diff --git a/default.nix b/default.nix index 47c528e..b42b9a8 100755 --- a/default.nix +++ b/default.nix @@ -12,12 +12,6 @@ in { ++ (mapModulesRec' (toString ./modules) import); nix = { - package = pkgs.nix; - - # flake registry and nix path pinning - nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; - registry.nixpkgs.flake = inputs.nixpkgs; - settings = { experimental-features = [ "nix-command" "flakes" ]; auto-optimise-store = true; @@ -32,20 +26,18 @@ in { }; }; - time.timeZone = mkDefault "America/Los_Angeles"; - - i18n.defaultLocale = mkDefault "en_US.UTF-8"; - - hardware.enableRedistributableFirmware = true; - environment.systemPackages = with pkgs; [ unrar unzip - micro curl wget - # im pretty sure removing this breaks nixos-rebuild - # have fun + # nixos-rebuild w/ flakes does not work without git + # do not remove this + # nix is awesome git ]; + time.timeZone = mkDefault "America/Los_Angeles"; + + i18n.defaultLocale = mkDefault "en_US.UTF-8"; + system.stateVersion = mkDefault "23.11"; } diff --git a/flake.lock b/flake.lock index 586528d..88e4268 100755 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1709485962, - "narHash": "sha256-rmFB4uE10+LJbcVE4ePgiuHOBlUIjQOeZt4VQVJTU8M=", + "lastModified": 1705535278, + "narHash": "sha256-V5+XKfNbiY0bLKLQlH+AXyhHttEL7XcZBH9iSbxxexA=", "owner": "nix-community", "repo": "home-manager", - "rev": "d579633ff9915a8f4058d5c439281097e92380a8", + "rev": "b84191db127c16a92cbdf7f7b9969d58bb456699", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1709237383, - "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", + "lastModified": 1705496572, + "narHash": "sha256-rPIe9G5EBLXdBdn9ilGc0nq082lzQd0xGGe092R/5QE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", + "rev": "842d9d80cfd4560648c785f8a4e6f3b096790e19", "type": "github" }, "original": { diff --git a/hosts/server/default.nix b/hosts/server/default.nix index 7608a91..cf0c096 100755 --- a/hosts/server/default.nix +++ b/hosts/server/default.nix @@ -10,10 +10,6 @@ in { users.groups.dotfiles = {}; - # HACK HACK HACK - services.logrotate.checkConfig = false; - # HACK HACK HACK - normalUsers = { reidlab = { conf = { @@ -52,7 +48,7 @@ in { mosh.enable = true; }; - security.useDoas = false; + security.useDoas = true; }; networking = { diff --git a/hosts/server/hardware-configuration.nix b/hosts/server/hardware-configuration.nix index b880e8d..8183581 100755 --- a/hosts/server/hardware-configuration.nix +++ b/hosts/server/hardware-configuration.nix @@ -9,11 +9,12 @@ boot = { initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ]; initrd.kernelModules = [ ]; - kernelPackages = pkgs.linuxPackages_latest; + kernelPackages = pkgs.linuxPackages_hardened; kernelModules = [ ]; loader = { - # use u-boot over grub + # zigglebop 👽 grub.enable = lib.mkForce false; + generic-extlinux-compatible.enable = true; }; }; diff --git a/modules/services/forgejo.nix b/modules/services/forgejo.nix index 73b3e31..4743b4c 100755 --- a/modules/services/forgejo.nix +++ b/modules/services/forgejo.nix @@ -20,18 +20,24 @@ in { type = types.int; default = 3000; }; + package = mkOption { + type = types.package; + default = pkgs.forgejo; + }; }; config = mkIf cfg.enable { services = { - forgejo = { + gitea = { enable = true; + package = cfg.package; stateDir = "/var/lib/${cfg.domain}"; - database.type = "postgres"; + appName = "reidlab's git instance"; + database = { + type = "postgres"; + name = "gitea"; + }; settings = { - "DEFAULT" = { - APP_NAME = "reidlab's git instance"; - }; "security" = { INSTALL_LOCK = true; PASSWORD_HASH_ALGO = "argon2"; @@ -84,11 +90,11 @@ in { }; }; - systemd.services.forgejo = { + systemd.services.gitea = { preStart = mkAfter '' - rm -rf ${config.services.forgejo.customDir}/public/assets - mkdir -p ${config.services.forgejo.customDir}/public/assets - ln -sf ${theme} ${config.services.forgejo.customDir}/public/assets/css + rm -rf ${config.services.gitea.customDir}/public/assets + mkdir -p ${config.services.gitea.customDir}/public/assets + ln -sf ${theme} ${config.services.gitea.customDir}/public/assets/css ''; }; }; diff --git a/readme.md b/readme.md index 5db5b04..955a65a 100755 --- a/readme.md +++ b/readme.md @@ -1,18 +1,16 @@ # flake-o-rama -nix flake config! this is just used on my personal server at the moment - -please do not use this as a learning resource for nix as i have essentially zero clue what i'm doing +nix flake dotfilez!! this is used on personal server ## users -this flake is built for a multi-user experience per host, enforced by `modules/user.nix`, and found in the `default.nix` file for each host. +this flake is built for a multi-user experience per host, enforced my `modules/user.nix`, and found in the `default.nix` file for each host. as this is a multi-user setup, the `dotfiles` group will be used for read and write access to the flake ## development -to build the system, run `sudo nixos-rebuild switch --flake .#server` +to build the system, run `sudo nixos-rebuild switch --flake ".#server"` please periodically run `nix flake update` to make sure we arent slacking on package versions @@ -20,8 +18,7 @@ before committing, please run `nix flake check` and make sure everything is ok ## todo -- remove the lua static stuff from nginx + maybe cloudflare ips too +- remove the lua static stuff from nginx + the cf ip - per-host architecture selection, atm it is hardcoded to `aarch64` -- some weird perl error abt locales when building using doas - `keepEnv` might fix this +- some weird perl error abt locales when building??? it only happened after the big lib update. help me - leverage nixos-hardware -- somehow add desktop evironments and per-user dotfiles while keeping a multi-user setup