john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: john/dendritic:89a4d5a22829f542d525caefd9c9db33920dfab2
Branches Tags
john/dendritic:main john/dendritic:wrappers john/dendritic:forgejo
..
compare: john/dendritic:bc66ec89c6bda2e7c31b5a64f5079cf8ac075099
Branches Tags
john/dendritic:wrappers john/dendritic:forgejo john/dendritic:main

5 Commits
89a4d5a228 .. bc66ec89c6

Author SHA1 Message Date
John Lancaster bc66ec89c6 neovim updates 2026-03-31 23:46:23 -05:00
John Lancaster 395e13acd2 started forgejo config 2026-03-31 20:17:52 -05:00
John Lancaster b6a85631f3 cleanup script 2026-03-30 18:59:28 -05:00
John Lancaster f82d084030 typo fix 2026-03-30 18:59:17 -05:00
John Lancaster 3674a0e6c4 started janus-ca wrapper 2026-03-30 18:59:07 -05:00
11 changed files with 171 additions and 23 deletions
Expand all files Collapse all files
modules/features/forgejo.nix
+62
View File
@@ -0,0 +1,62 @@
{ self, inputs, ... }: {
flake.modules.nixos.forgejo = {config, pkgs, lib, ... }:
let
cfg = config.forgejo;
in
{
options.forgejo = {
enable = lib.mkEnableOption "Enable Forgejo backed with PostgreSQL";
port = lib.mkOption {
type = lib.types.port;
default = 3000;
description = "TCP port for the Forgejo web interface.";
};
openFirewall = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Open the Forgejo web interface port in the firewall.";
};
https = lib.mkEnableOption "Open the Forgejo web interface port in the firewall.";
};
config = lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = lib.optionals cfg.openFirewall [ cfg.port ];
services.forgejo = {
enable = true;
lfs.enable = true;
settings.server = lib.mkMerge [
{
HTTP_PORT = cfg.port;
DISABLE_SSH = true;
}
(lib.mkIf cfg.https {
ROOT_URL = "https://forgejo.john-stream.com";
PROTOCOL = "https";
COOKIE_SECURE = true;
})
];
database = {
type = "postgres";
port = config.services.postgresql.settings.port;
# createDatabase = false;
};
# dump = {
# enable = true;
# interval = "12h";
# };
};
services.postgresql = {
enable = true;
settings = {
};
};
};
};
}
modules/features/greetd.nix
+1 -1
View File
@@ -1,6 +1,6 @@
# https://github.com/glabrie/dotfiles/blob/main/modules/system/settings/greetd.nix
{ inputs, ... }: {
flake.module.nixos.greetd = { pkgs, lib, ... }: {
flake.modules.nixos.greetd = { pkgs, lib, ... }: {
services.greetd = {
enable = true;
settings = {
modules/features/mtls.nix
+2 -2
View File
@@ -265,7 +265,7 @@ in
config = lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; lib.optionals cfg.enable [
step-cli
# step-cli
(mkMtlsGenerateScript {
inherit (cfg) subject provisioner san lifetime;
inherit pkgs tlsCert tlsKey mtlsBundle;
@@ -308,7 +308,7 @@ in
config = {
home.packages = with pkgs; lib.optionals cfg.enable [
step-cli
# step-cli
(mkMtlsGenerateScript {
inherit (cfg) subject provisioner san lifetime;
inherit pkgs tlsCert tlsKey mtlsBundle;
modules/hosts/janus/default.nix
+20 -1
View File
@@ -4,7 +4,6 @@ let
hostname = "janus";
ca-url = "https://janus.john-stream.com/";
fingerprint = "2036c44f7b5901566ff7611ea6c927291ecc6d2dd00779c0eead70ec77fa10d6";
in
{
flake.modules.nixos.janus-ca = { config, lib, ... }:
@@ -73,4 +72,24 @@ in
}
];
};
flake-file.inputs = {
wrappers = {
url = "github:lassulus/wrappers";
inputs.nixpkgs.follows = "nixpkgs";
};
};
perSystem = { pkgs, lib, ... }: {
packages.janus-ca = inputs.wrappers.lib.wrapPackage {
inherit pkgs;
package = pkgs.step-cli;
binName = "janus-cert";
args = [
"ca" "certificate"
"--ca-url=${ca-url}"
];
};
};
}
modules/hosts/john-pc/default.nix
+1 -1
View File
@@ -3,7 +3,7 @@ let
username = "john";
hostname = "john-pc-ubuntu";
testHost = "soteria";
testHost = "soteria"; # which host to test build
testTarget = "fded:fb16:653e:25da:be24:11ff:fea0:753f"; # test-nix
# testTarget = "fded:fb16:653e:25da:be24:11ff:fe89:1cc3"; # soteria
modules/hosts/soteria/soteria.nix
+7
View File
@@ -14,6 +14,7 @@ in
nixos.docker
nixos.mtls
nixos.janus-ca
nixos.forgejo
# nixos.restic-server
# nixos.restic-envoy
({ pkgs, ... }: {
@@ -60,6 +61,12 @@ in
homeManager."${hostname}"
];
};
environment.systemPackages = [
inputs.self.packages.${pkgs.stdenv.hostPlatform.system}.janus-ca
];
forgejo.enable = true;
})
];
};
modules/nix-tools/rebuild.nix
+13
View File
@@ -87,6 +87,19 @@
${echoCmd} "Testing the evaulation of the nixos config for $HOSTNAME"
${lib.getExe nix} eval ${flakeDir}#nixosConfigurations.$HOSTNAME.config.system.build.toplevel.drvPath
'')
(writeShellScriptBin "cleanup" ''
set -e
DAYS=$1
if [ -z "$DAYS" ]; then
${echoCmd} "usage: cleanup <days>"
exit 1
fi
${lib.getExe home-manager} expire-generations "-$DAYS days"
${lib.getExe nix} profile wipe-history --older-than "''${DAYS}d"
${lib.getExe nix} store gc
${lib.getExe nix} store optimise
'')
];
};
};
modules/nix-tools/user.nix
+5 -8
View File
@@ -18,16 +18,13 @@
isNormalUser = true;
home = "/home/${username}";
shell = lib.mkIf config.programs.zsh.enable pkgs.zsh;
extraGroups = [
"input"
"networkmanager"
] ++ lib.optionals isAdmin [
"docker"
"wheel"
];
extraGroups = [ "input" "networkmanager" ]
++ lib.optional isAdmin "wheel"
++ lib.optional config.virtualisation.docker.enable "docker"
++ lib.optional (isAdmin && config.services.forgejo.enable) config.services.forgejo.group
++ lib.optional (isAdmin && config.services.postgresql.enable) config.services.postgresql.group;
};
security.sudo-rs.enable = lib.mkIf isAdmin true;
home-manager.useGlobalPkgs = true;
modules/programs/neovim.nix
+53 -6
View File
@@ -7,10 +7,11 @@
};
perSystem = { system, pkgs, ... }: {
packages.my-neovim = (inputs.nvf.lib.neovimConfiguration {
packages.my-neovim = ((inputs.nvf.lib.neovimConfiguration {
inherit pkgs;
modules = [
{
# https://nvf.notashelf.dev/search.html
config.vim = {
options = {
number = true;
@@ -19,6 +20,9 @@
shiftwidth = 4;
tabstop = 4;
softtabstop = 4;
wrap = true;
linebreak = true;
};
syntaxHighlighting = true;
@@ -28,10 +32,27 @@
theme.name = "catppuccin";
theme.style = "mocha";
git = {
enable = true;
};
filetree.neo-tree = {
enable = true;
};
lazy = {
enable = true;
};
# globals = {
# SimpylFold_docstring_preview = 1;
# SimpylFold_fold_blank = 0;
# };
# extraPlugins = with pkgs.vimPlugins; {
# SimpylFold.package = SimpylFold;
# };
telescope = {
enable = true;
extensions = [
@@ -46,7 +67,7 @@
# Enable Treesitter
treesitter = {
enable = true;
# grammars = [ "python" ];
grammars = with pkgs.vimPlugins.nvim-treesitter-parsers; [ python ];
};
lsp.enable = true;
@@ -54,6 +75,24 @@
languages = {
enableTreesitter = true;
enableFormat = true;
markdown = {
enable = true;
extensions = {
# render-markdown-nvim.enable = true;
markview-nvim.enable = true;
};
};
bash.enable = true;
css.enable = true;
yaml.enable = true;
toml.enable = true;
nix = {
enable = true;
};
python = {
enable = true;
dap.enable = true;
@@ -63,16 +102,24 @@
keymaps = [
{
key = "<leader>m";
key = "<leader>fd";
mode = "n";
silent = false;
action = ":Telescope find_files";
}
{
key = "<C-b>";
mode = "n";
silent = true;
action = ":make<CR>";
action = ":Neotree";
}
];
};
}
];
})
.neovim;
}).neovim).overrideAttrs (old: {
pname = "my-neovim";
version = "custom";
});
};
}
modules/services/step-ca/ssh-host.nix
+2 -2
View File
@@ -33,7 +33,7 @@
networking.nameservers = [ "192.168.1.150" ];
networking.dhcpcd.extraConfig = "nohook resolv.conf";
environment.systemPackages = with pkgs; [
step-cli
# step-cli
(writeShellScriptBin "ssh-host-cert-renew" ''
${lib.getExe pkgs.step-cli} ssh certificate \
--host --sign \
@@ -51,7 +51,7 @@
wantedBy = [ ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
path = [ pkgs.step-cli pkgs.openssh pkgs.coreutils pkgs.systemd ];
path = with pkgs; [ coreutils systemd step-cli openssh ];
serviceConfig = {
Type = "oneshot";
User = "root";
modules/services/step-ca/step-ca.nix
+4 -1
View File
@@ -17,6 +17,9 @@ in
crt = "";
};
};
environment.systemPackages = with pkgs; [ step-ca step-cli ];
environment.systemPackages = with pkgs; [
step-ca
step-cli
];
};
}