diff --git a/deploy b/deploy index 08b95d0..911d054 100755 --- a/deploy +++ b/deploy @@ -19,8 +19,7 @@ collect_garbage () { rebuild_flake () { # make sure all changes are visible to nixos - # (--intent-to-add tracks files but DOES NOT stage them) - git add . --intent-to-add --verbose + git add . --verbose local FLAGS= if [ "$1" = "reinstall-bootloader" ]; then FLAGS="--install-bootloader" diff --git a/homes/modules/editor/helix.nix b/homes/modules/editor/helix.nix index 3d831c1..30dad17 100755 --- a/homes/modules/editor/helix.nix +++ b/homes/modules/editor/helix.nix @@ -1,61 +1,5 @@ -{ - pkgs, - pkgs-unstable, - ... -}: let - lsps = { - bash-language-server = - { - pkg = pkgs.bash-language-server; - cmd = "bash-language-server"; - }; - - clangd = - { - pkg = pkgs.clang-tools; - cmd = "clangd"; - }; - - haskell-language-server = - { - pkg = pkgs.haskell-language-server; - cmd = "haskell-language-server-wrapper"; - }; - - # TODO: once upgraded past Nix-24.07 this line won't be necessary (I think) - # helix will support nixd by default - # SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix - nixd = - { - pkg = pkgs.nixd; - cmd = "nixd"; - }; - - OmniSharp = - { - pkg = pkgs.omnisharp-roslyn; - cmd = "OmniSharp"; - }; - - rust-analyzer = - { - pkg = pkgs.rust-analyzer; - cmd = "rust-analyzer"; - }; - - ty = - { - pkg = pkgs-unstable.ty; - cmd = "ty"; - }; - }; -in { - home.packages = - lsps - |> builtins.attrValues - |> map (lsp: lsp.pkg); - - # REF: https://docs.helix-editor.com/editor.html +{pkgs, ...}: { + # read https://docs.helix-editor.com/editor.html programs.helix = { enable = true; settings = { @@ -184,12 +128,11 @@ in { }; auto-format = false; # my python is beautiful ^_^ rulers = [80]; - language-servers = ["ty"]; } { name = "c"; file-types = ["c" "h"]; # use .hpp for C++ - auto-format = true; + auto-format = false; formatter.command = "${pkgs.clang-tools}/bin/clang-format"; language-servers = ["clangd"]; } @@ -209,26 +152,49 @@ in { formatter.command = "${pkgs.rustfmt}/bin/rustfmt"; language-servers = ["rust-analyzer"]; } - { - name = "c-sharp"; - file-types = ["cs"]; - indent = { - tab-width = 4; - unit = " "; - }; - block-comment-tokens = { - start = "/*"; - end = "*/"; - }; - # auto-format = false; - # formatter.command = "${pkgs.omnisharp-roslyn}/bin/OmniSharp"; - # language-servers = ["OmniSharp"]; - } + # { + # name = "c-sharp"; + # source = "source.cs"; + # file-types = ["cs"]; + # indent = { + # tab-width = 4; + # unit = " "; + # }; + # block-comment-tokens = { + # start = "/*"; + # end = "*/"; + # }; + # # auto-format = false; + # # formatter.command = "${pkgs.omnisharp-roslyn}/bin/OmniSharp"; + # # language-servers = ["OmniSharp"]; + # } ]; - language-server = - lsps - |> builtins.mapAttrs (_: lsp: { command = "${lsp.pkg}/bin/${lsp.cmd}"; }); + language-server = { + # use nixd as default nix lsp (I haven't tried nil yet) + # NOTE: nixd will be supported by default after nix 24.07 + # SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix + nixd = { + command = "${pkgs.nixd}/bin/nixd"; + }; + # clangd for C + clangd = { + command = "${pkgs.clang-tools}/bin/clangd"; + }; + + haskell-language-server = { + command = "${pkgs.haskell-language-server}/bin/haskell-language-server-wrapper"; + }; + + rust-analyzer = { + command = "${pkgs.rust-analyzer}/bin/rust-analyzer"; + }; + + # C# language services + OmniSharp = { + command = "${pkgs.omnisharp-roslyn}/bin/OmniSharp"; + }; + }; }; }; } diff --git a/hosts/hyrule/default.nix b/hosts/hyrule/default.nix index 837fc4d..72cf59f 100755 --- a/hosts/hyrule/default.nix +++ b/hosts/hyrule/default.nix @@ -1,6 +1,8 @@ { pkgs, pkgs-unstable, + inputs, + lib, ... }: let home-manager = builtins.fetchTarball { @@ -12,13 +14,12 @@ in { ./hardware-configuration.nix (import "${home-manager}/nixos") - ./services/forgejo.nix - ./services/vaultwarden.nix - ./services/nginx.nix # ./mailserver.nix # TEMP: location # ./minecraft-server.nix # TEMP: location - ../modules/bashistrans.nix + #../modules/server/nginx.nix + #../modules/server/ssh.nix + #../modules/server/fail2ban.nix ]; nix.settings = { @@ -32,6 +33,15 @@ in { ]; }; + # nixpkgs.config.allowUnfreePredicate = let + # whitelist = map lib.getName [ + # "minecraft-server" + # pkgs.minecraft-server + # pkgs-unstable.minecraft-server + # ]; + # in + # pkg: builtins.elem (lib.getName pkg) whitelist; + time.timeZone = "Australia/Brisbane"; i18n.defaultLocale = "en_US.UTF-8"; @@ -82,6 +92,30 @@ in { ]; }; + # wireguard.interfaces = { + # wg0 = { + # ips = ["10.10.10.4/24"]; # my IP and the subnet (keyword: "AND") + # listenPort = 54231; + # + # privateKeyFile = "/root/wg_agrivpn_hyrule"; + # + # peers = [ + # { + # # peer's public key + # publicKey = "iZ4aqYjbT8O8tfUHEuV+yWLtdoQbdBb6Nt0M4usMSiY="; + # + # # choose which traffic to forward + # allowedIPs = ["10.0.51.0/24" "10.10.10.0/24"]; + # + # # TODO: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577 + # endpoint = "150.242.34.33:54231"; + # + # # send keepalives every 25 seconds. Important to keep NAT tables alive. + # persistentKeepalive = 25; + # } + # ]; + # }; + # }; wg-quick.interfaces = { wg0 = { address = [ @@ -116,7 +150,7 @@ in { extraGroups = ["wheel"]; shell = pkgs.bash; openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@dobutterfliescry.net" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCsUZY45rgezi+8iROdcR5vPeacJ2fbMjlDijfUrH9hRX2FzCsg/4e3aFKhi2seZMmyTfbstxmDrrH8paUS5TibFgLFBGNngaF3CTjg85i5pm25Hr4IVo31oziBnTWaG6j3buYKtz5e1qSPzXywinJR+5+FCUJU7Fxa+EWTZcOX4wYgArSj4q73rZmvk5N0X44Mudt4nvpD2chvxygsdTzD6ph92qCuaJ/AbfmOoC7b/xvOaOVydUfgDLpHi9VZbd3akvvKxRfW6ZklldgXEzPXKMuastN0mwcBxvIb5G1Vkj8jtSVtKPc5psZ9/NWA5l38xH4qZ6z7eib6thtEMdtcKmTZEEWDADjqTea5Gj61c1n18cr6f3Tff+0bn/cxsl4Y0esi+aDeuCXYiIYNmeKBx0ttDNIxpk4J5Fdh6Xs+AZif5lnJErtu8TPy2aC0bc9wehTjMyvilTHfyerOD1ZJXhN2XwRVDGN7t7leAJZISJlPjqTDcw3Vfvzte/5JqS+FR+hbpG4uz2ix8kUa20u5YF2oSdGl8+zsdozVsdQm10Iv9WSXBV7t4m+oyodgtfzydBpmXq7aBXudCiEKw+7TC7F+1a4YFrVrCNXKFgKUpd1MiVLl7DIbzm5U9MD2BB3Fy7BPCzr3tW6/ExOhhpBWY+HnzVGQfkNr7dRcqfipKw== ae@imbored.dev" ]; }; @@ -142,6 +176,70 @@ in { }; services = { + # simple nginx instance to host static construction page + # TODO: I want sshd and forgejo's ssh server to both be bound to port 22 + # So change sshd to listen on a different address/port (ie 2222 or 127.0.0.3:22, etc) + # and change forgejo to use 127.0.0.2:22 (use port 22, ONLY change loopback address) + nginx = { + enable = true; + # in wake of CVE-2022-3602/CVE-2022-3786 + package = pkgs.nginxStable.override {openssl = pkgs.libressl;}; + + recommendedGzipSettings = true; + recommendedZstdSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + # streamConfig = '' + # server { + # listen 127.0.0.1:53 udp reuseport; + # proxy_timeout 20s; + # proxy_pass 192.168.0.1:53535; + # } + # ''; + + virtualHosts = let + localhost = "http://127.0.0.1"; + std = { + # TODO: should I run over QUIC+HTTP3? (experimental) + # quic = true; + # http3 = true; + enableACME = true; + # kTLS = true; # offload TLS to the linux kernel + }; + in { + "imbored.dev" = + { + default = true; + addSSL = true; # not strictly enforced <3 + root = "/var/www/imbored"; + # extraConfig = '' + # error_page 404 /custom_404.html; + # ''; + } + // std; + # Route "vault" subdomain to vaultwarden + "vault.imbored.dev" = + { + forceSSL = true; + locations."/".proxyPass = "${localhost}:8222"; + } + // std; + # Route "forge" subdomain to forgejo + # TODO: use `forgejo.settings.server.ENABLE_ACME` instead? + "forge.imbored.dev" = + { + forceSSL = true; + extraConfig = '' + client_max_body_size 512M; + ''; + locations."/".proxyPass = "${localhost}:3000"; + } + // std; + }; + }; + openssh = { enable = true; ports = [22]; @@ -153,8 +251,235 @@ in { X11Forwarding = false; }; }; - }; + vaultwarden = { + enable = true; + dbBackend = "sqlite"; + + # backupDir = "/var/backup/vaultwarden"; # disable with null + + # https://mynixos.com/nixpkgs/option/services.vaultwarden.config + config = { + # internal address and port to listen on + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8222; + + # hostname to listen for + DOMAIN = "https://vault.imbored.dev"; + + # signup policy + SIGNUPS_ALLOWED = false; + SIGNUPS_VERIFY = true; + INVITATIONS_ALLOWED = true; + }; + # https://mynixos.com/nixpkgs/option/services.vaultwarden.environmentFile + environmentFile = "/var/lib/vaultwarden/vaultwarden.env"; + }; + + # stalwart-mail = let + # domain = "imbored.dev"; + # in { + # enable = false; # true; + # # openFirewall = true; # im doing this manually rn + # settings = { + # certificate."${domain}" = { + # cert = "file://${certs.${domain}.cert}"; + # private-key = "file://${certs.${domain}.key}"; + # }; + # server = { + # hostname = domain; + # tls = { + # certificate = "${domain}"; + # enable = true; + # implicit = false; + # }; + # listener = { + # "smtp-submission" = { + # bind = ["127.0.0.1:587"]; + # protocol = "smtp"; + # }; + # "imap" = { + # bind = ["127.0.0.1:143"]; + # protocol = "imap"; + # }; + # }; + # }; + # session = { + # rcpt.directory = "in-memory"; + # auth = { + # mechanisms = ["PLAIN"]; + # directory = "in-memory"; + # }; + # }; + # jmap.directory = "in-memory"; + # queue.outbound.next-hop = ["local"]; + # directory."in-memory" = { + # type = "memory"; + # users = [ + # { + # name = "me"; + # secret = "foobar"; + # email = ["me@${domain}"]; + # } + # { + # name = "Emile"; + # secret = "foobar"; + # email = ["emile@${domain}"]; + # } + # ]; + # }; + # }; + # }; + + # more options here: https://mynixos.com/nixpkgs/options/services.forgejo + # TODO: set a favicon https://forgejo.org/docs/next/contributor/customization/#changing-the-logo + # (might need me to override settings in the nixpkg) + # TODO: create a custom theme for forgejo (modify the source files most likely) + forgejo = { + enable = true; + # enable support for Git Large File Storage + lfs.enable = true; + database = { + type = "sqlite3"; # postgres + host = "127.0.0.1"; + port = "3306"; # 5432 if postgres + }; + # settings are written directly to the `app.ini` config file + # refer to: https://forgejo.org/docs/latest/admin/config-cheat-sheet/ + settings = { + server = { + # ENABLE_ACME = true; + # ACME_EMAIL = "eclarkboman@gmail.com"; # change this to "me@imbored.dev" + DOMAIN = "forge.imbored.dev"; # should this be "imbored.dev"? + ROOT_URL = "https://forge.imbored.dev"; # full public URL of the Forgejo server + # address and port to listen on + HTTP_ADDR = "127.0.0.1"; + HTTP_PORT = 3000; + PROTOCOL = "http"; # http internally, reverse proxy uses https externally + + START_SSH_SERVER = true; + DISABLE_SSH = false; + SSH_PORT = 2222; + }; + + DEFAULT = { + APP_NAME = "tearforge"; + APP_SLOGIN = "but cozy"; + APP_DISPLAY_NAME_FORMAT = "{APP_NAME} ::{APP_SLOGAN}::"; + }; + + repository = { + DEFAULT_PRIVATE = "private"; # last, private, public + # repo/org created on push to non-existent + ENABLE_PUSH_CREATE_USER = true; + ENABLE_PUSH_CREATE_ORG = false; + DEFAULT_PUSH_CREATE_PRIVATE = true; + MAX_CREATION_LIMIT = -1; + }; + + "repository.upload" = { + # max per-file size in MB + FILE_MAX_SIZE = 50; + # max number of files per upload + MAX_FILES = 5; + }; + + badges = let + # flat, flat-square, plastic, for-the-badge, social + style = "for-the-badge"; + in { + ENABLED = true; + GENERATOR_URL_TEMPLATE = "https://img.shields.io/badge/{{.label}}-{{.text}}-{{.color}}?style=${style}"; + }; + + ui = { + DEFAULT_THEME = "forgejo-dark"; + THEMES = "forgejo-auto,forgejo-light,forgejo-dark"; + }; + "ui.meta" = { + AUTHOR = "Emile Clark-Boman - emileclarkb"; + DESCRIPTION = "This is my personal self-hosted git forge, where I keep and maintain personal projects! PS do butterflies cry when they're sad?"; + KEYWORDS = "emile,clark,boman,clarkboman,emileclarkb,git,forge,forgejo,self-hosted,dobutterfliescry,butterfly,butterflies"; + }; + + markdown = { + ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true; + ENABLE_MATH = true; + }; + + admin = { + DEFAULT_EMAIL_NOTIFICATIONS = "enabled"; + SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true; + }; + + security = { + # Controls access to the installation page. + # When set to “true”, the installation page is not accessible. + #INSTALL_LOCK = false; + + PASSWORD_HASH_ALGO = "argon2"; # ARGON2 BEST ALGO FR!! (default: argon2$2$65536$8$50) + MIN_PASSWORD_LENGTH = 12; + PASSWORD_COMPLEXITY = "lower,upper,digit,spec"; + PASSWORD_CHECK_PWN = true; + }; + + service = { + DISABLE_REGISTRATION = true; # toggle for new users + #DEFAULT_USER_IS_RESTRICTED = true; + # Forbid login with third-party services (ie github) + ALLOW_ONLY_INTERNAL_REGISTRATION = true; + ENABLE_CAPTCHA = true; + REQUIRE_CAPTCHA_FOR_LOGIN = true; + REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA = true; + LOGIN_REMEMBER_DAYS = 365; + ENABLE_NOTIFY_MAIL = true; + }; + "service.explore" = { + REQUIRE_SIGNIN_VIEW = false; + DISABLE_USERS_PAGE = false; + DISABLE_ORGANIZATIONS_PAGE = false; + DISABLE_CODE_PAGE = false; + }; + + cache = { + ADAPTER = "twoqueue"; + HOST = "{\"size\":100, \"recent_ratio\":0.25, \"ghost_ratio\":0.5}"; + ITEM_TTL = "16h"; + }; + + # TODO: fill this in once my mail server is configured + # email.incoming = { ... }; + + # optional + # TODO: fill this in once my mail server is configured + mailer = { + ENABLED = false; + SMTP_ADDR = "mail.imbored.dev"; + FROM = "noreply@imbored.dev"; + USER = "noreply@imbored.dev"; + }; + + log = { + MODE = "file"; + LEVEL = "Info"; # "Trace", "Debug", "Info", "Warn", "Error", "Critical" + ENABLE_SSH_LOG = true; + }; + + cron = { + ENABLED = true; + RUN_AT_START = false; + }; + + other = { + SHOW_FOOTER_VERSION = true; + SHOW_FOOTER_TEMPLATE_LOAD_TIME = true; + SHOW_FOOTER_POWERED_BY = true; + ENABLE_SITEMAP = true; + ENABLE_FEED = true; + }; + }; + }; + }; security = { # accept Lets Encrypt's security policy (for nginx) acme = { @@ -182,5 +507,21 @@ in { helix ]; + programs = { + fish.enable = true; + + bash = { + completion.enable = true; + + interactiveShellInit = '' + if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] + then + shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" + exec ${pkgs.fish}/bin/fish $LOGIN_OPTION + fi + ''; + }; + }; + system.stateVersion = "24.11"; # DO NOT MODIFY } diff --git a/hosts/hyrule/services/mailserver.nix b/hosts/hyrule/mailserver.nix similarity index 95% rename from hosts/hyrule/services/mailserver.nix rename to hosts/hyrule/mailserver.nix index cd2adfc..49274f2 100644 --- a/hosts/hyrule/services/mailserver.nix +++ b/hosts/hyrule/mailserver.nix @@ -28,7 +28,6 @@ aliases = ["emile@imbored.dev"]; hashedPasswordFile = let CWD = builtins.getEnv "PWD"; - # XXX: TODO: use a secrets manager! in "${CWD}/secrets/passwd/me"; }; }; diff --git a/hosts/hyrule/services/minecraft-server.nix b/hosts/hyrule/minecraft-server.nix similarity index 100% rename from hosts/hyrule/services/minecraft-server.nix rename to hosts/hyrule/minecraft-server.nix diff --git a/hosts/hyrule/services/forgejo.nix b/hosts/hyrule/services/forgejo.nix deleted file mode 100644 index f228116..0000000 --- a/hosts/hyrule/services/forgejo.nix +++ /dev/null @@ -1,150 +0,0 @@ -{...}: { - # more options here: https://mynixos.com/nixpkgs/options/services.forgejo - # TODO: set a favicon https://forgejo.org/docs/next/contributor/customization/#changing-the-logo - # (might need me to override settings in the nixpkg) - # TODO: create a custom theme for forgejo (modify the source files most likely) - services.forgejo = { - enable = true; - # enable support for Git Large File Storage - lfs.enable = true; - database = { - type = "sqlite3"; # postgres - host = "127.0.0.1"; - port = "3306"; # 5432 if postgres - }; - # settings are written directly to the `app.ini` config file - # refer to: https://forgejo.org/docs/latest/admin/config-cheat-sheet/ - settings = { - server = { - # ENABLE_ACME = true; - # ACME_EMAIL = "eclarkboman@gmail.com"; # change this to "me@imbored.dev" - DOMAIN = "forge.imbored.dev"; # should this be "imbored.dev"? - ROOT_URL = "https://forge.imbored.dev"; # full public URL of the Forgejo server - # address and port to listen on - HTTP_ADDR = "127.0.0.1"; - HTTP_PORT = 3000; - PROTOCOL = "http"; # http internally, reverse proxy uses https externally - - START_SSH_SERVER = true; - DISABLE_SSH = false; - SSH_PORT = 2222; - }; - - DEFAULT = { - APP_NAME = "tearforge"; - APP_SLOGIN = "but cozy"; - APP_DISPLAY_NAME_FORMAT = "{APP_NAME} ::{APP_SLOGAN}::"; - }; - - repository = { - DEFAULT_PRIVATE = "private"; # last, private, public - # repo/org created on push to non-existent - ENABLE_PUSH_CREATE_USER = true; - ENABLE_PUSH_CREATE_ORG = false; - DEFAULT_PUSH_CREATE_PRIVATE = true; - MAX_CREATION_LIMIT = -1; - }; - - "repository.upload" = { - # max per-file size in MB - FILE_MAX_SIZE = 50; - # max number of files per upload - MAX_FILES = 5; - }; - - badges = let - # flat, flat-square, plastic, for-the-badge, social - style = "for-the-badge"; - in { - ENABLED = true; - GENERATOR_URL_TEMPLATE = "https://img.shields.io/badge/{{.label}}-{{.text}}-{{.color}}?style=${style}"; - }; - - ui = { - DEFAULT_THEME = "forgejo-dark"; - THEMES = "forgejo-auto,forgejo-light,forgejo-dark"; - }; - "ui.meta" = { - AUTHOR = "Emile Clark-Boman - emileclarkb"; - DESCRIPTION = "This is my personal self-hosted git forge, where I keep and maintain personal projects! PS do butterflies cry when they're sad?"; - KEYWORDS = "emile,clark,boman,clarkboman,emileclarkb,git,forge,forgejo,self-hosted,dobutterfliescry,butterfly,butterflies"; - }; - - markdown = { - ENABLE_HARD_LINE_BREAK_IN_COMMENTS = true; - ENABLE_MATH = true; - }; - - admin = { - DEFAULT_EMAIL_NOTIFICATIONS = "enabled"; - SEND_NOTIFICATION_EMAIL_ON_NEW_USER = true; - }; - - security = { - # Controls access to the installation page. - # When set to “true”, the installation page is not accessible. - #INSTALL_LOCK = false; - - PASSWORD_HASH_ALGO = "argon2"; # ARGON2 BEST ALGO FR!! (default: argon2$2$65536$8$50) - MIN_PASSWORD_LENGTH = 12; - PASSWORD_COMPLEXITY = "lower,upper,digit,spec"; - PASSWORD_CHECK_PWN = true; - }; - - service = { - DISABLE_REGISTRATION = true; # toggle for new users - #DEFAULT_USER_IS_RESTRICTED = true; - # Forbid login with third-party services (ie github) - ALLOW_ONLY_INTERNAL_REGISTRATION = true; - ENABLE_CAPTCHA = true; - REQUIRE_CAPTCHA_FOR_LOGIN = true; - REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA = true; - LOGIN_REMEMBER_DAYS = 365; - ENABLE_NOTIFY_MAIL = true; - }; - "service.explore" = { - REQUIRE_SIGNIN_VIEW = false; - DISABLE_USERS_PAGE = false; - DISABLE_ORGANIZATIONS_PAGE = false; - DISABLE_CODE_PAGE = false; - }; - - cache = { - ADAPTER = "twoqueue"; - HOST = "{\"size\":100, \"recent_ratio\":0.25, \"ghost_ratio\":0.5}"; - ITEM_TTL = "16h"; - }; - - # TODO: fill this in once my mail server is configured - # email.incoming = { ... }; - - # optional - # TODO: fill this in once my mail server is configured - mailer = { - ENABLED = false; - SMTP_ADDR = "mail.dobutterfliescry.net"; - FROM = "iforgor@dobutterfliescry.net"; - USER = "iforgor@dobutterfliescry.net"; - }; - - log = { - MODE = "file"; - LEVEL = "Info"; # "Trace", "Debug", "Info", "Warn", "Error", "Critical" - ENABLE_SSH_LOG = true; - }; - - cron = { - ENABLED = true; - RUN_AT_START = false; - }; - - other = { - SHOW_FOOTER_VERSION = true; - SHOW_FOOTER_TEMPLATE_LOAD_TIME = true; - SHOW_FOOTER_POWERED_BY = true; - ENABLE_SITEMAP = true; - ENABLE_FEED = true; - }; - }; - }; -} diff --git a/hosts/hyrule/services/nginx.nix b/hosts/hyrule/services/nginx.nix deleted file mode 100644 index d719841..0000000 --- a/hosts/hyrule/services/nginx.nix +++ /dev/null @@ -1,99 +0,0 @@ -{pkgs, ...}: { - nixpkgs.overlays = [ - (self: super: { - # in wake of CVE-2022-3602/CVE-2022-3786 - nginxStable = super.nginxStable.override {openssl = pkgs.libressl;}; - }) - ]; - - # simple nginx instance to host static construction page - # TODO: I want sshd and forgejo's ssh server to both be bound to port 22 - # So change sshd to listen on a different address/port (ie 2222 or 127.0.0.3:22, etc) - # and change forgejo to use 127.0.0.2:22 (use port 22, ONLY change loopback address) - services.nginx = { - enable = true; - # XXX: TODO: this should auto use the nginxStable overlay no? - # in wake of CVE-2022-3602/CVE-2022-3786 - # package = pkgs.nginxStable.override {openssl = pkgs.libressl;}; - - recommendedGzipSettings = true; - recommendedZstdSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - # streamConfig = '' - # server { - # listen 127.0.0.1:53 udp reuseport; - # proxy_timeout 20s; - # proxy_pass 192.168.0.1:53535; - # } - # ''; - - virtualHosts = let - localhost = "http://127.0.0.1"; - std = { - # TODO: should I run over QUIC+HTTP3? (experimental) - # quic = true; - # http3 = true; - enableACME = true; - # kTLS = true; # offload TLS to the linux kernel - }; - website = - { - default = true; - addSSL = true; # not strictly enforced <3 - root = "/var/www/imbored"; - # extraConfig = '' - # error_page 404 /custom_404.html; - # ''; - } - // std; - - vault = - { - forceSSL = true; - locations."/".proxyPass = "${localhost}:8222"; - } - // std; - forge = - { - forceSSL = true; - extraConfig = '' - client_max_body_size 512M; - ''; - locations."/".proxyPass = "${localhost}:3000"; - } - // std; - in { - # XXX: TODO: imbored.dev and dobutterfliescry.net can't - # XXX: TODO: be active at the same time??? why?? - # "imbored.dev" = - # { - # default = true; - # addSSL = true; # not strictly enforced <3 - # root = "/var/www/imbored"; - # # extraConfig = '' - # # error_page 404 /custom_404.html; - # # ''; - # } - # // std; - "dobutterfliescry.net" = - { - default = true; - addSSL = true; # not strictly enforced <3 - root = "/var/www/cry"; - # extraConfig = '' - # error_page 404 /custom_404.html; - # ''; - } - // std; - # Route "vault" subdomain to vaultwarden - "vault.imbored.dev" = vault; - # Route "forge" subdomain to forgejo - # TODO: use `forgejo.settings.server.ENABLE_ACME` instead? - "forge.imbored.dev" = forge; - # "forge.dobutterfliescry.net" = forge; - }; - }; -} diff --git a/hosts/hyrule/services/vaultwarden.nix b/hosts/hyrule/services/vaultwarden.nix deleted file mode 100644 index 6cde9ab..0000000 --- a/hosts/hyrule/services/vaultwarden.nix +++ /dev/null @@ -1,25 +0,0 @@ -{...}: { - services.vaultwarden = { - enable = true; - dbBackend = "sqlite"; - - # backupDir = "/var/backup/vaultwarden"; # disable with null - - # https://mynixos.com/nixpkgs/option/services.vaultwarden.config - config = { - # internal address and port to listen on - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 8222; - - # hostname to listen for - DOMAIN = "https://vault.imbored.dev"; - - # signup policy - SIGNUPS_ALLOWED = false; - SIGNUPS_VERIFY = true; - INVITATIONS_ALLOWED = true; - }; - # https://mynixos.com/nixpkgs/option/services.vaultwarden.environmentFile - environmentFile = "/var/lib/vaultwarden/vaultwarden.env"; - }; -} diff --git a/hosts/lolcathost/default.nix b/hosts/lolcathost/default.nix index 4119d78..1c9c270 100755 --- a/hosts/lolcathost/default.nix +++ b/hosts/lolcathost/default.nix @@ -296,12 +296,13 @@ in { # C Family gcc clang - clang-tools + clang-tools # Rust cargo rustc rustfmt + rust-analyzer # Go go # Nim @@ -310,12 +311,16 @@ in { # Haskell ghc ghcid + haskell-language-server ormolu # Nix + # TODO: once upgraded past Nix-24.07 this line won't be necessary (I think) + # helix will support nixd by default + # SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix + nixd # lsp for nix nix-prefetch-git nix-index - nix-unit deploy-rs # Python diff --git a/hosts/modules/bashistrans.nix b/hosts/modules/bashistrans.nix index e9d74ae..d3b285c 100644 --- a/hosts/modules/bashistrans.nix +++ b/hosts/modules/bashistrans.nix @@ -2,26 +2,22 @@ # I want to use fish as my login shell but it always goes terrible # cause it isn't POSIX compliant, so instead Bash is my login and # will just exec fish (^-^) - programs = { - fish.enable = true; + programs.bash = { + blesh.enable = false; # ble.sh replacement for GNU readline + completion.enable = true; - bash = { - blesh.enable = false; # ble.sh replacement for GNU readline - completion.enable = true; - - interactiveShellInit = '' - # help bash transition into a beautiful fish! - if [[ -z $CRY_BASH_IS_TRANS ]] + interactiveShellInit = '' + # help bash transition into a beautiful fish! + if [[ -z $CRY_BASH_IS_TRANS ]] + then + if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] then - if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]] - then - shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" - exec ${pkgs.fish}/bin/fish $LOGIN_OPTION - fi + shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION="" + exec ${pkgs.fish}/bin/fish $LOGIN_OPTION fi - # bash is trans now! (no more transitioning required) - export CRY_BASH_IS_TRANS=true - ''; - }; + fi + # bash is trans now! (no more transitioning required) + export CRY_BASH_IS_TRANS=true + ''; }; } diff --git a/hosts/myputer/default.nix b/hosts/myputer/default.nix index 60098b1..aecd7ce 100755 --- a/hosts/myputer/default.nix +++ b/hosts/myputer/default.nix @@ -307,9 +307,19 @@ in { # Haskell ghc ghcid + haskell-language-server ormolu # Java + # jdk17 + # (jre8.overrideAttrs + # (oldAttrs: { + # enableJavaFX = true; + # })) + # (jdk8.overrideAttrs + # (oldAttrs: { + # enableJavaFX = true; + # })) visualvm # Python @@ -347,6 +357,11 @@ in { tesseract # for my work with Agribit + # TODO: once upgraded past Nix-24.07 this line won't be necessary (I think) + # helix will support nixd by default + # SOURCE: https://github.com/nix-community/nixd/blob/main/nixd/docs/editor-setup.md#Helix + # nixd # lsp for nix # DEBUG + # Pretty necessary git git-filter-repo