summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Bargman2024-11-30 13:15:05 +0000
committerJohn Bargman2024-11-30 14:36:04 +0000
commite1b05d65451cce58205a2c4b3d84f706b04fb17e (patch)
tree53f3b332d77b66fd7cd106df8bbd595ad66fe02d
parent85e3e7d7baa2b59d7c7e9840b5511349adb07909 (diff)
downloadcrash-web-e1b05d65451cce58205a2c4b3d84f706b04fb17e.tar
crash-web-e1b05d65451cce58205a2c4b3d84f706b04fb17e.tar.gz
crash-web-e1b05d65451cce58205a2c4b3d84f706b04fb17e.tar.bz2
crash-web-e1b05d65451cce58205a2c4b3d84f706b04fb17e.tar.lz
crash-web-e1b05d65451cce58205a2c4b3d84f706b04fb17e.tar.xz
crash-web-e1b05d65451cce58205a2c4b3d84f706b04fb17e.tar.zst
crash-web-e1b05d65451cce58205a2c4b3d84f706b04fb17e.zip
reorg and update; add cgit
Diffstat
-rw-r--r--flake.lock110
-rw-r--r--flake.nix46
-rw-r--r--machines/overburn-1.nix13
-rw-r--r--openstack.nix2
-rw-r--r--services/cgit.nix103
-rw-r--r--services/ejabberd.nix (renamed from ejabberd.nix)0
-rw-r--r--services/mailserver.nix17
-rw-r--r--services/website.nix (renamed from website.nix)0
-rwxr-xr-xusers/commander.nix (renamed from commander.nix)4
9 files changed, 195 insertions, 100 deletions
diff --git a/flake.lock b/flake.lock
index 4edfa53..71343f3 100644
--- a/flake.lock
+++ b/flake.lock
@@ -4,14 +4,15 @@
"inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
- "nixpkgs": "nixpkgs"
+ "nixpkgs": "nixpkgs",
+ "systems": "systems"
},
"locked": {
- "lastModified": 1690228878,
- "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=",
+ "lastModified": 1723293904,
+ "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=",
"owner": "ryantm",
"repo": "agenix",
- "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792",
+ "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41",
"type": "github"
},
"original": {
@@ -44,11 +45,11 @@
]
},
"locked": {
- "lastModified": 1673295039,
- "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=",
+ "lastModified": 1700795494,
+ "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=",
"owner": "lnl7",
"repo": "nix-darwin",
- "rev": "87b9d090ad39b25b2400029c64825fc2a8868943",
+ "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d",
"type": "github"
},
"original": {
@@ -61,11 +62,11 @@
"flake-compat": {
"flake": false,
"locked": {
- "lastModified": 1668681692,
- "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+ "lastModified": 1696426674,
+ "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
- "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+ "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@@ -82,11 +83,11 @@
]
},
"locked": {
- "lastModified": 1682203081,
- "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
+ "lastModified": 1703113217,
+ "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=",
"owner": "nix-community",
"repo": "home-manager",
- "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
+ "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1",
"type": "github"
},
"original": {
@@ -100,11 +101,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
- "lastModified": 1688141737,
- "narHash": "sha256-qHrNMYWukOKmKVf6wXOGKj1xxUnOGjvTRbt/PLLXuBE=",
+ "lastModified": 1708891350,
+ "narHash": "sha256-VOQrKK7Df/IVuNki+NshVuGkTa/Tw0GigPjWcZff6kk=",
"owner": "matthewcroughan",
"repo": "nixinate",
- "rev": "7902ae845e6cc5bd450e510cdf5e009a6e4a44d9",
+ "rev": "452f33c60df5b72ad0858f5f2cf224bdf1f17746",
"type": "github"
},
"original": {
@@ -115,11 +116,11 @@
},
"nixpkgs": {
"locked": {
- "lastModified": 1677676435,
- "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=",
+ "lastModified": 1703013332,
+ "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169",
+ "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"type": "github"
},
"original": {
@@ -129,33 +130,18 @@
"type": "github"
}
},
- "nixpkgs-22_11": {
+ "nixpkgs-24_05": {
"locked": {
- "lastModified": 1669558522,
- "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=",
+ "lastModified": 1717144377,
+ "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82",
+ "rev": "805a384895c696f802a9bf5bf4720f37385df547",
"type": "github"
},
"original": {
"id": "nixpkgs",
- "ref": "nixos-22.11",
- "type": "indirect"
- }
- },
- "nixpkgs-23_05": {
- "locked": {
- "lastModified": 1684782344,
- "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=",
- "owner": "NixOS",
- "repo": "nixpkgs",
- "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88",
- "type": "github"
- },
- "original": {
- "id": "nixpkgs",
- "ref": "nixos-23.05",
+ "ref": "nixos-24.05",
"type": "indirect"
}
},
@@ -177,27 +163,27 @@
},
"nixpkgs_3": {
"locked": {
- "lastModified": 1694048570,
- "narHash": "sha256-PEQptwFCVaJ+jLFJgrZll2shQ9VI/7xVhrCYkJo8iIw=",
+ "lastModified": 1732749044,
+ "narHash": "sha256-T38FQOg0BV5M8FN1712fovzNakSOENEYs+CSkg31C9Y=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "4f77ea639305f1de0a14d9d41eef83313360638c",
+ "rev": "0c5b4ecbed5b155b705336aa96d878e55acd8685",
"type": "github"
},
"original": {
"owner": "nixos",
- "ref": "nixos-23.05",
+ "ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
- "lastModified": 1670751203,
- "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=",
+ "lastModified": 1717602782,
+ "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=",
"owner": "NixOS",
"repo": "nixpkgs",
- "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60",
+ "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6",
"type": "github"
},
"original": {
@@ -208,11 +194,11 @@
},
"nixpkgs_unstable": {
"locked": {
- "lastModified": 1693985761,
- "narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=",
+ "lastModified": 1732758367,
+ "narHash": "sha256-RzaI1RO0UXqLjydtz3GAXSTzHkpb/lLD1JD8a0W4Wpo=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "0bffda19b8af722f8069d09d8b6a24594c80b352",
+ "rev": "fa42b5a5f401aab8a32bd33c9a4de0738180dc59",
"type": "github"
},
"original": {
@@ -236,16 +222,14 @@
"blobs": "blobs",
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_4",
- "nixpkgs-22_11": "nixpkgs-22_11",
- "nixpkgs-23_05": "nixpkgs-23_05",
- "utils": "utils"
+ "nixpkgs-24_05": "nixpkgs-24_05"
},
"locked": {
- "lastModified": 1689976554,
- "narHash": "sha256-uWJq3sIhkqfzPmfB2RWd5XFVooGFfSuJH9ER/r302xQ=",
+ "lastModified": 1722877200,
+ "narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=",
"owner": "simple-nixos-mailserver",
"repo": "nixos-mailserver",
- "rev": "c63f6e7b053c18325194ff0e274dba44e8d2271e",
+ "rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2",
"type": "gitlab"
},
"original": {
@@ -254,18 +238,18 @@
"type": "gitlab"
}
},
- "utils": {
+ "systems": {
"locked": {
- "lastModified": 1605370193,
- "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=",
- "owner": "numtide",
- "repo": "flake-utils",
- "rev": "5021eac20303a61fafe17224c087f5519baed54d",
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
- "owner": "numtide",
- "repo": "flake-utils",
+ "owner": "nix-systems",
+ "repo": "default",
"type": "github"
}
}
diff --git a/flake.nix b/flake.nix
index 4eda89e..4f7d5f9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -5,7 +5,7 @@
nixinate.url = "github:matthewcroughan/nixinate";
agenix.url = "github:ryantm/agenix";
nixpkgs_unstable.url = "github:nixos/nixpkgs/nixos-unstable";
- nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
+ nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver";
};
@@ -14,6 +14,7 @@
pkgs = nixpkgs.legacyPackages.x86_64-linux;
webroot = "${self}/webroot";
fqdn = "crashoverburn.com";
+ hashedPasswordFile = "${self}/password.file";
in
{
formatter.x86_64-linux = pkgs.nixpkgs-fmt;
@@ -59,41 +60,18 @@
nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
- simple-nixos-mailserver.nixosModule
- {
- mailserver = {
- fqdn = "mail.crashoverburn.com";
- domains = [ "mail.crashoverburn.com" "crashoverburn.com" ];
- enable = true;
- # A list of all login accounts. To create the password hashes, use
- # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
- loginAccounts = {
- "crash@crashoverburn.com" = {
- hashedPasswordFile = "${self}/password.file";
- aliases = [ "postmaster@mail.crashoverburn.com" "overburn@crashoverburn.com" ];
- };
- };
- certificateScheme = "acme-nginx";
- };
- }
agenix.nixosModules.default
+ simple-nixos-mailserver.nixosModule
./openstack.nix
- (import ./website.nix { inherit webroot; })
- (import ./ejabberd.nix { inherit fqdn; })
- ./commander.nix
- {
- networking.hostName = "crashoverburn";
- security.acme = {
- acceptTerms = true;
- defaults.email = "postmaster@mail.crashoverburn.com";
- };
- environment.systemPackages = [
- pkgs.btop
- pkgs.tmux
- pkgs.neovim
- ];
+ ./users/commander.nix
+ (import ./services/cgit.nix { inherit pkgs; inherit fqdn; })
+ (import ./services/website.nix { inherit webroot; })
+ (import ./services/ejabberd.nix { inherit fqdn; })
+ (import ./services/mailserver.nix { inherit pkgs; inherit hashedPasswordFile; })
+ ./machines/overburn-1.nix
+ {
imports = [
- "${nixpkgs}/nixos/modules/virtualisation/openstack-config.nix"
+ "${nixpkgs}/nixos/modules/virtualisation/openstack-config.nix"
];
_module.args.nixinate = {
host = "193.16.42.36";
@@ -102,7 +80,7 @@
hermetic = true;
buildOn = "local";
};
- }
+ }
];
};
};
diff --git a/machines/overburn-1.nix b/machines/overburn-1.nix
new file mode 100644
index 0000000..27fa908
--- /dev/null
+++ b/machines/overburn-1.nix
@@ -0,0 +1,13 @@
+{ webroot, fqdn, pkgs, ... }:
+{
+ networking.hostName = "crashoverburn-1";
+ security.acme = {
+ acceptTerms = true;
+ defaults.email = "postmaster@mail.crashoverburn.com";
+ };
+ environment.systemPackages = [
+ pkgs.btop
+ pkgs.tmux
+ pkgs.neovim
+ ];
+} \ No newline at end of file
diff --git a/openstack.nix b/openstack.nix
index ebf4eca..fb16308 100644
--- a/openstack.nix
+++ b/openstack.nix
@@ -2,7 +2,7 @@
{
nix = {
settings.trusted-users = [ "root" "commander" ];
- package = pkgs.nixUnstable;
+ package = pkgs.nixVersions.latest; #Unstable;
extraOptions = ''
experimental-features = nix-command flakes
'';
diff --git a/services/cgit.nix b/services/cgit.nix
new file mode 100644
index 0000000..a7795ac
--- /dev/null
+++ b/services/cgit.nix
@@ -0,0 +1,103 @@
+{ pkgs, fqdn, ... }:
+{
+ services.uwsgi = {
+ enable = true;
+ user = "public";
+ group = "users";
+ plugins = [ "cgi" ];
+
+ instance = {
+ type = "emperor";
+ vassals = {
+ cgit = {
+ type = "normal";
+ master = "true";
+ socket = "/run/uwsgi/cgit.sock";
+ procname-master = "uwsgi cgit";
+ plugins = [ "cgi" ];
+ cgi = "${pkgs.cgit}/cgit/cgit.cgi";
+ };
+ };
+ };
+ };
+
+ services.gitolite = {
+ enable = true;
+ user = "git";
+ group = "git";
+ adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhzz/CAb74rLQkDF2weTCb0DICw1oyXNv6XmdLfEsT5 crash@crashoverburn.com";
+ extraGitoliteRc = ''
+ $RC{UMASK} = 0027;
+ $RC{GIT_CONFIG_KEYS} = '.*';
+ '';
+ };
+
+ users.extraUsers.public =
+ {
+ isSystemUser = true;
+ group = "git";
+ };
+
+ services.nginx.virtualHosts."code.${fqdn}" = {
+ addSSL = true;
+ enableACME = true;
+ root = "${pkgs.cgit}/cgit";
+ locations = {
+ "/" = {
+ extraConfig = ''
+ try_files $uri @cgit;
+ '';
+ };
+ "@cgit" = {
+ extraConfig = ''
+ uwsgi_pass unix:/run/uwsgi/cgit.sock;
+ include ${pkgs.nginx}/conf/uwsgi_params;
+ uwsgi_modifier1 9;
+ '';
+ };
+ };
+ };
+
+ systemd.services.create-cgit-cache = {
+ description = "Create cache directory for cgit";
+ enable = true;
+ wantedBy = [ "uwsgi.service" ];
+ serviceConfig = {
+ type = "oneshot";
+ };
+ script = ''
+ mkdir /run/cgit
+ chown -R public:users /run/cgit
+ '';
+ };
+
+ environment.etc."cgitrc".text = ''
+ virtual-root=/
+
+ cache-size=1000
+ cache-root=/run/cgit
+
+ root-title=~/projects
+ root-desc=code.${fqdn}
+ footer=
+
+ enable-index-owner=0
+ enable-http-clone=1
+ noplainemail=1
+
+ max-atom-items=50
+
+ enable-git-config=1
+ enable-gitweb-owner=1
+ remove-suffix=1
+
+ snapshots=all
+ readme=master:README.md
+
+ source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
+ about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh
+
+ project-list=/var/lib/gitolite/projects.list
+ scan-path=/var/lib/gitolite/repositories
+ '';
+}
diff --git a/ejabberd.nix b/services/ejabberd.nix
index f18cfe6..f18cfe6 100644
--- a/ejabberd.nix
+++ b/services/ejabberd.nix
diff --git a/services/mailserver.nix b/services/mailserver.nix
new file mode 100644
index 0000000..7d6f1d8
--- /dev/null
+++ b/services/mailserver.nix
@@ -0,0 +1,17 @@
+{ pkgs, hashedPasswordFile, ... }:
+{
+ mailserver = {
+ fqdn = "mail.crashoverburn.com";
+ domains = [ "mail.crashoverburn.com" "crashoverburn.com" ];
+ enable = true;
+ # A list of all login accounts. To create the password hashes, use
+ # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt'
+ loginAccounts = {
+ "crash@crashoverburn.com" = {
+ inherit hashedPasswordFile;
+ aliases = [ "postmaster@mail.crashoverburn.com" "overburn@crashoverburn.com" ];
+ };
+ };
+ certificateScheme = "acme-nginx";
+ };
+} \ No newline at end of file
diff --git a/website.nix b/services/website.nix
index d36f538..d36f538 100644
--- a/website.nix
+++ b/services/website.nix
diff --git a/commander.nix b/users/commander.nix
index 294d269..6bfbb74 100755
--- a/commander.nix
+++ b/users/commander.nix
@@ -6,7 +6,7 @@
programs.ssh.enableAskPassword = false;
programs.gnupg.agent =
{
- pinentryFlavor = "tty";
+ pinentryPackage = pkgs.pinentry-tty;
enable = true;
enableSSHSupport = true;
};
@@ -22,7 +22,7 @@
hashedPassword = "$6$irFKKFRDPP$H5EaeHornoVvWcKtUBj.29tPvw.SspaSi/vOPGc3GG2bW//M.ld3E7E3XCevJ6vn175A/raHvNIotXayvMqzz0";
openssh.authorizedKeys.keys =
[
- "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhzz/CAb74rLQkDF2weTCb0DICw1oyXNv6XmdLfEsT5 darthpjb@gmail.com"
+ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhzz/CAb74rLQkDF2weTCb0DICw1oyXNv6XmdLfEsT5 crash@crashoverburn.com"
];
extraGroups = [ "wheel" "dialout" "disk" "networkManager" ]; # Enable ‘sudo’ for the user.
};