From 497c3cd7864fdbcc546408d6d86ebfad37aa9b78 Mon Sep 17 00:00:00 2001 From: sefidel Date: Wed, 24 Jan 2024 19:18:11 +0900 Subject: wip: try to use infra-modules --- default.nix | 39 +- flake.lock | 129 +++- flake.nix | 11 +- modules/README.md | 9 - modules/cachix/caches/nix-community.nix | 12 - modules/cachix/default.nix | 23 - modules/flakes.nix | 36 - modules/nix.nix | 34 - modules/persistence.nix | 47 -- modules/security.nix | 69 -- modules/services/_template.nix | 13 - modules/services/acme.nix | 52 -- modules/services/akkoma/blocklist.toml | 164 ----- modules/services/akkoma/default.nix | 102 --- modules/services/akkoma/favicon-withbg.png | Bin 17371 -> 0 bytes modules/services/akkoma/favicon.png | Bin 16693 -> 0 bytes modules/services/akkoma/logo.png | Bin 1304 -> 0 bytes modules/services/akkoma/logo.svg | 71 -- modules/services/akkoma/robots.txt | 2 - modules/services/akkoma/terms-of-service.html | 26 - modules/services/authentik.nix | 69 -- modules/services/backup.nix | 81 --- modules/services/cgit/cgit-exotic.css | 953 -------------------------- modules/services/cgit/default.nix | 129 ---- modules/services/cinny-web.nix | 34 - modules/services/coredns/_corefile.nix | 3 - modules/services/coredns/default.nix | 18 - modules/services/coturn.nix | 64 -- modules/services/dovecot.nix | 18 - modules/services/element-web.nix | 47 -- modules/services/fail2ban.nix | 20 - modules/services/git-daemon.nix | 29 - modules/services/gitolite/default.nix | 110 --- modules/services/gitolite/fix-refs | 9 - modules/services/gitolite/post-receive | 19 - modules/services/gitolite/rename | 63 -- modules/services/jitsi.nix | 43 -- modules/services/ldap.nix | 76 -- modules/services/matrix-bridge.nix | 390 ----------- modules/services/matrix-homeserver.nix | 190 ----- modules/services/matrix-moderation.nix | 58 -- modules/services/metrics.nix | 169 ----- modules/services/nebula.nix | 18 - modules/services/nginx.nix | 37 - modules/services/nixos-mailserver.nix | 159 ----- modules/services/obsidian-livesync.nix | 63 -- modules/services/postgresql.nix | 34 - modules/services/rss.nix | 64 -- modules/services/searx.nix | 50 -- modules/services/sefidel-web.nix | 26 - modules/services/soju.nix | 48 -- modules/services/tailscale.nix | 22 - modules/services/vikunja.nix | 50 -- modules/sops.nix | 21 - 54 files changed, 164 insertions(+), 3859 deletions(-) delete mode 100644 modules/README.md delete mode 100644 modules/cachix/caches/nix-community.nix delete mode 100644 modules/cachix/default.nix delete mode 100644 modules/flakes.nix delete mode 100644 modules/nix.nix delete mode 100644 modules/persistence.nix delete mode 100644 modules/security.nix delete mode 100644 modules/services/_template.nix delete mode 100644 modules/services/acme.nix delete mode 100644 modules/services/akkoma/blocklist.toml delete mode 100644 modules/services/akkoma/default.nix delete mode 100644 modules/services/akkoma/favicon-withbg.png delete mode 100644 modules/services/akkoma/favicon.png delete mode 100644 modules/services/akkoma/logo.png delete mode 100644 modules/services/akkoma/logo.svg delete mode 100644 modules/services/akkoma/robots.txt delete mode 100644 modules/services/akkoma/terms-of-service.html delete mode 100644 modules/services/authentik.nix delete mode 100644 modules/services/backup.nix delete mode 100644 modules/services/cgit/cgit-exotic.css delete mode 100644 modules/services/cgit/default.nix delete mode 100644 modules/services/cinny-web.nix delete mode 100644 modules/services/coredns/_corefile.nix delete mode 100644 modules/services/coredns/default.nix delete mode 100644 modules/services/coturn.nix delete mode 100644 modules/services/dovecot.nix delete mode 100644 modules/services/element-web.nix delete mode 100644 modules/services/fail2ban.nix delete mode 100644 modules/services/git-daemon.nix delete mode 100644 modules/services/gitolite/default.nix delete mode 100644 modules/services/gitolite/fix-refs delete mode 100644 modules/services/gitolite/post-receive delete mode 100644 modules/services/gitolite/rename delete mode 100644 modules/services/jitsi.nix delete mode 100644 modules/services/ldap.nix delete mode 100644 modules/services/matrix-bridge.nix delete mode 100644 modules/services/matrix-homeserver.nix delete mode 100644 modules/services/matrix-moderation.nix delete mode 100644 modules/services/metrics.nix delete mode 100644 modules/services/nebula.nix delete mode 100644 modules/services/nginx.nix delete mode 100644 modules/services/nixos-mailserver.nix delete mode 100644 modules/services/obsidian-livesync.nix delete mode 100644 modules/services/postgresql.nix delete mode 100644 modules/services/rss.nix delete mode 100644 modules/services/searx.nix delete mode 100644 modules/services/sefidel-web.nix delete mode 100644 modules/services/soju.nix delete mode 100644 modules/services/tailscale.nix delete mode 100644 modules/services/vikunja.nix delete mode 100644 modules/sops.nix diff --git a/default.nix b/default.nix index 63f1796..e26e166 100644 --- a/default.nix +++ b/default.nix @@ -2,7 +2,44 @@ with lib; with lib.my; { - imports = mapModulesRec' (toString ./modules) import; + imports = with inputs.infra-modules.nixosModules; [ + nix + flakes + security + sops + flakes + cachix + services.acme + services.akkoma + services.authentik + services.backup + services.cgit + services.cinny-web + services.coredns + services.coturn + services.dovecot + services.element-web + services.fail2ban + services.git-daemon + services.gitolite + services.jitsi + services.ldap + services.matrix-bridge + services.matrix-homeserver + services.matrix-moderation + services.metrics + services.nebula + services.nginx + services.nixos-mailserver + services.obsidian-livesync + services.postgresql + services.rss + services.searx + services.sefidel-web + services.soju + services.tailscale + services.vikunja + ]; networking.useDHCP = mkDefault false; } diff --git a/flake.lock b/flake.lock index abdd148..e61ed2b 100644 --- a/flake.lock +++ b/flake.lock @@ -8,6 +8,7 @@ "flake-utils": "flake-utils", "napalm": "napalm", "nixpkgs": [ + "infra-modules", "unstable" ], "nixpkgs-23-05": "nixpkgs-23-05", @@ -143,6 +144,21 @@ "type": "github" } }, + "flake-utils_3": { + "locked": { + "lastModified": 1667395993, + "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "impermanence": { "locked": { "lastModified": 1703656108, @@ -158,13 +174,40 @@ "type": "github" } }, + "infra-modules": { + "inputs": { + "authentik-nix": "authentik-nix", + "impermanence": "impermanence", + "nixos-mailserver": "nixos-mailserver", + "sefidel-web": "sefidel-web", + "sops-nix": "sops-nix", + "unstable": [ + "unstable" + ] + }, + "locked": { + "lastModified": 1706090394, + "narHash": "sha256-vRBUWkZVMkkRb7Hk9BD+dgzvXB50Ip4rflT9P9iiY2A=", + "ref": "refs/heads/main", + "rev": "8e9b074467006c76768efe04cf1fb1ef9d652c67", + "revCount": 1, + "type": "git", + "url": "https://git.exotic.sh/infra-modules" + }, + "original": { + "type": "git", + "url": "https://git.exotic.sh/infra-modules" + } + }, "napalm": { "inputs": { "flake-utils": [ + "infra-modules", "authentik-nix", "flake-utils" ], "nixpkgs": [ + "infra-modules", "authentik-nix", "nixpkgs" ] @@ -186,6 +229,7 @@ "nix-github-actions": { "inputs": { "nixpkgs": [ + "infra-modules", "authentik-nix", "poetry2nix", "nixpkgs" @@ -210,6 +254,7 @@ "blobs": "blobs", "flake-compat": "flake-compat_2", "nixpkgs": [ + "infra-modules", "unstable" ], "nixpkgs-22_11": "nixpkgs-22_11", @@ -342,14 +387,48 @@ "type": "github" } }, + "nixpkgs-stable_2": { + "locked": { + "lastModified": 1704290814, + "narHash": "sha256-LWvKHp7kGxk/GEtlrGYV68qIvPHkU9iToomNFGagixU=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "70bdadeb94ffc8806c0570eb5c2695ad29f0e421", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "release-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1673606088, + "narHash": "sha256-wdYD41UwNwPhTdMaG0AIe7fE1bAdyHe6bB4HLUqUvck=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "37b97ae3dd714de9a17923d004a2c5b5543dfa6d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "poetry2nix": { "inputs": { "flake-utils": [ + "infra-modules", "authentik-nix", "flake-utils" ], "nix-github-actions": "nix-github-actions", "nixpkgs": [ + "infra-modules", "authentik-nix", "nixpkgs" ], @@ -372,12 +451,10 @@ }, "root": { "inputs": { - "authentik-nix": "authentik-nix", - "impermanence": "impermanence", - "nixos-mailserver": "nixos-mailserver", + "infra-modules": "infra-modules", "nixpkgs-2111": "nixpkgs-2111", - "sefidel-web": "sefidel-web", - "sops-nix": "sops-nix", + "sefidel-web": "sefidel-web_2", + "sops-nix": "sops-nix_2", "unstable": "unstable", "unstable-small": "unstable-small" } @@ -401,9 +478,29 @@ "url": "https://git.exotic.sh/pub/sefidel/sefidel-web" } }, + "sefidel-web_2": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1696069380, + "narHash": "sha256-KKTX1XKGnglV+vGbvKjduT2QjE2snbyy8R7nNuXvnMc=", + "ref": "refs/heads/main", + "rev": "305ee346ca81883de4fc6575460021a57cacefeb", + "revCount": 6, + "type": "git", + "url": "https://git.exotic.sh/pub/sefidel/sefidel-web" + }, + "original": { + "type": "git", + "url": "https://git.exotic.sh/pub/sefidel/sefidel-web" + } + }, "sops-nix": { "inputs": { "nixpkgs": [ + "infra-modules", "unstable" ], "nixpkgs-stable": "nixpkgs-stable" @@ -422,6 +519,27 @@ "type": "github" } }, + "sops-nix_2": { + "inputs": { + "nixpkgs": [ + "unstable" + ], + "nixpkgs-stable": "nixpkgs-stable_2" + }, + "locked": { + "lastModified": 1704908274, + "narHash": "sha256-74W9Yyomv3COGRmKi8zvyA5tL2KLiVkBeaYmYLjXyOw=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "c0b3a5af90fae3ba95645bbf85d2b64880addd76", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1681028828, @@ -454,6 +572,7 @@ "treefmt-nix": { "inputs": { "nixpkgs": [ + "infra-modules", "authentik-nix", "poetry2nix", "nixpkgs" diff --git a/flake.nix b/flake.nix index c0da437..a28c4c3 100644 --- a/flake.nix +++ b/flake.nix @@ -6,16 +6,11 @@ unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-2111.url = "github:nixos/nixpkgs/nixos-21.11"; - impermanence.url = "github:nix-community/impermanence"; - - authentik-nix.url = "github:nix-community/authentik-nix"; - authentik-nix.inputs.nixpkgs.follows = "unstable"; - sops-nix.url = "github:Mic92/sops-nix"; sops-nix.inputs.nixpkgs.follows = "unstable"; - nixos-mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver"; - nixos-mailserver.inputs.nixpkgs.follows = "unstable"; + infra-modules.url = "git+https://git.exotic.sh/infra-modules"; + infra-modules.inputs.unstable.follows = "unstable"; sefidel-web.url = "git+https://git.exotic.sh/pub/sefidel/sefidel-web"; }; @@ -34,8 +29,6 @@ { lib = lib.my; - nixosModules = mapModulesRec ./modules import; - colmena = { meta = { nixpkgs = import unstable { inherit system; overlays = [ (import ./overlays) ]; }; diff --git a/modules/README.md b/modules/README.md deleted file mode 100644 index 25031dc..0000000 --- a/modules/README.md +++ /dev/null @@ -1,9 +0,0 @@ -infra->modules -============== - -This is all the modules used to configure our systems based on its purposes. - -As of now, it doesn't have any clear "naming convention", but generally it's -`` for a module configuring one thing, `` otherwise. - -e.g) `dendrite` -> `dendrite`, `prometheus`, `grafana` -> `metrics` diff --git a/modules/cachix/caches/nix-community.nix b/modules/cachix/caches/nix-community.nix deleted file mode 100644 index d323939..0000000 --- a/modules/cachix/caches/nix-community.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, lib, ... }: - -{ - nix.settings = { - substituters = [ - "https://nix-community.cachix.org" - ]; - trusted-public-keys = [ - "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" - ]; - }; -} diff --git a/modules/cachix/default.nix b/modules/cachix/default.nix deleted file mode 100644 index 5222457..0000000 --- a/modules/cachix/default.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, pkgs, lib, ... }: - -with lib; -let - cfg = config.modules.cachix; - - folder = ./caches; - toImport = name: value: folder + ("/" + name); - filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key; - imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder)); -in -{ - inherit imports; - - options.modules.cachix = { - enable = mkEnableOption "cachix"; - }; - - config = mkIf cfg.enable { - nix.settings.substituters = [ "https://cache.nixos.org/" ]; - environment.systemPackages = [ pkgs.cachix ]; - }; -} diff --git a/modules/flakes.nix b/modules/flakes.nix deleted file mode 100644 index 4297fda..0000000 --- a/modules/flakes.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, inputs, pkgs, lib, ... }: - -with lib; -let - base = "/etc/nixpkgs/channels"; - nixpkgsPath = "${base}/nixpkgs"; - nixpkgsSmallPath = "${base}/nixpkgsSmall"; - nixpkgs2111Path = "${base}/nixpkgs2111"; -in -{ - options.nix.flakes.enable = mkEnableOption "nix flakes"; - - config = lib.mkIf config.nix.flakes.enable { - nix = { - package = pkgs.nixUnstable; - experimentalFeatures = "nix-command flakes"; - - registry.nixpkgs.flake = inputs.unstable; - registry.nixpkgsSmall.flake = inputs.unstable-small; - registry.nixpkgs2111.flake = inputs.nixpkgs-2111; - - nixPath = [ - "nixpkgs=${nixpkgsPath}" - "nixpkgsSmall=${nixpkgsSmallPath}" - "nixpkgs2111=${nixpkgs2111Path}" - "/nix/var/nix/profiles/per-user/root/channels" - ]; - }; - - systemd.tmpfiles.rules = [ - "L+ ${nixpkgsPath} - - - - ${inputs.unstable}" - "L+ ${nixpkgsSmallPath} - - - - ${inputs.unstable-small}" - "L+ ${nixpkgs2111Path} - - - - ${inputs.nixpkgs-2111}" - ]; - }; -} diff --git a/modules/nix.nix b/modules/nix.nix deleted file mode 100644 index 8396739..0000000 --- a/modules/nix.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config, lib, ... }: - -let - allowed = config.nix.allowedUnfree; -in -{ - options.nix = { - experimentalFeatures = lib.mkOption { - type = lib.types.separatedString " "; - default = ""; - description = '' - Enables experimental features - ''; - }; - - allowedUnfree = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ ]; - description = '' - Allows for unfree packages by their name. - ''; - }; - }; - - config = lib.mkMerge [ - (lib.mkIf (config.nix.experimentalFeatures != "") { nix.extraOptions = "experimental-features = ${config.nix.experimentalFeatures}"; }) - (lib.mkIf (allowed != [ ]) { nixpkgs.config.allowUnfreePredicate = (pkg: __elem (lib.getName pkg) allowed); }) - { nix.settings.auto-optimise-store = lib.mkDefault true; } - { - nix.gc.automatic = lib.mkDefault true; - nix.gc.options = lib.mkDefault "--delete-older-than 10d"; - } - ]; -} diff --git a/modules/persistence.nix b/modules/persistence.nix deleted file mode 100644 index e7a8e90..0000000 --- a/modules/persistence.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ config, inputs, lib, ... }: - - -with lib; -let - cfg = config.modules.persistence; -in -{ - imports = [ - inputs.impermanence.nixosModules.impermanence - ]; - - options.modules.persistence = { - enable = mkEnableOption "impermanence persistence"; - - storagePath = lib.mkOption { - type = types.path; - description = '' - The path to persistent storage where the real - files and directories should be stored. - ''; - }; - - directories = mkOption { - type = types.listOf types.str; - default = [ ]; - }; - }; - - config = mkIf cfg.enable { - fileSystems.${cfg.storagePath}.neededForBoot = true; - - environment.persistence.${cfg.storagePath}.directories = cfg.directories; - - services.openssh.hostKeys = [ - { - path = "${cfg.storagePath}/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - { - path = "${cfg.storagePath}/ssh/ssh_host_rsa_key"; - type = "rsa"; - bits = 4096; - } - ]; - }; -} diff --git a/modules/security.nix b/modules/security.nix deleted file mode 100644 index d345757..0000000 --- a/modules/security.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ config, lib, ... }: - -with lib; -let - cfg = config.modules.security; -in -{ - options.modules.security = { - enable = mkEnableOption "Security-related system tweaks"; - }; - - config = mkIf cfg.enable { - # Security-related system tweaks - - # Prevent replacing the running kernel without reboot. - security.protectKernelImage = true; - - # mount /tmp in ram. This makes temp file management faster - # on ssd systems, and volatile! Because it's wiped on reboot. - boot.tmp.useTmpfs = false; - boot.tmp.tmpfsSize = "80%"; - - # Purge /tmp on boot. (fallback option) - boot.tmp.cleanOnBoot = lib.mkDefault (!config.boot.tmp.useTmpfs); - - boot.kernel.sysctl = { - # The Magic SysRq key is a key combo that allows users connected to the - # system console of a Linux kernel to perform some low-level commands. - # Disable it, since we don't need it, and is a potential security concern. - "kernel.sysrq" = 0; - - ## TCP hardening - # Prevent bogus ICMP errors from filling up logs. - "net.ipv4.icmp_ignore_bogus_error_responses" = 1; - # Reverse path filtering causes the kernel to do source validation of - # packets received from all interfaces. This can mitigate IP spoofing. - "net.ipv4.conf.default.rp_filter" = 1; - "net.ipv4.conf.all.rp_filter" = 1; - # Do not accept IP source route packets (we're not a router) - "net.ipv4.conf.all.accept_source_route" = 0; - "net.ipv6.conf.all.accept_source_route" = 0; - # Don't send ICMP redirects (again, we're on a router) - "net.ipv4.conf.all.send_redirects" = 0; - "net.ipv4.conf.default.send_redirects" = 0; - # Refuse ICMP redirects (MITM mitigations) - "net.ipv4.conf.all.accept_redirects" = 0; - "net.ipv4.conf.default.accept_redirects" = 0; - "net.ipv4.conf.all.secure_redirects" = 0; - "net.ipv4.conf.default.secure_redirects" = 0; - "net.ipv6.conf.all.accept_redirects" = 0; - "net.ipv6.conf.default.accept_redirects" = 0; - # Protects against SYN flood attacks - "net.ipv4.tcp_syncookies" = 1; - # Incomplete protection again TIME-WAIT assassination - "net.ipv4.tcp_rfc1337" = 1; - - ## TCP optimization - # TCP Fast Open is a TCP extension that reduces network latency by packing - # data in the sender’s initial TCP SYN. Setting 3 = enable TCP Fast Open for - # both incoming and outgoing connections: - "net.ipv4.tcp_fastopen" = 3; - # Bufferbloat mitigations + slight improvement in throughput & latency - "net.ipv4.tcp_congestion_control" = "bbr"; - "net.core.default_qdisc" = "cake"; - }; - - boot.kernelModules = [ "tcp_bbr" ]; - }; -} diff --git a/modules/services/_template.nix b/modules/services/_template.nix deleted file mode 100644 index 26634a4..0000000 --- a/modules/services/_template.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, lib, ... }: - -with lib; -let - cfg = config.modules.services._template; -in -{ - options.modules.services._template = { - enable = mkEnableOption ""; - }; - - config = mkIf cfg.enable { }; -} diff --git a/modules/services/acme.nix b/modules/services/acme.nix deleted file mode 100644 index b3ebb26..0000000 --- a/modules/services/acme.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ config, lib, ... }: - -with lib; -let - cfg = config.modules.services.acme; -in -{ - options.modules.services.acme = { - enable = mkEnableOption "ACME certificate manager"; - email = mkOption { - type = types.str; - description = mdDoc '' - The postmaster email address to use. - ''; - }; - certs = mkOption { - type = types.attrsOf - (types.submodule { - options = { - domain = mkOption { - type = types.nullOr types.str; - default = null; - }; - subDomains = mkOption { type = types.listOf types.str; }; - }; - }); - }; - secrets.acme-credentials = mkOption { type = types.str; description = "path to the acme environment file"; }; - }; - - config = mkIf cfg.enable { - security.acme = { - acceptTerms = true; - defaults.email = cfg.email; - certs = mapAttrs - (name: { domain, subDomains }: { - extraDomainNames = lists.forEach subDomains (elem: elem + ".${name}"); - } // { - dnsProvider = "cloudflare"; - dnsPropagationCheck = true; - credentialsFile = cfg.secrets.acme-credentials; - } // optionalAttrs (domain != null) { - domain = domain; - }) - cfg.certs; - }; - - modules.persistence.directories = [ - "/var/lib/acme" - ]; - }; -} diff --git a/modules/services/akkoma/blocklist.toml b/modules/services/akkoma/blocklist.toml deleted file mode 100644 index d8f53af..0000000 --- a/modules/services/akkoma/blocklist.toml +++ /dev/null @@ -1,164 +0,0 @@ -[followers_only] - -[media_nsfw] - -[reject] -"*.tk" = "Free TLD" -"*.ml" = "Free TLD" -"*.ga" = "Free TLD" -"*.cf" = "Free TLD" -"*.gq" = "Free TLD" -# Reject list from chaos.social at 2023-02-06 -"activitypub-proxy.cf" = "Only exists to evade instance blocks, details" -"activitypub-troll.cf" = "Spam" -"aethy.com" = "Lolicon" -"bae.st" = "Discrimination, racism, “free speech zone”" -"baraag.net" = "Lolicon" -"banepo.st" = "Homophobia" -"beefyboys.club" = "Discrimination, racism, “free speech zone”" -"beefyboys.win" = "Discrimination, racism, “free speech zone”" -"beta.birdsite.live" = "Twitter crossposter" -"birb.elfenban.de" = "Twitter crossposter" -"bird.evilcyberhacker.net" = "Twitter crossposter" -"bird.froth.zone" = "Twitter crossposter" -"bird.geiger.ee" = "Twitter crossposter" -"bird.im-in.space" = "Twitter crossposter" -"bird.istheguy.com" = "Twitter crossposter" -"bird.karatek.net" = "Twitter crossposter" -"bird.makeup" = "Twitter crossposter" -"bird.nzbr.de" = "Twitter crossposter" -"bird.r669.live" = "Twitter crossposter" -"bird.seafoam.space" = "Twitter crossposter" -"birdbots.leptonics.com" = "Twitter crossposter" -"birdsite.b93.dece.space" = "Twitter crossposter" -"birdsite.blazelights.dev" = "Twitter crossposter" -"birdsite.frog.fashion" = "Twitter crossposter" -"birdsite.gabeappleton.me" = "Twitter crossposter" -"birdsite.james.moody.name" = "Twitter crossposter" -"birdsite.koyu.space" = "Twitter crossposter" -"birdsite.lakedrops.com" = "Twitter crossposter" -"birdsite.link" = "Twitter crossposter" -"birdsite.monster" = "Twitter crossposter" -"birdsite.oliviaappleton.com" = "Twitter crossposter" -"birdsite.platypush.tech" = "Twitter crossposter" -"birdsite.slashdev.space" = "Twitter crossposter" -"birdsite.tcjc.uk" = "Twitter crossposter" -"birdsite.thorlaksson.com" = "Twitter crossposter" -"birdsite.toot.si" = "Twitter crossposter" -"birdsite.wilde.cloud" = "Twitter crossposter" -"birdsitelive.ffvo.dev" = "Twitter crossposter" -"birdsitelive.kevinyank.com" = "Twitter crossposter" -"birdsitelive.peanutlasko.com" = "Twitter crossposter" -"birdsitelive.treffler.cloud" = "Twitter crossposter" -"bridge.birb.space" = "Twitter crossposter" -"brighteon.social" = "“free speech zone”" -"cawfee.club" = "Discrimination, racism, “free speech zone”" -"childpawn.shop" = "Pedophilia" -"chudbuds.lol" = "Discrimination, racism, “free speech zone”" -"club.darknight-coffee.eu" = "“free speech zone”" -"clubcyberia.co" = "Homophobia" -"clube.social" = "Harassment" -"comfyboy.club" = "Discrimination, racism" -"cum.camp" = "Harassment" -"cum.salon" = "Misogynic, pedophilia" -"daishouri.moe" = "Fascism, openly advertises with swastika" -"detroitriotcity.com" = "Discrimination, racism, “free speech zone”" -"eientei.org" = "Racism, antisemitism" -"eveningzoo.club" = "Discrimination, racism, “free speech zone”" -"f.haeder.net" = "Discrimination" -"freak.university" = "Pedophilia" -"freeatlantis.com" = "Conspiracy theory instance" -"freecumextremist.com" = "Discrimination, racism, “free speech zone”" -"freefedifollowers.ga" = "Follower spam" -"freespeechextremist.com" = "Discrimination, racism, “free speech zone”" -"frennet.link" = "Discrimination, racism, “free speech zone”" -"froth.zone" = "Calls freespeechextremist their local bubble" -"gab.com/.ai, develop.gab.com" = "Discrimination, racism, “free speech zone”" -"gameliberty.club" = "“free speech zone”" -"gegenstimme.tv" = "“free speech zone”" -"genderheretics.xyz" = "Tagline “Now With 41% More Misgendering!”" -"gitmo.life" = "“free speech zone”" -"gleasonator.com" = "Transphobia, TERFs" -"glindr.org" = "Discrimination" -"glowers.club" = "Discrimination, racism, “free speech zone”" -"honkwerx.tech" = "Racism" -"iamterminally.online" = "Discrimination, racism, “free speech zone”" -"iddqd.social" = "Discrimination, racism, “free speech zone”" -"itmslaves.com" = "“free speech zone”, noagenda affiliated" -"jaeger.website" = "Discrimination, racism, “free speech zone”" -"kenfm.quadplay.tv" = "Conspiracy videos" -"kiwifarms.cc" = "Discrimination" -"lgbtfree.zone" = "Racism, transphobia, all that" -"liberdon.com" = "Conspiracy theories, transphobia, racism" -"libre.tube" = "Promotion of violence and murder, multiple other violations of our rules" -"lolicon.rocks" = "Lolicon" -"lolison.top" = "Lolicon, paedophilia" -"mastinator.com" = "Block evasion, unwanted profile mirroring, and more" -"mastodon.network" = "Instance went down, now porn spam" -"mastodon.popps.org" = "Homophobia" -"mastodong.lol" = "Admin maintains and runs activitypub-proxy.cf" -"meta-tube.de" = "Conspiracy, CoVid19 denier videos https://fediblock.org/blocklist/#meta-tube.de" -"midnightride.rs" = "Discrimination" -"misskey-forkbomb.cf" = "Spam" -"morale.ch" = "Antisemitism and more" -"mstdn.foxfam.club" = "Right wing twitter mirror" -"natehiggers.online" = "Racism" -"newjack.city" = "Exclusive to unwanted follow bots" -"nicecrew.digital" = "Discrimination, racism, “free speech zone”" -"noagendasocial.com" = "“free speech zone”, harassment" -"noagendasocial.nl" = "“free speech zone”, harassment" -"noagendatube.com" = "“free speech zone”, harassment" -"ns.auction" = "Racism etc" -"ohai.su" = "Offline" -"pawoo.net" = "Untagged nfsw content, unwanted follow bots, lolicon" -"paypig.org" = "Racism" -"pieville.net" = "Racism, antisemitism" -"pl.serialmay.link" = "Racism, transphobia" -"pl.tkammer.de" = "Transphobia" -"play.xmr.101010.pl" = "Cryptomining" -"pleroma.kitsunemimi.club" = "Discrimination" -"pleroma.narrativerry.xyz" = "Discrimination, racism, “free speech zone”" -"pleroma.nobodyhasthe.biz" = "Doxxing and discrimination" -"pleroma.rareome.ga" = "Doesn’t respect blocks or status privacy, lolicons" -"poa.st" = "Discrimination" -"podcastindex.social" = "noagenda affiliated" -"poster.place" = "Discrimination, racism, “free speech zone”, harassment in response to blocks" -"qoto.org" = "“free speech zone”, harassment" -"rapemeat.solutions" = "Lolicon and also, like, the domain name" -"rdrama.cc" = "Discrimination, “free speech zone”, racism" -"repl.co" = "Spam" -"rojogato.com" = "Harassment, “free speech zone”" -"ryona.agency" = "Alt-right trolls, harassment" -"seal.cafe" = "Discrimination, racism, “free speech zone”" -"shitpost.cloud" = "“Free speech zone”, antisemitism" -"shitposter.club" = "“Free speech zone”" -"shortstackran.ch" = "Racism, homophobia, “free speech zone”" -"shota.house" = "Lolicon" -"skippers-bin.com" = "Same admin as neckbeard.xyz, same behaviour" -"sleepy.cafe" = "Racism, harassment" -"sneak.berlin" = "privacy violation" -"sneed.social" = "Discrimination, racism, “free speech zone”, nationalism, hate speech, completely unmoderated" -"soc.ua-fediland.de" = "Spam" -"social.ancreport.com" = "Discrimination, racism, “free speech zone”" -"social.lovingexpressions.net" = "Transphobia" -"social.teci.world" = "Discrimination, racism, “free speech zone”" -"social.urspringer.de" = "Conspiracy, CoVid19 denier" -"socnet.supes.com" = "Right wing “free speech zone”" -"solagg.com" = "Scammers" -"spinster.xyz" = "Discrimination, TERFs" -"tastingtraffic.net" = "Homophobia" -"truthsocial.co.in" = "Alt-right trolls" -"tube.kenfm.de" = "Right-wing conspiracy videos" -"tube.querdenken-711.de" = "Right-wing onspiracy videos" -"tweet.pasture.moe" = "Twitter crossposter" -"tweetbridge.kogasa.de" = "Twitter crossposter" -"tweets.icu" = "Twitter crossposter" -"twitter.activitypub.actor" = "Twitter crossposter" -"twitter.doesnotexist.club" = "Twitter crossposter" -"twitterbridge.jannis.rocks" = "Twitter crossposter" -"twtr.plus" = "Twitter crossposter" -"varishangout.net" = "Transphobia and racism go unmoderated, aggressive trolling, lolicon permitted in rules" -"wiki-tube.de" = "Right-wing conspiracy videos (initial video welcomes Querdenken and KenFM)" -"wolfgirl.bar" = "Discrimination, homophobia, unmoderated trolling" -"yggdrasil.social" = "Instance rules: “No LGBTQ. Period. No homosexuality. No men who think they’re women or women who think they’re men. No made up genders.”" -"hornyjail.pro" = "Obscene speech without content warning" diff --git a/modules/services/akkoma/default.nix b/modules/services/akkoma/default.nix deleted file mode 100644 index 91aa2e8..0000000 --- a/modules/services/akkoma/default.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.modules.services.akkoma; - - poorObfuscation = y: x: "${x}@${y}"; - federation-blocklist = lib.importTOML ./blocklist.toml; - - inherit (lib.my) wrapFile; -in -{ - options.modules.services.akkoma = { - enable = mkEnableOption "Akkoma instance"; - domain = mkOption { type = types.str; }; - realHost = mkOption { type = types.str; }; - instanceName = mkOption { type = types.str; default = "Akkoma on ${cfg.domain}"; }; - }; - - config = mkIf cfg.enable { - modules.services.postgresql.enable = true; - - services.akkoma = { - enable = true; - initDb.enable = true; - - extraStatic = { - "static/terms-of-service.html" = wrapFile "terms-of-service.html" ./terms-of-service.html; - "static/logo.svg" = wrapFile "logo.svg" ./logo.svg; - "static/logo.png" = wrapFile "logo.png" ./logo.png; - "static/logo-512.png" = wrapFile "logo-512.png" ./favicon-withbg.png; # Intentional, for PWA favicon. - "static/icon.png" = wrapFile "icon.png" ./favicon.png; - "favicon.png" = wrapFile "favicon.png" ./favicon-withbg.png; - }; - config = - let inherit ((pkgs.formats.elixirConf { }).lib) mkRaw mkMap; - in { - ":pleroma"."Pleroma.Web.Endpoint".url.host = cfg.realHost; - ":pleroma"."Pleroma.Web.WebFinger".domain = cfg.domain; - ":pleroma".":media_proxy".enabled = false; - ":pleroma".":instance" = { - name = cfg.instanceName; - - description = "Private akkoma instance"; - email = poorObfuscation cfg.domain "postmaster"; - notify_email = poorObfuscation cfg.domain "postmaster"; - - registrations_open = false; - invites_enabled = true; - - limit = 5000; - }; - ":pleroma".":frontend_configurations" = { - pleroma_fe = mkMap { - logo = "/static/logo.png"; - }; - }; - ":pleroma".":mrf" = { - policies = map mkRaw [ "Pleroma.Web.ActivityPub.MRF.SimplePolicy" ]; - }; - ":pleroma".":mrf_simple" = { - followers_only = mkMap federation-blocklist.followers_only; - media_nsfw = mkMap federation-blocklist.media_nsfw; - reject = mkMap federation-blocklist.reject; - }; - ":pleroma"."Pleroma.Captcha" = { - enabled = true; - method = mkRaw "Pleroma.Captcha.Kocaptcha"; - }; - }; - - nginx = { - forceSSL = true; - useACMEHost = cfg.domain; - - locations."~ \\.(js|css|woff|woff2?|png|jpe?g|svg)$" = { - extraConfig = '' - add_header Cache-Control "public, max-age=14400, must-revalidate"; - ''; - - proxyPass = "http://unix:${config.services.akkoma.config.":pleroma"."Pleroma.Web.Endpoint".http.ip}"; - proxyWebsockets = true; - recommendedProxySettings = true; - }; - }; - }; - - services.nginx.virtualHosts.${cfg.domain} = { - forceSSL = true; - useACMEHost = cfg.domain; - - locations."/.well-known/host-meta" = { - extraConfig = '' - return 301 https://${cfg.realHost}$request_uri; - ''; - }; - }; - modules.persistence.directories = [ - "/var/lib/akkoma" - ]; - }; -} diff --git a/modules/services/akkoma/favicon-withbg.png b/modules/services/akkoma/favicon-withbg.png deleted file mode 100644 index f9595ce..0000000 Binary files a/modules/services/akkoma/favicon-withbg.png and /dev/null differ diff --git a/modules/services/akkoma/favicon.png b/modules/services/akkoma/favicon.png deleted file mode 100644 index d8cbce3..0000000 Binary files a/modules/services/akkoma/favicon.png and /dev/null differ diff --git a/modules/services/akkoma/logo.png b/modules/services/akkoma/logo.png deleted file mode 100644 index 7744b1a..0000000 Binary files a/modules/services/akkoma/logo.png and /dev/null differ diff --git a/modules/services/akkoma/logo.svg b/modules/services/akkoma/logo.svg deleted file mode 100644 index 68e647e..0000000 --- a/modules/services/akkoma/logo.svg +++ /dev/null @@ -1,71 +0,0 @@ - - - - - - image/svg+xml - - - - - - - - - - - - - - - diff --git a/modules/services/akkoma/robots.txt b/modules/services/akkoma/robots.txt deleted file mode 100644 index 1f53798..0000000 --- a/modules/services/akkoma/robots.txt +++ /dev/null @@ -1,2 +0,0 @@ -User-agent: * -Disallow: / diff --git a/modules/services/akkoma/terms-of-service.html b/modules/services/akkoma/terms-of-service.html deleted file mode 100644 index 33c7ff3..0000000 --- a/modules/services/akkoma/terms-of-service.html +++ /dev/null @@ -1,26 +0,0 @@ - - - - -

Terms of Service

-

This is a private instance with only me and my friends. Here's the rules:

-
    -
  1. -

    No discrimination based on race, gender, sexual orientation, disabilities, or any other characteristic.

    -
    2. -
  2. -

    No harassment or doxxing towards others.

    -
    3. -
  3. -

    No promotion of violence.

    -
    4. -
  4. -

    No content that is illegal in United Kingdom, Japan, Finland, Germany, and South Korea.

    -
    5. -
  5. -

    Use content warnings for explicit or controversial content.

    -
    6. -
-

Any account that doesn't abide by the rules specified above will be terminated without prior notice.

- - diff --git a/modules/services/authentik.nix b/modules/services/authentik.nix deleted file mode 100644 index 10241b9..0000000 --- a/modules/services/authentik.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ inputs, config, lib, ... }: - -with lib; -let - cfg = config.modules.services.authentik; -in -{ - imports = [ inputs.authentik-nix.nixosModules.default ]; - - options.modules.services.authentik = { - enable = mkEnableOption "Authentik - Identity Provider"; - domain = mkOption { type = types.str; }; - realHost = mkOption { type = types.str; default = "authentik.${cfg.domain}"; }; - email = { - host = mkOption { type = types.str; default = "smtp.${cfg.domain}"; }; - username = mkOption { type = types.str; default = "authentik@${cfg.domain}"; }; - from = mkOption { type = types.str; default = cfg.email.username; }; - }; - secrets = { - authentik-envs = mkOption { type = types.path; description = "path to the environment file"; }; - }; - }; - - config = mkIf cfg.enable { - services.authentik = { - enable = true; - - environmentFile = cfg.secrets.authentik-envs; - - settings = { - email = { - host = cfg.email.host; - port = 587; - username = cfg.email.username; - use_tls = true; - use_ssl = false; - from = cfg.email.from; - }; - - cert_discovery_dir = "env://CREDENTIALS_DIRECTORY"; - }; - nginx = { - # This is configured manually since authentik-nix doesn't support - # cases where cert domain != nginx host - enable = false; - enableACME = false; - # host = cfg.realHost; - }; - }; - - modules.persistence.directories = [ - "/var/lib/private/authentik" - ]; - - systemd.services.authentik-worker.serviceConfig.LoadCredential = [ - "${cfg.domain}.pem:${config.security.acme.certs.${cfg.domain}.directory}/fullchain.pem" - "${cfg.domain}.key:${config.security.acme.certs.${cfg.domain}.directory}/key.pem" - ]; - - services.nginx.virtualHosts.${cfg.realHost} = { - useACMEHost = cfg.domain; - forceSSL = true; - locations."/" = { - proxyWebsockets = true; - proxyPass = "https://localhost:9443"; - }; - }; - }; -} diff --git a/modules/services/backup.nix b/modules/services/backup.nix deleted file mode 100644 index 9770b43..0000000 --- a/modules/services/backup.nix +++ /dev/null @@ -1,81 +0,0 @@ -{ config, lib, ... }: - -with lib; -let - cfg = config.modules.services.backup; -in -{ - options.modules.services.backup = { - enable = mkEnableOption "borg-based backup solution"; - name = lib.mkOption { - type = lib.types.str; - default = "${config.networking.hostName}-rolling"; - description = '' - Name of the backup job - ''; - }; - - paths = lib.mkOption { - type = lib.types.listOf lib.types.str; - description = '' - Paths to back up - ''; - }; - exclude = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ ]; - description = '' - Paths to exclude - ''; - }; - repo = lib.mkOption { - type = lib.types.str; - description = '' - Path to the repository to back up to - ''; - }; - repoKeyPath = lib.mkOption { - type = lib.types.str; - description = '' - Path to the repository key - ''; - }; - sshKeyPath = lib.mkOption { - type = lib.types.str; - description = '' - Path to the ssh key - ''; - }; - rsyncNet = lib.mkOption { - type = lib.types.bool; - default = false; - description = '' - Whether to enable rsync.net specific patches - ''; - }; - }; - - config = mkIf cfg.enable { - services.borgbackup.jobs.${cfg.name} = { - inherit (cfg) paths exclude repo; - - prune.keep = { - within = "1d"; # Keep all archives from the last day - daily = 7; - weekly = 4; - monthly = 3; - }; - - encryption.mode = "repokey-blake2"; - encryption.passCommand = "cat ${cfg.repoKeyPath}"; - - environment.BORG_RSH = "ssh -i ${cfg.sshKeyPath}"; - environment.BORG_REMOTE_PATH = lib.mkIf cfg.rsyncNet "/usr/local/bin/borg1/borg1"; - # use borg 1.0+ on rsync.net - extraCreateArgs = "--verbose --stats --checkpoint-interval 600"; - compression = "auto,zstd"; - startAt = "*-*-* 03:00:00"; # pgsql backup runs on 01:15:00 - persistentTimer = true; - }; - }; -} diff --git a/modules/services/cgit/cgit-exotic.css b/modules/services/cgit/cgit-exotic.css deleted file mode 100644 index 32117c7..0000000 --- a/modules/services/cgit/cgit-exotic.css +++ /dev/null @@ -1,953 +0,0 @@ -div#cgit { - padding: 0em; - margin: 0em; - font-family: sans-serif; - font-size: 10pt; - color: #333; - background: white; - padding: 4px; -} - -div#cgit a { - color: blue; - text-decoration: none; -} - -div#cgit a:hover { - text-decoration: underline; -} - -div#cgit table { - border-collapse: collapse; -} - -div#cgit table#header { - width: 100%; - margin-bottom: 1em; -} - -div#cgit table#header td.logo { - width: 96px; - vertical-align: top; -} - -div#cgit table#header td.main { - font-size: 250%; - padding-left: 10px; - white-space: nowrap; -} - -div#cgit table#header td.main a { - color: #000; -} - -div#cgit table#header td.form { - text-align: right; - vertical-align: bottom; - padding-right: 1em; - padding-bottom: 2px; - white-space: nowrap; -} - -div#cgit table#header td.form form, -div#cgit table#header td.form input, -div#cgit table#header td.form select { - font-size: 90%; -} - -div#cgit table#header td.sub { - color: #777; - border-top: solid 1px #ccc; - padding-left: 10px; -} - -div#cgit table.tabs { - border-bottom: solid 3px #ccc; - border-collapse: collapse; - margin-top: 2em; - margin-bottom: 0px; - width: 100%; -} - -div#cgit table.tabs td { - padding: 0px 1em; - vertical-align: bottom; -} - -div#cgit table.tabs td a { - padding: 2px 0.25em; - color: #777; - font-size: 110%; -} - -div#cgit table.tabs td a.active { - color: #000; - background-color: #ccc; -} - -div#cgit table.tabs a[href^="http://"]:after, div#cgit table.tabs a[href^="https://"]:after { - content: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAoAAAAKCAQAAAAnOwc2AAAAAmJLR0QA/4ePzL8AAAAJcEhZcwAACxMAAAsTAQCanBgAAAAHdElNRQfgAhcJDQY+gm2TAAAAHWlUWHRDb21tZW50AAAAAABDcmVhdGVkIHdpdGggR0lNUGQuZQcAAABbSURBVAhbY2BABs4MU4CwhYHBh2Erww4wrGFQZHjI8B8IgUIscJWyDHcggltQhI4zGDCcRwhChPggHIggP1QoAVmQkSETrGoHsiAEsACtBYN0oDAMbgU6EBcAAL2eHUt4XUU4AAAAAElFTkSuQmCC); - opacity: 0.5; - margin: 0 0 0 5px; -} - -div#cgit table.tabs td.form { - text-align: right; -} - -div#cgit table.tabs td.form form { - padding-bottom: 2px; - font-size: 90%; - white-space: nowrap; -} - -div#cgit table.tabs td.form input, -div#cgit table.tabs td.form select { - font-size: 90%; -} - -div#cgit div.path { - margin: 0px; - padding: 5px 2em 2px 2em; - color: #000; - background-color: #eee; -} - -div#cgit div.content { - margin: 0px; - padding: 2em; - border-bottom: solid 3px #ccc; -} - - -div#cgit table.list { - width: 100%; - border: none; - border-collapse: collapse; -} - -div#cgit table.list tr { - background: white; -} - -div#cgit table.list tr.logheader { - background: #eee; -} - -div#cgit table.list tr:nth-child(even) { - background: #f7f7f7; -} - -div#cgit table.list tr:nth-child(odd) { - background: white; -} - -div#cgit table.list tr:hover { - background: #eee; -} - -div#cgit table.list tr.nohover { - background: white; -} - -div#cgit table.list tr.nohover:hover { - background: white; -} - -div#cgit table.list tr.nohover-highlight:hover:nth-child(even) { - background: #f7f7f7; -} - -div#cgit table.list tr.nohover-highlight:hover:nth-child(odd) { - background: white; -} - -div#cgit table.list th { - font-weight: bold; - /* color: #888; - border-top: dashed 1px #888; - border-bottom: dashed 1px #888; - */ - padding: 0.1em 0.5em 0.05em 0.5em; - vertical-align: baseline; -} - -div#cgit table.list td { - border: none; - padding: 0.1em 0.5em 0.1em 0.5em; -} - -div#cgit table.list td.commitgraph { - font-family: monospace; - white-space: pre; -} - -div#cgit table.list td.commitgraph .column1 { - color: #a00; -} - -div#cgit table.list td.commitgraph .column2 { - color: #0a0; -} - -div#cgit table.list td.commitgraph .column3 { - color: #aa0; -} - -div#cgit table.list td.commitgraph .column4 { - color: #00a; -} - -div#cgit table.list td.commitgraph .column5 { - color: #a0a; -} - -div#cgit table.list td.commitgraph .column6 { - color: #0aa; -} - -div#cgit table.list td.logsubject { - font-family: monospace; - font-weight: bold; -} - -div#cgit table.list td.logmsg { - font-family: monospace; - white-space: pre; - padding: 0 0.5em; -} - -div#cgit table.list td a { - color: black; -} - -div#cgit table.list td a.ls-dir { - font-weight: bold; - color: #00f; -} - -div#cgit table.list td a:hover { - color: #00f; -} - -div#cgit img { - border: none; -} - -div#cgit input#switch-btn { - margin: 2px 0px 0px 0px; -} - -div#cgit td#sidebar input.txt { - width: 100%; - margin: 2px 0px 0px 0px; -} - -div#cgit table#grid { - margin: 0px; -} - -div#cgit td#content { - vertical-align: top; - padding: 1em 2em 1em 1em; - border: none; -} - -div#cgit div#summary { - vertical-align: top; - margin-bottom: 1em; -} - -div#cgit table#downloads { - float: right; - border-collapse: collapse; - border: solid 1px #777; - margin-left: 0.5em; - margin-bottom: 0.5em; -} - -div#cgit table#downloads th { - background-color: #ccc; -} - -div#cgit div#blob { - border: solid 1px black; -} - -div#cgit div.error { - color: red; - font-weight: bold; - margin: 1em 2em; -} - -div#cgit a.ls-blob, div#cgit a.ls-dir, div#cgit .ls-mod { - font-family: monospace; -} - -div#cgit td.ls-size { - text-align: right; - font-family: monospace; - width: 10em; -} - -div#cgit td.ls-mode { - font-family: monospace; - width: 10em; -} - -div#cgit table.blob { - margin-top: 0.5em; - border-top: solid 1px black; -} - -div#cgit table.blob td.hashes, -div#cgit table.blob td.lines { - margin: 0; padding: 0 0 0 0.5em; - vertical-align: top; - color: black; -} - -div#cgit table.blob td.linenumbers { - margin: 0; padding: 0 0.5em 0 0.5em; - vertical-align: top; - text-align: right; - border-right: 1px solid gray; -} - -div#cgit table.blob pre { - padding: 0; margin: 0; -} - -div#cgit table.blob td.linenumbers a, -div#cgit table.ssdiff td.lineno a { - color: gray; - text-align: right; - text-decoration: none; -} - -div#cgit table.blob td.linenumbers a:hover, -div#cgit table.ssdiff td.lineno a:hover { - color: black; -} - -div#cgit table.blame td.hashes, -div#cgit table.blame td.lines, -div#cgit table.blame td.linenumbers { - padding: 0; -} - -div#cgit table.blame td.hashes div.alt, -div#cgit table.blame td.lines div.alt { - padding: 0 0.5em 0 0.5em; -} - -div#cgit table.blame td.linenumbers div.alt { - padding: 0 0.5em 0 0; -} - -div#cgit table.blame div.alt:nth-child(even) { - background: #eee; -} - -div#cgit table.blame div.alt:nth-child(odd) { - background: white; -} - -div#cgit table.blame td.lines > div { - position: relative; -} - -div#cgit table.blame td.lines > div > pre { - padding: 0 0 0 0.5em; - position: absolute; - top: 0; -} - -div#cgit table.blame .oid { - font-size: 100%; -} - -div#cgit table.bin-blob { - margin-top: 0.5em; - border: solid 1px black; -} - -div#cgit table.bin-blob th { - font-family: monospace; - white-space: pre; - border: solid 1px #777; - padding: 0.5em 1em; -} - -div#cgit table.bin-blob td { - font-family: monospace; - white-space: pre; - border-left: solid 1px #777; - padding: 0em 1em; -} - -div#cgit table.nowrap td { - white-space: nowrap; -} - -div#cgit table.commit-info { - border-collapse: collapse; - margin-top: 1.5em; -} - -div#cgit div.cgit-panel { - float: right; - margin-top: 1.5em; -} - -div#cgit div.cgit-panel table { - border-collapse: collapse; - border: solid 1px #aaa; - background-color: #eee; -} - -div#cgit div.cgit-panel th { - text-align: center; -} - -div#cgit div.cgit-panel td { - padding: 0.25em 0.5em; -} - -div#cgit div.cgit-panel td.label { - padding-right: 0.5em; -} - -div#cgit div.cgit-panel td.ctrl { - padding-left: 0.5em; -} - -div#cgit table.commit-info th { - text-align: left; - font-weight: normal; - padding: 0.1em 1em 0.1em 0.1em; - vertical-align: top; -} - -div#cgit table.commit-info td { - font-weight: normal; - padding: 0.1em 1em 0.1em 0.1em; -} - -div#cgit div.commit-subject { - font-weight: bold; - font-size: 125%; - margin: 1.5em 0em 0.5em 0em; - padding: 0em; -} - -div#cgit div.notes-header { - font-weight: bold; - padding-top: 1.5em; -} - -div#cgit div.notes { - white-space: pre; - font-family: monospace; - border: solid 1px #ee9; - background-color: #ffd; - padding: 0.3em 2em 0.3em 1em; - float: left; -} - -div#cgit div.notes-footer { - clear: left; -} - -div#cgit div.diffstat-header { - font-weight: bold; - padding-top: 1.5em; -} - -div#cgit table.diffstat { - border-collapse: collapse; - border: solid 1px #aaa; - background-color: #eee; -} - -div#cgit table.diffstat th { - font-weight: normal; - text-align: left; - text-decoration: underline; - padding: 0.1em 1em 0.1em 0.1em; - font-size: 100%; -} - -div#cgit table.diffstat td { - padding: 0.2em 0.2em 0.1em 0.1em; - font-size: 100%; - border: none; -} - -div#cgit table.diffstat td.mode { - white-space: nowrap; -} - -div#cgit table.diffstat td span.modechange { - padding-left: 1em; - color: red; -} - -div#cgit table.diffstat td.add a { - color: green; -} - -div#cgit table.diffstat td.del a { - color: red; -} - -div#cgit table.diffstat td.upd a { - color: blue; -} - -div#cgit table.diffstat td.graph { - width: 500px; - vertical-align: middle; -} - -div#cgit table.diffstat td.graph table { - border: none; -} - -div#cgit table.diffstat td.graph td { - padding: 0px; - border: 0px; - height: 7pt; -} - -div#cgit table.diffstat td.graph td.add { - background-color: #5c5; -} - -div#cgit table.diffstat td.graph td.rem { - background-color: #c55; -} - -div#cgit div.diffstat-summary { - color: #888; - padding-top: 0.5em; -} - -div#cgit table.diff { - width: 100%; -} - -div#cgit table.diff td span.head { - font-weight: bold; - color: black; -} - -div#cgit table.diff td span.hunk { - color: #009; -} - -div#cgit table.diff td span.add { - color: green; -} - -div#cgit table.diff td span.del { - color: red; -} - -div#cgit .oid { - font-family: monospace; - font-size: 90%; -} - -div#cgit .left { - text-align: left; -} - -div#cgit .right { - text-align: right; -} - -div#cgit table.list td.reposection { - font-style: italic; - color: #888; -} - -div#cgit a.button { - font-size: 80%; -} - -div#cgit a.primary { - font-size: 100%; -} - -div#cgit a.secondary { - font-size: 90%; -} - -div#cgit td.toplevel-repo { - -} - -div#cgit table.list td.sublevel-repo { - padding-left: 1.5em; -} - -div#cgit ul.pager { - list-style-type: none; - text-align: center; - margin: 1em 0em 0em 0em; - padding: 0; -} - -div#cgit ul.pager li { - display: inline-block; - margin: 0.25em 0.5em; -} - -div#cgit ul.pager a { - color: #777; -} - -div#cgit ul.pager .current { - font-weight: bold; -} - -div#cgit span.age-mins { - font-weight: bold; - color: #080; -} - -div#cgit span.age-hours { - color: #080; -} - -div#cgit span.age-days { - color: #040; -} - -div#cgit span.age-weeks { - color: #444; -} - -div#cgit span.age-months { - color: #888; -} - -div#cgit span.age-years { - color: #bbb; -} - -div#cgit span.insertions { - color: #080; -} - -div#cgit span.deletions { - color: #800; -} - -div#cgit div.footer { - margin-top: 0.5em; - text-align: center; - font-size: 80%; - color: #ccc; -} - -div#cgit div.footer a { - color: #ccc; - text-decoration: none; -} - -div#cgit div.footer a:hover { - text-decoration: underline; -} - -div#cgit a.branch-deco { - color: #000; - padding: 0px 0.25em; - background-color: #88ff88; - border: solid 1px #007700; -} - -div#cgit a.tag-deco { - color: #000; - padding: 0px 0.25em; - background-color: #ffff88; - border: solid 1px #777700; -} - -div#cgit a.tag-annotated-deco { - color: #000; - padding: 0px 0.25em; - background-color: #ffcc88; - border: solid 1px #777700; -} - -div#cgit a.remote-deco { - color: #000; - padding: 0px 0.25em; - background-color: #ccccff; - border: solid 1px #000077; -} - -div#cgit a.deco { - color: #000; - padding: 0px 0.25em; - background-color: #ff8888; - border: solid 1px #770000; -} - -div#cgit div.commit-subject a.branch-deco, -div#cgit div.commit-subject a.tag-deco, -div#cgit div.commit-subject a.tag-annotated-deco, -div#cgit div.commit-subject a.remote-deco, -div#cgit div.commit-subject a.deco { - font-size: 75%; -} - -div#cgit table.stats { - border: solid 1px black; - border-collapse: collapse; -} - -div#cgit table.stats th { - text-align: left; - padding: 1px 0.5em; - background-color: #eee; - border: solid 1px black; -} - -div#cgit table.stats td { - text-align: right; - padding: 1px 0.5em; - border: solid 1px black; -} - -div#cgit table.stats td.total { - font-weight: bold; - text-align: left; -} - -div#cgit table.stats td.sum { - color: #c00; - font-weight: bold; -/* background-color: #eee; */ -} - -div#cgit table.stats td.left { - text-align: left; -} - -div#cgit table.vgraph { - border-collapse: separate; - border: solid 1px black; - height: 200px; -} - -div#cgit table.vgraph th { - background-color: #eee; - font-weight: bold; - border: solid 1px white; - padding: 1px 0.5em; -} - -div#cgit table.vgraph td { - vertical-align: bottom; - padding: 0px 10px; -} - -div#cgit table.vgraph div.bar { - background-color: #eee; -} - -div#cgit table.hgraph { - border: solid 1px black; - width: 800px; -} - -div#cgit table.hgraph th { - background-color: #eee; - font-weight: bold; - border: solid 1px black; - padding: 1px 0.5em; -} - -div#cgit table.hgraph td { - vertical-align: middle; - padding: 2px 2px; -} - -div#cgit table.hgraph div.bar { - background-color: #eee; - height: 1em; -} - -div#cgit table.ssdiff { - width: 100%; -} - -div#cgit table.ssdiff td { - font-size: 75%; - font-family: monospace; - white-space: pre; - padding: 1px 4px 1px 4px; - border-left: solid 1px #aaa; - border-right: solid 1px #aaa; -} - -div#cgit table.ssdiff td.add { - color: black; - background: #cfc; - min-width: 50%; -} - -div#cgit table.ssdiff td.add_dark { - color: black; - background: #aca; - min-width: 50%; -} - -div#cgit table.ssdiff span.add { - background: #cfc; - font-weight: bold; -} - -div#cgit table.ssdiff td.del { - color: black; - background: #fcc; - min-width: 50%; -} - -div#cgit table.ssdiff td.del_dark { - color: black; - background: #caa; - min-width: 50%; -} - -div#cgit table.ssdiff span.del { - background: #fcc; - font-weight: bold; -} - -div#cgit table.ssdiff td.changed { - color: black; - background: #ffc; - min-width: 50%; -} - -div#cgit table.ssdiff td.changed_dark { - color: black; - background: #cca; - min-width: 50%; -} - -div#cgit table.ssdiff td.lineno { - color: black; - background: #eee; - text-align: right; - width: 3em; - min-width: 3em; -} - -div#cgit table.ssdiff td.hunk { - color: black; - background: #ccf; - border-top: solid 1px #aaa; - border-bottom: solid 1px #aaa; -} - -div#cgit table.ssdiff td.head { - border-top: solid 1px #aaa; - border-bottom: solid 1px #aaa; -} - -div#cgit table.ssdiff td.head div.head { - font-weight: bold; - color: black; -} - -div#cgit table.ssdiff td.foot { - border-top: solid 1px #aaa; - border-left: none; - border-right: none; - border-bottom: none; -} - -div#cgit table.ssdiff td.space { - border: none; -} - -div#cgit table.ssdiff td.space div { - min-height: 3em; -} - -/* - * BEGIN exotic.sh MODIFICATIONS - */ - -* { line-height: 1.25em; } - -div#cgit { - margin: auto; - font-family: monospace; - display: table; -} - -div#cgit table#header td.logo { - display: none; -} - -div#cgit table#header td.main { - font-size: 1.2em; - font-weight: bold; - /*padding-left: 10px;*/ -} - -div#cgit table#header td.sub { - border-top: none; -} - - -div#cgit table.tabs { - border-bottom: none; -} - - -div#cgit table.list th a { - color: inherit; -} - -div#cgit table.list tr:nth-child(even) { - background: inherit; -} - -div#cgit table.list tr:hover { - background: inherit; -} -div#cgit table.list tr.nohover-highlight:hover:nth-child(even) { - background: inherit; -} - -div#cgit table.blob td.linenumbers:nth-last-child(3) { - display: none; -} - -div#cgit div.content { - min-width: 60em; - border-bottom: none; -} - -div#cgit div.content div#summary { - display: table; - margin-left: auto; - margin-right: auto; -} - -div#cgit table.blob td.linenumbers a:target { - color: goldenrod; - text-decoration: underline; - outline: none; -} - -div#cgit div.footer { - font-size: 1em; -} diff --git a/modules/services/cgit/default.nix b/modules/services/cgit/default.nix deleted file mode 100644 index 7ee279f..0000000 --- a/modules/services/cgit/default.nix +++ /dev/null @@ -1,129 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.modules.services.cgit; -in -{ - options.modules.services.cgit = { - enable = mkEnableOption "cgit with uwsgi"; - - domain = mkOption { type = types.str; }; - realHost = mkOption { type = types.str; }; - # TODO: use generators & submodules - settings = { - title = mkOption { type = types.str; default = "${cfg.domain} git"; }; - description = mkOption { type = types.str; default = "cgit, hyperfast web frontend for Git"; }; - }; - }; - config = mkIf cfg.enable { - - modules.services.nginx.enable = true; - - services.uwsgi = { - enable = true; - user = "nginx"; - group = "nginx"; - plugins = [ "cgi" ]; - - instance = { - type = "emperor"; - vassals = { - cgit = { - type = "normal"; - socket = "/run/uwsgi/cgit.sock"; - procname-master = "uwsgi cgit"; - plugins = [ "cgi" ]; - cgi = "${pkgs.cgit-pink}/cgit/cgit.cgi"; - }; - }; - }; - }; - - users.extraUsers.nginx.extraGroups = [ "git" ]; - - services.nginx.virtualHosts.${cfg.realHost} = { - forceSSL = true; - useACMEHost = cfg.domain; - root = "${pkgs.cgit-pink}/cgit"; - locations = { - "/" = { - extraConfig = '' - try_files $uri @cgit; - ''; - }; - "=/cgit-exotic.css" = { - alias = "${./cgit-exotic.css}"; - extraConfig = '' - # add_header Cache-Control "public, max-age=14400, must-revalidate"; - ''; - }; - "@cgit" = { - extraConfig = '' - uwsgi_pass unix:/run/uwsgi/cgit.sock; - include ${pkgs.nginx}/conf/uwsgi_params; - uwsgi_modifier1 9; - ''; - }; - }; - }; - - networking.firewall.allowedTCPPorts = [ 80 443 ]; - - systemd.services.create-cgit-cache = { - description = "Create cache directory for cgit"; - enable = true; - - script = '' - mkdir -p /run/cgit - chown -R nginx:nginx /run/cgit - ''; - - wantedBy = [ "uwsgi.service" ]; - serviceConfig = { - Type = "oneshot"; - }; - }; - - environment.etc."cgitrc".text = '' - virtual-root=/ - - cache-size=1000 - cache-root=/run/cgit - - root-title=${cfg.settings.title} - root-desc=${cfg.settings.description} - - css=/cgit-exotic.css - - snapshots=tar.gz zip - - enable-git-config=1 - remove-suffix=1 - - enable-index-links=1 - enable-index-owner=0 - enable-git-clone=1 - enable-commit-graph=1 - enable-log-filecount=1 - enable-log-linecount=1 - - branch-sort=age - - readme=:README - readme=:readme - readme=:README.md - readme=:readme.md - readme=:README.org - readme=:readme.org - - source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py - about-filter=${pkgs.cgi