diff options
Diffstat (limited to 'system/linde.nix')
-rw-r--r-- | system/linde.nix | 110 |
1 files changed, 98 insertions, 12 deletions
diff --git a/system/linde.nix b/system/linde.nix index 96ff92f8..45c62ccb 100644 --- a/system/linde.nix +++ b/system/linde.nix @@ -21,6 +21,7 @@ in [ # Include the results of the hardware scan. ./linde-hardware.nix + <agenix/modules/age.nix> ]; age.secrets = { paperless = @@ -48,10 +49,10 @@ in i18n.defaultLocale = "en_GB.UTF-8"; + environment.enableAllTerminfo = true; environment.homeBinInPath = true; environment.localBinInPath = true; environment.systemPackages = with pkgs; [ - kitty.terminfo htop lsof gitMinimal @@ -95,6 +96,16 @@ in codeberg.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL2pDxWr18SoiDJCGZ5LmxPygTlPu+cCKSkpqkvCyQzl5xmIMeKNdfdBpfbCGDPoZQghePzFZkKJNR/v9Win3Sc= codeberg.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIVIC02vnjFyL+I4RHfvIGNtOgJMe769VTF1VR4EB3ZB '') + (writeText "sr.ht.keys" '' + # git.sr.ht:22 SSH-2.0-OpenSSH_9.6 + # git.sr.ht:22 SSH-2.0-OpenSSH_9.6 + # git.sr.ht:22 SSH-2.0-OpenSSH_9.6 + # git.sr.ht:22 SSH-2.0-OpenSSH_9.6 + # git.sr.ht:22 SSH-2.0-OpenSSH_9.6 + git.sr.ht ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ+l/lvYmaeOAPeijHL8d4794Am0MOvmXPyvHTtrqvgmvCJB8pen/qkQX2S1fgl9VkMGSNxbp7NF7HmKgs5ajTGV9mB5A5zq+161lcp5+f1qmn3Dp1MWKp/AzejWXKW+dwPBd3kkudDBA1fa3uK6g1gK5nLw3qcuv/V4emX9zv3P2ZNlq9XRvBxGY2KzaCyCXVkL48RVTTJJnYbVdRuq8/jQkDRA8lHvGvKI+jqnljmZi2aIrK9OGT2gkCtfyTw2GvNDV6aZ0bEza7nDLU/I+xmByAOO79R1Uk4EYCvSc1WXDZqhiuO2sZRmVxa0pQSBDn1DB3rpvqPYW+UvKB3SOz + git.sr.ht ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCj6y+cJlqK3BHZRLZuM+KP2zGPrh4H66DacfliU1E2DHAd1GGwF4g1jwu3L8gOZUTIvUptqWTkmglpYhFp4Iy4= + git.sr.ht ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60 + '') ]; }; @@ -116,13 +127,16 @@ in system.autoUpgrade = { enable = true; - dates = "05:10"; + dates = "02:10"; + randomizedDelaySec = "59 min"; allowReboot = true; flake = "git+file://${config.services.gitolite.dataDir}/repositories/nixfiles.git"; flags = [ "--no-write-lock-file" "--update-input" - "nixpkgs" + "nixpkgs-small" + "--update-input" + "searchix" ]; }; @@ -134,6 +148,13 @@ in auto-optimise-store = true; trusted-users = [ "root" "nixremote" ]; experimental-features = [ "nix-command" "flakes" ]; + substituters = [ + "https://nix-community.cachix.org" + ]; + + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; }; gc = { automatic = true; @@ -242,13 +263,6 @@ in nixpkgs = { config.allowUnfree = true; - overlays = [ - (self: super: { - cgit-pink = super.cgit-pink.overrideAttrs (old: { - patches = [ ../patches/cgit-pink.patch ]; - }); - }) - ]; }; programs.fish = { @@ -278,7 +292,9 @@ in createHome = true; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxa7lxDu0M4chats/VvpFzjT3ruexKa3J9UC6ASo3bN root@NanoPi.lan" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBmDSZnUzIPQowLrKSa24eSb1WFQe7yPjTcDPPe3UY0Q nix@mba" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9of82WBHK8nr8L9RGeieLMfcAWaFCeCkmvYHM9LCuT nanopi" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIy9jFioBvV0JA0lc+De2N+vDOABGHgCECW6vkD33CE4 sourcehut" ]; }; @@ -593,8 +609,8 @@ in "files.alanpearce.eu" = { useACMEHost = "alanpearce.eu"; extraConfig = '' + encode zstd gzip root * /srv/http/files - encode gzip zstd file_server browse ''; }; @@ -607,7 +623,7 @@ in useACMEHost = "alanpearce.eu"; extraConfig = '' root * ${pkgs.cgit-pink}/cgit/ - encode gzip zstd + encode zstd gzip handle_path /custom/* { file_server { root /srv/http/cgit/ @@ -668,9 +684,30 @@ in "ntfy.alanpearce.eu" = { useACMEHost = "alanpearce.eu"; extraConfig = '' + encode zstd gzip reverse_proxy localhost${config.services.ntfy-sh.settings.listen-http} ''; }; + "searchix.alanpearce.eu" = { + useACMEHost = "alanpearce.eu"; + extraConfig = '' + reverse_proxy localhost:${toString config.services.searchix.settings.web.port} { + health_uri /health + health_status 2xx + } + encode zstd gzip { + match { + header Content-Type text/* + header Content-Type application/json* + header Content-Type application/javascript* + header Content-Type application/opensearchdescription+xml + header Content-Type application/atom+xml* + header Content-Type application/rss+xml* + header Content-Type image/svg+xml* + } + } + ''; + }; "legit.alanpearce.eu" = let server = config.services.legit.settings.server; @@ -678,6 +715,7 @@ in { useACMEHost = "alanpearce.eu"; extraConfig = '' + encode zstd gzip handle_path /static/* { root * /srv/http/legit/src/static file_server @@ -687,6 +725,7 @@ in }; "papers.alanpearce.eu" = { extraConfig = '' + encode zstd gzip handle_path /static/* { root * ${config.services.paperless.package}/lib/paperless-ngx/static file_server @@ -792,7 +831,54 @@ in enable = true; dataDir = "/srv/syncthing"; configDir = "/var/lib/syncthing"; + openDefaultPorts = true; overrideDevices = false; overrideFolders = false; }; + + services.searchix = { + enable = true; + settings = { + web = { + baseURL = "https://searchix.alanpearce.eu"; + sentryDSN = "https://26d4cd8d20157ae2f6b4726ceae1a563@o4507187730120704.ingest.de.sentry.io/4507187734970448"; + contentSecurityPolicy = { + script-src = [ + "'self'" + "https://gc.zgo.at" + "https://js-de.sentry-cdn.com" + "https://browser.sentry-cdn.com" + ]; + img-src = [ + "'self'" + "https://gc.zgo.at" + ]; + connect-src = [ + "'self'" + "https://searchix.goatcounter.com/count" + "*.sentry.io" + ]; + worker-src = [ + "blob:" + ]; + }; + extraHeadHTML = '' + <script async + src="https://js-de.sentry-cdn.com/d735e99613a86e1625fb85d0e8e762de.min.js" + crossorigin="anonymous"></script> + <script data-goatcounter="https://searchix.goatcounter.com/count" + async src="//gc.zgo.at/count.js"></script> + ''; + }; + + importer.sources = { + darwin = { + enable = true; + fetcher = "download"; + url = "https://alanpearce.github.io/nix-darwin-options"; + }; + home-manager.enable = true; + }; + }; + }; } |