meta: format
This commit is contained in:
parent
a3a483fdbb
commit
ed828497b9
22 changed files with 286 additions and 294 deletions
|
@ -105,7 +105,8 @@
|
|||
pkgs = pkgs;
|
||||
modules = [
|
||||
./modules/caddy.nix
|
||||
./hosts/marvin/configuration.nix { inherit inputs pkgs; }
|
||||
./hosts/marvin/configuration.nix
|
||||
{inherit inputs pkgs;}
|
||||
];
|
||||
};
|
||||
in {
|
||||
|
@ -141,7 +142,7 @@
|
|||
./hosts/marvin/bootloader.nix
|
||||
./modules/caddy.nix
|
||||
];
|
||||
specialArgs = { inherit self inputs; };
|
||||
specialArgs = {inherit self inputs;};
|
||||
};
|
||||
nixosConfigurations.zaphod = lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
|
@ -160,7 +161,7 @@
|
|||
home-manager.extraSpecialArgs = {inherit pkgs system inputs nix-colors;};
|
||||
}
|
||||
];
|
||||
specialArgs = { inherit self inputs nix-colors; };
|
||||
specialArgs = {inherit self inputs nix-colors;};
|
||||
};
|
||||
nixosConfigurations.zaphod-iso = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
|
@ -179,7 +180,7 @@
|
|||
home-manager.extraSpecialArgs = {inherit pkgs system inputs nix-colors;};
|
||||
}
|
||||
];
|
||||
specialArgs = { inherit inputs nix-colors; };
|
||||
specialArgs = {inherit inputs nix-colors;};
|
||||
};
|
||||
|
||||
homeConfigurations.mrhedgehog = home-manager.lib.homeManagerConfiguration {
|
||||
|
|
16
home.nix
16
home.nix
|
@ -6,7 +6,7 @@
|
|||
nix-colors,
|
||||
...
|
||||
}: {
|
||||
# }: let
|
||||
# }: let
|
||||
# Define Colorscheme
|
||||
colorscheme = {
|
||||
slug = "tokyonight";
|
||||
|
@ -32,7 +32,7 @@
|
|||
base0F = "c0caf5";
|
||||
};
|
||||
};
|
||||
# in {
|
||||
# in {
|
||||
imports = [
|
||||
# Wayland
|
||||
# ./home/wayland/sway.nix
|
||||
|
@ -53,6 +53,7 @@
|
|||
./home/programs/nix-index.nix
|
||||
./home/programs/nnn.nix
|
||||
./home/programs/nushell.nix
|
||||
./home/programs/pandoc.nix
|
||||
./home/programs/rofi.nix
|
||||
./home/programs/skim.nix
|
||||
./home/programs/ssh/default.nix
|
||||
|
@ -100,7 +101,9 @@
|
|||
home = {
|
||||
file.".icons/default".source = "${pkgs.phinger-cursors}/share/icons/phinger-cursors";
|
||||
file.".local/share/fonts" = {
|
||||
source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/.nix-profile/share/fonts";
|
||||
source =
|
||||
config.lib.file.mkOutOfStoreSymlink
|
||||
"${config.home.homeDirectory}/.nix-profile/share/fonts";
|
||||
recursive = true;
|
||||
};
|
||||
homeDirectory = "/home/mrhedgehog";
|
||||
|
@ -113,9 +116,7 @@
|
|||
XDG_DATA_DIRS = "/home/mrhedgehog/.nix-profile/share:/home/mrhedgehog/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share";
|
||||
GNUPGHOME = "/home/mrhedgehog/.gnupg";
|
||||
};
|
||||
language = {
|
||||
base = "en_US.utf8";
|
||||
};
|
||||
language = {base = "en_US.utf8";};
|
||||
};
|
||||
programs = {
|
||||
home-manager.enable = true;
|
||||
|
@ -132,7 +133,8 @@
|
|||
};
|
||||
|
||||
xdg.configFile = {
|
||||
"nvim/init.generated.lua".text = config.programs.neovim.generatedConfigs.lua;
|
||||
"nvim/init.generated.lua".text =
|
||||
config.programs.neovim.generatedConfigs.lua;
|
||||
};
|
||||
|
||||
fonts.fontconfig.enable = true;
|
||||
|
|
|
@ -1,9 +1,15 @@
|
|||
{pkgs, ...}: let
|
||||
myPythonPackages = python-packages:
|
||||
with python-packages; [
|
||||
# pkgs.my-nixpkgs.python3Packages.gasp
|
||||
black
|
||||
grip
|
||||
isort
|
||||
nose
|
||||
nose2
|
||||
poetry
|
||||
pyflakes
|
||||
pygobject3
|
||||
pytest
|
||||
pyxdg
|
||||
tkinter
|
||||
];
|
||||
|
@ -20,12 +26,15 @@ in {
|
|||
btrfs-progs
|
||||
buku
|
||||
bukubrow
|
||||
cargo
|
||||
ccid
|
||||
clipman
|
||||
cmake
|
||||
cmus
|
||||
dex
|
||||
discord
|
||||
dxvk
|
||||
editorconfig-core-c
|
||||
element-desktop-wayland
|
||||
emacs-all-the-icons-fonts
|
||||
fd
|
||||
|
@ -33,8 +42,11 @@ in {
|
|||
# freetube
|
||||
fzf
|
||||
gnupg
|
||||
graphviz
|
||||
greetd.greetd
|
||||
greetd.tuigreet
|
||||
gnuplot
|
||||
html-tidy
|
||||
input-fonts
|
||||
josm
|
||||
kde-gtk-config
|
||||
|
@ -49,11 +61,15 @@ in {
|
|||
my-pkgs.tokyo-night-gtk
|
||||
networkmanager_dmenu
|
||||
nixgl.nixGLIntel
|
||||
nixfmt
|
||||
nodePackages.stylelint
|
||||
nodePackages.js-beautify
|
||||
nyxt
|
||||
obsidian
|
||||
pcmanfm
|
||||
pcsclite
|
||||
pcsclite.bin
|
||||
pipenv
|
||||
playerctl
|
||||
proton-caller
|
||||
protontricks
|
||||
|
@ -65,6 +81,9 @@ in {
|
|||
ripgrep
|
||||
ripgrep-all
|
||||
rsync
|
||||
rustc
|
||||
rust-analyzer
|
||||
shellcheck
|
||||
sumneko-lua-language-server
|
||||
steam
|
||||
steam-run
|
||||
|
|
|
@ -1,73 +1,14 @@
|
|||
{pkgs, config, ...}:
|
||||
let
|
||||
customEmacs = pkgs.runCommand "hello" {
|
||||
buildInputs = [ pkgs.makeWrapper ];
|
||||
} ''
|
||||
mkdir $out
|
||||
ln -s ${pkgs.emacsPgtkNativeComp}/* $out
|
||||
rm $out/bin
|
||||
mkdir $out/bin
|
||||
ln -s ${pkgs.emacsPgtkNativeComp}/bin/* $out/bin
|
||||
rm $out/bin/emacs
|
||||
makeWrapper ${pkgs.emacsPgtkNativeComp}/bin/emacs $out/bin/emacs \
|
||||
--prefix PATH : "${pkgs.lib.makeBinPath [
|
||||
# Shellscript Support
|
||||
pkgs.shellcheck
|
||||
pkgs.bashdb
|
||||
# Lua Support
|
||||
pkgs.sumneko-lua-language-server
|
||||
# Rust Support
|
||||
pkgs.clippy
|
||||
pkgs.rust-analyzer
|
||||
pkgs.rustfmt
|
||||
# Nix Support
|
||||
pkgs.nixfmt
|
||||
pkgs.rnix-lsp
|
||||
# Org Support
|
||||
pkgs.gnuplot
|
||||
pkgs.sqlite
|
||||
pkgs.texlive.combined.scheme-medium
|
||||
# YAML Support
|
||||
pkgs.yaml-language-server
|
||||
# Python Support
|
||||
pkgs.pyright
|
||||
pkgs.poetry
|
||||
# Markdown Support
|
||||
pkgs.pandoc
|
||||
pkgs.mdl
|
||||
# Javascript/Typescript Support
|
||||
pkgs.nodejs
|
||||
# Git support
|
||||
pkgs.gitFull
|
||||
# Python Packages
|
||||
(pkgs.python3.withPackages(ps: with ps; [
|
||||
jupyter
|
||||
black
|
||||
pytest
|
||||
nose
|
||||
nose2
|
||||
pyflakes
|
||||
isort
|
||||
]))
|
||||
# Other packages
|
||||
pkgs.ripgrep
|
||||
pkgs.fd
|
||||
pkgs.imagemagick
|
||||
pkgs.gnutls
|
||||
pkgs.zstd
|
||||
|
||||
# EditorConfig support
|
||||
pkgs.editorconfig-core-c
|
||||
]}"
|
||||
'';
|
||||
in
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
programs.emacs = {
|
||||
enable = true;
|
||||
package = ((pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [ epkgs.vterm ]));
|
||||
package = (pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [epkgs.vterm]);
|
||||
};
|
||||
services.emacs = {
|
||||
enable = true;
|
||||
package = ((pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [ epkgs.vterm ]));
|
||||
package = (pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [epkgs.vterm]);
|
||||
};
|
||||
}
|
||||
|
|
12
home/programs/fzf.nix
Normal file
12
home/programs/fzf.nix
Normal file
|
@ -0,0 +1,12 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
programs.fzf = {
|
||||
enable = true;
|
||||
enableBashIntegration = true;
|
||||
enableZshIntegration = true;
|
||||
};
|
||||
}
|
|
@ -54,4 +54,13 @@ with pkgs; {
|
|||
userEmail = "hedgehog@mrhedgehog.xyz";
|
||||
userName = "Mr Hedgehog";
|
||||
};
|
||||
programs.lazygit = {
|
||||
enable = true;
|
||||
settings = {
|
||||
git.paging = {
|
||||
pager = "delta --dark --paging=never";
|
||||
colorArg = "always";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
keyserver = "hkps://keys.openpgp.org";
|
||||
};
|
||||
scdaemonSettings = {
|
||||
card-timeout = "5";
|
||||
card-timeout = "60";
|
||||
pcsc-shared = true;
|
||||
# shared-access = true;
|
||||
disable-ccid = true;
|
||||
|
|
8
home/programs/pandoc.nix
Normal file
8
home/programs/pandoc.nix
Normal file
|
@ -0,0 +1,8 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
programs.pandoc.enable = true;
|
||||
}
|
|
@ -1,25 +0,0 @@
|
|||
{
|
||||
programs = {
|
||||
fzf = {
|
||||
enable = true;
|
||||
enableBashIntegration = true;
|
||||
enableZshIntegration = true;
|
||||
};
|
||||
lazygit = {
|
||||
enable = true;
|
||||
settings = {
|
||||
git.paging = {
|
||||
pager = "delta --dark --paging=never";
|
||||
colorArg = "always";
|
||||
};
|
||||
};
|
||||
};
|
||||
pandoc = {enable = true;};
|
||||
zoxide = {
|
||||
enable = true;
|
||||
enableBashIntegration = true;
|
||||
enableFishIntegration = true;
|
||||
enableZshIntegration = true;
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,4 +1,8 @@
|
|||
{lib, pkgs, ...}: {
|
||||
{
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
home.activation = {
|
||||
cloneDoom = lib.hm.dag.entryAfter ["writeBoundary"] ''
|
||||
if [ ! -d "$XDG_CONFIG_HOME/emacs" ]; then
|
||||
|
|
39
home/xdg.nix
39
home/xdg.nix
|
@ -5,25 +5,24 @@
|
|||
mimeApps = {
|
||||
enable = true;
|
||||
defaultApplications = {
|
||||
"application/pdf" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"application/rdf+xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"application/rss+xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"application/xhtml+xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"application/xhtml_xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"application/xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"image/gif" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"image/jpeg" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"image/png" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"image/webp" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"text/html" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"text/xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"x-scheme-handler/http" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"x-scheme-handler/https" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"x-scheme-handler/about" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"x-scheme-handler/unknown" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
||||
"x-scheme-handler/steam" = [ "steam-native.desktop" "steam.desktop" ];
|
||||
"x-scheme-handler/steamlink" = [ "steam-native.desktop" "steam.desktop" ];
|
||||
|
||||
"application/pdf" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||
"application/rdf+xml" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||
"application/rss+xml" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||
"application/xhtml+xml" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||
"application/xhtml_xml" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||
"application/xml" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||
"image/gif" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
|
||||
"image/jpeg" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
|
||||
"image/png" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
|
||||
"image/webp" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
|
||||
"text/html" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||
"text/xml" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||
"x-scheme-handler/http" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||
"x-scheme-handler/https" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||
"x-scheme-handler/about" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||
"x-scheme-handler/unknown" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||
"x-scheme-handler/steam" = ["steam-native.desktop" "steam.desktop"];
|
||||
"x-scheme-handler/steamlink" = ["steam-native.desktop" "steam.desktop"];
|
||||
};
|
||||
};
|
||||
userDirs = {
|
||||
|
@ -35,7 +34,7 @@
|
|||
};
|
||||
desktopEntries = {
|
||||
element-desktop = {
|
||||
categories = [ "Network" "InstantMessaging" ];
|
||||
categories = ["Network" "InstantMessaging"];
|
||||
comment = "Desktop app for Element";
|
||||
exec = "element-desktop";
|
||||
genericName = "Element Desktop App";
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{pkgs, inputs, self, ...}: {
|
||||
{
|
||||
pkgs,
|
||||
inputs,
|
||||
self,
|
||||
...
|
||||
}: {
|
||||
nix = {
|
||||
enable = true;
|
||||
package = pkgs.nixUnstable;
|
||||
|
|
|
@ -4,7 +4,6 @@
|
|||
inputs,
|
||||
...
|
||||
}: {
|
||||
|
||||
disabledModules = ["services/web-servers/caddy/default.nix"];
|
||||
imports = [
|
||||
# Common Config
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
{
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
networking.firewall.allowedTCPPorts = [80 443];
|
||||
}
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
{ lib, pkgs, ... }: {
|
||||
{
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
services.caddy = {
|
||||
enable = true;
|
||||
package = (pkgs.callPackage ./custom-caddy.nix {
|
||||
plugins = [ "github.com/caddy-dns/cloudflare" ];
|
||||
package = pkgs.callPackage ./custom-caddy.nix {
|
||||
plugins = ["github.com/caddy-dns/cloudflare"];
|
||||
vendorSha256 = "sha256-1SBOXv2RGLlTT/mguPjTASU5AeQNIVySgVMgvu5BH6w=";
|
||||
});
|
||||
};
|
||||
extraConfig = ''
|
||||
cache.mrhedgehog.xyz {
|
||||
tls {
|
||||
|
|
|
@ -1,57 +1,60 @@
|
|||
{ stdenv, lib, buildGoModule, plugins ? [], vendorSha256 ? "" }:
|
||||
{
|
||||
stdenv,
|
||||
lib,
|
||||
buildGoModule,
|
||||
plugins ? [],
|
||||
vendorSha256 ? "",
|
||||
}:
|
||||
with lib; let
|
||||
imports = flip concatMapStrings plugins (pkg: "\t\t\t_ \"${pkg}\"\n");
|
||||
|
||||
with lib;
|
||||
main = ''
|
||||
package main
|
||||
|
||||
let imports = flip concatMapStrings plugins (pkg: "\t\t\t_ \"${pkg}\"\n");
|
||||
import (
|
||||
caddycmd "github.com/caddyserver/caddy/v2/cmd"
|
||||
|
||||
main = ''
|
||||
package main
|
||||
_ "github.com/caddyserver/caddy/v2/modules/standard"
|
||||
${imports}
|
||||
)
|
||||
|
||||
import (
|
||||
caddycmd "github.com/caddyserver/caddy/v2/cmd"
|
||||
func main() {
|
||||
caddycmd.Main()
|
||||
}
|
||||
'';
|
||||
in
|
||||
buildGoModule rec {
|
||||
pname = "caddy";
|
||||
version = "2.5.0";
|
||||
|
||||
_ "github.com/caddyserver/caddy/v2/modules/standard"
|
||||
${imports}
|
||||
)
|
||||
subPackages = ["cmd/caddy"];
|
||||
|
||||
func main() {
|
||||
caddycmd.Main()
|
||||
}
|
||||
'';
|
||||
src = builtins.fetchGit {
|
||||
url = "https://github.com/caddyserver/caddy.git";
|
||||
rev = "a8bb4a665af358f61a7ac0eabac8df2110cb6a36";
|
||||
};
|
||||
|
||||
inherit vendorSha256;
|
||||
|
||||
in buildGoModule rec {
|
||||
pname = "caddy";
|
||||
version = "2.5.0";
|
||||
overrideModAttrs = _: {
|
||||
preBuild = "echo '${main}' > cmd/caddy/main.go";
|
||||
postInstall = "cp go.sum go.mod $out/ && ls $out/";
|
||||
};
|
||||
|
||||
subPackages = [ "cmd/caddy" ];
|
||||
postPatch = ''
|
||||
echo '${main}' > cmd/caddy/main.go
|
||||
cat cmd/caddy/main.go
|
||||
'';
|
||||
|
||||
src = builtins.fetchGit {
|
||||
url = "https://github.com/caddyserver/caddy.git";
|
||||
rev = "a8bb4a665af358f61a7ac0eabac8df2110cb6a36";
|
||||
};
|
||||
postConfigure = ''
|
||||
cp vendor/go.sum ./
|
||||
cp vendor/go.mod ./
|
||||
'';
|
||||
|
||||
inherit vendorSha256;
|
||||
|
||||
overrideModAttrs = (_: {
|
||||
preBuild = "echo '${main}' > cmd/caddy/main.go";
|
||||
postInstall = "cp go.sum go.mod $out/ && ls $out/";
|
||||
});
|
||||
|
||||
postPatch = ''
|
||||
echo '${main}' > cmd/caddy/main.go
|
||||
cat cmd/caddy/main.go
|
||||
'';
|
||||
|
||||
postConfigure = ''
|
||||
cp vendor/go.sum ./
|
||||
cp vendor/go.mod ./
|
||||
'';
|
||||
|
||||
meta = with lib; {
|
||||
homepage = https://caddyserver.com;
|
||||
description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [ rushmorem fpletz zimbatm ];
|
||||
};
|
||||
}
|
||||
meta = with lib; {
|
||||
homepage = https://caddyserver.com;
|
||||
description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
|
||||
license = licenses.asl20;
|
||||
maintainers = with maintainers; [rushmorem fpletz zimbatm];
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
{pkgs, inputs, ...}: {
|
||||
services.hydra = {
|
||||
{
|
||||
pkgs,
|
||||
inputs,
|
||||
...
|
||||
}: {
|
||||
services.hydra = {
|
||||
enable = true;
|
||||
package = inputs.hydra-updated.legacyPackages.x86_64-linux.hydra_unstable;
|
||||
hydraURL = "https://hydra.mrhedgehog.xyz";
|
||||
|
|
|
@ -4,7 +4,6 @@
|
|||
inputs,
|
||||
...
|
||||
}: {
|
||||
|
||||
disabledModules = ["services/web-servers/caddy/default.nix"];
|
||||
imports = [
|
||||
# Common Config
|
||||
|
@ -19,7 +18,6 @@
|
|||
|
||||
# Machine-specific configurations.
|
||||
./programs/dconf.nix
|
||||
|
||||
];
|
||||
networking = {
|
||||
hostName = "zaphod";
|
||||
|
|
|
@ -1,56 +1,56 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
cfg = config.services.caddy;
|
||||
|
||||
virtualHosts = attrValues cfg.virtualHosts;
|
||||
acmeVHosts = filter (hostOpts: hostOpts.useACMEHost != null) virtualHosts;
|
||||
|
||||
mkVHostConf = hostOpts:
|
||||
let
|
||||
sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory;
|
||||
in
|
||||
''
|
||||
${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} {
|
||||
bind ${concatStringsSep " " hostOpts.listenAddresses}
|
||||
${optionalString (hostOpts.useACMEHost != null) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"}
|
||||
log {
|
||||
${hostOpts.logFormat}
|
||||
}
|
||||
mkVHostConf = hostOpts: let
|
||||
sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory;
|
||||
in ''
|
||||
${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} {
|
||||
bind ${concatStringsSep " " hostOpts.listenAddresses}
|
||||
${optionalString (hostOpts.useACMEHost != null) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"}
|
||||
log {
|
||||
${hostOpts.logFormat}
|
||||
}
|
||||
|
||||
${hostOpts.extraConfig}
|
||||
}
|
||||
'';
|
||||
${hostOpts.extraConfig}
|
||||
}
|
||||
'';
|
||||
|
||||
configFile =
|
||||
let
|
||||
Caddyfile = pkgs.writeText "Caddyfile" ''
|
||||
{
|
||||
${cfg.globalConfig}
|
||||
}
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
configFile = let
|
||||
Caddyfile = pkgs.writeText "Caddyfile" ''
|
||||
{
|
||||
${cfg.globalConfig}
|
||||
}
|
||||
${cfg.extraConfig}
|
||||
'';
|
||||
|
||||
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" { nativeBuildInputs = [ cfg.package ]; } ''
|
||||
${cfg.package}/bin/caddy fmt ${Caddyfile} > $out
|
||||
'';
|
||||
in
|
||||
if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform then Caddyfile-formatted else Caddyfile;
|
||||
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" {nativeBuildInputs = [cfg.package];} ''
|
||||
${cfg.package}/bin/caddy fmt ${Caddyfile} > $out
|
||||
'';
|
||||
in
|
||||
if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform
|
||||
then Caddyfile-formatted
|
||||
else Caddyfile;
|
||||
|
||||
acmeHosts = unique (catAttrs "useACMEHost" acmeVHosts);
|
||||
|
||||
mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix;
|
||||
in
|
||||
{
|
||||
in {
|
||||
imports = [
|
||||
(mkRemovedOptionModule [ "services" "caddy" "agree" ] "this option is no longer necessary for Caddy 2")
|
||||
(mkRenamedOptionModule [ "services" "caddy" "ca" ] [ "services" "caddy" "acmeCA" ])
|
||||
(mkRenamedOptionModule [ "services" "caddy" "config" ] [ "services" "caddy" "extraConfig" ])
|
||||
(mkRemovedOptionModule ["services" "caddy" "agree"] "this option is no longer necessary for Caddy 2")
|
||||
(mkRenamedOptionModule ["services" "caddy" "ca"] ["services" "caddy" "acmeCA"])
|
||||
(mkRenamedOptionModule ["services" "caddy" "config"] ["services" "caddy" "extraConfig"])
|
||||
];
|
||||
|
||||
disabledModules = [ "services/web-servers/caddy/default.nix" ];
|
||||
disabledModules = ["services/web-servers/caddy/default.nix"];
|
||||
|
||||
# interface
|
||||
options.services.caddy = {
|
||||
|
@ -222,7 +222,7 @@ in
|
|||
};
|
||||
|
||||
virtualHosts = mkOption {
|
||||
type = with types; attrsOf (submodule (import ./vhost-options.nix { inherit cfg; }));
|
||||
type = with types; attrsOf (submodule (import ./vhost-options.nix {inherit cfg;}));
|
||||
default = {};
|
||||
example = literalExpression ''
|
||||
{
|
||||
|
@ -262,21 +262,24 @@ in
|
|||
certificates.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
# implementation
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
assertions = [
|
||||
{ assertion = cfg.adapter != "caddyfile" -> cfg.configFile != configFile;
|
||||
message = "Any value other than 'caddyfile' is only valid when providing your own `services.caddy.configFile`";
|
||||
}
|
||||
] ++ map (name: mkCertOwnershipAssertion {
|
||||
inherit (cfg) group user;
|
||||
cert = config.security.acme.certs.${name};
|
||||
groups = config.users.groups;
|
||||
}) acmeHosts;
|
||||
assertions =
|
||||
[
|
||||
{
|
||||
assertion = cfg.adapter != "caddyfile" -> cfg.configFile != configFile;
|
||||
message = "Any value other than 'caddyfile' is only valid when providing your own `services.caddy.configFile`";
|
||||
}
|
||||
]
|
||||
++ map (name:
|
||||
mkCertOwnershipAssertion {
|
||||
inherit (cfg) group user;
|
||||
cert = config.security.acme.certs.${name};
|
||||
groups = config.users.groups;
|
||||
})
|
||||
acmeHosts;
|
||||
|
||||
services.caddy.extraConfig = concatMapStringsSep "\n" mkVHostConf virtualHosts;
|
||||
services.caddy.globalConfig = ''
|
||||
|
@ -287,30 +290,30 @@ in
|
|||
}
|
||||
'';
|
||||
|
||||
systemd.packages = [ cfg.package ];
|
||||
systemd.packages = [cfg.package];
|
||||
systemd.services.caddy = {
|
||||
wants = map (hostOpts: "acme-finished-${hostOpts.useACMEHost}.target") acmeVHosts;
|
||||
after = map (hostOpts: "acme-selfsigned-${hostOpts.useACMEHost}.service") acmeVHosts;
|
||||
before = map (hostOpts: "acme-${hostOpts.useACMEHost}.service") acmeVHosts;
|
||||
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
wantedBy = ["multi-user.target"];
|
||||
startLimitIntervalSec = 14400;
|
||||
startLimitBurst = 10;
|
||||
|
||||
serviceConfig = {
|
||||
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
|
||||
# If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
|
||||
ExecStart = [ "" "${cfg.package}/bin/caddy run --config ${cfg.configFile} --adapter ${cfg.adapter} ${optionalString cfg.resume "--resume"}" ];
|
||||
ExecReload = [ "" "${cfg.package}/bin/caddy reload --config ${cfg.configFile} --adapter ${cfg.adapter}" ];
|
||||
ExecStart = ["" "${cfg.package}/bin/caddy run --config ${cfg.configFile} --adapter ${cfg.adapter} ${optionalString cfg.resume "--resume"}"];
|
||||
ExecReload = ["" "${cfg.package}/bin/caddy reload --config ${cfg.configFile} --adapter ${cfg.adapter}"];
|
||||
|
||||
ExecStartPre = "${cfg.package}/bin/caddy validate --config ${cfg.configFile} --adapter ${cfg.adapter}";
|
||||
User = cfg.user;
|
||||
Group = cfg.group;
|
||||
ReadWriteDirectories = cfg.dataDir;
|
||||
StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") [ "caddy" ];
|
||||
LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") [ "caddy" ];
|
||||
StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") ["caddy"];
|
||||
LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") ["caddy"];
|
||||
Restart = "on-abnormal";
|
||||
SupplementaryGroups = mkIf (length acmeVHosts != 0) [ "acme" ];
|
||||
SupplementaryGroups = mkIf (length acmeVHosts != 0) ["acme"];
|
||||
|
||||
# TODO: attempt to upstream these options
|
||||
NoNewPrivileges = true;
|
||||
|
@ -333,11 +336,9 @@ in
|
|||
caddy.gid = config.ids.gids.caddy;
|
||||
};
|
||||
|
||||
security.acme.certs =
|
||||
let
|
||||
reloads = map (useACMEHost: nameValuePair useACMEHost { reloadServices = [ "caddy.service" ]; }) acmeHosts;
|
||||
in
|
||||
listToAttrs reloads;
|
||||
|
||||
security.acme.certs = let
|
||||
reloads = map (useACMEHost: nameValuePair useACMEHost {reloadServices = ["caddy.service"];}) acmeHosts;
|
||||
in
|
||||
listToAttrs reloads;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
cfg = config.mrhedgehog.secrets;
|
||||
|
||||
secret = types.submodule {
|
||||
|
@ -39,48 +41,55 @@ let
|
|||
|
||||
metadata = lib.importTOML ../metadata/hosts.toml;
|
||||
|
||||
mkSecretOnDisk = name:
|
||||
{ source, ... }:
|
||||
mkSecretOnDisk = name: {source, ...}:
|
||||
pkgs.stdenv.mkDerivation {
|
||||
name = "${name}-secret";
|
||||
phases = "installPhase";
|
||||
buildInputs = [ pkgs.rage ];
|
||||
installPhase =
|
||||
let key = metadata.hosts."${config.networking.hostName}".ssh_pubkey;
|
||||
in ''
|
||||
rage -a -r '${key}' -o "$out" '${source}'
|
||||
'';
|
||||
};
|
||||
|
||||
mkService = name:
|
||||
{ source, dest, owner, group, permissions, ... }: {
|
||||
description = "decrypt secret for ${name}";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
||||
script = with pkgs; ''
|
||||
rm -rf ${dest}
|
||||
"${rage}"/bin/rage -d -i /etc/ssh/ssh_host_ed25519_key -o '${dest}' '${
|
||||
mkSecretOnDisk name { inherit source; }
|
||||
}'
|
||||
|
||||
chown '${owner}':'${group}' '${dest}'
|
||||
chmod '${permissions}' '${dest}'
|
||||
buildInputs = [pkgs.rage];
|
||||
installPhase = let
|
||||
key = metadata.hosts."${config.networking.hostName}".ssh_pubkey;
|
||||
in ''
|
||||
rage -a -r '${key}' -o "$out" '${source}'
|
||||
'';
|
||||
};
|
||||
|
||||
mkService = name: {
|
||||
source,
|
||||
dest,
|
||||
owner,
|
||||
group,
|
||||
permissions,
|
||||
...
|
||||
}: {
|
||||
description = "decrypt secret for ${name}";
|
||||
wantedBy = ["multi-user.target"];
|
||||
|
||||
serviceConfig.Type = "oneshot";
|
||||
|
||||
script = with pkgs; ''
|
||||
rm -rf ${dest}
|
||||
"${rage}"/bin/rage -d -i /etc/ssh/ssh_host_ed25519_key -o '${dest}' '${
|
||||
mkSecretOnDisk name {inherit source;}
|
||||
}'
|
||||
|
||||
chown '${owner}':'${group}' '${dest}'
|
||||
chmod '${permissions}' '${dest}'
|
||||
'';
|
||||
};
|
||||
in {
|
||||
options.mrhedgehog.secrets = mkOption {
|
||||
type = types.attrsOf secret;
|
||||
description = "secret configuration";
|
||||
default = { };
|
||||
default = {};
|
||||
};
|
||||
|
||||
config.systemd.services = let
|
||||
units = mapAttrs' (name: info: {
|
||||
name = "${name}-key";
|
||||
value = (mkService name info);
|
||||
}) cfg;
|
||||
in units;
|
||||
units =
|
||||
mapAttrs' (name: info: {
|
||||
name = "${name}-key";
|
||||
value = mkService name info;
|
||||
})
|
||||
cfg;
|
||||
in
|
||||
units;
|
||||
}
|
||||
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
{ cfg }:
|
||||
{ config, lib, name, ... }:
|
||||
let
|
||||
{cfg}: {
|
||||
config,
|
||||
lib,
|
||||
name,
|
||||
...
|
||||
}: let
|
||||
inherit (lib) literalExpression mkOption types;
|
||||
in
|
||||
{
|
||||
in {
|
||||
options = {
|
||||
|
||||
hostName = mkOption {
|
||||
type = types.str;
|
||||
default = name;
|
||||
|
@ -14,8 +15,8 @@ in
|
|||
|
||||
serverAliases = mkOption {
|
||||
type = with types; listOf str;
|
||||
default = [ ];
|
||||
example = [ "www.example.org" "example.org" ];
|
||||
default = [];
|
||||
example = ["www.example.org" "example.org"];
|
||||
description = ''
|
||||
Additional names of virtual hosts served by this virtual host configuration.
|
||||
'';
|
||||
|
@ -26,8 +27,8 @@ in
|
|||
description = ''
|
||||
A list of host interfaces to bind to for this virtual host.
|
||||
'';
|
||||
default = [ ];
|
||||
example = [ "127.0.0.1" "::1" ];
|
||||
default = [];
|
||||
example = ["127.0.0.1" "::1"];
|
||||
};
|
||||
|
||||
useACMEHost = mkOption {
|
||||
|
@ -74,6 +75,5 @@ in
|
|||
automatically generated <literal>Caddyfile</literal>.
|
||||
'';
|
||||
};
|
||||
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
self: super:
|
||||
{
|
||||
self: super: {
|
||||
sumneko-lua-language-server = super.sumneko-lua-language-server.overrideAttrs (old: {
|
||||
version = "3.2.2";
|
||||
src = super.fetchFromGitHub rec {
|
||||
|
|
Loading…
Reference in a new issue