diff options
Diffstat (limited to 'system/settings')
31 files changed, 386 insertions, 433 deletions
diff --git a/system/settings/base.nix b/system/settings/base.nix index 5eee9088..81dab9a1 100644 --- a/system/settings/base.nix +++ b/system/settings/base.nix @@ -1,14 +1,9 @@ { config , pkgs , lib -, inputs , ... }: -let - inherit (inputs) self; -in { boot.loader.timeout = lib.mkDefault 1; services.irqbalance.enable = true; - system.configurationRevision = toString (self.rev or self.dirtyRev or self.lastModified or "unknown"); } diff --git a/system/settings/configuration/networking.nix b/system/settings/configuration/networking.nix deleted file mode 100644 index ad4200b1..00000000 --- a/system/settings/configuration/networking.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config -, pkgs -, ... -}: { - environment.systemPackages = with pkgs; [ lxqt.lxqt-policykit ]; # provides a default authentification client for policykit - services.gvfs.enable = true; # enables gvfs - - imports = [ - ../services/zeroconf.nix - ]; -} diff --git a/system/settings/configuration/nix-linux.nix b/system/settings/configuration/nix-linux.nix index 3ee9f420..e11b0389 100644 --- a/system/settings/configuration/nix-linux.nix +++ b/system/settings/configuration/nix-linux.nix @@ -20,7 +20,6 @@ system.autoUpgrade = { enable = true; flags = [ "--max-jobs" "2" ]; - flake = "/home/alan/projects/alanpearce/nixfiles"; }; systemd.services.nixos-upgrade = { script = pkgs.lib.mkForce '' diff --git a/system/settings/configuration/nix.nix b/system/settings/configuration/nix.nix index c8db7836..b28fde18 100644 --- a/system/settings/configuration/nix.nix +++ b/system/settings/configuration/nix.nix @@ -3,9 +3,7 @@ , pkgs , ... }: { - imports = [ - ../../../pin.nix - ]; + imports = [ ../pin.nix ]; nix = { settings = { cores = lib.mkDefault 0; @@ -14,6 +12,15 @@ keep-derivations = true; experimental-features = "nix-command flakes"; warn-dirty = false; + substituters = [ + "https://nix-community.cachix.org" + "https://binarycache.alanpearce.eu" + ]; + + trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "binarycache.alanpearce.eu:ZwqO3XMuajPictjwih8OY2+RXnOKpjZEZFHJjGSxAI4=" + ]; }; gc = { diff --git a/system/settings/configuration/user.nix b/system/settings/configuration/user.nix index 3a7f9620..9d6fed69 100644 --- a/system/settings/configuration/user.nix +++ b/system/settings/configuration/user.nix @@ -15,6 +15,7 @@ "dialout" "pipewire" "networkmanager" + "libvirtd" "video" ]; initialPassword = "password"; diff --git a/system/settings/darwin.nix b/system/settings/darwin.nix index aa55cce5..6d5b357d 100644 --- a/system/settings/darwin.nix +++ b/system/settings/darwin.nix @@ -16,6 +16,7 @@ [ "/run/current-system/sw" "/nix/var/nix/profiles/default" ] ]; + environment.darwinConfig = "$HOME/.config/nixpkgs/darwin-configuration.nix"; nix = { daemonIOLowPriority = true; gc = { @@ -24,7 +25,6 @@ }; settings.extra-platforms = "aarch64-darwin x86_64-darwin"; - linux-builder.enable = true; settings.trusted-users = [ "@admin" ]; }; @@ -32,7 +32,13 @@ allowUnfree = true; }; - launchd.user.agents.lorri = lib.mkIf config.services.lorri.enable { + # needed so that nix-darwin can activate the system as root + security.sudo.extraConfig = '' + Defaults env_keep += "NIX_PATH" + ''; + + services.lorri.enable = true; + launchd.user.agents.lorri = { serviceConfig = { RunAtLoad = lib.mkForce false; Sockets = { diff --git a/system/settings/dev.nix b/system/settings/dev.nix new file mode 100644 index 00000000..7d2e6193 --- /dev/null +++ b/system/settings/dev.nix @@ -0,0 +1,62 @@ +{ ... }: { + services.caddy = { + enable = true; + globalConfig = '' + auto_https disable_redirects + ''; + virtualHosts = + let + local_tls = '' + tls { + issuer internal { + ca local + } + } + ''; + in + { + "localhost" = { + logFormat = "output discard"; + extraConfig = '' + ${local_tls} + acme_server { + allow { + domains *.test *.localhost + } + } + ''; + }; + # need to test forwarding behaviour + "https://alanpearce.localhost" = { + logFormat = "output discard"; + serverAliases = [ + "http://alanpearce.localhost" + + # remember to update /etc/hosts + "https://alanpearce.test" + "http://alanpearce.test" + ]; + extraConfig = '' + ${local_tls} + reverse_proxy http://alanpearce.test:8080 { + transport http { + dial_timeout 1s + compression off + } + } + ''; + }; + "searchix.localhost" = { + logFormat = "output discard"; + extraConfig = '' + reverse_proxy http://localhost:7331 { + transport http { + dial_timeout 1s + compression off + } + } + ''; + }; + }; + }; +} diff --git a/system/settings/gaming.nix b/system/settings/gaming.nix index 17f25065..d11d5a3c 100644 --- a/system/settings/gaming.nix +++ b/system/settings/gaming.nix @@ -19,9 +19,9 @@ }; fonts.fontconfig.cache32Bit = true; hardware.steam-hardware.enable = true; - hardware.opengl = { + hardware.graphics = { enable = true; - driSupport32Bit = true; + enable32Bit = true; }; hardware.pulseaudio.support32Bit = true; services.pipewire.alsa.support32Bit = true; diff --git a/system/settings/hardware/intel-gpu.nix b/system/settings/hardware/intel-gpu.nix deleted file mode 100644 index 494cb86e..00000000 --- a/system/settings/hardware/intel-gpu.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config -, pkgs -, ... -}: { - # https://wiki.gentoo.org/wiki/Intel#Feature_support - services.xserver = { - useGlamor = true; - deviceSection = '' - Option "DRI" "3" - ''; - videoDrivers = [ "intel" ]; - }; - - boot.kernelParams = [ - "i915.enable_guc=2" - "i915.fastboot=1" - ]; -} diff --git a/system/settings/hardware/laptop.nix b/system/settings/hardware/laptop.nix deleted file mode 100644 index bd66fb8f..00000000 --- a/system/settings/hardware/laptop.nix +++ /dev/null @@ -1,79 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: { - imports = [ - ./bluetooth.nix - ./bluetooth-audio.nix - ./connman.nix - ./iwd.nix - ./personal-computer.nix - ../user-interface.nix - ]; - - boot.kernelModules = [ "coretemp" ]; - - environment.systemPackages = with pkgs; [ - powerstat - powertop - - arandr - autorandr - ]; - - programs.light.enable = true; - - services.autorandr = { - enable = true; - defaultTarget = "common"; - }; - systemd.services.autorandr.wantedBy = [ "graphical.target" ]; - - environment.etc.autorandr = { - enable = true; - source = ../../autorandr; - target = "xdg/autorandr"; - }; - - services.logind = { - lidSwitch = "suspend"; - lidSwitchExternalPower = "ignore"; - extraConfig = '' - IdleAction=suspend - IdleActionSec=600 - ''; - }; - - services.acpid = { - enable = true; - lidEventCommands = '' - ${pkgs.autorandr}/bin/autorandr --batch --change - ''; - }; - - services.tlp = { - extraConfig = '' - CPU_SCALING_GOVERNOR_ON_BAT=powersave - ENERGY_PERF_POLICY_ON_BAT="balance_power" - - SOUND_POWER_SAVE_ON_AC=60 - DEVICES_TO_DISABLE_ON_BAT_NOT_IN_USE="bluetooth wwan" - ''; - }; - - services.xserver = { - libinput = { - enable = lib.mkDefault true; - naturalScrolling = true; - disableWhileTyping = true; - }; - displayManager.sessionCommands = '' - ${pkgs.autorandr}/bin/autorandr --change --force - ''; - }; - - systemd.services.nixos-upgrade.unitConfig.ConditionACPower = true; - systemd.services.nix-gc.unitConfig.ConditionACPower = true; - systemd.services.docker-prune.unitConfig.ConditionACPower = true; -} diff --git a/system/settings/hardware/mouse.nix b/system/settings/hardware/mouse.nix index b74d17aa..d4a232af 100644 --- a/system/settings/hardware/mouse.nix +++ b/system/settings/hardware/mouse.nix @@ -2,7 +2,7 @@ , pkgs , ... }: { - services.xserver.libinput = { + services.libinput = { enable = true; mouse = { accelProfile = "flat"; diff --git a/system/settings/hardware/network-manager.nix b/system/settings/hardware/network-manager.nix deleted file mode 100644 index a27ca892..00000000 --- a/system/settings/hardware/network-manager.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config -, lib -, pkgs -, ... -}: { - networking = { - networkmanager = { - enable = true; - }; - }; - - environment.systemPackages = with pkgs; [ - networkmanagerapplet - networkmanager_dmenu - ]; -} diff --git a/system/settings/hardware/personal-computer.nix b/system/settings/hardware/personal-computer.nix deleted file mode 100644 index 35824136..00000000 --- a/system/settings/hardware/personal-computer.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: { - boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_zen; - powerManagement.cpuFreqGovernor = "schedutil"; -} diff --git a/system/settings/hardware/thinkpad.nix b/system/settings/hardware/thinkpad.nix deleted file mode 100644 index 649f626a..00000000 --- a/system/settings/hardware/thinkpad.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config -, pkgs -, ... -}: { - boot.kernelModules = [ ]; - boot.blacklistedKernelModules = [ "thinkpad_ec" ]; - boot.extraModulePackages = with config.boot.kernelPackages; [ - acpi_call - ]; - - services.fwupd = { - enable = true; - }; - - services.thinkfan = { - enable = true; - }; - - imports = [ - ./bare-metal.nix - ./laptop.nix - ]; -} diff --git a/system/settings/hardware/trackball.nix b/system/settings/hardware/trackball.nix deleted file mode 100644 index c2f7e68c..00000000 --- a/system/settings/hardware/trackball.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config -, pkgs -, ... -}: { - services.xserver.config = '' - Section "InputClass" - Identifier "Trackball (No Acceleration)" - MatchIsPointer "yes" - MatchIsTouchpad "no" - MatchProduct "Trackball" - Option "AccelerationProfile" "-1" - Option "AccelerationScheme" "none" - EndSection - ''; -} diff --git a/system/settings/hardware/trezor.nix b/system/settings/hardware/trezor.nix index 1004833a..3883d76f 100644 --- a/system/settings/hardware/trezor.nix +++ b/system/settings/hardware/trezor.nix @@ -5,13 +5,7 @@ }: { services.trezord.enable = true; environment.systemPackages = with pkgs; [ - gnupg - pinentry (python3.withPackages (ps: with ps; [ trezor_agent wheel ])) trezor-suite ]; - programs.gnupg.agent = { - enable = lib.mkForce false; - enableSSHSupport = lib.mkForce false; - }; } diff --git a/system/settings/machines/t470s.nix b/system/settings/machines/t470s.nix deleted file mode 100644 index 5f1f4a1c..00000000 --- a/system/settings/machines/t470s.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ config -, pkgs -, ... -}: { - hardware.usbWwan.enable = false; # unused - systemd.services.ModemManager.enable = false; - - hardware.enableRedistributableFirmware = true; - - boot.extraModprobeConfig = '' - options thinkpad_acpi fan_control=1 - ''; - - services.thinkfan.sensors = '' - hwmon /sys/devices/platform/coretemp.0/hwmon/hwmon0/temp3_input - hwmon /sys/devices/platform/coretemp.0/hwmon/hwmon0/temp1_input - hwmon /sys/devices/platform/coretemp.0/hwmon/hwmon0/temp2_input - ''; - services.thinkfan.levels = '' - (0, 0, 48) - (1, 45, 52) - (2, 50, 57) - (3, 55, 63) - (6, 60, 65) - (7, 60, 85) - (127, 80, 32767) - ''; - - boot.postBootCommands = '' - echo bfq > /sys/block/nvme0n1/queue/scheduler - ''; - - hardware.pulseaudio.extraConfig = '' - load-module module-alsa-sink device=hw:0,7 - ''; - - services.tlp.extraConfig = '' - DISK_DEVICES="nvme0n1" - DISK_IOSCHED="keep" - ''; - - services.xserver = { - dpi = 109; - monitorSection = '' - DisplaySize 310 176 - ''; - }; - - environment.systemPackages = with pkgs; [ - nvme-cli - ]; - - imports = [ - ../hardware/intel-gpu.nix - ../hardware/thinkpad.nix - ]; -} diff --git a/system/settings/pin.nix b/system/settings/pin.nix new file mode 100644 index 00000000..533149fe --- /dev/null +++ b/system/settings/pin.nix @@ -0,0 +1,12 @@ +let + inherit (import ../../sources.nix) nixPath sources; +in +{ + nix = { + inherit nixPath; + registry.nixpkgs.to = { + type = "path"; + path = sources.nixpkgs; + }; + }; +} diff --git a/system/settings/programs/barrier.nix b/system/settings/programs/barrier.nix deleted file mode 100644 index 76e1b06b..00000000 --- a/system/settings/programs/barrier.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config -, pkgs -, ... -}: { - environment.systemPackages = with pkgs; [ - barrier - ]; - - networking.firewall.allowedTCPPorts = [ 24800 ]; -} diff --git a/system/settings/programs/base.nix b/system/settings/programs/base.nix index bfc81312..47ed4c07 100644 --- a/system/settings/programs/base.nix +++ b/system/settings/programs/base.nix @@ -1,26 +1,11 @@ { pkgs, ... }: { - services.lorri.enable = true; environment.systemPackages = with pkgs; [ home-manager + brotli lzma lzop zstd ] ++ (lib.optionals (stdenv.isLinux) [ psmisc ]); - nix.settings = { - substituters = [ - "https://nix-community.cachix.org" - "https://deploy-rs.cachix.org" - "https://binarycache.alanpearce.eu" - "https://deploy-rs.cachix.org" - ]; - - trusted-public-keys = [ - "deploy-rs.cachix.org-1:xfNobmiwF/vzvK1gpfediPwpdIP0rpDV2rYqx40zdSI=" - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - "deploy-rs.cachix.org-1:xfNobmiwF/vzvK1gpfediPwpdIP0rpDV2rYqx40zdSI=" - "binarycache.alanpearce.eu:ZwqO3XMuajPictjwih8OY2+RXnOKpjZEZFHJjGSxAI4=" - ]; - }; } diff --git a/system/settings/programs/gnome.nix b/system/settings/programs/gnome.nix deleted file mode 100644 index f9618009..00000000 --- a/system/settings/programs/gnome.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config -, lib -, pkgs -, ... -}: -with lib; { - services = { - gnome3 = { - gnome-documents.enable = false; - gnome-user-share.enable = false; - gnome-online-accounts.enable = false; - tracker.enable = false; - }; - telepathy.enable = false; - - xserver = { - desktopManager.gnome3 = { - enable = true; - extraGSettingsOverrides = '' - [org.gnome.desktop.input-sources] - sources=[('xkb','${config.services.xserver.layout + (optionalString (config.services.xserver.xkbVariant != "") ("+" + config.services.xserver.xkbVariant))}')] - ''; - }; - }; - }; -} diff --git a/system/settings/programs/gnupg.nix b/system/settings/programs/gnupg.nix deleted file mode 100644 index f17263c9..00000000 --- a/system/settings/programs/gnupg.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: { - environment.systemPackages = with pkgs; [ - gnupg - pinentry - (python3.withPackages (ps: with ps; [ trezor_agent wheel ])) - ]; - environment.variables.GNUPGHOME = "$HOME/.gnupg/trezor/"; -} diff --git a/system/settings/programs/kde.nix b/system/settings/programs/kde.nix index 1a753cf2..1cf3c917 100644 --- a/system/settings/programs/kde.nix +++ b/system/settings/programs/kde.nix @@ -3,13 +3,16 @@ , pkgs , ... }: -with lib; { +{ services = { desktopManager = { plasma6.enable = true; }; displayManager = { - sddm.enable = true; + sddm = { + enable = true; + enableHidpi = lib.mkDefault false; + }; }; physlock.enable = lib.mkForce false; diff --git a/system/settings/programs/shell.nix b/system/settings/programs/shell.nix index 87372033..680985cd 100644 --- a/system/settings/programs/shell.nix +++ b/system/settings/programs/shell.nix @@ -4,6 +4,7 @@ }: { programs.fish = { enable = true; + useBabelfish = true; }; users.users.alan.shell = pkgs.fish; } diff --git a/system/settings/programs/tor.nix b/system/settings/programs/tor.nix deleted file mode 100644 index 31521857..00000000 --- a/system/settings/programs/tor.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: { - services.tor = { - enable = true; - client = { - enable = true; - socksListenAddress = { - IPv6Traffic = true; - port = 9050; - }; - }; - torsocks = { - enable = true; - }; - }; - systemd.services.tor.wantedBy = lib.mkForce [ ]; - systemd.timers.tor = { - description = "Delayed startup of Tor"; - wantedBy = [ "timers.target" ]; - timerConfig = { - OnActiveSec = "1 min"; - }; - }; -} diff --git a/system/settings/programs/window-manager.nix b/system/settings/programs/window-manager.nix deleted file mode 100644 index bbe4c638..00000000 --- a/system/settings/programs/window-manager.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ config -, pkgs -, lib -, ... -}: { - services.xserver = { - desktopManager.xterm.enable = false; - - displayManager = { - autoLogin = { - user = "alan"; - enable = false; - }; - lightdm = { - enable = true; - greeter.enable = true; - greeters.mini = { - enable = false; - user = "alan"; - }; - }; - sessionCommands = '' - ${pkgs.xorg.xrdb}/bin/xrdb -merge $HOME/.xresources/main - ${pkgs.xorg.xsetroot}/bin/xsetroot -cursor_name left_ptr -solid '#4d4d4c' - '' ++ (lib.optionalString config.networking.networkmanager.enable '' - ${pkgs.networkmanagerapplet}/bin/nm-applet & - ''); - }; - xautolock = { - enable = true; - locker = "${pkgs.i3lock}/bin/i3lock -n"; - enableNotifier = true; - notifier = "${pkgs.libnotify}/bin/notify-send \"Locking in 10 seconds\""; - time = 5; - }; - }; - - services.xserver.displayManager.setupCommands = '' - ${pkgs.redshift}/bin/redshift \ - -l ${toString config.location.latitude}:${toString config.location.longitude} \ - -t ${toString config.services.redshift.temperature.day}:${toString config.services.redshift.temperature.night} \ - -b 1:1 \ - -o \ - -r - ''; - - environment.systemPackages = with pkgs; [ - dmenu - libnotify # for notify-send - xterm - rofi - sxhkd - maim - - perlPackages.FileMimeInfo # xdg-utils uses this when no DE - ]; -} diff --git a/system/settings/programs/xfce.nix b/system/settings/programs/xfce.nix deleted file mode 100644 index a896810a..00000000 --- a/system/settings/programs/xfce.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: { - services.xserver.desktopManager.xfce = { - enable = true; - }; - environment.systemPackages = with pkgs; [ - xfce.xfce4-panel-profiles - ]; -} diff --git a/system/settings/services/git-server.nix b/system/settings/services/git-server.nix new file mode 100644 index 00000000..e8fe6360 --- /dev/null +++ b/system/settings/services/git-server.nix @@ -0,0 +1,279 @@ +{ config +, lib +, pkgs +, ... +}: +let + inherit (lib) pipe flatten concatMapAttrs mapAttrsToList; + inherit (import ../../../lib/caddy.nix { inherit lib; }) security-headers; + repos = "${config.services.gitolite.dataDir}/repositories"; + + mirrors = { + sourcehut = { + hostname = "git.sr.ht"; + username = "~alanpearce"; + }; + codeberg = { + hostname = "codeberg.org"; + username = "alanpearce"; + }; + github = { + hostname = "github.com"; + username = "alanpearce"; + }; + }; + + repoMirrors = { + nixfiles = [ "sourcehut" ]; + searchix = [ "sourcehut" ]; + website = [ "sourcehut" ]; + nix-packages = [ "sourcehut" "github" ]; + zola-bearblog = [ "sourcehut" "codeberg" ]; + }; + + createMirrorService = + name: { hostname, username }: + { + "mirror-to-${name}@" = { + path = with pkgs; [ gitMinimal openssh ]; + serviceConfig = { + Type = "oneshot"; + User = "gitolite"; + WorkingDirectory = "${repos}/%i.git"; + ExecStart = "${pkgs.gitMinimal}/bin/git push --mirror git@${hostname}:${username}/%i"; + }; + unitConfig = { + # only mirror public repositories + ConditionPathExists = "${repos}/%i.git/git-daemon-export-ok"; + }; + }; + }; + + createMirrorPath = name: { hostname, username }: + { + "mirror-to-${name}@" = { + pathConfig = { + PathChanged = "${repos}/%i.git/refs/heads"; + StartLimitIntervalSec = "1h"; + StartLimitBurst = 5; + }; + }; + }; + + + mkMirrorWants = repo: map (target: "mirror-to-${target}@${repo}.path"); +in +{ + services.fcgiwrap = { + enable = true; + user = "gitolite"; + group = "gitolite"; + preforkProcesses = 2; + socketType = "tcp6"; + socketAddress = "[::1]:9000"; + }; + services.gitolite = { + enable = true; + adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8VIII+598QOBxi/52O1Kb19RdUdX0aZmS1/dNoyqc5 alan@hetzner.strongbox"; + extraGitoliteRc = '' + $RC{UMASK} = 0027; + $RC{LOG_EXTRA} = 0; + $RC{HOSTNAME} = "${config.networking.hostName}"; + $RC{LOCAL_CODE} = "$rc{GL_ADMIN_BASE}/local"; + push( @{$RC{ENABLE}}, 'D' ); + push( @{$RC{ENABLE}}, 'Shell alan' ); + push( @{$RC{ENABLE}}, 'cgit' ); + push( @{$RC{ENABLE}}, 'repo-specific-hooks' ); + ''; + }; + services.legit = { + enable = true; + group = "gitolite"; + settings = { + server.name = "legit.alanpearce.eu"; + dirs = { + templates = "/srv/http/legit/src/templates"; + }; + repo = { + scanPath = "/srv/http/legit/repos"; + readme = [ + "readme" + "readme.md" + "README.md" + ]; + }; + }; + }; + services.gitDaemon = { + enable = true; + user = "gitolite"; + group = "gitolite"; + basePath = repos; + }; + + services.caddy.virtualHosts = { + "git.alanpearce.eu" = + let + fcgi = config.services.fcgiwrap; + fcgisocket = "${fcgi.socketType}/${fcgi.socketAddress}"; + in + { + useACMEHost = "alanpearce.eu"; + extraConfig = '' + root * ${pkgs.cgit-pink}/cgit/ + encode zstd gzip + ${security-headers { + overrides.content-security-policy = { + default-src = [ "none" ]; + base-uri = [ "none" ]; + style-src = [ "self" "unsafe-inline" ]; + script-src = [ "self" "unsafe-inline" ]; + form-action = [ "self" ]; + connect-src = [ "self" ]; + img-src = [ "https" ]; + object-src = [ "none" ]; + }; + }} + handle_path /custom/* { + file_server { + root /srv/http/cgit/ + } + } + rewrite /robots.txt /assets/robots.txt + handle_path /assets/* { + file_server { + hide cgit.cgi + } + } + @git_http_backend path_regexp "^.*/(HEAD|info/refs|objects/info/[^/]+|git-upload-pack)$" + handle @git_http_backend { + reverse_proxy ${fcgisocket} { + transport fastcgi { + env SCRIPT_FILENAME ${pkgs.git}/libexec/git-core/git-http-backend + env GIT_PROJECT_ROOT ${repos} + } + } + } + handle { + reverse_proxy ${fcgisocket} { + transport fastcgi { + env SCRIPT_FILENAME {http.vars.root}/cgit.cgi + env CGIT_CONFIG ${pkgs.writeText "cgitrc" '' + head-include=/srv/http/cgit/responsive-cgit-css-master/head.html + css=/custom/responsive-cgit-css-master/cgit.css + virtual-root=/ + logo= + readme=:README.md + source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py + about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh + enable-git-config=1 + enable-index-owner=0 + enable-index-links=1 + enable-follow-links=0 + enable-log-linecount=1 + max-stats=year + snapshots=tar.lz tar.zst zip + cache-size=10240 + enable-http-clone=1 + enable-commit-graph=1 + mimetype-file=${pkgs.nginx}/conf/mime.types + section-from-path=1 + noplainemail=1 + repository-sort=age + root-title=my personal projects + clone-url=git://git.alanpearce.eu/$CGIT_REPO_URL https://git.alanpearce.eu/$CGIT_REPO_URL + remove-suffix=1 + strict-export=git-daemon-export-ok + scan-path=${repos} + ''} + } + } + } + ''; + }; + + "legit.alanpearce.eu" = + let + server = config.services.legit.settings.server; + in + { + useACMEHost = "alanpearce.eu"; + extraConfig = '' + encode zstd gzip + handle_path /static/* { + root * /srv/http/legit/src/static + file_server + } + ${security-headers { + overrides.content-security-policy = { + default-src = [ "none" ]; + base-uri = [ "none" ]; + style-src = [ "self" ]; + script-src = [ "none" ]; + form-action = [ "self" ]; + connect-src = [ "self" ]; + img-src = [ "https" ]; + object-src = [ "none" ]; + }; + }} + reverse_proxy ${server.host}:${toString server.port} + ''; + }; + }; + + programs.ssh = with pkgs; { + knownHostsFiles = [ + (writeText "github.keys" '' + # github.com:22 SSH-2.0-babeld-05989c77 + # github.com:22 SSH-2.0-babeld-05989c77 + # github.com:22 SSH-2.0-babeld-05989c77 + # github.com:22 SSH-2.0-babeld-05989c77 + # github.com:22 SSH-2.0-babeld-05989c77 + github.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk= + github.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg= + github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl + '') + (writeText "gitlab.keys" '' + # gitlab.com:22 SSH-2.0-GitLab-SSHD + # gitlab.com:22 SSH-2.0-GitLab-SSHD + # gitlab.com:22 SSH-2.0-GitLab-SSHD + # gitlab.com:22 SSH-2.0-GitLab-SSHD + # gitlab.com:22 SSH-2.0-GitLab-SSHD + gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 + gitlab.com ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY= + gitlab.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf + '') + (writeText "codeberg.keys" '' + # codeberg.org:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2 + # codeberg.org:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2 + # codeberg.org:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2 + # codeberg.org:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2 + # codeberg.org:22 SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u2 + codeberg.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8hZi7K1/2E2uBX8gwPRJAHvRAob+3Sn+y2hxiEhN0buv1igjYFTgFO2qQD8vLfU/HT/P/rqvEeTvaDfY1y/vcvQ8+YuUYyTwE2UaVU5aJv89y6PEZBYycaJCPdGIfZlLMmjilh/Sk8IWSEK6dQr+g686lu5cSWrFW60ixWpHpEVB26eRWin3lKYWSQGMwwKv4LwmW3ouqqs4Z4vsqRFqXJ/eCi3yhpT+nOjljXvZKiYTpYajqUC48IHAxTWugrKe1vXWOPxVXXMQEPsaIRc2hpK+v1LmfB7GnEGvF1UAKnEZbUuiD9PBEeD5a1MZQIzcoPWCrTxipEpuXQ5Tni4mN + codeberg.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBL2pDxWr18SoiDJCGZ5LmxPygTlPu+cCKSkpqkvCyQzl5xmIMeKNdfdBpfbCGDPoZQghePzFZkKJNR/v9Win3Sc= + codeberg.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIVIC02vnjFyL+I4RHfvIGNtOgJMe769VTF1VR4EB3ZB + '') + (writeText "sr.ht.keys" '' + # git.sr.ht:22 SSH-2.0-OpenSSH_9.6 + # git.sr.ht:22 SSH-2.0-OpenSSH_9.6 + # git.sr.ht:22 SSH-2.0-OpenSSH_9.6 + # git.sr.ht:22 SSH-2.0-OpenSSH_9.6 + # git.sr.ht:22 SSH-2.0-OpenSSH_9.6 + git.sr.ht ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ+l/lvYmaeOAPeijHL8d4794Am0MOvmXPyvHTtrqvgmvCJB8pen/qkQX2S1fgl9VkMGSNxbp7NF7HmKgs5ajTGV9mB5A5zq+161lcp5+f1qmn3Dp1MWKp/AzejWXKW+dwPBd3kkudDBA1fa3uK6g1gK5nLw3qcuv/V4emX9zv3P2ZNlq9XRvBxGY2KzaCyCXVkL48RVTTJJnYbVdRuq8/jQkDRA8lHvGvKI+jqnljmZi2aIrK9OGT2gkCtfyTw2GvNDV6aZ0bEza7nDLU/I+xmByAOO79R1Uk4EYCvSc1WXDZqhiuO2sZRmVxa0pQSBDn1DB3rpvqPYW+UvKB3SOz + git.sr.ht ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCj6y+cJlqK3BHZRLZuM+KP2zGPrh4H66DacfliU1E2DHAd1GGwF4g1jwu3L8gOZUTIvUptqWTkmglpYhFp4Iy4= + git.sr.ht ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60 + '') + ]; + }; + + systemd.services = concatMapAttrs createMirrorService mirrors; + systemd.paths = concatMapAttrs createMirrorPath mirrors; + systemd.targets.git-mirroring = { + wantedBy = [ "multi-user.target" ]; + wants = pipe + repoMirrors [ + (mapAttrsToList mkMirrorWants) + flatten + ]; + }; +} diff --git a/system/settings/services/virtualisation.nix b/system/settings/services/virtualisation.nix index dbe041c7..172dfcec 100644 --- a/system/settings/services/virtualisation.nix +++ b/system/settings/services/virtualisation.nix @@ -12,9 +12,11 @@ runAsRoot = false; }; }; + programs.virt-manager = { + enable = true; + }; environment.systemPackages = with pkgs; [ - virt-manager OVMF ]; } diff --git a/system/settings/services/xserver.nix b/system/settings/services/xserver.nix index c5a82d48..29f181ee 100644 --- a/system/settings/services/xserver.nix +++ b/system/settings/services/xserver.nix @@ -20,12 +20,6 @@ with lib; { xorg.xdpyinfo xclip xfontsel - - arc-theme - arc-icon-theme - - gtk-engine-murrine - gtk_engines ]; fonts = { @@ -57,24 +51,15 @@ with lib; { }; packages = with pkgs; [ - gohufont - dina-font - terminus_font - corefonts - xorg.fontmiscmisc xorg.fontcursormisc ] ++ lib.optionals config.fonts.fontconfig.antialias [ cantarell-fonts - fira - fira-code - fira-mono ibm-plex - oxygenfonts noto-fonts-color-emoji office-code-pro diff --git a/system/settings/user-interface.nix b/system/settings/user-interface.nix index 20cac135..d9d3297f 100644 --- a/system/settings/user-interface.nix +++ b/system/settings/user-interface.nix @@ -4,23 +4,14 @@ , ... }: { documentation.info.enable = true; - nixpkgs.config.firefox.enableOfficialBranding = true; environment.systemPackages = with pkgs; [ - aria2 - pcmanfm - epdfview - geeqie lxappearance lxrandr lxtask - mpv - - cifs-utils - trash-cli ]; @@ -59,11 +50,9 @@ }; }; - programs.dconf.enable = true; - programs.nh = { enable = true; - flake = "/home/alan/projects/alanpearce.eu/nixfiles"; + flake = builtins.toString ../..; clean = { enable = true; extraArgs = "--keep-since 14d"; |