thehedgehog/nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

meta: format

Browse source
This commit is contained in:
Mr Hedgehog 2022-05-13 22:01:25 -04:00
parent a3a483fdbb
commit ed828497b9
No known key found for this signature in database
GPG key ID: A5F69F6C161FDA7E
22 changed files with 286 additions and 294 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
flake.nix
View file

@ -105,7 +105,8 @@
pkgs = pkgs; pkgs = pkgs;
modules = [ modules = [
./modules/caddy.nix ./modules/caddy.nix
./hosts/marvin/configuration.nix { inherit inputs pkgs; } ./hosts/marvin/configuration.nix
{inherit inputs pkgs;}
]; ];
}; };
in { in {
@ -141,7 +142,7 @@
./hosts/marvin/bootloader.nix ./hosts/marvin/bootloader.nix
./modules/caddy.nix ./modules/caddy.nix
]; ];
specialArgs = { inherit self inputs; }; specialArgs = {inherit self inputs;};
}; };
nixosConfigurations.zaphod = lib.nixosSystem { nixosConfigurations.zaphod = lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
@ -160,7 +161,7 @@
home-manager.extraSpecialArgs = {inherit pkgs system inputs nix-colors;}; home-manager.extraSpecialArgs = {inherit pkgs system inputs nix-colors;};
} }
]; ];
specialArgs = { inherit self inputs nix-colors; }; specialArgs = {inherit self inputs nix-colors;};
}; };
nixosConfigurations.zaphod-iso = nixpkgs.lib.nixosSystem { nixosConfigurations.zaphod-iso = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
@ -179,7 +180,7 @@
home-manager.extraSpecialArgs = {inherit pkgs system inputs nix-colors;}; home-manager.extraSpecialArgs = {inherit pkgs system inputs nix-colors;};
} }
]; ];
specialArgs = { inherit inputs nix-colors; }; specialArgs = {inherit inputs nix-colors;};
}; };
homeConfigurations.mrhedgehog = home-manager.lib.homeManagerConfiguration { homeConfigurations.mrhedgehog = home-manager.lib.homeManagerConfiguration {

16
home.nix
View file

@ -6,7 +6,7 @@
nix-colors, nix-colors,
... ...
}: { }: {
# }: let # }: let
# Define Colorscheme # Define Colorscheme
colorscheme = { colorscheme = {
slug = "tokyonight"; slug = "tokyonight";
@ -32,7 +32,7 @@
base0F = "c0caf5"; base0F = "c0caf5";
}; };
}; };
# in { # in {
imports = [ imports = [
# Wayland # Wayland
# ./home/wayland/sway.nix # ./home/wayland/sway.nix
@ -53,6 +53,7 @@
./home/programs/nix-index.nix ./home/programs/nix-index.nix
./home/programs/nnn.nix ./home/programs/nnn.nix
./home/programs/nushell.nix ./home/programs/nushell.nix
./home/programs/pandoc.nix
./home/programs/rofi.nix ./home/programs/rofi.nix
./home/programs/skim.nix ./home/programs/skim.nix
./home/programs/ssh/default.nix ./home/programs/ssh/default.nix
@ -100,7 +101,9 @@
home = { home = {
file.".icons/default".source = "${pkgs.phinger-cursors}/share/icons/phinger-cursors"; file.".icons/default".source = "${pkgs.phinger-cursors}/share/icons/phinger-cursors";
file.".local/share/fonts" = { file.".local/share/fonts" = {
source = config.lib.file.mkOutOfStoreSymlink "${config.home.homeDirectory}/.nix-profile/share/fonts"; source =
config.lib.file.mkOutOfStoreSymlink
"${config.home.homeDirectory}/.nix-profile/share/fonts";
recursive = true; recursive = true;
}; };
homeDirectory = "/home/mrhedgehog"; homeDirectory = "/home/mrhedgehog";
@ -113,9 +116,7 @@
XDG_DATA_DIRS = "/home/mrhedgehog/.nix-profile/share:/home/mrhedgehog/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share"; XDG_DATA_DIRS = "/home/mrhedgehog/.nix-profile/share:/home/mrhedgehog/.local/share/flatpak/exports/share:/var/lib/flatpak/exports/share:/usr/local/share:/usr/share";
GNUPGHOME = "/home/mrhedgehog/.gnupg"; GNUPGHOME = "/home/mrhedgehog/.gnupg";
}; };
language = { language = {base = "en_US.utf8";};
base = "en_US.utf8";
};
}; };
programs = { programs = {
home-manager.enable = true; home-manager.enable = true;
@ -132,7 +133,8 @@
}; };
xdg.configFile = { xdg.configFile = {
"nvim/init.generated.lua".text = config.programs.neovim.generatedConfigs.lua; "nvim/init.generated.lua".text =
config.programs.neovim.generatedConfigs.lua;
}; };
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;

21
home/packages.nix
View file

@ -1,9 +1,15 @@
{pkgs, ...}: let {pkgs, ...}: let
myPythonPackages = python-packages: myPythonPackages = python-packages:
with python-packages; [ with python-packages; [
# pkgs.my-nixpkgs.python3Packages.gasp black
grip grip
isort
nose
nose2
poetry
pyflakes
pygobject3 pygobject3
pytest
pyxdg pyxdg
tkinter tkinter
]; ];
@ -20,12 +26,15 @@ in {
btrfs-progs btrfs-progs
buku buku
bukubrow bukubrow
cargo
ccid ccid
clipman clipman
cmake
cmus cmus
dex dex
discord discord
dxvk dxvk
editorconfig-core-c
element-desktop-wayland element-desktop-wayland
emacs-all-the-icons-fonts emacs-all-the-icons-fonts
fd fd
@ -33,8 +42,11 @@ in {
# freetube # freetube
fzf fzf
gnupg gnupg
graphviz
greetd.greetd greetd.greetd
greetd.tuigreet greetd.tuigreet
gnuplot
html-tidy
input-fonts input-fonts
josm josm
kde-gtk-config kde-gtk-config
@ -49,11 +61,15 @@ in {
my-pkgs.tokyo-night-gtk my-pkgs.tokyo-night-gtk
networkmanager_dmenu networkmanager_dmenu
nixgl.nixGLIntel nixgl.nixGLIntel
nixfmt
nodePackages.stylelint
nodePackages.js-beautify
nyxt nyxt
obsidian obsidian
pcmanfm pcmanfm
pcsclite pcsclite
pcsclite.bin pcsclite.bin
pipenv
playerctl playerctl
proton-caller proton-caller
protontricks protontricks
@ -65,6 +81,9 @@ in {
ripgrep ripgrep
ripgrep-all ripgrep-all
rsync rsync
rustc
rust-analyzer
shellcheck
sumneko-lua-language-server sumneko-lua-language-server
steam steam
steam-run steam-run

71
home/programs/emacs/default.nix
View file

@ -1,73 +1,14 @@
{pkgs, config, ...}:
let
customEmacs = pkgs.runCommand "hello" {
buildInputs = [ pkgs.makeWrapper ];
} ''
mkdir $out
ln -s ${pkgs.emacsPgtkNativeComp}/* $out
rm $out/bin
mkdir $out/bin
ln -s ${pkgs.emacsPgtkNativeComp}/bin/* $out/bin
rm $out/bin/emacs
makeWrapper ${pkgs.emacsPgtkNativeComp}/bin/emacs $out/bin/emacs \
--prefix PATH : "${pkgs.lib.makeBinPath [
# Shellscript Support
pkgs.shellcheck
pkgs.bashdb
# Lua Support
pkgs.sumneko-lua-language-server
# Rust Support
pkgs.clippy
pkgs.rust-analyzer
pkgs.rustfmt
# Nix Support
pkgs.nixfmt
pkgs.rnix-lsp
# Org Support
pkgs.gnuplot
pkgs.sqlite
pkgs.texlive.combined.scheme-medium
# YAML Support
pkgs.yaml-language-server
# Python Support
pkgs.pyright
pkgs.poetry
# Markdown Support
pkgs.pandoc
pkgs.mdl
# Javascript/Typescript Support
pkgs.nodejs
# Git support
pkgs.gitFull
# Python Packages
(pkgs.python3.withPackages(ps: with ps; [
jupyter
black
pytest
nose
nose2
pyflakes
isort
]))
# Other packages
pkgs.ripgrep
pkgs.fd
pkgs.imagemagick
pkgs.gnutls
pkgs.zstd
# EditorConfig support
pkgs.editorconfig-core-c
]}"
'';
in
{ {
pkgs,
config,
...
}: {
programs.emacs = { programs.emacs = {
enable = true; enable = true;
package = ((pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [ epkgs.vterm ])); package = (pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [epkgs.vterm]);
}; };
services.emacs = { services.emacs = {
enable = true; enable = true;
package = ((pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [ epkgs.vterm ])); package = (pkgs.emacsPackagesFor pkgs.emacsPgtkNativeComp).emacsWithPackages (epkgs: [epkgs.vterm]);
}; };
} }

12
home/programs/fzf.nix Normal file
View file

@ -0,0 +1,12 @@
{
config,
lib,
pkgs,
...
}: {
programs.fzf = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
};
}

9
home/programs/git.nix
View file

@ -54,4 +54,13 @@ with pkgs; {
userEmail = "hedgehog@mrhedgehog.xyz"; userEmail = "hedgehog@mrhedgehog.xyz";
userName = "Mr Hedgehog"; userName = "Mr Hedgehog";
}; };
programs.lazygit = {
enable = true;
settings = {
git.paging = {
pager = "delta --dark --paging=never";
colorArg = "always";
};
};
};
} }

2
home/programs/gpg.nix
View file

@ -28,7 +28,7 @@
keyserver = "hkps://keys.openpgp.org"; keyserver = "hkps://keys.openpgp.org";
}; };
scdaemonSettings = { scdaemonSettings = {
card-timeout = "5"; card-timeout = "60";
pcsc-shared = true; pcsc-shared = true;
# shared-access = true; # shared-access = true;
disable-ccid = true; disable-ccid = true;

8
home/programs/pandoc.nix Normal file
View file

@ -0,0 +1,8 @@
{
config,
lib,
pkgs,
...
}: {
programs.pandoc.enable = true;
}

25
home/programs/unorganized.nix
View file

@ -1,25 +0,0 @@
{
programs = {
fzf = {
enable = true;
enableBashIntegration = true;
enableZshIntegration = true;
};
lazygit = {
enable = true;
settings = {
git.paging = {
pager = "delta --dark --paging=never";
colorArg = "always";
};
};
};
pandoc = {enable = true;};
zoxide = {
enable = true;
enableBashIntegration = true;
enableFishIntegration = true;
enableZshIntegration = true;
};
};
}

6
home/scripts.nix
View file

@ -1,4 +1,8 @@
{lib, pkgs, ...}: { {
lib,
pkgs,
...
}: {
home.activation = { home.activation = {
cloneDoom = lib.hm.dag.entryAfter ["writeBoundary"] '' cloneDoom = lib.hm.dag.entryAfter ["writeBoundary"] ''
if [ ! -d "$XDG_CONFIG_HOME/emacs" ]; then if [ ! -d "$XDG_CONFIG_HOME/emacs" ]; then

39
home/xdg.nix
View file

@ -5,25 +5,24 @@
mimeApps = { mimeApps = {
enable = true; enable = true;
defaultApplications = { defaultApplications = {
"application/pdf" = [ "firefox.desktop" "chromium-browser.desktop" ]; "application/pdf" = ["firefox.desktop" "chromium-browser.desktop"];
"application/rdf+xml" = [ "firefox.desktop" "chromium-browser.desktop" ]; "application/rdf+xml" = ["firefox.desktop" "chromium-browser.desktop"];
"application/rss+xml" = [ "firefox.desktop" "chromium-browser.desktop" ]; "application/rss+xml" = ["firefox.desktop" "chromium-browser.desktop"];
"application/xhtml+xml" = [ "firefox.desktop" "chromium-browser.desktop" ]; "application/xhtml+xml" = ["firefox.desktop" "chromium-browser.desktop"];
"application/xhtml_xml" = [ "firefox.desktop" "chromium-browser.desktop" ]; "application/xhtml_xml" = ["firefox.desktop" "chromium-browser.desktop"];
"application/xml" = [ "firefox.desktop" "chromium-browser.desktop" ]; "application/xml" = ["firefox.desktop" "chromium-browser.desktop"];
"image/gif" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ]; "image/gif" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
"image/jpeg" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ]; "image/jpeg" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
"image/png" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ]; "image/png" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
"image/webp" = [ "viewnior.desktop" "firefox.desktop" "chromium-browser.desktop" ]; "image/webp" = ["viewnior.desktop" "firefox.desktop" "chromium-browser.desktop"];
"text/html" = [ "firefox.desktop" "chromium-browser.desktop" ]; "text/html" = ["firefox.desktop" "chromium-browser.desktop"];
"text/xml" = [ "firefox.desktop" "chromium-browser.desktop" ]; "text/xml" = ["firefox.desktop" "chromium-browser.desktop"];
"x-scheme-handler/http" = [ "firefox.desktop" "chromium-browser.desktop" ]; "x-scheme-handler/http" = ["firefox.desktop" "chromium-browser.desktop"];
"x-scheme-handler/https" = [ "firefox.desktop" "chromium-browser.desktop" ]; "x-scheme-handler/https" = ["firefox.desktop" "chromium-browser.desktop"];
"x-scheme-handler/about" = [ "firefox.desktop" "chromium-browser.desktop" ]; "x-scheme-handler/about" = ["firefox.desktop" "chromium-browser.desktop"];
"x-scheme-handler/unknown" = [ "firefox.desktop" "chromium-browser.desktop" ]; "x-scheme-handler/unknown" = ["firefox.desktop" "chromium-browser.desktop"];
"x-scheme-handler/steam" = [ "steam-native.desktop" "steam.desktop" ]; "x-scheme-handler/steam" = ["steam-native.desktop" "steam.desktop"];
"x-scheme-handler/steamlink" = [ "steam-native.desktop" "steam.desktop" ]; "x-scheme-handler/steamlink" = ["steam-native.desktop" "steam.desktop"];
}; };
}; };
userDirs = { userDirs = {
@ -35,7 +34,7 @@
}; };
desktopEntries = { desktopEntries = {
element-desktop = { element-desktop = {
categories = [ "Network" "InstantMessaging" ]; categories = ["Network" "InstantMessaging"];
comment = "Desktop app for Element"; comment = "Desktop app for Element";
exec = "element-desktop"; exec = "element-desktop";
genericName = "Element Desktop App"; genericName = "Element Desktop App";

7
hosts/common/nixConfig.nix
View file

@ -1,4 +1,9 @@
{pkgs, inputs, self, ...}: { {
pkgs,
inputs,
self,
...
}: {
nix = { nix = {
enable = true; enable = true;
package = pkgs.nixUnstable; package = pkgs.nixUnstable;

1
hosts/marvin/configuration.nix
View file

@ -4,7 +4,6 @@
inputs, inputs,
... ...
}: { }: {
disabledModules = ["services/web-servers/caddy/default.nix"]; disabledModules = ["services/web-servers/caddy/default.nix"];
imports = [ imports = [
# Common Config # Common Config

2
hosts/marvin/firewall.nix
View file

@ -1,3 +1,3 @@
{ {
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [80 443];
} }

12
hosts/marvin/services/caddy.nix
View file

@ -1,10 +1,14 @@
{ lib, pkgs, ... }: { {
lib,
pkgs,
...
}: {
services.caddy = { services.caddy = {
enable = true; enable = true;
package = (pkgs.callPackage ./custom-caddy.nix { package = pkgs.callPackage ./custom-caddy.nix {
plugins = [ "github.com/caddy-dns/cloudflare" ]; plugins = ["github.com/caddy-dns/cloudflare"];
vendorSha256 = "sha256-1SBOXv2RGLlTT/mguPjTASU5AeQNIVySgVMgvu5BH6w="; vendorSha256 = "sha256-1SBOXv2RGLlTT/mguPjTASU5AeQNIVySgVMgvu5BH6w=";
}); };
extraConfig = '' extraConfig = ''
cache.mrhedgehog.xyz { cache.mrhedgehog.xyz {
tls { tls {

95
hosts/marvin/services/custom-caddy.nix
View file

@ -1,57 +1,60 @@
{ stdenv, lib, buildGoModule, plugins ? [], vendorSha256 ? "" }: {
stdenv,
lib,
buildGoModule,
plugins ? [],
vendorSha256 ? "",
}:
with lib; let
imports = flip concatMapStrings plugins (pkg: "\t\t\t_ \"${pkg}\"\n");
with lib; main = ''
package main
let imports = flip concatMapStrings plugins (pkg: "\t\t\t_ \"${pkg}\"\n"); import (
caddycmd "github.com/caddyserver/caddy/v2/cmd"
main = '' _ "github.com/caddyserver/caddy/v2/modules/standard"
package main ${imports}
)
import ( func main() {
caddycmd "github.com/caddyserver/caddy/v2/cmd" caddycmd.Main()
}
'';
in
buildGoModule rec {
pname = "caddy";
version = "2.5.0";
_ "github.com/caddyserver/caddy/v2/modules/standard" subPackages = ["cmd/caddy"];
${imports}
)
func main() { src = builtins.fetchGit {
caddycmd.Main() url = "https://github.com/caddyserver/caddy.git";
} rev = "a8bb4a665af358f61a7ac0eabac8df2110cb6a36";
''; };
inherit vendorSha256;
in buildGoModule rec { overrideModAttrs = _: {
pname = "caddy"; preBuild = "echo '${main}' > cmd/caddy/main.go";
version = "2.5.0"; postInstall = "cp go.sum go.mod $out/ && ls $out/";
};
subPackages = [ "cmd/caddy" ]; postPatch = ''
echo '${main}' > cmd/caddy/main.go
cat cmd/caddy/main.go
'';
src = builtins.fetchGit { postConfigure = ''
url = "https://github.com/caddyserver/caddy.git"; cp vendor/go.sum ./
rev = "a8bb4a665af358f61a7ac0eabac8df2110cb6a36"; cp vendor/go.mod ./
}; '';
inherit vendorSha256; meta = with lib; {
homepage = https://caddyserver.com;
overrideModAttrs = (_: { description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
preBuild = "echo '${main}' > cmd/caddy/main.go"; license = licenses.asl20;
postInstall = "cp go.sum go.mod $out/ && ls $out/"; maintainers = with maintainers; [rushmorem fpletz zimbatm];
}); };
}
postPatch = ''
echo '${main}' > cmd/caddy/main.go
cat cmd/caddy/main.go
'';
postConfigure = ''
cp vendor/go.sum ./
cp vendor/go.mod ./
'';
meta = with lib; {
homepage = https://caddyserver.com;
description = "Fast, cross-platform HTTP/2 web server with automatic HTTPS";
license = licenses.asl20;
maintainers = with maintainers; [ rushmorem fpletz zimbatm ];
};
}

8
hosts/marvin/services/hydra.nix
View file

@ -1,5 +1,9 @@
{pkgs, inputs, ...}: { {
services.hydra = { pkgs,
inputs,
...
}: {
services.hydra = {
enable = true; enable = true;
package = inputs.hydra-updated.legacyPackages.x86_64-linux.hydra_unstable; package = inputs.hydra-updated.legacyPackages.x86_64-linux.hydra_unstable;
hydraURL = "https://hydra.mrhedgehog.xyz"; hydraURL = "https://hydra.mrhedgehog.xyz";

2
hosts/zaphod/configuration.nix
View file

@ -4,7 +4,6 @@
inputs, inputs,
... ...
}: { }: {
disabledModules = ["services/web-servers/caddy/default.nix"]; disabledModules = ["services/web-servers/caddy/default.nix"];
imports = [ imports = [
# Common Config # Common Config
@ -19,7 +18,6 @@
# Machine-specific configurations. # Machine-specific configurations.
./programs/dconf.nix ./programs/dconf.nix
]; ];
networking = { networking = {
hostName = "zaphod"; hostName = "zaphod";

127
modules/caddy.nix
View file

@ -1,56 +1,56 @@
{ config, lib, pkgs, ... }: {
config,
with lib; lib,
pkgs,
let ...
}:
with lib; let
cfg = config.services.caddy; cfg = config.services.caddy;
virtualHosts = attrValues cfg.virtualHosts; virtualHosts = attrValues cfg.virtualHosts;
acmeVHosts = filter (hostOpts: hostOpts.useACMEHost != null) virtualHosts; acmeVHosts = filter (hostOpts: hostOpts.useACMEHost != null) virtualHosts;
mkVHostConf = hostOpts: mkVHostConf = hostOpts: let
let sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory;
sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory; in ''
in ${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} {
'' bind ${concatStringsSep " " hostOpts.listenAddresses}
${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} { ${optionalString (hostOpts.useACMEHost != null) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"}
bind ${concatStringsSep " " hostOpts.listenAddresses} log {
${optionalString (hostOpts.useACMEHost != null) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"} ${hostOpts.logFormat}
log { }
${hostOpts.logFormat}
}
${hostOpts.extraConfig} ${hostOpts.extraConfig}
} }
''; '';
configFile = configFile = let
let Caddyfile = pkgs.writeText "Caddyfile" ''
Caddyfile = pkgs.writeText "Caddyfile" '' {
{ ${cfg.globalConfig}
${cfg.globalConfig} }
} ${cfg.extraConfig}
${cfg.extraConfig} '';
'';
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" { nativeBuildInputs = [ cfg.package ]; } '' Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" {nativeBuildInputs = [cfg.package];} ''
${cfg.package}/bin/caddy fmt ${Caddyfile} > $out ${cfg.package}/bin/caddy fmt ${Caddyfile} > $out
''; '';
in in
if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform then Caddyfile-formatted else Caddyfile; if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform
then Caddyfile-formatted
else Caddyfile;
acmeHosts = unique (catAttrs "useACMEHost" acmeVHosts); acmeHosts = unique (catAttrs "useACMEHost" acmeVHosts);
mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix; mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix;
in in {
{
imports = [ imports = [
(mkRemovedOptionModule [ "services" "caddy" "agree" ] "this option is no longer necessary for Caddy 2") (mkRemovedOptionModule ["services" "caddy" "agree"] "this option is no longer necessary for Caddy 2")
(mkRenamedOptionModule [ "services" "caddy" "ca" ] [ "services" "caddy" "acmeCA" ]) (mkRenamedOptionModule ["services" "caddy" "ca"] ["services" "caddy" "acmeCA"])
(mkRenamedOptionModule [ "services" "caddy" "config" ] [ "services" "caddy" "extraConfig" ]) (mkRenamedOptionModule ["services" "caddy" "config"] ["services" "caddy" "extraConfig"])
]; ];
disabledModules = [ "services/web-servers/caddy/default.nix" ]; disabledModules = ["services/web-servers/caddy/default.nix"];
# interface # interface
options.services.caddy = { options.services.caddy = {
@ -222,7 +222,7 @@ in
}; };
virtualHosts = mkOption { virtualHosts = mkOption {
type = with types; attrsOf (submodule (import ./vhost-options.nix { inherit cfg; })); type = with types; attrsOf (submodule (import ./vhost-options.nix {inherit cfg;}));
default = {}; default = {};
example = literalExpression '' example = literalExpression ''
{ {
@ -262,21 +262,24 @@ in
certificates. certificates.
''; '';
}; };
}; };
# implementation # implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions =
assertions = [ [
{ assertion = cfg.adapter != "caddyfile" -> cfg.configFile != configFile; {
message = "Any value other than 'caddyfile' is only valid when providing your own `services.caddy.configFile`"; assertion = cfg.adapter != "caddyfile" -> cfg.configFile != configFile;
} message = "Any value other than 'caddyfile' is only valid when providing your own `services.caddy.configFile`";
] ++ map (name: mkCertOwnershipAssertion { }
inherit (cfg) group user; ]
cert = config.security.acme.certs.${name}; ++ map (name:
groups = config.users.groups; mkCertOwnershipAssertion {
}) acmeHosts; inherit (cfg) group user;
cert = config.security.acme.certs.${name};
groups = config.users.groups;
})
acmeHosts;
services.caddy.extraConfig = concatMapStringsSep "\n" mkVHostConf virtualHosts; services.caddy.extraConfig = concatMapStringsSep "\n" mkVHostConf virtualHosts;
services.caddy.globalConfig = '' services.caddy.globalConfig = ''
@ -287,30 +290,30 @@ in
} }
''; '';
systemd.packages = [ cfg.package ]; systemd.packages = [cfg.package];
systemd.services.caddy = { systemd.services.caddy = {
wants = map (hostOpts: "acme-finished-${hostOpts.useACMEHost}.target") acmeVHosts; wants = map (hostOpts: "acme-finished-${hostOpts.useACMEHost}.target") acmeVHosts;
after = map (hostOpts: "acme-selfsigned-${hostOpts.useACMEHost}.service") acmeVHosts; after = map (hostOpts: "acme-selfsigned-${hostOpts.useACMEHost}.service") acmeVHosts;
before = map (hostOpts: "acme-${hostOpts.useACMEHost}.service") acmeVHosts; before = map (hostOpts: "acme-${hostOpts.useACMEHost}.service") acmeVHosts;
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
startLimitIntervalSec = 14400; startLimitIntervalSec = 14400;
startLimitBurst = 10; startLimitBurst = 10;
serviceConfig = { serviceConfig = {
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart= # https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
# If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect. # If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
ExecStart = [ "" "${cfg.package}/bin/caddy run --config ${cfg.configFile} --adapter ${cfg.adapter} ${optionalString cfg.resume "--resume"}" ]; ExecStart = ["" "${cfg.package}/bin/caddy run --config ${cfg.configFile} --adapter ${cfg.adapter} ${optionalString cfg.resume "--resume"}"];
ExecReload = [ "" "${cfg.package}/bin/caddy reload --config ${cfg.configFile} --adapter ${cfg.adapter}" ]; ExecReload = ["" "${cfg.package}/bin/caddy reload --config ${cfg.configFile} --adapter ${cfg.adapter}"];
ExecStartPre = "${cfg.package}/bin/caddy validate --config ${cfg.configFile} --adapter ${cfg.adapter}"; ExecStartPre = "${cfg.package}/bin/caddy validate --config ${cfg.configFile} --adapter ${cfg.adapter}";
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
ReadWriteDirectories = cfg.dataDir; ReadWriteDirectories = cfg.dataDir;
StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") [ "caddy" ]; StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") ["caddy"];
LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") [ "caddy" ]; LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") ["caddy"];
Restart = "on-abnormal"; Restart = "on-abnormal";
SupplementaryGroups = mkIf (length acmeVHosts != 0) [ "acme" ]; SupplementaryGroups = mkIf (length acmeVHosts != 0) ["acme"];
# TODO: attempt to upstream these options # TODO: attempt to upstream these options
NoNewPrivileges = true; NoNewPrivileges = true;
@ -333,11 +336,9 @@ in
caddy.gid = config.ids.gids.caddy; caddy.gid = config.ids.gids.caddy;
}; };
security.acme.certs = security.acme.certs = let
let reloads = map (useACMEHost: nameValuePair useACMEHost {reloadServices = ["caddy.service"];}) acmeHosts;
reloads = map (useACMEHost: nameValuePair useACMEHost { reloadServices = [ "caddy.service" ]; }) acmeHosts; in
in listToAttrs reloads;
listToAttrs reloads;
}; };
} }

83
modules/crypto.nix
View file

@ -1,8 +1,10 @@
{ pkgs, config, lib, ... }: {
pkgs,
with lib; config,
lib,
let ...
}:
with lib; let
cfg = config.mrhedgehog.secrets; cfg = config.mrhedgehog.secrets;
secret = types.submodule { secret = types.submodule {
@ -39,48 +41,55 @@ let
metadata = lib.importTOML ../metadata/hosts.toml; metadata = lib.importTOML ../metadata/hosts.toml;
mkSecretOnDisk = name: mkSecretOnDisk = name: {source, ...}:
{ source, ... }:
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
name = "${name}-secret"; name = "${name}-secret";
phases = "installPhase"; phases = "installPhase";
buildInputs = [ pkgs.rage ]; buildInputs = [pkgs.rage];
installPhase = installPhase = let
let key = metadata.hosts."${config.networking.hostName}".ssh_pubkey; key = metadata.hosts."${config.networking.hostName}".ssh_pubkey;
in '' in ''
rage -a -r '${key}' -o "$out" '${source}' rage -a -r '${key}' -o "$out" '${source}'
'';
};
mkService = name:
{ source, dest, owner, group, permissions, ... }: {
description = "decrypt secret for ${name}";
wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot";
script = with pkgs; ''
rm -rf ${dest}
"${rage}"/bin/rage -d -i /etc/ssh/ssh_host_ed25519_key -o '${dest}' '${
mkSecretOnDisk name { inherit source; }
}'
chown '${owner}':'${group}' '${dest}'
chmod '${permissions}' '${dest}'
''; '';
}; };
mkService = name: {
source,
dest,
owner,
group,
permissions,
...
}: {
description = "decrypt secret for ${name}";
wantedBy = ["multi-user.target"];
serviceConfig.Type = "oneshot";
script = with pkgs; ''
rm -rf ${dest}
"${rage}"/bin/rage -d -i /etc/ssh/ssh_host_ed25519_key -o '${dest}' '${
mkSecretOnDisk name {inherit source;}
}'
chown '${owner}':'${group}' '${dest}'
chmod '${permissions}' '${dest}'
'';
};
in { in {
options.mrhedgehog.secrets = mkOption { options.mrhedgehog.secrets = mkOption {
type = types.attrsOf secret; type = types.attrsOf secret;
description = "secret configuration"; description = "secret configuration";
default = { }; default = {};
}; };
config.systemd.services = let config.systemd.services = let
units = mapAttrs' (name: info: { units =
name = "${name}-key"; mapAttrs' (name: info: {
value = (mkService name info); name = "${name}-key";
}) cfg; value = mkService name info;
in units; })
cfg;
in
units;
} }

22
modules/vhost-options.nix
View file

@ -1,11 +1,12 @@
{ cfg }: {cfg}: {
{ config, lib, name, ... }: config,
let lib,
name,
...
}: let
inherit (lib) literalExpression mkOption types; inherit (lib) literalExpression mkOption types;
in in {
{
options = { options = {
hostName = mkOption { hostName = mkOption {
type = types.str; type = types.str;
default = name; default = name;
@ -14,8 +15,8 @@ in
serverAliases = mkOption { serverAliases = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = [ ]; default = [];
example = [ "www.example.org" "example.org" ]; example = ["www.example.org" "example.org"];
description = '' description = ''
Additional names of virtual hosts served by this virtual host configuration. Additional names of virtual hosts served by this virtual host configuration.
''; '';
@ -26,8 +27,8 @@ in
description = '' description = ''
A list of host interfaces to bind to for this virtual host. A list of host interfaces to bind to for this virtual host.
''; '';
default = [ ]; default = [];
example = [ "127.0.0.1" "::1" ]; example = ["127.0.0.1" "::1"];
}; };
useACMEHost = mkOption { useACMEHost = mkOption {
@ -74,6 +75,5 @@ in
automatically generated <literal>Caddyfile</literal>. automatically generated <literal>Caddyfile</literal>.
''; '';
}; };
}; };
} }

3
overlays/sumneko.nix
View file

@ -1,5 +1,4 @@
self: super: self: super: {
{
sumneko-lua-language-server = super.sumneko-lua-language-server.overrideAttrs (old: { sumneko-lua-language-server = super.sumneko-lua-language-server.overrideAttrs (old: {
version = "3.2.2"; version = "3.2.2";
src = super.fetchFromGitHub rec { src = super.fetchFromGitHub rec {