···
cp -f ${htmx-src} appview/pages/static/htmx.min.js
···
153
-
nixosModules.default = {
154
+
nixosModules.appview = {
···
201
+
nixosModules.knotserver = {
209
+
services.tangled-knotserver = {
210
+
enable = mkOption {
213
+
description = "Enable a tangled knotserver";
216
+
appviewEndpoint = mkOption {
218
+
default = "https://tangled.sh";
219
+
description = "Appview endpoint";
222
+
gitUser = mkOption {
225
+
description = "User that hosts git repos and performs git operations";
229
+
scanPath = mkOption {
231
+
default = "/home/git";
232
+
description = "Path where repositories are scanned from";
235
+
mainBranch = mkOption {
238
+
description = "Default branch name for repositories";
243
+
listenAddr = mkOption {
245
+
default = "0.0.0.0:5555";
246
+
description = "Address to listen on";
249
+
internalListenAddr = mkOption {
251
+
default = "127.0.0.1:5444";
252
+
description = "Internal address for inter-service communication";
255
+
secret = mkOption {
257
+
example = "super-secret-key";
258
+
description = "Secret key provided by appview (required)";
261
+
dbPath = mkOption {
263
+
default = "knotserver.db";
264
+
description = "Path to the database file";
267
+
hostname = mkOption {
269
+
example = "knot.tangled.sh";
270
+
description = "Hostname for the server (required)";
276
+
description = "Enable development mode (disables signature verification)";
282
+
config = mkIf config.services.tangled-knotserver.enable {
283
+
nixpkgs.overlays = [self.overlays.default];
285
+
environment.systemPackages = with pkgs; [git];
287
+
users.users.git = {
288
+
isSystemUser = true;
289
+
home = "/home/git";
291
+
shell = "${pkgs.shadow}/bin/nologin";
294
+
extraGroups = ["sudo"];
297
+
users.groups.git = {};
299
+
services.openssh = {
303
+
AuthorizedKeysCommand ${pkgs.keyfetch}/bin/keyfetch -repoguard-path ${pkgs.repoguard}/bin/repoguard
304
+
AuthorizedKeysCommandUser nobody
308
+
systemd.services.knotserver = {
309
+
description = "knotserver service";
310
+
after = ["network.target" "sshd.service"];
311
+
wantedBy = ["multi-user.target"];
314
+
WorkingDirectory = "/home/git";
316
+
"KNOT_REPO_SCAN_PATH=${config.services.tangled-knotserver.repo.scanPath}"
317
+
"APPVIEW_ENDPOINT=${config.services.tangled-knotserver.appviewEndpoint}"
318
+
"KNOT_SERVER_INTERNAL_LISTEN_ADDR=${config.services.tangled-knotserver.server.internalListenAddr}"
319
+
"KNOT_SERVER_LISTEN_ADDR=${config.services.tangled-knotserver.server.listenAddr}"
320
+
"KNOT_SERVER_SECRET=${config.services.tangled-knotserver.server.secret}"
321
+
"KNOT_SERVER_HOSTNAME=${config.services.tangled-knotserver.server.hostname}"
323
+
ExecStart = "${pkgs.knotserver}/bin/knotserver";
324
+
Restart = "always";
328
+
networking.firewall.allowedTCPPorts = [22];
332
+
nixosConfigurations.knotVM = nixpkgs.lib.nixosSystem {
333
+
system = "x86_64-linux";
335
+
self.nixosModules.knotserver
341
+
virtualisation.memorySize = 2048;
342
+
virtualisation.cores = 2;
343
+
services.getty.autologinUser = "root";
344
+
environment.systemPackages = with pkgs; [curl vim git];
345
+
services.tangled-knotserver = {
348
+
secret = "21c9c8b2a405bcfb14694481e32bab09d842c2f4cc0437906b68015d32f15b97";
349
+
hostname = "localhost:6000";
350
+
listenAddr = "0.0.0.0:6000";
kot.pink
oppi.li