diff options
| -rw-r--r-- | flake.lock | 14 | ||||
| -rw-r--r-- | hosts/iori.nix | 1 | ||||
| -rw-r--r-- | modules/blog.nix | 37 | ||||
| -rw-r--r-- | modules/cgit.nix | 38 | ||||
| -rw-r--r-- | modules/ddns.nix | 27 | ||||
| -rw-r--r-- | modules/emacs/README.org | 2 | ||||
| -rw-r--r-- | modules/emacs/default.nix | 1 | ||||
| -rw-r--r-- | modules/web-services.nix | 165 |
8 files changed, 176 insertions, 109 deletions
@@ -159,11 +159,11 @@ "nixpkgs_old": "nixpkgs_old" }, "locked": { - "lastModified": 1729629594, - "narHash": "sha256-JIHFiZGwFav4Ach2YTSH/og3dTwOWdEs0oHGCJd8TIo=", + "lastModified": 1730050814, + "narHash": "sha256-3BmY+KKfLeZJFqt8hyvzrX/N/kaQy5zrHOtwNWCKdRY=", "ref": "refs/heads/master", - "rev": "3dc55429c12d232a6dac945552423957a460dce6", - "revCount": 67054, + "rev": "7c33b28f7b0cf926bc28f17daeee1ab7c92152f2", + "revCount": 67225, "type": "git", "url": "ssh://[email protected]/mixrank/mixrank" }, @@ -221,11 +221,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1725634671, - "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=", + "lastModified": 1729880355, + "narHash": "sha256-RP+OQ6koQQLX5nw0NmcDrzvGL8HDLnyXt/jHhL1jwjM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c", + "rev": "18536bf04cd71abd345f9579158841376fdd0c5a", "type": "github" }, "original": { diff --git a/hosts/iori.nix b/hosts/iori.nix index e4839c5..e9e5275 100644 --- a/hosts/iori.nix +++ b/hosts/iori.nix @@ -17,6 +17,7 @@ services = { ddns.enable = true; blog.enable = true; + cgit.enable = true; }; }; diff --git a/modules/blog.nix b/modules/blog.nix deleted file mode 100644 index c186513..0000000 --- a/modules/blog.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, lib, inputs, pkgs, ... }: with lib; let - cfg = config.santi-modules.services.blog; - blog = pkgs.stdenv.mkDerivation { - name="hugo-blog"; - src = inputs.blog; - buildInputs = [ pkgs.hugo ]; - buildPhase = '' - mkdir $out - hugo --destination $out - ''; - }; -in { - options.santi-modules.services.blog = { - enable = mkEnableOption "Enable blog hosting"; - url = mkOption { - type = types.str; - default = "santi.net.br"; - description = "Url to serve blog on"; - }; - }; - config = mkIf cfg.enable { - networking.firewall.allowedTCPPorts = [ 80 443 ]; - # TODO: enable SSL - services.nginx = { - enable = true; - virtualHosts.${cfg.url} = { - addSSL = true; - enableACME = true; - root = blog; - }; - }; - security.acme = { - acceptTerms = true; - certs.${cfg.url}.email = "[email protected]"; - }; - }; -} diff --git a/modules/cgit.nix b/modules/cgit.nix deleted file mode 100644 index fb894b8..0000000 --- a/modules/cgit.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, lib, pkgs, ...}: with lib; { - options.santi-modules.services.cgit.enable = mkEnableOption "Enable cgit instance"; - config = mkIf config.santi-modules.services.cgit.enable { - services.cgit.santi = let - org2html = pkgs.writeShellScript "org2md" '' - ${pkgs.pandoc}/bin/pandoc \ - --from org \ - --to html5 \ - --sandbox=true \ - --html-q-tags \ - --ascii \ - --standalone \ - --wrap=auto \ - --embed-resources \ - -M document-css=false - ''; - in { - enable = true; - user = "root"; - group = "root"; - settings = { - readme = ":README.org"; - root-title = "index"; - root-desc = "public repositories for santi.net.br"; - about-filter = toString org2html; - enable-git-config = true; - enable-html-cache = false; - enable-blame = true; - enable-log-linecount = true; - enable-index-links = true; - enable-index-owner = false; - enable-commit-graph = true; - remove-suffix = true; - }; - scanPath = "/home/leonardo"; - }; - }; -} diff --git a/modules/ddns.nix b/modules/ddns.nix deleted file mode 100644 index 3a3196e..0000000 --- a/modules/ddns.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ config, lib, ...}: with lib; { - options.santi-modules.services.ddns.enable = mkEnableOption "Enable ddns service"; - config = mkIf config.santi-modules.services.ddns.enable { - networking.enableIPv6 = true; - services.cloudflared = { - enable = true; - tunnels.iori = { - default = "http_status:404"; - credentialsFile = "/var/lib/cloudflared/iori.json"; - ingress = { - "santi.net.br" = "http://localhost:80"; - }; - }; - }; - services.inadyn = { - enable = true; - user = "leonardo"; - group = "users"; - settings.provider."cloudflare.com" = { - hostname="santi.net.br"; - username="santi.net.br"; - proxied = false; - include = config.age.secrets.cloudflare.path; - }; - }; - }; -} diff --git a/modules/emacs/README.org b/modules/emacs/README.org index 29b44b6..3ed48b3 100644 --- a/modules/emacs/README.org +++ b/modules/emacs/README.org @@ -108,6 +108,8 @@ Configurations for magit #+begin_src emacs-lisp :tangle yes (use-package magit :custom (magit-process-finish-apply-ansi-colors t)) +(use-package magit-delta + :hook (magit-mode . magit-delta-mode)) #+end_src *** Forge diff --git a/modules/emacs/default.nix b/modules/emacs/default.nix index bdc9b19..bbf1ba2 100644 --- a/modules/emacs/default.nix +++ b/modules/emacs/default.nix @@ -4,6 +4,7 @@ let nil ripgrep emacs-lsp-booster + delta ]; org-tangle-elisp-blocks = (pkgs.callPackage ./org.nix {inherit pkgs; inherit (inputs) from-elisp;}).org-tangle ({ language, flags } : let is-elisp = (language == "emacs-lisp") || (language == "elisp"); diff --git a/modules/web-services.nix b/modules/web-services.nix new file mode 100644 index 0000000..6c3bc76 --- /dev/null +++ b/modules/web-services.nix @@ -0,0 +1,165 @@ +{ config, lib, inputs, pkgs, ... }: with lib; let + cfg = config.santi-modules.services; + git-repo-path = "/server/git-repos"; + cgit-config = mkIf cfg.cgit.enable { + environment.systemPackages = [ + pkgs.git + ]; + users.users = { + git = { + description = "git user"; + isNormalUser = true; + home = git-repo-path; + openssh.authorizedKeys.keys = [ (builtins.readFile ../secrets/user-ssh-key.pub)] ++ builtins.attrValues (import ../secrets/host-pub-keys.nix); + }; + }; + systemd.tmpfiles.rules = [ + "d ${git-repo-path} 0755 git users -" + ]; + services.cgit.santi = let + org2html = pkgs.writeShellScript "org2md" '' + ${pkgs.pandoc}/bin/pandoc \ + --from org \ + --to html5 \ + --sandbox=true \ + --html-q-tags \ + --ascii \ + --standalone \ + --wrap=auto \ + --embed-resources \ + -M document-css=false + ''; + in { + enable = true; + scanPath = git-repo-path; + nginx.virtualHost = "git.santi.net.br"; + settings = { + readme = ":README.org"; + root-title = "index"; + root-desc = "public repositories for santi.net.br"; + about-filter = toString org2html; + source-filter = "${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py"; + enable-git-config = true; + enable-html-cache = false; + enable-blame = true; + enable-log-linecount = true; + enable-index-links = true; + enable-index-owner = false; + enable-commit-graph = true; + remove-suffix = true; + }; + }; + }; + blog-config = let + blog-public-path = "/server/blog"; + env = pkgs.buildEnv { + name = "post-receive-env"; + paths = [ + pkgs.git + pkgs.coreutils + pkgs.gnutar + pkgs.xz + ]; + }; + post-receive = pkgs.writeShellScript "post-receive" '' + export PATH=${env}/bin + set -ex + + GIT_DIR=$(${pkgs.git}/bin/git rev-parse --git-dir 2>/dev/null) + if [ -z "$GIT_DIR" ]; then + echo >&2 "fatal: post-receive: GIT_DIR not set" + exit 1 + fi + + TMPDIR=$(mktemp -d) + function cleanup() { + rm -rf "$TMPDIR" + } + trap cleanup EXIT + + ${pkgs.git}/bin/git clone "$GIT_DIR" "$TMPDIR" + unset GIT_DIR + cd "$TMPDIR" + ${pkgs.hugo}/bin/hugo --destination ${blog-public-path} + ''; + in mkIf cfg.blog.enable { + networking.firewall.allowedTCPPorts = [ 80 443 ]; + # TODO: enable SSL + services.nginx = { + enable = true; + virtualHosts.${cfg.blog.url} = { + addSSL = true; + enableACME = true; + root = blog-public-path; + }; + }; + security.acme = { + acceptTerms = true; + certs.${cfg.blog.url}.email = "[email protected]"; + }; + systemd.tmpfiles.rules = [ + "d ${blog-public-path} 0755 git users -" + ]; + systemd.services."blog-prepare-git-repo" = { + wantedBy = [ "multi-user.target" ]; + path = [ + pkgs.git + ]; + script = '' + set -ex + cd ${git-repo-path} + chmod +rX ${blog-public-path} + test -e blog || git init --bare blog + ln -nsf ${post-receive} blog/hooks/post-receive + ''; + serviceConfig = { + Kind = "one-shot"; + User = "git"; + }; + }; + }; + + ddns-config = mkIf cfg.ddns.enable { + networking.enableIPv6 = true; + services.cloudflared = { + enable = true; + tunnels.iori = { + default = "http_status:404"; + credentialsFile = "/var/lib/cloudflared/iori.json"; + ingress = { + "santi.net.br" = "http://localhost:80"; + "git.santi.net.br" = "http://localhost:80"; + }; + }; + }; + services.inadyn = { + enable = true; + user = "leonardo"; + group = "users"; + settings.provider."cloudflare.com" = { + hostname="santi.net.br"; + username="santi.net.br"; + proxied = false; + include = config.age.secrets.cloudflare.path; + }; + }; + }; +in { + options.santi-modules.services = { + blog = { + enable = mkEnableOption "Enable blog hosting"; + url = mkOption { + type = types.str; + default = "santi.net.br"; + description = "Url to serve blog on"; + }; + }; + cgit.enable = mkEnableOption "Enable cgit instance"; + ddns.enable = mkEnableOption "Enable ddns service"; + }; + config = mkMerge [ + cgit-config + blog-config + ddns-config + ]; +} |