From e40f7d991353ad70984afdf67b25c049190c56bd Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Mon, 20 Feb 2023 02:05:59 +0300 Subject: 2023-02-20 --- modules/nixos/common/nix.nix | 3 - modules/nixos/common/secrets.nix | 46 +--------- modules/nixos/emacs.nix | 19 +--- modules/nixos/git/default.nix | 189 +++++++++++++++++---------------------- 4 files changed, 87 insertions(+), 170 deletions(-) (limited to 'modules/nixos') diff --git a/modules/nixos/common/nix.nix b/modules/nixos/common/nix.nix index efebe97..410e01d 100644 --- a/modules/nixos/common/nix.nix +++ b/modules/nixos/common/nix.nix @@ -14,13 +14,10 @@ in { }; config = { - nix.settings.trusted-users = ["@wheel"]; - nixpkgs = { config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages; overlays = with inputs; [ - agenix.overlays.default nix-minecraft.overlay pollymc.overlay xmonad-ng.overlays.default diff --git a/modules/nixos/common/secrets.nix b/modules/nixos/common/secrets.nix index 2ee5753..9a82c44 100644 --- a/modules/nixos/common/secrets.nix +++ b/modules/nixos/common/secrets.nix @@ -1,45 +1,3 @@ -{ - config, - inputs, - lib, - pkgs, - this, - ... -}: -with lib; { - imports = [ - inputs.agenix.nixosModules.default - (mkAliasOptionModule ["secrets"] ["age" "secrets"]) - ]; - - config = { - age = { - identityPaths = - if this.isHeadful - then ["${config.my.home}/.ssh/id_${my.ssh.type}"] - else - map (attr: attr.path) (filter (attr: attr.type == my.ssh.type) - config.services.openssh.hostKeys); - - # This can be used to auto-add all secrets, thus eliminating the need to - # specify path to each envrypted file. The drawback is that this will - # expose *all* secrets to all machines and try to decrypt them all even on - # machines where the secret will not be used. - # - # secrets = - # let - # secretsSourceDir = "${inputs.self}/age"; - # in - # mapAttrs' - # (name: _: - # nameValuePair name { - # file = "${secretsSourceDir}/${name}"; - # owner = mkDefault my.username; - # group = mkDefault config.my.group; - # }) - # (builtins.readDir secretsSourceDir); - }; - - environment.systemPackages = with pkgs; [agenix]; - }; +{inputs, ...}: { + imports = [inputs.agenix.nixosModules.default]; } diff --git a/modules/nixos/emacs.nix b/modules/nixos/emacs.nix index e348398..82c2f6e 100644 --- a/modules/nixos/emacs.nix +++ b/modules/nixos/emacs.nix @@ -1,6 +1,5 @@ { config, - inputs, lib, ... }: @@ -8,23 +7,11 @@ with lib; let cfg = config.nixfiles.modules.emacs; in { config = mkIf cfg.enable { - secrets.authinfo = { - file = "${inputs.self}/secrets/authinfo"; - owner = my.username; - inherit (config.my) group; - }; - nixfiles.modules.x11.enable = true; - hm = { - programs.emacs.extraConfig = mkAfter '' - (appendq! auth-sources '("${config.secrets.authinfo.path}")) - ''; - - services.emacs = { - enable = true; - client.enable = true; - }; + hm.services.emacs = { + enable = true; + client.enable = true; }; }; } diff --git a/modules/nixos/git/default.nix b/modules/nixos/git/default.nix index 1bf63c7..fd25eec 100644 --- a/modules/nixos/git/default.nix +++ b/modules/nixos/git/default.nix @@ -1,7 +1,6 @@ { config, lib, - inputs, pkgs, ... }: @@ -24,123 +23,99 @@ in { }; }; - config = mkMerge [ - (mkIf cfg.client.enable { - secrets = { - glab-cli-config = { - file = "${inputs.self}/secrets/glab-cli-config"; - path = "${config.dirs.config}/glab-cli/config.yml"; - owner = my.username; - inherit (config.my) group; - }; - gh-hosts = { - file = "${inputs.self}/secrets/gh-hosts"; - path = "${config.dirs.config}/gh/hosts.yml"; - owner = my.username; - inherit (config.my) group; - }; - hut = { - file = "${inputs.self}/secrets/hut"; - path = "${config.dirs.config}/hut/config"; - owner = my.username; - inherit (config.my) group; - }; - }; - }) - (mkIf cfg.server.enable { - nixfiles.modules.nginx = { - enable = true; - virtualHosts.${cfg.server.domain} = { - locations = { - "/".extraConfig = let - cgitrc = pkgs.writeText "cgitrc" '' - root-title=github sux >:^( - root-desc=Homo sum, humani a me nihil alienum puto. - footer= + config = mkIf cfg.server.enable { + nixfiles.modules.nginx = { + enable = true; + virtualHosts.${cfg.server.domain} = { + locations = { + "/".extraConfig = let + cgitrc = pkgs.writeText "cgitrc" '' + root-title=github sux >:^( + root-desc=Homo sum, humani a me nihil alienum puto. + footer= - clone-url=https://${cfg.server.domain}/$CGIT_REPO_URL + clone-url=https://${cfg.server.domain}/$CGIT_REPO_URL - logo=/cgit-custom-logo.gif - favicon=/cgit-custom-favicon.gif - css=/cgit-custom-style.css + logo=/cgit-custom-logo.gif + favicon=/cgit-custom-favicon.gif + css=/cgit-custom-style.css - about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh - source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py - commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh + about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh + source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py + commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh - enable-git-config=1 - enable-gitweb-owner=1 - remove-suffix=1 + enable-git-config=1 + enable-gitweb-owner=1 + remove-suffix=1 - readme=:README - readme=:README.md - readme=:README.org - readme=:README.txt - readme=:readme - readme=:readme.md - readme=:readme.org - readme=:readme.txt + readme=:README + readme=:README.md + readme=:README.org + readme=:README.txt + readme=:readme + readme=:readme.md + readme=:readme.org + readme=:readme.txt - scan-path=${config.services.gitolite.dataDir}/repositories - ''; - in '' - include ${config.services.nginx.package}/conf/fastcgi_params; - fastcgi_split_path_info ^(/?)(.+)$; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; - fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; - fastcgi_param CGIT_CONFIG ${cgitrc}; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - ''; - "~* ^.+(cgit.css|robots.txt)$".extraConfig = '' - root ${cfg.server.package}/cgit; + scan-path=${config.services.gitolite.dataDir}/repositories ''; - "~* ^.+cgit-custom-logo.gif$".extraConfig = '' - alias ${./logo.gif}; - ''; - "~* ^.+cgit-custom-favicon.gif$".extraConfig = '' - alias ${./favicon.ico}; - ''; - "~* ^.+cgit-custom-style.css$".extraConfig = let - css = with config.colourScheme; - pkgs.writeText "custom.css" '' - @import url("cgit.css"); + in '' + include ${config.services.nginx.package}/conf/fastcgi_params; + fastcgi_split_path_info ^(/?)(.+)$; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; + fastcgi_param CGIT_CONFIG ${cgitrc}; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + ''; + "~* ^.+(cgit.css|robots.txt)$".extraConfig = '' + root ${cfg.server.package}/cgit; + ''; + "~* ^.+cgit-custom-logo.gif$".extraConfig = '' + alias ${./logo.gif}; + ''; + "~* ^.+cgit-custom-favicon.gif$".extraConfig = '' + alias ${./favicon.ico}; + ''; + "~* ^.+cgit-custom-style.css$".extraConfig = let + css = with config.colourScheme; + pkgs.writeText "custom.css" '' + @import url("cgit.css"); - div#cgit { - font-family: "${config.fontScheme.monospaceFont.family}", monospace; - -moz-tab-size: 4; - tab-size: 4; - } - ''; - in '' - alias ${css}; - ''; - }; + div#cgit { + font-family: "${config.fontScheme.monospaceFont.family}", monospace; + -moz-tab-size: 4; + tab-size: 4; + } + ''; + in '' + alias ${css}; + ''; }; }; + }; - services = let - user = "git"; - group = "git"; - in { - gitolite = { - enable = true; - inherit user group; - adminPubkey = my.ssh.key; - extraGitoliteRc = '' - # This allows hiding repositories via "cgit.ignore"[1]. - # - # [1]: https://www.omarpolo.com/post/cgit-gitolite.html - $RC{GIT_CONFIG_KEYS} = '.*'; - ''; - }; + services = let + user = "git"; + group = "git"; + in { + gitolite = { + enable = true; + inherit user group; + adminPubkey = my.ssh.key; + extraGitoliteRc = '' + # This allows hiding repositories via "cgit.ignore"[1]. + # + # [1]: https://www.omarpolo.com/post/cgit-gitolite.html + $RC{GIT_CONFIG_KEYS} = '.*'; + ''; + }; - fcgiwrap = { - enable = true; - inherit user group; - }; + fcgiwrap = { + enable = true; + inherit user group; }; - }) - ]; + }; + }; } -- cgit 1.4.1