diff --git a/boxes/netbox/default.nix b/boxes/netbox/default.nix index 0f5fcf2..ce56bad 100644 --- a/boxes/netbox/default.nix +++ b/boxes/netbox/default.nix @@ -1,6 +1,114 @@ { lib, config, pkgs, ... }: -{ +let + cgitrc = pkgs.writeText "cgitrc" '' + css=/static/cgit.css + logo=/static/logo.png + favicon=/static/favicon.ico + root-title=beepboop.systems + root-desc=quality git hosting + + readme=:README + readme=:readme + readme=:readme.txt + readme=:README.txt + readme=:readme.md + readme=:README.md + + remove-suffix=1 + section-from-path=1 + + section-sort=0 + + section=meta + + repo.url=about + repo.path=/doesnt/exist + repo.desc=about this site + + section=other services at beepboop.systems + + repo.url=bitwarden + repo.path=/doesnt/exist + repo.desc=a simple password manager + + repo.url=radicale + repo.path=/doesnt/exist + repo.desc=a simple calendar server + + repo.url=roundcube + repo.path=/doesnt/exist + repo.desc=mail.beepboop.systems webmail + + repo.url=gitea + repo.path=/doesnt/exist + repo.desc=real git hosting services (until this one is fully operational) + + section=projects + + repo.url=advent + repo.path=/var/lib/git/advent + repo.desc=advent of code solutions + + repo.url=desmos-computer + repo.path=/var/lib/git/desmos-computer + repo.desc=a minimal ISA implemented in the Desmos graphing calculator + + repo.url=dot_testing + repo.path=/var/lib/git/dot_testing + repo.desc=configuration files for NixOS/GNU+Linux boxes + + repo.url=esgd + repo.path=/var/lib/git/esgd + repo.desc=the exceedingly simple gopher daemon + + repo.url=mail-sync + repo.path=/var/lib/git/mail-sync + repo.desc=synchronize mail from walled gardens + + repo.url=mastosnake + repo.path=/var/lib/git/mastosnake + repo.desc=a low quality clone of Twitter Plays Snake + + repo.url=secmsg + repo.path=/var/lib/git/secmsg + repo.desc=a stupid (in)secure messaging client thing + + repo.url=ultimate + repo.path=/var/lib/git/ultimate + repo.desc=ultimate tic tac toe solving engine + + repo.url=wordlefish + repo.path=/var/lib/git/wordlefish + repo.desc=use information theory to solve wordle puzzles + + section=irc robots + + repo.url=botanybot + repo.path=/var/lib/git/botanybot + repo.desc=water bots on ~.club + + repo.url=coinminer + repo.path=/var/lib/git/coinminer + repo.desc=mine fake coins on irc + + repo.url=chaosbot + repo.path=/var/lib/git/chaosbot + repo.desc=robot to protect a user on chaos + + repo.url=modbot + repo.path=/var/lib/git/modbot + repo.desc=modular irc robot + + repo.url=pychaos + repo.path=/var/lib/git/pychaos + repo.desc=python chaos bot + + repo.url=universalducks + repo.path=/var/lib/git/universalducks + repo.desc=cross channel irc ducks + ''; +in { imports = [ ./hardware-configuration.nix @@ -25,6 +133,7 @@ dig htop gnumake + neovim ]; system.copySystemConfiguration = true; @@ -32,22 +141,19 @@ boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/vda"; -# services.cgit = { -# "beepboop.systems" = { -# extraConfig = '' -# root-desc="testing" -# -# section=main -# repo.url=dot_testing -# repo.path=/var/lib/git/dot_testing -# repo.desc=configuration for NixOS/Linux systems -# repo.owner=rndusr -# -# readme=:README.md -# ''; -# enable = true; -# }; -# }; + # cgit + users = { + groups.git = { }; + users.git = { + createHome = true; + home = /var/lib/git; + isSystemUser = true; + shell = "${pkgs.git}/bin/git-shell"; + group = "git"; + }; + }; + + services.fcgiwrap = { enable = true; user = "git"; group = "git"; }; networking.hostName = "netbox"; @@ -177,12 +283,54 @@ forceSSL = true; enableACME = true; root = "/var/www/beepboop.systems"; - }; - services.nginx.virtualHosts."webhooks.beepboop.systems" = { - forceSSL = true; - enableACME = true; - root = "/var/www/webhooks.beepboop.systems"; + locations."~* ^/static/(.+.(ico|css))$" = { + extraConfig = '' + alias ${pkgs.cgit}/cgit/$1; + ''; + }; + locations."/static/logo.png" = { + extraConfig = '' + try_files /icon.png /icon.png; + ''; + }; + locations."/about" = { + extraConfig = '' + try_files /about.html /about.html; + ''; + }; + locations."/bitwarden" = { + extraConfig = '' + return 301 https://bit.beepboop.systems; + ''; + }; + locations."/gitea" = { + extraConfig = '' + return 301 https://git.beepboop.systems/rndusr; + ''; + }; + locations."/radicale" = { + extraConfig = '' + return 301 https://cal.beepboop.systems; + ''; + }; + locations."/roundcube" = { + extraConfig = '' + return 301 https://mail.beepboop.systems; + ''; + }; + locations."/" = { + extraConfig = '' + include ${pkgs.nginx}/conf/fastcgi_params; + fastcgi_param CGIT_CONFIG ${cgitrc}; + fastcgi_param SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi; + fastcgi_split_path_info ^(/?)(.+)$; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + ''; + }; }; services.nginx.virtualHosts."git.beepboop.systems" = { @@ -241,19 +389,19 @@ email = "nickforanick@protonmail.com"; }; -# services.roundcube = { -# enable = true; -# # this is the url of the vhost, not necessarily the same as the fqdn of -# # the mailserver -# hostName = "cube.beepboop.systems"; -# extraConfig = '' -# # starttls needed for authentication, so the fqdn required to match -# # the certificate -# $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; -# $config['smtp_user'] = "%u"; -# $config['smtp_pass'] = "%p"; -# ''; -# }; + services.roundcube = { + enable = true; + # this is the url of the vhost, not necessarily the same as the fqdn of + # the mailserver + hostName = "cube.beepboop.systems"; + extraConfig = '' + # starttls needed for authentication, so the fqdn required to match + # the certificate + $config['smtp_server'] = "tls://${config.mailserver.fqdn}"; + $config['smtp_user'] = "%u"; + $config['smtp_pass'] = "%p"; + ''; + }; services.nginx.virtualHosts."roundcube.beepboop.systems" = { forceSSL = true; diff --git a/flake.lock b/flake.lock index b3fb119..620ce71 100644 --- a/flake.lock +++ b/flake.lock @@ -25,11 +25,11 @@ }, "locked": { "dir": "pkgs/firefox-addons", - "lastModified": 1705534402, - "narHash": "sha256-mOWT45HLd8dm8FJNmrgngotE5NRJ+2arz65m1Kk0LBA=", + "lastModified": 1705709716, + "narHash": "sha256-YJdWSN3ra0FsAQT5PXe7uXxMeAXxTR+SY/wVOO1c6Bs=", "owner": "rycee", "repo": "nur-expressions", - "rev": "6a928ce99e4ccb09e59c1f58052bd65027249c8a", + "rev": "d7ad3362283fced58410547650be31e37f9d0f41", "type": "gitlab" }, "original": { @@ -77,11 +77,11 @@ ] }, "locked": { - "lastModified": 1705476964, - "narHash": "sha256-W5OK1fnj4qdn1HWOlxV2S3YiUvfaVjQM5ldWVpGV1fs=", + "lastModified": 1705659542, + "narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "85c3b600f660abd86e94cbcd1c46733943197a07", + "rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9", "type": "github" }, "original": { @@ -93,11 +93,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1705331948, - "narHash": "sha256-qjQXfvrAT1/RKDFAMdl8Hw3m4tLVvMCc8fMqzJv0pP4=", + "lastModified": 1705641746, + "narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b8dd8be3c790215716e7c12b247f45ca525867e2", + "rev": "d2003f2223cbb8cd95134e4a0541beea215c1073", "type": "github" }, "original": { @@ -209,12 +209,12 @@ }, "locked": { "lastModified": 1, - "narHash": "sha256-wGl3ZnqjhpAEpTkzgjWxgsbmGX9c7TPCM4I0okuOYFE=", - "path": "/nix/store/6nljlgsf56x9pglryla3l480awympq84-source/builds", + "narHash": "sha256-5xUIhLgUWLJ08JmAOugcD2ut0pNNDzoBOJmcoHA5yAg=", + "path": "/nix/store/dz347nzxk63b999sm3cb7k450f90xzlq-source/builds", "type": "path" }, "original": { - "path": "/nix/store/6nljlgsf56x9pglryla3l480awympq84-source/builds", + "path": "/nix/store/dz347nzxk63b999sm3cb7k450f90xzlq-source/builds", "type": "path" } }, diff --git a/modules/x11.nix b/modules/x11.nix index 237fe24..fc4b9cf 100644 --- a/modules/x11.nix +++ b/modules/x11.nix @@ -2,7 +2,6 @@ { imports = [ - ./polybar.nix ./gnupg.nix ./fonts.nix ./pulse.nix