkgs.lib.makeBinPath [
# Shellscript Support
pkgs.shellcheck
pkgs.bashdb
# Lua Support
pkgs.sumneko-lua-language-server
# Rust Support
pkgs.clippy
pkgs.rust-analyzer
pkgs.rustfmt
# Nix Support
pkgs.nixfmt
pkgs.rnix-lsp
# Org Support
pkgs.gnuplot
pkgs.sqlite
pkgs.texlive.combined.scheme-medium
# YAML Support
pkgs.yaml-language-server
# Python Support
pkgs.pyright
pkgs.poetry
# Markdown Support
pkgs.pandoc
pkgs.mdl
# Javascript/Typescript Support
pkgs.nodejs
# Git support
pkgs.gitFull
# Python Packages
(pkgs.python3.withPackages(ps: with ps; [
jupyter
black
pytest
nose
nose2
pyflakes
isort
]))
# Other packages
pkgs.ripgrep
pkgs.fd
pkgs.imagemagick
pkgs.gnutls
pkgs.zstd
# EditorConfig support
pkgs.editorconfig-core-c
]}"
'';
in
{
pkgs,
config,
...
}: {
programs.emacs = {
enable = true;
package = ((pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [ epkgs.vterm ]));
package = (pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [epkgs.vterm]);
};
services.emacs = {
enable = true;
package = ((pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [ epkgs.vterm ]));
package = (pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [epkgs.vterm]);
};
}

12
home/programs/fzf.nix Normal file
View file

@ -0,0 +1,12 @@
{
config,
lib,
pkgs,
...
}: {
programs.fzf = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
};
}

9
home/programs/git.nix
View file

@ -54,4 +54,13 @@ with pkgs; {
userEmail = "hedgehog@mrhedgehog.xyz";
userName = "Mr Hedgehog";
};
programs.lazygit = {
enable = true;
settings = {
git.paging = {
pager = "delta --dark --paging=never";
colorArg = "always";
};
};
};
}

2
home/programs/gpg.nix
View file

@ -28,7 +28,7 @@
keyserver = "hkps://keys.openpgp.org";
};
scdaemonSettings = {
card-timeout = "5";
card-timeout = "60";
pcsc-shared = true;
# shared-access = true;
disable-ccid = true;

8
home/programs/pandoc.nix Normal file
View file

@ -0,0 +1,8 @@
{
config,
lib,
pkgs,
...
}: {
programs.pandoc.enable = true;
}

25
home/programs/unorganized.nix
View file

@ -1,25 +0,0 @@
{
programs = {
fzf = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
};
lazygit = {
enable = true;
settings = {
git.paging = {
pager = "delta --dark --paging=never";
colorArg = "always";
};
};
};
pandoc = {enable = true;};
zoxide = {
enable = true;
enableBashIntegration = true;
enableFishIntegration = true;
enableZshIntegration = true;
};
};
}

6
home/scripts.nix
View file

@ -1,4 +1,8 @@
{lib, pkgs, ...}: {
{
lib,
pkgs,
...
}: {
home.activation = {
cloneDoom = lib.hm.dag.entryAfter ["writeBoundary"] ''
if [ ! -d "$XDG_CONFIG_HOME/emacs" ]; then

39
home/xdg.nix
View file

@ -5,25 +5,24 @@
mimeApps = {
enable = true;
defaultApplications = {
"application/pdf" = [ "firefox.desktop" "chromium-browser.desktop" ];
"application/rdf+xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
"application/rss+xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
"application/xhtml+xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
"application/xhtml_xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
"application/xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
"image/gif" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ];
"image/jpeg" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ];
"image/png" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ];
"image/webp" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ];
"text/html" = [ "firefox.desktop" "chromium-browser.desktop" ];
"text/xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
"x-scheme-handler/http" = [ "firefox.desktop" "chromium-browser.desktop" ];
"x-scheme-handler/https" = [ "firefox.desktop" "chromium-browser.desktop" ];
"x-scheme-handler/about" = [ "firefox.desktop" "chromium-browser.desktop" ];
"x-scheme-handler/unknown" = [ "firefox.desktop" "chromium-browser.desktop" ];
"x-scheme-handler/steam" = [ "steam-native.desktop" "steam.desktop" ];
"x-scheme-handler/steamlink" = [ "steam-native.desktop" "steam.desktop" ];
"application/pdf" = ["firefox.desktop" "chromium-browser.desktop"];
"application/rdf+xml" = ["firefox.desktop" "chromium-browser.desktop"];
"application/rss+xml" = ["firefox.desktop" "chromium-browser.desktop"];
"application/xhtml+xml" = ["firefox.desktop" "chromium-browser.desktop"];
"application/xhtml_xml" = ["firefox.desktop" "chromium-browser.desktop"];
"application/xml" = ["firefox.desktop" "chromium-browser.desktop"];
"image/gif" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
"image/jpeg" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
"image/png" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
"image/webp" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
"text/html" = ["firefox.desktop" "chromium-browser.desktop"];
"text/xml" = ["firefox.desktop" "chromium-browser.desktop"];
"x-scheme-handler/http" = ["firefox.desktop" "chromium-browser.desktop"];
"x-scheme-handler/https" = ["firefox.desktop" "chromium-browser.desktop"];
"x-scheme-handler/about" = ["firefox.desktop" "chromium-browser.desktop"];
"x-scheme-handler/unknown" = ["firefox.desktop" "chromium-browser.desktop"];
"x-scheme-handler/steam" = ["steam-native.desktop" "steam.desktop"];
"x-scheme-handler/steamlink" = ["steam-native.desktop" "steam.desktop"];
};
};
userDirs = {
@ -35,7 +34,7 @@
};
desktopEntries = {
element-desktop = {
categories = [ "Network" "InstantMessaging" ];
categories = ["Network" "InstantMessaging"];
comment = "Desktop app for Element";
exec = "element-desktop";
genericName = "Element Desktop App";

7
hosts/common/nixConfig.nix
View file

@ -1,4 +1,9 @@
{pkgs, inputs, self, ...}: {
{
pkgs,
inputs,
self,
...
}: {
nix = {
enable = true;
package = pkgs.nixUnstable;

1
hosts/marvin/configuration.nix
View file

@ -4,7 +4,6 @@
inputs,
...
}: {
disabledModules = ["services/web-servers/caddy/default.nix"];
imports = [
# Common Config

2
hosts/marvin/firewall.nix
View file

@ -1,3 +1,3 @@
{
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedTCPPorts = [80 443];
}

12
hosts/marvin/services/caddy.nix
View file

@ -1,10 +1,14 @@
{ lib, pkgs, ... }: {
{
lib,
pkgs,
...
}: {
services.caddy = {
enable = true;
package = (pkgs.callPackage ./custom-caddy.nix {
plugins = [ "github.com/caddy-dns/cloudflare" ];
package = pkgs.callPackage ./custom-caddy.nix {
plugins = ["github.com/caddy-dns/cloudflare"];
vendorSha256 = "sha256-1SBOXv2RGLlTT/mguPjTASU5AeQNIVySgVMgvu5BH6w=";
});
};
extraConfig = ''
cache.mrhedgehog.xyz {
tls {

95
hosts/marvin/services/custom-caddy.nix
View file

@ -1,57 +1,60 @@
{ stdenv, lib, buildGoModule, plugins ? [], vendorSha256 ? "" }:
{
stdenv,
lib,
buildGoModule,
plugins ? [],
vendorSha256 ? "",
}:
with lib; let
imports = flip concatMapStrings plugins (pkg: "\t\t\t_ \"${pkg}\"\n");
with lib;
main = ''
package main
let imports = flip concatMapStrings plugins (pkg: "\t\t\t_ \"${pkg}\"\n");
import (
caddycmd "github.com/caddyserver/caddy/v2/cmd"
main = ''
package main
_ "github.com/caddyserver/caddy/v2/modules/standard"
${imports}
)
import (
caddycmd "github.com/caddyserver/caddy/v2/cmd"
func main() {
caddycmd.Main()
}
'';
in
buildGoModule rec {
pname = "caddy";
version = "2.5.0";
_ "github.com/caddyserver/caddy/v2/modules/standard"
${imports}
)
subPackages = ["cmd/caddy"];
func main() {
caddycmd.Main()
}
'';
src = builtins.fetchGit {
url = "https://github.com/caddyserver/caddy.git";
rev = "a8bb4a665af358f61a7ac0eabac8df2110cb6a36";
};
inherit vendorSha256;
in buildGoModule rec {
pname = "caddy";
version = "2.5.0";
overrideModAttrs = _: {
preBuild = "echo '${main}' > cmd/caddy/main.go";
postInstall = "cp go.sum go.mod $out/ && ls $out/";
};
subPackages = [ "cmd/caddy" ];
postPatch = ''
echo '${main}' > cmd/caddy/main.go
cat cmd/caddy/main.go
'';
src = builtins.fetchGit {
url = "https://github.com/caddyserver/caddy.git";
rev = "a8bb4a665af358f61a7ac0eabac8df2110cb6a36";
};
postConfigure = ''
cp vendor/go.sum ./
cp vendor/go.mod ./
'';
inherit vendorSha256;
overrideModAttrs = (_: {
preBuild = "echo '${main}' > cmd/caddy/main.go";
postInstall = "cp go.sum go.mod $out/ && ls $out/";
});
postPatch = ''
echo '${main}' > cmd/caddy/main.go
cat cmd/caddy/main.go
'';
postConfigure = ''
cp vendor/go.sum ./
cp vendor/go.mod ./
'';
meta = with lib; {
homepage = https://caddyserver.com;
description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
license = licenses.asl20;
maintainers = with maintainers; [ rushmorem fpletz zimbatm ];
};
}
meta = with lib; {
homepage = https://caddyserver.com;
description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
license = licenses.asl20;
maintainers = with maintainers; [rushmorem fpletz zimbatm];
};
}

8
hosts/marvin/services/hydra.nix
View file

@ -1,5 +1,9 @@
{pkgs, inputs, ...}: {
services.hydra = {
{
pkgs,
inputs,
...
}: {
services.hydra = {
enable = true;
package = inputs.hydra-updated.legacyPackages.x86_64-linux.hydra_unstable;
hydraURL = "https://hydra.mrhedgehog.xyz";

2
hosts/zaphod/configuration.nix
View file

@ -4,7 +4,6 @@
inputs,
...
}: {
disabledModules = ["services/web-servers/caddy/default.nix"];
imports = [
# Common Config
@ -19,7 +18,6 @@
# Machine-specific configurations.
./programs/dconf.nix
];
networking = {
hostName = "zaphod";

127
modules/caddy.nix
View file

@ -1,56 +1,56 @@
{ config, lib, pkgs, ... }:
with lib;
let
{
config,
lib,
pkgs,
...
}:
with lib; let
cfg = config.services.caddy;
virtualHosts = attrValues cfg.virtualHosts;
acmeVHosts = filter (hostOpts: hostOpts.useACMEHost != null) virtualHosts;
mkVHostConf = hostOpts:
let
sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory;
in
''
${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} {
bind ${concatStringsSep " " hostOpts.listenAddresses}
${optionalString (hostOpts.useACMEHost != null) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"}
log {
${hostOpts.logFormat}
}
mkVHostConf = hostOpts: let
sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory;
in ''
${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} {
bind ${concatStringsSep " " hostOpts.listenAddresses}
${optionalString (hostOpts.useACMEHost != null) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"}
log {
${hostOpts.logFormat}
}
${hostOpts.extraConfig}
}
'';
${hostOpts.extraConfig}
}
'';
configFile =
let
Caddyfile = pkgs.writeText "Caddyfile" ''
{
${cfg.globalConfig}
}
${cfg.extraConfig}
'';
configFile = let
Caddyfile = pkgs.writeText "Caddyfile" ''
{
${cfg.globalConfig}
}
${cfg.extraConfig}
'';
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" { nativeBuildInputs = [ cfg.package ]; } ''
${cfg.package}/bin/caddy fmt ${Caddyfile} > $out
'';
in
if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform then Caddyfile-formatted else Caddyfile;
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" {nativeBuildInputs = [cfg.package];} ''
${cfg.package}/bin/caddy fmt ${Caddyfile} > $out
'';
in
if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform
then Caddyfile-formatted
else Caddyfile;
acmeHosts = unique (catAttrs "useACMEHost" acmeVHosts);
mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix;
in
{
in {
imports = [
(mkRemovedOptionModule [ "services" "caddy" "agree" ] "this option is no longer necessary for Caddy 2")
(mkRenamedOptionModule [ "services" "caddy" "ca" ] [ "services" "caddy" "acmeCA" ])
(mkRenamedOptionModule [ "services" "caddy" "config" ] [ "services" "caddy" "extraConfig" ])
(mkRemovedOptionModule ["services" "caddy" "agree"] "this option is no longer necessary for Caddy 2")
(mkRenamedOptionModule ["services" "caddy" "ca"] ["services" "caddy" "acmeCA"])
(mkRenamedOptionModule ["services" "caddy" "config"] ["services" "caddy" "extraConfig"])
];
disabledModules = [ "services/web-servers/caddy/default.nix" ];
disabledModules = ["services/web-servers/caddy/default.nix"];
# interface
options.services.caddy = {
@ -222,7 +222,7 @@ in
};
virtualHosts = mkOption {
type = with types; attrsOf (submodule (import ./vhost-options.nix { inherit cfg; }));
type = with types; attrsOf (submodule (import ./vhost-options.nix {inherit cfg;}));
default = {};
example = literalExpression ''
{
@ -262,21 +262,24 @@ in
certificates.
'';
};
};
# implementation
config = mkIf cfg.enable {
assertions = [
{ assertion = cfg.adapter != "caddyfile" -> cfg.configFile != configFile;
message = "Any value other than 'caddyfile' is only valid when providing your own `services.caddy.configFile`";
}
] ++ map (name: mkCertOwnershipAssertion {
inherit (cfg) group user;
cert = config.security.acme.certs.${name};
groups = config.users.groups;
}) acmeHosts;
assertions =
[
{
assertion = cfg.adapter != "caddyfile" -> cfg.configFile != configFile;
message = "Any value other than 'caddyfile' is only valid when providing your own `services.caddy.configFile`";
}
]
++ map (name:
mkCertOwnershipAssertion {
inherit (cfg) group user;
cert = config.security.acme.certs.${name};
groups = config.users.groups;
})
acmeHosts;
services.caddy.extraConfig = concatMapStringsSep "\n" mkVHostConf virtualHosts;
services.caddy.globalConfig = ''
@ -287,30 +290,30 @@ in
}
'';
systemd.packages = [ cfg.package ];
systemd.packages = [cfg.package];
systemd.services.caddy = {
wants = map (hostOpts: "acme-finished-${hostOpts.useACMEHost}.target") acmeVHosts;
after = map (hostOpts: "acme-selfsigned-${hostOpts.useACMEHost}.service") acmeVHosts;
before = map (hostOpts: "acme-${hostOpts.useACMEHost}.service") acmeVHosts;
wantedBy = [ "multi-user.target" ];
wantedBy = ["multi-user.target"];
startLimitIntervalSec = 14400;
startLimitBurst = 10;
serviceConfig = {
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
# If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
ExecStart = [ "" "${cfg.package}/bin/caddy run --config ${cfg.configFile} --adapter ${cfg.adapter} ${optionalString cfg.resume "--resume"}" ];
ExecReload = [ "" "${cfg.package}/bin/caddy reload --config ${cfg.configFile} --adapter ${cfg.adapter}" ];
ExecStart = ["" "${cfg.package}/bin/caddy run --config ${cfg.configFile} --adapter ${cfg.adapter} ${optionalString cfg.resume "--resume"}"];
ExecReload = ["" "${cfg.package}/bin/caddy reload --config ${cfg.configFile} --adapter ${cfg.adapter}"];
ExecStartPre = "${cfg.package}/bin/caddy validate --config ${cfg.configFile} --adapter ${cfg.adapter}";
User = cfg.user;
Group = cfg.group;
ReadWriteDirectories = cfg.dataDir;
StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") [ "caddy" ];
LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") [ "caddy" ];
StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") ["caddy"];
LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") ["caddy"];
Restart = "on-abnormal";
SupplementaryGroups = mkIf (length acmeVHosts != 0) [ "acme" ];
SupplementaryGroups = mkIf (length acmeVHosts != 0) ["acme"];
# TODO: attempt to upstream these options
NoNewPrivileges = true;
@ -333,11 +336,9 @@ in
caddy.gid = config.ids.gids.caddy;
};
security.acme.certs =
let
reloads = map (useACMEHost: nameValuePair useACMEHost { reloadServices = [ "caddy.service" ]; }) acmeHosts;
in
listToAttrs reloads;
security.acme.certs = let
reloads = map (useACMEHost: nameValuePair useACMEHost {reloadServices = ["caddy.service"];}) acmeHosts;
in
listToAttrs reloads;
};
}

83
modules/crypto.nix
View file

@ -1,8 +1,10 @@
{ pkgs, config, lib, ... }:
with lib;
let
{
pkgs,
config,
lib,
...
}:
with lib; let
cfg = config.mrhedgehog.secrets;
secret = types.submodule {
@ -39,48 +41,55 @@ let
metadata = lib.importTOML ../metadata/hosts.toml;
mkSecretOnDisk = name:
{ source, ... }:
mkSecretOnDisk = name: {source, ...}:
pkgs.stdenv.mkDerivation {
name = "${name}-secret";
phases = "installPhase";
buildInputs = [ pkgs.rage ];
installPhase =
let key = metadata.hosts."${config.networking.hostName}".ssh_pubkey;
in ''
rage -a -r '${key}' -o "$out" '${source}'
'';
};
mkService = name:
{ source, dest, owner, group, permissions, ... }: {
description = "decrypt secret for ${name}";
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script = with pkgs; ''
rm -rf ${dest}
"${rage}"/bin/rage -d -i /etc/ssh/ssh_host_ed25519_key -o '${dest}' '${
mkSecretOnDisk name { inherit source; }
}'
chown '${owner}':'${group}' '${dest}'
chmod '${permissions}' '${dest}'
buildInputs = [pkgs.rage];
installPhase = let
key = metadata.hosts."${config.networking.hostName}".ssh_pubkey;
in ''
rage -a -r '${key}' -o "$out" '${source}'
'';
};
mkService = name: {
source,
dest,
owner,
group,
permissions,
...
}: {
description = "decrypt secret for ${name}";
wantedBy = ["multi-user.target"];
serviceConfig.Type = "oneshot";
script = with pkgs; ''
rm -rf ${dest}
"${rage}"/bin/rage -d -i /etc/ssh/ssh_host_ed25519_key -o '${dest}' '${
mkSecretOnDisk name {inherit source;}
}'
chown '${owner}':'${group}' '${dest}'
chmod '${permissions}' '${dest}'
'';
};
in {
options.mrhedgehog.secrets = mkOption {
type = types.attrsOf secret;
description = "secret configuration";
default = { };
default = {};
};
config.systemd.services = let
units = mapAttrs' (name: info: {
name = "${name}-key";
value = (mkService name info);
}) cfg;
in units;
units =
mapAttrs' (name: info: {
name = "${name}-key";
value = mkService name info;
})
cfg;
in
units;
}

22
modules/vhost-options.nix
View file

@ -1,11 +1,12 @@
{ cfg }:
{ config, lib, name, ... }:
let
{cfg}: {
config,
lib,
name,
...
}: let
inherit (lib) literalExpression mkOption types;
in
{
in {
options = {
hostName = mkOption {
type = types.str;
default = name;
@ -14,8 +15,8 @@ in
serverAliases = mkOption {
type = with types; listOf str;
default = [ ];
example = [ "www.example.org" "example.org" ];
default = [];
example = ["www.example.org" "example.org"];
description = ''
Additional names of virtual hosts served by this virtual host configuration.
'';
@ -26,8 +27,8 @@ in
description = ''
A list of host interfaces to bind to for this virtual host.
'';
default = [ ];
example = [ "127.0.0.1" "::1" ];
default = [];
example = ["127.0.0.1" "::1"];
};
useACMEHost = mkOption {
@ -74,6 +75,5 @@ in
automatically generated <literal>Caddyfile</literal>.
'';
};
};
}

3
overlays/sumneko.nix
View file

@ -1,5 +1,4 @@
self: super:
{
self: super: {
sumneko-lua-language-server = super.sumneko-lua-language-server.overrideAttrs (old: {
version = "3.2.2";
src = super.fetchFromGitHub rec {