meta: format
This commit is contained in:
parent
a3a483fdbb
commit
ed828497b9
22 changed files with 286 additions and 294 deletions
|
@ -105,7 +105,8 @@
|
||||||
pkgs = pkgs;
|
pkgs = pkgs;
|
||||||
modules = [
|
modules = [
|
||||||
./modules/caddy.nix
|
./modules/caddy.nix
|
||||||
./hosts/marvin/configuration.nix { inherit inputs pkgs; }
|
./hosts/marvin/configuration.nix
|
||||||
|
{inherit inputs pkgs;}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
|
@ -141,7 +142,7 @@
|
||||||
./hosts/marvin/bootloader.nix
|
./hosts/marvin/bootloader.nix
|
||||||
./modules/caddy.nix
|
./modules/caddy.nix
|
||||||
];
|
];
|
||||||
specialArgs = { inherit self inputs; };
|
specialArgs = {inherit self inputs;};
|
||||||
};
|
};
|
||||||
nixosConfigurations.zaphod = lib.nixosSystem {
|
nixosConfigurations.zaphod = lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
@ -160,7 +161,7 @@
|
||||||
home-manager.extraSpecialArgs = {inherit pkgs system inputs nix-colors;};
|
home-manager.extraSpecialArgs = {inherit pkgs system inputs nix-colors;};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
specialArgs = { inherit self inputs nix-colors; };
|
specialArgs = {inherit self inputs nix-colors;};
|
||||||
};
|
};
|
||||||
nixosConfigurations.zaphod-iso = nixpkgs.lib.nixosSystem {
|
nixosConfigurations.zaphod-iso = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
@ -179,7 +180,7 @@
|
||||||
home-manager.extraSpecialArgs = {inherit pkgs system inputs nix-colors;};
|
home-manager.extraSpecialArgs = {inherit pkgs system inputs nix-colors;};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
specialArgs = { inherit inputs nix-colors; };
|
specialArgs = {inherit inputs nix-colors;};
|
||||||
};
|
};
|
||||||
|
|
||||||
homeConfigurations.mrhedgehog = home-manager.lib.homeManagerConfiguration {
|
homeConfigurations.mrhedgehog = home-manager.lib.homeManagerConfiguration {
|
||||||
|
|
16
home.nix
16
home.nix
|
@ -6,7 +6,7 @@
|
||||||
nix-colors,
|
nix-colors,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
# }: let
|
# }: let
|
||||||
# Define Colorscheme
|
# Define Colorscheme
|
||||||
colorscheme = {
|
colorscheme = {
|
||||||
slug = "tokyonight";
|
slug = "tokyonight";
|
||||||
|
@ -32,7 +32,7 @@
|
||||||
base0F = "c0caf5";
|
base0F = "c0caf5";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
# in {
|
# in {
|
||||||
imports = [
|
imports = [
|
||||||
# Wayland
|
# Wayland
|
||||||
# ./home/wayland/sway.nix
|
# ./home/wayland/sway.nix
|
||||||
|
@ -53,6 +53,7 @@
|
||||||
./home/programs/nix-index.nix
|
./home/programs/nix-index.nix
|
||||||
./home/programs/nnn.nix
|
./home/programs/nnn.nix
|
||||||
./home/programs/nushell.nix
|
./home/programs/nushell.nix
|
||||||
|
./home/programs/pandoc.nix
|
||||||
./home/programs/rofi.nix
|
./home/programs/rofi.nix
|
||||||
./home/programs/skim.nix
|
./home/programs/skim.nix
|
||||||
./home/programs/ssh/default.nix
|
./home/programs/ssh/default.nix
|
||||||
|
@ -100,7 +101,9 @@
|
||||||
home = {
|
home = {
|
||||||
file.".icons/default".source = "${pkgs.phinger-cursors}/share/icons/phinger-cursors";
|
file.".icons/default".source = "${pkgs.phinger-cursors}/share/icons/phinger-cursors";
|
||||||
file.".local/share/fonts" = {
|
file.".local/share/fonts" = {
|
||||||
source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/.nix-profile/share/fonts";
|
source =
|
||||||
|
config.lib.file.mkOutOfStoreSymlink
|
||||||
|
"${config.home.homeDirectory}/.nix-profile/share/fonts";
|
||||||
recursive = true;
|
recursive = true;
|
||||||
};
|
};
|
||||||
homeDirectory = "/home/mrhedgehog";
|
homeDirectory = "/home/mrhedgehog";
|
||||||
|
@ -113,9 +116,7 @@
|
||||||
XDG_DATA_DIRS = "/home/mrhedgehog/.nix-profile/share:/home/mrhedgehog/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share";
|
XDG_DATA_DIRS = "/home/mrhedgehog/.nix-profile/share:/home/mrhedgehog/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share";
|
||||||
GNUPGHOME = "/home/mrhedgehog/.gnupg";
|
GNUPGHOME = "/home/mrhedgehog/.gnupg";
|
||||||
};
|
};
|
||||||
language = {
|
language = {base = "en_US.utf8";};
|
||||||
base = "en_US.utf8";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
programs = {
|
programs = {
|
||||||
home-manager.enable = true;
|
home-manager.enable = true;
|
||||||
|
@ -132,7 +133,8 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
xdg.configFile = {
|
xdg.configFile = {
|
||||||
"nvim/init.generated.lua".text = config.programs.neovim.generatedConfigs.lua;
|
"nvim/init.generated.lua".text =
|
||||||
|
config.programs.neovim.generatedConfigs.lua;
|
||||||
};
|
};
|
||||||
|
|
||||||
fonts.fontconfig.enable = true;
|
fonts.fontconfig.enable = true;
|
||||||
|
|
|
@ -1,9 +1,15 @@
|
||||||
{pkgs, ...}: let
|
{pkgs, ...}: let
|
||||||
myPythonPackages = python-packages:
|
myPythonPackages = python-packages:
|
||||||
with python-packages; [
|
with python-packages; [
|
||||||
# pkgs.my-nixpkgs.python3Packages.gasp
|
black
|
||||||
grip
|
grip
|
||||||
|
isort
|
||||||
|
nose
|
||||||
|
nose2
|
||||||
|
poetry
|
||||||
|
pyflakes
|
||||||
pygobject3
|
pygobject3
|
||||||
|
pytest
|
||||||
pyxdg
|
pyxdg
|
||||||
tkinter
|
tkinter
|
||||||
];
|
];
|
||||||
|
@ -20,12 +26,15 @@ in {
|
||||||
btrfs-progs
|
btrfs-progs
|
||||||
buku
|
buku
|
||||||
bukubrow
|
bukubrow
|
||||||
|
cargo
|
||||||
ccid
|
ccid
|
||||||
clipman
|
clipman
|
||||||
|
cmake
|
||||||
cmus
|
cmus
|
||||||
dex
|
dex
|
||||||
discord
|
discord
|
||||||
dxvk
|
dxvk
|
||||||
|
editorconfig-core-c
|
||||||
element-desktop-wayland
|
element-desktop-wayland
|
||||||
emacs-all-the-icons-fonts
|
emacs-all-the-icons-fonts
|
||||||
fd
|
fd
|
||||||
|
@ -33,8 +42,11 @@ in {
|
||||||
# freetube
|
# freetube
|
||||||
fzf
|
fzf
|
||||||
gnupg
|
gnupg
|
||||||
|
graphviz
|
||||||
greetd.greetd
|
greetd.greetd
|
||||||
greetd.tuigreet
|
greetd.tuigreet
|
||||||
|
gnuplot
|
||||||
|
html-tidy
|
||||||
input-fonts
|
input-fonts
|
||||||
josm
|
josm
|
||||||
kde-gtk-config
|
kde-gtk-config
|
||||||
|
@ -49,11 +61,15 @@ in {
|
||||||
my-pkgs.tokyo-night-gtk
|
my-pkgs.tokyo-night-gtk
|
||||||
networkmanager_dmenu
|
networkmanager_dmenu
|
||||||
nixgl.nixGLIntel
|
nixgl.nixGLIntel
|
||||||
|
nixfmt
|
||||||
|
nodePackages.stylelint
|
||||||
|
nodePackages.js-beautify
|
||||||
nyxt
|
nyxt
|
||||||
obsidian
|
obsidian
|
||||||
pcmanfm
|
pcmanfm
|
||||||
pcsclite
|
pcsclite
|
||||||
pcsclite.bin
|
pcsclite.bin
|
||||||
|
pipenv
|
||||||
playerctl
|
playerctl
|
||||||
proton-caller
|
proton-caller
|
||||||
protontricks
|
protontricks
|
||||||
|
@ -65,6 +81,9 @@ in {
|
||||||
ripgrep
|
ripgrep
|
||||||
ripgrep-all
|
ripgrep-all
|
||||||
rsync
|
rsync
|
||||||
|
rustc
|
||||||
|
rust-analyzer
|
||||||
|
shellcheck
|
||||||
sumneko-lua-language-server
|
sumneko-lua-language-server
|
||||||
steam
|
steam
|
||||||
steam-run
|
steam-run
|
||||||
|
|
|
@ -1,73 +1,14 @@
|
||||||
{pkgs, config, ...}:
|
|
||||||
let
|
|
||||||
customEmacs = pkgs.runCommand "hello" {
|
|
||||||
buildInputs = [ pkgs.makeWrapper ];
|
|
||||||
} ''
|
|
||||||
mkdir $out
|
|
||||||
ln -s ${pkgs.emacsPgtkNativeComp}/* $out
|
|
||||||
rm $out/bin
|
|
||||||
mkdir $out/bin
|
|
||||||
ln -s ${pkgs.emacsPgtkNativeComp}/bin/* $out/bin
|
|
||||||
rm $out/bin/emacs
|
|
||||||
makeWrapper ${pkgs.emacsPgtkNativeComp}/bin/emacs $out/bin/emacs \
|
|
||||||
--prefix PATH : "${pkgs.lib.makeBinPath [
|
|
||||||
# Shellscript Support
|
|
||||||
pkgs.shellcheck
|
|
||||||
pkgs.bashdb
|
|
||||||
# Lua Support
|
|
||||||
pkgs.sumneko-lua-language-server
|
|
||||||
# Rust Support
|
|
||||||
pkgs.clippy
|
|
||||||
pkgs.rust-analyzer
|
|
||||||
pkgs.rustfmt
|
|
||||||
# Nix Support
|
|
||||||
pkgs.nixfmt
|
|
||||||
pkgs.rnix-lsp
|
|
||||||
# Org Support
|
|
||||||
pkgs.gnuplot
|
|
||||||
pkgs.sqlite
|
|
||||||
pkgs.texlive.combined.scheme-medium
|
|
||||||
# YAML Support
|
|
||||||
pkgs.yaml-language-server
|
|
||||||
# Python Support
|
|
||||||
pkgs.pyright
|
|
||||||
pkgs.poetry
|
|
||||||
# Markdown Support
|
|
||||||
pkgs.pandoc
|
|
||||||
pkgs.mdl
|
|
||||||
# Javascript/Typescript Support
|
|
||||||
pkgs.nodejs
|
|
||||||
# Git support
|
|
||||||
pkgs.gitFull
|
|
||||||
# Python Packages
|
|
||||||
(pkgs.python3.withPackages(ps: with ps; [
|
|
||||||
jupyter
|
|
||||||
black
|
|
||||||
pytest
|
|
||||||
nose
|
|
||||||
nose2
|
|
||||||
pyflakes
|
|
||||||
isort
|
|
||||||
]))
|
|
||||||
# Other packages
|
|
||||||
pkgs.ripgrep
|
|
||||||
pkgs.fd
|
|
||||||
pkgs.imagemagick
|
|
||||||
pkgs.gnutls
|
|
||||||
pkgs.zstd
|
|
||||||
|
|
||||||
# EditorConfig support
|
|
||||||
pkgs.editorconfig-core-c
|
|
||||||
]}"
|
|
||||||
'';
|
|
||||||
in
|
|
||||||
{
|
{
|
||||||
|
pkgs,
|
||||||
|
config,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
programs.emacs = {
|
programs.emacs = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = ((pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [ epkgs.vterm ]));
|
package = (pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [epkgs.vterm]);
|
||||||
};
|
};
|
||||||
services.emacs = {
|
services.emacs = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = ((pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [ epkgs.vterm ]));
|
package = (pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [epkgs.vterm]);
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
12
home/programs/fzf.nix
Normal file
12
home/programs/fzf.nix
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
programs.fzf = {
|
||||||
|
enable = true;
|
||||||
|
enableBashIntegration = true;
|
||||||
|
enableZshIntegration = true;
|
||||||
|
};
|
||||||
|
}
|
|
@ -54,4 +54,13 @@ with pkgs; {
|
||||||
userEmail = "hedgehog@mrhedgehog.xyz";
|
userEmail = "hedgehog@mrhedgehog.xyz";
|
||||||
userName = "Mr Hedgehog";
|
userName = "Mr Hedgehog";
|
||||||
};
|
};
|
||||||
|
programs.lazygit = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
git.paging = {
|
||||||
|
pager = "delta --dark --paging=never";
|
||||||
|
colorArg = "always";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,7 +28,7 @@
|
||||||
keyserver = "hkps://keys.openpgp.org";
|
keyserver = "hkps://keys.openpgp.org";
|
||||||
};
|
};
|
||||||
scdaemonSettings = {
|
scdaemonSettings = {
|
||||||
card-timeout = "5";
|
card-timeout = "60";
|
||||||
pcsc-shared = true;
|
pcsc-shared = true;
|
||||||
# shared-access = true;
|
# shared-access = true;
|
||||||
disable-ccid = true;
|
disable-ccid = true;
|
||||||
|
|
8
home/programs/pandoc.nix
Normal file
8
home/programs/pandoc.nix
Normal file
|
@ -0,0 +1,8 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
programs.pandoc.enable = true;
|
||||||
|
}
|
|
@ -1,25 +0,0 @@
|
||||||
{
|
|
||||||
programs = {
|
|
||||||
fzf = {
|
|
||||||
enable = true;
|
|
||||||
enableBashIntegration = true;
|
|
||||||
enableZshIntegration = true;
|
|
||||||
};
|
|
||||||
lazygit = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
git.paging = {
|
|
||||||
pager = "delta --dark --paging=never";
|
|
||||||
colorArg = "always";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
pandoc = {enable = true;};
|
|
||||||
zoxide = {
|
|
||||||
enable = true;
|
|
||||||
enableBashIntegration = true;
|
|
||||||
enableFishIntegration = true;
|
|
||||||
enableZshIntegration = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,4 +1,8 @@
|
||||||
{lib, pkgs, ...}: {
|
{
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
home.activation = {
|
home.activation = {
|
||||||
cloneDoom = lib.hm.dag.entryAfter ["writeBoundary"] ''
|
cloneDoom = lib.hm.dag.entryAfter ["writeBoundary"] ''
|
||||||
if [ ! -d "$XDG_CONFIG_HOME/emacs" ]; then
|
if [ ! -d "$XDG_CONFIG_HOME/emacs" ]; then
|
||||||
|
|
39
home/xdg.nix
39
home/xdg.nix
|
@ -5,25 +5,24 @@
|
||||||
mimeApps = {
|
mimeApps = {
|
||||||
enable = true;
|
enable = true;
|
||||||
defaultApplications = {
|
defaultApplications = {
|
||||||
"application/pdf" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
"application/pdf" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||||
"application/rdf+xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
"application/rdf+xml" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||||
"application/rss+xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
"application/rss+xml" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||||
"application/xhtml+xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
"application/xhtml+xml" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||||
"application/xhtml_xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
"application/xhtml_xml" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||||
"application/xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
"application/xml" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||||
"image/gif" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ];
|
"image/gif" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
|
||||||
"image/jpeg" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ];
|
"image/jpeg" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
|
||||||
"image/png" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ];
|
"image/png" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
|
||||||
"image/webp" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ];
|
"image/webp" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
|
||||||
"text/html" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
"text/html" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||||
"text/xml" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
"text/xml" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||||
"x-scheme-handler/http" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
"x-scheme-handler/http" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||||
"x-scheme-handler/https" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
"x-scheme-handler/https" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||||
"x-scheme-handler/about" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
"x-scheme-handler/about" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||||
"x-scheme-handler/unknown" = [ "firefox.desktop" "chromium-browser.desktop" ];
|
"x-scheme-handler/unknown" = ["firefox.desktop" "chromium-browser.desktop"];
|
||||||
"x-scheme-handler/steam" = [ "steam-native.desktop" "steam.desktop" ];
|
"x-scheme-handler/steam" = ["steam-native.desktop" "steam.desktop"];
|
||||||
"x-scheme-handler/steamlink" = [ "steam-native.desktop" "steam.desktop" ];
|
"x-scheme-handler/steamlink" = ["steam-native.desktop" "steam.desktop"];
|
||||||
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
userDirs = {
|
userDirs = {
|
||||||
|
@ -35,7 +34,7 @@
|
||||||
};
|
};
|
||||||
desktopEntries = {
|
desktopEntries = {
|
||||||
element-desktop = {
|
element-desktop = {
|
||||||
categories = [ "Network" "InstantMessaging" ];
|
categories = ["Network" "InstantMessaging"];
|
||||||
comment = "Desktop app for Element";
|
comment = "Desktop app for Element";
|
||||||
exec = "element-desktop";
|
exec = "element-desktop";
|
||||||
genericName = "Element Desktop App";
|
genericName = "Element Desktop App";
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{pkgs, inputs, self, ...}: {
|
{
|
||||||
|
pkgs,
|
||||||
|
inputs,
|
||||||
|
self,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
nix = {
|
nix = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = pkgs.nixUnstable;
|
package = pkgs.nixUnstable;
|
||||||
|
|
|
@ -4,7 +4,6 @@
|
||||||
inputs,
|
inputs,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
|
|
||||||
disabledModules = ["services/web-servers/caddy/default.nix"];
|
disabledModules = ["services/web-servers/caddy/default.nix"];
|
||||||
imports = [
|
imports = [
|
||||||
# Common Config
|
# Common Config
|
||||||
|
|
|
@ -1,3 +1,3 @@
|
||||||
{
|
{
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [80 443];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,14 @@
|
||||||
{ lib, pkgs, ... }: {
|
{
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
services.caddy = {
|
services.caddy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = (pkgs.callPackage ./custom-caddy.nix {
|
package = pkgs.callPackage ./custom-caddy.nix {
|
||||||
plugins = [ "github.com/caddy-dns/cloudflare" ];
|
plugins = ["github.com/caddy-dns/cloudflare"];
|
||||||
vendorSha256 = "sha256-1SBOXv2RGLlTT/mguPjTASU5AeQNIVySgVMgvu5BH6w=";
|
vendorSha256 = "sha256-1SBOXv2RGLlTT/mguPjTASU5AeQNIVySgVMgvu5BH6w=";
|
||||||
});
|
};
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
cache.mrhedgehog.xyz {
|
cache.mrhedgehog.xyz {
|
||||||
tls {
|
tls {
|
||||||
|
|
|
@ -1,57 +1,60 @@
|
||||||
{ stdenv, lib, buildGoModule, plugins ? [], vendorSha256 ? "" }:
|
{
|
||||||
|
stdenv,
|
||||||
|
lib,
|
||||||
|
buildGoModule,
|
||||||
|
plugins ? [],
|
||||||
|
vendorSha256 ? "",
|
||||||
|
}:
|
||||||
|
with lib; let
|
||||||
|
imports = flip concatMapStrings plugins (pkg: "\t\t\t_ \"${pkg}\"\n");
|
||||||
|
|
||||||
with lib;
|
main = ''
|
||||||
|
package main
|
||||||
|
|
||||||
let imports = flip concatMapStrings plugins (pkg: "\t\t\t_ \"${pkg}\"\n");
|
import (
|
||||||
|
caddycmd "github.com/caddyserver/caddy/v2/cmd"
|
||||||
|
|
||||||
main = ''
|
_ "github.com/caddyserver/caddy/v2/modules/standard"
|
||||||
package main
|
${imports}
|
||||||
|
)
|
||||||
|
|
||||||
import (
|
func main() {
|
||||||
caddycmd "github.com/caddyserver/caddy/v2/cmd"
|
caddycmd.Main()
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
buildGoModule rec {
|
||||||
|
pname = "caddy";
|
||||||
|
version = "2.5.0";
|
||||||
|
|
||||||
_ "github.com/caddyserver/caddy/v2/modules/standard"
|
subPackages = ["cmd/caddy"];
|
||||||
${imports}
|
|
||||||
)
|
|
||||||
|
|
||||||
func main() {
|
src = builtins.fetchGit {
|
||||||
caddycmd.Main()
|
url = "https://github.com/caddyserver/caddy.git";
|
||||||
}
|
rev = "a8bb4a665af358f61a7ac0eabac8df2110cb6a36";
|
||||||
'';
|
};
|
||||||
|
|
||||||
|
inherit vendorSha256;
|
||||||
|
|
||||||
in buildGoModule rec {
|
overrideModAttrs = _: {
|
||||||
pname = "caddy";
|
preBuild = "echo '${main}' > cmd/caddy/main.go";
|
||||||
version = "2.5.0";
|
postInstall = "cp go.sum go.mod $out/ && ls $out/";
|
||||||
|
};
|
||||||
|
|
||||||
subPackages = [ "cmd/caddy" ];
|
postPatch = ''
|
||||||
|
echo '${main}' > cmd/caddy/main.go
|
||||||
|
cat cmd/caddy/main.go
|
||||||
|
'';
|
||||||
|
|
||||||
src = builtins.fetchGit {
|
postConfigure = ''
|
||||||
url = "https://github.com/caddyserver/caddy.git";
|
cp vendor/go.sum ./
|
||||||
rev = "a8bb4a665af358f61a7ac0eabac8df2110cb6a36";
|
cp vendor/go.mod ./
|
||||||
};
|
'';
|
||||||
|
|
||||||
inherit vendorSha256;
|
meta = with lib; {
|
||||||
|
homepage = https://caddyserver.com;
|
||||||
overrideModAttrs = (_: {
|
description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
|
||||||
preBuild = "echo '${main}' > cmd/caddy/main.go";
|
license = licenses.asl20;
|
||||||
postInstall = "cp go.sum go.mod $out/ && ls $out/";
|
maintainers = with maintainers; [rushmorem fpletz zimbatm];
|
||||||
});
|
};
|
||||||
|
}
|
||||||
postPatch = ''
|
|
||||||
echo '${main}' > cmd/caddy/main.go
|
|
||||||
cat cmd/caddy/main.go
|
|
||||||
'';
|
|
||||||
|
|
||||||
postConfigure = ''
|
|
||||||
cp vendor/go.sum ./
|
|
||||||
cp vendor/go.mod ./
|
|
||||||
'';
|
|
||||||
|
|
||||||
meta = with lib; {
|
|
||||||
homepage = https://caddyserver.com;
|
|
||||||
description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
|
|
||||||
license = licenses.asl20;
|
|
||||||
maintainers = with maintainers; [ rushmorem fpletz zimbatm ];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,5 +1,9 @@
|
||||||
{pkgs, inputs, ...}: {
|
{
|
||||||
services.hydra = {
|
pkgs,
|
||||||
|
inputs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
services.hydra = {
|
||||||
enable = true;
|
enable = true;
|
||||||
package = inputs.hydra-updated.legacyPackages.x86_64-linux.hydra_unstable;
|
package = inputs.hydra-updated.legacyPackages.x86_64-linux.hydra_unstable;
|
||||||
hydraURL = "https://hydra.mrhedgehog.xyz";
|
hydraURL = "https://hydra.mrhedgehog.xyz";
|
||||||
|
|
|
@ -4,7 +4,6 @@
|
||||||
inputs,
|
inputs,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
|
|
||||||
disabledModules = ["services/web-servers/caddy/default.nix"];
|
disabledModules = ["services/web-servers/caddy/default.nix"];
|
||||||
imports = [
|
imports = [
|
||||||
# Common Config
|
# Common Config
|
||||||
|
@ -19,7 +18,6 @@
|
||||||
|
|
||||||
# Machine-specific configurations.
|
# Machine-specific configurations.
|
||||||
./programs/dconf.nix
|
./programs/dconf.nix
|
||||||
|
|
||||||
];
|
];
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "zaphod";
|
hostName = "zaphod";
|
||||||
|
|
|
@ -1,56 +1,56 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{
|
||||||
|
config,
|
||||||
with lib;
|
lib,
|
||||||
|
pkgs,
|
||||||
let
|
...
|
||||||
|
}:
|
||||||
|
with lib; let
|
||||||
cfg = config.services.caddy;
|
cfg = config.services.caddy;
|
||||||
|
|
||||||
virtualHosts = attrValues cfg.virtualHosts;
|
virtualHosts = attrValues cfg.virtualHosts;
|
||||||
acmeVHosts = filter (hostOpts: hostOpts.useACMEHost != null) virtualHosts;
|
acmeVHosts = filter (hostOpts: hostOpts.useACMEHost != null) virtualHosts;
|
||||||
|
|
||||||
mkVHostConf = hostOpts:
|
mkVHostConf = hostOpts: let
|
||||||
let
|
sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory;
|
||||||
sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory;
|
in ''
|
||||||
in
|
${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} {
|
||||||
''
|
bind ${concatStringsSep " " hostOpts.listenAddresses}
|
||||||
${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} {
|
${optionalString (hostOpts.useACMEHost != null) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"}
|
||||||
bind ${concatStringsSep " " hostOpts.listenAddresses}
|
log {
|
||||||
${optionalString (hostOpts.useACMEHost != null) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"}
|
${hostOpts.logFormat}
|
||||||
log {
|
}
|
||||||
${hostOpts.logFormat}
|
|
||||||
}
|
|
||||||
|
|
||||||
${hostOpts.extraConfig}
|
${hostOpts.extraConfig}
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
configFile =
|
configFile = let
|
||||||
let
|
Caddyfile = pkgs.writeText "Caddyfile" ''
|
||||||
Caddyfile = pkgs.writeText "Caddyfile" ''
|
{
|
||||||
{
|
${cfg.globalConfig}
|
||||||
${cfg.globalConfig}
|
}
|
||||||
}
|
${cfg.extraConfig}
|
||||||
${cfg.extraConfig}
|
'';
|
||||||
'';
|
|
||||||
|
|
||||||
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" { nativeBuildInputs = [ cfg.package ]; } ''
|
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" {nativeBuildInputs = [cfg.package];} ''
|
||||||
${cfg.package}/bin/caddy fmt ${Caddyfile} > $out
|
${cfg.package}/bin/caddy fmt ${Caddyfile} > $out
|
||||||
'';
|
'';
|
||||||
in
|
in
|
||||||
if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform then Caddyfile-formatted else Caddyfile;
|
if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform
|
||||||
|
then Caddyfile-formatted
|
||||||
|
else Caddyfile;
|
||||||
|
|
||||||
acmeHosts = unique (catAttrs "useACMEHost" acmeVHosts);
|
acmeHosts = unique (catAttrs "useACMEHost" acmeVHosts);
|
||||||
|
|
||||||
mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix;
|
mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix;
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
imports = [
|
imports = [
|
||||||
(mkRemovedOptionModule [ "services" "caddy" "agree" ] "this option is no longer necessary for Caddy 2")
|
(mkRemovedOptionModule ["services" "caddy" "agree"] "this option is no longer necessary for Caddy 2")
|
||||||
(mkRenamedOptionModule [ "services" "caddy" "ca" ] [ "services" "caddy" "acmeCA" ])
|
(mkRenamedOptionModule ["services" "caddy" "ca"] ["services" "caddy" "acmeCA"])
|
||||||
(mkRenamedOptionModule [ "services" "caddy" "config" ] [ "services" "caddy" "extraConfig" ])
|
(mkRenamedOptionModule ["services" "caddy" "config"] ["services" "caddy" "extraConfig"])
|
||||||
];
|
];
|
||||||
|
|
||||||
disabledModules = [ "services/web-servers/caddy/default.nix" ];
|
disabledModules = ["services/web-servers/caddy/default.nix"];
|
||||||
|
|
||||||
# interface
|
# interface
|
||||||
options.services.caddy = {
|
options.services.caddy = {
|
||||||
|
@ -222,7 +222,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualHosts = mkOption {
|
virtualHosts = mkOption {
|
||||||
type = with types; attrsOf (submodule (import ./vhost-options.nix { inherit cfg; }));
|
type = with types; attrsOf (submodule (import ./vhost-options.nix {inherit cfg;}));
|
||||||
default = {};
|
default = {};
|
||||||
example = literalExpression ''
|
example = literalExpression ''
|
||||||
{
|
{
|
||||||
|
@ -262,21 +262,24 @@ in
|
||||||
certificates.
|
certificates.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# implementation
|
# implementation
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
|
assertions =
|
||||||
assertions = [
|
[
|
||||||
{ assertion = cfg.adapter != "caddyfile" -> cfg.configFile != configFile;
|
{
|
||||||
message = "Any value other than 'caddyfile' is only valid when providing your own `services.caddy.configFile`";
|
assertion = cfg.adapter != "caddyfile" -> cfg.configFile != configFile;
|
||||||
}
|
message = "Any value other than 'caddyfile' is only valid when providing your own `services.caddy.configFile`";
|
||||||
] ++ map (name: mkCertOwnershipAssertion {
|
}
|
||||||
inherit (cfg) group user;
|
]
|
||||||
cert = config.security.acme.certs.${name};
|
++ map (name:
|
||||||
groups = config.users.groups;
|
mkCertOwnershipAssertion {
|
||||||
}) acmeHosts;
|
inherit (cfg) group user;
|
||||||
|
cert = config.security.acme.certs.${name};
|
||||||
|
groups = config.users.groups;
|
||||||
|
})
|
||||||
|
acmeHosts;
|
||||||
|
|
||||||
services.caddy.extraConfig = concatMapStringsSep "\n" mkVHostConf virtualHosts;
|
services.caddy.extraConfig = concatMapStringsSep "\n" mkVHostConf virtualHosts;
|
||||||
services.caddy.globalConfig = ''
|
services.caddy.globalConfig = ''
|
||||||
|
@ -287,30 +290,30 @@ in
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
systemd.packages = [ cfg.package ];
|
systemd.packages = [cfg.package];
|
||||||
systemd.services.caddy = {
|
systemd.services.caddy = {
|
||||||
wants = map (hostOpts: "acme-finished-${hostOpts.useACMEHost}.target") acmeVHosts;
|
wants = map (hostOpts: "acme-finished-${hostOpts.useACMEHost}.target") acmeVHosts;
|
||||||
after = map (hostOpts: "acme-selfsigned-${hostOpts.useACMEHost}.service") acmeVHosts;
|
after = map (hostOpts: "acme-selfsigned-${hostOpts.useACMEHost}.service") acmeVHosts;
|
||||||
before = map (hostOpts: "acme-${hostOpts.useACMEHost}.service") acmeVHosts;
|
before = map (hostOpts: "acme-${hostOpts.useACMEHost}.service") acmeVHosts;
|
||||||
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = ["multi-user.target"];
|
||||||
startLimitIntervalSec = 14400;
|
startLimitIntervalSec = 14400;
|
||||||
startLimitBurst = 10;
|
startLimitBurst = 10;
|
||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
|
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
|
||||||
# If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
|
# If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
|
||||||
ExecStart = [ "" "${cfg.package}/bin/caddy run --config ${cfg.configFile} --adapter ${cfg.adapter} ${optionalString cfg.resume "--resume"}" ];
|
ExecStart = ["" "${cfg.package}/bin/caddy run --config ${cfg.configFile} --adapter ${cfg.adapter} ${optionalString cfg.resume "--resume"}"];
|
||||||
ExecReload = [ "" "${cfg.package}/bin/caddy reload --config ${cfg.configFile} --adapter ${cfg.adapter}" ];
|
ExecReload = ["" "${cfg.package}/bin/caddy reload --config ${cfg.configFile} --adapter ${cfg.adapter}"];
|
||||||
|
|
||||||
ExecStartPre = "${cfg.package}/bin/caddy validate --config ${cfg.configFile} --adapter ${cfg.adapter}";
|
ExecStartPre = "${cfg.package}/bin/caddy validate --config ${cfg.configFile} --adapter ${cfg.adapter}";
|
||||||
User = cfg.user;
|
User = cfg.user;
|
||||||
Group = cfg.group;
|
Group = cfg.group;
|
||||||
ReadWriteDirectories = cfg.dataDir;
|
ReadWriteDirectories = cfg.dataDir;
|
||||||
StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") [ "caddy" ];
|
StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") ["caddy"];
|
||||||
LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") [ "caddy" ];
|
LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") ["caddy"];
|
||||||
Restart = "on-abnormal";
|
Restart = "on-abnormal";
|
||||||
SupplementaryGroups = mkIf (length acmeVHosts != 0) [ "acme" ];
|
SupplementaryGroups = mkIf (length acmeVHosts != 0) ["acme"];
|
||||||
|
|
||||||
# TODO: attempt to upstream these options
|
# TODO: attempt to upstream these options
|
||||||
NoNewPrivileges = true;
|
NoNewPrivileges = true;
|
||||||
|
@ -333,11 +336,9 @@ in
|
||||||
caddy.gid = config.ids.gids.caddy;
|
caddy.gid = config.ids.gids.caddy;
|
||||||
};
|
};
|
||||||
|
|
||||||
security.acme.certs =
|
security.acme.certs = let
|
||||||
let
|
reloads = map (useACMEHost: nameValuePair useACMEHost {reloadServices = ["caddy.service"];}) acmeHosts;
|
||||||
reloads = map (useACMEHost: nameValuePair useACMEHost { reloadServices = [ "caddy.service" ]; }) acmeHosts;
|
in
|
||||||
in
|
listToAttrs reloads;
|
||||||
listToAttrs reloads;
|
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,10 @@
|
||||||
{ pkgs, config, lib, ... }:
|
{
|
||||||
|
pkgs,
|
||||||
with lib;
|
config,
|
||||||
|
lib,
|
||||||
let
|
...
|
||||||
|
}:
|
||||||
|
with lib; let
|
||||||
cfg = config.mrhedgehog.secrets;
|
cfg = config.mrhedgehog.secrets;
|
||||||
|
|
||||||
secret = types.submodule {
|
secret = types.submodule {
|
||||||
|
@ -39,48 +41,55 @@ let
|
||||||
|
|
||||||
metadata = lib.importTOML ../metadata/hosts.toml;
|
metadata = lib.importTOML ../metadata/hosts.toml;
|
||||||
|
|
||||||
mkSecretOnDisk = name:
|
mkSecretOnDisk = name: {source, ...}:
|
||||||
{ source, ... }:
|
|
||||||
pkgs.stdenv.mkDerivation {
|
pkgs.stdenv.mkDerivation {
|
||||||
name = "${name}-secret";
|
name = "${name}-secret";
|
||||||
phases = "installPhase";
|
phases = "installPhase";
|
||||||
buildInputs = [ pkgs.rage ];
|
buildInputs = [pkgs.rage];
|
||||||
installPhase =
|
installPhase = let
|
||||||
let key = metadata.hosts."${config.networking.hostName}".ssh_pubkey;
|
key = metadata.hosts."${config.networking.hostName}".ssh_pubkey;
|
||||||
in ''
|
in ''
|
||||||
rage -a -r '${key}' -o "$out" '${source}'
|
rage -a -r '${key}' -o "$out" '${source}'
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
mkService = name:
|
|
||||||
{ source, dest, owner, group, permissions, ... }: {
|
|
||||||
description = "decrypt secret for ${name}";
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
|
|
||||||
serviceConfig.Type = "oneshot";
|
|
||||||
|
|
||||||
script = with pkgs; ''
|
|
||||||
rm -rf ${dest}
|
|
||||||
"${rage}"/bin/rage -d -i /etc/ssh/ssh_host_ed25519_key -o '${dest}' '${
|
|
||||||
mkSecretOnDisk name { inherit source; }
|
|
||||||
}'
|
|
||||||
|
|
||||||
chown '${owner}':'${group}' '${dest}'
|
|
||||||
chmod '${permissions}' '${dest}'
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
mkService = name: {
|
||||||
|
source,
|
||||||
|
dest,
|
||||||
|
owner,
|
||||||
|
group,
|
||||||
|
permissions,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
description = "decrypt secret for ${name}";
|
||||||
|
wantedBy = ["multi-user.target"];
|
||||||
|
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
|
||||||
|
script = with pkgs; ''
|
||||||
|
rm -rf ${dest}
|
||||||
|
"${rage}"/bin/rage -d -i /etc/ssh/ssh_host_ed25519_key -o '${dest}' '${
|
||||||
|
mkSecretOnDisk name {inherit source;}
|
||||||
|
}'
|
||||||
|
|
||||||
|
chown '${owner}':'${group}' '${dest}'
|
||||||
|
chmod '${permissions}' '${dest}'
|
||||||
|
'';
|
||||||
|
};
|
||||||
in {
|
in {
|
||||||
options.mrhedgehog.secrets = mkOption {
|
options.mrhedgehog.secrets = mkOption {
|
||||||
type = types.attrsOf secret;
|
type = types.attrsOf secret;
|
||||||
description = "secret configuration";
|
description = "secret configuration";
|
||||||
default = { };
|
default = {};
|
||||||
};
|
};
|
||||||
|
|
||||||
config.systemd.services = let
|
config.systemd.services = let
|
||||||
units = mapAttrs' (name: info: {
|
units =
|
||||||
name = "${name}-key";
|
mapAttrs' (name: info: {
|
||||||
value = (mkService name info);
|
name = "${name}-key";
|
||||||
}) cfg;
|
value = mkService name info;
|
||||||
in units;
|
})
|
||||||
|
cfg;
|
||||||
|
in
|
||||||
|
units;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,11 +1,12 @@
|
||||||
{ cfg }:
|
{cfg}: {
|
||||||
{ config, lib, name, ... }:
|
config,
|
||||||
let
|
lib,
|
||||||
|
name,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
inherit (lib) literalExpression mkOption types;
|
inherit (lib) literalExpression mkOption types;
|
||||||
in
|
in {
|
||||||
{
|
|
||||||
options = {
|
options = {
|
||||||
|
|
||||||
hostName = mkOption {
|
hostName = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
default = name;
|
default = name;
|
||||||
|
@ -14,8 +15,8 @@ in
|
||||||
|
|
||||||
serverAliases = mkOption {
|
serverAliases = mkOption {
|
||||||
type = with types; listOf str;
|
type = with types; listOf str;
|
||||||
default = [ ];
|
default = [];
|
||||||
example = [ "www.example.org" "example.org" ];
|
example = ["www.example.org" "example.org"];
|
||||||
description = ''
|
description = ''
|
||||||
Additional names of virtual hosts served by this virtual host configuration.
|
Additional names of virtual hosts served by this virtual host configuration.
|
||||||
'';
|
'';
|
||||||
|
@ -26,8 +27,8 @@ in
|
||||||
description = ''
|
description = ''
|
||||||
A list of host interfaces to bind to for this virtual host.
|
A list of host interfaces to bind to for this virtual host.
|
||||||
'';
|
'';
|
||||||
default = [ ];
|
default = [];
|
||||||
example = [ "127.0.0.1" "::1" ];
|
example = ["127.0.0.1" "::1"];
|
||||||
};
|
};
|
||||||
|
|
||||||
useACMEHost = mkOption {
|
useACMEHost = mkOption {
|
||||||
|
@ -74,6 +75,5 @@ in
|
||||||
automatically generated <literal>Caddyfile</literal>.
|
automatically generated <literal>Caddyfile</literal>.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
self: super:
|
self: super: {
|
||||||
{
|
|
||||||
sumneko-lua-language-server = super.sumneko-lua-language-server.overrideAttrs (old: {
|
sumneko-lua-language-server = super.sumneko-lua-language-server.overrideAttrs (old: {
|
||||||
version = "3.2.2";
|
version = "3.2.2";
|
||||||
src = super.fetchFromGitHub rec {
|
src = super.fetchFromGitHub rec {
|
||||||
|
|
Loading…
Reference in a new issue