diff --git a/flake.nix b/flake.nix index 6cba4c1..1af289f 100644 --- a/flake.nix +++ b/flake.nix @@ -105,7 +105,8 @@ pkgs = pkgs; modules = [ ./modules/caddy.nix - ./hosts/marvin/configuration.nix { inherit inputs pkgs; } + ./hosts/marvin/configuration.nix + {inherit inputs pkgs;} ]; }; in { @@ -141,7 +142,7 @@ ./hosts/marvin/bootloader.nix ./modules/caddy.nix ]; - specialArgs = { inherit self inputs; }; + specialArgs = {inherit self inputs;}; }; nixosConfigurations.zaphod = lib.nixosSystem { system = "x86_64-linux"; @@ -160,7 +161,7 @@ home-manager.extraSpecialArgs = {inherit pkgs system inputs nix-colors;}; } ]; - specialArgs = { inherit self inputs nix-colors; }; + specialArgs = {inherit self inputs nix-colors;}; }; nixosConfigurations.zaphod-iso = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -179,7 +180,7 @@ home-manager.extraSpecialArgs = {inherit pkgs system inputs nix-colors;}; } ]; - specialArgs = { inherit inputs nix-colors; }; + specialArgs = {inherit inputs nix-colors;}; }; homeConfigurations.mrhedgehog = home-manager.lib.homeManagerConfiguration { diff --git a/home.nix b/home.nix index c54b301..360449d 100644 --- a/home.nix +++ b/home.nix @@ -6,7 +6,7 @@ nix-colors, ... }: { -# }: let + # }: let # Define Colorscheme colorscheme = { slug = "tokyonight"; @@ -32,7 +32,7 @@ base0F = "c0caf5"; }; }; -# in { + # in { imports = [ # Wayland # ./home/wayland/sway.nix @@ -53,6 +53,7 @@ ./home/programs/nix-index.nix ./home/programs/nnn.nix ./home/programs/nushell.nix + ./home/programs/pandoc.nix ./home/programs/rofi.nix ./home/programs/skim.nix ./home/programs/ssh/default.nix @@ -100,7 +101,9 @@ home = { file.".icons/default".source = "${pkgs.phinger-cursors}/share/icons/phinger-cursors"; file.".local/share/fonts" = { - source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/.nix-profile/share/fonts"; + source = + config.lib.file.mkOutOfStoreSymlink + "${config.home.homeDirectory}/.nix-profile/share/fonts"; recursive = true; }; homeDirectory = "/home/mrhedgehog"; @@ -113,9 +116,7 @@ XDG_DATA_DIRS = "/home/mrhedgehog/.nix-profile/share:/home/mrhedgehog/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share"; GNUPGHOME = "/home/mrhedgehog/.gnupg"; }; - language = { - base = "en_US.utf8"; - }; + language = {base = "en_US.utf8";}; }; programs = { home-manager.enable = true; @@ -132,7 +133,8 @@ }; xdg.configFile = { - "nvim/init.generated.lua".text = config.programs.neovim.generatedConfigs.lua; + "nvim/init.generated.lua".text = + config.programs.neovim.generatedConfigs.lua; }; fonts.fontconfig.enable = true; diff --git a/home/packages.nix b/home/packages.nix index 07a8b75..2e07b93 100644 --- a/home/packages.nix +++ b/home/packages.nix @@ -1,9 +1,15 @@ {pkgs, ...}: let myPythonPackages = python-packages: with python-packages; [ - # pkgs.my-nixpkgs.python3Packages.gasp + black grip + isort + nose + nose2 + poetry + pyflakes pygobject3 + pytest pyxdg tkinter ]; @@ -20,12 +26,15 @@ in { btrfs-progs buku bukubrow + cargo ccid clipman + cmake cmus dex discord dxvk + editorconfig-core-c element-desktop-wayland emacs-all-the-icons-fonts fd @@ -33,8 +42,11 @@ in { # freetube fzf gnupg + graphviz greetd.greetd greetd.tuigreet + gnuplot + html-tidy input-fonts josm kde-gtk-config @@ -49,11 +61,15 @@ in { my-pkgs.tokyo-night-gtk networkmanager_dmenu nixgl.nixGLIntel + nixfmt + nodePackages.stylelint + nodePackages.js-beautify nyxt obsidian pcmanfm pcsclite pcsclite.bin + pipenv playerctl proton-caller protontricks @@ -65,6 +81,9 @@ in { ripgrep ripgrep-all rsync + rustc + rust-analyzer + shellcheck sumneko-lua-language-server steam steam-run diff --git a/home/programs/emacs/default.nix b/home/programs/emacs/default.nix index 8536cec..a9088a4 100644 --- a/home/programs/emacs/default.nix +++ b/home/programs/emacs/default.nix @@ -1,73 +1,14 @@ -{pkgs, config, ...}: -let - customEmacs = pkgs.runCommand "hello" { - buildInputs = [ pkgs.makeWrapper ]; - } '' - mkdir $out - ln -s ${pkgs.emacsPgtkNativeComp}/* $out - rm $out/bin - mkdir $out/bin - ln -s ${pkgs.emacsPgtkNativeComp}/bin/* $out/bin - rm $out/bin/emacs - makeWrapper ${pkgs.emacsPgtkNativeComp}/bin/emacs $out/bin/emacs \ - --prefix PATH : "${pkgs.lib.makeBinPath [ - # Shellscript Support - pkgs.shellcheck - pkgs.bashdb - # Lua Support - pkgs.sumneko-lua-language-server - # Rust Support - pkgs.clippy - pkgs.rust-analyzer - pkgs.rustfmt - # Nix Support - pkgs.nixfmt - pkgs.rnix-lsp - # Org Support - pkgs.gnuplot - pkgs.sqlite - pkgs.texlive.combined.scheme-medium - # YAML Support - pkgs.yaml-language-server - # Python Support - pkgs.pyright - pkgs.poetry - # Markdown Support - pkgs.pandoc - pkgs.mdl - # Javascript/Typescript Support - pkgs.nodejs - # Git support - pkgs.gitFull - # Python Packages - (pkgs.python3.withPackages(ps: with ps; [ - jupyter - black - pytest - nose - nose2 - pyflakes - isort - ])) - # Other packages - pkgs.ripgrep - pkgs.fd - pkgs.imagemagick - pkgs.gnutls - pkgs.zstd - - # EditorConfig support - pkgs.editorconfig-core-c - ]}" - ''; -in { + pkgs, + config, + ... +}: { programs.emacs = { enable = true; - package = ((pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [ epkgs.vterm ])); + package = (pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [epkgs.vterm]); }; services.emacs = { enable = true; - package = ((pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [ epkgs.vterm ])); + package = (pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [epkgs.vterm]); }; } diff --git a/home/programs/fzf.nix b/home/programs/fzf.nix new file mode 100644 index 0000000..7d279ba --- /dev/null +++ b/home/programs/fzf.nix @@ -0,0 +1,12 @@ +{ + config, + lib, + pkgs, + ... +}: { + programs.fzf = { + enable = true; + enableBashIntegration = true; + enableZshIntegration = true; + }; +} diff --git a/home/programs/git.nix b/home/programs/git.nix index c5de798..94e181b 100644 --- a/home/programs/git.nix +++ b/home/programs/git.nix @@ -54,4 +54,13 @@ with pkgs; { userEmail = "hedgehog@mrhedgehog.xyz"; userName = "Mr Hedgehog"; }; + programs.lazygit = { + enable = true; + settings = { + git.paging = { + pager = "delta --dark --paging=never"; + colorArg = "always"; + }; + }; + }; } diff --git a/home/programs/gpg.nix b/home/programs/gpg.nix index 7f30116..f6d75c6 100644 --- a/home/programs/gpg.nix +++ b/home/programs/gpg.nix @@ -28,7 +28,7 @@ keyserver = "hkps://keys.openpgp.org"; }; scdaemonSettings = { - card-timeout = "5"; + card-timeout = "60"; pcsc-shared = true; # shared-access = true; disable-ccid = true; diff --git a/home/programs/pandoc.nix b/home/programs/pandoc.nix new file mode 100644 index 0000000..4f0f8cc --- /dev/null +++ b/home/programs/pandoc.nix @@ -0,0 +1,8 @@ +{ + config, + lib, + pkgs, + ... +}: { + programs.pandoc.enable = true; +} diff --git a/home/programs/unorganized.nix b/home/programs/unorganized.nix deleted file mode 100644 index 6074d8e..0000000 --- a/home/programs/unorganized.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - programs = { - fzf = { - enable = true; - enableBashIntegration = true; - enableZshIntegration = true; - }; - lazygit = { - enable = true; - settings = { - git.paging = { - pager = "delta --dark --paging=never"; - colorArg = "always"; - }; - }; - }; - pandoc = {enable = true;}; - zoxide = { - enable = true; - enableBashIntegration = true; - enableFishIntegration = true; - enableZshIntegration = true; - }; - }; -} diff --git a/home/scripts.nix b/home/scripts.nix index 86fd089..daff4a9 100644 --- a/home/scripts.nix +++ b/home/scripts.nix @@ -1,4 +1,8 @@ -{lib, pkgs, ...}: { +{ + lib, + pkgs, + ... +}: { home.activation = { cloneDoom = lib.hm.dag.entryAfter ["writeBoundary"] '' if [ ! -d "$XDG_CONFIG_HOME/emacs" ]; then diff --git a/home/xdg.nix b/home/xdg.nix index a211d1d..1a891b6 100644 --- a/home/xdg.nix +++ b/home/xdg.nix @@ -5,25 +5,24 @@ mimeApps = { enable = true; defaultApplications = { - "application/pdf" = [ "firefox.desktop" "chromium-browser.desktop" ]; - "application/rdf+xml" = [ "firefox.desktop" "chromium-browser.desktop" ]; - "application/rss+xml" = [ "firefox.desktop" "chromium-browser.desktop" ]; - "application/xhtml+xml" = [ "firefox.desktop" "chromium-browser.desktop" ]; - "application/xhtml_xml" = [ "firefox.desktop" "chromium-browser.desktop" ]; - "application/xml" = [ "firefox.desktop" "chromium-browser.desktop" ]; - "image/gif" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ]; - "image/jpeg" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ]; - "image/png" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ]; - "image/webp" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ]; - "text/html" = [ "firefox.desktop" "chromium-browser.desktop" ]; - "text/xml" = [ "firefox.desktop" "chromium-browser.desktop" ]; - "x-scheme-handler/http" = [ "firefox.desktop" "chromium-browser.desktop" ]; - "x-scheme-handler/https" = [ "firefox.desktop" "chromium-browser.desktop" ]; - "x-scheme-handler/about" = [ "firefox.desktop" "chromium-browser.desktop" ]; - "x-scheme-handler/unknown" = [ "firefox.desktop" "chromium-browser.desktop" ]; - "x-scheme-handler/steam" = [ "steam-native.desktop" "steam.desktop" ]; - "x-scheme-handler/steamlink" = [ "steam-native.desktop" "steam.desktop" ]; - + "application/pdf" = ["firefox.desktop" "chromium-browser.desktop"]; + "application/rdf+xml" = ["firefox.desktop" "chromium-browser.desktop"]; + "application/rss+xml" = ["firefox.desktop" "chromium-browser.desktop"]; + "application/xhtml+xml" = ["firefox.desktop" "chromium-browser.desktop"]; + "application/xhtml_xml" = ["firefox.desktop" "chromium-browser.desktop"]; + "application/xml" = ["firefox.desktop" "chromium-browser.desktop"]; + "image/gif" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"]; + "image/jpeg" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"]; + "image/png" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"]; + "image/webp" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"]; + "text/html" = ["firefox.desktop" "chromium-browser.desktop"]; + "text/xml" = ["firefox.desktop" "chromium-browser.desktop"]; + "x-scheme-handler/http" = ["firefox.desktop" "chromium-browser.desktop"]; + "x-scheme-handler/https" = ["firefox.desktop" "chromium-browser.desktop"]; + "x-scheme-handler/about" = ["firefox.desktop" "chromium-browser.desktop"]; + "x-scheme-handler/unknown" = ["firefox.desktop" "chromium-browser.desktop"]; + "x-scheme-handler/steam" = ["steam-native.desktop" "steam.desktop"]; + "x-scheme-handler/steamlink" = ["steam-native.desktop" "steam.desktop"]; }; }; userDirs = { @@ -35,7 +34,7 @@ }; desktopEntries = { element-desktop = { - categories = [ "Network" "InstantMessaging" ]; + categories = ["Network" "InstantMessaging"]; comment = "Desktop app for Element"; exec = "element-desktop"; genericName = "Element Desktop App"; diff --git a/hosts/common/nixConfig.nix b/hosts/common/nixConfig.nix index f615bf1..bef97bb 100644 --- a/hosts/common/nixConfig.nix +++ b/hosts/common/nixConfig.nix @@ -1,4 +1,9 @@ -{pkgs, inputs, self, ...}: { +{ + pkgs, + inputs, + self, + ... +}: { nix = { enable = true; package = pkgs.nixUnstable; diff --git a/hosts/marvin/configuration.nix b/hosts/marvin/configuration.nix index dddf888..563d55a 100644 --- a/hosts/marvin/configuration.nix +++ b/hosts/marvin/configuration.nix @@ -4,7 +4,6 @@ inputs, ... }: { - disabledModules = ["services/web-servers/caddy/default.nix"]; imports = [ # Common Config diff --git a/hosts/marvin/firewall.nix b/hosts/marvin/firewall.nix index 1792f00..66a9e6d 100644 --- a/hosts/marvin/firewall.nix +++ b/hosts/marvin/firewall.nix @@ -1,3 +1,3 @@ { - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [80 443]; } diff --git a/hosts/marvin/services/caddy.nix b/hosts/marvin/services/caddy.nix index 3f5be04..67abd2c 100644 --- a/hosts/marvin/services/caddy.nix +++ b/hosts/marvin/services/caddy.nix @@ -1,10 +1,14 @@ -{ lib, pkgs, ... }: { +{ + lib, + pkgs, + ... +}: { services.caddy = { enable = true; - package = (pkgs.callPackage ./custom-caddy.nix { - plugins = [ "github.com/caddy-dns/cloudflare" ]; + package = pkgs.callPackage ./custom-caddy.nix { + plugins = ["github.com/caddy-dns/cloudflare"]; vendorSha256 = "sha256-1SBOXv2RGLlTT/mguPjTASU5AeQNIVySgVMgvu5BH6w="; - }); + }; extraConfig = '' cache.mrhedgehog.xyz { tls { diff --git a/hosts/marvin/services/custom-caddy.nix b/hosts/marvin/services/custom-caddy.nix index 2af13f1..a52591f 100644 --- a/hosts/marvin/services/custom-caddy.nix +++ b/hosts/marvin/services/custom-caddy.nix @@ -1,57 +1,60 @@ -{ stdenv, lib, buildGoModule, plugins ? [], vendorSha256 ? "" }: +{ + stdenv, + lib, + buildGoModule, + plugins ? [], + vendorSha256 ? "", +}: +with lib; let + imports = flip concatMapStrings plugins (pkg: "\t\t\t_ \"${pkg}\"\n"); -with lib; + main = '' + package main -let imports = flip concatMapStrings plugins (pkg: "\t\t\t_ \"${pkg}\"\n"); + import ( + caddycmd "github.com/caddyserver/caddy/v2/cmd" - main = '' - package main + _ "github.com/caddyserver/caddy/v2/modules/standard" + ${imports} + ) - import ( - caddycmd "github.com/caddyserver/caddy/v2/cmd" + func main() { + caddycmd.Main() + } + ''; +in + buildGoModule rec { + pname = "caddy"; + version = "2.5.0"; - _ "github.com/caddyserver/caddy/v2/modules/standard" -${imports} - ) + subPackages = ["cmd/caddy"]; - func main() { - caddycmd.Main() - } - ''; + src = builtins.fetchGit { + url = "https://github.com/caddyserver/caddy.git"; + rev = "a8bb4a665af358f61a7ac0eabac8df2110cb6a36"; + }; + inherit vendorSha256; -in buildGoModule rec { - pname = "caddy"; - version = "2.5.0"; + overrideModAttrs = _: { + preBuild = "echo '${main}' > cmd/caddy/main.go"; + postInstall = "cp go.sum go.mod $out/ && ls $out/"; + }; - subPackages = [ "cmd/caddy" ]; + postPatch = '' + echo '${main}' > cmd/caddy/main.go + cat cmd/caddy/main.go + ''; - src = builtins.fetchGit { - url = "https://github.com/caddyserver/caddy.git"; - rev = "a8bb4a665af358f61a7ac0eabac8df2110cb6a36"; - }; + postConfigure = '' + cp vendor/go.sum ./ + cp vendor/go.mod ./ + ''; - inherit vendorSha256; - - overrideModAttrs = (_: { - preBuild = "echo '${main}' > cmd/caddy/main.go"; - postInstall = "cp go.sum go.mod $out/ && ls $out/"; - }); - - postPatch = '' - echo '${main}' > cmd/caddy/main.go - cat cmd/caddy/main.go - ''; - - postConfigure = '' - cp vendor/go.sum ./ - cp vendor/go.mod ./ - ''; - - meta = with lib; { - homepage = https://caddyserver.com; - description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS"; - license = licenses.asl20; - maintainers = with maintainers; [ rushmorem fpletz zimbatm ]; - }; -} + meta = with lib; { + homepage = https://caddyserver.com; + description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS"; + license = licenses.asl20; + maintainers = with maintainers; [rushmorem fpletz zimbatm]; + }; + } diff --git a/hosts/marvin/services/hydra.nix b/hosts/marvin/services/hydra.nix index 1a394c9..98232e6 100644 --- a/hosts/marvin/services/hydra.nix +++ b/hosts/marvin/services/hydra.nix @@ -1,5 +1,9 @@ -{pkgs, inputs, ...}: { - services.hydra = { +{ + pkgs, + inputs, + ... +}: { + services.hydra = { enable = true; package = inputs.hydra-updated.legacyPackages.x86_64-linux.hydra_unstable; hydraURL = "https://hydra.mrhedgehog.xyz"; diff --git a/hosts/zaphod/configuration.nix b/hosts/zaphod/configuration.nix index 42e8afe..c332596 100644 --- a/hosts/zaphod/configuration.nix +++ b/hosts/zaphod/configuration.nix @@ -4,7 +4,6 @@ inputs, ... }: { - disabledModules = ["services/web-servers/caddy/default.nix"]; imports = [ # Common Config @@ -19,7 +18,6 @@ # Machine-specific configurations. ./programs/dconf.nix - ]; networking = { hostName = "zaphod"; diff --git a/modules/caddy.nix b/modules/caddy.nix index 1f1b569..4fc8987 100644 --- a/modules/caddy.nix +++ b/modules/caddy.nix @@ -1,56 +1,56 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let +{ + config, + lib, + pkgs, + ... +}: +with lib; let cfg = config.services.caddy; virtualHosts = attrValues cfg.virtualHosts; acmeVHosts = filter (hostOpts: hostOpts.useACMEHost != null) virtualHosts; - mkVHostConf = hostOpts: - let - sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory; - in - '' - ${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} { - bind ${concatStringsSep " " hostOpts.listenAddresses} - ${optionalString (hostOpts.useACMEHost != null) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"} - log { - ${hostOpts.logFormat} - } + mkVHostConf = hostOpts: let + sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory; + in '' + ${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} { + bind ${concatStringsSep " " hostOpts.listenAddresses} + ${optionalString (hostOpts.useACMEHost != null) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"} + log { + ${hostOpts.logFormat} + } - ${hostOpts.extraConfig} - } - ''; + ${hostOpts.extraConfig} + } + ''; - configFile = - let - Caddyfile = pkgs.writeText "Caddyfile" '' - { - ${cfg.globalConfig} - } - ${cfg.extraConfig} - ''; + configFile = let + Caddyfile = pkgs.writeText "Caddyfile" '' + { + ${cfg.globalConfig} + } + ${cfg.extraConfig} + ''; - Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" { nativeBuildInputs = [ cfg.package ]; } '' - ${cfg.package}/bin/caddy fmt ${Caddyfile} > $out - ''; - in - if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform then Caddyfile-formatted else Caddyfile; + Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" {nativeBuildInputs = [cfg.package];} '' + ${cfg.package}/bin/caddy fmt ${Caddyfile} > $out + ''; + in + if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform + then Caddyfile-formatted + else Caddyfile; acmeHosts = unique (catAttrs "useACMEHost" acmeVHosts); mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix; -in -{ +in { imports = [ - (mkRemovedOptionModule [ "services" "caddy" "agree" ] "this option is no longer necessary for Caddy 2") - (mkRenamedOptionModule [ "services" "caddy" "ca" ] [ "services" "caddy" "acmeCA" ]) - (mkRenamedOptionModule [ "services" "caddy" "config" ] [ "services" "caddy" "extraConfig" ]) + (mkRemovedOptionModule ["services" "caddy" "agree"] "this option is no longer necessary for Caddy 2") + (mkRenamedOptionModule ["services" "caddy" "ca"] ["services" "caddy" "acmeCA"]) + (mkRenamedOptionModule ["services" "caddy" "config"] ["services" "caddy" "extraConfig"]) ]; - disabledModules = [ "services/web-servers/caddy/default.nix" ]; + disabledModules = ["services/web-servers/caddy/default.nix"]; # interface options.services.caddy = { @@ -222,7 +222,7 @@ in }; virtualHosts = mkOption { - type = with types; attrsOf (submodule (import ./vhost-options.nix { inherit cfg; })); + type = with types; attrsOf (submodule (import ./vhost-options.nix {inherit cfg;})); default = {}; example = literalExpression '' { @@ -262,21 +262,24 @@ in certificates. ''; }; - }; # implementation config = mkIf cfg.enable { - - assertions = [ - { assertion = cfg.adapter != "caddyfile" -> cfg.configFile != configFile; - message = "Any value other than 'caddyfile' is only valid when providing your own `services.caddy.configFile`"; - } - ] ++ map (name: mkCertOwnershipAssertion { - inherit (cfg) group user; - cert = config.security.acme.certs.${name}; - groups = config.users.groups; - }) acmeHosts; + assertions = + [ + { + assertion = cfg.adapter != "caddyfile" -> cfg.configFile != configFile; + message = "Any value other than 'caddyfile' is only valid when providing your own `services.caddy.configFile`"; + } + ] + ++ map (name: + mkCertOwnershipAssertion { + inherit (cfg) group user; + cert = config.security.acme.certs.${name}; + groups = config.users.groups; + }) + acmeHosts; services.caddy.extraConfig = concatMapStringsSep "\n" mkVHostConf virtualHosts; services.caddy.globalConfig = '' @@ -287,30 +290,30 @@ in } ''; - systemd.packages = [ cfg.package ]; + systemd.packages = [cfg.package]; systemd.services.caddy = { wants = map (hostOpts: "acme-finished-${hostOpts.useACMEHost}.target") acmeVHosts; after = map (hostOpts: "acme-selfsigned-${hostOpts.useACMEHost}.service") acmeVHosts; before = map (hostOpts: "acme-${hostOpts.useACMEHost}.service") acmeVHosts; - wantedBy = [ "multi-user.target" ]; + wantedBy = ["multi-user.target"]; startLimitIntervalSec = 14400; startLimitBurst = 10; serviceConfig = { # https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart= # If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect. - ExecStart = [ "" "${cfg.package}/bin/caddy run --config ${cfg.configFile} --adapter ${cfg.adapter} ${optionalString cfg.resume "--resume"}" ]; - ExecReload = [ "" "${cfg.package}/bin/caddy reload --config ${cfg.configFile} --adapter ${cfg.adapter}" ]; + ExecStart = ["" "${cfg.package}/bin/caddy run --config ${cfg.configFile} --adapter ${cfg.adapter} ${optionalString cfg.resume "--resume"}"]; + ExecReload = ["" "${cfg.package}/bin/caddy reload --config ${cfg.configFile} --adapter ${cfg.adapter}"]; ExecStartPre = "${cfg.package}/bin/caddy validate --config ${cfg.configFile} --adapter ${cfg.adapter}"; User = cfg.user; Group = cfg.group; ReadWriteDirectories = cfg.dataDir; - StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") [ "caddy" ]; - LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") [ "caddy" ]; + StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") ["caddy"]; + LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") ["caddy"]; Restart = "on-abnormal"; - SupplementaryGroups = mkIf (length acmeVHosts != 0) [ "acme" ]; + SupplementaryGroups = mkIf (length acmeVHosts != 0) ["acme"]; # TODO: attempt to upstream these options NoNewPrivileges = true; @@ -333,11 +336,9 @@ in caddy.gid = config.ids.gids.caddy; }; - security.acme.certs = - let - reloads = map (useACMEHost: nameValuePair useACMEHost { reloadServices = [ "caddy.service" ]; }) acmeHosts; - in - listToAttrs reloads; - + security.acme.certs = let + reloads = map (useACMEHost: nameValuePair useACMEHost {reloadServices = ["caddy.service"];}) acmeHosts; + in + listToAttrs reloads; }; } diff --git a/modules/crypto.nix b/modules/crypto.nix index 6c1b28f..f44674d 100644 --- a/modules/crypto.nix +++ b/modules/crypto.nix @@ -1,8 +1,10 @@ -{ pkgs, config, lib, ... }: - -with lib; - -let +{ + pkgs, + config, + lib, + ... +}: +with lib; let cfg = config.mrhedgehog.secrets; secret = types.submodule { @@ -39,48 +41,55 @@ let metadata = lib.importTOML ../metadata/hosts.toml; - mkSecretOnDisk = name: - { source, ... }: + mkSecretOnDisk = name: {source, ...}: pkgs.stdenv.mkDerivation { name = "${name}-secret"; phases = "installPhase"; - buildInputs = [ pkgs.rage ]; - installPhase = - let key = metadata.hosts."${config.networking.hostName}".ssh_pubkey; - in '' - rage -a -r '${key}' -o "$out" '${source}' - ''; - }; - - mkService = name: - { source, dest, owner, group, permissions, ... }: { - description = "decrypt secret for ${name}"; - wantedBy = [ "multi-user.target" ]; - - serviceConfig.Type = "oneshot"; - - script = with pkgs; '' - rm -rf ${dest} - "${rage}"/bin/rage -d -i /etc/ssh/ssh_host_ed25519_key -o '${dest}' '${ - mkSecretOnDisk name { inherit source; } - }' - - chown '${owner}':'${group}' '${dest}' - chmod '${permissions}' '${dest}' + buildInputs = [pkgs.rage]; + installPhase = let + key = metadata.hosts."${config.networking.hostName}".ssh_pubkey; + in '' + rage -a -r '${key}' -o "$out" '${source}' ''; }; + + mkService = name: { + source, + dest, + owner, + group, + permissions, + ... + }: { + description = "decrypt secret for ${name}"; + wantedBy = ["multi-user.target"]; + + serviceConfig.Type = "oneshot"; + + script = with pkgs; '' + rm -rf ${dest} + "${rage}"/bin/rage -d -i /etc/ssh/ssh_host_ed25519_key -o '${dest}' '${ + mkSecretOnDisk name {inherit source;} + }' + + chown '${owner}':'${group}' '${dest}' + chmod '${permissions}' '${dest}' + ''; + }; in { options.mrhedgehog.secrets = mkOption { type = types.attrsOf secret; description = "secret configuration"; - default = { }; + default = {}; }; config.systemd.services = let - units = mapAttrs' (name: info: { - name = "${name}-key"; - value = (mkService name info); - }) cfg; - in units; + units = + mapAttrs' (name: info: { + name = "${name}-key"; + value = mkService name info; + }) + cfg; + in + units; } - diff --git a/modules/vhost-options.nix b/modules/vhost-options.nix index f240ec6..b62fca9 100644 --- a/modules/vhost-options.nix +++ b/modules/vhost-options.nix @@ -1,11 +1,12 @@ -{ cfg }: -{ config, lib, name, ... }: -let +{cfg}: { + config, + lib, + name, + ... +}: let inherit (lib) literalExpression mkOption types; -in -{ +in { options = { - hostName = mkOption { type = types.str; default = name; @@ -14,8 +15,8 @@ in serverAliases = mkOption { type = with types; listOf str; - default = [ ]; - example = [ "www.example.org" "example.org" ]; + default = []; + example = ["www.example.org" "example.org"]; description = '' Additional names of virtual hosts served by this virtual host configuration. ''; @@ -26,8 +27,8 @@ in description = '' A list of host interfaces to bind to for this virtual host. ''; - default = [ ]; - example = [ "127.0.0.1" "::1" ]; + default = []; + example = ["127.0.0.1" "::1"]; }; useACMEHost = mkOption { @@ -74,6 +75,5 @@ in automatically generated Caddyfile. ''; }; - }; } diff --git a/overlays/sumneko.nix b/overlays/sumneko.nix index 1f14b32..ec3db09 100644 --- a/overlays/sumneko.nix +++ b/overlays/sumneko.nix @@ -1,5 +1,4 @@ -self: super: -{ +self: super: { sumneko-lua-language-server = super.sumneko-lua-language-server.overrideAttrs (old: { version = "3.2.2"; src = super.fetchFromGitHub rec {