diff options
-rw-r--r-- | npins/sources.json | 34 | ||||
m--------- | packages | 0 | ||||
-rw-r--r-- | secrets/acme.age | bin | 641 -> 708 bytes | |||
-rw-r--r-- | system/linde.nix | 104 | ||||
-rw-r--r-- | system/mba.nix | 1 | ||||
-rwxr-xr-x | system/nanopi.nix | 5 | ||||
-rw-r--r-- | system/prefect.nix | 4 | ||||
-rw-r--r-- | system/settings/dev.nix | 3 | ||||
-rw-r--r-- | user/emacs/init.el | 12 | ||||
-rw-r--r-- | user/settings/development/golang.nix | 7 |
10 files changed, 131 insertions, 39 deletions
diff --git a/npins/sources.json b/npins/sources.json index d7b43684..1b095326 100644 --- a/npins/sources.json +++ b/npins/sources.json @@ -20,9 +20,9 @@ "repo": "nix-darwin" }, "branch": "master", - "revision": "50581970f37f06a4719001735828519925ef8310", - "url": "https://github.com/lnl7/nix-darwin/archive/50581970f37f06a4719001735828519925ef8310.tar.gz", - "hash": "1c2zihl124j7xz5fyhkjvcpabyrvs1qgix1fzr0fc002mnkcrf13" + "revision": "ec12b88104d6c117871fad55e931addac4626756", + "url": "https://github.com/lnl7/nix-darwin/archive/ec12b88104d6c117871fad55e931addac4626756.tar.gz", + "hash": "1c1v6r77majxhs8a9gz3czqnsf94hy28bwk7kq50879cc2cw7cb4" }, "emacs-overlay": { "type": "Git", @@ -32,9 +32,9 @@ "repo": "emacs-overlay" }, "branch": "master", - "revision": "dc376600483aae0272de58ea9b2d06c9f4e132eb", - "url": "https://github.com/nix-community/emacs-overlay/archive/dc376600483aae0272de58ea9b2d06c9f4e132eb.tar.gz", - "hash": "15b1w9vg1g7zih56lh198yi8si6m7b4yxxfsn4dxffdzal415vbl" + "revision": "6b14b1346a81aba358b2fe747e9f3de0e205945d", + "url": "https://github.com/nix-community/emacs-overlay/archive/6b14b1346a81aba358b2fe747e9f3de0e205945d.tar.gz", + "hash": "19llv3cqaq23gy6pxq79slp3nkrnrfw28qrlxc1bg1xpqmcybx4z" }, "home-manager": { "type": "Git", @@ -44,9 +44,9 @@ "repo": "home-manager" }, "branch": "master", - "revision": "cd886711998fe5d9ff7979fdd4b4cbd17b1f1511", - "url": "https://github.com/nix-community/home-manager/archive/cd886711998fe5d9ff7979fdd4b4cbd17b1f1511.tar.gz", - "hash": "1kvww9d28nlz2gawbrasvgpk172vzxlxdbhh1b8c41m1x7rrvqk8" + "revision": "59ce796b2563e19821361abbe2067c3bb4143a7d", + "url": "https://github.com/nix-community/home-manager/archive/59ce796b2563e19821361abbe2067c3bb4143a7d.tar.gz", + "hash": "0mc4mi23mds8c9r50r8f50sczcpb6fwgml2bcypld57micw8fxxn" }, "nix-index-database": { "type": "Git", @@ -68,15 +68,15 @@ "repo": "nixos-hardware" }, "branch": "master", - "revision": "e8232c132a95ddc62df9d404120ad4ff53862910", - "url": "https://github.com/NixOS/nixos-hardware/archive/e8232c132a95ddc62df9d404120ad4ff53862910.tar.gz", - "hash": "0w6d2nk498i0hqiimfxhxj7i9zhija9sybnhbyknwl7pkc4b7lkp" + "revision": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac", + "url": "https://github.com/NixOS/nixos-hardware/archive/a59f00f5ac65b19382617ba00f360f8bc07ed3ac.tar.gz", + "hash": "1a6sr6b0gma5b7cklfhpgl02qgv7b3if8dv3y7rmc48iigaab7rf" }, "nixpkgs": { "type": "Channel", "name": "nixos-unstable", - "url": "https://releases.nixos.org/nixos/unstable/nixos-24.11pre642660.a71e967ef369/nixexprs.tar.xz", - "hash": "0km1smh73aqa9syc3pd6f8l8rz6jb87x8a4qx7d6x1b8932z3is2" + "url": "https://releases.nixos.org/nixos/unstable/nixos-24.11pre645454.2741b4b489b5/nixexprs.tar.xz", + "hash": "1lqa1zb6bkh2kjiv2g9439mh4rzfpmflw6rjkc4gj0ww56lizf7r" }, "nur": { "type": "Git", @@ -86,9 +86,9 @@ "repo": "NUR" }, "branch": "master", - "revision": "88407857c90e39f2654a0ef347c2c920c25f453c", - "url": "https://github.com/nix-community/NUR/archive/88407857c90e39f2654a0ef347c2c920c25f453c.tar.gz", - "hash": "1gn8lbgrcqx4i13p2jjqqp3n2pkrmxn8rliz53x0vdmlg4vvzrjk" + "revision": "0575d7fb334ea662a0a03620780c87df0612eb9a", + "url": "https://github.com/nix-community/NUR/archive/0575d7fb334ea662a0a03620780c87df0612eb9a.tar.gz", + "hash": "1xn5zihi8r7m7mlnplacidkqhy84ylv21x9zrgcfqjdrhr2m8pbm" } }, "version": 3 diff --git a/packages b/packages -Subproject e44b42f082aee425459182711649283986ef5e4 +Subproject b8ac79d7ead214f96cc8b642fa7ce085a2ee204 diff --git a/secrets/acme.age b/secrets/acme.age index 0a7be3b7..efd8bf3a 100644 --- a/secrets/acme.age +++ b/secrets/acme.age Binary files differdiff --git a/system/linde.nix b/system/linde.nix index 2ae0b714..c0af9144 100644 --- a/system/linde.nix +++ b/system/linde.nix @@ -13,8 +13,10 @@ let net-gw = "172.31.1.1"; net-ip6 = "2a01:4f8:c012:23a4::1"; net-rdnsip = "2a01:4f8:c012:23a4::53"; + net-acmeip = "2a01:4f8:c012:23a4::715"; net-mask6 = "64"; net-gw6 = "fe80::1"; + domain = "alanpearce.eu"; ts-domain = "hydra-pinecone.ts.net"; golink = (builtins.getFlake (toString <golink>)).nixosModules.default; in @@ -22,6 +24,7 @@ in imports = [ <personal/modules/nixos/laminar.nix> + <personal/modules/nixos/goatcounter.nix> <home-manager/nixos> <agenix/modules/age.nix> <searchix/nix/modules> @@ -155,6 +158,7 @@ in networking = { hostName = hostname; + inherit domain; useDHCP = false; dhcpcd.enable = false; nameservers = [ @@ -167,6 +171,7 @@ in ${net-ip4} = [ "${hostname}.alanpearce.eu" hostname ]; ${net-ip6} = [ "${hostname}.alanpearce.eu" hostname ]; ${net-rdnsip} = [ "dns" ]; + ${net-acmeip} = [ "acme" ]; }; firewall = { enable = true; @@ -224,6 +229,7 @@ in address = [ "${net-ip6}/${net-mask6}" "${net-rdnsip}/${net-mask6}" + "${net-acmeip}/${net-mask6}" ]; addresses = [{ Address = "${net-ip4}/${net-mask4}"; @@ -344,6 +350,19 @@ in # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "23.05"; # Did you read the comment? + services.goatcounter = { + enable = true; + listenAddress = "localhost"; + port = 8082; + package = (import <personal> { inherit pkgs; }).goatcounter; + settings = { + tls = "proxy"; + websocket = true; + automigrate = true; + smtp = "smtp://localhost:25"; + }; + }; + services.powerdns = let inherit (lib.lists) flatten; @@ -445,6 +464,24 @@ in }; }; + services.postfix = + let + localUser = "alan"; + forwardingAddress = "alan@alanpearce.eu"; + in + { + enable = true; + destination = [ ]; + domain = config.networking.domain; + virtual = '' + @${config.networking.hostName}.${config.networking.domain} ${localUser} + ${localUser} ${forwardingAddress} + ''; + config = { + inet_interfaces = "loopback-only"; + }; + }; + services.kresd = { enable = true; # package = pkgs.knot-resolver.override { extraFeatures = true; }; @@ -580,11 +617,37 @@ in }; }; + services.acme-dns = { + enable = true; + settings = + let + me = "acme.${domain}"; + in + { + general = { + listen = "[${net-acmeip}]:53"; + protocol = "both6"; + domain = me; + nsname = me; + nsadmin = builtins.replaceStrings [ "@" ] [ "." ] config.security.acme.defaults.email; + records = [ + "${me}. AAAA ${net-acmeip}" + "${me}. NS ${me}." + ]; + }; + api = { + ip = "[${net-acmeip}]"; + tls = "letsencrypt"; + port = 443; + notification-email = config.security.acme.defaults.email; + }; + }; + }; + security.acme = { defaults = { email = "alan@alanpearce.eu"; - dnsProvider = "pdns"; - dnsResolver = "1.1.1.1:53"; + dnsProvider = "acme-dns"; credentialsFile = config.age.secrets.acme.path; reloadServices = [ "caddy" ]; validMinDays = 32; @@ -597,6 +660,9 @@ in reloadServices = map (x: "kresd@${toString x}") (range 1 config.services.kresd.instances); group = "knot-resolver"; }; + certs."stats.alanpearce.eu" = { + extraDomainNames = [ "*.stats.alanpearce.eu" ]; + }; }; users.groups.acme.members = [ "caddy" @@ -716,6 +782,7 @@ in ns = config.services.nix-serve; in { + useACMEHost = "alanpearce.eu"; extraConfig = '' reverse_proxy ${ns.bindAddress}:${toString ns.port} ''; @@ -725,10 +792,31 @@ in srv = config.services.laminar; in { + useACMEHost = "alanpearce.eu"; extraConfig = '' reverse_proxy ${srv.settings.bindHTTP} ''; }; + "stats.alanpearce.eu" = + let + srv = config.services.goatcounter; + in + { + useACMEHost = "stats.alanpearce.eu"; + serverAliases = [ "*.stats.alanpearce.eu" ]; + extraConfig = '' + reverse_proxy ${srv.listenAddress}:${toString srv.port} + ''; + }; + "go.alanpearce.eu" = { + useACMEHost = "alanpearce.eu"; + extraConfig = '' + encode zstd gzip + ${security-headers {}} + root * /srv/http/go + file_server + ''; + }; }; }; systemd.services.caddy.serviceConfig = { @@ -926,17 +1014,17 @@ in { script-src = [ (baseURL + "/static/") - "https://gc.zgo.at" + "https://searchix.stats.alanpearce.eu" "https://js-de.sentry-cdn.com" "https://browser.sentry-cdn.com" ]; img-src = [ self - "https://gc.zgo.at" + "https://searchix.stats.alanpearce.eu" ]; connect-src = [ self - "https://searchix.goatcounter.com/count" + "https://searchix.stats.alanpearce.eu/count" "*.sentry.io" ]; worker-src = [ @@ -947,8 +1035,8 @@ in <script async src="https://js-de.sentry-cdn.com/d735e99613a86e1625fb85d0e8e762de.min.js" crossorigin="anonymous"></script> - <script data-goatcounter="https://searchix.goatcounter.com/count" - async src="//gc.zgo.at/count.v4.js" + <script data-goatcounter="https://searchix.stats.alanpearce.eu/count" + async src="//searchix.stats.alanpearce.eu/count.v4.js" crossorigin="anonymous" integrity="sha384-nRw6qfbWyJha9LhsOtSb2YJDyZdKvvCFh0fJYlkquSFjUxp9FVNugbfy8q1jdxI+"></script> ''; @@ -997,7 +1085,7 @@ in enable = true; path = with pkgs; [ bash - stdenv + coreutils git cached-nix-shell nix diff --git a/system/mba.nix b/system/mba.nix index c29f6833..cc8c81da 100644 --- a/system/mba.nix +++ b/system/mba.nix @@ -1,7 +1,6 @@ { ... }: { imports = [ ./settings/darwin.nix - ./settings/programs/base.nix ./settings/dev.nix ./settings/programs/shell.nix <personal/modules/darwin/caddy> diff --git a/system/nanopi.nix b/system/nanopi.nix index 3c49ec8f..1e7411fa 100755 --- a/system/nanopi.nix +++ b/system/nanopi.nix @@ -523,10 +523,6 @@ in # ]; bind-interfaces = true; - # if this is false, a remote query for nanopi returns 127.0.0.2, because that's in /etc/hosts - no-hosts = false; - expand-hosts = true; - dnssec = true; trust-anchor = ".,20326,8,2,E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D"; @@ -611,7 +607,6 @@ in services.caddy = { enable = true; globalConfig = '' - auto_https disable_redirects pki { ca home { name "Home CA" diff --git a/system/prefect.nix b/system/prefect.nix index 980e35ff..e145c304 100644 --- a/system/prefect.nix +++ b/system/prefect.nix @@ -151,6 +151,7 @@ }; hosts = { "fd7a:115c:a1e0::53" = [ "tailscale" "ts" ]; + "::1" = [ "alanpearce.test" "alanpearce.localhost" ]; }; nftables = { @@ -194,9 +195,6 @@ -----END CERTIFICATE----- '' ]; - networking.hosts = { - "127.0.0.80" = [ "alanpearce.test" "alanpearce.localhost" ]; - }; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; nix.settings.trusted-users = [ "root" "nixremote" ]; diff --git a/system/settings/dev.nix b/system/settings/dev.nix index 7d2e6193..b1817914 100644 --- a/system/settings/dev.nix +++ b/system/settings/dev.nix @@ -1,9 +1,6 @@ { ... }: { services.caddy = { enable = true; - globalConfig = '' - auto_https disable_redirects - ''; virtualHosts = let local_tls = '' diff --git a/user/emacs/init.el b/user/emacs/init.el index b666e033..45054237 100644 --- a/user/emacs/init.el +++ b/user/emacs/init.el @@ -689,7 +689,7 @@ _C-k_: prev _u_pper _=_: upper/lower _s_mart resolve (setq dired-dwim-target t dired-recursive-copies 'top - dired-listing-switches "-alh --group-directories-first" + dired-listing-switches "-alh" dired-kill-when-opening-new-dired-buffer t dired-recursive-deletes (if delete-by-moving-to-trash 'always @@ -997,13 +997,21 @@ _C-k_: prev _u_pper _=_: upper/lower _s_mart resolve :config (progn (treemacs-load-theme "simple"))) +(defun ap/consult-ghq-switch-project (dir) + "Append a slash to avoid project.el remembering two different +paths for the same project." + (interactive) + (project-switch-project (if (string-suffix-p "/" dir) + dir + (concat dir "/")))) (use-package consult-ghq :defer 5 :general (:keymaps 'project-prefix-map "o" #'consult-ghq-switch-project) :config (progn (setq consult-ghq-grep-function #'consult-grep - consult-ghq-find-function #'consult-find))) + consult-ghq-find-function #'consult-find + consult-ghq-switch-project-function #'ap/consult-ghq-switch-project))) (use-package envrc :defer 2 diff --git a/user/settings/development/golang.nix b/user/settings/development/golang.nix index a9293a31..8798fbc6 100644 --- a/user/settings/development/golang.nix +++ b/user/settings/development/golang.nix @@ -12,6 +12,9 @@ golangci-lint-langserver personal.prettier-plugin-go-template ]; + home.sessionPath = [ + "$HOME/go/bin" + ]; programs.emacs.extraPackages = epkgs: (with epkgs; [ go-eldoc go-tag @@ -20,4 +23,8 @@ programs.neovim.plugins = with pkgs.vimPlugins; [ coc-go ]; + programs.fish.shellAbbrs = { + gmt = "go mod tidy"; + gmd = "go mod download"; + }; } |