{ config, pkgs, lib, ... }:
let
publicInboxCss = pkgs.runCommand "216light.css" {} ''
unpackFile ${pkgs.public-inbox.src}
cp */contrib/css/216light.css $out
'';
cgitCss = pkgs.runCommand "cgit-extra.css" {
licenseHeader = ''
/*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License v2 as published
* by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* See .
*/
'';
# Adapted from
# ,
# distributed as a Larger Work under a Secondary License,
# as permitted by the terms of the
# Mozilla Public License Version 2.0.
extraCss = ''
* { line-height: 1.25em; }
article {
font-family: sans-serif;
max-width: 70ch;
margin-left: auto;
margin-right: auto;
}
div#cgit {
margin: auto;
font-family: monospace;
-moz-tab-size: 4;
tab-size: 4;
display: table;
}
div#cgit table#header {
margin-left: auto;
margin-right: auto;
}
div#cgit table#header td.logo {
display: none;
}
div#cgit table#header td.main {
font-size: 1em;
font-weight: bold;
}
div#cgit table#header td.sub {
border-top: none;
}
div#cgit table.tabs {
margin-left: auto;
margin-right: auto;
border-bottom: none;
}
div#cgit div.content {
border-bottom: none;
min-width: 108ch;
}
div#cgit div.content div#summary {
display: table;
margin-left: auto;
margin-right: auto;
}
div#cgit div.notes {
border: none;
background: transparent;
padding: 0;
}
div#cgit table.list {
margin-left: auto;
margin-right: auto;
}
div#cgit table.list th a {
color: inherit;
}
div#cgit table.list tr:nth-child(even) {
background: inherit;
}
div#cgit table.list tr:hover {
background: inherit;
}
div#cgit table.list tr.nohover-highlight:hover:nth-child(even) {
background: inherit;
}
div#cgit div.footer {
font-size: 1em;
margin-top: 0;
}
div#cgit table.blob td.linenumbers:nth-last-child(3) {
display: none;
}
div#cgit table.blob td.linenumbers a:target {
color: goldenrod;
text-decoration: underline;
outline: none;
}
'';
passAsFile = [ "licenseHeader" "extraCss" ];
} ''
cat $licenseHeaderPath ${pkgs.cgit-pink}/cgit/cgit.css $extraCssPath > $out
'';
in
{
imports = [
../modules/server
../modules/server/acme
../modules/server/bitfolk
../modules/server/cgit
../modules/server/dns
../modules/server/ftp
../modules/server/git-http-backend
../modules/server/irc
../modules/server/nginx
../modules/server/nixpk.gs
../modules/server/spectrum
../modules/server/tor
../modules/server/xmpp
../modules/users
];
fileSystems = {
"/" = { device = "rpool/root"; fsType = "zfs"; neededForBoot = true; };
"/boot" = { device = "/dev/disk/by-partlabel/boot"; fsType = "ext4"; };
"/nix" = { device = "rpool/nix"; fsType = "zfs"; neededForBoot = true; };
"/var" = { device = "rpool/var"; fsType = "zfs"; };
"/home/qyliss" = { device = "rpool/home/qyliss"; fsType = "zfs"; };
"/root" = { device = "rpool/home/root"; fsType = "zfs"; };
};
boot.zfs.devNodes = "/dev";
swapDevices = [
{ device = "/dev/disk/by-uuid/49f18b74-5f6e-4e61-b569-f7cc9dc5c600"; }
];
nix.settings.max-jobs = 2;
boot.loader.grub.configurationLimit = 2;
boot.supportedFilesystems = [ "zfs" ];
networking.hostName = "atuin";
networking.hostId = "238d1961";
networking.domain = "qyliss.net";
networking.interfaces.eth0 = {
ipv4.addresses = [
{ address = "85.119.82.108"; prefixLength = 21; }
];
ipv6.addresses = [
{ address = "2001:ba8:1f1:f0bc::2"; prefixLength = 64; }
];
};
networking.defaultGateway = "85.119.80.1";
networking.defaultGateway6 = { address = "2001:ba8:1f1:f0bc::1"; };
boot.kernelPackages = with pkgs; linuxPackagesFor (linux.override {
structuredExtraConfig = with lib.kernel; {
KERNEL_XZ = yes;
KERNEL_ZSTD = lib.mkForce no;
};
});
boot.kernelParams = [ "zfs.zfs_arc_max=356515840" ];
networking.nat.enable = true;
networking.nat.externalInterface = "eth0";
networking.nat.internalInterfaces = [ "wg0" ];
networking.firewall.allowedUDPPorts = with config; [
networking.wireguard.interfaces.wg0.listenPort
];
networking.wireguard.interfaces = {
wg0 = {
ips = [ "10.172.171.1" ];
listenPort = 51820;
privateKeyFile = "/var/lib/wireguard/wg0/private";
peers = [
{
publicKey = "oQZ3fcb9LsnQj8sDYLHf1+hodnW4XEhsM0rNBgHROz8=";
allowedIPs = [ "10.172.171.2/32" ];
}
{
publicKey = "lu4ZxYq7qpkmIt8z0Q/wb5Y0Wc3fa0ui9wOWn/+xYxI=";
allowedIPs = [ "10.172.171.3/32" ];
}
{
publicKey = "ugHG/NOqM/9hde9EmWpu7XsCpjT3WQbjLK99IGHtdjQ=";
allowedIPs = [ "10.13.12.0/24" ];
endpoint = "95.216.98.55:51820";
}
];
};
};
security.acme.certs."qyliss.net" = {
webroot = "/var/lib/acme/acme-challenge";
extraDomainNames = [ "git.qyliss.net" ];
};
users.groups.acme.members = [ "nginx" ];
services.cgit.instances.qyliss = {
package = pkgs.cgit-pink;
vhost = "git.qyliss.net";
config = pkgs.writeText "cgit.conf" ''
clone-prefix=https://git.qyliss.net
css=/cgit.css
enable-blame=1
enable-commit-graph=1
enable-follow-links=1
enable-git-config=1
enable-index-owner=0
logo=
remove-suffix=1
root-desc=Alyssa Ross's personal Git repositories
root-title=git.qyliss.net
snapshots=all
about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh
source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py
virtual-root=/
scan-path=/home/qyliss/git
'';
};
services.git-http-backend.instances.qyliss = {
vhost = "git.qyliss.net";
projectRoot = "/home/qyliss/git";
};
services.nginx.virtualHosts."spectrum-os.org" = {
forceSSL = true;
useACMEHost = "spectrum-os.org";
locations = {
"/".root = "/home/spectrum/www";
"= /git/cgit.css".alias = cgitCss.outPath;
"= /lists/archives/public-inbox.css".alias = publicInboxCss.outPath;
"/lists/archives".proxyPass = "http://unix:/run/public-inbox-httpd.sock:/lists/archives";
"= /lists/archives".return = "301 /lists/archives/";
};
};
services.nginx.virtualHosts.default = {
serverName = null;
default = true;
forceSSL = true;
useACMEHost = "qyliss.net";
locations."/".return = "https://alyssa.is/";
locations."/dns-query".proxyPass = "http://[::1]:4448/";
};
services.nginx.virtualHosts."git.qyliss.net" = {
forceSSL = true;
useACMEHost = "qyliss.net";
locations = {
"= /cgit.css".alias = cgitCss.outPath;
};
};
users.groups.spectrum.members = [ "qyliss" ];
system.activationScripts.spectrum-home = lib.stringAfter [ "users" ] ''
install -g spectrum -m 2775 -d /home/spectrum
install -g spectrum -m 0775 -d /home/spectrum/git
'';
environment.systemPackages = with pkgs; [ cgit-pink git ];
services.tor.settings.AccountingMax = "50 GBytes";
services.tor.settings.AccountingStart = "day 12:00";
services.tor.settings.ORPort = [
{ addr = "[2001:ba8:1f1:f0bc::2]"; port = 143; }
];
system.stateVersion = "18.03";
}