diff options
| -rw-r--r-- | flake.lock | 110 | ||||
| -rw-r--r-- | flake.nix | 46 | ||||
| -rw-r--r-- | machines/overburn-1.nix | 13 | ||||
| -rw-r--r-- | openstack.nix | 2 | ||||
| -rw-r--r-- | services/cgit.nix | 103 | ||||
| -rw-r--r-- | services/ejabberd.nix (renamed from ejabberd.nix) | 0 | ||||
| -rw-r--r-- | services/mailserver.nix | 17 | ||||
| -rw-r--r-- | services/website.nix (renamed from website.nix) | 0 | ||||
| -rwxr-xr-x | users/commander.nix (renamed from commander.nix) | 4 |
9 files changed, 195 insertions, 100 deletions
@@ -4,14 +4,15 @@ "inputs": { "darwin": "darwin", "home-manager": "home-manager", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "systems": "systems" }, "locked": { - "lastModified": 1690228878, - "narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=", + "lastModified": 1723293904, + "narHash": "sha256-b+uqzj+Wa6xgMS9aNbX4I+sXeb5biPDi39VgvSFqFvU=", "owner": "ryantm", "repo": "agenix", - "rev": "d8c973fd228949736dedf61b7f8cc1ece3236792", + "rev": "f6291c5935fdc4e0bef208cfc0dcab7e3f7a1c41", "type": "github" }, "original": { @@ -44,11 +45,11 @@ ] }, "locked": { - "lastModified": 1673295039, - "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", + "lastModified": 1700795494, + "narHash": "sha256-gzGLZSiOhf155FW7262kdHo2YDeugp3VuIFb4/GGng0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", + "rev": "4b9b83d5a92e8c1fbfd8eb27eda375908c11ec4d", "type": "github" }, "original": { @@ -61,11 +62,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1668681692, - "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "009399224d5e398d03b22badca40a37ac85412a1", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -82,11 +83,11 @@ ] }, "locked": { - "lastModified": 1682203081, - "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", + "lastModified": 1703113217, + "narHash": "sha256-7ulcXOk63TIT2lVDSExj7XzFx09LpdSAPtvgtM7yQPE=", "owner": "nix-community", "repo": "home-manager", - "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", + "rev": "3bfaacf46133c037bb356193bd2f1765d9dc82c1", "type": "github" }, "original": { @@ -100,11 +101,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1688141737, - "narHash": "sha256-qHrNMYWukOKmKVf6wXOGKj1xxUnOGjvTRbt/PLLXuBE=", + "lastModified": 1708891350, + "narHash": "sha256-VOQrKK7Df/IVuNki+NshVuGkTa/Tw0GigPjWcZff6kk=", "owner": "matthewcroughan", "repo": "nixinate", - "rev": "7902ae845e6cc5bd450e510cdf5e009a6e4a44d9", + "rev": "452f33c60df5b72ad0858f5f2cf224bdf1f17746", "type": "github" }, "original": { @@ -115,11 +116,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1677676435, - "narHash": "sha256-6FxdcmQr5JeZqsQvfinIMr0XcTyTuR7EXX0H3ANShpQ=", + "lastModified": 1703013332, + "narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a08d6979dd7c82c4cef0dcc6ac45ab16051c1169", + "rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6", "type": "github" }, "original": { @@ -129,33 +130,18 @@ "type": "github" } }, - "nixpkgs-22_11": { + "nixpkgs-24_05": { "locked": { - "lastModified": 1669558522, - "narHash": "sha256-yqxn+wOiPqe6cxzOo4leeJOp1bXE/fjPEi/3F/bBHv8=", + "lastModified": 1717144377, + "narHash": "sha256-F/TKWETwB5RaR8owkPPi+SPJh83AQsm6KrQAlJ8v/uA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ce5fe99df1f15a09a91a86be9738d68fadfbad82", + "rev": "805a384895c696f802a9bf5bf4720f37385df547", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-22.11", - "type": "indirect" - } - }, - "nixpkgs-23_05": { - "locked": { - "lastModified": 1684782344, - "narHash": "sha256-SHN8hPYYSX0thDrMLMWPWYulK3YFgASOrCsIL3AJ78g=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "8966c43feba2c701ed624302b6a935f97bcbdf88", - "type": "github" - }, - "original": { - "id": "nixpkgs", - "ref": "nixos-23.05", + "ref": "nixos-24.05", "type": "indirect" } }, @@ -177,27 +163,27 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1694048570, - "narHash": "sha256-PEQptwFCVaJ+jLFJgrZll2shQ9VI/7xVhrCYkJo8iIw=", + "lastModified": 1732749044, + "narHash": "sha256-T38FQOg0BV5M8FN1712fovzNakSOENEYs+CSkg31C9Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "4f77ea639305f1de0a14d9d41eef83313360638c", + "rev": "0c5b4ecbed5b155b705336aa96d878e55acd8685", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-23.05", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_4": { "locked": { - "lastModified": 1670751203, - "narHash": "sha256-XdoH1v3shKDGlrwjgrNX/EN8s3c+kQV7xY6cLCE8vcI=", + "lastModified": 1717602782, + "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "64e0bf055f9d25928c31fb12924e59ff8ce71e60", + "rev": "e8057b67ebf307f01bdcc8fba94d94f75039d1f6", "type": "github" }, "original": { @@ -208,11 +194,11 @@ }, "nixpkgs_unstable": { "locked": { - "lastModified": 1693985761, - "narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=", + "lastModified": 1732758367, + "narHash": "sha256-RzaI1RO0UXqLjydtz3GAXSTzHkpb/lLD1JD8a0W4Wpo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0bffda19b8af722f8069d09d8b6a24594c80b352", + "rev": "fa42b5a5f401aab8a32bd33c9a4de0738180dc59", "type": "github" }, "original": { @@ -236,16 +222,14 @@ "blobs": "blobs", "flake-compat": "flake-compat", "nixpkgs": "nixpkgs_4", - "nixpkgs-22_11": "nixpkgs-22_11", - "nixpkgs-23_05": "nixpkgs-23_05", - "utils": "utils" + "nixpkgs-24_05": "nixpkgs-24_05" }, "locked": { - "lastModified": 1689976554, - "narHash": "sha256-uWJq3sIhkqfzPmfB2RWd5XFVooGFfSuJH9ER/r302xQ=", + "lastModified": 1722877200, + "narHash": "sha256-qgKDNJXs+od+1UbRy62uk7dYal3h98I4WojfIqMoGcg=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "c63f6e7b053c18325194ff0e274dba44e8d2271e", + "rev": "af7d3bf5daeba3fc28089b015c0dd43f06b176f2", "type": "gitlab" }, "original": { @@ -254,18 +238,18 @@ "type": "gitlab" } }, - "utils": { + "systems": { "locked": { - "lastModified": 1605370193, - "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5021eac20303a61fafe17224c087f5519baed54d", + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", "type": "github" }, "original": { - "owner": "numtide", - "repo": "flake-utils", + "owner": "nix-systems", + "repo": "default", "type": "github" } } @@ -5,7 +5,7 @@ nixinate.url = "github:matthewcroughan/nixinate"; agenix.url = "github:ryantm/agenix"; nixpkgs_unstable.url = "github:nixos/nixpkgs/nixos-unstable"; - nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05"; simple-nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; }; @@ -14,6 +14,7 @@ pkgs = nixpkgs.legacyPackages.x86_64-linux; webroot = "${self}/webroot"; fqdn = "crashoverburn.com"; + hashedPasswordFile = "${self}/password.file"; in { formatter.x86_64-linux = pkgs.nixpkgs-fmt; @@ -59,41 +60,18 @@ nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - simple-nixos-mailserver.nixosModule - { - mailserver = { - fqdn = "mail.crashoverburn.com"; - domains = [ "mail.crashoverburn.com" "crashoverburn.com" ]; - enable = true; - # A list of all login accounts. To create the password hashes, use - # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' - loginAccounts = { - "crash@crashoverburn.com" = { - hashedPasswordFile = "${self}/password.file"; - aliases = [ "postmaster@mail.crashoverburn.com" "overburn@crashoverburn.com" ]; - }; - }; - certificateScheme = "acme-nginx"; - }; - } agenix.nixosModules.default + simple-nixos-mailserver.nixosModule ./openstack.nix - (import ./website.nix { inherit webroot; }) - (import ./ejabberd.nix { inherit fqdn; }) - ./commander.nix - { - networking.hostName = "crashoverburn"; - security.acme = { - acceptTerms = true; - defaults.email = "postmaster@mail.crashoverburn.com"; - }; - environment.systemPackages = [ - pkgs.btop - pkgs.tmux - pkgs.neovim - ]; + ./users/commander.nix + (import ./services/cgit.nix { inherit pkgs; inherit fqdn; }) + (import ./services/website.nix { inherit webroot; }) + (import ./services/ejabberd.nix { inherit fqdn; }) + (import ./services/mailserver.nix { inherit pkgs; inherit hashedPasswordFile; }) + ./machines/overburn-1.nix + { imports = [ - "${nixpkgs}/nixos/modules/virtualisation/openstack-config.nix" + "${nixpkgs}/nixos/modules/virtualisation/openstack-config.nix" ]; _module.args.nixinate = { host = "193.16.42.36"; @@ -102,7 +80,7 @@ hermetic = true; buildOn = "local"; }; - } + } ]; }; }; diff --git a/machines/overburn-1.nix b/machines/overburn-1.nix new file mode 100644 index 0000000..27fa908 --- /dev/null +++ b/machines/overburn-1.nix @@ -0,0 +1,13 @@ +{ webroot, fqdn, pkgs, ... }: +{ + networking.hostName = "crashoverburn-1"; + security.acme = { + acceptTerms = true; + defaults.email = "postmaster@mail.crashoverburn.com"; + }; + environment.systemPackages = [ + pkgs.btop + pkgs.tmux + pkgs.neovim + ]; +}
\ No newline at end of file diff --git a/openstack.nix b/openstack.nix index ebf4eca..fb16308 100644 --- a/openstack.nix +++ b/openstack.nix @@ -2,7 +2,7 @@ { nix = { settings.trusted-users = [ "root" "commander" ]; - package = pkgs.nixUnstable; + package = pkgs.nixVersions.latest; #Unstable; extraOptions = '' experimental-features = nix-command flakes ''; diff --git a/services/cgit.nix b/services/cgit.nix new file mode 100644 index 0000000..a7795ac --- /dev/null +++ b/services/cgit.nix @@ -0,0 +1,103 @@ +{ pkgs, fqdn, ... }: +{ + services.uwsgi = { + enable = true; + user = "public"; + group = "users"; + plugins = [ "cgi" ]; + + instance = { + type = "emperor"; + vassals = { + cgit = { + type = "normal"; + master = "true"; + socket = "/run/uwsgi/cgit.sock"; + procname-master = "uwsgi cgit"; + plugins = [ "cgi" ]; + cgi = "${pkgs.cgit}/cgit/cgit.cgi"; + }; + }; + }; + }; + + services.gitolite = { + enable = true; + user = "git"; + group = "git"; + adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhzz/CAb74rLQkDF2weTCb0DICw1oyXNv6XmdLfEsT5 crash@crashoverburn.com"; + extraGitoliteRc = '' + $RC{UMASK} = 0027; + $RC{GIT_CONFIG_KEYS} = '.*'; + ''; + }; + + users.extraUsers.public = + { + isSystemUser = true; + group = "git"; + }; + + services.nginx.virtualHosts."code.${fqdn}" = { + addSSL = true; + enableACME = true; + root = "${pkgs.cgit}/cgit"; + locations = { + "/" = { + extraConfig = '' + try_files $uri @cgit; + ''; + }; + "@cgit" = { + extraConfig = '' + uwsgi_pass unix:/run/uwsgi/cgit.sock; + include ${pkgs.nginx}/conf/uwsgi_params; + uwsgi_modifier1 9; + ''; + }; + }; + }; + + systemd.services.create-cgit-cache = { + description = "Create cache directory for cgit"; + enable = true; + wantedBy = [ "uwsgi.service" ]; + serviceConfig = { + type = "oneshot"; + }; + script = '' + mkdir /run/cgit + chown -R public:users /run/cgit + ''; + }; + + environment.etc."cgitrc".text = '' + virtual-root=/ + + cache-size=1000 + cache-root=/run/cgit + + root-title=~/projects + root-desc=code.${fqdn} + footer= + + enable-index-owner=0 + enable-http-clone=1 + noplainemail=1 + + max-atom-items=50 + + enable-git-config=1 + enable-gitweb-owner=1 + remove-suffix=1 + + snapshots=all + readme=master:README.md + + source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + + project-list=/var/lib/gitolite/projects.list + scan-path=/var/lib/gitolite/repositories + ''; +} diff --git a/ejabberd.nix b/services/ejabberd.nix index f18cfe6..f18cfe6 100644 --- a/ejabberd.nix +++ b/services/ejabberd.nix diff --git a/services/mailserver.nix b/services/mailserver.nix new file mode 100644 index 0000000..7d6f1d8 --- /dev/null +++ b/services/mailserver.nix @@ -0,0 +1,17 @@ +{ pkgs, hashedPasswordFile, ... }: +{ + mailserver = { + fqdn = "mail.crashoverburn.com"; + domains = [ "mail.crashoverburn.com" "crashoverburn.com" ]; + enable = true; + # A list of all login accounts. To create the password hashes, use + # nix-shell -p mkpasswd --run 'mkpasswd -sm bcrypt' + loginAccounts = { + "crash@crashoverburn.com" = { + inherit hashedPasswordFile; + aliases = [ "postmaster@mail.crashoverburn.com" "overburn@crashoverburn.com" ]; + }; + }; + certificateScheme = "acme-nginx"; + }; +}
\ No newline at end of file diff --git a/website.nix b/services/website.nix index d36f538..d36f538 100644 --- a/website.nix +++ b/services/website.nix diff --git a/commander.nix b/users/commander.nix index 294d269..6bfbb74 100755 --- a/commander.nix +++ b/users/commander.nix @@ -6,7 +6,7 @@ programs.ssh.enableAskPassword = false; programs.gnupg.agent = { - pinentryFlavor = "tty"; + pinentryPackage = pkgs.pinentry-tty; enable = true; enableSSHSupport = true; }; @@ -22,7 +22,7 @@ hashedPassword = "$6$irFKKFRDPP$H5EaeHornoVvWcKtUBj.29tPvw.SspaSi/vOPGc3GG2bW//M.ld3E7E3XCevJ6vn175A/raHvNIotXayvMqzz0"; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhzz/CAb74rLQkDF2weTCb0DICw1oyXNv6XmdLfEsT5 darthpjb@gmail.com" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILhzz/CAb74rLQkDF2weTCb0DICw1oyXNv6XmdLfEsT5 crash@crashoverburn.com" ]; extraGroups = [ "wheel" "dialout" "disk" "networkManager" ]; # Enable ‘sudo’ for the user. }; |