From a3b2bcf3d57be28c27119a44445cfdde38349cb9 Mon Sep 17 00:00:00 2001 From: Anton Date: Sat, 18 Sep 2021 16:50:51 +0300 Subject: [PATCH 001/320] fix typo in CONTRIBUTING.md --- doc/CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/CONTRIBUTING.md b/doc/CONTRIBUTING.md index 8574daea..86f5dd70 100644 --- a/doc/CONTRIBUTING.md +++ b/doc/CONTRIBUTING.md @@ -2,7 +2,7 @@ ## TL;DR; - **Target Branch**: `main` -- **Merge Policy**: [`bors`][bors] is alwyas right (→ `bors try`) +- **Merge Policy**: [`bors`][bors] is always right (→ `bors try`) - **Docs**: every changeset is expected to contain doc updates - **Commit Msg**: be a poet! Comprehensive and explanatory commit messages should cover the motivation and use case in an easily understandable manner -- 2.44.2 From 54a9a8366e796661be44f8ab6f913632c02e0c34 Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Sat, 18 Sep 2021 15:47:11 -0400 Subject: [PATCH 002/320] ci: workflows on `main` push should trigger on `master` push --- .github/workflows/check.yml | 1 + .github/workflows/mdbook_docs.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index c8a8f64c..0638c4cd 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -3,6 +3,7 @@ on: push: branches: - main + - master - trying - staging jobs: diff --git a/.github/workflows/mdbook_docs.yml b/.github/workflows/mdbook_docs.yml index 5faf9c28..706b3bdf 100644 --- a/.github/workflows/mdbook_docs.yml +++ b/.github/workflows/mdbook_docs.yml @@ -4,6 +4,7 @@ on: push: branches: - main + - master jobs: deploy: -- 2.44.2 From c3461cd2c3f947c3ed30d64565d4e78c80d1fdba Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Sat, 18 Sep 2021 15:47:59 -0400 Subject: [PATCH 003/320] docs: `master` is the current target branch for pull requests --- doc/CONTRIBUTING.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/CONTRIBUTING.md b/doc/CONTRIBUTING.md index 86f5dd70..2b5241a3 100644 --- a/doc/CONTRIBUTING.md +++ b/doc/CONTRIBUTING.md @@ -1,7 +1,7 @@ # Pull Requests ## TL;DR; -- **Target Branch**: `main` +- **Target Branch**: `master` - **Merge Policy**: [`bors`][bors] is always right (→ `bors try`) - **Docs**: every changeset is expected to contain doc updates - **Commit Msg**: be a poet! Comprehensive and explanatory commit messages -- 2.44.2 From f13c11ea174fd508a7a327e13ad8fffff95facd6 Mon Sep 17 00:00:00 2001 From: Timothy DeHerrera Date: Sun, 19 Sep 2021 11:17:01 -0600 Subject: [PATCH 004/320] README.md: fix broken links --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6607bb42..1d813821 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ They also make [Nix expressions](https://nixos.org/manual/nix/unstable/expressio ## Getting Started Check out the [guide](https://devos.divnix.com/start) to get up and running. -Also, have a look at [_flake.nix_][toc]. If anything is not immediately +Also, have a look at [_flake.nix_](./flake.nix). If anything is not immediately discoverable via "[`digga`][digga]'s [`mkFlake`][mk-flake], please file a bug report. @@ -88,4 +88,4 @@ DevOS is licensed under the [MIT License][mit]. [nixpkgs]: https://github.com/NixOS/nixpkgs [nvfetcher]: https://github.com/berberman/nvfetcher [please]: https://github.com/nrdxp/devos/tree/nrd - +[matrix]: https://matrix.to/#/#devos:nixos.org -- 2.44.2 From 955b9ce1c1691d5ecd54bd666b0b47e42559a382 Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Sat, 18 Sep 2021 15:19:35 -0400 Subject: [PATCH 005/320] docs(bud): replace references to `flk` --- .github/ISSUE_TEMPLATE/bug_report.md | 2 +- .gitignore | 2 +- doc/concepts/users.md | 6 +++--- doc/integrations/deploy.md | 2 +- doc/start/from-nixos.md | 4 ++-- doc/start/index.md | 8 ++++---- 6 files changed, 12 insertions(+), 12 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index ca1ca289..1040ee63 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -35,4 +35,4 @@ Please search on the [issue tracker](../) before creating one. ## Your Environment - + diff --git a/.gitignore b/.gitignore index 4a991230..6cce155f 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,7 @@ result .direnv doc/index.html -# Result of flk commands +# Result of bud commands vm iso doi diff --git a/doc/concepts/users.md b/doc/concepts/users.md index 12bf5622..9be3ca8f 100644 --- a/doc/concepts/users.md +++ b/doc/concepts/users.md @@ -48,7 +48,7 @@ argument that gets passed to your home-manager users. ## External Usage You can easily use the defined home-manager configurations outside of NixOS -using the `homeConfigurations` flake output. The [flk](../flk/index.md) helper +using the `homeConfigurations` flake output. The [bud](../bud/index.md) helper script makes this even easier. This is great for keeping your environment consistent across Unix systems, @@ -57,10 +57,10 @@ including OSX. ### From within the projects devshell: ```sh # builds the nixos user defined in the NixOS host -flk home NixOS nixos +bud home NixOS nixos # build and activate -flk home NixOS nixos switch +bud home NixOS nixos switch ``` ### Manually from outside the project: diff --git a/doc/integrations/deploy.md b/doc/integrations/deploy.md index 29032108..f66d2b52 100644 --- a/doc/integrations/deploy.md +++ b/doc/integrations/deploy.md @@ -40,7 +40,7 @@ And the private key to your user: And run the deployment: ```sh -deploy "flk#hostName" --hostname host.example.com +deploy "bud#hostName" --hostname host.example.com ``` > ##### _Note:_ diff --git a/doc/start/from-nixos.md b/doc/start/from-nixos.md index 0e1d48cb..ce79063b 100644 --- a/doc/start/from-nixos.md +++ b/doc/start/from-nixos.md @@ -4,7 +4,7 @@ Assuming you're happy with your existing partition layout, you can generate a basic NixOS configuration for your system using: ```sh -flk up +bud up ``` This will make a new file `hosts/up-$(hostname).nix`, which you can edit to @@ -38,7 +38,7 @@ Now might be a good time to read the docs on [suites](../concepts/suites.md) and Once you're ready to deploy `hosts/my-host.nix`: ```sh -flk my-host switch +bud my-host switch ``` diff --git a/doc/start/index.md b/doc/start/index.md index f3f1127f..7dd80024 100644 --- a/doc/start/index.md +++ b/doc/start/index.md @@ -6,10 +6,10 @@ Here is a snippet that will get you the template without the git history: ```sh nix-shell -p cachix --run "cachix use nrdxp" -nix-shell https://github.com/divnix/devos/archive/core.tar.gz -A shell \ - --run "flk get core" +nix-shell https://github.com/divnix/devos/archive/master.tar.gz -A shell \ + --run "bud get master" -cd flk +cd bud nix-shell @@ -18,7 +18,7 @@ git add . git commit -m init ``` -This will place you in a new folder named `flk` with git initialized, and a +This will place you in a new folder named `bud` with git initialized, and a nix-shell that provides all the dependencies, including the unstable nix version required. -- 2.44.2 From 19666a06a7598872a0781e1b07fd267dac3d989f Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Sat, 18 Sep 2021 15:21:03 -0400 Subject: [PATCH 006/320] fix: `bud get` should init flake based off `master` --- bud/get.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bud/get.bash b/bud/get.bash index 3b4d9a74..770c002e 100644 --- a/bud/get.bash +++ b/bud/get.bash @@ -1 +1 @@ -nix flake new -t "github:divnix/devos/core" "${2:-devos}" +nix flake new -t "github:divnix/devos/master" "${2:-devos}" -- 2.44.2 From 57a14bb4119f19cf7b56adec41a7fe8797a5b000 Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Sat, 18 Sep 2021 15:26:15 -0400 Subject: [PATCH 007/320] docs: update links to point to `master` instead of `core` --- doc/concepts/profiles.md | 2 +- doc/concepts/users.md | 2 +- doc/integrations/nvfetcher.md | 2 +- doc/tests.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/doc/concepts/profiles.md b/doc/concepts/profiles.md index a5eda3e2..36e423f3 100644 --- a/doc/concepts/profiles.md +++ b/doc/concepts/profiles.md @@ -63,5 +63,5 @@ specific belongs in your [host](hosts.md) files instead. [definition]: https://nixos.org/manual/nixos/stable/index.html#sec-option-definitions [declaration]: https://nixos.org/manual/nixos/stable/index.html#sec-option-declarations [options]: https://nixos.org/manual/nixos/stable/index.html#sec-writing-modules -[spec]: https://github.com/divnix/devos/tree/core/lib/devos/mkProfileAttrs.nix +[spec]: https://github.com/divnix/devos/tree/master/lib/devos/mkProfileAttrs.nix [config]: https://nixos.wiki/wiki/Module#structure diff --git a/doc/concepts/users.md b/doc/concepts/users.md index 9be3ca8f..d18d51d3 100644 --- a/doc/concepts/users.md +++ b/doc/concepts/users.md @@ -73,5 +73,5 @@ nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPac ``` [home-manager]: https://nix-community.github.io/home-manager -[modules-list]: https://github.com/divnix/devos/tree/core/users/modules/module-list.nix +[modules-list]: https://github.com/divnix/devos/tree/master/users/modules/module-list.nix [portableuser]: https://digga.divnix.com/api-reference-home.html#homeusers diff --git a/doc/integrations/nvfetcher.md b/doc/integrations/nvfetcher.md index 4670657e..107a1695 100644 --- a/doc/integrations/nvfetcher.md +++ b/doc/integrations/nvfetcher.md @@ -40,4 +40,4 @@ fetch.git = "https://github.com/mlvzk/manix.git" # responsible for fetching [nvf]: https://github.com/berberman/nvfetcher [nvf-readme]: https://github.com/berberman/nvfetcher#readme -[sources.toml]: https://github.com/divnix/devos/tree/core/pkgs/sources.toml +[sources.toml]: https://github.com/divnix/devos/tree/master/pkgs/sources.toml diff --git a/doc/tests.md b/doc/tests.md index 1d7b65e2..6a62c726 100644 --- a/doc/tests.md +++ b/doc/tests.md @@ -26,7 +26,7 @@ and the examples in [nixpkgs][nixos-tests]. [test-doc]: https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests [test-blog]: https://www.haskellforall.com/2020/11/how-to-use-nixos-for-lightweight.html -[default]: https://github.com/divnix/devos/tree/core/tests/default.nix +[default]: https://github.com/divnix/devos/tree/master/tests/default.nix [run-test]: https://github.com/NixOS/nixpkgs/blob/6571462647d7316aff8b8597ecdf5922547bf365/lib/debug.nix#L154-L166 [nixos-tests]: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests [testing-python]: https://github.com/NixOS/nixpkgs/tree/master/nixos/lib/testing-python.nix -- 2.44.2 From 252769ce465660b1480fcc127b54dab6262f4b3f Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Sat, 18 Sep 2021 15:27:49 -0400 Subject: [PATCH 008/320] ci: update release workflow to checkout code from `master` branch --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6b22de09..111be319 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: - name: Checkout code uses: actions/checkout@v2 with: - ref: core + ref: master - name: Update Changelog uses: heinrichreimer/github-changelog-generator-action@v2.1.1 with: @@ -49,7 +49,7 @@ jobs: - name: Checkout code uses: actions/checkout@v2 with: - ref: core + ref: master - name: Get Changelog Entry id: changelog_reader -- 2.44.2 From 0770c7f9009293412c53d4f901bf23ff5d368769 Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Sun, 19 Sep 2021 23:30:16 -0400 Subject: [PATCH 009/320] docs: `bud get` creates a directory named `devos` by default As mentioned in #370 it would not result in a directory called `bud`, as can be seen in the custom `get.bash` command where the directory name defaults to `devos`. --- doc/start/index.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/start/index.md b/doc/start/index.md index 7dd80024..ed1a114a 100644 --- a/doc/start/index.md +++ b/doc/start/index.md @@ -9,7 +9,7 @@ nix-shell -p cachix --run "cachix use nrdxp" nix-shell https://github.com/divnix/devos/archive/master.tar.gz -A shell \ --run "bud get master" -cd bud +cd devos nix-shell @@ -18,7 +18,7 @@ git add . git commit -m init ``` -This will place you in a new folder named `bud` with git initialized, and a +This will place you in a new folder named `devos` with git initialized, and a nix-shell that provides all the dependencies, including the unstable nix version required. -- 2.44.2 From ccf160dd218aa48346ce2d9802d937757ccb1bd5 Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Sun, 19 Sep 2021 23:40:19 -0400 Subject: [PATCH 010/320] docs: `deploy` command example is run from repo root --- doc/integrations/deploy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/integrations/deploy.md b/doc/integrations/deploy.md index f66d2b52..81507fc7 100644 --- a/doc/integrations/deploy.md +++ b/doc/integrations/deploy.md @@ -40,7 +40,7 @@ And the private key to your user: And run the deployment: ```sh -deploy "bud#hostName" --hostname host.example.com +deploy ".#hostName" --hostname host.example.com ``` > ##### _Note:_ -- 2.44.2 From 95f89c0b44acf92e16ec702b38a23016616d8a2b Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Sun, 19 Sep 2021 23:43:29 -0400 Subject: [PATCH 011/320] docs: use single quotes in example to avoid shell expansion --- doc/integrations/deploy.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/integrations/deploy.md b/doc/integrations/deploy.md index 81507fc7..642267c8 100644 --- a/doc/integrations/deploy.md +++ b/doc/integrations/deploy.md @@ -40,7 +40,7 @@ And the private key to your user: And run the deployment: ```sh -deploy ".#hostName" --hostname host.example.com +deploy '.#hostName' --hostname host.example.com ``` > ##### _Note:_ -- 2.44.2 From e5660cdf83d9581f971504db8024240346328de8 Mon Sep 17 00:00:00 2001 From: Chris Montgomery Date: Sun, 19 Sep 2021 23:53:14 -0400 Subject: [PATCH 012/320] ci: remove lingering references to `main` in workflow configs `main` is no longer in use. See #369 --- .github/workflows/check.yml | 1 - .github/workflows/mdbook_docs.yml | 1 - 2 files changed, 2 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 0638c4cd..e80861b0 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -2,7 +2,6 @@ name: "Check & Cachix" on: push: branches: - - main - master - trying - staging diff --git a/.github/workflows/mdbook_docs.yml b/.github/workflows/mdbook_docs.yml index 706b3bdf..9d15cc18 100644 --- a/.github/workflows/mdbook_docs.yml +++ b/.github/workflows/mdbook_docs.yml @@ -3,7 +3,6 @@ name: Deploy Docs to GitHub Pages on: push: branches: - - main - master jobs: -- 2.44.2 From e0da74c87c62b1acca275f11af80a3c9fb556f33 Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Fri, 24 Sep 2021 11:40:53 -0700 Subject: [PATCH 013/320] Update flake to use new moddules options --- flake.lock | 69 ++++++++++++++++++++++++++++++++++++----------- flake.nix | 8 +++--- shell/default.nix | 4 +-- 3 files changed, 60 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index b3efea01..5dff3b1d 100644 --- a/flake.lock +++ b/flake.lock @@ -93,11 +93,11 @@ ] }, "locked": { - "lastModified": 1628068208, - "narHash": "sha256-akJBkj6os4bjO1drhketJvXNC21yPuy4ufL2pyius4M=", + "lastModified": 1628752686, + "narHash": "sha256-Lzh9MYUJDsjgif+YEyOErXtj1IH+ci8J1C30g1ms69s=", "owner": "serokell", "repo": "deploy-rs", - "rev": "d72174307d5b88ec24cc2e69e875228fe3d642ed", + "rev": "e5546f9c2503c26d175f08a81fc0a0f330be4cbe", "type": "github" }, "original": { @@ -108,11 +108,11 @@ }, "devshell": { "locked": { - "lastModified": 1625086391, - "narHash": "sha256-IpNPv1v8s4L3CoxhwcgZIitGpcrnNgnj09X7TA0QV3k=", + "lastModified": 1629275356, + "narHash": "sha256-R17M69EKXP6q8/mNHaK53ECwjFo1pdF+XaJC9Qq8zjg=", "owner": "numtide", "repo": "devshell", - "rev": "4b5ac7cf7d9a1cc60b965bb51b59922f2210cbc7", + "rev": "26f25a12265f030917358a9632cd600b51af1d97", "type": "github" }, "original": { @@ -131,6 +131,7 @@ "home-manager": [ "home" ], + "nix": "nix", "nixlib": [ "nixos" ], @@ -140,11 +141,11 @@ ] }, "locked": { - "lastModified": 1628211944, - "narHash": "sha256-2q1dNUzitVd0JNRHYTubbyb8ks3fL9hPJOvQgofxELE=", + "lastModified": 1632784893, + "narHash": "sha256-SBmGCObLqF9CrWoF7hrBpiCMPTUFzHiBvAtCJXQrPg4=", "owner": "divnix", "repo": "digga", - "rev": "760bb9c29063258ba547145de0ab96acd7eba4c0", + "rev": "6316878be3527ef2b27b8e92afb44ce1857830b3", "type": "github" }, "original": { @@ -192,16 +193,15 @@ ] }, "locked": { - "lastModified": 1627071952, - "narHash": "sha256-FhE0KOuI9Kl4eyGJXu4bh9fBP2hbxjnD1DlKHljCcYs=", - "owner": "gytis-ivaskevicius", + "lastModified": 1630859749, + "narHash": "sha256-qkoU2rIbbP2+T0dfcqXW35GCWNsi0Y1IgN9BELmt4Zo=", + "owner": "divnix", "repo": "flake-utils-plus", - "rev": "51a82925db31073bc4822c9b538a0a3ebf1134b2", + "rev": "a4e267e3fc87e60c5029c6c3855935ff1ff3018e", "type": "github" }, "original": { - "owner": "gytis-ivaskevicius", - "ref": "staging", + "owner": "divnix", "repo": "flake-utils-plus", "type": "github" } @@ -243,6 +243,23 @@ "type": "github" } }, + "lowdown-src": { + "flake": false, + "locked": { + "lastModified": 1617481909, + "narHash": "sha256-SqnfOFuLuVRRNeVJr1yeEPJue/qWoCp5N6o5Kr///p4=", + "owner": "kristapsdz", + "repo": "lowdown", + "rev": "148f9b2f586c41b7e36e73009db43ea68c7a1a4d", + "type": "github" + }, + "original": { + "owner": "kristapsdz", + "ref": "VERSION_0_8_4", + "repo": "lowdown", + "type": "github" + } + }, "naersk": { "inputs": { "nixpkgs": [ @@ -286,6 +303,28 @@ "type": "github" } }, + "nix": { + "inputs": { + "lowdown-src": "lowdown-src", + "nixpkgs": [ + "digga", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1630335771, + "narHash": "sha256-eljjEPJdLK3aDskF7qX4YM/6KCq+w9nr+IKhrKW/AIQ=", + "owner": "nixos", + "repo": "nix", + "rev": "50a35860ee9237d341948437c5f70a7f0987d393", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nix", + "type": "github" + } + }, "nixos": { "locked": { "lastModified": 1628203131, diff --git a/flake.nix b/flake.nix index bba4f434..1ebdd843 100644 --- a/flake.nix +++ b/flake.nix @@ -99,8 +99,8 @@ hostDefaults = { system = "x86_64-linux"; channelName = "nixos"; - imports = [ (digga.lib.importModules ./modules) ]; - externalModules = [ + imports = [ (digga.lib.importExportableModules ./modules) ]; + modules = [ { lib.our = self.lib; } digga.nixosModules.bootstrapIso digga.nixosModules.nixConfig @@ -126,8 +126,8 @@ }; home = { - imports = [ (digga.lib.importModules ./users/modules) ]; - externalModules = [ ]; + imports = [ (digga.lib.importExportableModules ./users/modules) ]; + modules = [ ]; importables = rec { profiles = digga.lib.rakeLeaves ./users/profiles; suites = with profiles; rec { diff --git a/shell/default.nix b/shell/default.nix index aef90a55..d22b3af4 100644 --- a/shell/default.nix +++ b/shell/default.nix @@ -1,9 +1,9 @@ { self, inputs, ... }: { - externalModules = with inputs; [ + modules = with inputs; [ bud.devshellModules.bud ]; - modules = [ + exportedModules = [ ./devos.nix ]; } -- 2.44.2 From 950199ef2c5c85e7d8235962dc49f9a5793f41e5 Mon Sep 17 00:00:00 2001 From: GTrunSec Date: Wed, 29 Sep 2021 11:45:46 -0700 Subject: [PATCH 014/320] update deploy-rs overlay --- flake.nix | 7 +++++-- overlays/overrides.nix | 4 +++- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 1ebdd843..d87fdce1 100644 --- a/flake.nix +++ b/flake.nix @@ -77,11 +77,14 @@ nur.overlay agenix.overlay nvfetcher.overlay - deploy.overlay ./pkgs/default.nix ]; }; - latest = { }; + latest = { + overlays = [ + deploy.overlay + ]; + }; }; lib = import ./lib { lib = digga.lib // nixos.lib; }; diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 6280513d..597817b2 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -11,7 +11,9 @@ channels: final: prev: { nixpkgs-fmt qutebrowser signal-desktop - starship; + starship + deploy-rs + ; haskellPackages = prev.haskellPackages.override -- 2.44.2 From f10a8fdd33e5b354e6c5cfe32029900a891e65ca Mon Sep 17 00:00:00 2001 From: GTrunSec Date: Wed, 29 Sep 2021 11:49:43 -0700 Subject: [PATCH 015/320] chore: update nvfecher --- flake.lock | 6 +++--- shell/devos.nix | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index 5dff3b1d..3aa2ac11 100644 --- a/flake.lock +++ b/flake.lock @@ -412,11 +412,11 @@ ] }, "locked": { - "lastModified": 1627523399, - "narHash": "sha256-j9CgnUQpWcb8OB4LRzPW8BdxvmoROJptgptDlPA8Heo=", + "lastModified": 1632700276, + "narHash": "sha256-XABvQUq2qv+YcQxW93DnU8mgtVsGJWyhcznny/Lbp0Q=", "owner": "berberman", "repo": "nvfetcher", - "rev": "fb8f2cc770ad3dd3e29d7ba3004692d4d53fba9b", + "rev": "248fe98ed1bc352ce164d08a9e76fdc5f301ba2d", "type": "github" }, "original": { diff --git a/shell/devos.nix b/shell/devos.nix index 128b45c3..90901435 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -41,7 +41,7 @@ in category = "devos"; name = pkgs.nvfetcher-bin.pname; help = pkgs.nvfetcher-bin.meta.description; - command = "cd $DEVSHELL_ROOT/pkgs; ${pkgs.nvfetcher-bin}/bin/nvfetcher -c ./sources.toml --no-output $@"; + command = "cd $PRJ_ROOT/pkgs; ${pkgs.nvfetcher-bin}/bin/nvfetcher -c ./sources.toml $@"; } (linter nixpkgs-fmt) (linter editorconfig-checker) -- 2.44.2 From 1df67a3f2ac5e109fef54dc0b761aca0d64c2c5c Mon Sep 17 00:00:00 2001 From: GTrunSec Date: Thu, 30 Sep 2021 00:33:01 -0700 Subject: [PATCH 016/320] update digga lock --- flake.lock | 71 ++++++++++++++++++++++++------------------------------ 1 file changed, 32 insertions(+), 39 deletions(-) diff --git a/flake.lock b/flake.lock index 3aa2ac11..f8da6190 100644 --- a/flake.lock +++ b/flake.lock @@ -82,10 +82,9 @@ "deploy": { "inputs": { "flake-compat": "flake-compat", - "naersk": "naersk", "nixpkgs": [ "digga", - "nixpkgs" + "latest" ], "utils": [ "digga", @@ -93,11 +92,11 @@ ] }, "locked": { - "lastModified": 1628752686, - "narHash": "sha256-Lzh9MYUJDsjgif+YEyOErXtj1IH+ci8J1C30g1ms69s=", + "lastModified": 1632822684, + "narHash": "sha256-lt7eayYmgsD5OQwpb1XYfHpxttn43bWo7G7hIJs+zJw=", "owner": "serokell", "repo": "deploy-rs", - "rev": "e5546f9c2503c26d175f08a81fc0a0f330be4cbe", + "rev": "9a02de4373e0ec272d08a417b269a28ac8b961b4", "type": "github" }, "original": { @@ -108,11 +107,11 @@ }, "devshell": { "locked": { - "lastModified": 1629275356, - "narHash": "sha256-R17M69EKXP6q8/mNHaK53ECwjFo1pdF+XaJC9Qq8zjg=", + "lastModified": 1632436039, + "narHash": "sha256-OtITeVWcKXn1SpVEnImpTGH91FycCskGBPqmlxiykv4=", "owner": "numtide", "repo": "devshell", - "rev": "26f25a12265f030917358a9632cd600b51af1d97", + "rev": "7a7a7aa0adebe5488e5abaec688fd9ae0f8ea9c6", "type": "github" }, "original": { @@ -131,6 +130,7 @@ "home-manager": [ "home" ], + "latest": "latest", "nix": "nix", "nixlib": [ "nixos" @@ -141,11 +141,11 @@ ] }, "locked": { - "lastModified": 1632784893, - "narHash": "sha256-SBmGCObLqF9CrWoF7hrBpiCMPTUFzHiBvAtCJXQrPg4=", + "lastModified": 1632959483, + "narHash": "sha256-jXogai6e+QRtiZFBOrMmYdeLXejzVT91kuDKu2RuJ10=", "owner": "divnix", "repo": "digga", - "rev": "6316878be3527ef2b27b8e92afb44ce1857830b3", + "rev": "6549cf4c87d1a77138cbecbc6bb9483c20572cd7", "type": "github" }, "original": { @@ -157,11 +157,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1606424373, - "narHash": "sha256-oq8d4//CJOrVj+EcOaSXvMebvuTkmBJuT5tzlfewUnQ=", + "lastModified": 1627913399, + "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", "owner": "edolstra", "repo": "flake-compat", - "rev": "99f1c2157fba4bfe6211a321fd0ee43199025dbf", + "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", "type": "github" }, "original": { @@ -228,6 +228,22 @@ } }, "latest": { + "locked": { + "lastModified": 1632660378, + "narHash": "sha256-sjA8eQlnyDjDLyAyq3XlJmN0nqW0ftl/pb7VnMg86L0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "31ffc50c571e6683e9ecc9dbcbd4a8e9914b4497", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "latest_2": { "locked": { "lastModified": 1627942574, "narHash": "sha256-guUcGRWvY2mfiVSet2x/zeHIyflm2wgglj0ldg0mMio=", @@ -261,29 +277,6 @@ } }, "naersk": { - "inputs": { - "nixpkgs": [ - "digga", - "deploy", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1622810282, - "narHash": "sha256-4wmvM3/xfD0hCdNDIXVzRMfL4yB1J+DjH6Zte2xbAxk=", - "owner": "nmattia", - "repo": "naersk", - "rev": "e8061169e1495871b56be97c5c51d310fae01374", - "type": "github" - }, - "original": { - "owner": "nmattia", - "ref": "master", - "repo": "naersk", - "type": "github" - } - }, - "naersk_2": { "inputs": { "nixpkgs": [ "latest" @@ -448,8 +441,8 @@ "flake-utils-plus" ], "home": "home", - "latest": "latest", - "naersk": "naersk_2", + "latest": "latest_2", + "naersk": "naersk", "nixlib": [ "digga", "nixlib" -- 2.44.2 From 469b3746cfe1c2698b9c23d352d23b6c1133014e Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Mon, 4 Oct 2021 11:59:33 -0700 Subject: [PATCH 017/320] flake: update bud input --- flake.lock | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 70 insertions(+), 4 deletions(-) diff --git a/flake.lock b/flake.lock index f8da6190..02e7a7d2 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,29 @@ "type": "github" } }, + "beautysh": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "bud", + "nixpkgs" + ], + "poetry2nix": "poetry2nix" + }, + "locked": { + "lastModified": 1630693543, + "narHash": "sha256-7Sly3ReaJZw60Qo0rpfN4jF6zy94nwQz6ENgUUFzJfg=", + "owner": "lovesegfault", + "repo": "beautysh", + "rev": "5609593961b70428f58d5c1b4b25cdda43b0d0bd", + "type": "github" + }, + "original": { + "owner": "lovesegfault", + "repo": "beautysh", + "type": "github" + } + }, "blank": { "locked": { "lastModified": 1625557891, @@ -37,6 +60,7 @@ }, "bud": { "inputs": { + "beautysh": "beautysh", "devshell": [ "digga", "devshell" @@ -46,11 +70,11 @@ ] }, "locked": { - "lastModified": 1627855680, - "narHash": "sha256-snDOrUp8nth2Vs3GeEXr7Xji+HaHy25htZLNvid/U3I=", + "lastModified": 1633373878, + "narHash": "sha256-9+ziZ8l6rq3yXyY6B0wYXrVdfxr6cdpEbPEGRHywBKc=", "owner": "divnix", "repo": "bud", - "rev": "612228a68d404d559405225427a5d8b3cef9d27c", + "rev": "4e709a2fcf19df500ba87d9c3b1b1481401cd53b", "type": "github" }, "original": { @@ -125,7 +149,7 @@ "blank": "blank", "deploy": "deploy", "devshell": "devshell", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "flake-utils-plus": "flake-utils-plus", "home-manager": [ "home" @@ -206,6 +230,21 @@ "type": "github" } }, + "flake-utils_2": { + "locked": { + "lastModified": 1623875721, + "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home": { "inputs": { "nixpkgs": [ @@ -418,6 +457,33 @@ "type": "github" } }, + "poetry2nix": { + "inputs": { + "flake-utils": [ + "bud", + "beautysh", + "flake-utils" + ], + "nixpkgs": [ + "bud", + "beautysh", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1625240517, + "narHash": "sha256-2E1gaOP+bCplhf3kliVQWK5N1NV2h06mkJk2KTiRTJQ=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "e40e8ed0e8c11e709e4c8c7c20174facd265a021", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", -- 2.44.2 From 74208fb88f7832e0354e0646145784e55071b7af Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Mon, 4 Oct 2021 12:18:28 -0700 Subject: [PATCH 018/320] workflows: add check to run bud --- .github/workflows/check.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index e80861b0..8fdf8d1c 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -26,3 +26,4 @@ jobs: - run: nix -Lv flake check - run: nix -Lv build ".#nixosConfigurations.NixOS.config.system.build.toplevel" - run: nix -Lv develop -c echo OK + - run: nix -Lv develop --command bud --help -- 2.44.2 From 676bda5b9ec7bef6a10bbad42351a0ff46a5a58f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 5 Oct 2021 16:47:08 +0200 Subject: [PATCH 019/320] drone: follow new upstream default branch main --- .drone.yml | 26 +++++++++++++------------- .drone/upstream-branch.sh | 2 +- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/.drone.yml b/.drone.yml index 546ae536..8c4e82e6 100644 --- a/.drone.yml +++ b/.drone.yml @@ -10,7 +10,7 @@ steps: event: - cron cron: - - sync-master-with-upstream + - sync-main-with-upstream environment: GITEA_SSH_KEY: from_secret: gitea_ssh_key @@ -21,7 +21,7 @@ steps: - git remote add devos git@git.b12f.io:pub-solar/devos - git remote set-url origin git@git.b12f.io:pub-solar/os - git fetch --all - - git merge -X theirs devos/master + - git merge -X theirs devos/main - git push origin devos - name: "Sync $BRANCH with upstream" @@ -30,14 +30,14 @@ steps: event: - cron cron: - - sync-master-with-upstream - - sync-b12f-with-master - - sync-teutat3s-with-master + - sync-main-with-upstream + - sync-b12f-with-main + - sync-teutat3s-with-main environment: GITEA_SSH_KEY: from_secret: gitea_ssh_key commands: - - git checkout origin/master + - git checkout origin/main - ./.drone/setup_ssh.sh - git remote set-url origin git@git.b12f.io:pub-solar/os - ./.drone/upstream-branch.sh @@ -50,16 +50,16 @@ steps: event: - cron cron: - - sync-master-with-upstream - - sync-b12f-with-master - - sync-teutat3s-with-master + - sync-main-with-upstream + - sync-b12f-with-main + - sync-teutat3s-with-main environment: TEA_CONFIG: from_secret: tea_config commands: - mkdir -p ~/.config/tea - echo "$$TEA_CONFIG" > ~/.config/tea/config.yml - - tea pulls create --base master --head devos + - tea pulls create --base main --head devos - name: "Notify matrix" image: plugins/matrix @@ -70,9 +70,9 @@ steps: event: - cron cron: - - sync-master-with-upstream - - sync-b12f-with-master - - sync-teutat3s-with-master + - sync-main-with-upstream + - sync-b12f-with-main + - sync-teutat3s-with-main settings: homeserver: https://matrix.pub.solar roomid: dfQBqwkhIzrFjMSsxy:pub.solar diff --git a/.drone/upstream-branch.sh b/.drone/upstream-branch.sh index a0cda64e..a53ad4bb 100755 --- a/.drone/upstream-branch.sh +++ b/.drone/upstream-branch.sh @@ -4,7 +4,7 @@ set -e set -u LOCAL="$DRONE_BRANCH" -[ "$LOCAL" = "master" ] && UPSTREAM=origin/devos || UPSTREAM=origin/master +[ "$LOCAL" = "main" ] && UPSTREAM=origin/devos || UPSTREAM=origin/main git fetch --all git checkout "$LOCAL" -- 2.44.2 From a21a13c6fbd5e9150850eeed7ec86add9382d015 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 5 Oct 2021 16:47:45 +0200 Subject: [PATCH 020/320] drone: fix cron jobs for user branches --- .drone.yml | 25 ++++++++++++++++++++----- 1 file changed, 20 insertions(+), 5 deletions(-) diff --git a/.drone.yml b/.drone.yml index 8c4e82e6..911059a3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -4,6 +4,25 @@ type: docker name: Upstreaming steps: + - name: "Setup git repos and SSH access" + image: alpine/git + when: + event: + - cron + cron: + - sync-main-with-upstream + - sync-b12f-with-main + - sync-teutat3s-with-main + environment: + GITEA_SSH_KEY: + from_secret: gitea_ssh_key + commands: + - ./.drone/setup_ssh.sh + - git fetch + - git remote add devos git@git.b12f.io:pub-solar/devos + - git remote set-url origin git@git.b12f.io:pub-solar/os + - git fetch --all + - name: "Sync 'devos' branch with upstream" image: alpine/git when: @@ -16,11 +35,7 @@ steps: from_secret: gitea_ssh_key commands: - ./.drone/setup_ssh.sh - - git fetch - - git checkout devos - - git remote add devos git@git.b12f.io:pub-solar/devos - - git remote set-url origin git@git.b12f.io:pub-solar/os - - git fetch --all + - git checkout origin/devos - git merge -X theirs devos/main - git push origin devos -- 2.44.2 From 0f4f8eca37feaefb299d0467187d26399db65451 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 5 Oct 2021 19:32:54 +0000 Subject: [PATCH 021/320] Drone: follow new upstream default branch main, cron fixes (#30) Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/30 Co-authored-by: teutat3s Co-committed-by: teutat3s --- .drone.yml | 45 ++++++++++++++++++++++++++------------- .drone/upstream-branch.sh | 2 +- 2 files changed, 31 insertions(+), 16 deletions(-) diff --git a/.drone.yml b/.drone.yml index 546ae536..911059a3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -4,24 +4,39 @@ type: docker name: Upstreaming steps: - - name: "Sync 'devos' branch with upstream" + - name: "Setup git repos and SSH access" image: alpine/git when: event: - cron cron: - - sync-master-with-upstream + - sync-main-with-upstream + - sync-b12f-with-main + - sync-teutat3s-with-main environment: GITEA_SSH_KEY: from_secret: gitea_ssh_key commands: - ./.drone/setup_ssh.sh - git fetch - - git checkout devos - git remote add devos git@git.b12f.io:pub-solar/devos - git remote set-url origin git@git.b12f.io:pub-solar/os - git fetch --all - - git merge -X theirs devos/master + + - name: "Sync 'devos' branch with upstream" + image: alpine/git + when: + event: + - cron + cron: + - sync-main-with-upstream + environment: + GITEA_SSH_KEY: + from_secret: gitea_ssh_key + commands: + - ./.drone/setup_ssh.sh + - git checkout origin/devos + - git merge -X theirs devos/main - git push origin devos - name: "Sync $BRANCH with upstream" @@ -30,14 +45,14 @@ steps: event: - cron cron: - - sync-master-with-upstream - - sync-b12f-with-master - - sync-teutat3s-with-master + - sync-main-with-upstream + - sync-b12f-with-main + - sync-teutat3s-with-main environment: GITEA_SSH_KEY: from_secret: gitea_ssh_key commands: - - git checkout origin/master + - git checkout origin/main - ./.drone/setup_ssh.sh - git remote set-url origin git@git.b12f.io:pub-solar/os - ./.drone/upstream-branch.sh @@ -50,16 +65,16 @@ steps: event: - cron cron: - - sync-master-with-upstream - - sync-b12f-with-master - - sync-teutat3s-with-master + - sync-main-with-upstream + - sync-b12f-with-main + - sync-teutat3s-with-main environment: TEA_CONFIG: from_secret: tea_config commands: - mkdir -p ~/.config/tea - echo "$$TEA_CONFIG" > ~/.config/tea/config.yml - - tea pulls create --base master --head devos + - tea pulls create --base main --head devos - name: "Notify matrix" image: plugins/matrix @@ -70,9 +85,9 @@ steps: event: - cron cron: - - sync-master-with-upstream - - sync-b12f-with-master - - sync-teutat3s-with-master + - sync-main-with-upstream + - sync-b12f-with-main + - sync-teutat3s-with-main settings: homeserver: https://matrix.pub.solar roomid: dfQBqwkhIzrFjMSsxy:pub.solar diff --git a/.drone/upstream-branch.sh b/.drone/upstream-branch.sh index a0cda64e..a53ad4bb 100755 --- a/.drone/upstream-branch.sh +++ b/.drone/upstream-branch.sh @@ -4,7 +4,7 @@ set -e set -u LOCAL="$DRONE_BRANCH" -[ "$LOCAL" = "master" ] && UPSTREAM=origin/devos || UPSTREAM=origin/master +[ "$LOCAL" = "main" ] && UPSTREAM=origin/devos || UPSTREAM=origin/main git fetch --all git checkout "$LOCAL" -- 2.44.2 From 916a812af158c9c37c700ead91cbd7949b5a10b2 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 6 Oct 2021 07:27:50 +0000 Subject: [PATCH 022/320] core: fix nix search with dram (again) (#32) This somehow got lost in our commit history Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/32 Co-authored-by: teutat3s Co-committed-by: teutat3s --- profiles/core/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index f0f8b407..c4247377 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -109,7 +109,8 @@ in keep-outputs = true keep-derivations = true fallback = true - experimental-features = nix-command flakes + # used by nix-dram + default-flake = flake:nixpkgs ''; }; -- 2.44.2 From 8684105d21c1c59db27e499a5801023dd3ce2c7d Mon Sep 17 00:00:00 2001 From: Joel Date: Thu, 7 Oct 2021 19:11:21 +1000 Subject: [PATCH 023/320] docs: fix typos in concepts/suites --- doc/concepts/suites.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/doc/concepts/suites.md b/doc/concepts/suites.md index 42a3db82..e9eef34c 100644 --- a/doc/concepts/suites.md +++ b/doc/concepts/suites.md @@ -1,9 +1,9 @@ # Suites -Suites provide a mechanism for users to easily combine and name collecitons of +Suites provide a mechanism for users to easily combine and name collections of profiles. `suites` are defined in the `importables` argument in either the `home` or `nixos` -namespace. They are a special case of an `importable` which get passed as a special +namespace. They are a special case of an `importable` which is passed as a special argument (one that can be use in an `imports` line) to your hosts. All lists defined in `suites` are flattened and type-checked as paths. -- 2.44.2 From e41f1a1317f3b3f68fa79e4b2949c10d265c5cd5 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 7 Oct 2021 23:40:32 +0000 Subject: [PATCH 024/320] chore: fix merge conflict (#34) Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/34 Co-authored-by: teutat3s Co-committed-by: teutat3s --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 15211ebc..c445b531 100644 --- a/README.md +++ b/README.md @@ -88,3 +88,4 @@ DevOS is licensed under the [MIT License][mit]. [nixpkgs]: https://github.com/NixOS/nixpkgs [nvfetcher]: https://github.com/berberman/nvfetcher [please]: https://github.com/nrdxp/devos/tree/nrd +[matrix]: https://matrix.to/#/#devos:nixos.org -- 2.44.2 From e833c6cdaed3ab316f18d1921e80576f48f0b256 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 7 Oct 2021 23:53:20 +0000 Subject: [PATCH 025/320] fix/merge-conflict (#36) Co-authored-by: Anton Co-authored-by: Chris Montgomery Co-authored-by: Timothy DeHerrera Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/36 Co-authored-by: teutat3s Co-committed-by: teutat3s --- .github/ISSUE_TEMPLATE/bug_report.md | 2 +- .github/workflows/check.yml | 2 +- .github/workflows/mdbook_docs.yml | 2 +- .github/workflows/release.yml | 4 ++-- .gitignore | 2 +- README.md | 2 +- bud/get.bash | 2 +- doc/CONTRIBUTING.md | 4 ++-- doc/concepts/profiles.md | 2 +- doc/concepts/users.md | 8 ++++---- doc/integrations/deploy.md | 2 +- doc/integrations/nvfetcher.md | 2 +- doc/start/from-nixos.md | 4 ++-- doc/start/index.md | 8 ++++---- doc/tests.md | 2 +- 15 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md index ca1ca289..1040ee63 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.md +++ b/.github/ISSUE_TEMPLATE/bug_report.md @@ -35,4 +35,4 @@ Please search on the [issue tracker](../) before creating one. ## Your Environment - + diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index c8a8f64c..e80861b0 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -2,7 +2,7 @@ name: "Check & Cachix" on: push: branches: - - main + - master - trying - staging jobs: diff --git a/.github/workflows/mdbook_docs.yml b/.github/workflows/mdbook_docs.yml index 5faf9c28..9d15cc18 100644 --- a/.github/workflows/mdbook_docs.yml +++ b/.github/workflows/mdbook_docs.yml @@ -3,7 +3,7 @@ name: Deploy Docs to GitHub Pages on: push: branches: - - main + - master jobs: deploy: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6b22de09..111be319 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: - name: Checkout code uses: actions/checkout@v2 with: - ref: core + ref: master - name: Update Changelog uses: heinrichreimer/github-changelog-generator-action@v2.1.1 with: @@ -49,7 +49,7 @@ jobs: - name: Checkout code uses: actions/checkout@v2 with: - ref: core + ref: master - name: Get Changelog Entry id: changelog_reader diff --git a/.gitignore b/.gitignore index d0e363cc..42450bd7 100644 --- a/.gitignore +++ b/.gitignore @@ -2,7 +2,7 @@ result .direnv doc/index.html -# Result of flk commands +# Result of bud commands vm iso doi diff --git a/README.md b/README.md index c445b531..1d813821 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ They also make [Nix expressions](https://nixos.org/manual/nix/unstable/expressio ## Getting Started Check out the [guide](https://devos.divnix.com/start) to get up and running. -Also, have a look at [_flake.nix_][toc]. If anything is not immediately +Also, have a look at [_flake.nix_](./flake.nix). If anything is not immediately discoverable via "[`digga`][digga]'s [`mkFlake`][mk-flake], please file a bug report. diff --git a/bud/get.bash b/bud/get.bash index 3b4d9a74..770c002e 100644 --- a/bud/get.bash +++ b/bud/get.bash @@ -1 +1 @@ -nix flake new -t "github:divnix/devos/core" "${2:-devos}" +nix flake new -t "github:divnix/devos/master" "${2:-devos}" diff --git a/doc/CONTRIBUTING.md b/doc/CONTRIBUTING.md index 8574daea..2b5241a3 100644 --- a/doc/CONTRIBUTING.md +++ b/doc/CONTRIBUTING.md @@ -1,8 +1,8 @@ # Pull Requests ## TL;DR; -- **Target Branch**: `main` -- **Merge Policy**: [`bors`][bors] is alwyas right (→ `bors try`) +- **Target Branch**: `master` +- **Merge Policy**: [`bors`][bors] is always right (→ `bors try`) - **Docs**: every changeset is expected to contain doc updates - **Commit Msg**: be a poet! Comprehensive and explanatory commit messages should cover the motivation and use case in an easily understandable manner diff --git a/doc/concepts/profiles.md b/doc/concepts/profiles.md index a5eda3e2..36e423f3 100644 --- a/doc/concepts/profiles.md +++ b/doc/concepts/profiles.md @@ -63,5 +63,5 @@ specific belongs in your [host](hosts.md) files instead. [definition]: https://nixos.org/manual/nixos/stable/index.html#sec-option-definitions [declaration]: https://nixos.org/manual/nixos/stable/index.html#sec-option-declarations [options]: https://nixos.org/manual/nixos/stable/index.html#sec-writing-modules -[spec]: https://github.com/divnix/devos/tree/core/lib/devos/mkProfileAttrs.nix +[spec]: https://github.com/divnix/devos/tree/master/lib/devos/mkProfileAttrs.nix [config]: https://nixos.wiki/wiki/Module#structure diff --git a/doc/concepts/users.md b/doc/concepts/users.md index 12bf5622..d18d51d3 100644 --- a/doc/concepts/users.md +++ b/doc/concepts/users.md @@ -48,7 +48,7 @@ argument that gets passed to your home-manager users. ## External Usage You can easily use the defined home-manager configurations outside of NixOS -using the `homeConfigurations` flake output. The [flk](../flk/index.md) helper +using the `homeConfigurations` flake output. The [bud](../bud/index.md) helper script makes this even easier. This is great for keeping your environment consistent across Unix systems, @@ -57,10 +57,10 @@ including OSX. ### From within the projects devshell: ```sh # builds the nixos user defined in the NixOS host -flk home NixOS nixos +bud home NixOS nixos # build and activate -flk home NixOS nixos switch +bud home NixOS nixos switch ``` ### Manually from outside the project: @@ -73,5 +73,5 @@ nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPac ``` [home-manager]: https://nix-community.github.io/home-manager -[modules-list]: https://github.com/divnix/devos/tree/core/users/modules/module-list.nix +[modules-list]: https://github.com/divnix/devos/tree/master/users/modules/module-list.nix [portableuser]: https://digga.divnix.com/api-reference-home.html#homeusers diff --git a/doc/integrations/deploy.md b/doc/integrations/deploy.md index 29032108..642267c8 100644 --- a/doc/integrations/deploy.md +++ b/doc/integrations/deploy.md @@ -40,7 +40,7 @@ And the private key to your user: And run the deployment: ```sh -deploy "flk#hostName" --hostname host.example.com +deploy '.#hostName' --hostname host.example.com ``` > ##### _Note:_ diff --git a/doc/integrations/nvfetcher.md b/doc/integrations/nvfetcher.md index 4670657e..107a1695 100644 --- a/doc/integrations/nvfetcher.md +++ b/doc/integrations/nvfetcher.md @@ -40,4 +40,4 @@ fetch.git = "https://github.com/mlvzk/manix.git" # responsible for fetching [nvf]: https://github.com/berberman/nvfetcher [nvf-readme]: https://github.com/berberman/nvfetcher#readme -[sources.toml]: https://github.com/divnix/devos/tree/core/pkgs/sources.toml +[sources.toml]: https://github.com/divnix/devos/tree/master/pkgs/sources.toml diff --git a/doc/start/from-nixos.md b/doc/start/from-nixos.md index 0e1d48cb..ce79063b 100644 --- a/doc/start/from-nixos.md +++ b/doc/start/from-nixos.md @@ -4,7 +4,7 @@ Assuming you're happy with your existing partition layout, you can generate a basic NixOS configuration for your system using: ```sh -flk up +bud up ``` This will make a new file `hosts/up-$(hostname).nix`, which you can edit to @@ -38,7 +38,7 @@ Now might be a good time to read the docs on [suites](../concepts/suites.md) and Once you're ready to deploy `hosts/my-host.nix`: ```sh -flk my-host switch +bud my-host switch ``` diff --git a/doc/start/index.md b/doc/start/index.md index f3f1127f..ed1a114a 100644 --- a/doc/start/index.md +++ b/doc/start/index.md @@ -6,10 +6,10 @@ Here is a snippet that will get you the template without the git history: ```sh nix-shell -p cachix --run "cachix use nrdxp" -nix-shell https://github.com/divnix/devos/archive/core.tar.gz -A shell \ - --run "flk get core" +nix-shell https://github.com/divnix/devos/archive/master.tar.gz -A shell \ + --run "bud get master" -cd flk +cd devos nix-shell @@ -18,7 +18,7 @@ git add . git commit -m init ``` -This will place you in a new folder named `flk` with git initialized, and a +This will place you in a new folder named `devos` with git initialized, and a nix-shell that provides all the dependencies, including the unstable nix version required. diff --git a/doc/tests.md b/doc/tests.md index 1d7b65e2..6a62c726 100644 --- a/doc/tests.md +++ b/doc/tests.md @@ -26,7 +26,7 @@ and the examples in [nixpkgs][nixos-tests]. [test-doc]: https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests [test-blog]: https://www.haskellforall.com/2020/11/how-to-use-nixos-for-lightweight.html -[default]: https://github.com/divnix/devos/tree/core/tests/default.nix +[default]: https://github.com/divnix/devos/tree/master/tests/default.nix [run-test]: https://github.com/NixOS/nixpkgs/blob/6571462647d7316aff8b8597ecdf5922547bf365/lib/debug.nix#L154-L166 [nixos-tests]: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests [testing-python]: https://github.com/NixOS/nixpkgs/tree/master/nixos/lib/testing-python.nix -- 2.44.2 From 804e972c5701884f8f0891dc68e8a60802d9f03b Mon Sep 17 00:00:00 2001 From: Trevor Riles Date: Sat, 9 Oct 2021 11:17:42 -0500 Subject: [PATCH 026/320] Update docs and scripts to use main branch. When following the getting started guide commands were failing due to the mater branch not existing. I went through and updated all references in the docs and other scripts from master to main. --- bud/get.bash | 2 +- doc/CONTRIBUTING.md | 2 +- doc/concepts/profiles.md | 2 +- doc/concepts/users.md | 2 +- doc/integrations/nvfetcher.md | 2 +- doc/start/index.md | 4 ++-- doc/tests.md | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bud/get.bash b/bud/get.bash index 770c002e..b88081b4 100644 --- a/bud/get.bash +++ b/bud/get.bash @@ -1 +1 @@ -nix flake new -t "github:divnix/devos/master" "${2:-devos}" +nix flake new -t "github:divnix/devos/main" "${2:-devos}" diff --git a/doc/CONTRIBUTING.md b/doc/CONTRIBUTING.md index 2b5241a3..86f5dd70 100644 --- a/doc/CONTRIBUTING.md +++ b/doc/CONTRIBUTING.md @@ -1,7 +1,7 @@ # Pull Requests ## TL;DR; -- **Target Branch**: `master` +- **Target Branch**: `main` - **Merge Policy**: [`bors`][bors] is always right (→ `bors try`) - **Docs**: every changeset is expected to contain doc updates - **Commit Msg**: be a poet! Comprehensive and explanatory commit messages diff --git a/doc/concepts/profiles.md b/doc/concepts/profiles.md index 36e423f3..7e592cc1 100644 --- a/doc/concepts/profiles.md +++ b/doc/concepts/profiles.md @@ -63,5 +63,5 @@ specific belongs in your [host](hosts.md) files instead. [definition]: https://nixos.org/manual/nixos/stable/index.html#sec-option-definitions [declaration]: https://nixos.org/manual/nixos/stable/index.html#sec-option-declarations [options]: https://nixos.org/manual/nixos/stable/index.html#sec-writing-modules -[spec]: https://github.com/divnix/devos/tree/master/lib/devos/mkProfileAttrs.nix +[spec]: https://github.com/divnix/devos/tree/main/lib/devos/mkProfileAttrs.nix [config]: https://nixos.wiki/wiki/Module#structure diff --git a/doc/concepts/users.md b/doc/concepts/users.md index d18d51d3..3ab7c39c 100644 --- a/doc/concepts/users.md +++ b/doc/concepts/users.md @@ -73,5 +73,5 @@ nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPac ``` [home-manager]: https://nix-community.github.io/home-manager -[modules-list]: https://github.com/divnix/devos/tree/master/users/modules/module-list.nix +[modules-list]: https://github.com/divnix/devos/tree/main/users/modules/module-list.nix [portableuser]: https://digga.divnix.com/api-reference-home.html#homeusers diff --git a/doc/integrations/nvfetcher.md b/doc/integrations/nvfetcher.md index 107a1695..c26c5fbe 100644 --- a/doc/integrations/nvfetcher.md +++ b/doc/integrations/nvfetcher.md @@ -40,4 +40,4 @@ fetch.git = "https://github.com/mlvzk/manix.git" # responsible for fetching [nvf]: https://github.com/berberman/nvfetcher [nvf-readme]: https://github.com/berberman/nvfetcher#readme -[sources.toml]: https://github.com/divnix/devos/tree/master/pkgs/sources.toml +[sources.toml]: https://github.com/divnix/devos/tree/main/pkgs/sources.toml diff --git a/doc/start/index.md b/doc/start/index.md index ed1a114a..2cd14d9a 100644 --- a/doc/start/index.md +++ b/doc/start/index.md @@ -6,8 +6,8 @@ Here is a snippet that will get you the template without the git history: ```sh nix-shell -p cachix --run "cachix use nrdxp" -nix-shell https://github.com/divnix/devos/archive/master.tar.gz -A shell \ - --run "bud get master" +nix-shell https://github.com/divnix/devos/archive/main.tar.gz -A shell \ + --run "bud get main" cd devos diff --git a/doc/tests.md b/doc/tests.md index 6a62c726..4844912d 100644 --- a/doc/tests.md +++ b/doc/tests.md @@ -26,7 +26,7 @@ and the examples in [nixpkgs][nixos-tests]. [test-doc]: https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests [test-blog]: https://www.haskellforall.com/2020/11/how-to-use-nixos-for-lightweight.html -[default]: https://github.com/divnix/devos/tree/master/tests/default.nix +[default]: https://github.com/divnix/devos/tree/main/tests/default.nix [run-test]: https://github.com/NixOS/nixpkgs/blob/6571462647d7316aff8b8597ecdf5922547bf365/lib/debug.nix#L154-L166 [nixos-tests]: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests [testing-python]: https://github.com/NixOS/nixpkgs/tree/master/nixos/lib/testing-python.nix -- 2.44.2 From 038420caeddcb2b21e6901d4828755d501547a00 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 11 Oct 2021 20:54:25 +0000 Subject: [PATCH 027/320] Gitignore old owners directory (#37) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/37 Co-authored-by: Benjamin Bädorf Co-committed-by: Benjamin Bädorf --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 42450bd7..b8cac1af 100644 --- a/.gitignore +++ b/.gitignore @@ -10,3 +10,4 @@ doi pkgs/_sources/.shake* tags +/owners \ No newline at end of file -- 2.44.2 From 1f1d24f1e3877a47705647f15ec12ecedd2ba69e Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 11 Oct 2021 21:40:27 +0000 Subject: [PATCH 028/320] drone: fix cron job for upstream syncing (#38) Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/38 Co-authored-by: teutat3s Co-committed-by: teutat3s --- .drone.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.drone.yml b/.drone.yml index 911059a3..62f73181 100644 --- a/.drone.yml +++ b/.drone.yml @@ -35,6 +35,7 @@ steps: from_secret: gitea_ssh_key commands: - ./.drone/setup_ssh.sh + - git fetch --all - git checkout origin/devos - git merge -X theirs devos/main - git push origin devos -- 2.44.2 From 84bb1520eead0b6617d9a05f1c1cea09805f86b0 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 11 Oct 2021 21:47:46 +0000 Subject: [PATCH 029/320] fix/drone-upstream-cron (#39) Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/39 Co-authored-by: teutat3s Co-committed-by: teutat3s --- .drone.yml | 21 ++------------------- 1 file changed, 2 insertions(+), 19 deletions(-) diff --git a/.drone.yml b/.drone.yml index 62f73181..7dddd03e 100644 --- a/.drone.yml +++ b/.drone.yml @@ -4,25 +4,6 @@ type: docker name: Upstreaming steps: - - name: "Setup git repos and SSH access" - image: alpine/git - when: - event: - - cron - cron: - - sync-main-with-upstream - - sync-b12f-with-main - - sync-teutat3s-with-main - environment: - GITEA_SSH_KEY: - from_secret: gitea_ssh_key - commands: - - ./.drone/setup_ssh.sh - - git fetch - - git remote add devos git@git.b12f.io:pub-solar/devos - - git remote set-url origin git@git.b12f.io:pub-solar/os - - git fetch --all - - name: "Sync 'devos' branch with upstream" image: alpine/git when: @@ -35,6 +16,8 @@ steps: from_secret: gitea_ssh_key commands: - ./.drone/setup_ssh.sh + - git remote add devos git@git.b12f.io:pub-solar/devos + - git remote set-url origin git@git.b12f.io:pub-solar/os - git fetch --all - git checkout origin/devos - git merge -X theirs devos/main -- 2.44.2 From d67cc230f38db1e6a5b2ab61186e16ee833f9895 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 11 Oct 2021 22:03:38 +0000 Subject: [PATCH 030/320] fix/drone-upstream-cron (#40) Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/40 Co-authored-by: teutat3s Co-committed-by: teutat3s --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 7dddd03e..85891705 100644 --- a/.drone.yml +++ b/.drone.yml @@ -19,7 +19,7 @@ steps: - git remote add devos git@git.b12f.io:pub-solar/devos - git remote set-url origin git@git.b12f.io:pub-solar/os - git fetch --all - - git checkout origin/devos + - git checkout -b devos --track origin/devos - git merge -X theirs devos/main - git push origin devos -- 2.44.2 From 1a4ab1a93f1a074a9f6bcdadb296375364718c97 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 11 Oct 2021 22:11:36 +0000 Subject: [PATCH 031/320] fix/upstreaming-merge-conflicts (#41) Co-authored-by: Anton Co-authored-by: Chris Montgomery Co-authored-by: Timothy DeHerrera Co-authored-by: Parthiv Seetharaman Co-authored-by: bors[bot] <26634292+bors[bot]@users.noreply.github.com> Co-authored-by: GTrunSec Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/41 Co-authored-by: teutat3s Co-committed-by: teutat3s --- flake.lock | 114 ++++++++++++++++++++++++++--------------- flake.nix | 15 +++--- overlays/overrides.nix | 4 +- shell/default.nix | 4 +- shell/devos.nix | 2 +- 5 files changed, 89 insertions(+), 50 deletions(-) diff --git a/flake.lock b/flake.lock index 169c0844..3aeb7621 100644 --- a/flake.lock +++ b/flake.lock @@ -82,10 +82,9 @@ "deploy": { "inputs": { "flake-compat": "flake-compat", - "naersk": "naersk", "nixpkgs": [ "digga", - "nixpkgs" + "latest" ], "utils": [ "digga", @@ -93,11 +92,11 @@ ] }, "locked": { - "lastModified": 1628068208, - "narHash": "sha256-akJBkj6os4bjO1drhketJvXNC21yPuy4ufL2pyius4M=", + "lastModified": 1632822684, + "narHash": "sha256-lt7eayYmgsD5OQwpb1XYfHpxttn43bWo7G7hIJs+zJw=", "owner": "serokell", "repo": "deploy-rs", - "rev": "d72174307d5b88ec24cc2e69e875228fe3d642ed", + "rev": "9a02de4373e0ec272d08a417b269a28ac8b961b4", "type": "github" }, "original": { @@ -108,11 +107,11 @@ }, "devshell": { "locked": { - "lastModified": 1625086391, - "narHash": "sha256-IpNPv1v8s4L3CoxhwcgZIitGpcrnNgnj09X7TA0QV3k=", + "lastModified": 1632436039, + "narHash": "sha256-OtITeVWcKXn1SpVEnImpTGH91FycCskGBPqmlxiykv4=", "owner": "numtide", "repo": "devshell", - "rev": "4b5ac7cf7d9a1cc60b965bb51b59922f2210cbc7", + "rev": "7a7a7aa0adebe5488e5abaec688fd9ae0f8ea9c6", "type": "github" }, "original": { @@ -131,6 +130,8 @@ "home-manager": [ "home" ], + "latest": "latest", + "nix": "nix", "nixlib": [ "nixos" ], @@ -140,11 +141,11 @@ ] }, "locked": { - "lastModified": 1628211944, - "narHash": "sha256-2q1dNUzitVd0JNRHYTubbyb8ks3fL9hPJOvQgofxELE=", + "lastModified": 1632959483, + "narHash": "sha256-jXogai6e+QRtiZFBOrMmYdeLXejzVT91kuDKu2RuJ10=", "owner": "divnix", "repo": "digga", - "rev": "760bb9c29063258ba547145de0ab96acd7eba4c0", + "rev": "6549cf4c87d1a77138cbecbc6bb9483c20572cd7", "type": "github" }, "original": { @@ -156,11 +157,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1606424373, - "narHash": "sha256-oq8d4//CJOrVj+EcOaSXvMebvuTkmBJuT5tzlfewUnQ=", + "lastModified": 1627913399, + "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", "owner": "edolstra", "repo": "flake-compat", - "rev": "99f1c2157fba4bfe6211a321fd0ee43199025dbf", + "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", "type": "github" }, "original": { @@ -192,16 +193,15 @@ ] }, "locked": { - "lastModified": 1627071952, - "narHash": "sha256-FhE0KOuI9Kl4eyGJXu4bh9fBP2hbxjnD1DlKHljCcYs=", - "owner": "gytis-ivaskevicius", + "lastModified": 1630859749, + "narHash": "sha256-qkoU2rIbbP2+T0dfcqXW35GCWNsi0Y1IgN9BELmt4Zo=", + "owner": "divnix", "repo": "flake-utils-plus", - "rev": "51a82925db31073bc4822c9b538a0a3ebf1134b2", + "rev": "a4e267e3fc87e60c5029c6c3855935ff1ff3018e", "type": "github" }, "original": { - "owner": "gytis-ivaskevicius", - "ref": "staging", + "owner": "divnix", "repo": "flake-utils-plus", "type": "github" } @@ -243,6 +243,22 @@ } }, "latest": { + "locked": { + "lastModified": 1632660378, + "narHash": "sha256-sjA8eQlnyDjDLyAyq3XlJmN0nqW0ftl/pb7VnMg86L0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "31ffc50c571e6683e9ecc9dbcbd4a8e9914b4497", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "latest_2": { "locked": { "lastModified": 1627942574, "narHash": "sha256-guUcGRWvY2mfiVSet2x/zeHIyflm2wgglj0ldg0mMio=", @@ -258,28 +274,24 @@ "type": "github" } }, - "naersk": { - "inputs": { - "nixpkgs": [ - "latest" - ] - }, + "lowdown-src": { + "flake": false, "locked": { - "lastModified": 1622810282, - "narHash": "sha256-4wmvM3/xfD0hCdNDIXVzRMfL4yB1J+DjH6Zte2xbAxk=", - "owner": "nmattia", - "repo": "naersk", - "rev": "e8061169e1495871b56be97c5c51d310fae01374", + "lastModified": 1617481909, + "narHash": "sha256-SqnfOFuLuVRRNeVJr1yeEPJue/qWoCp5N6o5Kr///p4=", + "owner": "kristapsdz", + "repo": "lowdown", + "rev": "148f9b2f586c41b7e36e73009db43ea68c7a1a4d", "type": "github" }, "original": { - "owner": "nmattia", - "ref": "master", - "repo": "naersk", + "owner": "kristapsdz", + "ref": "VERSION_0_8_4", + "repo": "lowdown", "type": "github" } }, - "naersk_2": { + "naersk": { "inputs": { "nixpkgs": [ "latest" @@ -299,6 +311,28 @@ "type": "github" } }, + "nix": { + "inputs": { + "lowdown-src": "lowdown-src", + "nixpkgs": [ + "digga", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1630335771, + "narHash": "sha256-eljjEPJdLK3aDskF7qX4YM/6KCq+w9nr+IKhrKW/AIQ=", + "owner": "nixos", + "repo": "nix", + "rev": "50a35860ee9237d341948437c5f70a7f0987d393", + "type": "github" + }, + "original": { + "owner": "nixos", + "repo": "nix", + "type": "github" + } + }, "nix-dram": { "inputs": { "flake-utils": "flake-utils_2", @@ -421,11 +455,11 @@ ] }, "locked": { - "lastModified": 1627523399, - "narHash": "sha256-j9CgnUQpWcb8OB4LRzPW8BdxvmoROJptgptDlPA8Heo=", + "lastModified": 1632700276, + "narHash": "sha256-XABvQUq2qv+YcQxW93DnU8mgtVsGJWyhcznny/Lbp0Q=", "owner": "berberman", "repo": "nvfetcher", - "rev": "fb8f2cc770ad3dd3e29d7ba3004692d4d53fba9b", + "rev": "248fe98ed1bc352ce164d08a9e76fdc5f301ba2d", "type": "github" }, "original": { @@ -457,8 +491,8 @@ "flake-utils-plus" ], "home": "home", - "latest": "latest", - "naersk": "naersk_2", + "latest": "latest_2", + "naersk": "naersk", "nix-dram": "nix-dram", "nixlib": [ "digga", diff --git a/flake.nix b/flake.nix index 4684fc56..030ff244 100644 --- a/flake.nix +++ b/flake.nix @@ -81,12 +81,15 @@ nur.overlay agenix.overlay nvfetcher.overlay - deploy.overlay nix-dram.overlay ./pkgs/default.nix ]; }; - latest = { }; + latest = { + overlays = [ + deploy.overlay + ]; + }; }; lib = import ./lib { lib = digga.lib // nixos.lib; }; @@ -104,8 +107,8 @@ hostDefaults = { system = "x86_64-linux"; channelName = "nixos"; - imports = [ (digga.lib.importModules ./modules) ]; - externalModules = [ + imports = [ (digga.lib.importExportableModules ./modules) ]; + modules = [ { lib.our = self.lib; } digga.nixosModules.bootstrapIso digga.nixosModules.nixConfig @@ -133,8 +136,8 @@ }; home = { - imports = [ (digga.lib.importModules ./users/modules) ]; - externalModules = [ ]; + imports = [ (digga.lib.importExportableModules ./users/modules) ]; + modules = [ ]; importables = rec { profiles = digga.lib.rakeLeaves ./users/profiles; suites = with profiles; rec { diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 74188089..1c5070db 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -12,7 +12,9 @@ channels: final: prev: { nixpkgs-fmt qutebrowser signal-desktop - starship; + starship + deploy-rs + ; haskellPackages = prev.haskellPackages.override diff --git a/shell/default.nix b/shell/default.nix index aef90a55..d22b3af4 100644 --- a/shell/default.nix +++ b/shell/default.nix @@ -1,9 +1,9 @@ { self, inputs, ... }: { - externalModules = with inputs; [ + modules = with inputs; [ bud.devshellModules.bud ]; - modules = [ + exportedModules = [ ./devos.nix ]; } diff --git a/shell/devos.nix b/shell/devos.nix index 128b45c3..90901435 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -41,7 +41,7 @@ in category = "devos"; name = pkgs.nvfetcher-bin.pname; help = pkgs.nvfetcher-bin.meta.description; - command = "cd $DEVSHELL_ROOT/pkgs; ${pkgs.nvfetcher-bin}/bin/nvfetcher -c ./sources.toml --no-output $@"; + command = "cd $PRJ_ROOT/pkgs; ${pkgs.nvfetcher-bin}/bin/nvfetcher -c ./sources.toml $@"; } (linter nixpkgs-fmt) (linter editorconfig-checker) -- 2.44.2 From 134fcb9a0d50e6d6333d1623b68691f6e5693c66 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 11 Oct 2021 22:32:01 +0000 Subject: [PATCH 032/320] fix/upstreaming-merge-conflicts (#42) Co-authored-by: Anton Co-authored-by: Chris Montgomery Co-authored-by: Timothy DeHerrera Co-authored-by: Parthiv Seetharaman Co-authored-by: bors[bot] <26634292+bors[bot]@users.noreply.github.com> Co-authored-by: GTrunSec Co-authored-by: Pacman99 Co-authored-by: Joel Co-authored-by: Trevor Riles Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/42 Co-authored-by: teutat3s Co-committed-by: teutat3s --- .github/workflows/check.yml | 1 + bud/get.bash | 2 +- doc/CONTRIBUTING.md | 2 +- doc/concepts/profiles.md | 2 +- doc/concepts/suites.md | 4 +-- doc/concepts/users.md | 2 +- doc/integrations/nvfetcher.md | 2 +- doc/start/index.md | 4 +-- doc/tests.md | 2 +- flake.lock | 59 ++++++++++++++++++++++++++++++++--- 10 files changed, 66 insertions(+), 14 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index e80861b0..8fdf8d1c 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -26,3 +26,4 @@ jobs: - run: nix -Lv flake check - run: nix -Lv build ".#nixosConfigurations.NixOS.config.system.build.toplevel" - run: nix -Lv develop -c echo OK + - run: nix -Lv develop --command bud --help diff --git a/bud/get.bash b/bud/get.bash index 770c002e..b88081b4 100644 --- a/bud/get.bash +++ b/bud/get.bash @@ -1 +1 @@ -nix flake new -t "github:divnix/devos/master" "${2:-devos}" +nix flake new -t "github:divnix/devos/main" "${2:-devos}" diff --git a/doc/CONTRIBUTING.md b/doc/CONTRIBUTING.md index 2b5241a3..86f5dd70 100644 --- a/doc/CONTRIBUTING.md +++ b/doc/CONTRIBUTING.md @@ -1,7 +1,7 @@ # Pull Requests ## TL;DR; -- **Target Branch**: `master` +- **Target Branch**: `main` - **Merge Policy**: [`bors`][bors] is always right (→ `bors try`) - **Docs**: every changeset is expected to contain doc updates - **Commit Msg**: be a poet! Comprehensive and explanatory commit messages diff --git a/doc/concepts/profiles.md b/doc/concepts/profiles.md index 36e423f3..7e592cc1 100644 --- a/doc/concepts/profiles.md +++ b/doc/concepts/profiles.md @@ -63,5 +63,5 @@ specific belongs in your [host](hosts.md) files instead. [definition]: https://nixos.org/manual/nixos/stable/index.html#sec-option-definitions [declaration]: https://nixos.org/manual/nixos/stable/index.html#sec-option-declarations [options]: https://nixos.org/manual/nixos/stable/index.html#sec-writing-modules -[spec]: https://github.com/divnix/devos/tree/master/lib/devos/mkProfileAttrs.nix +[spec]: https://github.com/divnix/devos/tree/main/lib/devos/mkProfileAttrs.nix [config]: https://nixos.wiki/wiki/Module#structure diff --git a/doc/concepts/suites.md b/doc/concepts/suites.md index 42a3db82..e9eef34c 100644 --- a/doc/concepts/suites.md +++ b/doc/concepts/suites.md @@ -1,9 +1,9 @@ # Suites -Suites provide a mechanism for users to easily combine and name collecitons of +Suites provide a mechanism for users to easily combine and name collections of profiles. `suites` are defined in the `importables` argument in either the `home` or `nixos` -namespace. They are a special case of an `importable` which get passed as a special +namespace. They are a special case of an `importable` which is passed as a special argument (one that can be use in an `imports` line) to your hosts. All lists defined in `suites` are flattened and type-checked as paths. diff --git a/doc/concepts/users.md b/doc/concepts/users.md index d18d51d3..3ab7c39c 100644 --- a/doc/concepts/users.md +++ b/doc/concepts/users.md @@ -73,5 +73,5 @@ nix build "github:divnix/devos#homeConfigurations.nixos@NixOS.home.activationPac ``` [home-manager]: https://nix-community.github.io/home-manager -[modules-list]: https://github.com/divnix/devos/tree/master/users/modules/module-list.nix +[modules-list]: https://github.com/divnix/devos/tree/main/users/modules/module-list.nix [portableuser]: https://digga.divnix.com/api-reference-home.html#homeusers diff --git a/doc/integrations/nvfetcher.md b/doc/integrations/nvfetcher.md index 107a1695..c26c5fbe 100644 --- a/doc/integrations/nvfetcher.md +++ b/doc/integrations/nvfetcher.md @@ -40,4 +40,4 @@ fetch.git = "https://github.com/mlvzk/manix.git" # responsible for fetching [nvf]: https://github.com/berberman/nvfetcher [nvf-readme]: https://github.com/berberman/nvfetcher#readme -[sources.toml]: https://github.com/divnix/devos/tree/master/pkgs/sources.toml +[sources.toml]: https://github.com/divnix/devos/tree/main/pkgs/sources.toml diff --git a/doc/start/index.md b/doc/start/index.md index ed1a114a..2cd14d9a 100644 --- a/doc/start/index.md +++ b/doc/start/index.md @@ -6,8 +6,8 @@ Here is a snippet that will get you the template without the git history: ```sh nix-shell -p cachix --run "cachix use nrdxp" -nix-shell https://github.com/divnix/devos/archive/master.tar.gz -A shell \ - --run "bud get master" +nix-shell https://github.com/divnix/devos/archive/main.tar.gz -A shell \ + --run "bud get main" cd devos diff --git a/doc/tests.md b/doc/tests.md index 6a62c726..4844912d 100644 --- a/doc/tests.md +++ b/doc/tests.md @@ -26,7 +26,7 @@ and the examples in [nixpkgs][nixos-tests]. [test-doc]: https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests [test-blog]: https://www.haskellforall.com/2020/11/how-to-use-nixos-for-lightweight.html -[default]: https://github.com/divnix/devos/tree/master/tests/default.nix +[default]: https://github.com/divnix/devos/tree/main/tests/default.nix [run-test]: https://github.com/NixOS/nixpkgs/blob/6571462647d7316aff8b8597ecdf5922547bf365/lib/debug.nix#L154-L166 [nixos-tests]: https://github.com/NixOS/nixpkgs/tree/master/nixos/tests [testing-python]: https://github.com/NixOS/nixpkgs/tree/master/nixos/lib/testing-python.nix diff --git a/flake.lock b/flake.lock index 3aeb7621..c9cfb536 100644 --- a/flake.lock +++ b/flake.lock @@ -20,6 +20,29 @@ "type": "github" } }, + "beautysh": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "bud", + "nixpkgs" + ], + "poetry2nix": "poetry2nix" + }, + "locked": { + "lastModified": 1630693543, + "narHash": "sha256-7Sly3ReaJZw60Qo0rpfN4jF6zy94nwQz6ENgUUFzJfg=", + "owner": "lovesegfault", + "repo": "beautysh", + "rev": "5609593961b70428f58d5c1b4b25cdda43b0d0bd", + "type": "github" + }, + "original": { + "owner": "lovesegfault", + "repo": "beautysh", + "type": "github" + } + }, "blank": { "locked": { "lastModified": 1625557891, @@ -37,6 +60,7 @@ }, "bud": { "inputs": { + "beautysh": "beautysh", "devshell": [ "digga", "devshell" @@ -46,11 +70,11 @@ ] }, "locked": { - "lastModified": 1627855680, - "narHash": "sha256-snDOrUp8nth2Vs3GeEXr7Xji+HaHy25htZLNvid/U3I=", + "lastModified": 1633373878, + "narHash": "sha256-9+ziZ8l6rq3yXyY6B0wYXrVdfxr6cdpEbPEGRHywBKc=", "owner": "divnix", "repo": "bud", - "rev": "612228a68d404d559405225427a5d8b3cef9d27c", + "rev": "4e709a2fcf19df500ba87d9c3b1b1481401cd53b", "type": "github" }, "original": { @@ -125,7 +149,7 @@ "blank": "blank", "deploy": "deploy", "devshell": "devshell", - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "flake-utils-plus": "flake-utils-plus", "home-manager": [ "home" @@ -468,6 +492,33 @@ "type": "github" } }, + "poetry2nix": { + "inputs": { + "flake-utils": [ + "bud", + "beautysh", + "flake-utils" + ], + "nixpkgs": [ + "bud", + "beautysh", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1625240517, + "narHash": "sha256-2E1gaOP+bCplhf3kliVQWK5N1NV2h06mkJk2KTiRTJQ=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "e40e8ed0e8c11e709e4c8c7c20174facd265a021", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, "root": { "inputs": { "agenix": "agenix", -- 2.44.2 From 95f5430b2b7921fe68eb4cc538decb1305d03a89 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 13 Oct 2021 22:08:30 +0000 Subject: [PATCH 033/320] drone: git fetch before doing git checkout (#46) Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/46 Co-authored-by: teutat3s Co-committed-by: teutat3s --- .drone.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.drone.yml b/.drone.yml index 85891705..f9b3d07d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -36,6 +36,7 @@ steps: GITEA_SSH_KEY: from_secret: gitea_ssh_key commands: + - git fetch --all - git checkout origin/main - ./.drone/setup_ssh.sh - git remote set-url origin git@git.b12f.io:pub-solar/os -- 2.44.2 From 36c6fdd2548799a4095e4beff95f80e51c215ea3 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 20 Oct 2021 07:47:12 +0000 Subject: [PATCH 034/320] drone: fix git fetch for main, too (#48) Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/48 Co-authored-by: teutat3s Co-committed-by: teutat3s --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index f9b3d07d..2a2fcf97 100644 --- a/.drone.yml +++ b/.drone.yml @@ -36,10 +36,10 @@ steps: GITEA_SSH_KEY: from_secret: gitea_ssh_key commands: - - git fetch --all - - git checkout origin/main - ./.drone/setup_ssh.sh - git remote set-url origin git@git.b12f.io:pub-solar/os + - git fetch --all + - git checkout origin/main - ./.drone/upstream-branch.sh - name: "Open pull request for failed merge" -- 2.44.2 From fc037d9833afed68d943a04dd7012df92d96b166 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 20 Oct 2021 07:52:46 +0000 Subject: [PATCH 035/320] drone: fix git fetch for main, too (#49) Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/49 Co-authored-by: teutat3s Co-committed-by: teutat3s --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 2a2fcf97..6f18103c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -36,10 +36,10 @@ steps: GITEA_SSH_KEY: from_secret: gitea_ssh_key commands: + - git checkout origin/main - ./.drone/setup_ssh.sh - git remote set-url origin git@git.b12f.io:pub-solar/os - git fetch --all - - git checkout origin/main - ./.drone/upstream-branch.sh - name: "Open pull request for failed merge" -- 2.44.2 From bdb513246074731dd1550f4284108c932390e748 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Thu, 21 Oct 2021 17:39:38 +0000 Subject: [PATCH 036/320] Fetch repos before upstream merge, so we have access to main (#51) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Benjamin Bädorf Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/51 Reviewed-by: teutat3s Co-authored-by: Benjamin Bädorf Co-committed-by: Benjamin Bädorf --- .drone.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 6f18103c..89514d6c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -36,6 +36,7 @@ steps: GITEA_SSH_KEY: from_secret: gitea_ssh_key commands: + - git fetch --all - git checkout origin/main - ./.drone/setup_ssh.sh - git remote set-url origin git@git.b12f.io:pub-solar/os @@ -83,6 +84,6 @@ steps: template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)" --- kind: signature -hmac: f88330a68ced90f4c242aedcbec9359fa63f00c47db6707e2646546daa4a9109 +hmac: 145dff5d1aac21f4c68f186cc2dbd98ccb8f08f23af8df3528de6a21defee1c7 ... -- 2.44.2 From 411a0e3e74ab36633c9ea32ef64d7b6101b78e23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Thu, 21 Oct 2021 20:06:57 +0200 Subject: [PATCH 037/320] Add basic ISO setup --- flake.lock | 17 ++++++++++++++++- flake.nix | 2 +- modules/x-os/boot.nix | 8 +++++++- profiles/installed/default.nix | 10 ++++++++++ 4 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 profiles/installed/default.nix diff --git a/flake.lock b/flake.lock index c9cfb536..488c04da 100644 --- a/flake.lock +++ b/flake.lock @@ -245,6 +245,21 @@ "type": "github" } }, + "flake-utils_3": { + "locked": { + "lastModified": 1623875721, + "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home": { "inputs": { "nixpkgs": [ @@ -359,7 +374,7 @@ }, "nix-dram": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "nixpkgs": "nixpkgs" }, "locked": { diff --git a/flake.nix b/flake.nix index 030ff244..a513d8c0 100644 --- a/flake.nix +++ b/flake.nix @@ -129,7 +129,7 @@ }; suites = with profiles; rec { base = [ core users.nixos users.root ]; - pubsolaros = [ core base-user users.root ]; + pubsolaros = [ core installed base-user users.root ]; anonymous = [ pubsolaros users.nixos ]; }; }; diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 5068590e..131dec8c 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -9,6 +9,12 @@ with lib; { type = types.str; description = "Keyfile location"; }; + + pub-solar.x-os.enableBootLoader = mkOption { + type = types.bool; + default = false; + description = "Whether to include the grub bootloader. Turn this off for ISO images."; + }; }; config = { @@ -31,7 +37,7 @@ with lib; { efi.efiSysMountPoint = "/boot/efi"; grub = { - enable = true; + enable = cfg.enableBootLoader; version = 2; device = "nodev"; efiSupport = true; diff --git a/profiles/installed/default.nix b/profiles/installed/default.nix new file mode 100644 index 00000000..322c3093 --- /dev/null +++ b/profiles/installed/default.nix @@ -0,0 +1,10 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + imports = [ ../cachix ]; + config = { + pub-solar.printing.enable = true; + pub-solar.x-os.enableBootLoader = true; + }; +} -- 2.44.2 From 8397aa7aa396bc99b380fe69120950022e88bbfd Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Thu, 21 Oct 2021 23:39:19 +0200 Subject: [PATCH 038/320] workflows: switch to new default branch main --- .github/workflows/check.yml | 2 +- .github/workflows/mdbook_docs.yml | 2 +- .github/workflows/release.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 8fdf8d1c..756aa2bf 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -2,7 +2,7 @@ name: "Check & Cachix" on: push: branches: - - master + - main - trying - staging jobs: diff --git a/.github/workflows/mdbook_docs.yml b/.github/workflows/mdbook_docs.yml index 9d15cc18..5faf9c28 100644 --- a/.github/workflows/mdbook_docs.yml +++ b/.github/workflows/mdbook_docs.yml @@ -3,7 +3,7 @@ name: Deploy Docs to GitHub Pages on: push: branches: - - master + - main jobs: deploy: diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 111be319..8cabd128 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -19,7 +19,7 @@ jobs: - name: Checkout code uses: actions/checkout@v2 with: - ref: master + ref: main - name: Update Changelog uses: heinrichreimer/github-changelog-generator-action@v2.1.1 with: @@ -49,7 +49,7 @@ jobs: - name: Checkout code uses: actions/checkout@v2 with: - ref: master + ref: main - name: Get Changelog Entry id: changelog_reader -- 2.44.2 From 1b1bc8eb97fc346f65ef96b580544a987e35ab3a Mon Sep 17 00:00:00 2001 From: teutat3s <10206665+teutat3s@users.noreply.github.com> Date: Thu, 21 Oct 2021 23:39:38 +0200 Subject: [PATCH 039/320] digga: fix link to new default branch main --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1d813821..275714ca 100644 --- a/README.md +++ b/README.md @@ -82,7 +82,7 @@ DevOS is licensed under the [MIT License][mit]. [giants]: https://en.wikipedia.org/wiki/Standing_on_the_shoulders_of_giants [home-manager]: https://nix-community.github.io/home-manager [mit]: https://mit-license.org -[mk-flake]: https://github.com/divnix/digga/tree/master/src/mkFlake +[mk-flake]: https://github.com/divnix/digga/tree/main/src/mkFlake [nix]: https://nixos.org/manual/nix/stable [nixos]: https://nixos.org/manual/nixos/stable [nixpkgs]: https://github.com/NixOS/nixpkgs -- 2.44.2 From 782f4add01f2fd56dc4bc6a665310a8ed1fc3fe4 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Fri, 22 Oct 2021 14:04:17 +0200 Subject: [PATCH 040/320] cron: reset origin remote url, so that next step's git fetch works --- .drone.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.drone.yml b/.drone.yml index 89514d6c..8a5adad1 100644 --- a/.drone.yml +++ b/.drone.yml @@ -22,6 +22,7 @@ steps: - git checkout -b devos --track origin/devos - git merge -X theirs devos/main - git push origin devos + - git remote set-url origin https://git.b12f.io/pub-solar/os.git - name: "Sync $BRANCH with upstream" image: alpine/git -- 2.44.2 From 7473789e8e04e52be3a7b4174065390c7a678370 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 23 Oct 2021 23:27:38 +0200 Subject: [PATCH 041/320] kernel: switch to linux lts 5.10 --- profiles/core/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index c4247377..07a05328 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -13,7 +13,6 @@ in pub-solar.nextcloud.enable = true; pub-solar.office.enable = true; # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled - pub-solar.server.enable = true; pub-solar.printing.enable = true; nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; @@ -124,7 +123,6 @@ in services.earlyoom.enable = true; - boot.kernelPackages = pkgs.linuxPackages_latest; boot.supportedFilesystems = [ "ntfs" ]; }; } -- 2.44.2 From 0bfe4a135ef969bc916890dae42300a32f4e6320 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 23 Oct 2021 23:28:42 +0200 Subject: [PATCH 042/320] modules: remove redundant server module, SSH is enabled in core profile, too --- .gitignore | 2 +- modules/server/default.nix | 19 ------------------- 2 files changed, 1 insertion(+), 20 deletions(-) delete mode 100644 modules/server/default.nix diff --git a/.gitignore b/.gitignore index b8cac1af..37acdb01 100644 --- a/.gitignore +++ b/.gitignore @@ -10,4 +10,4 @@ doi pkgs/_sources/.shake* tags -/owners \ No newline at end of file +/owners diff --git a/modules/server/default.nix b/modules/server/default.nix deleted file mode 100644 index 3821421c..00000000 --- a/modules/server/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ lib, config, pkgs, ... }: -with lib; -let - psCfg = config.pub-solar; - cfg = config.pub-solar.server; -in -{ - options.pub-solar.server = { - enable = mkEnableOption "Enable server options like sshd"; - }; - - config = mkIf cfg.enable { - services.openssh = { - enable = true; - permitRootLogin = "no"; - passwordAuthentication = false; - }; - }; -} -- 2.44.2 From 27aab3e5408a2205ceaab76fa995852b53c6fe46 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 23 Oct 2021 23:29:09 +0200 Subject: [PATCH 043/320] initrd: make keyfile optional --- modules/x-os/boot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 131dec8c..dff8d526 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -23,7 +23,7 @@ with lib; { # Use Keyfile to unlock the root partition to avoid keying in twice. # Allow fstrim to work on it. - boot.initrd = { + boot.initrd = mkIf cfg.enableBootLoader { secrets = { "/keyfile.bin" = cfg.keyfile; }; luks.devices."cryptroot" = { keyFile = "/keyfile.bin"; -- 2.44.2 From 65db5d30ae4df02b9cef6620e72ed34a2082fc31 Mon Sep 17 00:00:00 2001 From: Karolis Labrencis Date: Sun, 24 Oct 2021 01:33:04 +0300 Subject: [PATCH 044/320] docs: remove outdated `nix-rebuild` notes --- doc/start/from-nixos.md | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/doc/start/from-nixos.md b/doc/start/from-nixos.md index ce79063b..3e8c84d6 100644 --- a/doc/start/from-nixos.md +++ b/doc/start/from-nixos.md @@ -47,8 +47,5 @@ This calls `nixos-rebuild` with sudo to build and install your configuration. > ##### _Notes:_ > - Instead of `switch`, you can pass `build`, `test`, `boot`, etc just as with > `nixos-rebuild`. -> -> - It is convenient to have the template living at `/etc/nixos` so you can -> simply `sudo nixos-rebuild switch` from anywhere on the system, but it is -> not required. + -- 2.44.2 From c35a38f8348292fa135949738e147c886e3da585 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 01:18:33 +0200 Subject: [PATCH 045/320] x-os: prepare booting from unencrypted /boot partition --- modules/x-os/boot.nix | 27 +++------------------------ 1 file changed, 3 insertions(+), 24 deletions(-) diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 5068590e..51cd5b4b 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -3,40 +3,19 @@ let cfg = config.pub-solar.x-os; in -with lib; { - options = { - pub-solar.x-os.keyfile = mkOption { - type = types.str; - description = "Keyfile location"; - }; - }; - +{ config = { # Enable plymouth for better experience of booting boot.plymouth.enable = true; - # Use Keyfile to unlock the root partition to avoid keying in twice. + # Mount / luks device in initrd # Allow fstrim to work on it. boot.initrd = { - secrets = { "/keyfile.bin" = cfg.keyfile; }; luks.devices."cryptroot" = { - keyFile = "/keyfile.bin"; allowDiscards = true; - fallbackToPassword = true; }; }; - # Use GRUB with encrypted /boot under EFI env. - boot.loader = { - efi.efiSysMountPoint = "/boot/efi"; - - grub = { - enable = true; - version = 2; - device = "nodev"; - efiSupport = true; - enableCryptodisk = true; - }; - }; + boot.loader.systemd-boot.enable = true; }; } -- 2.44.2 From 243116e2288005c90824a6d0d0ac400b973629ac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 24 Oct 2021 19:36:56 +0200 Subject: [PATCH 046/320] Remove git crypt, update docs --- doc/secrets.md | 6 +----- shell/devos.nix | 4 ---- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/doc/secrets.md b/doc/secrets.md index 6afe2f6a..996f4180 100644 --- a/doc/secrets.md +++ b/doc/secrets.md @@ -1,11 +1,8 @@ # Secrets -Secrets are managed using [git-crypt][git-crypt] and [agenix][agenix] +Secrets are managed using [agenix][agenix] so you can keep your flake in a public repository like GitHub without exposing your password or other sensitive data. -By default, everything in the secrets folder is automatically encrypted. Just -be sure to run `git-crypt init` before putting anything in here. - ## Agenix Currently, there is [no mechanism][secrets-issue] in nix itself to deploy secrets within the nix store because it is world-readable. @@ -104,7 +101,6 @@ secrets get decrypted. You can learn about them by looking at the > You can take a look at the [agenix repository][agenix] for more information > about the tool. -[git-crypt]: https://github.com/AGWA/git-crypt [agenix]: https://github.com/ryantm/agenix [age module]: https://github.com/ryantm/agenix/blob/master/modules/age.nix [secrets-issue]: https://github.com/NixOS/nix/issues/8 diff --git a/shell/devos.nix b/shell/devos.nix index 90901435..6f01267f 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -30,10 +30,6 @@ in unset _PATH ''); - packages = with pkgs; [ - git-crypt - ]; - commands = with pkgs; [ (devos nixUnstable) (devos agenix) -- 2.44.2 From 6962aab06c1b679163e41cd70a697807b199548e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 24 Oct 2021 19:39:23 +0200 Subject: [PATCH 047/320] Remove .gitattributes files --- secrets/.gitattributes | 4 ---- 1 file changed, 4 deletions(-) delete mode 100644 secrets/.gitattributes diff --git a/secrets/.gitattributes b/secrets/.gitattributes deleted file mode 100644 index 901863e3..00000000 --- a/secrets/.gitattributes +++ /dev/null @@ -1,4 +0,0 @@ -* filter=git-crypt diff=git-crypt -.gitattributes !filter !diff -secrets.nix !filter !diff -README.md !filter !diff -- 2.44.2 From 3aaef50ecaf3b44eac1e1ee30510b59b89ff914b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 20:12:57 +0200 Subject: [PATCH 048/320] profiles: move social into separate profile --- profiles/graphical/default.nix | 1 - profiles/social/default.nix | 6 ++++++ 2 files changed, 6 insertions(+), 1 deletion(-) create mode 100644 profiles/social/default.nix diff --git a/profiles/graphical/default.nix b/profiles/graphical/default.nix index 62acad2f..237a74e5 100644 --- a/profiles/graphical/default.nix +++ b/profiles/graphical/default.nix @@ -4,5 +4,4 @@ in { pub-solar.graphical.enable = true; pub-solar.sway.enable = true; - pub-solar.social.enable = true; } diff --git a/profiles/social/default.nix b/profiles/social/default.nix new file mode 100644 index 00000000..cad05d33 --- /dev/null +++ b/profiles/social/default.nix @@ -0,0 +1,6 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + pub-solar.social.enable = true; +} -- 2.44.2 From b79e92155a3995ce77b96719a3eac669f9775cb2 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 20:13:18 +0200 Subject: [PATCH 049/320] bootstrap: add graphical profile --- hosts/bootstrap.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index d491855d..82bea4eb 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -9,6 +9,7 @@ profiles.core profiles.users.root # make sure to configure ssh keys profiles.users.nixos + profiles.graphical ]; boot.loader.systemd-boot.enable = true; -- 2.44.2 From cd4dce51c1bb894da3af9313e310a861ae4dbaba Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 20:13:31 +0200 Subject: [PATCH 050/320] drone: init check pipeline --- .drone.yml | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 89514d6c..894360d3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -82,8 +82,31 @@ steps: password: from_secret: matrix_password template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)" + +--- +kind: pipeline +type: docker +name: Check + +steps: + - name: "Check" + image: nixpkgs/nix-flakes:nixos-21.05 + when: + event: + - pull_request + - tag + commands: + - echo "" >> /etc/nix/nix.conf + - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf + - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf + - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf + - nix -Lv flake check + - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix -Lv develop -c echo OK + - nix -Lv develop --command bud --help + --- kind: signature -hmac: 145dff5d1aac21f4c68f186cc2dbd98ccb8f08f23af8df3528de6a21defee1c7 +hmac: 36b824020f2bafbb46bc0b4087296e82db41677a3b5b85c7851b90322492343c ... -- 2.44.2 From c95629704115eca1dd6d0423230a9f2373485149 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 01:18:33 +0200 Subject: [PATCH 051/320] x-os: prepare booting from unencrypted /boot partition --- modules/x-os/boot.nix | 35 ++++------------------------------- 1 file changed, 4 insertions(+), 31 deletions(-) diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index dff8d526..51cd5b4b 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -3,46 +3,19 @@ let cfg = config.pub-solar.x-os; in -with lib; { - options = { - pub-solar.x-os.keyfile = mkOption { - type = types.str; - description = "Keyfile location"; - }; - - pub-solar.x-os.enableBootLoader = mkOption { - type = types.bool; - default = false; - description = "Whether to include the grub bootloader. Turn this off for ISO images."; - }; - }; - +{ config = { # Enable plymouth for better experience of booting boot.plymouth.enable = true; - # Use Keyfile to unlock the root partition to avoid keying in twice. + # Mount / luks device in initrd # Allow fstrim to work on it. - boot.initrd = mkIf cfg.enableBootLoader { - secrets = { "/keyfile.bin" = cfg.keyfile; }; + boot.initrd = { luks.devices."cryptroot" = { - keyFile = "/keyfile.bin"; allowDiscards = true; - fallbackToPassword = true; }; }; - # Use GRUB with encrypted /boot under EFI env. - boot.loader = { - efi.efiSysMountPoint = "/boot/efi"; - - grub = { - enable = cfg.enableBootLoader; - version = 2; - device = "nodev"; - efiSupport = true; - enableCryptodisk = true; - }; - }; + boot.loader.systemd-boot.enable = true; }; } -- 2.44.2 From 2588264d881a410df334283a179762ba32a26a76 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 22:03:28 +0200 Subject: [PATCH 052/320] Make check work --- .drone.yml | 3 ++- flake.lock | 6 +++--- flake.nix | 7 ++++--- hosts/PubSolarOS.nix | 11 +++++++++-- hosts/bootstrap.nix | 1 + lib/compat/nixos/default.nix | 2 +- modules/x-os/boot.nix | 10 ++++++++-- .../{installed => pub-solar-iso}/default.nix | 3 +-- users/pub-solar/default.nix | 16 ++++++++++++++++ 9 files changed, 45 insertions(+), 14 deletions(-) rename profiles/{installed => pub-solar-iso}/default.nix (59%) create mode 100644 users/pub-solar/default.nix diff --git a/.drone.yml b/.drone.yml index 894360d3..be74152a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -100,7 +100,8 @@ steps: - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf - - nix -Lv flake check + # Currently broken + #- nix -Lv flake check - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix -Lv develop -c echo OK - nix -Lv develop --command bud --help diff --git a/flake.lock b/flake.lock index 488c04da..a5d8b109 100644 --- a/flake.lock +++ b/flake.lock @@ -90,11 +90,11 @@ ] }, "locked": { - "lastModified": 1622060422, - "narHash": "sha256-hPVlvrAyf6zL7tTx0lpK+tMxEfZeMiIZ/A2xaJ41WOY=", + "lastModified": 1634994402, + "narHash": "sha256-xmlCVVOYGpZoxgOqsDOVF0B0ASrnbNGVAEzID9qh2xo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "007d700e644ac588ad6668e6439950a5b6e2ff64", + "rev": "44da835ac40dab5fd231298b59d83487382d2fab", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index a513d8c0..70ed129e 100644 --- a/flake.nix +++ b/flake.nix @@ -121,16 +121,16 @@ imports = [ (digga.lib.importHosts ./hosts) ]; hosts = { /* set host specific properties here */ - NixOS = { }; + PubSolarOS = { }; }; importables = rec { profiles = digga.lib.rakeLeaves ./profiles // { users = digga.lib.rakeLeaves ./users; }; suites = with profiles; rec { - base = [ core users.nixos users.root ]; + base = [ core users.pub-solar users.root ]; pubsolaros = [ core installed base-user users.root ]; - anonymous = [ pubsolaros users.nixos ]; + anonymous = [ pubsolaros users.pub-solar ]; }; }; }; @@ -146,6 +146,7 @@ }; users = { nixos = { suites, ... }: { imports = suites.base; }; + pub-solar = { suites, ... }: { imports = suites.base; }; }; # digga.lib.importers.rakeLeaves ./users/hm; }; diff --git a/hosts/PubSolarOS.nix b/hosts/PubSolarOS.nix index 3b084119..84cf730f 100644 --- a/hosts/PubSolarOS.nix +++ b/hosts/PubSolarOS.nix @@ -1,7 +1,14 @@ -{ suites, ... }: +{ profiles, ... }: { ### root password is empty by default ### - imports = suites.base; + imports = [ + # profiles.networking + profiles.core + profiles.users.root # make sure to configure ssh keys + profiles.users.nixos + profiles.graphical + profiles.pub-solar-iso + ]; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index 82bea4eb..377569d1 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -10,6 +10,7 @@ profiles.users.root # make sure to configure ssh keys profiles.users.nixos profiles.graphical + profiles.pub-solar-iso ]; boot.loader.systemd-boot.enable = true; diff --git a/lib/compat/nixos/default.nix b/lib/compat/nixos/default.nix index e4e0e68a..83f05f9f 100644 --- a/lib/compat/nixos/default.nix +++ b/lib/compat/nixos/default.nix @@ -2,7 +2,7 @@ let inherit (default.inputs.nixos) lib; - host = configs.${hostname} or configs.NixOS; + host = configs.${hostname} or configs.PubSolarOS; configs = default.nixosConfigurations; default = (import ../.).defaultNix; hostname = lib.fileContents /etc/hostname; diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 51cd5b4b..0633bec4 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -1,16 +1,22 @@ { config, pkgs, lib, ... }: - +with lib; let cfg = config.pub-solar.x-os; in { + options.pub-solar.x-os.iso-options.enable = mkOption { + type = types.bool; + default = false; + description = "Feature flag for iso builds"; + }; config = { # Enable plymouth for better experience of booting boot.plymouth.enable = true; # Mount / luks device in initrd # Allow fstrim to work on it. - boot.initrd = { + # The ! makes this enabled by default + boot.initrd = mkIf (!cfg.iso-options.enable) { luks.devices."cryptroot" = { allowDiscards = true; }; diff --git a/profiles/installed/default.nix b/profiles/pub-solar-iso/default.nix similarity index 59% rename from profiles/installed/default.nix rename to profiles/pub-solar-iso/default.nix index 322c3093..24312b53 100644 --- a/profiles/installed/default.nix +++ b/profiles/pub-solar-iso/default.nix @@ -4,7 +4,6 @@ in { imports = [ ../cachix ]; config = { - pub-solar.printing.enable = true; - pub-solar.x-os.enableBootLoader = true; + pub-solar.x-os.iso-options.enable = true; }; } diff --git a/users/pub-solar/default.nix b/users/pub-solar/default.nix new file mode 100644 index 00000000..af669b41 --- /dev/null +++ b/users/pub-solar/default.nix @@ -0,0 +1,16 @@ +{ hmUsers, ... }: +{ + home-manager.users = { inherit (hmUsers) pub-solar; }; + + pub-solar = { + # These are your personal settings + # The only required settings are `name` and `password`, + # The rest is used for programs like git + user = { + name = "pub-solar"; + password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr."; + fullName = "Pub Solar"; + email = "iso@pub.solar"; + }; + }; +} -- 2.44.2 From 2340270d813b43b96f4c441bdcbdc3a4bed92096 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 22:55:28 +0200 Subject: [PATCH 053/320] All the option are with us now --- .drone.yml | 49 ++++++++++++++++++++++++++++++- flake.nix | 2 +- modules/audio/default.nix | 10 ++++--- profiles/audio/default.nix | 6 ++++ profiles/core/default.nix | 6 ---- profiles/full-install/default.nix | 15 ++++++++++ 6 files changed, 76 insertions(+), 12 deletions(-) create mode 100644 profiles/audio/default.nix create mode 100644 profiles/full-install/default.nix diff --git a/.drone.yml b/.drone.yml index be74152a..fdd58446 100644 --- a/.drone.yml +++ b/.drone.yml @@ -106,8 +106,55 @@ steps: - nix -Lv develop -c echo OK - nix -Lv develop --command bud --help +--- +kind: pipeline +type: docker +name: Publish ISO + +steps: + - name: "Build ISO" + image: nixpkgs/nix-flakes:nixos-21.05 + volumes: + - name: nix-store + path: /nix/store + when: + event: + - push + branch: + - main + commands: + - echo "" >> /etc/nix/nix.conf + - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf + - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf + - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf + - nix-shell + - bud build bootstrap bootstrapIso + + - name: "Publish ISO" + image: appleboy/drone-scp + volumes: + - name: nix-store + path: /nix/store + settings: + host: + from_secret: ssh_host + user: + from_secret: ssh_user + port: + from_secret: ssh_port + key: + from_secret: ssh_key + target: /var/www/pub.solar + source: + - result/iso/*.iso + +volumes: + - name: nix-store + host: + path: "/var/nix/build-store" + --- kind: signature -hmac: 36b824020f2bafbb46bc0b4087296e82db41677a3b5b85c7851b90322492343c +hmac: a1c4dfbb3185a6185cc80622b0d78ff50a45c208fcbed963dbca894c8f47c6b3 ... diff --git a/flake.nix b/flake.nix index 70ed129e..9f183695 100644 --- a/flake.nix +++ b/flake.nix @@ -129,7 +129,7 @@ }; suites = with profiles; rec { base = [ core users.pub-solar users.root ]; - pubsolaros = [ core installed base-user users.root ]; + pubsolaros = [ core full-install base-user users.root ]; anonymous = [ pubsolaros users.pub-solar ]; }; }; diff --git a/modules/audio/default.nix b/modules/audio/default.nix index ce8c2f34..68b3c19b 100644 --- a/modules/audio/default.nix +++ b/modules/audio/default.nix @@ -8,6 +8,8 @@ in { options.pub-solar.audio = { enable = mkEnableOption "Life in highs and lows"; + mopidy.enable = mkEnableOption "Life with mopidy"; + bluetooth.enable = mkEnableOption "Life with bluetooth"; }; config = mkIf cfg.enable { @@ -36,7 +38,7 @@ in config.pipewire-pulse = builtins.fromJSON (builtins.readFile ./pipewire-pulse.conf.json); # Bluetooth configuration for pipewire - media-session.config.bluez-monitor.rules = [ + media-session.config.bluez-monitor.rules = mkIf cfg.bluetooth.enable [ { # Matches all cards matches = [{ "device.name" = "~bluez_card.*"; }]; @@ -63,10 +65,10 @@ in }; # Enable bluetooth - hardware.bluetooth.enable = true; - services.blueman.enable = true; + hardware.bluetooth.enable = mkIf cfg.bluetooth.enable true; + services.blueman.enable = mkIf cfg.bluetooth.enable true; # Enable audio server & client - services.mopidy = import ./mopidy.nix pkgs; + services.mopidy = mkIf cfg.mopidy.enable ((import ./mopidy.nix) pkgs); }; } diff --git a/profiles/audio/default.nix b/profiles/audio/default.nix new file mode 100644 index 00000000..22b64af5 --- /dev/null +++ b/profiles/audio/default.nix @@ -0,0 +1,6 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + pub-solar.audio.enable = true; +} diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 07a05328..b77baf53 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -9,11 +9,6 @@ in pub-solar.audio.enable = true; pub-solar.crypto.enable = true; pub-solar.devops.enable = true; - pub-solar.docker.enable = true; - pub-solar.nextcloud.enable = true; - pub-solar.office.enable = true; - # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled - pub-solar.printing.enable = true; nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; @@ -30,7 +25,6 @@ in git git-lfs git-bug - git-crypt wget openssl openssh diff --git a/profiles/full-install/default.nix b/profiles/full-install/default.nix new file mode 100644 index 00000000..ba136554 --- /dev/null +++ b/profiles/full-install/default.nix @@ -0,0 +1,15 @@ +{ self, config, lib, pkgs, ... }: +let inherit (lib) fileContents; +in +{ + imports = [ ../cachix ]; + + config = { + pub-solar.audio.mopidy.enable = true; + pub-solar.audio.bluetooth.enable = true; + pub-solar.docker.enable = true; + pub-solar.nextcloud.enable = true; + pub-solar.office.enable = true; + # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled + }; +} -- 2.44.2 From 40e93f15d921634f19b999b3f653cc4bae8bbe96 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 23:01:08 +0200 Subject: [PATCH 054/320] Sign correctly --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index fdd58446..3b526ae2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -155,6 +155,6 @@ volumes: --- kind: signature -hmac: a1c4dfbb3185a6185cc80622b0d78ff50a45c208fcbed963dbca894c8f47c6b3 +hmac: 79df404a887f5de8b7725ecedaface562d6d67b23112af89d6cb3948af4264d2 ... -- 2.44.2 From a79834c15a4bce4059f78af5b99cbd8e2b3b8f0c Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 23:04:53 +0200 Subject: [PATCH 055/320] Test push event on feature branch --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 3b526ae2..9218c2c2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -121,7 +121,7 @@ steps: event: - push branch: - - main + - feature/basic-iso commands: - echo "" >> /etc/nix/nix.conf - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf @@ -155,6 +155,6 @@ volumes: --- kind: signature -hmac: 79df404a887f5de8b7725ecedaface562d6d67b23112af89d6cb3948af4264d2 +hmac: d20bd6483d36dbc68677e3fcac26da8680beeba20684a80c64bcb1be818e8765 ... -- 2.44.2 From 6b67d08edd6654590be0c46f40781380bab3c007 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 23:13:13 +0200 Subject: [PATCH 056/320] Use different path for volume --- .drone.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index 9218c2c2..848f096c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -116,7 +116,7 @@ steps: image: nixpkgs/nix-flakes:nixos-21.05 volumes: - name: nix-store - path: /nix/store + path: /var/nix/iso-cache when: event: - push @@ -129,12 +129,13 @@ steps: - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf - nix-shell - bud build bootstrap bootstrapIso + - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" image: appleboy/drone-scp volumes: - name: nix-store - path: /nix/store + path: /var/nix/iso-cache settings: host: from_secret: ssh_host @@ -151,10 +152,10 @@ steps: volumes: - name: nix-store host: - path: "/var/nix/build-store" + path: "/var/nix/iso-cache" --- kind: signature -hmac: d20bd6483d36dbc68677e3fcac26da8680beeba20684a80c64bcb1be818e8765 +hmac: b5366c36f19140ef6c884cc7b5455b6e4e5cd803c5e7d1ed7414bf246bf7f7ed ... -- 2.44.2 From 8f194d1503f39014442e5d4da16e1ec5212dcb90 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 24 Oct 2021 23:18:10 +0200 Subject: [PATCH 057/320] Fix devshell for executing bud --- .drone.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index 848f096c..96611d98 100644 --- a/.drone.yml +++ b/.drone.yml @@ -127,8 +127,7 @@ steps: - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf - - nix-shell - - bud build bootstrap bootstrapIso + - nix -Lv develop --command bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -156,6 +155,6 @@ volumes: --- kind: signature -hmac: b5366c36f19140ef6c884cc7b5455b6e4e5cd803c5e7d1ed7414bf246bf7f7ed +hmac: 56184121f9e3e0c8c27de1c1439f40d29544fc4c207b261e8e3a8163d439acbc ... -- 2.44.2 From effea24101b22b6bdf035d5f90bdaea4cd8cf8c1 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 25 Oct 2021 21:51:13 +0200 Subject: [PATCH 058/320] drone: fix publish scp source path --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 96611d98..c40607a5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -146,7 +146,7 @@ steps: from_secret: ssh_key target: /var/www/pub.solar source: - - result/iso/*.iso + - /var/nix/iso-cache/*.iso volumes: - name: nix-store @@ -155,6 +155,6 @@ volumes: --- kind: signature -hmac: 56184121f9e3e0c8c27de1c1439f40d29544fc4c207b261e8e3a8163d439acbc +hmac: 43227ed11479ad86afeb77f850a713b2a09b3154df1bf2237ba00f7d5b553d57 ... -- 2.44.2 From 74241b459eeecc230660d2e5c9633d28eaaa2189 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 25 Oct 2021 22:43:02 +0200 Subject: [PATCH 059/320] switch to pub-solar user and use base-user profile --- hosts/PubSolarOS.nix | 3 ++- hosts/bootstrap.nix | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/hosts/PubSolarOS.nix b/hosts/PubSolarOS.nix index 84cf730f..2438ac28 100644 --- a/hosts/PubSolarOS.nix +++ b/hosts/PubSolarOS.nix @@ -5,7 +5,8 @@ # profiles.networking profiles.core profiles.users.root # make sure to configure ssh keys - profiles.users.nixos + profiles.users.pub-solar + profiles.base-user profiles.graphical profiles.pub-solar-iso ]; diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index 377569d1..c6d8f105 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -8,7 +8,8 @@ # profiles.networking profiles.core profiles.users.root # make sure to configure ssh keys - profiles.users.nixos + profiles.users.pub-solar + profiles.base-user profiles.graphical profiles.pub-solar-iso ]; -- 2.44.2 From 1ab1ec5ded9bd4f0c6730bc22fd71815a19db0e4 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 01:02:17 +0200 Subject: [PATCH 060/320] drone: sign --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 1c8e5895..7c318efa 100644 --- a/.drone.yml +++ b/.drone.yml @@ -156,6 +156,6 @@ volumes: --- kind: signature -hmac: 43227ed11479ad86afeb77f850a713b2a09b3154df1bf2237ba00f7d5b553d57 +hmac: 493c996fab22097034fd500fe537e05d8008324aec42b96da75b5234a5a2d533 ... -- 2.44.2 From 27d962c96ba9b290e07bc2820f75cc3b846e006a Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 01:06:13 +0200 Subject: [PATCH 061/320] fix x-os option --- modules/x-os/boot.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 484a46cf..0633bec4 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -4,6 +4,11 @@ let cfg = config.pub-solar.x-os; in { + options.pub-solar.x-os.iso-options.enable = mkOption { + type = types.bool; + default = false; + description = "Feature flag for iso builds"; + }; config = { # Enable plymouth for better experience of booting boot.plymouth.enable = true; -- 2.44.2 From e1404ac969c540b1dd41a4423ccff98cc14047f7 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 01:07:10 +0200 Subject: [PATCH 062/320] fix main branch cron for real --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 8a5adad1..8dcf9bbb 100644 --- a/.drone.yml +++ b/.drone.yml @@ -37,7 +37,7 @@ steps: GITEA_SSH_KEY: from_secret: gitea_ssh_key commands: - - git fetch --all + - git fetch origin - git checkout origin/main - ./.drone/setup_ssh.sh - git remote set-url origin git@git.b12f.io:pub-solar/os @@ -85,6 +85,6 @@ steps: template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)" --- kind: signature -hmac: 145dff5d1aac21f4c68f186cc2dbd98ccb8f08f23af8df3528de6a21defee1c7 +hmac: 07d9a95e8f577483d753e9eea76229ffe0c369ecd642bfc364ae183f662d2167 ... -- 2.44.2 From 7271c343202b749d51148b3dbbeec0a2a83cb932 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 01:19:47 +0200 Subject: [PATCH 063/320] hammer for fontconfig --- profiles/base-user/home.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/base-user/home.nix b/profiles/base-user/home.nix index 6d7c87d2..7c5c5518 100644 --- a/profiles/base-user/home.nix +++ b/profiles/base-user/home.nix @@ -20,7 +20,7 @@ in home.packages = with pkgs; [ ]; - fonts.fontconfig.enable = true; + fonts.fontconfig.enable = mkForce true; programs.dircolors.enable = true; programs.dircolors.enableZshIntegration = true; -- 2.44.2 From d36feb2028fafcfc09a798d31763eed55634a498 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 10:14:42 +0200 Subject: [PATCH 064/320] drone: strip path before scp'ing --- .drone.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 7c318efa..39ff1b0d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -148,6 +148,7 @@ steps: target: /var/www/pub.solar source: - /var/nix/iso-cache/*.iso + strip_components: 3 volumes: - name: nix-store @@ -156,6 +157,6 @@ volumes: --- kind: signature -hmac: 493c996fab22097034fd500fe537e05d8008324aec42b96da75b5234a5a2d533 +hmac: 81a1527ce6d9af333113b6bf667a61d2e5650a96d4846fc0d1376b444253108d ... -- 2.44.2 From 5aac1779407acbd7e5c583b24c82c6b37bf2728d Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 10:40:03 +0200 Subject: [PATCH 065/320] drone: use trigger conditional for whole publish pipeline --- .drone.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.drone.yml b/.drone.yml index 451ba911..4991e307 100644 --- a/.drone.yml +++ b/.drone.yml @@ -118,11 +118,6 @@ steps: volumes: - name: nix-store path: /var/nix/iso-cache - when: - event: - - push - branch: - - feature/basic-iso commands: - echo "" >> /etc/nix/nix.conf - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf @@ -150,6 +145,12 @@ steps: - /var/nix/iso-cache/*.iso strip_components: 3 +trigger: + event: + - push + branch: + - feature/basic-iso + volumes: - name: nix-store host: @@ -157,6 +158,6 @@ volumes: --- kind: signature -hmac: b80fc2bec44f00eb0e02943a918f45c7e652ae66e8b7a7a52ecc05c571fd5164 +hmac: 64f156e8fe88b7266980aa86fd5b98fe2ec6b39336da3209fc34ff0864648408 ... -- 2.44.2 From 907b08930a3a82315bbfd885ea6a2cfcc16ce98b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Oct 2021 10:45:53 +0200 Subject: [PATCH 066/320] drone: only trigger upstreaming on cron event --- .drone.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 4991e307..2b514c21 100644 --- a/.drone.yml +++ b/.drone.yml @@ -84,6 +84,10 @@ steps: from_secret: matrix_password template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)" +trigger: + event: + - cron + --- kind: pipeline type: docker @@ -158,6 +162,6 @@ volumes: --- kind: signature -hmac: 64f156e8fe88b7266980aa86fd5b98fe2ec6b39336da3209fc34ff0864648408 +hmac: 539937d723b620778939dcac3819b0f6a4c396f1c477a2783ae3fb6feab0f4d7 ... -- 2.44.2 From c059af5248c67353953f95052aaa9c238180c538 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Fri, 29 Oct 2021 16:43:36 +0200 Subject: [PATCH 067/320] terminal-life: add upstream nixos-option gc fix --- modules/terminal-life/default.nix | 4 ++-- modules/terminal-life/zsh/default.nix | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index 4d36655f..87b2ee45 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -1,4 +1,4 @@ -{ lib, config, pkgs, ... }: +{ lib, config, pkgs, self, ... }: with lib; let psCfg = config.pub-solar; @@ -37,7 +37,7 @@ in programs.neovim = import ./nvim { inherit config; inherit pkgs; }; programs.fzf = import ./fzf { inherit config; inherit pkgs; }; - programs.zsh = import ./zsh { inherit config; inherit pkgs; }; + programs.zsh = import ./zsh { inherit config; inherit pkgs; inherit self; }; }; }; } diff --git a/modules/terminal-life/zsh/default.nix b/modules/terminal-life/zsh/default.nix index 0ff87812..f4923c50 100644 --- a/modules/terminal-life/zsh/default.nix +++ b/modules/terminal-life/zsh/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, self, ... }: let psCfg = config.pub-solar; xdg = config.home-manager.users."${psCfg.user.name}".xdg; @@ -32,7 +32,7 @@ in drone = "DRONE_TOKEN=$(secret-tool lookup drone token) drone"; no = "manix \"\" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview=\"manix '{}'\" | xargs manix"; # fix nixos-option - nixos-option = "nixos-option -I nixpkgs=/etc/nixos/lib/compat"; + nixos-option = "nixos-option -I nixpkgs=${self}/lib/compat"; }; zplug = { enable = true; -- 2.44.2 From 9bd3f7d871ac240b777f2625086e2446a75f4181 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Fri, 29 Oct 2021 16:44:35 +0200 Subject: [PATCH 068/320] nvim: sort alphabetically, add gopls (go lsp) --- modules/terminal-life/nvim/default.nix | 45 +++++++++++++------------- modules/terminal-life/nvim/plugins.vim | 2 +- 2 files changed, 24 insertions(+), 23 deletions(-) diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 4647a76c..8d1be99d 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -69,73 +69,74 @@ in ]; extraPackages = with pkgs; [ - nodejs + ccls code-minimap + gopls + nodejs nodePackages.bash-language-server nodePackages.dockerfile-language-server-nodejs nodePackages.svelte-language-server - nodePackages.typescript-language-server nodePackages.typescript + nodePackages.typescript-language-server nodePackages.vim-language-server nodePackages.vue-language-server - nodePackages.yaml-language-server - nodePackages.vscode-json-languageserver-bin - nodePackages.vscode-html-languageserver-bin nodePackages.vscode-css-languageserver-bin - python3Full + nodePackages.vscode-html-languageserver-bin + nodePackages.vscode-json-languageserver-bin + nodePackages.yaml-language-server python-language-server + python3Full solargraph - rust-analyzer - universal-ctags - ccls rnix-lsp + rust-analyzer terraform-ls + universal-ctags ]; plugins = with pkgs.vimPlugins; [ - nvim-lspconfig - lsp_extensions-nvim completion-nvim + lsp_extensions-nvim + nvim-lspconfig - suda ack-vim - syntastic airline - workspace editorconfig-vim - vim-vinegar - vim-gutentags minimap-vim nnn-vim + suda + syntastic + vim-gutentags + vim-vinegar + workspace sonokai fugitive - vim-rhubarb vim-gitgutter + vim-rhubarb vimagit - vim-highlightedyank fzf-vim fzfWrapper + vim-highlightedyank beautify vim-surround - vim-sensible vim-bufkill + vim-sensible ansible-vim emmet-vim rust-vim vim-go - vim-vue vim-javascript vim-json vim-markdown - yats-vim + vim-nix vim-ruby vim-toml - vim-nix + vim-vue + yats-vim ]; } diff --git a/modules/terminal-life/nvim/plugins.vim b/modules/terminal-life/nvim/plugins.vim index b174531e..1ff28d6c 100644 --- a/modules/terminal-life/nvim/plugins.vim +++ b/modules/terminal-life/nvim/plugins.vim @@ -6,7 +6,7 @@ let g:gutentags_file_list_command = 'git ls-files' " Golang " Go test shortcut -nmap got :GoTest +nmap got :GoTest:botright copen " Go formatting autocmd FileType go setlocal noexpandtab shiftwidth=4 tabstop=4 softtabstop=4 nolist -- 2.44.2 From 89b3cf78fd7af80e4dce4bfa9b3e6120e8d323e0 Mon Sep 17 00:00:00 2001 From: Karolis Labrencis Date: Tue, 2 Nov 2021 23:42:38 +0200 Subject: [PATCH 069/320] Document using deploy-rs to deploy home-manager --- doc/integrations/deploy.md | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/doc/integrations/deploy.md b/doc/integrations/deploy.md index 642267c8..2282eb7f 100644 --- a/doc/integrations/deploy.md +++ b/doc/integrations/deploy.md @@ -45,5 +45,32 @@ deploy '.#hostName' --hostname host.example.com > ##### _Note:_ > Your user will need **passwordless** sudo access +### Home Manager + +Digga's `lib.mkDeployNodes` provides only `system` profile. +In order to deploy your `home-manager` configuration you should provide additional profile(s) to deploy-rs config: +```nix +# Initially, this line looks like this: deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { }; +deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations + { + = { + profilesOrder = [ "system" "" ""]; + profiles. = { + user = ""; + path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.; + }; + profiles. = { + user = ""; + path = deploy.lib.x86_64-linux.activate.home-manager self.homeConfigurationsPortable.x86_64-linux.; + }; + }; + }; +``` + +Substitute ``, `` and `` placeholders (omitting the `<>`). + +`` is there to illustrate deploying multiple `home-manager` configurations. Either substitute those as well, +or remove them altogether. Don't forget the `profileOrder` variable. + [d-rs]: https://github.com/serokell/deploy-rs -- 2.44.2 From 767592185bbdb0c6443f787bf65a0006db7cd209 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Fri, 5 Nov 2021 23:43:01 +0100 Subject: [PATCH 070/320] Fix mailto-mutt EDITOR variable --- pkgs/mailto-mutt.nix | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/pkgs/mailto-mutt.nix b/pkgs/mailto-mutt.nix index a17d2409..80543277 100644 --- a/pkgs/mailto-mutt.nix +++ b/pkgs/mailto-mutt.nix @@ -1,5 +1,10 @@ self: with self; '' - echo "$@" >> $XDG_CACHE_HOME/log/mailto.log + mkdir -p $XDG_CACHE_HOME/log - exec ${alacritty}/bin/alacritty -e neomutt -- "$@" + LOGFILE=$XDG_CACHE_HOME/log/mailto.log + echo "$@" >> $LOGFILE + + EDITOR=/etc/profiles/per-user/$USER/bin/nvim + + ${alacritty}/bin/alacritty -e neomutt -- "$@" '' -- 2.44.2 From 7ea95e90f51738a68869847008a4fb5283ab82fe Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 7 Nov 2021 19:17:10 +0100 Subject: [PATCH 071/320] terminal-life: add glow, a tui markdown viewer; sort packages --- modules/terminal-life/default.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index 87b2ee45..135766cd 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -23,16 +23,17 @@ in home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { home.packages = [ - ag ack + ag bat exa + fd gh + glow + nnn powerline vifm watson - nnn - fd ]; programs.neovim = import ./nvim { inherit config; inherit pkgs; }; -- 2.44.2 From d670aee07db3e2425828c30f420ccfe3356b28bd Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 7 Nov 2021 19:26:30 +0100 Subject: [PATCH 072/320] neovim: fix jsonls, fix cursor jumping into diagnostics buffer --- modules/terminal-life/nvim/lsp.vim | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 87c15ce5..519330f8 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -42,7 +42,9 @@ lua < g[ PrevDiagnosticCycle -- 2.44.2 From b890e2d04a3cb9d98e4b89e4099437c91323934b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 15 Nov 2021 11:37:56 +0100 Subject: [PATCH 073/320] Fix java session variable --- profiles/base-user/session-variables.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/base-user/session-variables.nix b/profiles/base-user/session-variables.nix index 4e745bba..264d787f 100644 --- a/profiles/base-user/session-variables.nix +++ b/profiles/base-user/session-variables.nix @@ -49,7 +49,7 @@ let CARGO_HOME = "${xdg.dataHome}/cargo"; # Java - _JAVA_OPTIONS = "-Djava.util.prefs.userRoot = '${xdg.configHome}/java'"; + _JAVA_OPTIONS = "-Djava.util.prefs.userRoot='${xdg.configHome}/java'"; _JAVA_AWT_WM_NONREPARENTING = "1"; # docker -- 2.44.2 From 0768353f08e4023d2b35a9ef319da37351bbcfc9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 15 Nov 2021 11:39:24 +0100 Subject: [PATCH 074/320] Use fixed telegram-desktop from unstable --- overlays/overrides.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 1c5070db..34c46f45 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -14,6 +14,10 @@ channels: final: prev: { signal-desktop starship deploy-rs + tdesktop + xdg-desktop-portal + xdg-desktop-portal-gtk + xdg-desktop-portal-wlr ; -- 2.44.2 From 91163d38ed9aedccf0e7b9a714f19b30ff367a7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Wed, 17 Nov 2021 12:05:50 +0100 Subject: [PATCH 075/320] Allow changing the user description --- modules/user/default.nix | 5 +++++ profiles/base-user/default.nix | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/user/default.nix b/modules/user/default.nix index d2edd476..79e32eca 100644 --- a/modules/user/default.nix +++ b/modules/user/default.nix @@ -11,6 +11,11 @@ in type = types.nullOr types.str; default = "nixos"; }; + description = mkOption { + description = "User description"; + type = types.nullOr types.str; + default = "The main PubSolarOS user"; + }; password = mkOption { description = "User password"; type = types.nullOr types.str; diff --git a/profiles/base-user/default.nix b/profiles/base-user/default.nix index e327a736..80ac262e 100644 --- a/profiles/base-user/default.nix +++ b/profiles/base-user/default.nix @@ -15,7 +15,7 @@ in # This automatically sets group to users, createHome to true, # home to /home/username, useDefaultShell to true, and isSystemUser to false. isNormalUser = true; - description = ""; + description = psCfg.user.description; extraGroups = [ "wheel" "docker" "input" "audio" "networkmanager" "lp" "scanner" ]; initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else ""; shell = pkgs.zsh; -- 2.44.2 From 70545abd1bf263c6c5f575fee41ec137af630f95 Mon Sep 17 00:00:00 2001 From: Michael Reddick Date: Sat, 20 Nov 2021 15:58:37 -0600 Subject: [PATCH 076/320] docs: fix typo in start/bootstrapping --- doc/start/bootstrapping.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/start/bootstrapping.md b/doc/start/bootstrapping.md index f4c5190e..b8a0ad04 100644 --- a/doc/start/bootstrapping.md +++ b/doc/start/bootstrapping.md @@ -6,7 +6,7 @@ This will help you boostrap a bare host with the help of the _Note: nothing prevents you from remotely executing the boostrapping process. See below._ -Once your target host has booted into the live iso, you need to partion +Once your target host has booted into the live iso, you need to partition and format your disk according to the [official manual][manual]. ## Mount partitions -- 2.44.2 From b15b8bf86551f0b4ed2c7ac2c569d6784cd25fd7 Mon Sep 17 00:00:00 2001 From: Dmytro Kostiuchenko Date: Mon, 29 Nov 2021 08:44:15 +0200 Subject: [PATCH 077/320] Do not hardcode UID for the exemplary user uid = 1000 is an unreasonable default for an examplary user nixos, because someone trying DevOs on a working NixOS installation likely has their own user with uid=1000 already. The code thus renders /etc/passwd invalid preventing user from logging in --- users/nixos/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/users/nixos/default.nix b/users/nixos/default.nix index 5c037fe8..077a52e4 100644 --- a/users/nixos/default.nix +++ b/users/nixos/default.nix @@ -3,7 +3,6 @@ home-manager.users = { inherit (hmUsers) nixos; }; users.users.nixos = { - uid = 1000; password = "nixos"; description = "default"; isNormalUser = true; -- 2.44.2 From b84d88fc92c6710cff8e294315eb23ceb7ecf40e Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 29 Nov 2021 14:10:21 +0100 Subject: [PATCH 078/320] graphical, sway: disable greetd, auto-login directly to desktop --- modules/crypto/default.nix | 1 - modules/graphical/default.nix | 10 +--------- modules/sway/config/config.d/custom-keybindings.conf | 2 +- modules/sway/config/config.d/systemd.conf | 4 +++- modules/sway/default.nix | 2 -- modules/sway/swayidle.service.nix | 1 + modules/sway/waybar.service.nix | 1 + modules/terminal-life/default.nix | 4 +++- modules/terminal-life/zsh/default.nix | 5 +++++ 9 files changed, 15 insertions(+), 15 deletions(-) diff --git a/modules/crypto/default.nix b/modules/crypto/default.nix index 5d14dcc2..8e9c5ee9 100644 --- a/modules/crypto/default.nix +++ b/modules/crypto/default.nix @@ -15,7 +15,6 @@ in services.pcscd.enable = true; services.gnome.gnome-keyring.enable = true; - security.pam.services.greetd.enableGnomeKeyring = true; home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs; diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index ef628f9a..bbf8f59d 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -49,15 +49,7 @@ in }; }; - services.greetd = { - enable = true; - restart = false; - settings = { - default_session = { - command = "${pkgs.greetd.tuigreet}/bin/tuigreet --time --cmd ${pkgs.sway-service}/bin/sway-service"; - }; - }; - }; + services.getty.autologinUser = "${psCfg.user.name}"; qt5 = { enable = true; diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index 2b7ba20d..6218d900 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -37,7 +37,7 @@ set $mode_system (l)ock, (e)xit, (s)uspend, (h)ibernate, (r)eboot, (Shift+s)hutd bindsym $mod+0 mode "$mode_system" mode "$mode_system" { bindsym l exec swaylock-bg, mode "default" - bindsym e exec systemctl --user stop graphical-session.target, mode "default" + bindsym e exec swaymsg exit, mode "default" bindsym s exec systemctl suspend, mode "default" bindsym h exec systemctl hibernate, mode "default" bindsym r exec systemctl reboot, mode "default" diff --git a/modules/sway/config/config.d/systemd.conf b/modules/sway/config/config.d/systemd.conf index 3fecd355..d6380d41 100644 --- a/modules/sway/config/config.d/systemd.conf +++ b/modules/sway/config/config.d/systemd.conf @@ -3,4 +3,6 @@ # systemctl import-environment is complete, and services that require certain variables # will fail to run. # https://github.com/swaywm/sway/wiki/Systemd-integration -exec "systemctl --user import-environment; systemctl --user start sway-session.target; dbus-update-activation-environment WAYLAND_DISPLAY" +# Also, import the most important environment variables into the D-Bus and systemd +# user environments (e.g. required for screen sharing and Pinentry prompts): +exec "systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP; systemctl --user start sway-session.target; exec dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP; systemd-cat --identifier=sway sway" diff --git a/modules/sway/default.nix b/modules/sway/default.nix index 21f017c0..cfc5733c 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -62,7 +62,6 @@ in swaylock-bg sway-launcher - sway-service import-gtk-settings s wcwd @@ -72,7 +71,6 @@ in #programs.waybar.systemd.enable = true; systemd.user.services.mako = import ./mako.service.nix pkgs; - systemd.user.services.sway = import ./sway.service.nix pkgs; systemd.user.services.swayidle = import ./swayidle.service.nix pkgs; systemd.user.services.xsettingsd = import ./xsettingsd.service.nix pkgs; systemd.user.services.waybar = import ./waybar.service.nix pkgs; diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index a750eacb..0762d3f1 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -9,6 +9,7 @@ pkgs: }; Service = { Type = "simple"; + Environment = "PATH=${pkgs.bash}/bin:${pkgs.sway}/bin:${pkgs.swaylock}/bin"; ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ timeout 600 'swaylock-bg' \ timeout 900 'swaymsg "output * dpms off"' \ diff --git a/modules/sway/waybar.service.nix b/modules/sway/waybar.service.nix index f508f144..ee5e8938 100644 --- a/modules/sway/waybar.service.nix +++ b/modules/sway/waybar.service.nix @@ -10,6 +10,7 @@ pkgs: Service = { Type = "dbus"; + Environment = "PATH=${pkgs.bash}/bin:${pkgs.pavucontrol}/bin"; BusName = "fr.arouillard.waybar"; ExecStart = "${pkgs.waybar}/bin/waybar"; }; diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index 135766cd..17262f77 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -15,7 +15,9 @@ in # Needed to get zsh completion for system packages (e.g. systemd). environment.pathsToLink = [ "/share/zsh" ]; - services.lorri.enable = true; + environment.shells = with pkgs; [ + zsh + ]; environment.systemPackages = with pkgs; [ screen diff --git a/modules/terminal-life/zsh/default.nix b/modules/terminal-life/zsh/default.nix index f4923c50..d892170c 100644 --- a/modules/terminal-life/zsh/default.nix +++ b/modules/terminal-life/zsh/default.nix @@ -18,6 +18,11 @@ in size = 10000; }; + loginExtra = '' + [ "$(tty)" = "/dev/tty1" ] && exec sway + ''; + + shellAliases = { nano = "nvim"; vi = "nvim"; -- 2.44.2 From e84fb19a20fa93e18037d6ab1d8b03f741e40f26 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 29 Nov 2021 14:50:46 +0100 Subject: [PATCH 079/320] sway: hotfix for swayidle, swaylock-bg missing in PATH --- modules/sway/swayidle.service.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index 0762d3f1..597a8779 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -9,7 +9,7 @@ pkgs: }; Service = { Type = "simple"; - Environment = "PATH=${pkgs.bash}/bin:${pkgs.sway}/bin:${pkgs.swaylock}/bin"; + Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock}/bin:${pkgs.swaylock-bg}/bin"; ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ timeout 600 'swaylock-bg' \ timeout 900 'swaymsg "output * dpms off"' \ -- 2.44.2 From 65c8894f47129e1de575f5b83b406afc8b9c2d68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 29 Nov 2021 17:15:00 +0100 Subject: [PATCH 080/320] Remove minimap from nvim, fix mergetool config for git --- modules/terminal-life/nvim/default.nix | 3 +-- profiles/base-user/.config/git/config.nix | 12 ++++++------ 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 8d1be99d..f66ce597 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -70,7 +70,6 @@ in extraPackages = with pkgs; [ ccls - code-minimap gopls nodejs nodePackages.bash-language-server @@ -101,7 +100,6 @@ in ack-vim airline editorconfig-vim - minimap-vim nnn-vim suda syntastic @@ -112,6 +110,7 @@ in sonokai fugitive + diffview-nvim vim-gitgutter vim-rhubarb vimagit diff --git a/profiles/base-user/.config/git/config.nix b/profiles/base-user/.config/git/config.nix index 6b099f87..95812623 100644 --- a/profiles/base-user/.config/git/config.nix +++ b/profiles/base-user/.config/git/config.nix @@ -13,14 +13,14 @@ in pol = pull ack = -c color.grep.linenumber=\"bold yellow\"\n -c color.grep.filename=\"bold green\"\n -c color.grep.match=\"reverse yellow\"\n grep --break --heading --line-number # define command which will be used when "nvim"is set as a merge tool -[mergetool "nvim"] - cmd = /etc/profiles/per-user/${config.pub-solar.user.name}/bin/nvim -f -c \"Gdiffsplit!\" \"$MERGED\" -# set "nvim" as tool for merging -[merge] - tool = /etc/profiles/per-user/${config.pub-solar.user.name}/bin/nvim -# automatically launch merge tool without displaying a prompt + [mergetool] prompt = false +[merge] + tool = nvim +[mergetool "nvim"] + cmd = /etc/profiles/per-user/${config.pub-solar.user.name}/bin/nvim -f -c \"Gdiffsplit!\" \"$MERGED\" + [commit] gpgsign = true [tag] -- 2.44.2 From ea282db4eb3ef18f0bb5fbba4f65150c387f69ca Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 29 Nov 2021 17:25:55 +0100 Subject: [PATCH 081/320] nvim: remove diffview-nvim --- modules/terminal-life/nvim/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index f66ce597..c304c687 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -110,7 +110,6 @@ in sonokai fugitive - diffview-nvim vim-gitgutter vim-rhubarb vimagit -- 2.44.2 From b5500d5e9e1b4dbae09014f7549e72e86df3130f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 29 Nov 2021 19:06:10 +0100 Subject: [PATCH 082/320] Better terminal editing experience * Decrease alacritty font size * Improve file previews in fzf-nvim by removing some copyright notices * Use reverse layout in fzf-nvim to align with zsh file completion --- modules/graphical/alacritty.nix | 2 +- modules/terminal-life/nvim/default.nix | 10 +++++ modules/terminal-life/nvim/init.vim | 41 --------------------- modules/terminal-life/nvim/plugins.vim | 32 ++++++++++++++++ modules/terminal-life/nvim/preview-file.nix | 35 ++++++++++++++++++ 5 files changed, 78 insertions(+), 42 deletions(-) create mode 100644 modules/terminal-life/nvim/preview-file.nix diff --git a/modules/graphical/alacritty.nix b/modules/graphical/alacritty.nix index ef6c6956..f08be710 100644 --- a/modules/graphical/alacritty.nix +++ b/modules/graphical/alacritty.nix @@ -55,7 +55,7 @@ style = "Italic"; }; - size = 18.0; + size = 16.0; offset = { x = 0; diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index f66ce597..d25c1173 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -3,6 +3,8 @@ let psCfg = config.pub-solar; xdg = config.home-manager.users."${psCfg.user.name}".xdg; + preview-file = pkgs.writeShellScriptBin "preview-file" (import ./preview-file.nix pkgs); + sonokai = pkgs.vimUtils.buildVimPlugin { name = "sonokai"; src = pkgs.fetchFromGitHub { @@ -66,6 +68,11 @@ in (builtins.readFile ./ui.vim) (builtins.readFile ./quickfixopenall.vim) (builtins.readFile ./lsp.vim) + '' + " fzf with file preview + command! -bang -nargs=? -complete=dir Files + \ call fzf#vim#files(, { 'options': ['--keep-right', '--cycle', '--layout', 'reverse', '--preview', '${preview-file}/bin/preview-file {}'] }, 0) + '' ]; extraPackages = with pkgs; [ @@ -93,6 +100,9 @@ in ]; plugins = with pkgs.vimPlugins; [ + # Lua async programming library + plenary-nvim + completion-nvim lsp_extensions-nvim nvim-lspconfig diff --git a/modules/terminal-life/nvim/init.vim b/modules/terminal-life/nvim/init.vim index b32a5022..9d4ac597 100644 --- a/modules/terminal-life/nvim/init.vim +++ b/modules/terminal-life/nvim/init.vim @@ -94,47 +94,6 @@ imap (fzf-complete-line) " Clear quickfix shortcut nmap c :ccl -" netrw -let g:netrw_fastbrowse=0 - -" fzf with file preview -command! -bang -nargs=? -complete=dir Files - \ call fzf#vim#files(, fzf#vim#with_preview(), 0) -"command! -bang -nargs=? -complete=dir Files -" \ call fzf#vim#files(, fzf#vim#with_preview({'options': '--preview "' . "grep -Pzo '.*See docs/COPYRIGHT.rdoc for more details(.*\n)*' {}" . '"'}), 0) - -" Auto-FMT rust code on save -let g:rustfmt_autosave = 1 - -" Indenting in html template tags -let g:html_indent_style1 = "inc" - -" yank highlight duration -let g:highlightedyank_highlight_duration = 200 - -" Markdown options -let g:vim_markdown_folding_disabled = 1 - -" Haskell options -let g:haskell_enable_quantification = 1 " to enable highlighting of `forall` -let g:haskell_enable_recursivedo = 1 " to enable highlighting of `mdo` and `rec` -let g:haskell_enable_arrowsyntax = 1 " to enable highlighting of `proc` -let g:haskell_enable_pattern_synonyms = 1 " to enable highlighting of `pattern` -let g:haskell_enable_typeroles = 1 " to enable highlighting of type roles -let g:haskell_enable_static_pointers = 1 " to enable highlighting of `static` -let g:haskell_backpack = 1 " to enable highlighting of backpack keywords - -" Emmet -let g:user_emmet_leader_key='' - -" Minimap settings -let g:minimap_auto_start = 1 - -" Ack -if executable('ag') - let g:ackprg = 'ag --vimgrep' -endif - " Remember cursor position " Vim jumps to the last position when reopening a file if has("autocmd") diff --git a/modules/terminal-life/nvim/plugins.vim b/modules/terminal-life/nvim/plugins.vim index 1ff28d6c..2386826a 100644 --- a/modules/terminal-life/nvim/plugins.vim +++ b/modules/terminal-life/nvim/plugins.vim @@ -41,3 +41,35 @@ nnoremap gP :! git push " git Push " http://vimcasts.org/episodes/fugitive-vim-resolving-merge-conflicts-with-vimdiff/ nmap [ :diffget //2 nmap ] :diffget //3 + +" netrw +let g:netrw_fastbrowse=0 + +" Auto-FMT rust code on save +let g:rustfmt_autosave = 1 + +" Indenting in html template tags +let g:html_indent_style1 = "inc" + +" yank highlight duration +let g:highlightedyank_highlight_duration = 200 + +" Markdown options +let g:vim_markdown_folding_disabled = 1 + +" Haskell options +let g:haskell_enable_quantification = 1 " to enable highlighting of `forall` +let g:haskell_enable_recursivedo = 1 " to enable highlighting of `mdo` and `rec` +let g:haskell_enable_arrowsyntax = 1 " to enable highlighting of `proc` +let g:haskell_enable_pattern_synonyms = 1 " to enable highlighting of `pattern` +let g:haskell_enable_typeroles = 1 " to enable highlighting of type roles +let g:haskell_enable_static_pointers = 1 " to enable highlighting of `static` +let g:haskell_backpack = 1 " to enable highlighting of backpack keywords + +" Emmet +let g:user_emmet_leader_key='' + +" Ack +if executable('ag') + let g:ackprg = 'ag --vimgrep' +endif diff --git a/modules/terminal-life/nvim/preview-file.nix b/modules/terminal-life/nvim/preview-file.nix new file mode 100644 index 00000000..35f608fd --- /dev/null +++ b/modules/terminal-life/nvim/preview-file.nix @@ -0,0 +1,35 @@ +self: with self; '' +IFS=':' read -r -a INPUT <<< "$1" +FILE=''${INPUT[0]} +CENTER=''${INPUT[1]} + +if [[ "$1" =~ ^[A-Za-z]:\\ ]]; then + FILE=$FILE:''${INPUT[1]} + CENTER=''${INPUT[2]} +fi + +if [[ -n "$CENTER" && ! "$CENTER" =~ ^[0-9] ]]; then + exit 1 +fi +CENTER=''${CENTER/[^0-9]*/} + +FILE="''${FILE/#\~\//$HOME/}" +if [ ! -r "$FILE" ]; then + echo "File not found ''${FILE}" + exit 1 +fi + +if [ -z "$CENTER" ]; then + CENTER=0 +fi + +exec cat "$FILE" \ + | sed -e '/[#|\/\/ ?]-- copyright/,/[#\/\/]++/c\\' \ + | ${pkgs.coreutils}/bin/tr -s '\n' \ + | ${pkgs.bat}/bin/bat \ + --style="''${BAT_STYLE:-numbers}" \ + --color=always \ + --pager=never \ + --file-name=''$FILE \ + --highlight-line=$CENTER +'' -- 2.44.2 From dc580d30b75a4c1d09c5966ca0aa1bb2faea9ec8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 29 Nov 2021 19:07:39 +0100 Subject: [PATCH 083/320] Remove useless nvim plugin plenary This dependency plugin is not needed anymore --- modules/terminal-life/nvim/default.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 6dc7e468..b5ebe743 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -100,9 +100,6 @@ in ]; plugins = with pkgs.vimPlugins; [ - # Lua async programming library - plenary-nvim - completion-nvim lsp_extensions-nvim nvim-lspconfig -- 2.44.2 From 40dab652fbb605e238ae5a3c5119e6a3a68285fa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Thu, 2 Dec 2021 12:19:37 +0100 Subject: [PATCH 084/320] Cleanup nvim config, add instant.nvim --- modules/terminal-life/nvim/default.nix | 56 ++++++++++++++++---------- modules/terminal-life/nvim/plugins.vim | 1 + 2 files changed, 35 insertions(+), 22 deletions(-) diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index b5ebe743..2d4a8ee9 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -5,6 +5,16 @@ let preview-file = pkgs.writeShellScriptBin "preview-file" (import ./preview-file.nix pkgs); + instant-nvim = pkgs.vimUtils.buildVimPlugin { + name = "instant"; + src = pkgs.fetchFromGitHub { + owner = "jbyuki"; + repo = "instant.nvim"; + rev = "c02d72267b12130609b7ad39b76cf7f4a3bc9554"; + sha256 = "sha256-7Pr2Au/oGKp5kMXuLsQY4BK5Wny9L1EBdXtyS5EaZPI="; + }; + }; + sonokai = pkgs.vimUtils.buildVimPlugin { name = "sonokai"; src = pkgs.fetchFromGitHub { @@ -53,28 +63,6 @@ in withRuby = true; withPython3 = true; - extraConfig = builtins.concatStringsSep "\n" [ - '' - " Persistent undo - set undofile - set undodir=${xdg.cacheHome}/nvim/undo - - set backupdir=${xdg.dataHome}/nvim/backup - set directory=${xdg.dataHome}/nvim/swap/ - '' - (builtins.readFile ./init.vim) - (builtins.readFile ./plugins.vim) - (builtins.readFile ./clipboard.vim) - (builtins.readFile ./ui.vim) - (builtins.readFile ./quickfixopenall.vim) - (builtins.readFile ./lsp.vim) - '' - " fzf with file preview - command! -bang -nargs=? -complete=dir Files - \ call fzf#vim#files(, { 'options': ['--keep-right', '--cycle', '--layout', 'reverse', '--preview', '${preview-file}/bin/preview-file {}'] }, 0) - '' - ]; - extraPackages = with pkgs; [ ccls gopls @@ -104,6 +92,8 @@ in lsp_extensions-nvim nvim-lspconfig + instant-nvim + ack-vim airline editorconfig-vim @@ -144,4 +134,26 @@ in vim-vue yats-vim ]; + + extraConfig = builtins.concatStringsSep "\n" [ + '' + " Persistent undo + set undofile + set undodir=${xdg.cacheHome}/nvim/undo + + set backupdir=${xdg.dataHome}/nvim/backup + set directory=${xdg.dataHome}/nvim/swap/ + '' + (builtins.readFile ./init.vim) + (builtins.readFile ./plugins.vim) + (builtins.readFile ./clipboard.vim) + (builtins.readFile ./ui.vim) + (builtins.readFile ./quickfixopenall.vim) + (builtins.readFile ./lsp.vim) + '' + " fzf with file preview + command! -bang -nargs=? -complete=dir Files + \ call fzf#vim#files(, { 'options': ['--keep-right', '--cycle', '--layout', 'reverse', '--preview', '${preview-file}/bin/preview-file {}'] }, 0) + '' + ]; } diff --git a/modules/terminal-life/nvim/plugins.vim b/modules/terminal-life/nvim/plugins.vim index 2386826a..2086bfd7 100644 --- a/modules/terminal-life/nvim/plugins.vim +++ b/modules/terminal-life/nvim/plugins.vim @@ -73,3 +73,4 @@ let g:user_emmet_leader_key='' if executable('ag') let g:ackprg = 'ag --vimgrep' endif + -- 2.44.2 From c825128eb4ba0a12f57aad081116d55caa134c11 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 11 Dec 2021 21:08:20 +0100 Subject: [PATCH 085/320] Add looking glass for VMs, switch from scream-ivshmem to qemu-pulse --- modules/gaming/default.nix | 2 ++ modules/virtualisation/default.nix | 17 +++++++++--- ...e.service.nix => scream-pulse.service.nix} | 0 overlays/overrides.nix | 4 +++ pkgs/default.nix | 27 ++++++++++--------- pkgs/lgcl.nix | 3 +++ 6 files changed, 37 insertions(+), 16 deletions(-) rename modules/virtualisation/{scream-ivshmem-pulse.service.nix => scream-pulse.service.nix} (100%) create mode 100644 pkgs/lgcl.nix diff --git a/modules/gaming/default.nix b/modules/gaming/default.nix index 21c54bac..00939e82 100644 --- a/modules/gaming/default.nix +++ b/modules/gaming/default.nix @@ -19,6 +19,8 @@ in home.packages = [ playonlinux godot + obs-studio + obs-studio-plugins.wlrobs ]; }; }; diff --git a/modules/virtualisation/default.nix b/modules/virtualisation/default.nix index c97db9d2..4d588622 100644 --- a/modules/virtualisation/default.nix +++ b/modules/virtualisation/default.nix @@ -3,6 +3,8 @@ with lib; let psCfg = config.pub-solar; cfg = config.pub-solar.virtualisation; + doesGaming = config.pub-solar.gaming.enable; + extraObsPlugins = if doesGaming then [ pkgs.obs-studio-plugins.looking-glass-obs ] else [ ]; in { options.pub-solar.virtualisation = { @@ -32,17 +34,26 @@ in virt-manager python38Packages.libvirt gvfs - scream edk2 OVMF win-virtio + looking-glass-client + lgcl ]; home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { xdg.dataFile."libvirt/.keep".text = "# this file is here to generate the directory"; + home.packages = extraObsPlugins; }; - systemd.tmpfiles.rules = [ "f /dev/shm/scream-ivshmem 0660 ${psCfg.user.name} kvm" ]; - systemd.user.services.scream-ivshmem-pulse = import ./scream-ivshmem-pulse.service.nix pkgs; + systemd.tmpfiles.rules = [ + "f /dev/shm/looking-glass 0660 ${psCfg.user.name} kvm" + ]; + networking.bridges.virbr1.interfaces = [ ]; + networking.interfaces.virbr1 = { + ipv4.addresses = [ + { address = "192.168.123.1"; prefixLength = 24; } + ]; + }; }; } diff --git a/modules/virtualisation/scream-ivshmem-pulse.service.nix b/modules/virtualisation/scream-pulse.service.nix similarity index 100% rename from modules/virtualisation/scream-ivshmem-pulse.service.nix rename to modules/virtualisation/scream-pulse.service.nix diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 34c46f45..d2d7793c 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -12,12 +12,16 @@ channels: final: prev: { nixpkgs-fmt qutebrowser signal-desktop + tdesktop starship deploy-rs tdesktop xdg-desktop-portal xdg-desktop-portal-gtk xdg-desktop-portal-wlr + obs-studio + obs-studio-plugins + looking-glass-client ; diff --git a/pkgs/default.nix b/pkgs/default.nix index a096f93e..312e685f 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,18 +1,19 @@ final: prev: - with final; { +with final; { # keep sources this first sources = prev.callPackage (import ./_sources/generated.nix) { }; # then, call packages with `final.callPackage` - import-gtk-settings = writeShellScriptBin "import-gtk-settings" (import ./import-gtk-settings.nix final); - mailto-mutt = writeShellScriptBin "mailto-mutt" (import ./mailto-mutt.nix final); - mopidy-jellyfin = import ./mopidy-jellyfin.nix final; - mu = writeShellScriptBin "mu" (import ./mu.nix final); - psos = writeShellScriptBin "psos" (import ./psos.nix final); - s = writeShellScriptBin "s" (import ./s.nix final); - sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final); - sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final); - swaylock-bg = writeScriptBin "swaylock-bg" (import ./swaylock-bg.nix final); - toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); - uhk-agent = import ./uhk-agent.nix final; - wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); + import-gtk-settings = writeShellScriptBin "import-gtk-settings" (import ./import-gtk-settings.nix final); + lgcl = writeShellScriptBin "lgcl" (import ./lgcl.nix final); + mailto-mutt = writeShellScriptBin "mailto-mutt" (import ./mailto-mutt.nix final); + mopidy-jellyfin = import ./mopidy-jellyfin.nix final; + mu = writeShellScriptBin "mu" (import ./mu.nix final); + psos = writeShellScriptBin "psos" (import ./psos.nix final); + s = writeShellScriptBin "s" (import ./s.nix final); + sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final); + sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final); + swaylock-bg = writeScriptBin "swaylock-bg" (import ./swaylock-bg.nix final); + toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); + uhk-agent = import ./uhk-agent.nix final; + wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); } diff --git a/pkgs/lgcl.nix b/pkgs/lgcl.nix new file mode 100644 index 00000000..4ef2dac9 --- /dev/null +++ b/pkgs/lgcl.nix @@ -0,0 +1,3 @@ +self: with self; '' + ${self.looking-glass-client}/bin/looking-glass-client -f /dev/shm/looking-glass input:ignoreWindowsKeys=yes input:grabKeyboardOnFocus=no +'' -- 2.44.2 From 8abf715ca9dd7145b6dbf1ee809ff1a5a631cbbd Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 14 Dec 2021 15:15:56 +0100 Subject: [PATCH 086/320] Prevent merge conflicts with upstream in overlays --- overlays/overrides.nix | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/overlays/overrides.nix b/overlays/overrides.nix index d2d7793c..5c114143 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -6,15 +6,16 @@ channels: final: prev: { cachix dhall discord - element-desktop-wayland + element-desktop rage - neovim-unwrapped nixpkgs-fmt qutebrowser signal-desktop - tdesktop starship deploy-rs + + element-desktop-wayland + neovim-unwrapped tdesktop xdg-desktop-portal xdg-desktop-portal-gtk -- 2.44.2 From e45744d6feceab6af9003860aa62afc14657a19b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 16 Dec 2021 18:12:27 +0100 Subject: [PATCH 087/320] Only notify upon drone step failure --- .drone.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 8dcf9bbb..3b63dc6f 100644 --- a/.drone.yml +++ b/.drone.yml @@ -67,7 +67,6 @@ steps: image: plugins/matrix when: status: - - success - failure event: - cron -- 2.44.2 From 6151d02b8dd9c74f0ce645cdd0c6309adbf57673 Mon Sep 17 00:00:00 2001 From: David Arnold Date: Mon, 29 Nov 2021 17:37:02 -0500 Subject: [PATCH 088/320] rm: use of patched nix for nixos 21.11 enabled digga - patched nix held the follows patch which is now upstreamed --- flake.lock | 101 +++++++++++++++++++---------------------------------- flake.nix | 5 ++- 2 files changed, 37 insertions(+), 69 deletions(-) diff --git a/flake.lock b/flake.lock index 02e7a7d2..0465ccb7 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1620877075, - "narHash": "sha256-XvgTqtmQZHegu9UMDSR50gK5cHEM2gbnRH0qecmdN54=", + "lastModified": 1637793790, + "narHash": "sha256-oPXavjxETEWGXq8g7kQHyRLKUmLX2yPtGn+t3V0mrTY=", "owner": "ryantm", "repo": "agenix", - "rev": "e543aa7d68f222e1e771165da9e9a64b5bf7b3e3", + "rev": "f85eea0e29fa9a8924571d0e398215e175f80d55", "type": "github" }, "original": { @@ -70,11 +70,11 @@ ] }, "locked": { - "lastModified": 1633373878, - "narHash": "sha256-9+ziZ8l6rq3yXyY6B0wYXrVdfxr6cdpEbPEGRHywBKc=", + "lastModified": 1633877936, + "narHash": "sha256-+o3n6s7fR8dBGRldTGelyp2j3jSyTlrniOXwNfmMG20=", "owner": "divnix", "repo": "bud", - "rev": "4e709a2fcf19df500ba87d9c3b1b1481401cd53b", + "rev": "15df091133ff95216c321b09be04905c0a0944c4", "type": "github" }, "original": { @@ -90,11 +90,11 @@ ] }, "locked": { - "lastModified": 1622060422, - "narHash": "sha256-hPVlvrAyf6zL7tTx0lpK+tMxEfZeMiIZ/A2xaJ41WOY=", + "lastModified": 1634994402, + "narHash": "sha256-xmlCVVOYGpZoxgOqsDOVF0B0ASrnbNGVAEzID9qh2xo=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "007d700e644ac588ad6668e6439950a5b6e2ff64", + "rev": "44da835ac40dab5fd231298b59d83487382d2fab", "type": "github" }, "original": { @@ -165,11 +165,11 @@ ] }, "locked": { - "lastModified": 1632959483, - "narHash": "sha256-jXogai6e+QRtiZFBOrMmYdeLXejzVT91kuDKu2RuJ10=", + "lastModified": 1634161492, + "narHash": "sha256-7OZz7DqAhO+3axY68xsMXAyD+b5gJgVXuKjslTSCM3Y=", "owner": "divnix", "repo": "digga", - "rev": "6549cf4c87d1a77138cbecbc6bb9483c20572cd7", + "rev": "a55450a16d362b6e1c50bb4025aaa604b385d3ba", "type": "github" }, "original": { @@ -245,27 +245,6 @@ "type": "github" } }, - "home": { - "inputs": { - "nixpkgs": [ - "nixos" - ] - }, - "locked": { - "lastModified": 1624228557, - "narHash": "sha256-wwOqe73BsrXfRv1PhyXQFNC8iTET50KvE/HitdkRgxs=", - "owner": "nix-community", - "repo": "home-manager", - "rev": "35a24648d155843a4d162de98c17b1afd5db51e4", - "type": "github" - }, - "original": { - "owner": "nix-community", - "ref": "release-21.05", - "repo": "home-manager", - "type": "github" - } - }, "latest": { "locked": { "lastModified": 1632660378, @@ -284,11 +263,11 @@ }, "latest_2": { "locked": { - "lastModified": 1627942574, - "narHash": "sha256-guUcGRWvY2mfiVSet2x/zeHIyflm2wgglj0ldg0mMio=", + "lastModified": 1638198142, + "narHash": "sha256-plU9b8r4St6q4U7VHtG9V7oF8k9fIpfXl/KDaZLuY9k=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c464dc811babfe316ed4ab7bbc12351122e69dd7", + "rev": "8a308775674e178495767df90c419425474582a1", "type": "github" }, "original": { @@ -322,11 +301,11 @@ ] }, "locked": { - "lastModified": 1623927034, - "narHash": "sha256-sGxlmfp5eXL5sAMNqHSb04Zq6gPl+JeltIZ226OYN0w=", + "lastModified": 1638203339, + "narHash": "sha256-Sz3iCvbWrVWOD/XfYQeRJgP/7MVYL3/VKsNXvDeWBFc=", "owner": "nmattia", "repo": "naersk", - "rev": "e09c320446c5c2516d430803f7b19f5833781337", + "rev": "c3e56b8a4ffb6d906cdfcfee034581f9a8ece571", "type": "github" }, "original": { @@ -357,22 +336,6 @@ "type": "github" } }, - "nixos": { - "locked": { - "lastModified": 1628203131, - "narHash": "sha256-jQgXeJ9NQQS0Eobb/qQOvS+RRULkqRikAeXkkFKOPDA=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "178da37860823d35e801c7df2f73d7866d3d598a", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "release-21.05", - "repo": "nixpkgs", - "type": "github" - } - }, "nixos-generators": { "inputs": { "nixlib": [ @@ -400,11 +363,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1625333638, - "narHash": "sha256-M6J9RN60XJyv6nUfDFCwnz5aVjhe8+GJnV8Q9VpdQQQ=", + "lastModified": 1638182287, + "narHash": "sha256-vBzf+hbTJz2ZdXV/DWirl6wOO7tjdqzTIU+0FANt65U=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "41775780a0b6b32b3d32dcc32bb9bc6df809062d", + "rev": "6b3f79de09c3de7c91ab51e55e87879f61b6faec", "type": "github" }, "original": { @@ -415,11 +378,11 @@ }, "nur": { "locked": { - "lastModified": 1626378135, - "narHash": "sha256-koC6DBYmLCrgXA+AMHVaODf1uHYPmvcFygHfy3eg6vI=", + "lastModified": 1638219753, + "narHash": "sha256-xARa9i5KHtpfekdHMo556BmlI/BCV4jz+qHZVhUx4Wg=", "owner": "nix-community", "repo": "NUR", - "rev": "00c2ec8f0bbdf0cfb2135bde55fbae5d6b64aa6d", + "rev": "95c40f4ecb1238bae0a179a4d02b43e1ce8af554", "type": "github" }, "original": { @@ -444,11 +407,11 @@ ] }, "locked": { - "lastModified": 1632700276, - "narHash": "sha256-XABvQUq2qv+YcQxW93DnU8mgtVsGJWyhcznny/Lbp0Q=", + "lastModified": 1634524567, + "narHash": "sha256-v9ZTZj1WNQaaVfs1P1mUPuh518mmwpqszj1EjdeGUmc=", "owner": "berberman", "repo": "nvfetcher", - "rev": "248fe98ed1bc352ce164d08a9e76fdc5f301ba2d", + "rev": "807513f4bbd0e3b5863f4c3b91f8ac846ed6da9b", "type": "github" }, "original": { @@ -506,14 +469,20 @@ "digga", "flake-utils-plus" ], - "home": "home", + "home": [ + "digga", + "home-manager" + ], "latest": "latest_2", "naersk": "naersk", "nixlib": [ "digga", "nixlib" ], - "nixos": "nixos", + "nixos": [ + "digga", + "nixpkgs" + ], "nixos-hardware": "nixos-hardware", "nixpkgs": [ "nixos" diff --git a/flake.nix b/flake.nix index d87fdce1..ffc744c3 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,7 @@ inputs = { - nixos.url = "github:nixos/nixpkgs/release-21.05"; + nixos.url = "github:nixos/nixpkgs/release-21.11"; latest.url = "github:nixos/nixpkgs/nixos-unstable"; digga.url = "github:divnix/digga"; @@ -19,7 +19,7 @@ bud.inputs.nixpkgs.follows = "nixos"; bud.inputs.devshell.follows = "digga/devshell"; - home.url = "github:nix-community/home-manager/release-21.05"; + home.url = "github:nix-community/home-manager/release-21.11"; home.inputs.nixpkgs.follows = "nixos"; darwin.url = "github:LnL7/nix-darwin"; @@ -73,7 +73,6 @@ nixos = { imports = [ (digga.lib.importOverlays ./overlays) ]; overlays = [ - digga.overlays.patchedNix nur.overlay agenix.overlay nvfetcher.overlay -- 2.44.2 From 838bcd1f5114c93473fdd920d49dc5abba6577bf Mon Sep 17 00:00:00 2001 From: David Arnold Date: Mon, 29 Nov 2021 18:07:21 -0500 Subject: [PATCH 089/320] nix-direnv: rm enableFlakes and pass nixUnstable > Failed assertions: - The option definition `programs.direnv.nix-direnv.enableFlakes' in `/nix/store/pv3vi4n7x83r4sc3ljqdgg9qifr4n5gp-source/users/profiles/direnv' no longer has any effect; please remove it. Flake support is now always enabled. --- overlays/overrides.nix | 2 ++ overlays/various-flake-fixes.nix | 11 ----------- users/profiles/direnv/default.nix | 1 - 3 files changed, 2 insertions(+), 12 deletions(-) delete mode 100644 overlays/various-flake-fixes.nix diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 597817b2..4b48b6d1 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -15,6 +15,8 @@ channels: final: prev: { deploy-rs ; + # nix is set to 2.3 in 21.11 + nix-direnv = prev.nix-direnv.override { nix = prev.nixUnstable; }; haskellPackages = prev.haskellPackages.override (old: { diff --git a/overlays/various-flake-fixes.nix b/overlays/various-flake-fixes.nix deleted file mode 100644 index 7dbfc18b..00000000 --- a/overlays/various-flake-fixes.nix +++ /dev/null @@ -1,11 +0,0 @@ -final: prev: { - # Since: https://github.com/NixOS/nixpkgs/pull/126137 - nix-direnv = - if builtins.hasAttr "enableFlakes" prev.nix-direnv.override.__functionArgs - then - prev.nix-direnv.override - { - enableFlakes = true; - } - else prev.nix-direnv; -} diff --git a/users/profiles/direnv/default.nix b/users/profiles/direnv/default.nix index d345e2d3..67ff2113 100644 --- a/users/profiles/direnv/default.nix +++ b/users/profiles/direnv/default.nix @@ -3,7 +3,6 @@ enable = true; nix-direnv = { enable = true; - enableFlakes = true; }; }; } -- 2.44.2 From a319aed9f4e21ac096891077bc217af1a38803c7 Mon Sep 17 00:00:00 2001 From: David Arnold Date: Mon, 29 Nov 2021 19:38:56 -0500 Subject: [PATCH 090/320] imp: move follows responsibility downstream - also remove unimportant (small) depenencies from follows management - so that it is less complex as errors occur, since: - it seems there are still follows issues present upstream --- flake.lock | 402 ++++++++++++++++++++++++++++++++---------------- flake.nix | 31 ++-- shell/devos.nix | 7 +- 3 files changed, 277 insertions(+), 163 deletions(-) diff --git a/flake.lock b/flake.lock index 0465ccb7..2a3e6163 100644 --- a/flake.lock +++ b/flake.lock @@ -3,7 +3,7 @@ "agenix": { "inputs": { "nixpkgs": [ - "latest" + "nixos" ] }, "locked": { @@ -23,10 +23,7 @@ "beautysh": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": [ - "bud", - "nixpkgs" - ], + "nixpkgs": "nixpkgs", "poetry2nix": "poetry2nix" }, "locked": { @@ -86,7 +83,7 @@ "darwin": { "inputs": { "nixpkgs": [ - "latest" + "nixos" ] }, "locked": { @@ -105,37 +102,34 @@ }, "deploy": { "inputs": { + "fenix": "fenix", "flake-compat": "flake-compat", "nixpkgs": [ - "digga", - "latest" + "nixos" ], - "utils": [ - "digga", - "flake-utils" - ] + "utils": "utils" }, "locked": { - "lastModified": 1632822684, - "narHash": "sha256-lt7eayYmgsD5OQwpb1XYfHpxttn43bWo7G7hIJs+zJw=", - "owner": "serokell", + "lastModified": 1637357482, + "narHash": "sha256-mMRxOlcQs3V9cZYsKGKWEjl+oqclhaH1SKT3QGeTQ0Q=", + "owner": "input-output-hk", "repo": "deploy-rs", - "rev": "9a02de4373e0ec272d08a417b269a28ac8b961b4", + "rev": "5a6db26726ec8c7904aea5bcdf13589342386f9d", "type": "github" }, "original": { - "owner": "serokell", + "owner": "input-output-hk", "repo": "deploy-rs", "type": "github" } }, "devshell": { "locked": { - "lastModified": 1632436039, - "narHash": "sha256-OtITeVWcKXn1SpVEnImpTGH91FycCskGBPqmlxiykv4=", + "lastModified": 1637575296, + "narHash": "sha256-ZY8YR5u8aglZPe27+AJMnPTG6645WuavB+w0xmhTarw=", "owner": "numtide", "repo": "devshell", - "rev": "7a7a7aa0adebe5488e5abaec688fd9ae0f8ea9c6", + "rev": "0e56ef21ba1a717169953122c7415fa6a8cd2618", "type": "github" }, "original": { @@ -147,15 +141,16 @@ "digga": { "inputs": { "blank": "blank", - "deploy": "deploy", + "deploy": [ + "deploy" + ], "devshell": "devshell", - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "flake-utils-plus": "flake-utils-plus", "home-manager": [ "home" ], "latest": "latest", - "nix": "nix", "nixlib": [ "nixos" ], @@ -165,11 +160,11 @@ ] }, "locked": { - "lastModified": 1634161492, - "narHash": "sha256-7OZz7DqAhO+3axY68xsMXAyD+b5gJgVXuKjslTSCM3Y=", + "lastModified": 1640031018, + "narHash": "sha256-ZzyS803XuCl99XE4581m0Suni+q1Hz+Mpw6A9bs7VKM=", "owner": "divnix", "repo": "digga", - "rev": "a55450a16d362b6e1c50bb4025aaa604b385d3ba", + "rev": "3157889810e51a1ae03f82bf6bf6657ba8cf93c6", "type": "github" }, "original": { @@ -178,6 +173,25 @@ "type": "github" } }, + "fenix": { + "inputs": { + "nixpkgs": "nixpkgs_3", + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1637303083, + "narHash": "sha256-e2A5JBjxYNpjoGd53K0oVUUaS9ojwOT5rnThyPNS46M=", + "owner": "nix-community", + "repo": "fenix", + "rev": "8294ceadbbbe1a886640bfcc15f5a02a2b471955", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -194,6 +208,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1627913399, + "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1623875721, @@ -211,17 +241,14 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": [ - "digga", - "flake-utils" - ] + "flake-utils": "flake-utils_4" }, "locked": { - "lastModified": 1630859749, - "narHash": "sha256-qkoU2rIbbP2+T0dfcqXW35GCWNsi0Y1IgN9BELmt4Zo=", + "lastModified": 1638994888, + "narHash": "sha256-iz/ynGNZlvqKCOnFrEKqGA+BVKGQMG+g2JT+e3OOLN8=", "owner": "divnix", "repo": "flake-utils-plus", - "rev": "a4e267e3fc87e60c5029c6c3855935ff1ff3018e", + "rev": "b4f9f517574cb7bd6ee3f19c72c19634c9f536e1", "type": "github" }, "original": { @@ -232,11 +259,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", "owner": "numtide", "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", "type": "github" }, "original": { @@ -245,13 +272,79 @@ "type": "github" } }, + "flake-utils_3": { + "locked": { + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "locked": { + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "locked": { + "lastModified": 1631561581, + "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "home": { + "inputs": { + "nixpkgs": [ + "nixos" + ] + }, + "locked": { + "lastModified": 1637917557, + "narHash": "sha256-3u5bLyGn5NUG3RJA7/v1Bqa/QCFGqp/01Bh/4REf9m4=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "4daff26495ca9ac67476cba8cf15c3e36d91ab18", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-21.11", + "repo": "home-manager", + "type": "github" + } + }, "latest": { "locked": { - "lastModified": 1632660378, - "narHash": "sha256-sjA8eQlnyDjDLyAyq3XlJmN0nqW0ftl/pb7VnMg86L0=", + "lastModified": 1638198142, + "narHash": "sha256-plU9b8r4St6q4U7VHtG9V7oF8k9fIpfXl/KDaZLuY9k=", "owner": "nixos", "repo": "nixpkgs", - "rev": "31ffc50c571e6683e9ecc9dbcbd4a8e9914b4497", + "rev": "8a308775674e178495767df90c419425474582a1", "type": "github" }, "original": { @@ -277,27 +370,10 @@ "type": "github" } }, - "lowdown-src": { - "flake": false, - "locked": { - "lastModified": 1617481909, - "narHash": "sha256-SqnfOFuLuVRRNeVJr1yeEPJue/qWoCp5N6o5Kr///p4=", - "owner": "kristapsdz", - "repo": "lowdown", - "rev": "148f9b2f586c41b7e36e73009db43ea68c7a1a4d", - "type": "github" - }, - "original": { - "owner": "kristapsdz", - "ref": "VERSION_0_8_4", - "repo": "lowdown", - "type": "github" - } - }, "naersk": { "inputs": { "nixpkgs": [ - "latest" + "nixos" ] }, "locked": { @@ -314,45 +390,48 @@ "type": "github" } }, - "nix": { - "inputs": { - "lowdown-src": "lowdown-src", - "nixpkgs": [ - "digga", - "nixpkgs" - ] - }, + "nixlib": { "locked": { - "lastModified": 1630335771, - "narHash": "sha256-eljjEPJdLK3aDskF7qX4YM/6KCq+w9nr+IKhrKW/AIQ=", + "lastModified": 1640478849, + "narHash": "sha256-S4lNc3fb9UpYgVtTa/mZZXphq7+xGy74YGIlOWB1ceE=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "c85a293f7d094a799dcf1197c31925bc44e94d6b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, + "nixos": { + "locked": { + "lastModified": 1638231428, + "narHash": "sha256-Sm5loBKdeusSvIAC+LtzRT6I7tAcqZdIPnHcxZt7NaE=", "owner": "nixos", - "repo": "nix", - "rev": "50a35860ee9237d341948437c5f70a7f0987d393", + "repo": "nixpkgs", + "rev": "393c5357a0071d51668bcdc69dfc25ddacbd5840", "type": "github" }, "original": { "owner": "nixos", - "repo": "nix", + "ref": "release-21.11", + "repo": "nixpkgs", "type": "github" } }, "nixos-generators": { "inputs": { - "nixlib": [ - "digga", - "nixlib" - ], - "nixpkgs": [ - "digga", - "blank" - ] + "nixlib": "nixlib", + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1624973746, - "narHash": "sha256-11JbJRduNwyf556gndGErR5/12ceyHOHBfEuha5Vws4=", + "lastModified": 1637655461, + "narHash": "sha256-kXZPbclN3gKwjhp2/RYFDFpAsSBwzX1iLF4EcnHZsPQ=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "022ef440af8dc237ab1f59fa363cb1e25783ec3e", + "rev": "05a3eb158a9c7746a5d463726d7f7cccf07500e4", "type": "github" }, "original": { @@ -376,13 +455,76 @@ "type": "github" } }, + "nixpkgs": { + "locked": { + "lastModified": 1640599962, + "narHash": "sha256-j/M2VunVu+h8entxSi/OUlz2AVP4SxHIBzs6bI++tRs=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "4e3c158740c2a7bfbfb4b2956d5782c4bff19f9c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1640635827, + "narHash": "sha256-Sltztf2a07hiNzdHECOL43RVDRdNKm5RdsSYS7iNxz4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "ad86f7d78fa8e48a0ee096b2bdf7d6f842ca9317", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1636976544, + "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "931ab058daa7e4cd539533963f95e2bb0dbd41e6", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1640418986, + "narHash": "sha256-a8GGtxn2iL3WAkY5H+4E0s3Q7XJt6bTOvos9qqxT5OQ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5c37ad87222cfc1ec36d6cd1364514a9efc2f7f2", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "locked": { - "lastModified": 1638219753, - "narHash": "sha256-xARa9i5KHtpfekdHMo556BmlI/BCV4jz+qHZVhUx4Wg=", + "lastModified": 1638231901, + "narHash": "sha256-XzuvFTmsXULdWynQWzgaPHikepNhjEpK4o5WXfmRqek=", "owner": "nix-community", "repo": "NUR", - "rev": "95c40f4ecb1238bae0a179a4d02b43e1ce8af554", + "rev": "4e68fb3d8f48e91196deb13f44bcfb421da25afb", "type": "github" }, "original": { @@ -392,18 +534,10 @@ }, "nvfetcher": { "inputs": { - "flake-compat": [ - "digga", - "deploy", - "flake-compat" - ], - "flake-utils": [ - "digga", - "flake-utils-plus", - "flake-utils" - ], + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_5", "nixpkgs": [ - "latest" + "nixos" ] }, "locked": { @@ -422,16 +556,8 @@ }, "poetry2nix": { "inputs": { - "flake-utils": [ - "bud", - "beautysh", - "flake-utils" - ], - "nixpkgs": [ - "bud", - "beautysh", - "nixpkgs" - ] + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1625240517, @@ -450,46 +576,50 @@ "root": { "inputs": { "agenix": "agenix", - "blank": [ - "digga", - "blank" - ], "bud": "bud", "darwin": "darwin", - "deploy": [ - "digga", - "deploy" - ], + "deploy": "deploy", "digga": "digga", - "flake-utils": [ - "digga", - "flake-utils" - ], - "flake-utils-plus": [ - "digga", - "flake-utils-plus" - ], - "home": [ - "digga", - "home-manager" - ], + "home": "home", "latest": "latest_2", "naersk": "naersk", - "nixlib": [ - "digga", - "nixlib" - ], - "nixos": [ - "digga", - "nixpkgs" - ], + "nixos": "nixos", "nixos-hardware": "nixos-hardware", - "nixpkgs": [ - "nixos" - ], "nur": "nur", "nvfetcher": "nvfetcher" } + }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1637268320, + "narHash": "sha256-lxB1r+7cmZisiGLx0tZ2LaC6X/EcQTbRIWZfnLIIgs4=", + "owner": "rust-analyzer", + "repo": "rust-analyzer", + "rev": "f0da9406bcbde1bc727242b481d8de825e84f59a", + "type": "github" + }, + "original": { + "owner": "rust-analyzer", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, + "utils": { + "locked": { + "lastModified": 1637014545, + "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index ffc744c3..550d3436 100644 --- a/flake.nix +++ b/flake.nix @@ -1,7 +1,7 @@ { description = "A highly structured configuration database."; - nixConfig.extra-experimental-features = "nix-command flakes ca-references"; + nixConfig.extra-experimental-features = "nix-command flakes"; nixConfig.extra-substituters = "https://nrdxp.cachix.org https://nix-community.cachix.org"; nixConfig.extra-trusted-public-keys = "nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="; @@ -14,6 +14,7 @@ digga.inputs.nixpkgs.follows = "nixos"; digga.inputs.nixlib.follows = "nixos"; digga.inputs.home-manager.follows = "home"; + digga.inputs.deploy.follows = "deploy"; bud.url = "github:divnix/bud"; bud.inputs.nixpkgs.follows = "nixos"; @@ -23,31 +24,21 @@ home.inputs.nixpkgs.follows = "nixos"; darwin.url = "github:LnL7/nix-darwin"; - darwin.inputs.nixpkgs.follows = "latest"; + darwin.inputs.nixpkgs.follows = "nixos"; - deploy.follows = "digga/deploy"; + deploy.url = "github:input-output-hk/deploy-rs"; + deploy.inputs.nixpkgs.follows = "nixos"; agenix.url = "github:ryantm/agenix"; - agenix.inputs.nixpkgs.follows = "latest"; + agenix.inputs.nixpkgs.follows = "nixos"; nvfetcher.url = "github:berberman/nvfetcher"; - nvfetcher.inputs.nixpkgs.follows = "latest"; - nvfetcher.inputs.flake-compat.follows = "digga/deploy/flake-compat"; - nvfetcher.inputs.flake-utils.follows = "digga/flake-utils-plus/flake-utils"; + nvfetcher.inputs.nixpkgs.follows = "nixos"; naersk.url = "github:nmattia/naersk"; - naersk.inputs.nixpkgs.follows = "latest"; + naersk.inputs.nixpkgs.follows = "nixos"; nixos-hardware.url = "github:nixos/nixos-hardware"; - - # start ANTI CORRUPTION LAYER - # remove after https://github.com/NixOS/nix/pull/4641 - nixpkgs.follows = "nixos"; - nixlib.follows = "digga/nixlib"; - blank.follows = "digga/blank"; - flake-utils-plus.follows = "digga/flake-utils-plus"; - flake-utils.follows = "digga/flake-utils"; - # end ANTI CORRUPTION LAYER }; outputs = @@ -79,11 +70,7 @@ ./pkgs/default.nix ]; }; - latest = { - overlays = [ - deploy.overlay - ]; - }; + latest = { }; }; lib = import ./lib { lib = digga.lib // nixos.lib; }; diff --git a/shell/devos.nix b/shell/devos.nix index 6f01267f..dd6f75ef 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -1,4 +1,4 @@ -{ pkgs, extraModulesPath, ... }: +{ pkgs, extraModulesPath, inputs, ... }: let hooks = import ./hooks; @@ -43,12 +43,9 @@ in (linter editorconfig-checker) # (docs python3Packages.grip) too many deps (docs mdbook) + (devos inputs.deploy.packages.${pkgs.system}.deploy-rs) ] - ++ lib.optional - (pkgs ? deploy-rs) - (devos deploy-rs.deploy-rs) - ++ lib.optional (system != "i686-linux") (devos cachix) -- 2.44.2 From ceffec93925f2068f8d89ef79fa86797b6b59077 Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Wed, 29 Dec 2021 14:42:51 -0800 Subject: [PATCH 091/320] profiles/core: add comments for each option --- profiles/core/default.nix | 28 ++++++++++++++++++---------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index d2801d89..c1aed3fa 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -2,12 +2,21 @@ let inherit (lib) fileContents; in { + # Sets nrdxp.cachix.org binary cache which just speeds up some builds imports = [ ../cachix ]; + # For rage encryption, all hosts need a ssh key pair + services.openssh = { + enable = true; + openFirewall = lib.mkDefault false; + }; + + # This is just a representation of the nix default nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; environment = { + # Selection of sysadmin tools that can come in handy systemPackages = with pkgs; [ binutils coreutils @@ -33,6 +42,8 @@ in whois ]; + # Starship is a fast and featureful shell prompt + # starship.toml has sane defaults that can be changed there shellInit = '' export STARSHIP_CONFIG=${ pkgs.writeText "starship.toml" @@ -113,18 +124,18 @@ in nix = { + # Improve nix store disk usage autoOptimiseStore = true; - gc.automatic = true; - optimise.automatic = true; + # Prevents impurities in builds useSandbox = true; - allowedUsers = [ "@wheel" ]; - + # give root and @wheel special privileges with nix trustedUsers = [ "root" "@wheel" ]; + # Generally useful nix option defaults extraOptions = '' min-free = 536870912 keep-outputs = true @@ -135,20 +146,17 @@ in }; programs.bash = { + # Enable starship promptInit = '' eval "$(${pkgs.starship}/bin/starship init bash)" ''; + # Enable direnv, a tool for managing shell environments interactiveShellInit = '' eval "$(${pkgs.direnv}/bin/direnv hook bash)" ''; }; - # For rage encryption, all hosts need a ssh key pair - services.openssh = { - enable = true; - openFirewall = lib.mkDefault false; - }; - + # Service that makes Out of Memory Killer more effective services.earlyoom.enable = true; } -- 2.44.2 From 87f1d7da18e44a8386bf31a0ee82da8f3ad0ae51 Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Wed, 29 Dec 2021 15:41:58 -0800 Subject: [PATCH 092/320] bud: move to shell and use git clone for get --- bud/get.bash | 1 - flake.nix | 2 +- {bud => shell/bud}/default.nix | 0 shell/bud/get.bash | 1 + 4 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 bud/get.bash rename {bud => shell/bud}/default.nix (100%) create mode 100644 shell/bud/get.bash diff --git a/bud/get.bash b/bud/get.bash deleted file mode 100644 index b88081b4..00000000 --- a/bud/get.bash +++ /dev/null @@ -1 +0,0 @@ -nix flake new -t "github:divnix/devos/main" "${2:-devos}" diff --git a/flake.nix b/flake.nix index 550d3436..50402527 100644 --- a/flake.nix +++ b/flake.nix @@ -141,7 +141,7 @@ } // { - budModules = { devos = import ./bud; }; + budModules = { devos = import ./shell/bud; }; } ; } diff --git a/bud/default.nix b/shell/bud/default.nix similarity index 100% rename from bud/default.nix rename to shell/bud/default.nix diff --git a/shell/bud/get.bash b/shell/bud/get.bash new file mode 100644 index 00000000..7c10d1ba --- /dev/null +++ b/shell/bud/get.bash @@ -0,0 +1 @@ +git clone https://github.com/divnix/devos.git "${2:-devos}" -- 2.44.2 From 1cbf28f445caabc4f89798a7447ee0bee580b81b Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Wed, 29 Dec 2021 19:49:19 -0800 Subject: [PATCH 093/320] flake: update bud input fixes #406 --- flake.lock | 41 ++++++++++++++--------------------------- 1 file changed, 14 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 2a3e6163..774055b5 100644 --- a/flake.lock +++ b/flake.lock @@ -23,7 +23,10 @@ "beautysh": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", + "nixpkgs": [ + "bud", + "nixpkgs" + ], "poetry2nix": "poetry2nix" }, "locked": { @@ -67,11 +70,11 @@ ] }, "locked": { - "lastModified": 1633877936, - "narHash": "sha256-+o3n6s7fR8dBGRldTGelyp2j3jSyTlrniOXwNfmMG20=", + "lastModified": 1640836100, + "narHash": "sha256-My9Lay6BCDwAZgrL4SuVXHkYPHIU7ypnuiS/pd7eg1M=", "owner": "divnix", "repo": "bud", - "rev": "15df091133ff95216c321b09be04905c0a0944c4", + "rev": "b1d8ab3970f4dfb5fb90d7d8a9ab493c75d031fc", "type": "github" }, "original": { @@ -175,7 +178,7 @@ }, "fenix": { "inputs": { - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "rust-analyzer-src": "rust-analyzer-src" }, "locked": { @@ -424,7 +427,7 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1637655461, @@ -457,36 +460,20 @@ }, "nixpkgs": { "locked": { - "lastModified": 1640599962, - "narHash": "sha256-j/M2VunVu+h8entxSi/OUlz2AVP4SxHIBzs6bI++tRs=", + "lastModified": 1640831728, + "narHash": "sha256-KK5SKqqfAt+ev3bHLrVXJ6i4zx9YQW6k19oUInY8T2M=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4e3c158740c2a7bfbfb4b2956d5782c4bff19f9c", + "rev": "5d90841dd0179430db010dfc2c58b2a7de4371be", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable-small", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { - "locked": { - "lastModified": 1640635827, - "narHash": "sha256-Sltztf2a07hiNzdHECOL43RVDRdNKm5RdsSYS7iNxz4=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ad86f7d78fa8e48a0ee096b2bdf7d6f842ca9317", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1636976544, "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", @@ -502,7 +489,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_3": { "locked": { "lastModified": 1640418986, "narHash": "sha256-a8GGtxn2iL3WAkY5H+4E0s3Q7XJt6bTOvos9qqxT5OQ=", @@ -557,7 +544,7 @@ "poetry2nix": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1625240517, -- 2.44.2 From e0e7c4c42d77f0469b494b531ba733d4d7512435 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Jan 2022 22:56:03 +0100 Subject: [PATCH 094/320] neovim: fix completion, fix python lsp --- modules/terminal-life/nvim/default.nix | 8 +- modules/terminal-life/nvim/lsp.vim | 111 +++++++++++++++++++++---- 2 files changed, 100 insertions(+), 19 deletions(-) diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 2d4a8ee9..e46c82e2 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -78,7 +78,7 @@ in nodePackages.vscode-html-languageserver-bin nodePackages.vscode-json-languageserver-bin nodePackages.yaml-language-server - python-language-server + python39Packages.python-lsp-server python3Full solargraph rnix-lsp @@ -88,7 +88,11 @@ in ]; plugins = with pkgs.vimPlugins; [ - completion-nvim + nvim-cmp + cmp-nvim-lsp + cmp_luasnip + luasnip + lsp_extensions-nvim nvim-lspconfig diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 519330f8..1d5bf4d4 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -14,11 +14,44 @@ set shortmess+=c " https://gitlab.com/Iron_E/dotfiles/-/blob/master/.config/nvim/lua/_config/plugin/nvim_lsp.lua lua < + buf_set_option('omnifunc', 'v:lua.vim.lsp.omnifunc') + + -- Mappings. + local opts = { noremap=true, silent=true } + + -- See `:help vim.lsp.*` for documentation on any of the below functions + buf_set_keymap('n', 'gD', 'lua vim.lsp.buf.declaration()', opts) + buf_set_keymap('n', 'gd', 'lua vim.lsp.buf.definition()', opts) + buf_set_keymap('n', 'K', 'lua vim.lsp.buf.hover()', opts) + buf_set_keymap('n', 'gi', 'lua vim.lsp.buf.implementation()', opts) + buf_set_keymap('n', '', 'lua vim.lsp.buf.signature_help()', opts) + buf_set_keymap('n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) + buf_set_keymap('n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) + buf_set_keymap('n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) + buf_set_keymap('n', 'D', 'lua vim.lsp.buf.type_definition()', opts) + buf_set_keymap('n', 'rn', 'lua vim.lsp.buf.rename()', opts) + buf_set_keymap('n', 'ca', 'lua vim.lsp.buf.code_action()', opts) + buf_set_keymap('n', 'gr', 'lua vim.lsp.buf.references()', opts) + buf_set_keymap('n', 'e', 'lua vim.lsp.diagnostic.show_line_diagnostics()', opts) + buf_set_keymap('n', '[d', 'lua vim.lsp.diagnostic.goto_prev()', opts) + buf_set_keymap('n', ']d', 'lua vim.lsp.diagnostic.goto_next()', opts) + buf_set_keymap('n', 'q', 'lua vim.lsp.diagnostic.set_loclist()', opts) + buf_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) + end + -- Add additional capabilities supported by nvim-cmp + local capabilities = vim.lsp.protocol.make_client_capabilities() + capabilities = require('cmp_nvim_lsp').update_capabilities(capabilities) + for lsp_key, lsp_settings in pairs({ 'bashls', ------------------------------- Bash 'ccls', --------------------------------- C / C++ / Objective-C @@ -46,7 +79,7 @@ lua <'] = cmp.mapping.select_prev_item(), + [''] = cmp.mapping.select_next_item(), + [''] = cmp.mapping.scroll_docs(-4), + [''] = cmp.mapping.scroll_docs(4), + [''] = cmp.mapping.complete(), + [''] = cmp.mapping.close(), + [''] = cmp.mapping.confirm { + behavior = cmp.ConfirmBehavior.Replace, + select = true, + }, + [''] = function(fallback) + if cmp.visible() then + cmp.select_next_item() + elseif luasnip.expand_or_jumpable() then + luasnip.expand_or_jump() + else + fallback() + end + end, + [''] = function(fallback) + if cmp.visible() then + cmp.select_prev_item() + elseif luasnip.jumpable(-1) then + luasnip.jump(-1) + else + fallback() + end + end, + }, + sources = { + { name = 'nvim_lsp' }, + { name = 'luasnip' }, + }, + } EOF " Visualize diagnostics @@ -105,14 +193,3 @@ autocmd CursorHold * lua vim.lsp.diagnostic.show_line_diagnostics({ focusable = " have a fixed column for the diagnostics to appear in " this removes the jitter when warnings/errors flow in set signcolumn=yes - -" NeoVim 0.5 Code navigation shortcuts -nnoremap gd lua vim.lsp.buf.definition() -nnoremap K lua vim.lsp.buf.hover() -nnoremap gD lua vim.lsp.buf.implementation() -nnoremap lua vim.lsp.buf.signature_help() -nnoremap 1gD lua vim.lsp.buf.type_definition() -nnoremap gr lua vim.lsp.buf.references() -nnoremap g0 lua vim.lsp.buf.document_symbol() -nnoremap gW lua vim.lsp.buf.workspace_symbol() -nnoremap lua vim.lsp.buf.declaration() -- 2.44.2 From b3d764ba6e36998fb3daaea5fe3b9ffc1ce94309 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Jan 2022 23:02:05 +0100 Subject: [PATCH 095/320] audio: rename pulseeffects to easyeffects, follow upstream: https://github.com/wwmm/easyeffects --- modules/audio/default.nix | 13 ++++++++++--- modules/audio/easyeffects.service.nix | 8 ++++++++ modules/audio/pulseeffects.service.nix | 8 -------- 3 files changed, 18 insertions(+), 11 deletions(-) create mode 100644 modules/audio/easyeffects.service.nix delete mode 100644 modules/audio/pulseeffects.service.nix diff --git a/modules/audio/default.nix b/modules/audio/default.nix index ce8c2f34..51ec0b7e 100644 --- a/modules/audio/default.nix +++ b/modules/audio/default.nix @@ -13,26 +13,33 @@ in config = mkIf cfg.enable { home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { home.packages = [ + # easyeffects, e.g. for microphone noise filtering + easyeffects mu pavucontrol pa_applet playerctl # Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?) pulseaudio - # pulseeffects for microphone noise filtering - pulseeffects-pw vimpc ]; xdg.configFile."vimpc/vimpcrc".source = ./.config/vimpc/vimpcrc; - systemd.user.services.pulseeffects = import ./pulseeffects.service.nix pkgs; + systemd.user.services.easyeffects = import ./easyeffects.service.nix pkgs; }; # Enable sound using pipewire-pulse services.pipewire = { + enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; + config.pipewire = { + context.default.clock = { + allowed-rates = [ 44100 48000 88200 96000 ]; + rate = 44100; + }; + }; config.pipewire-pulse = builtins.fromJSON (builtins.readFile ./pipewire-pulse.conf.json); # Bluetooth configuration for pipewire diff --git a/modules/audio/easyeffects.service.nix b/modules/audio/easyeffects.service.nix new file mode 100644 index 00000000..e94d0abd --- /dev/null +++ b/modules/audio/easyeffects.service.nix @@ -0,0 +1,8 @@ +pkgs: +{ + Service = { + Type = "dbus"; + BusName = "com.github.wwmm.easyeffects"; + ExecStart = "${pkgs.easyeffects}/bin/easyeffects --gapplication-service"; + }; +} diff --git a/modules/audio/pulseeffects.service.nix b/modules/audio/pulseeffects.service.nix deleted file mode 100644 index 632fbb54..00000000 --- a/modules/audio/pulseeffects.service.nix +++ /dev/null @@ -1,8 +0,0 @@ -pkgs: -{ - Service = { - Type = "dbus"; - BusName = "com.github.wwmm.pulseeffects"; - ExecStart = "${pkgs.pulseeffects-pw}/bin/pulseeffects --gapplication-service"; - }; -} -- 2.44.2 From d50ef271e6c7a8d5e7531e8426f311bf8bfd711b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Jan 2022 23:17:09 +0100 Subject: [PATCH 096/320] devops: add pgcli --- modules/devops/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/devops/default.nix b/modules/devops/default.nix index c862af61..04f886a0 100644 --- a/modules/devops/default.nix +++ b/modules/devops/default.nix @@ -14,6 +14,7 @@ in home.packages = [ drone-cli nmap + pgcli python38Packages.ansible restic shellcheck -- 2.44.2 From f45a51805a06fafb6a91f3aa1331c9fcdbc71e87 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Jan 2022 23:20:06 +0100 Subject: [PATCH 097/320] base user: init global gitignore, update mimeapps --- profiles/base-user/.config/git/config.nix | 1 + .../.config/git/global_gitignore.nix | 4 ++++ profiles/base-user/home.nix | 1 + profiles/base-user/mimeapps.nix | 23 ++++++++++--------- 4 files changed, 18 insertions(+), 11 deletions(-) create mode 100644 profiles/base-user/.config/git/global_gitignore.nix diff --git a/profiles/base-user/.config/git/config.nix b/profiles/base-user/.config/git/config.nix index 95812623..53c53a77 100644 --- a/profiles/base-user/.config/git/config.nix +++ b/profiles/base-user/.config/git/config.nix @@ -9,6 +9,7 @@ in ${if user.gpgKeyId != null then "signingkey = ${user.gpgKeyId}" else ""} [core] editor = /etc/profiles/per-user/${config.pub-solar.user.name}/bin/nvim + excludesFile = /home/${config.pub-solar.user.name}/.config/git/global_gitignore [alias] pol = pull ack = -c color.grep.linenumber=\"bold yellow\"\n -c color.grep.filename=\"bold green\"\n -c color.grep.match=\"reverse yellow\"\n grep --break --heading --line-number diff --git a/profiles/base-user/.config/git/global_gitignore.nix b/profiles/base-user/.config/git/global_gitignore.nix new file mode 100644 index 00000000..1ee11f34 --- /dev/null +++ b/profiles/base-user/.config/git/global_gitignore.nix @@ -0,0 +1,4 @@ +{ config, pkgs, ... }: +let +in +''tags'' diff --git a/profiles/base-user/home.nix b/profiles/base-user/home.nix index 6d7c87d2..4becfab3 100644 --- a/profiles/base-user/home.nix +++ b/profiles/base-user/home.nix @@ -32,6 +32,7 @@ in xdg.mimeApps = import ./mimeapps.nix; xdg.configFile."git/config".text = import ./.config/git/config.nix { inherit config; inherit pkgs; }; + xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix { inherit config; inherit pkgs; }; xdg.configFile."dircolors".source = ./.config/dircolors; xdg.configFile."xmodmap".source = ./.config/xmodmap; xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs; diff --git a/profiles/base-user/mimeapps.nix b/profiles/base-user/mimeapps.nix index ea2333ce..395c1b87 100644 --- a/profiles/base-user/mimeapps.nix +++ b/profiles/base-user/mimeapps.nix @@ -1,25 +1,26 @@ { enable = true; defaultApplications = { - "x-scheme-handler/http" = [ "firefox.desktop" ]; - "x-scheme-handler/https" = [ "firefox.desktop" ]; - "x-scheme-handler/ftp" = [ "firefox.desktop" ]; - "x-scheme-handler/chrome" = [ "firefox.desktop" ]; - "text/html" = [ "firefox.desktop" ]; + "application/octet-stream" = [ "firefox.desktop" ]; + "application/pdf" = [ "org.gnome.Evince.desktop" ]; + "application/x-bittorrent" = [ "deluge.desktop" ]; "application/x-extension-htm" = [ "firefox.desktop" ]; "application/x-extension-html" = [ "firefox.desktop" ]; "application/x-extension-shtml" = [ "firefox.desktop" ]; - "application/xhtml+xml" = [ "firefox.desktop" ]; "application/x-extension-xhtml" = [ "firefox.desktop" ]; "application/x-extension-xht" = [ "firefox.desktop" ]; + "application/xhtml+xml" = [ "firefox.desktop" ]; "image/jpeg" = [ "org.gnome.eog.desktop" ]; "image/png" = [ "org.gnome.eog.desktop" ]; - "video/mp4" = [ "vlc.desktop" ]; - "text/plain" = [ "firefox.desktop" ]; - "x-scheme-handler/mailto" = [ "userapp-Thunderbird.desktop" ]; "message/rfc822" = [ "userapp-Thunderbird.desktop" ]; - "application/pdf" = [ "org.gnome.Evince.desktop" ]; - "application/x-bittorrent" = [ "deluge.desktop" ]; + "text/html" = [ "firefox.desktop" ]; + "text/plain" = [ "firefox.desktop" ]; + "video/mp4" = [ "vlc.desktop" ]; + "x-scheme-handler/chrome" = [ "firefox.desktop" ]; + "x-scheme-handler/ftp" = [ "firefox.desktop" ]; + "x-scheme-handler/http" = [ "firefox.desktop" ]; + "x-scheme-handler/https" = [ "firefox.desktop" ]; + "x-scheme-handler/mailto" = [ "userapp-Thunderbird.desktop" ]; "x-scheme-handler/msteams" = [ "teams.desktop" ]; "x-scheme-handler/tg" = [ "userapp-Telegram Desktop-JBKFU0.desktop" ]; }; -- 2.44.2 From a0aa1065655c9301f7e39bf912ef4c2205d82db1 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Jan 2022 23:20:38 +0100 Subject: [PATCH 098/320] core: add gitFull, nix-tree --- profiles/core/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index c4247377..1e62186b 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -28,10 +28,9 @@ in inetutils pciutils usbutils - git + gitFull git-lfs git-bug - git-crypt wget openssl openssh @@ -68,6 +67,7 @@ in niv manix nix-index + nix-tree # Build broken, python2.7-PyJWT-2.0.1.drv' failed #nixops psos -- 2.44.2 From ad99c6152a28b7f48cdab2ad456aa6b2e9f68271 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Thu, 6 Jan 2022 14:14:53 +0100 Subject: [PATCH 099/320] Use correct overrides for nix 2.4 --- overlays/overrides.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/overlays/overrides.nix b/overlays/overrides.nix index f42dc2ab..cf036d8c 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -26,7 +26,7 @@ channels: final: prev: { ; # nix is set to 2.3 in 21.11 - nix-direnv = prev.nix-direnv.override { nix = prev.nixUnstable; }; + nix-direnv = prev.nix-direnv.override { nix_2_4 = true; }; haskellPackages = prev.haskellPackages.override (old: { -- 2.44.2 From a7fae1dbcc2ca5b2287611bce2ec5bc87d455acf Mon Sep 17 00:00:00 2001 From: Ben Merritt Date: Sun, 9 Jan 2022 00:14:24 -0800 Subject: [PATCH 100/320] Update secrets path See https://github.com/ryantm/agenix/commit/e5386644356a3f686f7fceac8645f0a9f94a2de6 --- doc/secrets.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/secrets.md b/doc/secrets.md index 996f4180..47ca43d4 100644 --- a/doc/secrets.md +++ b/doc/secrets.md @@ -90,7 +90,7 @@ In any profile that uses a NixOS module that requires a secret you can enable a ``` -Then you can just pass the path `/run/secrets/mysecret` to the module. +Then you can just pass the path `/run/agenix/mysecret` to the module. You can make use of the many options provided by the age module to customize where and how secrets get decrypted. You can learn about them by looking at the -- 2.44.2 From fbfb84b96c899af918e72cf82016161f3b46a210 Mon Sep 17 00:00:00 2001 From: Ben Merritt Date: Mon, 4 Oct 2021 08:54:27 -0700 Subject: [PATCH 101/320] Fix outdated option name --- doc/concepts/users.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/concepts/users.md b/doc/concepts/users.md index 3ab7c39c..b2a6c2a3 100644 --- a/doc/concepts/users.md +++ b/doc/concepts/users.md @@ -37,9 +37,10 @@ User profiles can be collected in a similar fashion as system ones into a `suite argument that gets passed to your home-manager users. ### Example +`flake.nix` ```nix { - home-manager.users.nixos = { suites, ... }: { + home.users.nixos = { suites, ... }: { imports = suites.base; }; } -- 2.44.2 From 578f05b4f16e2aed4a1a862e764c981081aff72d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Wed, 12 Jan 2022 17:39:16 +0100 Subject: [PATCH 102/320] Always hibernate --- .../config/config.d/custom-keybindings.conf | 4 +--- modules/sway/swayidle.service.nix | 8 +++----- pkgs/default.nix | 1 - pkgs/swaylock-bg.nix | 20 ------------------- 4 files changed, 4 insertions(+), 29 deletions(-) delete mode 100644 pkgs/swaylock-bg.nix diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index 6218d900..46fae96d 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -33,12 +33,10 @@ set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" bindsym $mod+Space exec $menu # Set shut down, restart and locking features -set $mode_system (l)ock, (e)xit, (s)uspend, (h)ibernate, (r)eboot, (Shift+s)hutdown +set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown bindsym $mod+0 mode "$mode_system" mode "$mode_system" { - bindsym l exec swaylock-bg, mode "default" bindsym e exec swaymsg exit, mode "default" - bindsym s exec systemctl suspend, mode "default" bindsym h exec systemctl hibernate, mode "default" bindsym r exec systemctl reboot, mode "default" bindsym Shift+s exec systemctl poweroff, mode "default" diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index 597a8779..549f153f 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -9,12 +9,10 @@ pkgs: }; Service = { Type = "simple"; - Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock}/bin:${pkgs.swaylock-bg}/bin"; + Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin"; ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ - timeout 600 'swaylock-bg' \ - timeout 900 'swaymsg "output * dpms off"' \ - resume 'swaymsg "output * dpms on"' \ - before-sleep 'swaylock-bg' + timeout 300 'swaymsg "output * dpms off"' \ + timeout 600 'systemctl hibernate' \ ''; }; Install = { diff --git a/pkgs/default.nix b/pkgs/default.nix index 312e685f..d8a86fd7 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -12,7 +12,6 @@ with final; { s = writeShellScriptBin "s" (import ./s.nix final); sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final); sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final); - swaylock-bg = writeScriptBin "swaylock-bg" (import ./swaylock-bg.nix final); toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); uhk-agent = import ./uhk-agent.nix final; wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); diff --git a/pkgs/swaylock-bg.nix b/pkgs/swaylock-bg.nix deleted file mode 100644 index b55c32ae..00000000 --- a/pkgs/swaylock-bg.nix +++ /dev/null @@ -1,20 +0,0 @@ -self: with self; '' - # Dependencies: - # swaylock - - # Make sure we aren't running twice - RUNNING=$(ps -A | grep swaylock | wc -l) - if [ $RUNNING -ne 0 ]; then - exit 0 - fi - - IMAGE=$XDG_CONFIG_HOME/wallpaper.jpg - LOCKARGS="" - - for OUTPUT in `${sway}/bin/swaymsg -t get_outputs | jq -r '.[].name'` - do - LOCKARGS="''${LOCKARGS} --image ''${OUTPUT}:''${IMAGE}" - IMAGES="''${IMAGES} ''${IMAGE}" - done - exec ${swaylock}/bin/swaylock $LOCKARGS -'' -- 2.44.2 From 868818d4a4515f52ad38be8b60022154651ee4b3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 16 Jan 2022 17:09:18 +0100 Subject: [PATCH 103/320] Fix mopidy jellyfin --- pkgs/mopidy-jellyfin.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pkgs/mopidy-jellyfin.nix b/pkgs/mopidy-jellyfin.nix index 8c99ac21..a3cde276 100644 --- a/pkgs/mopidy-jellyfin.nix +++ b/pkgs/mopidy-jellyfin.nix @@ -1,20 +1,20 @@ self: with self; let - websocket-client = python38.pkgs.buildPythonPackage rec { + websocket-client = python39.pkgs.buildPythonPackage rec { pname = "websocket-client"; - version = "1.0.0"; + version = "1.2.1"; doCheck = false; - src = python38.pkgs.fetchPypi { + src = python39.pkgs.fetchPypi { inherit pname version; - sha256 = "sha256-UFGzii9MJ/vXygd+uyPsaWWmJt7VqVY382vhs1tsT4E="; + sha256 = "sha256-jftxXYqZL1cS//jIQ62ulOIrIqmbLF5rDsShqYHMTg0="; }; }; in -python38.pkgs.buildPythonPackage rec { +python39.pkgs.buildPythonPackage rec { pname = "Mopidy-Jellyfin"; version = "1.0.2"; doCheck = false; - propagatedBuildInputs = with python38.pkgs; [ + propagatedBuildInputs = with python39.pkgs; [ unidecode websocket-client requests @@ -22,7 +22,7 @@ python38.pkgs.buildPythonPackage rec { pykka mopidy ]; - src = python38.pkgs.fetchPypi { + src = python39.pkgs.fetchPypi { inherit pname version; sha256 = "sha256-5XimIIQSpvNyQbSOFtSTkA0jhA0V68BbyQEQNnov+0g="; }; -- 2.44.2 From 070664bb722d6af67b294a764eb5213798b9e75d Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Thu, 13 Jan 2022 19:57:34 -0800 Subject: [PATCH 104/320] README: Add more flakes to "in the wild" Remove the nrd branch, since that doesn't exist anymore --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 275714ca..29d450dc 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,9 @@ expected. There are unstable versions (0._x_._x_) to help users keep track of changes and progress, and a [`develop`](https://github.com/divnix/devos/tree/develop) branch for the brave 😜 ## In the Wild -* The original [authors][please] +* @Pacman99: [Personal](https://gitlab.com/coffeetables/lower), [Server](https://gitlab.com/coffeetables/myrdd) +* [@danielphan2003](https://github.com/danielphan2003/flk) and make sure to also check out [devos-ext-lib][devos-ext-lib] +* [PubSolarOS](https://git.sr.ht/~b12f/pub-solar-os) ## Shoulders This work does not reinvent the wheel. It stands on the [shoulders of the @@ -89,3 +91,4 @@ DevOS is licensed under the [MIT License][mit]. [nvfetcher]: https://github.com/berberman/nvfetcher [please]: https://github.com/nrdxp/devos/tree/nrd [matrix]: https://matrix.to/#/#devos:nixos.org +[devos-ext-lib]: https://github.com/divnix/devos-ext-lib -- 2.44.2 From adf005b5c83514fb572144aac851026360400156 Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Sat, 29 Jan 2022 11:57:55 -0800 Subject: [PATCH 105/320] flake: update digga, home, nixos, latest --- flake.lock | 120 +++++++++++++++++++++++------------------------------ 1 file changed, 52 insertions(+), 68 deletions(-) diff --git a/flake.lock b/flake.lock index 774055b5..67701251 100644 --- a/flake.lock +++ b/flake.lock @@ -23,10 +23,7 @@ "beautysh": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": [ - "bud", - "nixpkgs" - ], + "nixpkgs": "nixpkgs", "poetry2nix": "poetry2nix" }, "locked": { @@ -148,7 +145,6 @@ "deploy" ], "devshell": "devshell", - "flake-utils": "flake-utils_3", "flake-utils-plus": "flake-utils-plus", "home-manager": [ "home" @@ -163,11 +159,11 @@ ] }, "locked": { - "lastModified": 1640031018, - "narHash": "sha256-ZzyS803XuCl99XE4581m0Suni+q1Hz+Mpw6A9bs7VKM=", + "lastModified": 1643510242, + "narHash": "sha256-9C9DyJhQ5bevk0CEEjGct+U9EqUgHg8T70nxz47zjMI=", "owner": "divnix", "repo": "digga", - "rev": "3157889810e51a1ae03f82bf6bf6657ba8cf93c6", + "rev": "33bfb05b8a148d8ad6a842de74e22209bf9fe5d7", "type": "github" }, "original": { @@ -178,7 +174,7 @@ }, "fenix": { "inputs": { - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "rust-analyzer-src": "rust-analyzer-src" }, "locked": { @@ -244,29 +240,29 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": "flake-utils_4" + "flake-utils": "flake-utils_3" }, "locked": { - "lastModified": 1638994888, - "narHash": "sha256-iz/ynGNZlvqKCOnFrEKqGA+BVKGQMG+g2JT+e3OOLN8=", - "owner": "divnix", + "lastModified": 1639385028, + "narHash": "sha256-oqorKz3mwf7UuDJwlbCEYCB2LfcWLL0DkeCWhRIL820=", + "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", - "rev": "b4f9f517574cb7bd6ee3f19c72c19634c9f536e1", + "rev": "be1be083af014720c14f3b574f57b6173b4915d0", "type": "github" }, "original": { - "owner": "divnix", + "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", "type": "github" } }, "flake-utils_2": { "locked": { - "lastModified": 1638122382, - "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "owner": "numtide", "repo": "flake-utils", - "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "type": "github" }, "original": { @@ -291,21 +287,6 @@ } }, "flake-utils_4": { - "locked": { - "lastModified": 1638122382, - "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_5": { "locked": { "lastModified": 1631561581, "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", @@ -327,11 +308,11 @@ ] }, "locked": { - "lastModified": 1637917557, - "narHash": "sha256-3u5bLyGn5NUG3RJA7/v1Bqa/QCFGqp/01Bh/4REf9m4=", + "lastModified": 1642653493, + "narHash": "sha256-22mGPjiHUo2Jmze4IjXCJLjeK2mbvvCztHmUyUMr4yw=", "owner": "nix-community", "repo": "home-manager", - "rev": "4daff26495ca9ac67476cba8cf15c3e36d91ab18", + "rev": "28b9ae40c45c5e7711c353fee1b7af734e293979", "type": "github" }, "original": { @@ -359,11 +340,11 @@ }, "latest_2": { "locked": { - "lastModified": 1638198142, - "narHash": "sha256-plU9b8r4St6q4U7VHtG9V7oF8k9fIpfXl/KDaZLuY9k=", + "lastModified": 1643347846, + "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a308775674e178495767df90c419425474582a1", + "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", "type": "github" }, "original": { @@ -395,11 +376,11 @@ }, "nixlib": { "locked": { - "lastModified": 1640478849, - "narHash": "sha256-S4lNc3fb9UpYgVtTa/mZZXphq7+xGy74YGIlOWB1ceE=", + "lastModified": 1641688481, + "narHash": "sha256-6L+EU12xLDHby7y8elgFtRKVBxix+7qV8DhVgXqrKZo=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "c85a293f7d094a799dcf1197c31925bc44e94d6b", + "rev": "f697717b3d3a074ffc16c8c8227504f0db292886", "type": "github" }, "original": { @@ -410,11 +391,11 @@ }, "nixos": { "locked": { - "lastModified": 1638231428, - "narHash": "sha256-Sm5loBKdeusSvIAC+LtzRT6I7tAcqZdIPnHcxZt7NaE=", + "lastModified": 1643463207, + "narHash": "sha256-W0azAxucUq84BvWqDPt3gX8kyc8wYvGUynZV9COfByQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "393c5357a0071d51668bcdc69dfc25ddacbd5840", + "rev": "03098169624f487eef37186b3214c40e6b6e919d", "type": "github" }, "original": { @@ -427,7 +408,10 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": "nixpkgs_3" + "nixpkgs": [ + "digga", + "blank" + ] }, "locked": { "lastModified": 1637655461, @@ -460,11 +444,27 @@ }, "nixpkgs": { "locked": { - "lastModified": 1640831728, - "narHash": "sha256-KK5SKqqfAt+ev3bHLrVXJ6i4zx9YQW6k19oUInY8T2M=", + "lastModified": 1643428210, + "narHash": "sha256-ympCeHuXeGitpnegE0raAtWLNg3vZbjj5QbbMvvBGCQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5d90841dd0179430db010dfc2c58b2a7de4371be", + "rev": "e1b353e890801a759efe9a4c42f6984e47721f0d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1643513770, + "narHash": "sha256-Q64SabfQLuhHQfhpIHS/fLCEO2NUFnI+EKsB5GnfWh8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "66ab3568d67b90275c0720aae8b911bad82c24fe", "type": "github" }, "original": { @@ -473,7 +473,7 @@ "type": "github" } }, - "nixpkgs_2": { + "nixpkgs_3": { "locked": { "lastModified": 1636976544, "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", @@ -489,22 +489,6 @@ "type": "github" } }, - "nixpkgs_3": { - "locked": { - "lastModified": 1640418986, - "narHash": "sha256-a8GGtxn2iL3WAkY5H+4E0s3Q7XJt6bTOvos9qqxT5OQ=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "5c37ad87222cfc1ec36d6cd1364514a9efc2f7f2", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nur": { "locked": { "lastModified": 1638231901, @@ -522,7 +506,7 @@ "nvfetcher": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixos" ] @@ -544,7 +528,7 @@ "poetry2nix": { "inputs": { "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1625240517, -- 2.44.2 From 9fd3a1085e10e6272082c21cab6baad21e0ffeaa Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Sat, 29 Jan 2022 11:49:16 -0800 Subject: [PATCH 106/320] bud: switch back to pulling devos as template --- shell/bud/get.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shell/bud/get.bash b/shell/bud/get.bash index 7c10d1ba..89e2af3d 100644 --- a/shell/bud/get.bash +++ b/shell/bud/get.bash @@ -1 +1 @@ -git clone https://github.com/divnix/devos.git "${2:-devos}" + nix flake new -t "github:divnix/devos/main" "${2:-devos}" -- 2.44.2 From 6de02a64be14a1109828f5989c8e726c8914db3a Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Sat, 29 Jan 2022 19:58:36 -0800 Subject: [PATCH 107/320] overrides: remove nix-direnv line --- overlays/overrides.nix | 3 --- 1 file changed, 3 deletions(-) diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 4b48b6d1..e35ad7e4 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -15,9 +15,6 @@ channels: final: prev: { deploy-rs ; - # nix is set to 2.3 in 21.11 - nix-direnv = prev.nix-direnv.override { nix = prev.nixUnstable; }; - haskellPackages = prev.haskellPackages.override (old: { overrides = prev.lib.composeExtensions (old.overrides or (_: _: { })) (hfinal: hprev: -- 2.44.2 From 7becfcd913aac24f11d52a67884e5ab9b5da1a27 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 14:42:02 +0100 Subject: [PATCH 108/320] Fix last upstream merge, add back openssh service Dont't autoUpgrade by default --- profiles/core/default.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 87b79740..eca35b4e 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -117,7 +117,11 @@ in ''; }; - system.autoUpgrade.enable = true; + # For rage encryption, all hosts need a ssh key pair + services.openssh = { + enable = true; + openFirewall = lib.mkDefault false; + }; # Service that makes Out of Memory Killer more effective services.earlyoom.enable = true; -- 2.44.2 From a4dbe4fa785ac542382d5de9f61ae6090a8227c0 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 16:19:36 +0100 Subject: [PATCH 109/320] Reference nix-dram package directly from inputs This should avoid patches not working because our pkgs follows nixos = release-21.11 and nix-dram follows nixos-unstable --- flake.nix | 1 - profiles/core/default.nix | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index b50837b4..26e442ad 100644 --- a/flake.nix +++ b/flake.nix @@ -71,7 +71,6 @@ nur.overlay agenix.overlay nvfetcher.overlay - nix-dram.overlay ./pkgs/default.nix ]; }; diff --git a/profiles/core/default.nix b/profiles/core/default.nix index eca35b4e..dca063f4 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -93,7 +93,7 @@ in nix = { # use nix-dram, a patched nix command, see: https://github.com/dramforever/nix-dram - package = pkgs.nix-dram; + package = inputs.nix-dram.packages.${pkgs.system}.nix-dram; # Improve nix store disk usage autoOptimiseStore = true; -- 2.44.2 From 2748fbcdee0df2e6ef10fa849bd518385c8a1f40 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:09:49 +0100 Subject: [PATCH 110/320] wayland: use NIXOS_OZONE_WL instead of *-wayland packages --- modules/social/default.nix | 2 +- modules/sway/config/config.d/custom-keybindings.conf | 2 +- overlays/overrides.nix | 1 - profiles/base-user/session-variables.nix | 3 +++ 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/social/default.nix b/modules/social/default.nix index 90a23c3e..f3aa63b7 100644 --- a/modules/social/default.nix +++ b/modules/social/default.nix @@ -15,7 +15,7 @@ in #mySignalDesktop signal-desktop tdesktop - element-desktop-wayland + element-desktop irssi ]; }; diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index 6218d900..5faddece 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -18,7 +18,7 @@ bindsym $mod+F2 exec firefox bindsym $mod+F3 exec $term -e vifm bindsym $mod+Shift+F3 exec gksu $term -e vifm bindsym $mod+F4 exec nautilus -w -bindsym $mod+Shift+F4 exec signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland +bindsym $mod+Shift+F4 exec signal-desktop bindsym $mod+F5 exec $term -e 'mocp -C $XDG_CONFIG_DIR/mocp/config' bindsym $mod+Shift+m exec mu bindsym $mod+Shift+h exec xdg-open /usr/share/doc/manjaro/i3_help.pdf diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 5c114143..c0cb58ad 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -14,7 +14,6 @@ channels: final: prev: { starship deploy-rs - element-desktop-wayland neovim-unwrapped tdesktop xdg-desktop-portal diff --git a/profiles/base-user/session-variables.nix b/profiles/base-user/session-variables.nix index 264d787f..cc3aa69f 100644 --- a/profiles/base-user/session-variables.nix +++ b/profiles/base-user/session-variables.nix @@ -58,6 +58,9 @@ let # experimental wayland in firefox/thunderbird MOZ_ENABLE_WAYLAND = "1"; + # chromium / electron on wayland: enable ozone (native wayland mode) + NIXOS_OZONE_WL = "1"; + # Vagrant VAGRANT_HOME = "${xdg.dataHome}/vagrant"; VAGRANT_DEFAULT_PROVIDER = "libvirt"; -- 2.44.2 From ad3fc6126da2dc47fa29abdb3f24c1dfe25d7cc3 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:37:21 +0100 Subject: [PATCH 111/320] core: add missing argument inputs --- profiles/core/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index dca063f4..f45e7a78 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -1,4 +1,4 @@ -{ self, config, lib, pkgs, ... }: +{ self, config, lib, pkgs, inputs, ... }: let inherit (lib) fileContents; in { -- 2.44.2 From 0629024cf578017fb0aced0822edd26d0c966336 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 19 Jan 2022 01:13:15 +0100 Subject: [PATCH 112/320] chore: clean up after upstream updates --- .envrc | 12 ++++- bud/default.nix | 2 +- flake.nix | 2 +- modules/graphical/default.nix | 1 + modules/social/default.nix | 3 +- modules/sway/default.nix | 12 ++++- modules/terminal-life/default.nix | 5 +- modules/terminal-life/nvim/default.nix | 5 +- modules/terminal-life/nvim/lsp.vim | 62 +++++++++++++++++++----- modules/terminal-life/nvim/plugins.vim | 6 ++- modules/terminal-life/zsh/default.nix | 19 +++++--- modules/virtualisation/default.nix | 2 +- pkgs/mopidy-jellyfin.nix | 14 +++--- profiles/base-user/.config/waybar/config | 2 +- shell/devos.nix | 5 +- 15 files changed, 110 insertions(+), 42 deletions(-) diff --git a/.envrc b/.envrc index a6d5743c..c878da9a 100644 --- a/.envrc +++ b/.envrc @@ -1,2 +1,10 @@ -watch_file shell/* flake.nix -use flake || use nix +# reload when these files change +watch_file flake.nix +watch_file shell.nix + +{ + # shell gc root dir + mkdir -p "$(direnv_layout_dir)" + + eval "$(nix print-dev-env --profile $(direnv_layout_dir)/flake-profile)" +} || use nix diff --git a/bud/default.nix b/bud/default.nix index c486636b..f65e71ed 100644 --- a/bud/default.nix +++ b/bud/default.nix @@ -1,7 +1,7 @@ { pkgs, lib, budUtils, ... }: { bud.cmds = with pkgs; { get = { - writer = budUtils.writeBashWithPaths [ nixUnstable git coreutils ]; + writer = budUtils.writeBashWithPaths [ nixFlakes git coreutils ]; synopsis = "get [DEST]"; help = "Copy the desired template to DEST"; script = ./get.bash; diff --git a/flake.nix b/flake.nix index 9f183695..2b0f2528 100644 --- a/flake.nix +++ b/flake.nix @@ -50,7 +50,7 @@ # end ANTI CORRUPTION LAYER # PubSolarOS additions - nix-dram.url = "github:dramforever/nix-dram"; + nix-dram.url = "github:pub-solar/nix-dram"; }; outputs = diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index ef628f9a..c07e627e 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -100,6 +100,7 @@ in gnome3.adwaita-icon-theme gnome.eog gnome3.nautilus + gnome.yelp wine diff --git a/modules/social/default.nix b/modules/social/default.nix index 90a23c3e..e0d12449 100644 --- a/modules/social/default.nix +++ b/modules/social/default.nix @@ -12,10 +12,9 @@ in config = mkIf cfg.enable { home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { home.packages = [ - #mySignalDesktop signal-desktop tdesktop - element-desktop-wayland + element-desktop irssi ]; }; diff --git a/modules/sway/default.nix b/modules/sway/default.nix index 21f017c0..6f19f66e 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -32,7 +32,17 @@ in xdg.portal = { enable = true; - extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ]; + wlr = { + enable = true; + settings = { + screencast = { + max_fps = 30; + chooser_type = "simple"; + chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or"; + }; + }; + }; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; gtkUsePortal = true; }; diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index 4d36655f..1be1d5fa 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -15,8 +15,9 @@ in # Needed to get zsh completion for system packages (e.g. systemd). environment.pathsToLink = [ "/share/zsh" ]; - services.lorri.enable = true; - + environment.shells = with pkgs; [ + zsh + ]; environment.systemPackages = with pkgs; [ screen ]; diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 4647a76c..08e25759 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -78,10 +78,8 @@ in nodePackages.typescript nodePackages.vim-language-server nodePackages.vue-language-server + nodePackages.vscode-langservers-extracted nodePackages.yaml-language-server - nodePackages.vscode-json-languageserver-bin - nodePackages.vscode-html-languageserver-bin - nodePackages.vscode-css-languageserver-bin python3Full python-language-server solargraph @@ -132,6 +130,7 @@ in vim-vue vim-javascript vim-json + SchemaStore-nvim vim-markdown yats-vim vim-ruby diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 87c15ce5..467a7357 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -14,11 +14,46 @@ set shortmess+=c " https://gitlab.com/Iron_E/dotfiles/-/blob/master/.config/nvim/lua/_config/plugin/nvim_lsp.lua lua < + buf_set_option('omnifunc', 'v:lua.vim.lsp.omnifunc') + + -- Mappings. + local opts = { noremap=true, silent=true } + + -- See `:help vim.lsp.*` for documentation on any of the below functions + buf_set_keymap('n', 'gD', 'lua vim.lsp.buf.declaration()', opts) + buf_set_keymap('n', 'gd', 'lua vim.lsp.buf.definition()', opts) + buf_set_keymap('n', 'K', 'lua vim.lsp.buf.hover()', opts) + buf_set_keymap('n', 'gi', 'lua vim.lsp.buf.implementation()', opts) + buf_set_keymap('n', '', 'lua vim.lsp.buf.signature_help()', opts) + buf_set_keymap('n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) + buf_set_keymap('n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) + buf_set_keymap('n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) + buf_set_keymap('n', 'D', 'lua vim.lsp.buf.type_definition()', opts) + buf_set_keymap('n', 'rn', 'lua vim.lsp.buf.rename()', opts) + buf_set_keymap('n', 'ca', 'lua vim.lsp.buf.code_action()', opts) + buf_set_keymap('n', 'gr', 'lua vim.lsp.buf.references()', opts) + buf_set_keymap('n', 'e', 'lua vim.lsp.diagnostic.show_line_diagnostics()', opts) + buf_set_keymap('n', 'dp', 'lua vim.lsp.diagnostic.goto_prev()', opts) + buf_set_keymap('n', 'dn', 'lua vim.lsp.diagnostic.goto_next()', opts) + buf_set_keymap('n', 'q', 'lua vim.lsp.diagnostic.set_loclist()', opts) + buf_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) + end + -- Add additional capabilities supported by nvim-cmp + local capabilities = vim.lsp.protocol.make_client_capabilities() + capabilities = require('cmp_nvim_lsp').update_capabilities(capabilities) + -- vscode HTML lsp needs this https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md#html + capabilities.textDocument.completion.completionItem.snippetSupport = true + for lsp_key, lsp_settings in pairs({ 'bashls', ------------------------------- Bash 'ccls', --------------------------------- C / C++ / Objective-C @@ -42,9 +77,15 @@ lua <got :GoTest +" Go test, Def, Decls shortcut +nmap got :GoTest:botright copen +autocmd FileType go nmap gd :GoDef +autocmd FileType go nmap gD :GoDecls " Go formatting autocmd FileType go setlocal noexpandtab shiftwidth=4 tabstop=4 softtabstop=4 nolist diff --git a/modules/terminal-life/zsh/default.nix b/modules/terminal-life/zsh/default.nix index 0ff87812..aed4b806 100644 --- a/modules/terminal-life/zsh/default.nix +++ b/modules/terminal-life/zsh/default.nix @@ -18,6 +18,10 @@ in size = 10000; }; + loginExtra = '' + [ "$(tty)" = "/dev/tty1" ] && exec sway + ''; + shellAliases = { nano = "nvim"; vi = "nvim"; @@ -66,13 +70,14 @@ in bindkey '^R' fzf-history-widget # ArrowUp/Down start searching history with current input - autoload -U history-search-end - zle -N history-beginning-search-backward-end history-search-end - zle -N history-beginning-search-forward-end history-search-end - bindkey "^[[A" history-beginning-search-backward-end - bindkey "^[[B" history-beginning-search-forward-end - bindkey "^P" history-beginning-search-backward-end - bindkey "^N" history-beginning-search-forward-end + autoload -U up-line-or-beginning-search + autoload -U down-line-or-beginning-search + zle -N up-line-or-beginning-search + zle -N down-line-or-beginning-search + bindkey "^[[A" up-line-or-beginning-search + bindkey "^[[B" down-line-or-beginning-search + bindkey "^P" up-line-or-beginning-search + bindkey "^N" down-line-or-beginning-search # MAKE CTRL+S WORK IN VIM stty -ixon diff --git a/modules/virtualisation/default.nix b/modules/virtualisation/default.nix index c97db9d2..1ebaa031 100644 --- a/modules/virtualisation/default.nix +++ b/modules/virtualisation/default.nix @@ -17,7 +17,7 @@ in virtualisation.libvirtd = { enable = true; - qemuOvmf = true; + qemu.ovmf.enable = true; }; users.users = pkgs.lib.setAttrByPath [ psCfg.user.name ] { extraGroups = [ "libvirtd" ]; diff --git a/pkgs/mopidy-jellyfin.nix b/pkgs/mopidy-jellyfin.nix index 8c99ac21..a3cde276 100644 --- a/pkgs/mopidy-jellyfin.nix +++ b/pkgs/mopidy-jellyfin.nix @@ -1,20 +1,20 @@ self: with self; let - websocket-client = python38.pkgs.buildPythonPackage rec { + websocket-client = python39.pkgs.buildPythonPackage rec { pname = "websocket-client"; - version = "1.0.0"; + version = "1.2.1"; doCheck = false; - src = python38.pkgs.fetchPypi { + src = python39.pkgs.fetchPypi { inherit pname version; - sha256 = "sha256-UFGzii9MJ/vXygd+uyPsaWWmJt7VqVY382vhs1tsT4E="; + sha256 = "sha256-jftxXYqZL1cS//jIQ62ulOIrIqmbLF5rDsShqYHMTg0="; }; }; in -python38.pkgs.buildPythonPackage rec { +python39.pkgs.buildPythonPackage rec { pname = "Mopidy-Jellyfin"; version = "1.0.2"; doCheck = false; - propagatedBuildInputs = with python38.pkgs; [ + propagatedBuildInputs = with python39.pkgs; [ unidecode websocket-client requests @@ -22,7 +22,7 @@ python38.pkgs.buildPythonPackage rec { pykka mopidy ]; - src = python38.pkgs.fetchPypi { + src = python39.pkgs.fetchPypi { inherit pname version; sha256 = "sha256-5XimIIQSpvNyQbSOFtSTkA0jhA0V68BbyQEQNnov+0g="; }; diff --git a/profiles/base-user/.config/waybar/config b/profiles/base-user/.config/waybar/config index 3ac2f37a..77bb74b8 100644 --- a/profiles/base-user/.config/waybar/config +++ b/profiles/base-user/.config/waybar/config @@ -4,7 +4,7 @@ "height": 26, // Waybar height "modules-left": ["sway/workspaces", "sway/mode"], - "modules-center": ["mpd"], + //"modules-center": ["mpd"], "modules-right": ["sway/language", "pulseaudio", "network", "idle_inhibitor", "battery", "clock", "tray"], "sway/workspaces": { "disable-scroll": true diff --git a/shell/devos.nix b/shell/devos.nix index 90901435..0e143588 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -15,6 +15,9 @@ in imports = [ "${extraModulesPath}/git/hooks.nix" ]; git = { inherit hooks; }; + # override for our own welcome + devshell.name = pkgs.lib.mkForce "PubSolarOS"; + # tempfix: remove when merged https://github.com/numtide/devshell/pull/123 devshell.startup.load_profiles = pkgs.lib.mkForce (pkgs.lib.noDepEntry '' # PATH is devshell's exorbitant privilige: @@ -35,7 +38,7 @@ in ]; commands = with pkgs; [ - (devos nixUnstable) + (devos nixFlakes) (devos agenix) { category = "devos"; -- 2.44.2 From 52e934b3fc733a034d5ed59fa02a2dc2537bfdaa Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Jan 2022 22:56:03 +0100 Subject: [PATCH 113/320] neovim: fix completion, fix python lsp --- modules/terminal-life/nvim/default.nix | 7 +++ modules/terminal-life/nvim/lsp.vim | 69 +++++++++++++++++++++----- 2 files changed, 64 insertions(+), 12 deletions(-) diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 08e25759..931e71e6 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -80,6 +80,7 @@ in nodePackages.vue-language-server nodePackages.vscode-langservers-extracted nodePackages.yaml-language-server + python39Packages.python-lsp-server python3Full python-language-server solargraph @@ -91,6 +92,12 @@ in ]; plugins = with pkgs.vimPlugins; [ + nvim-cmp + cmp-nvim-lsp + cmp_luasnip + luasnip + + lsp_extensions-nvim nvim-lspconfig lsp_extensions-nvim completion-nvim diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 467a7357..9252dd89 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -114,7 +114,13 @@ lua <'] = cmp.mapping.select_prev_item(), + [''] = cmp.mapping.select_next_item(), + [''] = cmp.mapping.scroll_docs(-4), + [''] = cmp.mapping.scroll_docs(4), + [''] = cmp.mapping.complete(), + [''] = cmp.mapping.close(), + [''] = cmp.mapping.confirm { + behavior = cmp.ConfirmBehavior.Replace, + select = true, + }, + [''] = function(fallback) + if cmp.visible() then + cmp.select_next_item() + elseif luasnip.expand_or_jumpable() then + luasnip.expand_or_jump() + else + fallback() + end + end, + [''] = function(fallback) + if cmp.visible() then + cmp.select_prev_item() + elseif luasnip.jumpable(-1) then + luasnip.jump(-1) + else + fallback() + end + end, + }, + sources = { + { name = 'nvim_lsp' }, + { name = 'luasnip' }, + }, + } EOF " Visualize diagnostics @@ -143,14 +199,3 @@ autocmd CursorHold * lua vim.lsp.diagnostic.show_line_diagnostics() " have a fixed column for the diagnostics to appear in " this removes the jitter when warnings/errors flow in set signcolumn=yes - -" NeoVim 0.5 Code navigation shortcuts -nnoremap gd lua vim.lsp.buf.definition() -nnoremap K lua vim.lsp.buf.hover() -nnoremap gD lua vim.lsp.buf.implementation() -nnoremap lua vim.lsp.buf.signature_help() -nnoremap 1gD lua vim.lsp.buf.type_definition() -nnoremap gr lua vim.lsp.buf.references() -nnoremap g0 lua vim.lsp.buf.document_symbol() -nnoremap gW lua vim.lsp.buf.workspace_symbol() -nnoremap lua vim.lsp.buf.declaration() -- 2.44.2 From a208a817f7e907498b4c141dd199af2bb45def99 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Jan 2022 23:02:05 +0100 Subject: [PATCH 114/320] audio: rename pulseeffects to easyeffects, follow upstream: https://github.com/wwmm/easyeffects --- modules/audio/default.nix | 13 ++++++++++--- modules/audio/easyeffects.service.nix | 8 ++++++++ modules/audio/pulseeffects.service.nix | 8 -------- 3 files changed, 18 insertions(+), 11 deletions(-) create mode 100644 modules/audio/easyeffects.service.nix delete mode 100644 modules/audio/pulseeffects.service.nix diff --git a/modules/audio/default.nix b/modules/audio/default.nix index 68b3c19b..fcceefd3 100644 --- a/modules/audio/default.nix +++ b/modules/audio/default.nix @@ -15,26 +15,33 @@ in config = mkIf cfg.enable { home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { home.packages = [ + # easyeffects, e.g. for microphone noise filtering + easyeffects mu pavucontrol pa_applet playerctl # Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?) pulseaudio - # pulseeffects for microphone noise filtering - pulseeffects-pw vimpc ]; xdg.configFile."vimpc/vimpcrc".source = ./.config/vimpc/vimpcrc; - systemd.user.services.pulseeffects = import ./pulseeffects.service.nix pkgs; + systemd.user.services.easyeffects = import ./easyeffects.service.nix pkgs; }; # Enable sound using pipewire-pulse services.pipewire = { + enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; + config.pipewire = { + context.default.clock = { + allowed-rates = [ 44100 48000 88200 96000 ]; + rate = 44100; + }; + }; config.pipewire-pulse = builtins.fromJSON (builtins.readFile ./pipewire-pulse.conf.json); # Bluetooth configuration for pipewire diff --git a/modules/audio/easyeffects.service.nix b/modules/audio/easyeffects.service.nix new file mode 100644 index 00000000..e94d0abd --- /dev/null +++ b/modules/audio/easyeffects.service.nix @@ -0,0 +1,8 @@ +pkgs: +{ + Service = { + Type = "dbus"; + BusName = "com.github.wwmm.easyeffects"; + ExecStart = "${pkgs.easyeffects}/bin/easyeffects --gapplication-service"; + }; +} diff --git a/modules/audio/pulseeffects.service.nix b/modules/audio/pulseeffects.service.nix deleted file mode 100644 index 632fbb54..00000000 --- a/modules/audio/pulseeffects.service.nix +++ /dev/null @@ -1,8 +0,0 @@ -pkgs: -{ - Service = { - Type = "dbus"; - BusName = "com.github.wwmm.pulseeffects"; - ExecStart = "${pkgs.pulseeffects-pw}/bin/pulseeffects --gapplication-service"; - }; -} -- 2.44.2 From 18c566f30e685d478df29b29d52c2da8e35683e4 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Jan 2022 23:17:09 +0100 Subject: [PATCH 115/320] devops: add pgcli --- modules/devops/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/devops/default.nix b/modules/devops/default.nix index c862af61..04f886a0 100644 --- a/modules/devops/default.nix +++ b/modules/devops/default.nix @@ -14,6 +14,7 @@ in home.packages = [ drone-cli nmap + pgcli python38Packages.ansible restic shellcheck -- 2.44.2 From 2a6ac25369f0985e6b539d49e53dc3c037696c09 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Jan 2022 23:20:06 +0100 Subject: [PATCH 116/320] base user: init global gitignore, update mimeapps --- profiles/base-user/.config/git/config.nix | 1 + .../.config/git/global_gitignore.nix | 4 ++++ profiles/base-user/home.nix | 1 + profiles/base-user/mimeapps.nix | 23 ++++++++++--------- 4 files changed, 18 insertions(+), 11 deletions(-) create mode 100644 profiles/base-user/.config/git/global_gitignore.nix diff --git a/profiles/base-user/.config/git/config.nix b/profiles/base-user/.config/git/config.nix index 6b099f87..47cfc1d6 100644 --- a/profiles/base-user/.config/git/config.nix +++ b/profiles/base-user/.config/git/config.nix @@ -9,6 +9,7 @@ in ${if user.gpgKeyId != null then "signingkey = ${user.gpgKeyId}" else ""} [core] editor = /etc/profiles/per-user/${config.pub-solar.user.name}/bin/nvim + excludesFile = /home/${config.pub-solar.user.name}/.config/git/global_gitignore [alias] pol = pull ack = -c color.grep.linenumber=\"bold yellow\"\n -c color.grep.filename=\"bold green\"\n -c color.grep.match=\"reverse yellow\"\n grep --break --heading --line-number diff --git a/profiles/base-user/.config/git/global_gitignore.nix b/profiles/base-user/.config/git/global_gitignore.nix new file mode 100644 index 00000000..1ee11f34 --- /dev/null +++ b/profiles/base-user/.config/git/global_gitignore.nix @@ -0,0 +1,4 @@ +{ config, pkgs, ... }: +let +in +''tags'' diff --git a/profiles/base-user/home.nix b/profiles/base-user/home.nix index 7c5c5518..d8a331a9 100644 --- a/profiles/base-user/home.nix +++ b/profiles/base-user/home.nix @@ -32,6 +32,7 @@ in xdg.mimeApps = import ./mimeapps.nix; xdg.configFile."git/config".text = import ./.config/git/config.nix { inherit config; inherit pkgs; }; + xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix { inherit config; inherit pkgs; }; xdg.configFile."dircolors".source = ./.config/dircolors; xdg.configFile."xmodmap".source = ./.config/xmodmap; xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs; diff --git a/profiles/base-user/mimeapps.nix b/profiles/base-user/mimeapps.nix index ea2333ce..395c1b87 100644 --- a/profiles/base-user/mimeapps.nix +++ b/profiles/base-user/mimeapps.nix @@ -1,25 +1,26 @@ { enable = true; defaultApplications = { - "x-scheme-handler/http" = [ "firefox.desktop" ]; - "x-scheme-handler/https" = [ "firefox.desktop" ]; - "x-scheme-handler/ftp" = [ "firefox.desktop" ]; - "x-scheme-handler/chrome" = [ "firefox.desktop" ]; - "text/html" = [ "firefox.desktop" ]; + "application/octet-stream" = [ "firefox.desktop" ]; + "application/pdf" = [ "org.gnome.Evince.desktop" ]; + "application/x-bittorrent" = [ "deluge.desktop" ]; "application/x-extension-htm" = [ "firefox.desktop" ]; "application/x-extension-html" = [ "firefox.desktop" ]; "application/x-extension-shtml" = [ "firefox.desktop" ]; - "application/xhtml+xml" = [ "firefox.desktop" ]; "application/x-extension-xhtml" = [ "firefox.desktop" ]; "application/x-extension-xht" = [ "firefox.desktop" ]; + "application/xhtml+xml" = [ "firefox.desktop" ]; "image/jpeg" = [ "org.gnome.eog.desktop" ]; "image/png" = [ "org.gnome.eog.desktop" ]; - "video/mp4" = [ "vlc.desktop" ]; - "text/plain" = [ "firefox.desktop" ]; - "x-scheme-handler/mailto" = [ "userapp-Thunderbird.desktop" ]; "message/rfc822" = [ "userapp-Thunderbird.desktop" ]; - "application/pdf" = [ "org.gnome.Evince.desktop" ]; - "application/x-bittorrent" = [ "deluge.desktop" ]; + "text/html" = [ "firefox.desktop" ]; + "text/plain" = [ "firefox.desktop" ]; + "video/mp4" = [ "vlc.desktop" ]; + "x-scheme-handler/chrome" = [ "firefox.desktop" ]; + "x-scheme-handler/ftp" = [ "firefox.desktop" ]; + "x-scheme-handler/http" = [ "firefox.desktop" ]; + "x-scheme-handler/https" = [ "firefox.desktop" ]; + "x-scheme-handler/mailto" = [ "userapp-Thunderbird.desktop" ]; "x-scheme-handler/msteams" = [ "teams.desktop" ]; "x-scheme-handler/tg" = [ "userapp-Telegram Desktop-JBKFU0.desktop" ]; }; -- 2.44.2 From 8d3dedc562db026668ca5346481663664e4ae524 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Jan 2022 23:20:38 +0100 Subject: [PATCH 117/320] core: add gitFull, nix-tree --- profiles/core/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index b77baf53..05575467 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -22,7 +22,7 @@ in inetutils pciutils usbutils - git + gitFull git-lfs git-bug wget @@ -61,6 +61,7 @@ in niv manix nix-index + nix-tree # Build broken, python2.7-PyJWT-2.0.1.drv' failed #nixops psos -- 2.44.2 From ecc862c156d5e444fe099cc67e944c344ee46d60 Mon Sep 17 00:00:00 2001 From: Ben Merritt Date: Sun, 9 Jan 2022 00:14:24 -0800 Subject: [PATCH 118/320] Update secrets path See https://github.com/ryantm/agenix/commit/e5386644356a3f686f7fceac8645f0a9f94a2de6 --- doc/secrets.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/secrets.md b/doc/secrets.md index 6afe2f6a..26b2e973 100644 --- a/doc/secrets.md +++ b/doc/secrets.md @@ -93,7 +93,7 @@ In any profile that uses a NixOS module that requires a secret you can enable a ``` -Then you can just pass the path `/run/secrets/mysecret` to the module. +Then you can just pass the path `/run/agenix/mysecret` to the module. You can make use of the many options provided by the age module to customize where and how secrets get decrypted. You can learn about them by looking at the -- 2.44.2 From d8c8fc35ad06e4e29f9ea6e58593b43f1e4f33c9 Mon Sep 17 00:00:00 2001 From: Ben Merritt Date: Mon, 4 Oct 2021 08:54:27 -0700 Subject: [PATCH 119/320] Fix outdated option name --- doc/concepts/users.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/concepts/users.md b/doc/concepts/users.md index 3ab7c39c..b2a6c2a3 100644 --- a/doc/concepts/users.md +++ b/doc/concepts/users.md @@ -37,9 +37,10 @@ User profiles can be collected in a similar fashion as system ones into a `suite argument that gets passed to your home-manager users. ### Example +`flake.nix` ```nix { - home-manager.users.nixos = { suites, ... }: { + home.users.nixos = { suites, ... }: { imports = suites.base; }; } -- 2.44.2 From ea8937cd51dde2d65424041e5d6feab044e3070a Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Wed, 29 Dec 2021 14:42:51 -0800 Subject: [PATCH 120/320] profiles/core: add comments for each option --- profiles/core/default.nix | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 05575467..6c04d580 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -2,6 +2,7 @@ let inherit (lib) fileContents; in { + # Sets nrdxp.cachix.org binary cache which just speeds up some builds imports = [ ../cachix ]; config = { @@ -86,18 +87,18 @@ in nix = { package = pkgs.nix-dram; + # Improve nix store disk usage autoOptimiseStore = true; - gc.automatic = true; - optimise.automatic = true; + # Prevents impurities in builds useSandbox = true; - allowedUsers = [ "@wheel" ]; - + # give root and @wheel special privileges with nix trustedUsers = [ "root" "@wheel" ]; + # Generally useful nix option defaults extraOptions = '' min-free = 536870912 keep-outputs = true @@ -108,14 +109,7 @@ in ''; }; - system.autoUpgrade.enable = true; - - # For rage encryption, all hosts need a ssh key pair - services.openssh = { - enable = true; - openFirewall = lib.mkDefault false; - }; - + # Service that makes Out of Memory Killer more effective services.earlyoom.enable = true; boot.supportedFilesystems = [ "ntfs" ]; -- 2.44.2 From efcaa6f256ae68ed31c6a1f4553307f54bb90760 Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Thu, 13 Jan 2022 19:57:34 -0800 Subject: [PATCH 121/320] README: Add more flakes to "in the wild" Remove the nrd branch, since that doesn't exist anymore --- README.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 1d813821..b166d710 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,9 @@ expected. There are unstable versions (0._x_._x_) to help users keep track of changes and progress, and a [`develop`](https://github.com/divnix/devos/tree/develop) branch for the brave 😜 ## In the Wild -* The original [authors][please] +* @Pacman99: [Personal](https://gitlab.com/coffeetables/lower), [Server](https://gitlab.com/coffeetables/myrdd) +* [@danielphan2003](https://github.com/danielphan2003/flk) and make sure to also check out [devos-ext-lib][devos-ext-lib] +* [PubSolarOS](https://git.sr.ht/~b12f/pub-solar-os) ## Shoulders This work does not reinvent the wheel. It stands on the [shoulders of the @@ -89,3 +91,4 @@ DevOS is licensed under the [MIT License][mit]. [nvfetcher]: https://github.com/berberman/nvfetcher [please]: https://github.com/nrdxp/devos/tree/nrd [matrix]: https://matrix.to/#/#devos:nixos.org +[devos-ext-lib]: https://github.com/divnix/devos-ext-lib -- 2.44.2 From c36ec0b546360fdc6a8db261d6887604f320a19a Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Sat, 29 Jan 2022 11:57:55 -0800 Subject: [PATCH 122/320] flake: update digga, home, nixos, latest --- flake.lock | 379 ++++++++++++++++++++++++++++------------------------- 1 file changed, 199 insertions(+), 180 deletions(-) diff --git a/flake.lock b/flake.lock index a5d8b109..67701251 100644 --- a/flake.lock +++ b/flake.lock @@ -3,15 +3,15 @@ "agenix": { "inputs": { "nixpkgs": [ - "latest" + "nixos" ] }, "locked": { - "lastModified": 1620877075, - "narHash": "sha256-XvgTqtmQZHegu9UMDSR50gK5cHEM2gbnRH0qecmdN54=", + "lastModified": 1637793790, + "narHash": "sha256-oPXavjxETEWGXq8g7kQHyRLKUmLX2yPtGn+t3V0mrTY=", "owner": "ryantm", "repo": "agenix", - "rev": "e543aa7d68f222e1e771165da9e9a64b5bf7b3e3", + "rev": "f85eea0e29fa9a8924571d0e398215e175f80d55", "type": "github" }, "original": { @@ -23,10 +23,7 @@ "beautysh": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": [ - "bud", - "nixpkgs" - ], + "nixpkgs": "nixpkgs", "poetry2nix": "poetry2nix" }, "locked": { @@ -70,11 +67,11 @@ ] }, "locked": { - "lastModified": 1633373878, - "narHash": "sha256-9+ziZ8l6rq3yXyY6B0wYXrVdfxr6cdpEbPEGRHywBKc=", + "lastModified": 1640836100, + "narHash": "sha256-My9Lay6BCDwAZgrL4SuVXHkYPHIU7ypnuiS/pd7eg1M=", "owner": "divnix", "repo": "bud", - "rev": "4e709a2fcf19df500ba87d9c3b1b1481401cd53b", + "rev": "b1d8ab3970f4dfb5fb90d7d8a9ab493c75d031fc", "type": "github" }, "original": { @@ -86,7 +83,7 @@ "darwin": { "inputs": { "nixpkgs": [ - "latest" + "nixos" ] }, "locked": { @@ -105,37 +102,34 @@ }, "deploy": { "inputs": { + "fenix": "fenix", "flake-compat": "flake-compat", "nixpkgs": [ - "digga", - "latest" + "nixos" ], - "utils": [ - "digga", - "flake-utils" - ] + "utils": "utils" }, "locked": { - "lastModified": 1632822684, - "narHash": "sha256-lt7eayYmgsD5OQwpb1XYfHpxttn43bWo7G7hIJs+zJw=", - "owner": "serokell", + "lastModified": 1637357482, + "narHash": "sha256-mMRxOlcQs3V9cZYsKGKWEjl+oqclhaH1SKT3QGeTQ0Q=", + "owner": "input-output-hk", "repo": "deploy-rs", - "rev": "9a02de4373e0ec272d08a417b269a28ac8b961b4", + "rev": "5a6db26726ec8c7904aea5bcdf13589342386f9d", "type": "github" }, "original": { - "owner": "serokell", + "owner": "input-output-hk", "repo": "deploy-rs", "type": "github" } }, "devshell": { "locked": { - "lastModified": 1632436039, - "narHash": "sha256-OtITeVWcKXn1SpVEnImpTGH91FycCskGBPqmlxiykv4=", + "lastModified": 1637575296, + "narHash": "sha256-ZY8YR5u8aglZPe27+AJMnPTG6645WuavB+w0xmhTarw=", "owner": "numtide", "repo": "devshell", - "rev": "7a7a7aa0adebe5488e5abaec688fd9ae0f8ea9c6", + "rev": "0e56ef21ba1a717169953122c7415fa6a8cd2618", "type": "github" }, "original": { @@ -147,15 +141,15 @@ "digga": { "inputs": { "blank": "blank", - "deploy": "deploy", + "deploy": [ + "deploy" + ], "devshell": "devshell", - "flake-utils": "flake-utils_2", "flake-utils-plus": "flake-utils-plus", "home-manager": [ "home" ], "latest": "latest", - "nix": "nix", "nixlib": [ "nixos" ], @@ -165,11 +159,11 @@ ] }, "locked": { - "lastModified": 1632959483, - "narHash": "sha256-jXogai6e+QRtiZFBOrMmYdeLXejzVT91kuDKu2RuJ10=", + "lastModified": 1643510242, + "narHash": "sha256-9C9DyJhQ5bevk0CEEjGct+U9EqUgHg8T70nxz47zjMI=", "owner": "divnix", "repo": "digga", - "rev": "6549cf4c87d1a77138cbecbc6bb9483c20572cd7", + "rev": "33bfb05b8a148d8ad6a842de74e22209bf9fe5d7", "type": "github" }, "original": { @@ -178,6 +172,25 @@ "type": "github" } }, + "fenix": { + "inputs": { + "nixpkgs": "nixpkgs_3", + "rust-analyzer-src": "rust-analyzer-src" + }, + "locked": { + "lastModified": 1637303083, + "narHash": "sha256-e2A5JBjxYNpjoGd53K0oVUUaS9ojwOT5rnThyPNS46M=", + "owner": "nix-community", + "repo": "fenix", + "rev": "8294ceadbbbe1a886640bfcc15f5a02a2b471955", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "fenix", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -194,6 +207,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1627913399, + "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1623875721, @@ -211,32 +240,29 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": [ - "digga", - "flake-utils" - ] + "flake-utils": "flake-utils_3" }, "locked": { - "lastModified": 1630859749, - "narHash": "sha256-qkoU2rIbbP2+T0dfcqXW35GCWNsi0Y1IgN9BELmt4Zo=", - "owner": "divnix", + "lastModified": 1639385028, + "narHash": "sha256-oqorKz3mwf7UuDJwlbCEYCB2LfcWLL0DkeCWhRIL820=", + "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", - "rev": "a4e267e3fc87e60c5029c6c3855935ff1ff3018e", + "rev": "be1be083af014720c14f3b574f57b6173b4915d0", "type": "github" }, "original": { - "owner": "divnix", + "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", "type": "github" } }, "flake-utils_2": { "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "owner": "numtide", "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "type": "github" }, "original": { @@ -247,11 +273,26 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", "owner": "numtide", "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_4": { + "locked": { + "lastModified": 1631561581, + "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", "type": "github" }, "original": { @@ -267,27 +308,27 @@ ] }, "locked": { - "lastModified": 1624228557, - "narHash": "sha256-wwOqe73BsrXfRv1PhyXQFNC8iTET50KvE/HitdkRgxs=", + "lastModified": 1642653493, + "narHash": "sha256-22mGPjiHUo2Jmze4IjXCJLjeK2mbvvCztHmUyUMr4yw=", "owner": "nix-community", "repo": "home-manager", - "rev": "35a24648d155843a4d162de98c17b1afd5db51e4", + "rev": "28b9ae40c45c5e7711c353fee1b7af734e293979", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-21.05", + "ref": "release-21.11", "repo": "home-manager", "type": "github" } }, "latest": { "locked": { - "lastModified": 1632660378, - "narHash": "sha256-sjA8eQlnyDjDLyAyq3XlJmN0nqW0ftl/pb7VnMg86L0=", + "lastModified": 1638198142, + "narHash": "sha256-plU9b8r4St6q4U7VHtG9V7oF8k9fIpfXl/KDaZLuY9k=", "owner": "nixos", "repo": "nixpkgs", - "rev": "31ffc50c571e6683e9ecc9dbcbd4a8e9914b4497", + "rev": "8a308775674e178495767df90c419425474582a1", "type": "github" }, "original": { @@ -299,11 +340,11 @@ }, "latest_2": { "locked": { - "lastModified": 1627942574, - "narHash": "sha256-guUcGRWvY2mfiVSet2x/zeHIyflm2wgglj0ldg0mMio=", + "lastModified": 1643347846, + "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c464dc811babfe316ed4ab7bbc12351122e69dd7", + "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", "type": "github" }, "original": { @@ -313,35 +354,18 @@ "type": "github" } }, - "lowdown-src": { - "flake": false, - "locked": { - "lastModified": 1617481909, - "narHash": "sha256-SqnfOFuLuVRRNeVJr1yeEPJue/qWoCp5N6o5Kr///p4=", - "owner": "kristapsdz", - "repo": "lowdown", - "rev": "148f9b2f586c41b7e36e73009db43ea68c7a1a4d", - "type": "github" - }, - "original": { - "owner": "kristapsdz", - "ref": "VERSION_0_8_4", - "repo": "lowdown", - "type": "github" - } - }, "naersk": { "inputs": { "nixpkgs": [ - "latest" + "nixos" ] }, "locked": { - "lastModified": 1623927034, - "narHash": "sha256-sGxlmfp5eXL5sAMNqHSb04Zq6gPl+JeltIZ226OYN0w=", + "lastModified": 1638203339, + "narHash": "sha256-Sz3iCvbWrVWOD/XfYQeRJgP/7MVYL3/VKsNXvDeWBFc=", "owner": "nmattia", "repo": "naersk", - "rev": "e09c320446c5c2516d430803f7b19f5833781337", + "rev": "c3e56b8a4ffb6d906cdfcfee034581f9a8ece571", "type": "github" }, "original": { @@ -350,80 +374,51 @@ "type": "github" } }, - "nix": { - "inputs": { - "lowdown-src": "lowdown-src", - "nixpkgs": [ - "digga", - "nixpkgs" - ] - }, + "nixlib": { "locked": { - "lastModified": 1630335771, - "narHash": "sha256-eljjEPJdLK3aDskF7qX4YM/6KCq+w9nr+IKhrKW/AIQ=", - "owner": "nixos", - "repo": "nix", - "rev": "50a35860ee9237d341948437c5f70a7f0987d393", + "lastModified": 1641688481, + "narHash": "sha256-6L+EU12xLDHby7y8elgFtRKVBxix+7qV8DhVgXqrKZo=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "f697717b3d3a074ffc16c8c8227504f0db292886", "type": "github" }, "original": { - "owner": "nixos", - "repo": "nix", - "type": "github" - } - }, - "nix-dram": { - "inputs": { - "flake-utils": "flake-utils_3", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1628492639, - "narHash": "sha256-ffF/oEhLs/stAsXXobruKHyH9jnMC2rt/SM3ASrs2U8=", - "owner": "dramforever", - "repo": "nix-dram", - "rev": "fba426108ea6bdeb1e362bac9da06cbd33726f41", - "type": "github" - }, - "original": { - "owner": "dramforever", - "repo": "nix-dram", + "owner": "nix-community", + "repo": "nixpkgs.lib", "type": "github" } }, "nixos": { "locked": { - "lastModified": 1628203131, - "narHash": "sha256-jQgXeJ9NQQS0Eobb/qQOvS+RRULkqRikAeXkkFKOPDA=", + "lastModified": 1643463207, + "narHash": "sha256-W0azAxucUq84BvWqDPt3gX8kyc8wYvGUynZV9COfByQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "178da37860823d35e801c7df2f73d7866d3d598a", + "rev": "03098169624f487eef37186b3214c40e6b6e919d", "type": "github" }, "original": { "owner": "nixos", - "ref": "release-21.05", + "ref": "release-21.11", "repo": "nixpkgs", "type": "github" } }, "nixos-generators": { "inputs": { - "nixlib": [ - "digga", - "nixlib" - ], + "nixlib": "nixlib", "nixpkgs": [ "digga", "blank" ] }, "locked": { - "lastModified": 1624973746, - "narHash": "sha256-11JbJRduNwyf556gndGErR5/12ceyHOHBfEuha5Vws4=", + "lastModified": 1637655461, + "narHash": "sha256-kXZPbclN3gKwjhp2/RYFDFpAsSBwzX1iLF4EcnHZsPQ=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "022ef440af8dc237ab1f59fa363cb1e25783ec3e", + "rev": "05a3eb158a9c7746a5d463726d7f7cccf07500e4", "type": "github" }, "original": { @@ -434,11 +429,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1625333638, - "narHash": "sha256-M6J9RN60XJyv6nUfDFCwnz5aVjhe8+GJnV8Q9VpdQQQ=", + "lastModified": 1638182287, + "narHash": "sha256-vBzf+hbTJz2ZdXV/DWirl6wOO7tjdqzTIU+0FANt65U=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "41775780a0b6b32b3d32dcc32bb9bc6df809062d", + "rev": "6b3f79de09c3de7c91ab51e55e87879f61b6faec", "type": "github" }, "original": { @@ -449,15 +444,46 @@ }, "nixpkgs": { "locked": { - "lastModified": 1626556499, - "narHash": "sha256-c2ueMT7fi/yvCNq3nGLEC2v5GklS7eHpB1240LRSW9Y=", + "lastModified": 1643428210, + "narHash": "sha256-ympCeHuXeGitpnegE0raAtWLNg3vZbjj5QbbMvvBGCQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b59c06dc92f8d03660eb4155754d93a6c34cda83", + "rev": "e1b353e890801a759efe9a4c42f6984e47721f0d", "type": "github" }, "original": { "owner": "NixOS", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { + "locked": { + "lastModified": 1643513770, + "narHash": "sha256-Q64SabfQLuhHQfhpIHS/fLCEO2NUFnI+EKsB5GnfWh8=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "66ab3568d67b90275c0720aae8b911bad82c24fe", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1636976544, + "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "931ab058daa7e4cd539533963f95e2bb0dbd41e6", + "type": "github" + }, + "original": { + "owner": "nixos", "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" @@ -465,11 +491,11 @@ }, "nur": { "locked": { - "lastModified": 1626378135, - "narHash": "sha256-koC6DBYmLCrgXA+AMHVaODf1uHYPmvcFygHfy3eg6vI=", + "lastModified": 1638231901, + "narHash": "sha256-XzuvFTmsXULdWynQWzgaPHikepNhjEpK4o5WXfmRqek=", "owner": "nix-community", "repo": "NUR", - "rev": "00c2ec8f0bbdf0cfb2135bde55fbae5d6b64aa6d", + "rev": "4e68fb3d8f48e91196deb13f44bcfb421da25afb", "type": "github" }, "original": { @@ -479,26 +505,18 @@ }, "nvfetcher": { "inputs": { - "flake-compat": [ - "digga", - "deploy", - "flake-compat" - ], - "flake-utils": [ - "digga", - "flake-utils-plus", - "flake-utils" - ], + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_4", "nixpkgs": [ - "latest" + "nixos" ] }, "locked": { - "lastModified": 1632700276, - "narHash": "sha256-XABvQUq2qv+YcQxW93DnU8mgtVsGJWyhcznny/Lbp0Q=", + "lastModified": 1634524567, + "narHash": "sha256-v9ZTZj1WNQaaVfs1P1mUPuh518mmwpqszj1EjdeGUmc=", "owner": "berberman", "repo": "nvfetcher", - "rev": "248fe98ed1bc352ce164d08a9e76fdc5f301ba2d", + "rev": "807513f4bbd0e3b5863f4c3b91f8ac846ed6da9b", "type": "github" }, "original": { @@ -509,16 +527,8 @@ }, "poetry2nix": { "inputs": { - "flake-utils": [ - "bud", - "beautysh", - "flake-utils" - ], - "nixpkgs": [ - "bud", - "beautysh", - "nixpkgs" - ] + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1625240517, @@ -537,41 +547,50 @@ "root": { "inputs": { "agenix": "agenix", - "blank": [ - "digga", - "blank" - ], "bud": "bud", "darwin": "darwin", - "deploy": [ - "digga", - "deploy" - ], + "deploy": "deploy", "digga": "digga", - "flake-utils": [ - "digga", - "flake-utils" - ], - "flake-utils-plus": [ - "digga", - "flake-utils-plus" - ], "home": "home", "latest": "latest_2", "naersk": "naersk", - "nix-dram": "nix-dram", - "nixlib": [ - "digga", - "nixlib" - ], "nixos": "nixos", "nixos-hardware": "nixos-hardware", - "nixpkgs": [ - "nixos" - ], "nur": "nur", "nvfetcher": "nvfetcher" } + }, + "rust-analyzer-src": { + "flake": false, + "locked": { + "lastModified": 1637268320, + "narHash": "sha256-lxB1r+7cmZisiGLx0tZ2LaC6X/EcQTbRIWZfnLIIgs4=", + "owner": "rust-analyzer", + "repo": "rust-analyzer", + "rev": "f0da9406bcbde1bc727242b481d8de825e84f59a", + "type": "github" + }, + "original": { + "owner": "rust-analyzer", + "ref": "nightly", + "repo": "rust-analyzer", + "type": "github" + } + }, + "utils": { + "locked": { + "lastModified": 1637014545, + "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } } }, "root": "root", -- 2.44.2 From 7d67ba1cafde7577ea07f161b4e811e8eab5682a Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Sat, 29 Jan 2022 11:49:16 -0800 Subject: [PATCH 123/320] bud: switch back to pulling devos as template --- shell/bud/get.bash | 1 + 1 file changed, 1 insertion(+) create mode 100644 shell/bud/get.bash diff --git a/shell/bud/get.bash b/shell/bud/get.bash new file mode 100644 index 00000000..89e2af3d --- /dev/null +++ b/shell/bud/get.bash @@ -0,0 +1 @@ + nix flake new -t "github:divnix/devos/main" "${2:-devos}" -- 2.44.2 From 0534c731e23943153ac1c21b7294811cea78c84c Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Sat, 29 Jan 2022 19:58:36 -0800 Subject: [PATCH 124/320] overrides: remove nix-direnv line Use correct overrides for nix 2.4 --- overlays/overrides.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 1c5070db..4f94b6a9 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -16,6 +16,8 @@ channels: final: prev: { deploy-rs ; + # nix is set to 2.3 in 21.11 + nix-direnv = prev.nix-direnv.override { nix_2_4 = true; }; haskellPackages = prev.haskellPackages.override (old: { -- 2.44.2 From 3cb0cd2e2ee87b156b5d1c7a94cdb859c2a7003f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 14:42:02 +0100 Subject: [PATCH 125/320] Fix last upstream merge, add back openssh service Dont't autoUpgrade by default --- profiles/core/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 6c04d580..31d765e0 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -109,6 +109,12 @@ in ''; }; + # For rage encryption, all hosts need a ssh key pair + services.openssh = { + enable = true; + openFirewall = lib.mkDefault false; + }; + # Service that makes Out of Memory Killer more effective services.earlyoom.enable = true; -- 2.44.2 From f07010445eb26b269e044929f7ce8b75d1ea5458 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 16:19:36 +0100 Subject: [PATCH 126/320] Reference nix-dram package directly from inputs This should avoid patches not working because our pkgs follows nixos = release-21.11 and nix-dram follows nixos-unstable --- flake.nix | 1 - profiles/core/default.nix | 3 ++- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 2b0f2528..e0415b07 100644 --- a/flake.nix +++ b/flake.nix @@ -81,7 +81,6 @@ nur.overlay agenix.overlay nvfetcher.overlay - nix-dram.overlay ./pkgs/default.nix ]; }; diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 31d765e0..1d3d6c45 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -85,7 +85,8 @@ in }; nix = { - package = pkgs.nix-dram; + # use nix-dram, a patched nix command, see: https://github.com/dramforever/nix-dram + package = inputs.nix-dram.packages.${pkgs.system}.nix-dram; # Improve nix store disk usage autoOptimiseStore = true; -- 2.44.2 From 6da0f503e187fada0b6f8c9c255493c1823d91a8 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:09:49 +0100 Subject: [PATCH 127/320] wayland: use NIXOS_OZONE_WL instead of *-wayland packages --- modules/sway/config/config.d/custom-keybindings.conf | 2 +- overlays/overrides.nix | 9 +++++++++ profiles/base-user/session-variables.nix | 3 +++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index 2b7ba20d..d5887e3e 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -18,7 +18,7 @@ bindsym $mod+F2 exec firefox bindsym $mod+F3 exec $term -e vifm bindsym $mod+Shift+F3 exec gksu $term -e vifm bindsym $mod+F4 exec nautilus -w -bindsym $mod+Shift+F4 exec signal-desktop --enable-features=UseOzonePlatform --ozone-platform=wayland +bindsym $mod+Shift+F4 exec signal-desktop bindsym $mod+F5 exec $term -e 'mocp -C $XDG_CONFIG_DIR/mocp/config' bindsym $mod+Shift+m exec mu bindsym $mod+Shift+h exec xdg-open /usr/share/doc/manjaro/i3_help.pdf diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 4f94b6a9..4c5964ff 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -14,6 +14,15 @@ channels: final: prev: { signal-desktop starship deploy-rs + + neovim-unwrapped + tdesktop + xdg-desktop-portal + xdg-desktop-portal-gtk + xdg-desktop-portal-wlr + obs-studio + obs-studio-plugins + looking-glass-client ; # nix is set to 2.3 in 21.11 diff --git a/profiles/base-user/session-variables.nix b/profiles/base-user/session-variables.nix index 4e745bba..a180da6e 100644 --- a/profiles/base-user/session-variables.nix +++ b/profiles/base-user/session-variables.nix @@ -58,6 +58,9 @@ let # experimental wayland in firefox/thunderbird MOZ_ENABLE_WAYLAND = "1"; + # chromium / electron on wayland: enable ozone (native wayland mode) + NIXOS_OZONE_WL = "1"; + # Vagrant VAGRANT_HOME = "${xdg.dataHome}/vagrant"; VAGRANT_DEFAULT_PROVIDER = "libvirt"; -- 2.44.2 From c85cb99a15709e1533043f7d9b70a5f21fd9ad42 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:34:08 +0100 Subject: [PATCH 128/320] Use newer ansible version instead of pythonPackages one --- modules/devops/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/devops/default.nix b/modules/devops/default.nix index 04f886a0..9c0d9a9e 100644 --- a/modules/devops/default.nix +++ b/modules/devops/default.nix @@ -15,7 +15,8 @@ in drone-cli nmap pgcli - python38Packages.ansible + ansible + ansible-lint restic shellcheck terraform_0_15 -- 2.44.2 From 7589360e6d835eaf4ac511f016d3e43e34b4bace Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:34:32 +0100 Subject: [PATCH 129/320] terminal-life: add asciinema --- modules/terminal-life/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index 1be1d5fa..84e39c4c 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -26,6 +26,7 @@ in home.packages = [ ag ack + asciinema bat exa gh -- 2.44.2 From fa03692511a7f32792e9f52d36074740da1a37a2 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:35:00 +0100 Subject: [PATCH 130/320] modules: user: add publicKeys option --- modules/user/default.nix | 5 +++++ profiles/base-user/default.nix | 1 + 2 files changed, 6 insertions(+) diff --git a/modules/user/default.nix b/modules/user/default.nix index d2edd476..74c1d915 100644 --- a/modules/user/default.nix +++ b/modules/user/default.nix @@ -16,6 +16,11 @@ in type = types.nullOr types.str; default = null; }; + publicKeys = mkOption { + description = "User SSH public keys"; + type = types.listOf types.path; + default = [ ]; + }; fullName = mkOption { description = "User full name"; type = types.nullOr types.str; diff --git a/profiles/base-user/default.nix b/profiles/base-user/default.nix index e327a736..1ec8f13d 100644 --- a/profiles/base-user/default.nix +++ b/profiles/base-user/default.nix @@ -19,6 +19,7 @@ in extraGroups = [ "wheel" "docker" "input" "audio" "networkmanager" "lp" "scanner" ]; initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else ""; shell = pkgs.zsh; + openssh.authorizedKeys.keyFiles = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else []; }; }; } -- 2.44.2 From e1b4ec65e097a4cb33d9cd822e413eb9f23ec345 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:35:52 +0100 Subject: [PATCH 131/320] pkgs: lgcl: fix nix flake check for aarch64-linux --- pkgs/lgcl.nix | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 pkgs/lgcl.nix diff --git a/pkgs/lgcl.nix b/pkgs/lgcl.nix new file mode 100644 index 00000000..1d973e81 --- /dev/null +++ b/pkgs/lgcl.nix @@ -0,0 +1,9 @@ +self: with self; +let + looking-glass-client = self.looking-glass-client.overrideAttrs (old: { + meta.platforms = [ "x86_64-linux" "aarch64-linux" ]; + }); +in +'' + ${looking-glass-client}/bin/looking-glass-client -f /dev/shm/looking-glass input:ignoreWindowsKeys=yes input:grabKeyboardOnFocus=no +'' -- 2.44.2 From e2a15bf8170118c3a5d9b6cc11dbb82377e7dade Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:37:21 +0100 Subject: [PATCH 132/320] core: add missing argument inputs --- profiles/core/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 1d3d6c45..da22dba0 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -1,4 +1,4 @@ -{ self, config, lib, pkgs, ... }: +{ self, config, lib, pkgs, inputs, ... }: let inherit (lib) fileContents; in { -- 2.44.2 From bc4ca4557e46ff4a394acd9545a69b163cec0b8b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:43:05 +0100 Subject: [PATCH 133/320] core: add ncd, useful for comparing versions of pkgs that will be upgraded, see: https://discourse.nixos.org/t/nvd-simple-nix-nixos-version-diff-tool/12397 --- profiles/core/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index da22dba0..3dc8ea42 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -66,6 +66,7 @@ in # Build broken, python2.7-PyJWT-2.0.1.drv' failed #nixops psos + nvd # Fun neofetch -- 2.44.2 From 0cf1c0e9b02c1c27fb8e2bd0424176746bee141a Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:45:26 +0100 Subject: [PATCH 134/320] iso: default user nixos becomes pub-solar --- flake.nix | 1 - users/pub-solar/default.nix | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index e0415b07..7a28ba99 100644 --- a/flake.nix +++ b/flake.nix @@ -144,7 +144,6 @@ }; }; users = { - nixos = { suites, ... }: { imports = suites.base; }; pub-solar = { suites, ... }: { imports = suites.base; }; }; # digga.lib.importers.rakeLeaves ./users/hm; }; diff --git a/users/pub-solar/default.nix b/users/pub-solar/default.nix index af669b41..7289f717 100644 --- a/users/pub-solar/default.nix +++ b/users/pub-solar/default.nix @@ -5,12 +5,14 @@ pub-solar = { # These are your personal settings # The only required settings are `name` and `password`, + # for convenience, use publicKeys to add your SSH keys # The rest is used for programs like git user = { name = "pub-solar"; password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr."; fullName = "Pub Solar"; email = "iso@pub.solar"; + publicKeys = [ ../../secrets/teutat3s-yubikey.pub ]; }; }; } -- 2.44.2 From 1d2eb2edd0b27d563d63a5379fc33877aa4c71bd Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:47:45 +0100 Subject: [PATCH 135/320] iso: use iso suite in PubSolarOS host fae: boots PubSolarOS --- flake.nix | 3 +++ hosts/PubSolarOS.nix | 15 +++++---------- 2 files changed, 8 insertions(+), 10 deletions(-) diff --git a/flake.nix b/flake.nix index 7a28ba99..88112919 100644 --- a/flake.nix +++ b/flake.nix @@ -73,6 +73,8 @@ channelsConfig = { allowUnfree = true; }; + supportedSystems = [ "x86_64-linux" "aarch64-linux" ]; + channels = { nixos = { imports = [ (digga.lib.importOverlays ./overlays) ]; @@ -128,6 +130,7 @@ }; suites = with profiles; rec { base = [ core users.pub-solar users.root ]; + iso = base ++ [ base-user graphical pub-solar-iso ]; pubsolaros = [ core full-install base-user users.root ]; anonymous = [ pubsolaros users.pub-solar ]; }; diff --git a/hosts/PubSolarOS.nix b/hosts/PubSolarOS.nix index 2438ac28..70cf7a08 100644 --- a/hosts/PubSolarOS.nix +++ b/hosts/PubSolarOS.nix @@ -1,15 +1,10 @@ -{ profiles, ... }: +{ suites, ... }: { ### root password is empty by default ### - imports = [ - # profiles.networking - profiles.core - profiles.users.root # make sure to configure ssh keys - profiles.users.pub-solar - profiles.base-user - profiles.graphical - profiles.pub-solar-iso - ]; + ### default password: pub-solar, optional: add your SSH keys + imports = + suites.iso + ; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; -- 2.44.2 From f99159df93a21b4a19fea32f9df801eb71418eac Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 31 Jan 2022 17:52:56 +0100 Subject: [PATCH 136/320] chore: bump flake lock --- flake.lock | 196 +++++++++++++++++++++++++++-------------- flake.nix | 11 ++- overlays/overrides.nix | 2 - 3 files changed, 136 insertions(+), 73 deletions(-) diff --git a/flake.lock b/flake.lock index 67701251..f9d9b519 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1637793790, - "narHash": "sha256-oPXavjxETEWGXq8g7kQHyRLKUmLX2yPtGn+t3V0mrTY=", + "lastModified": 1641576265, + "narHash": "sha256-G4W39k5hdu2kS13pi/RhyTOySAo7rmrs7yMUZRH0OZI=", "owner": "ryantm", "repo": "agenix", - "rev": "f85eea0e29fa9a8924571d0e398215e175f80d55", + "rev": "08b9c96878b2f9974fc8bde048273265ad632357", "type": "github" }, "original": { @@ -27,11 +27,11 @@ "poetry2nix": "poetry2nix" }, "locked": { - "lastModified": 1630693543, - "narHash": "sha256-7Sly3ReaJZw60Qo0rpfN4jF6zy94nwQz6ENgUUFzJfg=", + "lastModified": 1641830469, + "narHash": "sha256-uhDmgNP/biOWe4FtOa6c2xZnREH+NP9rdrMm0LccRUk=", "owner": "lovesegfault", "repo": "beautysh", - "rev": "5609593961b70428f58d5c1b4b25cdda43b0d0bd", + "rev": "e85d9736927c0fcf2abb05cb3a2d8d9b4502a2eb", "type": "github" }, "original": { @@ -67,11 +67,11 @@ ] }, "locked": { - "lastModified": 1640836100, - "narHash": "sha256-My9Lay6BCDwAZgrL4SuVXHkYPHIU7ypnuiS/pd7eg1M=", + "lastModified": 1642035816, + "narHash": "sha256-1Lq5c1AeUv/1SK08+O704JVfDdD/zodHzA0cv0TIga8=", "owner": "divnix", "repo": "bud", - "rev": "b1d8ab3970f4dfb5fb90d7d8a9ab493c75d031fc", + "rev": "a789d710851441ba7e7cd59be378623b1fe05688", "type": "github" }, "original": { @@ -87,11 +87,11 @@ ] }, "locked": { - "lastModified": 1634994402, - "narHash": "sha256-xmlCVVOYGpZoxgOqsDOVF0B0ASrnbNGVAEzID9qh2xo=", + "lastModified": 1642495030, + "narHash": "sha256-u1ZlFbLWzkM6zOfuZ1tr0tzTuDWucOYwALPWDWLorkE=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "44da835ac40dab5fd231298b59d83487382d2fab", + "rev": "bcdb6022b3a300abf59cb5d0106c158940f5120e", "type": "github" }, "original": { @@ -110,11 +110,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1637357482, - "narHash": "sha256-mMRxOlcQs3V9cZYsKGKWEjl+oqclhaH1SKT3QGeTQ0Q=", + "lastModified": 1639771334, + "narHash": "sha256-4hgZmsCPaL5QlcEijHmzaYYrEwHtUFqraCUrCqLGJOo=", "owner": "input-output-hk", "repo": "deploy-rs", - "rev": "5a6db26726ec8c7904aea5bcdf13589342386f9d", + "rev": "7267eab9139ca4476fd8ed49e2e8652bba4c037f", "type": "github" }, "original": { @@ -178,11 +178,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1637303083, - "narHash": "sha256-e2A5JBjxYNpjoGd53K0oVUUaS9ojwOT5rnThyPNS46M=", + "lastModified": 1639117493, + "narHash": "sha256-67H9uXUdauaqMfkcKzpgHR3GeOKPAwOs6G3C1VpT67o=", "owner": "nix-community", "repo": "fenix", - "rev": "8294ceadbbbe1a886640bfcc15f5a02a2b471955", + "rev": "94b5686cad2ed210da106b0b7e1e212dab43fbf2", "type": "github" }, "original": { @@ -225,11 +225,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "lastModified": 1631561581, + "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", "owner": "numtide", "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", "type": "github" }, "original": { @@ -288,11 +288,26 @@ }, "flake-utils_4": { "locked": { - "lastModified": 1631561581, - "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_5": { + "locked": { + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", "type": "github" }, "original": { @@ -324,11 +339,11 @@ }, "latest": { "locked": { - "lastModified": 1638198142, - "narHash": "sha256-plU9b8r4St6q4U7VHtG9V7oF8k9fIpfXl/KDaZLuY9k=", + "lastModified": 1643347846, + "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a308775674e178495767df90c419425474582a1", + "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", "type": "github" }, "original": { @@ -354,6 +369,22 @@ "type": "github" } }, + "master": { + "locked": { + "lastModified": 1643636025, + "narHash": "sha256-pGU2qvKLMJ7jUbPdcWcdE8jSujy5iBI6ZFejpVHazUw=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "be41b14875ff8d0fbcf80c13ace036a3fa4a96c3", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, "naersk": { "inputs": { "nixpkgs": [ @@ -361,11 +392,11 @@ ] }, "locked": { - "lastModified": 1638203339, - "narHash": "sha256-Sz3iCvbWrVWOD/XfYQeRJgP/7MVYL3/VKsNXvDeWBFc=", + "lastModified": 1639947939, + "narHash": "sha256-pGsM8haJadVP80GFq4xhnSpNitYNQpaXk4cnA796Cso=", "owner": "nmattia", "repo": "naersk", - "rev": "c3e56b8a4ffb6d906cdfcfee034581f9a8ece571", + "rev": "2fc8ce9d3c025d59fee349c1f80be9785049d653", "type": "github" }, "original": { @@ -374,6 +405,27 @@ "type": "github" } }, + "nix-dram": { + "inputs": { + "flake-utils": "flake-utils_4", + "nixpkgs": [ + "latest" + ] + }, + "locked": { + "lastModified": 1643638527, + "narHash": "sha256-NoRwXgTk3zHaTM4egk4MbEnV7RTXWUTon3OiG0GHjhE=", + "owner": "dramforever", + "repo": "nix-dram", + "rev": "86350dcada08e6f41fedd20f8c25a3a199a3be7d", + "type": "github" + }, + "original": { + "owner": "dramforever", + "repo": "nix-dram", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1641688481, @@ -391,11 +443,11 @@ }, "nixos": { "locked": { - "lastModified": 1643463207, - "narHash": "sha256-W0azAxucUq84BvWqDPt3gX8kyc8wYvGUynZV9COfByQ=", + "lastModified": 1643630271, + "narHash": "sha256-0H+50Ys/8/rjE+64vpFRjwnDwthDfHh45IDpZ2BiECg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "03098169624f487eef37186b3214c40e6b6e919d", + "rev": "83a53b4adf04607af34060b2f7699a412fc9bc3d", "type": "github" }, "original": { @@ -408,10 +460,7 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": [ - "digga", - "blank" - ] + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1637655461, @@ -429,11 +478,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1638182287, - "narHash": "sha256-vBzf+hbTJz2ZdXV/DWirl6wOO7tjdqzTIU+0FANt65U=", + "lastModified": 1641965797, + "narHash": "sha256-AfxfIzAZbt9aAzpVBn0Bwhd/M4Wix7G91kEjm9H6FPo=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "6b3f79de09c3de7c91ab51e55e87879f61b6faec", + "rev": "87a35a0d58f546dc23f37b4f6af575d0e4be6a7a", "type": "github" }, "original": { @@ -444,11 +493,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1643428210, - "narHash": "sha256-ympCeHuXeGitpnegE0raAtWLNg3vZbjj5QbbMvvBGCQ=", + "lastModified": 1633971123, + "narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e1b353e890801a759efe9a4c42f6984e47721f0d", + "rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef", "type": "github" }, "original": { @@ -460,11 +509,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1643513770, - "narHash": "sha256-Q64SabfQLuhHQfhpIHS/fLCEO2NUFnI+EKsB5GnfWh8=", + "lastModified": 1643634174, + "narHash": "sha256-LpfTneNuLmXuTyR4hPXtr92g1YAZymJUQxdHjTCi79w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "66ab3568d67b90275c0720aae8b911bad82c24fe", + "rev": "589235201f2e0717bee4915bffff5330fa00ff41", "type": "github" }, "original": { @@ -475,11 +524,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1636976544, - "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", + "lastModified": 1638986258, + "narHash": "sha256-OceRdctKZRSgqQxVRvvNB0MaEnFMzQqjUffecoDE9eI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "931ab058daa7e4cd539533963f95e2bb0dbd41e6", + "rev": "581d2d6c9cd5c289002203581d8aa0861963a933", "type": "github" }, "original": { @@ -489,14 +538,29 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1643381941, + "narHash": "sha256-pHTwvnN4tTsEKkWlXQ8JMY423epos8wUOhthpwJjtpc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5efc8ca954272c4376ac929f4c5ffefcc20551d5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "locked": { - "lastModified": 1638231901, - "narHash": "sha256-XzuvFTmsXULdWynQWzgaPHikepNhjEpK4o5WXfmRqek=", - "owner": "nix-community", - "repo": "NUR", - "rev": "4e68fb3d8f48e91196deb13f44bcfb421da25afb", - "type": "github" + "lastModified": 1626378135, + "narHash": "sha256-koC6DBYmLCrgXA+AMHVaODf1uHYPmvcFygHfy3eg6vI=", + "path": "/nix/store/6mfkswqi67m35qwv0vh7kpk8rypbl2rq-source", + "rev": "00c2ec8f0bbdf0cfb2135bde55fbae5d6b64aa6d", + "type": "path" }, "original": { "id": "nur", @@ -506,17 +570,17 @@ "nvfetcher": { "inputs": { "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixos" ] }, "locked": { - "lastModified": 1634524567, - "narHash": "sha256-v9ZTZj1WNQaaVfs1P1mUPuh518mmwpqszj1EjdeGUmc=", + "lastModified": 1643518077, + "narHash": "sha256-FHhKjrPxvCv1aywLeqJi3kARDql7cwaj2jcpWp42Xhw=", "owner": "berberman", "repo": "nvfetcher", - "rev": "807513f4bbd0e3b5863f4c3b91f8ac846ed6da9b", + "rev": "1b4adc9dac4c5f2c3ce14fdaf2702f9ce6bec491", "type": "github" }, "original": { @@ -531,11 +595,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1625240517, - "narHash": "sha256-2E1gaOP+bCplhf3kliVQWK5N1NV2h06mkJk2KTiRTJQ=", + "lastModified": 1633382856, + "narHash": "sha256-hYlet806M9xJj4yxf0g5fhDT2IEUVIMAl7sqIeZ8DUM=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "e40e8ed0e8c11e709e4c8c7c20174facd265a021", + "rev": "705cbfa10e3d9bfed2e59e0256844ae3704dbd7e", "type": "github" }, "original": { @@ -553,7 +617,9 @@ "digga": "digga", "home": "home", "latest": "latest_2", + "master": "master", "naersk": "naersk", + "nix-dram": "nix-dram", "nixos": "nixos", "nixos-hardware": "nixos-hardware", "nur": "nur", @@ -563,11 +629,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1637268320, - "narHash": "sha256-lxB1r+7cmZisiGLx0tZ2LaC6X/EcQTbRIWZfnLIIgs4=", + "lastModified": 1639071661, + "narHash": "sha256-4YySLORuK0qGGIEJj78S7CZ4jy4GIHJ5ks17k5AWblo=", "owner": "rust-analyzer", "repo": "rust-analyzer", - "rev": "f0da9406bcbde1bc727242b481d8de825e84f59a", + "rev": "2534b7db1a093543d5bd759b3a1ca9e34418fa31", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 88112919..1a2823f8 100644 --- a/flake.nix +++ b/flake.nix @@ -9,6 +9,7 @@ { nixos.url = "github:nixos/nixpkgs/release-21.05"; latest.url = "github:nixos/nixpkgs/nixos-unstable"; + master.url = "github:nixos/nixpkgs/master"; digga.url = "github:divnix/digga"; digga.inputs.nixpkgs.follows = "nixos"; @@ -50,7 +51,8 @@ # end ANTI CORRUPTION LAYER # PubSolarOS additions - nix-dram.url = "github:pub-solar/nix-dram"; + nix-dram.url = "github:dramforever/nix-dram"; + nix-dram.inputs.nixpkgs.follows = "latest"; }; outputs = @@ -86,11 +88,7 @@ ./pkgs/default.nix ]; }; - latest = { - overlays = [ - deploy.overlay - ]; - }; + latest = { }; }; lib = import ./lib { lib = digga.lib // nixos.lib; }; @@ -148,6 +146,7 @@ }; users = { pub-solar = { suites, ... }: { imports = suites.base; }; + teutat3s = { suites, ... }: { imports = suites.base; }; }; # digga.lib.importers.rakeLeaves ./users/hm; }; diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 4c5964ff..c44eb891 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -25,8 +25,6 @@ channels: final: prev: { looking-glass-client ; - # nix is set to 2.3 in 21.11 - nix-direnv = prev.nix-direnv.override { nix_2_4 = true; }; haskellPackages = prev.haskellPackages.override (old: { -- 2.44.2 From dca27eda2e9e1e36d0e7b583217012cd2b661452 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 04:15:24 +0100 Subject: [PATCH 137/320] Fix up rebase --- flake.lock | 52 +++++++------------ flake.nix | 33 ++++-------- overlays/overrides.nix | 3 +- shell/devos.nix | 7 +-- users/pub-solar/default.nix | 2 +- .../public-keys/teutat3s-yubikey.pub | 1 + 6 files changed, 33 insertions(+), 65 deletions(-) create mode 100644 users/pub-solar/public-keys/teutat3s-yubikey.pub diff --git a/flake.lock b/flake.lock index f9d9b519..6a0d01c0 100644 --- a/flake.lock +++ b/flake.lock @@ -339,11 +339,11 @@ }, "latest": { "locked": { - "lastModified": 1643347846, - "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", + "lastModified": 1638198142, + "narHash": "sha256-plU9b8r4St6q4U7VHtG9V7oF8k9fIpfXl/KDaZLuY9k=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", + "rev": "8a308775674e178495767df90c419425474582a1", "type": "github" }, "original": { @@ -355,11 +355,11 @@ }, "latest_2": { "locked": { - "lastModified": 1643347846, - "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", + "lastModified": 1643524588, + "narHash": "sha256-Qh5AazxdOQRORbGkkvpKoovDl6ej/4PhDabFsqnueqw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", + "rev": "efeefb2af1469a5d1f0ae7ca8f0dfd9bb87d5cfb", "type": "github" }, "original": { @@ -369,22 +369,6 @@ "type": "github" } }, - "master": { - "locked": { - "lastModified": 1643636025, - "narHash": "sha256-pGU2qvKLMJ7jUbPdcWcdE8jSujy5iBI6ZFejpVHazUw=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "be41b14875ff8d0fbcf80c13ace036a3fa4a96c3", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "master", - "repo": "nixpkgs", - "type": "github" - } - }, "naersk": { "inputs": { "nixpkgs": [ @@ -408,9 +392,7 @@ "nix-dram": { "inputs": { "flake-utils": "flake-utils_4", - "nixpkgs": [ - "latest" - ] + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1643638527, @@ -443,11 +425,11 @@ }, "nixos": { "locked": { - "lastModified": 1643630271, - "narHash": "sha256-0H+50Ys/8/rjE+64vpFRjwnDwthDfHh45IDpZ2BiECg=", + "lastModified": 1643760485, + "narHash": "sha256-GcsRA8tc+LN7vDPLrRdFNSJEig5q+O6MIUTycc5YETI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "83a53b4adf04607af34060b2f7699a412fc9bc3d", + "rev": "8f7bb8841aa25e34cbbee891acd8a7a3e9e384db", "type": "github" }, "original": { @@ -460,7 +442,10 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": "nixpkgs_4" + "nixpkgs": [ + "digga", + "blank" + ] }, "locked": { "lastModified": 1637655461, @@ -540,16 +525,16 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1643381941, - "narHash": "sha256-pHTwvnN4tTsEKkWlXQ8JMY423epos8wUOhthpwJjtpc=", + "lastModified": 1643524588, + "narHash": "sha256-Qh5AazxdOQRORbGkkvpKoovDl6ej/4PhDabFsqnueqw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5efc8ca954272c4376ac929f4c5ffefcc20551d5", + "rev": "efeefb2af1469a5d1f0ae7ca8f0dfd9bb87d5cfb", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixpkgs-unstable", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -617,7 +602,6 @@ "digga": "digga", "home": "home", "latest": "latest_2", - "master": "master", "naersk": "naersk", "nix-dram": "nix-dram", "nixos": "nixos", diff --git a/flake.nix b/flake.nix index 1a2823f8..0089a3ba 100644 --- a/flake.nix +++ b/flake.nix @@ -1,58 +1,47 @@ { description = "A highly structured configuration database."; - nixConfig.extra-experimental-features = "nix-command flakes ca-references"; + nixConfig.extra-experimental-features = "nix-command flakes"; nixConfig.extra-substituters = "https://nrdxp.cachix.org https://nix-community.cachix.org"; nixConfig.extra-trusted-public-keys = "nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="; inputs = { - nixos.url = "github:nixos/nixpkgs/release-21.05"; + nixos.url = "github:nixos/nixpkgs/release-21.11"; latest.url = "github:nixos/nixpkgs/nixos-unstable"; - master.url = "github:nixos/nixpkgs/master"; digga.url = "github:divnix/digga"; digga.inputs.nixpkgs.follows = "nixos"; digga.inputs.nixlib.follows = "nixos"; digga.inputs.home-manager.follows = "home"; + digga.inputs.deploy.follows = "deploy"; bud.url = "github:divnix/bud"; bud.inputs.nixpkgs.follows = "nixos"; bud.inputs.devshell.follows = "digga/devshell"; - home.url = "github:nix-community/home-manager/release-21.05"; + home.url = "github:nix-community/home-manager/release-21.11"; home.inputs.nixpkgs.follows = "nixos"; darwin.url = "github:LnL7/nix-darwin"; - darwin.inputs.nixpkgs.follows = "latest"; + darwin.inputs.nixpkgs.follows = "nixos"; - deploy.follows = "digga/deploy"; + deploy.url = "github:input-output-hk/deploy-rs"; + deploy.inputs.nixpkgs.follows = "nixos"; agenix.url = "github:ryantm/agenix"; - agenix.inputs.nixpkgs.follows = "latest"; + agenix.inputs.nixpkgs.follows = "nixos"; nvfetcher.url = "github:berberman/nvfetcher"; - nvfetcher.inputs.nixpkgs.follows = "latest"; - nvfetcher.inputs.flake-compat.follows = "digga/deploy/flake-compat"; - nvfetcher.inputs.flake-utils.follows = "digga/flake-utils-plus/flake-utils"; + nvfetcher.inputs.nixpkgs.follows = "nixos"; naersk.url = "github:nmattia/naersk"; - naersk.inputs.nixpkgs.follows = "latest"; + naersk.inputs.nixpkgs.follows = "nixos"; nixos-hardware.url = "github:nixos/nixos-hardware"; - # start ANTI CORRUPTION LAYER - # remove after https://github.com/NixOS/nix/pull/4641 - nixpkgs.follows = "nixos"; - nixlib.follows = "digga/nixlib"; - blank.follows = "digga/blank"; - flake-utils-plus.follows = "digga/flake-utils-plus"; - flake-utils.follows = "digga/flake-utils"; - # end ANTI CORRUPTION LAYER - # PubSolarOS additions nix-dram.url = "github:dramforever/nix-dram"; - nix-dram.inputs.nixpkgs.follows = "latest"; }; outputs = @@ -81,7 +70,6 @@ nixos = { imports = [ (digga.lib.importOverlays ./overlays) ]; overlays = [ - digga.overlays.patchedNix nur.overlay agenix.overlay nvfetcher.overlay @@ -146,7 +134,6 @@ }; users = { pub-solar = { suites, ... }: { imports = suites.base; }; - teutat3s = { suites, ... }: { imports = suites.base; }; }; # digga.lib.importers.rakeLeaves ./users/hm; }; diff --git a/overlays/overrides.nix b/overlays/overrides.nix index c44eb891..c0cb58ad 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -6,9 +6,8 @@ channels: final: prev: { cachix dhall discord - element-desktop-wayland + element-desktop rage - neovim-unwrapped nixpkgs-fmt qutebrowser signal-desktop diff --git a/shell/devos.nix b/shell/devos.nix index 0e143588..64815288 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -1,4 +1,4 @@ -{ pkgs, extraModulesPath, ... }: +{ pkgs, extraModulesPath, inputs, ... }: let hooks = import ./hooks; @@ -50,12 +50,9 @@ in (linter editorconfig-checker) # (docs python3Packages.grip) too many deps (docs mdbook) + (devos inputs.deploy.packages.${pkgs.system}.deploy-rs) ] - ++ lib.optional - (pkgs ? deploy-rs) - (devos deploy-rs.deploy-rs) - ++ lib.optional (system != "i686-linux") (devos cachix) diff --git a/users/pub-solar/default.nix b/users/pub-solar/default.nix index 7289f717..6bd0403c 100644 --- a/users/pub-solar/default.nix +++ b/users/pub-solar/default.nix @@ -12,7 +12,7 @@ password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr."; fullName = "Pub Solar"; email = "iso@pub.solar"; - publicKeys = [ ../../secrets/teutat3s-yubikey.pub ]; + publicKeys = [ ./public-keys/teutat3s-yubikey.pub ]; }; }; } diff --git a/users/pub-solar/public-keys/teutat3s-yubikey.pub b/users/pub-solar/public-keys/teutat3s-yubikey.pub new file mode 100644 index 00000000..0462fc12 --- /dev/null +++ b/users/pub-solar/public-keys/teutat3s-yubikey.pub @@ -0,0 +1 @@ +ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a -- 2.44.2 From 8442a936e503448ebebf94828c10d7d141f18bf7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 24 Oct 2021 19:36:56 +0200 Subject: [PATCH 138/320] Remove git crypt, update docs --- doc/secrets.md | 6 +----- shell/devos.nix | 4 ---- 2 files changed, 1 insertion(+), 9 deletions(-) diff --git a/doc/secrets.md b/doc/secrets.md index 26b2e973..47ca43d4 100644 --- a/doc/secrets.md +++ b/doc/secrets.md @@ -1,11 +1,8 @@ # Secrets -Secrets are managed using [git-crypt][git-crypt] and [agenix][agenix] +Secrets are managed using [agenix][agenix] so you can keep your flake in a public repository like GitHub without exposing your password or other sensitive data. -By default, everything in the secrets folder is automatically encrypted. Just -be sure to run `git-crypt init` before putting anything in here. - ## Agenix Currently, there is [no mechanism][secrets-issue] in nix itself to deploy secrets within the nix store because it is world-readable. @@ -104,7 +101,6 @@ secrets get decrypted. You can learn about them by looking at the > You can take a look at the [agenix repository][agenix] for more information > about the tool. -[git-crypt]: https://github.com/AGWA/git-crypt [agenix]: https://github.com/ryantm/agenix [age module]: https://github.com/ryantm/agenix/blob/master/modules/age.nix [secrets-issue]: https://github.com/NixOS/nix/issues/8 diff --git a/shell/devos.nix b/shell/devos.nix index 64815288..8702740a 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -33,10 +33,6 @@ in unset _PATH ''); - packages = with pkgs; [ - git-crypt - ]; - commands = with pkgs; [ (devos nixFlakes) (devos agenix) -- 2.44.2 From e9e53147d8bfdd5c8ef288a8c4d62a61d809403c Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 04:47:08 +0100 Subject: [PATCH 139/320] Fix up rebase --- profiles/core/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 6ccd540f..eecae628 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -22,6 +22,7 @@ in progress dnsutils inetutils + mtr pciutils usbutils gitFull @@ -121,6 +122,9 @@ in # Service that makes Out of Memory Killer more effective services.earlyoom.enable = true; + # Use latest LTS linux kernel by default + boot.kernelPackages = pkgs.linuxPackages_5_15; + boot.supportedFilesystems = [ "ntfs" ]; }; } -- 2.44.2 From 821565aea41126ff7ad3b2d5d3226602c5f0140e Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 05:13:01 +0100 Subject: [PATCH 140/320] Fix up rebase --- flake.lock | 41 +++++++++++++++++++++++++++-------------- 1 file changed, 27 insertions(+), 14 deletions(-) diff --git a/flake.lock b/flake.lock index 6a0d01c0..fd689987 100644 --- a/flake.lock +++ b/flake.lock @@ -339,11 +339,11 @@ }, "latest": { "locked": { - "lastModified": 1638198142, - "narHash": "sha256-plU9b8r4St6q4U7VHtG9V7oF8k9fIpfXl/KDaZLuY9k=", + "lastModified": 1643347846, + "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8a308775674e178495767df90c419425474582a1", + "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", "type": "github" }, "original": { @@ -355,11 +355,11 @@ }, "latest_2": { "locked": { - "lastModified": 1643524588, - "narHash": "sha256-Qh5AazxdOQRORbGkkvpKoovDl6ej/4PhDabFsqnueqw=", + "lastModified": 1643347846, + "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "efeefb2af1469a5d1f0ae7ca8f0dfd9bb87d5cfb", + "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", "type": "github" }, "original": { @@ -392,7 +392,7 @@ "nix-dram": { "inputs": { "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_4" + "nixpkgs": "nixpkgs_5" }, "locked": { "lastModified": 1643638527, @@ -425,11 +425,11 @@ }, "nixos": { "locked": { - "lastModified": 1643760485, - "narHash": "sha256-GcsRA8tc+LN7vDPLrRdFNSJEig5q+O6MIUTycc5YETI=", + "lastModified": 1643630271, + "narHash": "sha256-0H+50Ys/8/rjE+64vpFRjwnDwthDfHh45IDpZ2BiECg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8f7bb8841aa25e34cbbee891acd8a7a3e9e384db", + "rev": "83a53b4adf04607af34060b2f7699a412fc9bc3d", "type": "github" }, "original": { @@ -442,10 +442,7 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": [ - "digga", - "blank" - ] + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1637655461, @@ -524,6 +521,22 @@ } }, "nixpkgs_4": { + "locked": { + "lastModified": 1643381941, + "narHash": "sha256-pHTwvnN4tTsEKkWlXQ8JMY423epos8wUOhthpwJjtpc=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5efc8ca954272c4376ac929f4c5ffefcc20551d5", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { "locked": { "lastModified": 1643524588, "narHash": "sha256-Qh5AazxdOQRORbGkkvpKoovDl6ej/4PhDabFsqnueqw=", -- 2.44.2 From be9ce55f58a8ed61c4b087ce2da4ab0bdbb3ed36 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 13:27:56 +0100 Subject: [PATCH 141/320] Nix flake check works --- .drone.yml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index efeeac92..f67a32f5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -104,8 +104,7 @@ steps: - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf - # Currently broken - #- nix -Lv flake check + - nix -Lv flake check - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix -Lv develop -c echo OK - nix -Lv develop --command bud --help @@ -161,6 +160,6 @@ volumes: --- kind: signature -hmac: 539937d723b620778939dcac3819b0f6a4c396f1c477a2783ae3fb6feab0f4d7 +hmac: d05f4e192ceb055bde34889d5303a0925aac9105bed6f77631abe6fccffbc3f1 ... -- 2.44.2 From 29bea44c6c0e082f435db3c82938affb6beef2f8 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 14:12:24 +0100 Subject: [PATCH 142/320] Use nixos-21.11 as base image tag, benefiting from recent change to get nixConfig from the projects flake.nix, for details, see: https://github.com/nix-community/docker-nixpkgs/commit/c52fdf233bde8857e9463d1bd504e6bd9bd72921 --- .drone.yml | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/.drone.yml b/.drone.yml index f67a32f5..b0b5965c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -94,16 +94,12 @@ name: Check steps: - name: "Check" - image: nixpkgs/nix-flakes:nixos-21.05 + image: docker.nix-community.org/nixpkgs/nix-flakes:nixos-21.11 when: event: - pull_request - tag commands: - - echo "" >> /etc/nix/nix.conf - - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf - - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf - - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf - nix -Lv flake check - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix -Lv develop -c echo OK @@ -116,15 +112,11 @@ name: Publish ISO steps: - name: "Build ISO" - image: nixpkgs/nix-flakes:nixos-21.05 + image: docker.nix-community.org/nixpkgs/nix-flakes:nixos-21.11 volumes: - name: nix-store path: /var/nix/iso-cache commands: - - echo "" >> /etc/nix/nix.conf - - echo "system-features = nixos-test benchmark big-parallel kvm recursive-nix" >> /etc/nix/nix.conf - - echo "substituters = https://nrdxp.cachix.org https://nix-community.cachix.org https://cache.nixos.org" >> /etc/nix/nix.conf - - echo "trusted-public-keys = nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs= cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" >> /etc/nix/nix.conf - nix -Lv develop --command bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ @@ -160,6 +152,6 @@ volumes: --- kind: signature -hmac: d05f4e192ceb055bde34889d5303a0925aac9105bed6f77631abe6fccffbc3f1 +hmac: 346cb05688f3b2aee03820aff82f0b16bb04759cd3948109f6496f87a5f18319 ... -- 2.44.2 From 1bd3019ca5f6a98ea443916772de44b34fbb4bcb Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 15:08:24 +0100 Subject: [PATCH 143/320] Follow nixos-unstable in check / build base image, to get nix version 2.5+ with accept-flake-config flag, see: https://github.com/NixOS/nix/commit/30496af5980fd03706f587eef014e630e9d9d318 https://github.com/nix-community/docker-nixpkgs/blob/c52fdf233bde8857e9463d1bd504e6bd9bd72921/images/nix-flakes/default.nix#L7 https://github.com/NixOS/nixpkgs/blob/release-21.11/pkgs/top-level/aliases.nix#L603 https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/top-level/aliases.nix#L665 https://github.com/NixOS/nixpkgs/blob/nixos-unstable/pkgs/tools/package-management/nix/default.nix#L66 --- .drone.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index b0b5965c..6aa9dac5 100644 --- a/.drone.yml +++ b/.drone.yml @@ -94,7 +94,7 @@ name: Check steps: - name: "Check" - image: docker.nix-community.org/nixpkgs/nix-flakes:nixos-21.11 + image: docker.nix-community.org/nixpkgs/nix-flakes:latest when: event: - pull_request @@ -112,7 +112,7 @@ name: Publish ISO steps: - name: "Build ISO" - image: docker.nix-community.org/nixpkgs/nix-flakes:nixos-21.11 + image: docker.nix-community.org/nixpkgs/nix-flakes:latest volumes: - name: nix-store path: /var/nix/iso-cache @@ -152,6 +152,6 @@ volumes: --- kind: signature -hmac: 346cb05688f3b2aee03820aff82f0b16bb04759cd3948109f6496f87a5f18319 +hmac: c25dac3dfd8dd9b46394fb3cd0313c3bccc81cbee10ab9f281a15eb4ac455cd0 ... -- 2.44.2 From a039ce09432421bcf8612f2d45ab537ac145c579 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 15:18:12 +0100 Subject: [PATCH 144/320] Only build ISO on tag event --- .drone.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index 6aa9dac5..d0b1d2f8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -141,9 +141,7 @@ steps: trigger: event: - - push - branch: - - feature/basic-iso + - tag volumes: - name: nix-store @@ -152,6 +150,6 @@ volumes: --- kind: signature -hmac: c25dac3dfd8dd9b46394fb3cd0313c3bccc81cbee10ab9f281a15eb4ac455cd0 +hmac: 958eac73155e8944a40eae326524a497e4170038444cf03b36ba649567372001 ... -- 2.44.2 From 0a1cd6bf40ad7dcab949edfb425cebc0d3cb59d7 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 2 Feb 2022 21:23:35 +0100 Subject: [PATCH 145/320] Remove SSH public key, add comment about default password --- users/pub-solar/default.nix | 3 ++- users/pub-solar/public-keys/teutat3s-yubikey.pub | 1 - 2 files changed, 2 insertions(+), 2 deletions(-) delete mode 100644 users/pub-solar/public-keys/teutat3s-yubikey.pub diff --git a/users/pub-solar/default.nix b/users/pub-solar/default.nix index 6bd0403c..e80b64dd 100644 --- a/users/pub-solar/default.nix +++ b/users/pub-solar/default.nix @@ -9,10 +9,11 @@ # The rest is used for programs like git user = { name = "pub-solar"; + # default password = pub-solar password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr."; fullName = "Pub Solar"; email = "iso@pub.solar"; - publicKeys = [ ./public-keys/teutat3s-yubikey.pub ]; + publicKeys = [ ]; }; }; } diff --git a/users/pub-solar/public-keys/teutat3s-yubikey.pub b/users/pub-solar/public-keys/teutat3s-yubikey.pub deleted file mode 100644 index 0462fc12..00000000 --- a/users/pub-solar/public-keys/teutat3s-yubikey.pub +++ /dev/null @@ -1 +0,0 @@ -ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a -- 2.44.2 From 82c92836397c9366346e494000cfa2bead4fff92 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 00:33:21 +0100 Subject: [PATCH 146/320] Follow upstream devshell with nixUnstable, important fixes for docker needed, see: https://github.com/NixOS/nix/issues/5777 https://github.com/NixOS/nix/pull/5787 --- shell/bud/default.nix | 2 +- shell/devos.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/shell/bud/default.nix b/shell/bud/default.nix index f65e71ed..c486636b 100644 --- a/shell/bud/default.nix +++ b/shell/bud/default.nix @@ -1,7 +1,7 @@ { pkgs, lib, budUtils, ... }: { bud.cmds = with pkgs; { get = { - writer = budUtils.writeBashWithPaths [ nixFlakes git coreutils ]; + writer = budUtils.writeBashWithPaths [ nixUnstable git coreutils ]; synopsis = "get [DEST]"; help = "Copy the desired template to DEST"; script = ./get.bash; diff --git a/shell/devos.nix b/shell/devos.nix index 8702740a..db04ceb5 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -34,7 +34,7 @@ in ''); commands = with pkgs; [ - (devos nixFlakes) + (devos nixUnstable) (devos agenix) { category = "devos"; -- 2.44.2 From 58efdd35285f1262f16e2a43d2708c3041196e4f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 01:14:21 +0100 Subject: [PATCH 147/320] Use nixUnstable from latest channel, aka nixos-unstable this is required because 2.5.1 with a required fix for nix docker didn't get backported to release-21.11 yet --- overlays/overrides.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/overlays/overrides.nix b/overlays/overrides.nix index c0cb58ad..3678264e 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -14,6 +14,7 @@ channels: final: prev: { starship deploy-rs + nixUnstable neovim-unwrapped tdesktop xdg-desktop-portal -- 2.44.2 From 2bddc9c7000b4328e1f7c23d9ee82e3b0dc3684b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 01:22:36 +0100 Subject: [PATCH 148/320] Make Build ISO step depend on Check step --- .drone.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index d0b1d2f8..e879f3d8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -139,6 +139,9 @@ steps: - /var/nix/iso-cache/*.iso strip_components: 3 +depends_on: + - Check + trigger: event: - tag @@ -150,6 +153,6 @@ volumes: --- kind: signature -hmac: 958eac73155e8944a40eae326524a497e4170038444cf03b36ba649567372001 +hmac: 07b8c6165ef4d12754e43839d87d6a68d98436d3c5f8fbb6fee91c628211c1e7 ... -- 2.44.2 From d551045ac5d2265d3c56866637358f10404a6c69 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 01:34:01 +0100 Subject: [PATCH 149/320] services.getty.autologinUser wants a lib.mkForce hammer --- modules/graphical/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index f2e2ffcf..e1cad6c3 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -49,7 +49,7 @@ in }; }; - services.getty.autologinUser = "${psCfg.user.name}"; + services.getty.autologinUser = mkForce "${psCfg.user.name}"; qt5 = { enable = true; @@ -81,7 +81,7 @@ in source-sans-pro ]; - home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { + home-manager = with pkgs; setAttrByPath [ "users" psCfg.user.name ] { home.packages = [ alacritty chromium -- 2.44.2 From ae8f39b89ac93492aa1ee1f6a19f768a529fb7fb Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 01:59:42 +0100 Subject: [PATCH 150/320] Use drone host volume for /nix/store to speed up build times --- .drone.yml | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) diff --git a/.drone.yml b/.drone.yml index e879f3d8..439814a3 100644 --- a/.drone.yml +++ b/.drone.yml @@ -95,6 +95,9 @@ name: Check steps: - name: "Check" image: docker.nix-community.org/nixpkgs/nix-flakes:latest + volumes: + - name: nix-store-cache + path: /nix/store when: event: - pull_request @@ -105,6 +108,11 @@ steps: - nix -Lv develop -c echo OK - nix -Lv develop --command bud --help +volumes: + - name: nix-store-cache + host: + path: "/var/nix/build-store" + --- kind: pipeline type: docker @@ -114,8 +122,10 @@ steps: - name: "Build ISO" image: docker.nix-community.org/nixpkgs/nix-flakes:latest volumes: - - name: nix-store + - name: file-exchange path: /var/nix/iso-cache + - name: nix-store-cache + path: /nix/store commands: - nix -Lv develop --command bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ @@ -123,7 +133,7 @@ steps: - name: "Publish ISO" image: appleboy/drone-scp volumes: - - name: nix-store + - name: file-exchange path: /var/nix/iso-cache settings: host: @@ -147,12 +157,14 @@ trigger: - tag volumes: - - name: nix-store + - name: file-exchange + temp: {} + - name: nix-store-cache host: - path: "/var/nix/iso-cache" + path: "/var/nix/build-store" --- kind: signature -hmac: 07b8c6165ef4d12754e43839d87d6a68d98436d3c5f8fbb6fee91c628211c1e7 +hmac: e7e602f8b3b21bbc0644dbd285c6d87b3dc5644437c8c693c92ced17de094bab ... -- 2.44.2 From 2c9fef6cbdf90c01c2f9927baff2b796df0a2e2f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 02:01:05 +0100 Subject: [PATCH 151/320] sway: add foot, make sway.terminal an option this helps getting a working terminal in VMs where 3D acceleration is limited --- modules/graphical/default.nix | 1 + modules/sway/config/config | 212 ---------------------------- modules/sway/config/config.nix | 214 +++++++++++++++++++++++++++++ modules/sway/default.nix | 7 +- profiles/pub-solar-iso/default.nix | 1 + 5 files changed, 222 insertions(+), 213 deletions(-) delete mode 100644 modules/sway/config/config create mode 100644 modules/sway/config/config.nix diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index e1cad6c3..15042a22 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -84,6 +84,7 @@ in home-manager = with pkgs; setAttrByPath [ "users" psCfg.user.name ] { home.packages = [ alacritty + foot chromium firefox-wayland diff --git a/modules/sway/config/config b/modules/sway/config/config deleted file mode 100644 index 752a96c5..00000000 --- a/modules/sway/config/config +++ /dev/null @@ -1,212 +0,0 @@ -# Default config for sway -# -# Copy this to ~/.config/sway/config and edit it to your liking. -# -# Read `man 5 sway` for a complete reference. - -### Variables -# -# Logo key. Use Mod1 for Alt. -set $mod Mod4 -# Home row direction keys, like vim -set $left j -set $down k -set $up i -set $right l -# Your preferred terminal emulator -set $term alacritty -# Your preferred application launcher -# Note: pass the final command to swaymsg so that the resulting window can be opened -# on the original workspace that the command was run on. -#set $menu dmenu_path | dmenu | xargs swaymsg exec bemenu-run --no-overlap - -default_border pixel 1 - -### Output configuration -# -# Default wallpaper (more resolutions are available in @datadir@/backgrounds/sway/) -output * bg ~/.config/wallpaper.jpg fill - -### Key bindings -# -# Basics: -# - # Start a terminal - bindsym $mod+Return exec $term - - # Start a terminal - bindsym $mod+Shift+Return exec sh -c '$term --working-directory $(wcwd)' - - # Kill focused window - bindsym $mod+Shift+q kill - - # Drag floating windows by holding down $mod and left mouse button. - # Resize them with right mouse button + $mod. - # Despite the name, also works for non-floating windows. - # Change normal to inverse to use left mouse button for resizing and right - # mouse button for dragging. - floating_modifier $mod normal - - # Reload the configuration file - bindsym $mod+Ctrl+r reload - -# -# Moving around: -# - # Move your focus around - bindsym $mod+$left focus left - bindsym $mod+$down focus down - bindsym $mod+$up focus up - bindsym $mod+$right focus right - # Or use $mod+[up|down|left|right] - bindsym $mod+Left focus left - bindsym $mod+Down focus down - bindsym $mod+Up focus up - bindsym $mod+Right focus right - - # Move the focused window with the same, but add Shift - bindsym $mod+Shift+$left move left - bindsym $mod+Shift+$down move down - bindsym $mod+Shift+$up move up - bindsym $mod+Shift+$right move right - # Ditto, with arrow keys - bindsym $mod+Shift+Left move left - bindsym $mod+Shift+Down move down - bindsym $mod+Shift+Up move up - bindsym $mod+Shift+Right move right -# -# Workspaces: -# - - - # Workspace names - # to display names or symbols instead of plain workspace numbers you can use - # something like: set $ws1 1:mail - # set $ws2 2: - set $ws1 1 - set $ws2 2 - set $ws3 3 - set $ws4 4 - set $ws5 5 - set $ws6 6 - set $ws7 7 - set $ws8 8 - set $ws9 9 - - # Switch to workspace - bindsym $mod+1 workspace 1 - bindsym $mod+2 workspace 2 - bindsym $mod+3 workspace 3 - bindsym $mod+4 workspace 4 - bindsym $mod+5 workspace 5 - bindsym $mod+6 workspace 6 - bindsym $mod+7 workspace 7 - bindsym $mod+8 workspace 8 - bindsym $mod+9 workspace 9 - # Move focused container to workspace - bindsym $mod+Ctrl+1 move container to workspace $ws1 - bindsym $mod+Ctrl+2 move container to workspace $ws2 - bindsym $mod+Ctrl+3 move container to workspace $ws3 - bindsym $mod+Ctrl+4 move container to workspace $ws4 - bindsym $mod+Ctrl+5 move container to workspace $ws5 - bindsym $mod+Ctrl+6 move container to workspace $ws6 - bindsym $mod+Ctrl+7 move container to workspace $ws7 - bindsym $mod+Ctrl+8 move container to workspace $ws8 - bindsym $mod+Ctrl+9 move container to workspace $ws9 - # Move focused container to workspace and move focus with it - bindsym $mod+Shift+1 move container to workspace 1; workspace $ws1 - bindsym $mod+Shift+2 move container to workspace 2; workspace $ws2 - bindsym $mod+Shift+3 move container to workspace 3; workspace $ws3 - bindsym $mod+Shift+4 move container to workspace 4; workspace $ws4 - bindsym $mod+Shift+5 move container to workspace 5; workspace $ws5 - bindsym $mod+Shift+6 move container to workspace 6; workspace $ws6 - bindsym $mod+Shift+7 move container to workspace 7; workspace $ws7 - bindsym $mod+Shift+8 move container to workspace 8; workspace $ws8 - bindsym $mod+Shift+9 move container to workspace 9; workspace $ws9 - # Note: workspaces can have any name you want, not just numbers. - # We just use 1-10 as the default. - - #navigate workspaces next / previous - bindsym $mod+Ctrl+Right workspace next - bindsym $mod+Ctrl+Left workspace prev - - # workspace back and forth (with/without active container) - workspace_auto_back_and_forth yes - bindsym $mod+b workspace back_and_forth - bindsym $mod+Shift+b move container to workspace back_and_forth; workspace back_and_forth - -# -# Layout stuff: -# - # Configure border style - default_border pixel 1 - default_floating_border normal - - # Hide borders - hide_edge_borders none - - # Font for window titles. Will also be used by the bar unless a different font - # is used in the bar {} block below. - font xft:Hack 16 - - # You can "split" the current object of your focus with - # $mod+b or $mod+v, for horizontal and vertical splits - # respectively. - bindsym $mod+h splith; exec notify-send 'tile horizontally' - bindsym $mod+v splitv; exec notify-send 'tile vertically' - - # Switch the current container between different layout styles - bindsym $mod+s layout stacking - bindsym $mod+w layout tabbed - bindsym $mod+e layout toggle split - - # Make the current focus fullscreen - bindsym $mod+f fullscreen - - # Toggle the current focus between tiling and floating mode - bindsym $mod+Shift+space floating toggle - - # Swap focus between the tiling area and the floating area - bindsym $mod+t focus mode_toggle - - # Move focus to the parent container - bindsym $mod+a focus parent - bindsym $mod+d focus child -# -# Scratchpad: -# - # Sway has a "scratchpad", which is a bag of holding for windows. - # You can send windows there and get them back later. - - # Move the currently focused window to the scratchpad - bindsym $mod+Shift+minus move scratchpad - - # Show the next scratchpad window or hide the focused scratchpad window. - # If there are multiple scratchpad windows, this command cycles through them. - bindsym $mod+minus scratchpad show -# -# Resizing containers: -# -mode "resize" { - # left will shrink the containers width - # right will grow the containers width - # up will shrink the containers height - # down will grow the containers height - bindsym $left resize shrink width 10px - bindsym $down resize grow height 10px - bindsym $up resize shrink height 10px - bindsym $right resize grow width 10px - - # Ditto, with arrow keys - bindsym Left resize shrink width 10px - bindsym Down resize grow height 10px - bindsym Up resize shrink height 10px - bindsym Right resize grow width 10px - - # Return to default mode - bindsym Return mode "default" - bindsym Escape mode "default" -} -bindsym $mod+r mode "resize" - -include ~/.config/sway/config.d/* diff --git a/modules/sway/config/config.nix b/modules/sway/config/config.nix new file mode 100644 index 00000000..8e21ec02 --- /dev/null +++ b/modules/sway/config/config.nix @@ -0,0 +1,214 @@ +{ config, pkgs, ... }: +'' + # Default config for sway + # + # Copy this to ~/.config/sway/config and edit it to your liking. + # + # Read `man 5 sway` for a complete reference. + + ### Variables + # + # Logo key. Use Mod1 for Alt. + set $mod Mod4 + # Home row direction keys, like vim + set $left j + set $down k + set $up i + set $right l + # Your preferred terminal emulator + set $term ${config.pub-solar.sway.terminal} + # Your preferred application launcher + # Note: pass the final command to swaymsg so that the resulting window can be opened + # on the original workspace that the command was run on. + #set $menu dmenu_path | dmenu | xargs swaymsg exec bemenu-run --no-overlap + + default_border pixel 1 + + ### Output configuration + # + # Default wallpaper (more resolutions are available in @datadir@/backgrounds/sway/) + output * bg ~/.config/wallpaper.jpg fill + + ### Key bindings + # + # Basics: + # + # Start a terminal + bindsym $mod+Return exec $term + + # Start a terminal + bindsym $mod+Shift+Return exec sh -c '$term --working-directory $(wcwd)' + + # Kill focused window + bindsym $mod+Shift+q kill + + # Drag floating windows by holding down $mod and left mouse button. + # Resize them with right mouse button + $mod. + # Despite the name, also works for non-floating windows. + # Change normal to inverse to use left mouse button for resizing and right + # mouse button for dragging. + floating_modifier $mod normal + + # Reload the configuration file + bindsym $mod+Ctrl+r reload + + # + # Moving around: + # + # Move your focus around + bindsym $mod+$left focus left + bindsym $mod+$down focus down + bindsym $mod+$up focus up + bindsym $mod+$right focus right + # Or use $mod+[up|down|left|right] + bindsym $mod+Left focus left + bindsym $mod+Down focus down + bindsym $mod+Up focus up + bindsym $mod+Right focus right + + # Move the focused window with the same, but add Shift + bindsym $mod+Shift+$left move left + bindsym $mod+Shift+$down move down + bindsym $mod+Shift+$up move up + bindsym $mod+Shift+$right move right + # Ditto, with arrow keys + bindsym $mod+Shift+Left move left + bindsym $mod+Shift+Down move down + bindsym $mod+Shift+Up move up + bindsym $mod+Shift+Right move right + # + # Workspaces: + # + + + # Workspace names + # to display names or symbols instead of plain workspace numbers you can use + # something like: set $ws1 1:mail + # set $ws2 2: + set $ws1 1 + set $ws2 2 + set $ws3 3 + set $ws4 4 + set $ws5 5 + set $ws6 6 + set $ws7 7 + set $ws8 8 + set $ws9 9 + + # Switch to workspace + bindsym $mod+1 workspace 1 + bindsym $mod+2 workspace 2 + bindsym $mod+3 workspace 3 + bindsym $mod+4 workspace 4 + bindsym $mod+5 workspace 5 + bindsym $mod+6 workspace 6 + bindsym $mod+7 workspace 7 + bindsym $mod+8 workspace 8 + bindsym $mod+9 workspace 9 + # Move focused container to workspace + bindsym $mod+Ctrl+1 move container to workspace $ws1 + bindsym $mod+Ctrl+2 move container to workspace $ws2 + bindsym $mod+Ctrl+3 move container to workspace $ws3 + bindsym $mod+Ctrl+4 move container to workspace $ws4 + bindsym $mod+Ctrl+5 move container to workspace $ws5 + bindsym $mod+Ctrl+6 move container to workspace $ws6 + bindsym $mod+Ctrl+7 move container to workspace $ws7 + bindsym $mod+Ctrl+8 move container to workspace $ws8 + bindsym $mod+Ctrl+9 move container to workspace $ws9 + # Move focused container to workspace and move focus with it + bindsym $mod+Shift+1 move container to workspace 1; workspace $ws1 + bindsym $mod+Shift+2 move container to workspace 2; workspace $ws2 + bindsym $mod+Shift+3 move container to workspace 3; workspace $ws3 + bindsym $mod+Shift+4 move container to workspace 4; workspace $ws4 + bindsym $mod+Shift+5 move container to workspace 5; workspace $ws5 + bindsym $mod+Shift+6 move container to workspace 6; workspace $ws6 + bindsym $mod+Shift+7 move container to workspace 7; workspace $ws7 + bindsym $mod+Shift+8 move container to workspace 8; workspace $ws8 + bindsym $mod+Shift+9 move container to workspace 9; workspace $ws9 + # Note: workspaces can have any name you want, not just numbers. + # We just use 1-10 as the default. + + #navigate workspaces next / previous + bindsym $mod+Ctrl+Right workspace next + bindsym $mod+Ctrl+Left workspace prev + + # workspace back and forth (with/without active container) + workspace_auto_back_and_forth yes + bindsym $mod+b workspace back_and_forth + bindsym $mod+Shift+b move container to workspace back_and_forth; workspace back_and_forth + + # + # Layout stuff: + # + # Configure border style + default_border pixel 1 + default_floating_border normal + + # Hide borders + hide_edge_borders none + + # Font for window titles. Will also be used by the bar unless a different font + # is used in the bar {} block below. + font xft:Hack 16 + + # You can "split" the current object of your focus with + # $mod+b or $mod+v, for horizontal and vertical splits + # respectively. + bindsym $mod+h splith; exec notify-send 'tile horizontally' + bindsym $mod+v splitv; exec notify-send 'tile vertically' + + # Switch the current container between different layout styles + bindsym $mod+s layout stacking + bindsym $mod+w layout tabbed + bindsym $mod+e layout toggle split + + # Make the current focus fullscreen + bindsym $mod+f fullscreen + + # Toggle the current focus between tiling and floating mode + bindsym $mod+Shift+space floating toggle + + # Swap focus between the tiling area and the floating area + bindsym $mod+t focus mode_toggle + + # Move focus to the parent container + bindsym $mod+a focus parent + bindsym $mod+d focus child + # + # Scratchpad: + # + # Sway has a "scratchpad", which is a bag of holding for windows. + # You can send windows there and get them back later. + + # Move the currently focused window to the scratchpad + bindsym $mod+Shift+minus move scratchpad + + # Show the next scratchpad window or hide the focused scratchpad window. + # If there are multiple scratchpad windows, this command cycles through them. + bindsym $mod+minus scratchpad show + # + # Resizing containers: + # + mode "resize" { + # left will shrink the containers width + # right will grow the containers width + # up will shrink the containers height + # down will grow the containers height + bindsym $left resize shrink width 10px + bindsym $down resize grow height 10px + bindsym $up resize shrink height 10px + bindsym $right resize grow width 10px + + # Ditto, with arrow keys + bindsym Left resize shrink width 10px + bindsym Down resize grow height 10px + bindsym Up resize shrink height 10px + bindsym Right resize grow width 10px + + # Return to default mode + bindsym Return mode "default" + bindsym Escape mode "default" + } + bindsym $mod+r mode "resize" + + include ~/.config/sway/config.d/*'' diff --git a/modules/sway/default.nix b/modules/sway/default.nix index b690d9c0..83f407e4 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -8,6 +8,11 @@ in options.pub-solar.sway = { enable = mkEnableOption "Life in boxes"; }; + options.pub-solar.sway.terminal = mkOption { + type = types.nullOr types.str; + default = "alacritty"; + description = "Choose sway's default terminal"; + }; options.pub-solar.sway.v4l2loopback.enable = mkOption { type = types.bool; default = true; @@ -86,7 +91,7 @@ in systemd.user.services.waybar = import ./waybar.service.nix pkgs; systemd.user.targets.sway-session = import ./sway-session.target.nix pkgs; - xdg.configFile."sway/config".source = ./config/config; + xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; }; xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf; xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; diff --git a/profiles/pub-solar-iso/default.nix b/profiles/pub-solar-iso/default.nix index 24312b53..53fe0317 100644 --- a/profiles/pub-solar-iso/default.nix +++ b/profiles/pub-solar-iso/default.nix @@ -5,5 +5,6 @@ in imports = [ ../cachix ]; config = { pub-solar.x-os.iso-options.enable = true; + pub-solar.sway.terminal = "foot"; }; } -- 2.44.2 From 741c0863ed51d65ce2c60a660630701706f3b87e Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 02:47:00 +0100 Subject: [PATCH 152/320] graphical: make wayland use the software renderer pixman optionally, https://github.com/swaywm/wlroots/blob/master/docs/env_vars.md#wlroots-specific This should help run sway in VMs --- modules/graphical/default.nix | 5 +++++ profiles/base-user/session-variables.nix | 2 ++ 2 files changed, 7 insertions(+) diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index 15042a22..5da7f4f6 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -26,6 +26,11 @@ in default = { }; }; }; + wayland.software-renderer.enable = mkOption { + type = types.bool; + default = false; + description = "Feature flag enabling wlroots software renderer, useful in VMs"; + }; }; config = mkIf cfg.enable { diff --git a/profiles/base-user/session-variables.nix b/profiles/base-user/session-variables.nix index cc3aa69f..5bbfa8ee 100644 --- a/profiles/base-user/session-variables.nix +++ b/profiles/base-user/session-variables.nix @@ -1,6 +1,7 @@ { config, pkgs, ... }: let psCfg = config.pub-solar; + wlroots = psCfg.graphical.wayland; xdg = config.home-manager.users."${psCfg.user.name}".xdg; variables = { XDG_CONFIG_HOME = xdg.configHome; @@ -15,6 +16,7 @@ let ECORE_EVAS_ENGINE = "wayland_egl"; ELM_ENGINE = "wayland_egl"; SDL_VIDEODRIVER = "wayland"; + WLR_RENDERER = if wlroots.software-renderer.enable then "pixman" else "gles2"; EDITOR = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim"; VISUAL = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim"; -- 2.44.2 From af96a74b95dd6d264079ef4c9098f0c40c5e4220 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 03:37:40 +0100 Subject: [PATCH 153/320] Revert "Use drone host volume for /nix/store to speed up build times" This reverts commit ae8f39b89ac93492aa1ee1f6a19f768a529fb7fb. --- .drone.yml | 22 +++++----------------- 1 file changed, 5 insertions(+), 17 deletions(-) diff --git a/.drone.yml b/.drone.yml index 439814a3..e879f3d8 100644 --- a/.drone.yml +++ b/.drone.yml @@ -95,9 +95,6 @@ name: Check steps: - name: "Check" image: docker.nix-community.org/nixpkgs/nix-flakes:latest - volumes: - - name: nix-store-cache - path: /nix/store when: event: - pull_request @@ -108,11 +105,6 @@ steps: - nix -Lv develop -c echo OK - nix -Lv develop --command bud --help -volumes: - - name: nix-store-cache - host: - path: "/var/nix/build-store" - --- kind: pipeline type: docker @@ -122,10 +114,8 @@ steps: - name: "Build ISO" image: docker.nix-community.org/nixpkgs/nix-flakes:latest volumes: - - name: file-exchange + - name: nix-store path: /var/nix/iso-cache - - name: nix-store-cache - path: /nix/store commands: - nix -Lv develop --command bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ @@ -133,7 +123,7 @@ steps: - name: "Publish ISO" image: appleboy/drone-scp volumes: - - name: file-exchange + - name: nix-store path: /var/nix/iso-cache settings: host: @@ -157,14 +147,12 @@ trigger: - tag volumes: - - name: file-exchange - temp: {} - - name: nix-store-cache + - name: nix-store host: - path: "/var/nix/build-store" + path: "/var/nix/iso-cache" --- kind: signature -hmac: e7e602f8b3b21bbc0644dbd285c6d87b3dc5644437c8c693c92ced17de094bab +hmac: 07b8c6165ef4d12754e43839d87d6a68d98436d3c5f8fbb6fee91c628211c1e7 ... -- 2.44.2 From db2ffe63f517598cde0cdcf346762b926ff6e03f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 03:41:42 +0100 Subject: [PATCH 154/320] pub-solar-iso: enable wlroots software renderer pixman --- profiles/pub-solar-iso/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/profiles/pub-solar-iso/default.nix b/profiles/pub-solar-iso/default.nix index 53fe0317..24b5e1b3 100644 --- a/profiles/pub-solar-iso/default.nix +++ b/profiles/pub-solar-iso/default.nix @@ -4,7 +4,8 @@ in { imports = [ ../cachix ]; config = { - pub-solar.x-os.iso-options.enable = true; + pub-solar.graphical.wayland.software-renderer.enable = true; pub-solar.sway.terminal = "foot"; + pub-solar.x-os.iso-options.enable = true; }; } -- 2.44.2 From 96dde2315d0c26f4163eb94e1af2f2ae081ad802 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 11:24:02 +0100 Subject: [PATCH 155/320] Use drone host volume for /nix/store to speed up build times --- .drone.yml | 32 ++++++++++++++++++++++---------- 1 file changed, 22 insertions(+), 10 deletions(-) diff --git a/.drone.yml b/.drone.yml index e879f3d8..6a89b45b 100644 --- a/.drone.yml +++ b/.drone.yml @@ -95,15 +95,23 @@ name: Check steps: - name: "Check" image: docker.nix-community.org/nixpkgs/nix-flakes:latest + volumes: + - name: nix-store-cache + path: /tmp/build-store when: event: - pull_request - tag commands: - - nix -Lv flake check - - nix -Lv build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix -Lv develop -c echo OK - - nix -Lv develop --command bud --help + - nix -Lv --store /tmp/build-store flake check + - nix -Lv --store /tmp/build-store build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix -Lv --store /tmp/build-store develop -c echo OK + - nix -Lv --store /tmp/build-store develop --command bud --help + +volumes: + - name: nix-store-cache + host: + path: "/var/nix/build-store" --- kind: pipeline @@ -114,16 +122,18 @@ steps: - name: "Build ISO" image: docker.nix-community.org/nixpkgs/nix-flakes:latest volumes: - - name: nix-store + - name: file-exchange path: /var/nix/iso-cache + - name: nix-store-cache + path: /tmp/build-store commands: - - nix -Lv develop --command bud build bootstrap bootstrapIso + - nix -Lv --store /tmp/build-store develop --command bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" image: appleboy/drone-scp volumes: - - name: nix-store + - name: file-exchange path: /var/nix/iso-cache settings: host: @@ -147,12 +157,14 @@ trigger: - tag volumes: - - name: nix-store + - name: file-exchange + temp: {} + - name: nix-store-cache host: - path: "/var/nix/iso-cache" + path: "/var/nix/build-store" --- kind: signature -hmac: 07b8c6165ef4d12754e43839d87d6a68d98436d3c5f8fbb6fee91c628211c1e7 +hmac: e7e602f8b3b21bbc0644dbd285c6d87b3dc5644437c8c693c92ced17de094bab ... -- 2.44.2 From 135dc20dc495a08f441d5b37cc9850476eea6983 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 11:31:28 +0100 Subject: [PATCH 156/320] sign .drone.yml --- .drone.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 6a89b45b..6a21ba57 100644 --- a/.drone.yml +++ b/.drone.yml @@ -165,6 +165,6 @@ volumes: --- kind: signature -hmac: e7e602f8b3b21bbc0644dbd285c6d87b3dc5644437c8c693c92ced17de094bab +hmac: 86b05ea45f65210a3bf5c7599fb959f7755bd97fa4c8e280eb34e9ead9c2b392 ... -- 2.44.2 From 67d48485d009467174dd77496f0490b9611f71a2 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 11:44:40 +0100 Subject: [PATCH 157/320] add --eval-store local flag to nix CI commands see https://github.com/nix-community/naersk/issues/217 and https://kevincox.ca/2022/01/02/nix-in-docker-caching/ --- .drone.yml | 12 ++++++------ shell/bud/get.bash | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.drone.yml b/.drone.yml index 6a21ba57..59c8b036 100644 --- a/.drone.yml +++ b/.drone.yml @@ -103,10 +103,10 @@ steps: - pull_request - tag commands: - - nix -Lv --store /tmp/build-store flake check - - nix -Lv --store /tmp/build-store build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix -Lv --store /tmp/build-store develop -c echo OK - - nix -Lv --store /tmp/build-store develop --command bud --help + - nix -Lv --store --eval-store local /tmp/build-store flake check + - nix -Lv --store --eval-store local /tmp/build-store build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix -Lv --store --eval-store local /tmp/build-store develop -c echo OK + - nix -Lv --store --eval-store local /tmp/build-store develop --command bud --help volumes: - name: nix-store-cache @@ -127,7 +127,7 @@ steps: - name: nix-store-cache path: /tmp/build-store commands: - - nix -Lv --store /tmp/build-store develop --command bud build bootstrap bootstrapIso + - nix -Lv --store --eval-store local /tmp/build-store develop --command bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -165,6 +165,6 @@ volumes: --- kind: signature -hmac: 86b05ea45f65210a3bf5c7599fb959f7755bd97fa4c8e280eb34e9ead9c2b392 +hmac: 3d4da439d9dc5cd81ea31f1c137ca82d6196341278434770348f5e258256cbec ... diff --git a/shell/bud/get.bash b/shell/bud/get.bash index 89e2af3d..b88081b4 100644 --- a/shell/bud/get.bash +++ b/shell/bud/get.bash @@ -1 +1 @@ - nix flake new -t "github:divnix/devos/main" "${2:-devos}" +nix flake new -t "github:divnix/devos/main" "${2:-devos}" -- 2.44.2 From d33aef6060bceae373535c19f8be2bca65bc225a Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 12:01:39 +0100 Subject: [PATCH 158/320] factor out nix command flags into NIX_FLAGS env var for better readability --- .drone.yml | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/.drone.yml b/.drone.yml index 59c8b036..6d8f9cb0 100644 --- a/.drone.yml +++ b/.drone.yml @@ -102,11 +102,13 @@ steps: event: - pull_request - tag + environment: + NIX_FLAGS: "--print-build-logs --verbose --store /tmp/build-store --eval-store local" commands: - - nix -Lv --store --eval-store local /tmp/build-store flake check - - nix -Lv --store --eval-store local /tmp/build-store build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix -Lv --store --eval-store local /tmp/build-store develop -c echo OK - - nix -Lv --store --eval-store local /tmp/build-store develop --command bud --help + - nix $$NIX_FLAGS flake check + - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix $$NIX_FLAGS develop -c echo OK + - nix $$NIX_FLAGS develop --command bud --help volumes: - name: nix-store-cache @@ -126,8 +128,10 @@ steps: path: /var/nix/iso-cache - name: nix-store-cache path: /tmp/build-store + environment: + NIX_FLAGS: "--print-build-logs --verbose --store /tmp/build-store --eval-store local" commands: - - nix -Lv --store --eval-store local /tmp/build-store develop --command bud build bootstrap bootstrapIso + - nix $$NIX_FLAGS develop --command bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -165,6 +169,6 @@ volumes: --- kind: signature -hmac: 3d4da439d9dc5cd81ea31f1c137ca82d6196341278434770348f5e258256cbec +hmac: 7816fae517d6d949f53aaafc80ba9847c788856d89749ec40418331db2b4b2b6 ... -- 2.44.2 From 07ecc4bdaebc58b4539a90c4c38407a274d54652 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 12:13:56 +0100 Subject: [PATCH 159/320] fix nix flags, only use NIX_FLAGS where we would repeat ourselfes way too much --- .drone.yml | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/.drone.yml b/.drone.yml index 6d8f9cb0..bb3f30f1 100644 --- a/.drone.yml +++ b/.drone.yml @@ -103,12 +103,13 @@ steps: - pull_request - tag environment: - NIX_FLAGS: "--print-build-logs --verbose --store /tmp/build-store --eval-store local" + NIX_FLAGS: "--store /tmp/build-store --print-build-logs --verbose" commands: - - nix $$NIX_FLAGS flake check - - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix $$NIX_FLAGS develop -c echo OK - - nix $$NIX_FLAGS develop --command bud --help + - echo "NIX_FLAGS: $$NIX_FLAGS" + - nix $$NIX_FLAGS flake --eval-store local check + - nix $$NIX_FLAGS build --eval-store local ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix $$NIX_FLAGS develop --eval-store local --command echo OK + - nix $$NIX_FLAGS develop --eval-store local --command bud --help volumes: - name: nix-store-cache @@ -128,10 +129,11 @@ steps: path: /var/nix/iso-cache - name: nix-store-cache path: /tmp/build-store - environment: - NIX_FLAGS: "--print-build-logs --verbose --store /tmp/build-store --eval-store local" commands: - - nix $$NIX_FLAGS develop --command bud build bootstrap bootstrapIso + - | + nix --store /tmp/build-store --print-build-logs --verbose \ + develop --eval-store local --command \ + bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -169,6 +171,6 @@ volumes: --- kind: signature -hmac: 7816fae517d6d949f53aaafc80ba9847c788856d89749ec40418331db2b4b2b6 +hmac: 50dcb2111c8bee1aedd337028cd2f082b8a1948044e3bd7970a03c31c5fc0fdc ... -- 2.44.2 From c7a0811200871bd4d01c90079c73910fa2c3b5cb Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 12:16:48 +0100 Subject: [PATCH 160/320] make the yaml parser happy --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index bb3f30f1..64a2708b 100644 --- a/.drone.yml +++ b/.drone.yml @@ -105,7 +105,7 @@ steps: environment: NIX_FLAGS: "--store /tmp/build-store --print-build-logs --verbose" commands: - - echo "NIX_FLAGS: $$NIX_FLAGS" + - 'echo NIX_FLAGS: $$NIX_FLAGS' - nix $$NIX_FLAGS flake --eval-store local check - nix $$NIX_FLAGS build --eval-store local ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix $$NIX_FLAGS develop --eval-store local --command echo OK @@ -171,6 +171,6 @@ volumes: --- kind: signature -hmac: 50dcb2111c8bee1aedd337028cd2f082b8a1948044e3bd7970a03c31c5fc0fdc +hmac: a1412a5be78c44f176af32d63f2716c95c0d3992f4809b192166dfa7dd7e3c28 ... -- 2.44.2 From ec8c0dae4543a482e3760e745ed9992e05c5e7c3 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 12:22:07 +0100 Subject: [PATCH 161/320] use SUBCMD_FLAGS env var --- .drone.yml | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/.drone.yml b/.drone.yml index 64a2708b..9bf713ee 100644 --- a/.drone.yml +++ b/.drone.yml @@ -104,12 +104,14 @@ steps: - tag environment: NIX_FLAGS: "--store /tmp/build-store --print-build-logs --verbose" + SUBCMD_FLAGS: "--eval-store local" commands: - - 'echo NIX_FLAGS: $$NIX_FLAGS' - - nix $$NIX_FLAGS flake --eval-store local check - - nix $$NIX_FLAGS build --eval-store local ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix $$NIX_FLAGS develop --eval-store local --command echo OK - - nix $$NIX_FLAGS develop --eval-store local --command bud --help + - 'echo NIX_FLAGS: $NIX_FLAGS' + - 'echo SUBCMD_FLAGS: $SUBCMD_FLAGS' + - nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS + - nix $$NIX_FLAGS build $$SUBCMD_FLAGS ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command echo OK + - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command bud --help volumes: - name: nix-store-cache @@ -171,6 +173,6 @@ volumes: --- kind: signature -hmac: a1412a5be78c44f176af32d63f2716c95c0d3992f4809b192166dfa7dd7e3c28 +hmac: ad51a3555d52db391d510571e2e26435b8b105145d18034a453ab653fd9e7bd3 ... -- 2.44.2 From f5c07c2e493c8691664836a8cebd333653130b98 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 14:25:38 +0100 Subject: [PATCH 162/320] DEBUG: try if nix build work with cached store --- .drone.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 9bf713ee..4ed04221 100644 --- a/.drone.yml +++ b/.drone.yml @@ -108,7 +108,8 @@ steps: commands: - 'echo NIX_FLAGS: $NIX_FLAGS' - 'echo SUBCMD_FLAGS: $SUBCMD_FLAGS' - - nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS + # DEBUG: try if nix build works with build store as cache + #- nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS - nix $$NIX_FLAGS build $$SUBCMD_FLAGS ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command echo OK - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command bud --help @@ -173,6 +174,6 @@ volumes: --- kind: signature -hmac: ad51a3555d52db391d510571e2e26435b8b105145d18034a453ab653fd9e7bd3 +hmac: 08d22b1fc998a8272677ef55574126b3d2fc389825b91ee36bd7d3cd9e0022a1 ... -- 2.44.2 From d157e71a7279cc2040665fb0053fdb0e0aff115d Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 3 Feb 2022 15:32:16 +0100 Subject: [PATCH 163/320] DEBUG: try build without eval-store --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 4ed04221..73f6637c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -110,7 +110,7 @@ steps: - 'echo SUBCMD_FLAGS: $SUBCMD_FLAGS' # DEBUG: try if nix build works with build store as cache #- nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS - - nix $$NIX_FLAGS build $$SUBCMD_FLAGS ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command echo OK - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command bud --help @@ -174,6 +174,6 @@ volumes: --- kind: signature -hmac: 08d22b1fc998a8272677ef55574126b3d2fc389825b91ee36bd7d3cd9e0022a1 +hmac: 74162ec46f0cc1e66132a159c4a55472268cb880c8ba43fb477dd8befc6021d9 ... -- 2.44.2 From ea189c34616aebca35c48c5b1f6831bab8b46f5b Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Thu, 3 Feb 2022 13:19:09 -0800 Subject: [PATCH 164/320] README: typos and grammar --- README.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 29d450dc..e2a83eb9 100644 --- a/README.md +++ b/README.md @@ -58,14 +58,15 @@ following giants][giants]: - [devshell](https://github.com/numtide/devshell) ## Divnix -The divnix org is an open space that spontaniously formed out of "the Nix". -It is really just a place where otherwise unrelated people a) get -together and b) stuff done. +The divnix org is an open space that spontaneously formed out of "the Nix". +It is really just a place where otherwise unrelated people work +together and get stuff done. -It's a place to stop "geeking out in isolation" (or within company boundaries), -experiment and learn together and iterate quickly on best practices. That's what it is. +It's a place to stop "geeking out in isolation" (or within company boundaries). +A place to experiment, learn together, and iterate quickly on best practices. +That's what it is. -It might eventually become a non-profit if that's not too complicated or if those +It might eventually become a non-profit if that's not too complicated or, if those goals are sufficiently upstreamed into "the Nix", dissolved. # License -- 2.44.2 From 0b7f1019af6fe085903d24cb3204cc9bf3c52a42 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 8 Feb 2022 14:21:57 +0100 Subject: [PATCH 165/320] Try nix store cache docker volume with privileged mode --- .drone.yml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/.drone.yml b/.drone.yml index 73f6637c..7e6348ed 100644 --- a/.drone.yml +++ b/.drone.yml @@ -95,6 +95,7 @@ name: Check steps: - name: "Check" image: docker.nix-community.org/nixpkgs/nix-flakes:latest + privileged: true volumes: - name: nix-store-cache path: /tmp/build-store @@ -104,15 +105,12 @@ steps: - tag environment: NIX_FLAGS: "--store /tmp/build-store --print-build-logs --verbose" - SUBCMD_FLAGS: "--eval-store local" commands: - 'echo NIX_FLAGS: $NIX_FLAGS' - - 'echo SUBCMD_FLAGS: $SUBCMD_FLAGS' - # DEBUG: try if nix build works with build store as cache - #- nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS + - nix $$NIX_FLAGS flake check - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command echo OK - - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command bud --help + - nix $$NIX_FLAGS develop --command echo OK + - nix $$NIX_FLAGS develop --command bud --help volumes: - name: nix-store-cache @@ -127,6 +125,7 @@ name: Publish ISO steps: - name: "Build ISO" image: docker.nix-community.org/nixpkgs/nix-flakes:latest + privileged: true volumes: - name: file-exchange path: /var/nix/iso-cache @@ -135,7 +134,7 @@ steps: commands: - | nix --store /tmp/build-store --print-build-logs --verbose \ - develop --eval-store local --command \ + develop --command \ bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ @@ -174,6 +173,6 @@ volumes: --- kind: signature -hmac: 74162ec46f0cc1e66132a159c4a55472268cb880c8ba43fb477dd8befc6021d9 +hmac: 82ee8582e7225b968e92dfd585d3d2e12205af1bd2946e915532d421d5ee50c6 ... -- 2.44.2 From e970370f38677b724b9d54a539b6cbab10b1280f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 8 Feb 2022 14:34:58 +0100 Subject: [PATCH 166/320] Try with eval-store=local --- .drone.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.drone.yml b/.drone.yml index 7e6348ed..321b069d 100644 --- a/.drone.yml +++ b/.drone.yml @@ -105,12 +105,13 @@ steps: - tag environment: NIX_FLAGS: "--store /tmp/build-store --print-build-logs --verbose" + SUBCMD_FLAGS: "--eval-store local" commands: - 'echo NIX_FLAGS: $NIX_FLAGS' - - nix $$NIX_FLAGS flake check - - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix $$NIX_FLAGS develop --command echo OK - - nix $$NIX_FLAGS develop --command bud --help + - nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS + - nix $$NIX_FLAGS build $$SUBCMD_FLAGS ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command echo OK + - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command bud --help volumes: - name: nix-store-cache @@ -134,7 +135,7 @@ steps: commands: - | nix --store /tmp/build-store --print-build-logs --verbose \ - develop --command \ + develop --eval-store local --command \ bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ @@ -173,6 +174,6 @@ volumes: --- kind: signature -hmac: 82ee8582e7225b968e92dfd585d3d2e12205af1bd2946e915532d421d5ee50c6 +hmac: 2b930d7f9abddb31d0f514259d78d6b01693f5a17fb681da69e5a6e116cf30fb ... -- 2.44.2 From 98be94a4db6feee1fc20cc92b0e01422e0521d17 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 8 Feb 2022 19:09:53 +0100 Subject: [PATCH 167/320] DEBUG: try if nix build work with cached store --- .drone.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 321b069d..31101c07 100644 --- a/.drone.yml +++ b/.drone.yml @@ -108,7 +108,9 @@ steps: SUBCMD_FLAGS: "--eval-store local" commands: - 'echo NIX_FLAGS: $NIX_FLAGS' - - nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS + - 'echo SUBCMD_FLAGS: $SUBCMD_FLAGS' + # DEBUG: try if nix build works with build store as cache + #- nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS - nix $$NIX_FLAGS build $$SUBCMD_FLAGS ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command echo OK - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command bud --help @@ -174,6 +176,6 @@ volumes: --- kind: signature -hmac: 2b930d7f9abddb31d0f514259d78d6b01693f5a17fb681da69e5a6e116cf30fb +hmac: 59c209d1d10a52b4c0d3eb88645b915532b877700226523e8e44d62182e2786c ... -- 2.44.2 From 67504a2560df4ef073fc70113214613b98242c8c Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 9 Feb 2022 17:17:08 +0100 Subject: [PATCH 168/320] DEBUG: try if nix build work with cached store --- .drone.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index 31101c07..2493d68f 100644 --- a/.drone.yml +++ b/.drone.yml @@ -111,9 +111,9 @@ steps: - 'echo SUBCMD_FLAGS: $SUBCMD_FLAGS' # DEBUG: try if nix build works with build store as cache #- nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS - - nix $$NIX_FLAGS build $$SUBCMD_FLAGS ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command echo OK - - nix $$NIX_FLAGS develop $$SUBCMD_FLAGS --command bud --help + - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix $$NIX_FLAGS develop --command echo OK + - nix $$NIX_FLAGS develop --command bud --help volumes: - name: nix-store-cache @@ -176,6 +176,6 @@ volumes: --- kind: signature -hmac: 59c209d1d10a52b4c0d3eb88645b915532b877700226523e8e44d62182e2786c +hmac: 7ed23abadfcd0a30de070d90bb898a9b61b87a9547d9ccbb36ccca4d390db256 ... -- 2.44.2 From d6b84ca240e13dd39dbd37bd2589ca64a10865d8 Mon Sep 17 00:00:00 2001 From: Brendan Tobolaski Date: Thu, 17 Feb 2022 10:15:02 -0600 Subject: [PATCH 169/320] Fix decryption location for agenix --- doc/secrets.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/secrets.md b/doc/secrets.md index 47ca43d4..8794925a 100644 --- a/doc/secrets.md +++ b/doc/secrets.md @@ -14,7 +14,7 @@ to easily setup those secret files declaratively. [agenix][agenix] encrypts secrets and stores them as .age files in your repository. Age files are encrypted with multiple ssh public keys, so any host or user with a matching ssh private key can read the data. The [age module][age module] will add those -encrypted files to the nix store and decrypt them on activation to `/run/secrets`. +encrypted files to the nix store and decrypt them on activation to `/run/agenix`. ### Setup All hosts must have openssh enabled, this is done by default in the core profile. -- 2.44.2 From b0aadda88cc922ba92917da35ee4852fd2bd5748 Mon Sep 17 00:00:00 2001 From: Parthiv Seetharaman Date: Thu, 17 Feb 2022 16:22:48 -0800 Subject: [PATCH 170/320] flake: switch back to serokell deploy input There is a bug in the input-output-hk fork --- flake.lock | 64 ++++++++++-------------------------------------------- flake.nix | 2 +- 2 files changed, 13 insertions(+), 53 deletions(-) diff --git a/flake.lock b/flake.lock index 67701251..5d7d11d5 100644 --- a/flake.lock +++ b/flake.lock @@ -102,7 +102,6 @@ }, "deploy": { "inputs": { - "fenix": "fenix", "flake-compat": "flake-compat", "nixpkgs": [ "nixos" @@ -110,15 +109,15 @@ "utils": "utils" }, "locked": { - "lastModified": 1637357482, - "narHash": "sha256-mMRxOlcQs3V9cZYsKGKWEjl+oqclhaH1SKT3QGeTQ0Q=", - "owner": "input-output-hk", + "lastModified": 1643787431, + "narHash": "sha256-8IwuVgXulRE3ZWq6z8mytarawC32pKPKR20EyDtSH+w=", + "owner": "serokell", "repo": "deploy-rs", - "rev": "5a6db26726ec8c7904aea5bcdf13589342386f9d", + "rev": "4154ba1aaaf7333a916384c348d867d03b6f1409", "type": "github" }, "original": { - "owner": "input-output-hk", + "owner": "serokell", "repo": "deploy-rs", "type": "github" } @@ -172,25 +171,6 @@ "type": "github" } }, - "fenix": { - "inputs": { - "nixpkgs": "nixpkgs_3", - "rust-analyzer-src": "rust-analyzer-src" - }, - "locked": { - "lastModified": 1637303083, - "narHash": "sha256-e2A5JBjxYNpjoGd53K0oVUUaS9ojwOT5rnThyPNS46M=", - "owner": "nix-community", - "repo": "fenix", - "rev": "8294ceadbbbe1a886640bfcc15f5a02a2b471955", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "fenix", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -408,10 +388,7 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": [ - "digga", - "blank" - ] + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1637655461, @@ -475,16 +452,16 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1636976544, - "narHash": "sha256-9ZmdyoRz4Qu8bP5BKR1T10YbzcB9nvCeQjOEw2cRKR0=", - "owner": "nixos", + "lastModified": 1644972330, + "narHash": "sha256-6V2JFpTUzB9G+KcqtUR1yl7f6rd9495YrFECslEmbGw=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "931ab058daa7e4cd539533963f95e2bb0dbd41e6", + "rev": "19574af0af3ffaf7c9e359744ed32556f34536bd", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -560,23 +537,6 @@ "nvfetcher": "nvfetcher" } }, - "rust-analyzer-src": { - "flake": false, - "locked": { - "lastModified": 1637268320, - "narHash": "sha256-lxB1r+7cmZisiGLx0tZ2LaC6X/EcQTbRIWZfnLIIgs4=", - "owner": "rust-analyzer", - "repo": "rust-analyzer", - "rev": "f0da9406bcbde1bc727242b481d8de825e84f59a", - "type": "github" - }, - "original": { - "owner": "rust-analyzer", - "ref": "nightly", - "repo": "rust-analyzer", - "type": "github" - } - }, "utils": { "locked": { "lastModified": 1637014545, diff --git a/flake.nix b/flake.nix index 50402527..ed387178 100644 --- a/flake.nix +++ b/flake.nix @@ -26,7 +26,7 @@ darwin.url = "github:LnL7/nix-darwin"; darwin.inputs.nixpkgs.follows = "nixos"; - deploy.url = "github:input-output-hk/deploy-rs"; + deploy.url = "github:serokell/deploy-rs"; deploy.inputs.nixpkgs.follows = "nixos"; agenix.url = "github:ryantm/agenix"; -- 2.44.2 From 869446df6343e06274423ef884a548730144f182 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 22 Feb 2022 16:49:46 +0100 Subject: [PATCH 171/320] alacritty: better search colors highlighting --- modules/graphical/alacritty.nix | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/modules/graphical/alacritty.nix b/modules/graphical/alacritty.nix index f08be710..e4e2f6ad 100644 --- a/modules/graphical/alacritty.nix +++ b/modules/graphical/alacritty.nix @@ -106,6 +106,23 @@ cursor = "0xe3e1e4"; }; + # Colors used for the search bar and match highlighting. + search = { + # Allowed values are CellForeground/CellBackground, which reference the + # affected cell, or hexadecimal colors like #ff00ff. + matches = { + foreground = "0xe5c463"; + background = "0x1a181a"; + }; + focused_match = { + foreground = "0xe5c463"; + background = "0xe3e1e4"; + }; + #bar = + # background = "#c5c8c6"; + # foreground = "#1d1f21"; + }; + # Normal colors normal = { black = "0x1a181a"; -- 2.44.2 From 4052b39c6e615a114790ba0979b5d2f0dc5a9baf Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 22 Feb 2022 16:51:08 +0100 Subject: [PATCH 172/320] nix-dram: ensure nixpkgs follows latest input --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index 26e442ad..4569e41a 100644 --- a/flake.nix +++ b/flake.nix @@ -42,6 +42,7 @@ # PubSolarOS additions nix-dram.url = "github:dramforever/nix-dram"; + nix-dram.inputs.nixpkgs.follows = "latest"; }; outputs = -- 2.44.2 From d0e972f85f3c45904368ebdf9bfe2e4a006300c8 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Fri, 25 Feb 2022 13:59:04 +0100 Subject: [PATCH 173/320] DEBUG: try to build ISO without volume as build store cache --- .drone.yml | 27 +++++---------------------- 1 file changed, 5 insertions(+), 22 deletions(-) diff --git a/.drone.yml b/.drone.yml index 2493d68f..53d665a7 100644 --- a/.drone.yml +++ b/.drone.yml @@ -95,31 +95,19 @@ name: Check steps: - name: "Check" image: docker.nix-community.org/nixpkgs/nix-flakes:latest - privileged: true - volumes: - - name: nix-store-cache - path: /tmp/build-store when: event: - pull_request - tag environment: - NIX_FLAGS: "--store /tmp/build-store --print-build-logs --verbose" - SUBCMD_FLAGS: "--eval-store local" + NIX_FLAGS: "--print-build-logs --verbose" commands: - 'echo NIX_FLAGS: $NIX_FLAGS' - - 'echo SUBCMD_FLAGS: $SUBCMD_FLAGS' - # DEBUG: try if nix build works with build store as cache - #- nix $$NIX_FLAGS flake check $$SUBCMD_FLAGS + - nix $$NIX_FLAGS flake check - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix $$NIX_FLAGS develop --command echo OK - nix $$NIX_FLAGS develop --command bud --help -volumes: - - name: nix-store-cache - host: - path: "/var/nix/build-store" - --- kind: pipeline type: docker @@ -132,12 +120,10 @@ steps: volumes: - name: file-exchange path: /var/nix/iso-cache - - name: nix-store-cache - path: /tmp/build-store commands: - | - nix --store /tmp/build-store --print-build-logs --verbose \ - develop --eval-store local --command \ + nix --print-build-logs --verbose \ + develop --command \ bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ @@ -170,12 +156,9 @@ trigger: volumes: - name: file-exchange temp: {} - - name: nix-store-cache - host: - path: "/var/nix/build-store" --- kind: signature -hmac: 7ed23abadfcd0a30de070d90bb898a9b61b87a9547d9ccbb36ccca4d390db256 +hmac: f39ee287ccf3c8cbc66a939f4a37cc9ecae986321448ec88992c4dbaeb551a24 ... -- 2.44.2 From 5a0078be8d1db39f926473cc83466a70ae25de12 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 27 Feb 2022 17:06:24 +0100 Subject: [PATCH 174/320] DEBUG: try to build ISO without volume as build store cache --- .drone.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.drone.yml b/.drone.yml index 53d665a7..c1e67c32 100644 --- a/.drone.yml +++ b/.drone.yml @@ -116,7 +116,6 @@ name: Publish ISO steps: - name: "Build ISO" image: docker.nix-community.org/nixpkgs/nix-flakes:latest - privileged: true volumes: - name: file-exchange path: /var/nix/iso-cache -- 2.44.2 From 94b63041402c22fddfd51700ebb1e687adc5625f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 27 Feb 2022 17:07:43 +0100 Subject: [PATCH 175/320] DEBUG: try to build ISO without volume as build store cache --- .drone.yml | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/.drone.yml b/.drone.yml index c1e67c32..e21f65e0 100644 --- a/.drone.yml +++ b/.drone.yml @@ -87,26 +87,26 @@ trigger: event: - cron ---- -kind: pipeline -type: docker -name: Check - -steps: - - name: "Check" - image: docker.nix-community.org/nixpkgs/nix-flakes:latest - when: - event: - - pull_request - - tag - environment: - NIX_FLAGS: "--print-build-logs --verbose" - commands: - - 'echo NIX_FLAGS: $NIX_FLAGS' - - nix $$NIX_FLAGS flake check - - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix $$NIX_FLAGS develop --command echo OK - - nix $$NIX_FLAGS develop --command bud --help +#--- +#kind: pipeline +#type: docker +#name: Check +# +#steps: +# - name: "Check" +# image: docker.nix-community.org/nixpkgs/nix-flakes:latest +# when: +# event: +# - pull_request +# - tag +# environment: +# NIX_FLAGS: "--print-build-logs --verbose" +# commands: +# - 'echo NIX_FLAGS: $NIX_FLAGS' +# - nix $$NIX_FLAGS flake check +# - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" +# - nix $$NIX_FLAGS develop --command echo OK +# - nix $$NIX_FLAGS develop --command bud --help --- kind: pipeline @@ -158,6 +158,6 @@ volumes: --- kind: signature -hmac: f39ee287ccf3c8cbc66a939f4a37cc9ecae986321448ec88992c4dbaeb551a24 +hmac: 32d5f2a2df812967aeeaa781f44e06549bc83802608478cfa89a2424b1ab6426 ... -- 2.44.2 From 4e9786442b7efa4df1e8dfb5434c1ced221bdeff Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 27 Feb 2022 17:09:06 +0100 Subject: [PATCH 176/320] DEBUG: try to build ISO without volume as build store cache --- .drone.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index e21f65e0..8d6ccf6a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -145,8 +145,8 @@ steps: - /var/nix/iso-cache/*.iso strip_components: 3 -depends_on: - - Check +#depends_on: +# - Check trigger: event: @@ -158,6 +158,6 @@ volumes: --- kind: signature -hmac: 32d5f2a2df812967aeeaa781f44e06549bc83802608478cfa89a2424b1ab6426 +hmac: e87b38b90d8b247719f395fd1f15df7ef534d036a5bc5efe140cee8e3a8643da ... -- 2.44.2 From 090575759b8f983bac00b1cf0b74a80562d72836 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Fri, 4 Mar 2022 15:14:09 +0100 Subject: [PATCH 177/320] bump flake lock --- flake.lock | 232 ++++++++++++++++++++++++++--------------------------- 1 file changed, 113 insertions(+), 119 deletions(-) diff --git a/flake.lock b/flake.lock index df88d725..b50851f3 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1637793790, - "narHash": "sha256-oPXavjxETEWGXq8g7kQHyRLKUmLX2yPtGn+t3V0mrTY=", + "lastModified": 1646105662, + "narHash": "sha256-jdXCZbGZL0SWWi29GnAOFHUh/QvvP0IyaVLv1ZTDkBI=", "owner": "ryantm", "repo": "agenix", - "rev": "f85eea0e29fa9a8924571d0e398215e175f80d55", + "rev": "297cd58b418249240b9f1f155d52b1b17f292884", "type": "github" }, "original": { @@ -27,11 +27,11 @@ "poetry2nix": "poetry2nix" }, "locked": { - "lastModified": 1630693543, - "narHash": "sha256-7Sly3ReaJZw60Qo0rpfN4jF6zy94nwQz6ENgUUFzJfg=", + "lastModified": 1641830469, + "narHash": "sha256-uhDmgNP/biOWe4FtOa6c2xZnREH+NP9rdrMm0LccRUk=", "owner": "lovesegfault", "repo": "beautysh", - "rev": "5609593961b70428f58d5c1b4b25cdda43b0d0bd", + "rev": "e85d9736927c0fcf2abb05cb3a2d8d9b4502a2eb", "type": "github" }, "original": { @@ -67,11 +67,11 @@ ] }, "locked": { - "lastModified": 1640836100, - "narHash": "sha256-My9Lay6BCDwAZgrL4SuVXHkYPHIU7ypnuiS/pd7eg1M=", + "lastModified": 1642035816, + "narHash": "sha256-1Lq5c1AeUv/1SK08+O704JVfDdD/zodHzA0cv0TIga8=", "owner": "divnix", "repo": "bud", - "rev": "b1d8ab3970f4dfb5fb90d7d8a9ab493c75d031fc", + "rev": "a789d710851441ba7e7cd59be378623b1fe05688", "type": "github" }, "original": { @@ -87,11 +87,11 @@ ] }, "locked": { - "lastModified": 1634994402, - "narHash": "sha256-xmlCVVOYGpZoxgOqsDOVF0B0ASrnbNGVAEzID9qh2xo=", + "lastModified": 1645293039, + "narHash": "sha256-PwdDu+SkX8dreeuJ/4av1sEluNZdrpdXv8JsRKKg1Yc=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "44da835ac40dab5fd231298b59d83487382d2fab", + "rev": "1df878b6f8351795a3bebfbe4fd2d02e1e8b29d6", "type": "github" }, "original": { @@ -144,6 +144,7 @@ "deploy" ], "devshell": "devshell", + "flake-compat": "flake-compat_2", "flake-utils-plus": "flake-utils-plus", "home-manager": [ "home" @@ -158,11 +159,11 @@ ] }, "locked": { - "lastModified": 1643510242, - "narHash": "sha256-9C9DyJhQ5bevk0CEEjGct+U9EqUgHg8T70nxz47zjMI=", + "lastModified": 1646340536, + "narHash": "sha256-mXNWDqHDGqGRIE7RxN6nkhQyZcikJL2HAvu55ITuC98=", "owner": "divnix", "repo": "digga", - "rev": "33bfb05b8a148d8ad6a842de74e22209bf9fe5d7", + "rev": "bfecf143c098581e0aafe1b8f9e3f2f7a402fb17", "type": "github" }, "original": { @@ -174,11 +175,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1627913399, - "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", + "lastModified": 1641205782, + "narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=", "owner": "edolstra", "repo": "flake-compat", - "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", + "rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7", "type": "github" }, "original": { @@ -188,6 +189,22 @@ } }, "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1641205782, + "narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_3": { "flake": false, "locked": { "lastModified": 1627913399, @@ -205,11 +222,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1623875721, - "narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=", + "lastModified": 1631561581, + "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", "owner": "numtide", "repo": "flake-utils", - "rev": "f7e004a55b120c02ecb6219596820fcd32ca8772", + "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", "type": "github" }, "original": { @@ -220,7 +237,7 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": "flake-utils_3" + "flake-utils": "flake-utils_2" }, "locked": { "lastModified": 1639385028, @@ -238,11 +255,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", "owner": "numtide", "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", "type": "github" }, "original": { @@ -268,11 +285,11 @@ }, "flake-utils_4": { "locked": { - "lastModified": 1631561581, - "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", + "lastModified": 1638122382, + "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", + "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", "type": "github" }, "original": { @@ -288,11 +305,11 @@ ] }, "locked": { - "lastModified": 1642653493, - "narHash": "sha256-22mGPjiHUo2Jmze4IjXCJLjeK2mbvvCztHmUyUMr4yw=", + "lastModified": 1643933536, + "narHash": "sha256-yRmsWAG4DnLxLIUtlaZsl0kH7rN5xSoyNRlf0YZrcH4=", "owner": "nix-community", "repo": "home-manager", - "rev": "28b9ae40c45c5e7711c353fee1b7af734e293979", + "rev": "2860d7e3bb350f18f7477858f3513f9798896831", "type": "github" }, "original": { @@ -320,11 +337,11 @@ }, "latest_2": { "locked": { - "lastModified": 1643347846, - "narHash": "sha256-O0tyXF//ppRpe9yT1Uu5n34yI2MWDyY6ZiJ4Qn5zIkE=", + "lastModified": 1646254136, + "narHash": "sha256-8nQx02tTzgYO21BP/dy5BCRopE8OwE8Drsw98j+Qoaw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5bb20f9dc70e9ee16e21cc404b6508654931ce41", + "rev": "3e072546ea98db00c2364b81491b893673267827", "type": "github" }, "original": { @@ -341,11 +358,11 @@ ] }, "locked": { - "lastModified": 1638203339, - "narHash": "sha256-Sz3iCvbWrVWOD/XfYQeRJgP/7MVYL3/VKsNXvDeWBFc=", + "lastModified": 1639947939, + "narHash": "sha256-pGsM8haJadVP80GFq4xhnSpNitYNQpaXk4cnA796Cso=", "owner": "nmattia", "repo": "naersk", - "rev": "c3e56b8a4ffb6d906cdfcfee034581f9a8ece571", + "rev": "2fc8ce9d3c025d59fee349c1f80be9785049d653", "type": "github" }, "original": { @@ -354,6 +371,27 @@ "type": "github" } }, + "nix-dram": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": [ + "latest" + ] + }, + "locked": { + "lastModified": 1644066500, + "narHash": "sha256-15PCSlsvYQOwJ+Jvp9evrBiun4pquPAh5VZAUO5whcw=", + "owner": "dramforever", + "repo": "nix-dram", + "rev": "579d5a3db2cb4726653a0916e0f210dbb84cb0a5", + "type": "github" + }, + "original": { + "owner": "dramforever", + "repo": "nix-dram", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1641688481, @@ -369,32 +407,13 @@ "type": "github" } }, - "nix-dram": { - "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs" - }, - "locked": { - "lastModified": 1628492639, - "narHash": "sha256-ffF/oEhLs/stAsXXobruKHyH9jnMC2rt/SM3ASrs2U8=", - "owner": "dramforever", - "repo": "nix-dram", - "rev": "fba426108ea6bdeb1e362bac9da06cbd33726f41", - "type": "github" - }, - "original": { - "owner": "dramforever", - "repo": "nix-dram", - "type": "github" - } - }, "nixos": { "locked": { - "lastModified": 1643463207, - "narHash": "sha256-W0azAxucUq84BvWqDPt3gX8kyc8wYvGUynZV9COfByQ=", + "lastModified": 1646358457, + "narHash": "sha256-rzvpqPRX5q5sOUbu7lhZkk9vhnIVWSARnu+R9mSE3Vc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "03098169624f487eef37186b3214c40e6b6e919d", + "rev": "0fc9d50c3104c8ddb11cf0c83a045eb78ad17058", "type": "github" }, "original": { @@ -407,7 +426,10 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": "nixpkgs_3" + "nixpkgs": [ + "digga", + "blank" + ] }, "locked": { "lastModified": 1637655461, @@ -425,11 +447,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1638182287, - "narHash": "sha256-vBzf+hbTJz2ZdXV/DWirl6wOO7tjdqzTIU+0FANt65U=", + "lastModified": 1646398322, + "narHash": "sha256-p+WCAOoJLc4R6x60pLYYqAiq30PlDUYJMrXqQ3rkBCg=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "6b3f79de09c3de7c91ab51e55e87879f61b6faec", + "rev": "a7bca8d0d8188ae9802ecc467150cf018e19b958", "type": "github" }, "original": { @@ -440,11 +462,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1643428210, - "narHash": "sha256-ympCeHuXeGitpnegE0raAtWLNg3vZbjj5QbbMvvBGCQ=", + "lastModified": 1633971123, + "narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e1b353e890801a759efe9a4c42f6984e47721f0d", + "rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef", "type": "github" }, "original": { @@ -454,45 +476,13 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1643513770, - "narHash": "sha256-Q64SabfQLuhHQfhpIHS/fLCEO2NUFnI+EKsB5GnfWh8=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "66ab3568d67b90275c0720aae8b911bad82c24fe", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { - "locked": { - "lastModified": 1644972330, - "narHash": "sha256-6V2JFpTUzB9G+KcqtUR1yl7f6rd9495YrFECslEmbGw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "19574af0af3ffaf7c9e359744ed32556f34536bd", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nur": { "locked": { - "lastModified": 1638231901, - "narHash": "sha256-XzuvFTmsXULdWynQWzgaPHikepNhjEpK4o5WXfmRqek=", - "owner": "nix-community", - "repo": "NUR", - "rev": "4e68fb3d8f48e91196deb13f44bcfb421da25afb", - "type": "github" + "lastModified": 1626378135, + "narHash": "sha256-koC6DBYmLCrgXA+AMHVaODf1uHYPmvcFygHfy3eg6vI=", + "path": "/nix/store/6mfkswqi67m35qwv0vh7kpk8rypbl2rq-source", + "rev": "00c2ec8f0bbdf0cfb2135bde55fbae5d6b64aa6d", + "type": "path" }, "original": { "id": "nur", @@ -501,18 +491,18 @@ }, "nvfetcher": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "flake-utils": "flake-utils_4", "nixpkgs": [ "nixos" ] }, "locked": { - "lastModified": 1634524567, - "narHash": "sha256-v9ZTZj1WNQaaVfs1P1mUPuh518mmwpqszj1EjdeGUmc=", + "lastModified": 1644123018, + "narHash": "sha256-xEhhLmuy4FnT4Zdkf3epPX9T3xqn59yERCsicG4IEyM=", "owner": "berberman", "repo": "nvfetcher", - "rev": "807513f4bbd0e3b5863f4c3b91f8ac846ed6da9b", + "rev": "9f2cb15c4668859312b6a854d79ad753d5b98b03", "type": "github" }, "original": { @@ -523,15 +513,23 @@ }, "poetry2nix": { "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_2" + "flake-utils": [ + "bud", + "beautysh", + "flake-utils" + ], + "nixpkgs": [ + "bud", + "beautysh", + "nixpkgs" + ] }, "locked": { - "lastModified": 1625240517, - "narHash": "sha256-2E1gaOP+bCplhf3kliVQWK5N1NV2h06mkJk2KTiRTJQ=", + "lastModified": 1633382856, + "narHash": "sha256-hYlet806M9xJj4yxf0g5fhDT2IEUVIMAl7sqIeZ8DUM=", "owner": "nix-community", "repo": "poetry2nix", - "rev": "e40e8ed0e8c11e709e4c8c7c20174facd265a021", + "rev": "705cbfa10e3d9bfed2e59e0256844ae3704dbd7e", "type": "github" }, "original": { @@ -551,10 +549,6 @@ "latest": "latest_2", "naersk": "naersk", "nix-dram": "nix-dram", - "nixlib": [ - "digga", - "nixlib" - ], "nixos": "nixos", "nixos-hardware": "nixos-hardware", "nur": "nur", @@ -563,11 +557,11 @@ }, "utils": { "locked": { - "lastModified": 1637014545, - "narHash": "sha256-26IZAc5yzlD9FlDT54io1oqG/bBoyka+FJk5guaX4x4=", + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "owner": "numtide", "repo": "flake-utils", - "rev": "bba5dcc8e0b20ab664967ad83d24d64cb64ec4f4", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "type": "github" }, "original": { -- 2.44.2 From 83074e2dffc691eca0540234200cb13819ebf5cc Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 15 Mar 2022 17:20:25 +0100 Subject: [PATCH 178/320] neovim: add quick-scope plugin --- modules/terminal-life/nvim/default.nix | 1 + modules/terminal-life/nvim/plugins.vim | 4 ++++ 2 files changed, 5 insertions(+) diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index e46c82e2..c6dd9a5f 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -102,6 +102,7 @@ in airline editorconfig-vim nnn-vim + quick-scope suda syntastic vim-gutentags diff --git a/modules/terminal-life/nvim/plugins.vim b/modules/terminal-life/nvim/plugins.vim index 2086bfd7..193e0e03 100644 --- a/modules/terminal-life/nvim/plugins.vim +++ b/modules/terminal-life/nvim/plugins.vim @@ -4,6 +4,10 @@ autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab let g:gutentags_file_list_command = 'git ls-files' +" quick-scope +" https://github.com/unblevable/quick-scope +let g:qs_highlight_on_keys = ['f', 'F', 't', 'T'] + " Golang " Go test shortcut nmap got :GoTest:botright copen -- 2.44.2 From 60ce668bc917f21e1a3309253f78be6126683c80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Wed, 23 Mar 2022 11:02:44 +0100 Subject: [PATCH 179/320] Update flake lock --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index b50851f3..6e2cfec2 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1646105662, - "narHash": "sha256-jdXCZbGZL0SWWi29GnAOFHUh/QvvP0IyaVLv1ZTDkBI=", + "lastModified": 1646845404, + "narHash": "sha256-JENXFCI2HVqi0whBzt7MAW9PX3ziEaYqBhMux+4g+VM=", "owner": "ryantm", "repo": "agenix", - "rev": "297cd58b418249240b9f1f155d52b1b17f292884", + "rev": "764c975e74bce2f89a5106b68ec48e2b586f893c", "type": "github" }, "original": { @@ -87,11 +87,11 @@ ] }, "locked": { - "lastModified": 1645293039, - "narHash": "sha256-PwdDu+SkX8dreeuJ/4av1sEluNZdrpdXv8JsRKKg1Yc=", + "lastModified": 1647173930, + "narHash": "sha256-8oca3Pc68VrCp8HeOtHmzs5g0rdQnPO9beDEEZJ02W0=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "1df878b6f8351795a3bebfbe4fd2d02e1e8b29d6", + "rev": "17fbc68a6110edbff67e55f7450230a697ecb17e", "type": "github" }, "original": { @@ -159,11 +159,11 @@ ] }, "locked": { - "lastModified": 1646340536, - "narHash": "sha256-mXNWDqHDGqGRIE7RxN6nkhQyZcikJL2HAvu55ITuC98=", + "lastModified": 1646846683, + "narHash": "sha256-s13XKw1xjGlmdY9qMwla/mDKaE/8xAVJ/+ZTJ9Q7CTY=", "owner": "divnix", "repo": "digga", - "rev": "bfecf143c098581e0aafe1b8f9e3f2f7a402fb17", + "rev": "396b04b62b885963c467aa8ade3c19398ade2d69", "type": "github" }, "original": { @@ -270,11 +270,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1638122382, - "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "lastModified": 1644229661, + "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", "owner": "numtide", "repo": "flake-utils", - "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", "type": "github" }, "original": { @@ -305,11 +305,11 @@ ] }, "locked": { - "lastModified": 1643933536, - "narHash": "sha256-yRmsWAG4DnLxLIUtlaZsl0kH7rN5xSoyNRlf0YZrcH4=", + "lastModified": 1647175256, + "narHash": "sha256-7H+veXPM7IwdN1DoZqliwb9sghlN56koV5dnCu1kpsc=", "owner": "nix-community", "repo": "home-manager", - "rev": "2860d7e3bb350f18f7477858f3513f9798896831", + "rev": "a8d00f5c038cf7ec54e7dac9c57b171c1217f008", "type": "github" }, "original": { @@ -337,11 +337,11 @@ }, "latest_2": { "locked": { - "lastModified": 1646254136, - "narHash": "sha256-8nQx02tTzgYO21BP/dy5BCRopE8OwE8Drsw98j+Qoaw=", + "lastModified": 1647800324, + "narHash": "sha256-rjwoxrk16zfrcO5Torh6CbAd5GHsHrXw+EwxOvh9AUI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3e072546ea98db00c2364b81491b893673267827", + "rev": "9bc841fec1c0e8b9772afa29f934d2c7ce57da8e", "type": "github" }, "original": { @@ -379,11 +379,11 @@ ] }, "locked": { - "lastModified": 1644066500, - "narHash": "sha256-15PCSlsvYQOwJ+Jvp9evrBiun4pquPAh5VZAUO5whcw=", + "lastModified": 1647510905, + "narHash": "sha256-kQ+cftZtnqzI/dIYvhm0NtxT5sKnD9Sh9Ou/Bkni/vI=", "owner": "dramforever", "repo": "nix-dram", - "rev": "579d5a3db2cb4726653a0916e0f210dbb84cb0a5", + "rev": "ea68798b61f32032d093c09b9357b461fed37254", "type": "github" }, "original": { @@ -409,11 +409,11 @@ }, "nixos": { "locked": { - "lastModified": 1646358457, - "narHash": "sha256-rzvpqPRX5q5sOUbu7lhZkk9vhnIVWSARnu+R9mSE3Vc=", + "lastModified": 1647992509, + "narHash": "sha256-AG40Nt5OWz0LBs5p457emOuwLKOvTtcv/2fUdnEN3Ws=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0fc9d50c3104c8ddb11cf0c83a045eb78ad17058", + "rev": "d2caa9377539e3b5ff1272ac3aa2d15f3081069f", "type": "github" }, "original": { @@ -447,11 +447,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1646398322, - "narHash": "sha256-p+WCAOoJLc4R6x60pLYYqAiq30PlDUYJMrXqQ3rkBCg=", + "lastModified": 1648022149, + "narHash": "sha256-xhDjF807UZwC2I6EGYrH1o8Mzr6w8bBruGOmHAcWO/Q=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "a7bca8d0d8188ae9802ecc467150cf018e19b958", + "rev": "a352d867273cf4a245d890f8a2cfcfabd29c5c63", "type": "github" }, "original": { -- 2.44.2 From 03911fda341ae84a7a68c22b4d7a9991ee257a06 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Tue, 29 Mar 2022 19:32:41 +0200 Subject: [PATCH 180/320] Update flake lock --- flake.lock | 120 +++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 89 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index 6e2cfec2..241b88c9 100644 --- a/flake.lock +++ b/flake.lock @@ -87,11 +87,11 @@ ] }, "locked": { - "lastModified": 1647173930, - "narHash": "sha256-8oca3Pc68VrCp8HeOtHmzs5g0rdQnPO9beDEEZJ02W0=", + "lastModified": 1648278671, + "narHash": "sha256-1WrR9ex+rKTjZtODNUZQhkWYUprtfOkjOyo9YWL2NMs=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "17fbc68a6110edbff67e55f7450230a697ecb17e", + "rev": "4fdbb8168f61d31d3f90bb0d07f48de709c4fe79", "type": "github" }, "original": { @@ -109,11 +109,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1643787431, - "narHash": "sha256-8IwuVgXulRE3ZWq6z8mytarawC32pKPKR20EyDtSH+w=", + "lastModified": 1648475189, + "narHash": "sha256-gAGAS6IagwoUr1B0ohE3iR6sZ8hP4LSqzYLC8Mq3WGU=", "owner": "serokell", "repo": "deploy-rs", - "rev": "4154ba1aaaf7333a916384c348d867d03b6f1409", + "rev": "83e0c78291cd08cb827ba0d553ad9158ae5a95c3", "type": "github" }, "original": { @@ -156,14 +156,15 @@ "nixos-generators": "nixos-generators", "nixpkgs": [ "nixos" - ] + ], + "std": "std" }, "locked": { - "lastModified": 1646846683, - "narHash": "sha256-s13XKw1xjGlmdY9qMwla/mDKaE/8xAVJ/+ZTJ9Q7CTY=", + "lastModified": 1648424601, + "narHash": "sha256-cSDiq0PMKPLIzFC05RZccEL/8CbebljN19dO2HNLWBk=", "owner": "divnix", "repo": "digga", - "rev": "396b04b62b885963c467aa8ade3c19398ade2d69", + "rev": "9da3840a6f4c86c3058f8bd2e1d824dbee2abdfe", "type": "github" }, "original": { @@ -175,11 +176,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1641205782, - "narHash": "sha256-4jY7RCWUoZ9cKD8co0/4tFARpWB+57+r1bLLvXNJliY=", + "lastModified": 1648199409, + "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=", "owner": "edolstra", "repo": "flake-compat", - "rev": "b7547d3eed6f32d06102ead8991ec52ab0a4f1a7", + "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03", "type": "github" }, "original": { @@ -337,11 +338,11 @@ }, "latest_2": { "locked": { - "lastModified": 1647800324, - "narHash": "sha256-rjwoxrk16zfrcO5Torh6CbAd5GHsHrXw+EwxOvh9AUI=", + "lastModified": 1648390671, + "narHash": "sha256-u69opCeHUx3CsdIerD0wVSR+DjfDQjnztObqfk9Trqc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9bc841fec1c0e8b9772afa29f934d2c7ce57da8e", + "rev": "ce8cbe3c01fd8ee2de526ccd84bbf9b82397a510", "type": "github" }, "original": { @@ -358,11 +359,11 @@ ] }, "locked": { - "lastModified": 1639947939, - "narHash": "sha256-pGsM8haJadVP80GFq4xhnSpNitYNQpaXk4cnA796Cso=", + "lastModified": 1648544490, + "narHash": "sha256-EoBDcccV70tfz2LAs5lK0BjC7en5mzUVlgLsd5E6DW4=", "owner": "nmattia", "repo": "naersk", - "rev": "2fc8ce9d3c025d59fee349c1f80be9785049d653", + "rev": "e30ef9a5ce9b3de8bb438f15829c50f9525ca730", "type": "github" }, "original": { @@ -409,11 +410,11 @@ }, "nixos": { "locked": { - "lastModified": 1647992509, - "narHash": "sha256-AG40Nt5OWz0LBs5p457emOuwLKOvTtcv/2fUdnEN3Ws=", + "lastModified": 1648553562, + "narHash": "sha256-xQhRKu6h0phd56oCzGjkhHkY4eDI1XKedGqkFtlXapk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d2caa9377539e3b5ff1272ac3aa2d15f3081069f", + "rev": "9b168e5e62406fa2e55e132f390379a6ba22b402", "type": "github" }, "original": { @@ -447,11 +448,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1648022149, - "narHash": "sha256-xhDjF807UZwC2I6EGYrH1o8Mzr6w8bBruGOmHAcWO/Q=", + "lastModified": 1648141026, + "narHash": "sha256-h8e3+5EZFbYHTMb0DN2ACuQTJBNHpqigvmEV1w2WIuE=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "a352d867273cf4a245d890f8a2cfcfabd29c5c63", + "rev": "feceb4d24f582817d8f6e737cd40af9e162dee05", "type": "github" }, "original": { @@ -476,6 +477,22 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1647350163, + "narHash": "sha256-OcMI+PFEHTONthXuEQNddt16Ml7qGvanL3x8QOl2Aao=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "3eb07eeafb52bcbf02ce800f032f18d666a9498d", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "locked": { "lastModified": 1626378135, @@ -498,11 +515,11 @@ ] }, "locked": { - "lastModified": 1644123018, - "narHash": "sha256-xEhhLmuy4FnT4Zdkf3epPX9T3xqn59yERCsicG4IEyM=", + "lastModified": 1648145722, + "narHash": "sha256-iC04ukXdms4XnvKh/o1LoYXDiAURD6y0vae8V6ovQfw=", "owner": "berberman", "repo": "nvfetcher", - "rev": "9f2cb15c4668859312b6a854d79ad753d5b98b03", + "rev": "daea67a8b6ec8aa89eb3a474c3d9e9ce2b2cc6f1", "type": "github" }, "original": { @@ -555,13 +572,32 @@ "nvfetcher": "nvfetcher" } }, + "std": { + "inputs": { + "nixpkgs": "nixpkgs_2", + "yants": "yants" + }, + "locked": { + "lastModified": 1647235919, + "narHash": "sha256-fO4dlRO0zeZtzY1QF7iLatx81jena6QP7HZEA83AJ8E=", + "owner": "divnix", + "repo": "std", + "rev": "133fb0c1cc8d0d477a3d339971ef09fa57a60fd3", + "type": "github" + }, + "original": { + "owner": "divnix", + "repo": "std", + "type": "github" + } + }, "utils": { "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", + "lastModified": 1648297722, + "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", + "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", "type": "github" }, "original": { @@ -569,6 +605,28 @@ "repo": "flake-utils", "type": "github" } + }, + "yants": { + "inputs": { + "nixpkgs": [ + "digga", + "std", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1645126146, + "narHash": "sha256-XQ1eg4gzXoc7Tl8iXak1uCt3KnsTyxqPtLE+vOoDnrQ=", + "owner": "divnix", + "repo": "yants", + "rev": "77df2be1b3cce9f571c6cf451f786b266a6869cc", + "type": "github" + }, + "original": { + "owner": "divnix", + "repo": "yants", + "type": "github" + } } }, "root": "root", -- 2.44.2 From 3e94c0d9f4673bee62922e181bb0bd795511794b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 3 Apr 2022 18:36:20 +0200 Subject: [PATCH 181/320] chore: fix direnv auto reload --- .envrc | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.envrc b/.envrc index a6d5743c..c878da9a 100644 --- a/.envrc +++ b/.envrc @@ -1,2 +1,10 @@ -watch_file shell/* flake.nix -use flake || use nix +# reload when these files change +watch_file flake.nix +watch_file shell.nix + +{ + # shell gc root dir + mkdir -p "$(direnv_layout_dir)" + + eval "$(nix print-dev-env --profile $(direnv_layout_dir)/flake-profile)" +} || use nix -- 2.44.2 From 93b895136d45c9398e9da3eb927b22ab7c7b8d9b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 3 Apr 2022 18:34:46 +0200 Subject: [PATCH 182/320] neovim: fix config for version 0.6.1 --- modules/terminal-life/nvim/default.nix | 2 +- modules/terminal-life/nvim/lsp.vim | 24 ++++++++++++------------ overlays/overrides.nix | 1 + 3 files changed, 14 insertions(+), 13 deletions(-) diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index c6dd9a5f..5677032f 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -99,7 +99,7 @@ in instant-nvim ack-vim - airline + vim-airline editorconfig-vim nnn-vim quick-scope diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 1d5bf4d4..e1e558f0 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -33,18 +33,18 @@ lua <lua vim.lsp.buf.hover()', opts) buf_set_keymap('n', 'gi', 'lua vim.lsp.buf.implementation()', opts) buf_set_keymap('n', '', 'lua vim.lsp.buf.signature_help()', opts) - buf_set_keymap('n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) - buf_set_keymap('n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) - buf_set_keymap('n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) - buf_set_keymap('n', 'D', 'lua vim.lsp.buf.type_definition()', opts) - buf_set_keymap('n', 'rn', 'lua vim.lsp.buf.rename()', opts) - buf_set_keymap('n', 'ca', 'lua vim.lsp.buf.code_action()', opts) + buf_set_keymap('n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) + buf_set_keymap('n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) + buf_set_keymap('n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) + buf_set_keymap('n', 'D', 'lua vim.lsp.buf.type_definition()', opts) + buf_set_keymap('n', 'rn', 'lua vim.lsp.buf.rename()', opts) + buf_set_keymap('n', 'ca', 'lua vim.lsp.buf.code_action()', opts) buf_set_keymap('n', 'gr', 'lua vim.lsp.buf.references()', opts) - buf_set_keymap('n', 'e', 'lua vim.lsp.diagnostic.show_line_diagnostics()', opts) - buf_set_keymap('n', '[d', 'lua vim.lsp.diagnostic.goto_prev()', opts) - buf_set_keymap('n', ']d', 'lua vim.lsp.diagnostic.goto_next()', opts) - buf_set_keymap('n', 'q', 'lua vim.lsp.diagnostic.set_loclist()', opts) - buf_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) + buf_set_keymap('n', 'e', 'lua vim.diagnostic.open_float()', opts) + buf_set_keymap('n', 'g[', 'lua vim.diagnostic.goto_prev()', opts) + buf_set_keymap('n', 'g]', 'lua vim.diagnostic.goto_next()', opts) + buf_set_keymap('n', 'q', 'lua vim.diagnostic.setloclist()', opts) + buf_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) end @@ -184,7 +184,7 @@ let g:diagnostic_trimmed_virtual_text = '40' let g:diagnostic_insert_delay = 1 " Show diagnostic popup on cursor hold -autocmd CursorHold * lua vim.lsp.diagnostic.show_line_diagnostics({ focusable = false }) +autocmd CursorHold,CursorHoldI * lua vim.diagnostic.open_float(nil, { focus = false, scope = "cursor" }) " Goto previous/next diagnostic warning/error " nnoremap g[ PrevDiagnosticCycle diff --git a/overlays/overrides.nix b/overlays/overrides.nix index c0cb58ad..6637706b 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -22,6 +22,7 @@ channels: final: prev: { obs-studio obs-studio-plugins looking-glass-client + vimPlugins ; -- 2.44.2 From a884368d8d2966a62ea52cecd73196ad77387679 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 3 Apr 2022 18:42:02 +0200 Subject: [PATCH 183/320] chore: update flake lock --- flake.lock | 128 +++++++---------------------------------------------- 1 file changed, 16 insertions(+), 112 deletions(-) diff --git a/flake.lock b/flake.lock index 241b88c9..d91fc204 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1646845404, - "narHash": "sha256-JENXFCI2HVqi0whBzt7MAW9PX3ziEaYqBhMux+4g+VM=", + "lastModified": 1648942457, + "narHash": "sha256-i29Z1t3sVfCNfpp+KAfeExvpqHQSbLO1KWylTtfradU=", "owner": "ryantm", "repo": "agenix", - "rev": "764c975e74bce2f89a5106b68ec48e2b586f893c", + "rev": "0d5e59ed645e4c7b60174bc6f6aac6a203dc0b01", "type": "github" }, "original": { @@ -153,18 +153,16 @@ "nixlib": [ "nixos" ], - "nixos-generators": "nixos-generators", "nixpkgs": [ "nixos" - ], - "std": "std" + ] }, "locked": { - "lastModified": 1648424601, - "narHash": "sha256-cSDiq0PMKPLIzFC05RZccEL/8CbebljN19dO2HNLWBk=", + "lastModified": 1648937792, + "narHash": "sha256-KoR/L4tYoFaoIo4knVuaqjzLn6yAvQmO8e5YcfUsxY4=", "owner": "divnix", "repo": "digga", - "rev": "9da3840a6f4c86c3058f8bd2e1d824dbee2abdfe", + "rev": "afa1c70e0c48395058112adf795c4999ac88eccf", "type": "github" }, "original": { @@ -306,11 +304,11 @@ ] }, "locked": { - "lastModified": 1647175256, - "narHash": "sha256-7H+veXPM7IwdN1DoZqliwb9sghlN56koV5dnCu1kpsc=", + "lastModified": 1648834319, + "narHash": "sha256-i5Aj4Aw64D/A0X6XW5LxSS4XBnYj7gMz+kN4dpsbdk8=", "owner": "nix-community", "repo": "home-manager", - "rev": "a8d00f5c038cf7ec54e7dac9c57b171c1217f008", + "rev": "0bdbdea2e26c984b096f4f7d10e3c88536a980b0", "type": "github" }, "original": { @@ -338,11 +336,11 @@ }, "latest_2": { "locked": { - "lastModified": 1648390671, - "narHash": "sha256-u69opCeHUx3CsdIerD0wVSR+DjfDQjnztObqfk9Trqc=", + "lastModified": 1648632716, + "narHash": "sha256-kCmnDeiaMsdhfnNKjxdOzwRh2H6eQb8yWAL+nNabC/Y=", "owner": "nixos", "repo": "nixpkgs", - "rev": "ce8cbe3c01fd8ee2de526ccd84bbf9b82397a510", + "rev": "710fed5a2483f945b14f4a58af2cd3676b42d8c8", "type": "github" }, "original": { @@ -393,28 +391,13 @@ "type": "github" } }, - "nixlib": { - "locked": { - "lastModified": 1641688481, - "narHash": "sha256-6L+EU12xLDHby7y8elgFtRKVBxix+7qV8DhVgXqrKZo=", - "owner": "nix-community", - "repo": "nixpkgs.lib", - "rev": "f697717b3d3a074ffc16c8c8227504f0db292886", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixpkgs.lib", - "type": "github" - } - }, "nixos": { "locked": { - "lastModified": 1648553562, - "narHash": "sha256-xQhRKu6h0phd56oCzGjkhHkY4eDI1XKedGqkFtlXapk=", + "lastModified": 1649000662, + "narHash": "sha256-KLOmqt2gBWd9h1FQJm6JtV0+T8roxH6Wq2F5wyun+l0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9b168e5e62406fa2e55e132f390379a6ba22b402", + "rev": "14775340a53c22a6398ab30f75428998759a9f8c", "type": "github" }, "original": { @@ -424,28 +407,6 @@ "type": "github" } }, - "nixos-generators": { - "inputs": { - "nixlib": "nixlib", - "nixpkgs": [ - "digga", - "blank" - ] - }, - "locked": { - "lastModified": 1637655461, - "narHash": "sha256-kXZPbclN3gKwjhp2/RYFDFpAsSBwzX1iLF4EcnHZsPQ=", - "owner": "nix-community", - "repo": "nixos-generators", - "rev": "05a3eb158a9c7746a5d463726d7f7cccf07500e4", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "nixos-generators", - "type": "github" - } - }, "nixos-hardware": { "locked": { "lastModified": 1648141026, @@ -477,22 +438,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1647350163, - "narHash": "sha256-OcMI+PFEHTONthXuEQNddt16Ml7qGvanL3x8QOl2Aao=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "3eb07eeafb52bcbf02ce800f032f18d666a9498d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nur": { "locked": { "lastModified": 1626378135, @@ -572,25 +517,6 @@ "nvfetcher": "nvfetcher" } }, - "std": { - "inputs": { - "nixpkgs": "nixpkgs_2", - "yants": "yants" - }, - "locked": { - "lastModified": 1647235919, - "narHash": "sha256-fO4dlRO0zeZtzY1QF7iLatx81jena6QP7HZEA83AJ8E=", - "owner": "divnix", - "repo": "std", - "rev": "133fb0c1cc8d0d477a3d339971ef09fa57a60fd3", - "type": "github" - }, - "original": { - "owner": "divnix", - "repo": "std", - "type": "github" - } - }, "utils": { "locked": { "lastModified": 1648297722, @@ -605,28 +531,6 @@ "repo": "flake-utils", "type": "github" } - }, - "yants": { - "inputs": { - "nixpkgs": [ - "digga", - "std", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1645126146, - "narHash": "sha256-XQ1eg4gzXoc7Tl8iXak1uCt3KnsTyxqPtLE+vOoDnrQ=", - "owner": "divnix", - "repo": "yants", - "rev": "77df2be1b3cce9f571c6cf451f786b266a6869cc", - "type": "github" - }, - "original": { - "owner": "divnix", - "repo": "yants", - "type": "github" - } } }, "root": "root", -- 2.44.2 From 0764093600d9ea4ac5f46a39f2d6a938f9dfe001 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 9 Apr 2022 14:24:51 +0200 Subject: [PATCH 184/320] office: add xournalpp, tool for annotating PDFs --- modules/office/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/office/default.nix b/modules/office/default.nix index 74a21d7a..c1b552b7 100644 --- a/modules/office/default.nix +++ b/modules/office/default.nix @@ -20,6 +20,8 @@ in gnome3.simple-scan # Tools like pdfunite poppler_utils + # tool for annotating PDFs + xournalpp ]; }; }; -- 2.44.2 From 2cbaf25a278fdf8f190a21b3ec56250cd3b6d081 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 9 Apr 2022 15:54:15 +0200 Subject: [PATCH 185/320] export devos template in digga devos: remove bud get --- flake.nix | 9 --------- shell/bud/default.nix | 10 ---------- shell/bud/get.bash | 1 - shell/devos.nix | 5 +++-- 4 files changed, 3 insertions(+), 22 deletions(-) delete mode 100644 shell/bud/default.nix delete mode 100644 shell/bud/get.bash diff --git a/flake.nix b/flake.nix index 9eb85d89..0ba1b1d0 100644 --- a/flake.nix +++ b/flake.nix @@ -140,15 +140,6 @@ homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations; deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { }; - - defaultTemplate = self.templates.bud; - templates.bud.path = ./.; - templates.bud.description = "bud template"; - } - // - { - budModules = { devos = import ./shell/bud; }; - } ; } diff --git a/shell/bud/default.nix b/shell/bud/default.nix deleted file mode 100644 index c486636b..00000000 --- a/shell/bud/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, lib, budUtils, ... }: { - bud.cmds = with pkgs; { - get = { - writer = budUtils.writeBashWithPaths [ nixUnstable git coreutils ]; - synopsis = "get [DEST]"; - help = "Copy the desired template to DEST"; - script = ./get.bash; - }; - }; -} diff --git a/shell/bud/get.bash b/shell/bud/get.bash deleted file mode 100644 index 89e2af3d..00000000 --- a/shell/bud/get.bash +++ /dev/null @@ -1 +0,0 @@ - nix flake new -t "github:divnix/devos/main" "${2:-devos}" diff --git a/shell/devos.nix b/shell/devos.nix index dd6f75ef..581aee9a 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -45,10 +45,11 @@ in (docs mdbook) (devos inputs.deploy.packages.${pkgs.system}.deploy-rs) ] - ++ lib.optional (system != "i686-linux") (devos cachix) - + ++ lib.optional + (system != "aarch64-darwin") + (devos inputs.nixos-generators.defaultPackage.${pkgs.system}) ; } -- 2.44.2 From 2b1a6d26fd679088a58ddb97fbfdfe9d9de52043 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 9 Apr 2022 15:56:13 +0200 Subject: [PATCH 186/320] core: nixpkgs-review, see: https://github.com/Mic92/nixpkgs-review#usage --- profiles/core/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/profiles/core/default.nix b/profiles/core/default.nix index f45e7a78..a352a9d5 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -70,6 +70,7 @@ in manix nix-index nix-tree + nixpkgs-review # Build broken, python2.7-PyJWT-2.0.1.drv' failed #nixops psos -- 2.44.2 From 11ea00789966fda6375303512f5810193792121a Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 9 Apr 2022 16:40:03 +0200 Subject: [PATCH 187/320] digga: Remove customBuilds, nixos-generate has --flake, Use nixos-* not release-* --- flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 0ba1b1d0..1d44e66d 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,8 @@ inputs = { - nixos.url = "github:nixos/nixpkgs/release-21.11"; + # Track channels with commits tested and built by hydra + nixos.url = "github:nixos/nixpkgs/nixos-21.11"; latest.url = "github:nixos/nixpkgs/nixos-unstable"; digga.url = "github:divnix/digga"; @@ -40,6 +41,8 @@ nixos-hardware.url = "github:nixos/nixos-hardware"; + nixos-generators.url = "github:nix-community/nixos-generators"; + # PubSolarOS additions nix-dram.url = "github:dramforever/nix-dram"; nix-dram.inputs.nixpkgs.follows = "latest"; -- 2.44.2 From 030bf9e808e260ba2f8db8a55735cb40b03f3003 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 9 Apr 2022 16:47:28 +0200 Subject: [PATCH 188/320] neovim: diagnostics: only show under cursor and use custom signcolumn icons using new lua vim.diagnostic.config options fix fzf pop-up colors get sonokai, suda-vim from nixpkgs vimPlugins bump vim-workspace add apprentice, hybrid and airline colorschemes --- modules/terminal-life/nvim/default.nix | 38 ++++++++++++-------------- modules/terminal-life/nvim/lsp.vim | 33 +++++++++++++--------- modules/terminal-life/nvim/ui.vim | 16 +++++++++++ 3 files changed, 53 insertions(+), 34 deletions(-) diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 5677032f..f7bec47e 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -15,33 +15,16 @@ let }; }; - sonokai = pkgs.vimUtils.buildVimPlugin { - name = "sonokai"; - src = pkgs.fetchFromGitHub { - owner = "sainnhe"; - repo = "sonokai"; - rev = "51e7ee8b13f9c2e4eae33f8d745eaa1f320b0ae6"; - sha256 = "0svqr6dnpk2p5qhb6j0rllns8f0f4886wxpx69wgazjx84bx728i"; - }; - }; - suda = pkgs.vimUtils.buildVimPlugin { - name = "suda"; - src = pkgs.fetchFromGitHub { - owner = "lambdalisue"; - repo = "suda.vim"; - rev = "fbb138f5090c3db4dabeba15326397a09df6b73b"; - sha256 = "ztZ5UPd2y4Mkore/QLfMCwjM0Qy4eWCOw535NzDSfgY="; - }; - }; workspace = pkgs.vimUtils.buildVimPlugin { name = "vim-workspace"; src = pkgs.fetchFromGitHub { owner = "thaerkh"; repo = "vim-workspace"; - rev = "faa835406990171bbbeff9254303dad49bad17cb"; - sha256 = "w6CcFcIplwUVcvx54rbTwThBxus1k7yHot2TpdNQ61M="; + rev = "c26b473f9b073f24bacecd38477f44c5cd1f5a62"; + sha256 = "sha256-XV7opLyfkHIDO0+JJaO/x0za0gsHuklrzapTGdLHJmI="; }; }; + beautify = pkgs.vimUtils.buildVimPlugin { name = "vim-beautify"; src = pkgs.fetchFromGitHub { @@ -51,6 +34,16 @@ let sha256 = "QPTCl6KaGcAjTS5yVDov9yxmv0fDaFoPLMsrtVIG6GQ="; }; }; + + apprentice = pkgs.vimUtils.buildVimPlugin { + name = "vim-apprentice"; + src = pkgs.fetchFromGitHub { + owner = "romainl"; + repo = "Apprentice"; + rev = "ecd41698037f15a58125b349be76dbd2595bfb6d"; + sha256 = "sha256-9s7Yzn3IEJBjcyUq9NBIQ9wb45Xr7jOkEIoWf0lAYYg="; + }; + }; in { enable = true; @@ -103,13 +96,16 @@ in editorconfig-vim nnn-vim quick-scope - suda + suda-vim syntastic vim-gutentags vim-vinegar workspace sonokai + vim-hybrid-material + vim-airline-themes + apprentice fugitive vim-gitgutter diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index e1e558f0..db887ec3 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -8,9 +8,10 @@ set completeopt=menuone,noinsert,noselect " Avoid showing extra messages when using completion set shortmess+=c -" Configure neovim 5 experimental LSPs +" Configure neovim 0.6+ experimental LSPs " https://github.com/neovim/nvim-lspconfig -" https://github.com/neovim/nvim-lspconfig/blob/master/CONFIG.md +" https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md +" https://github.com/neovim/nvim-lspconfig/wiki/UI-Customization " https://gitlab.com/Iron_E/dotfiles/-/blob/master/.config/nvim/lua/_config/plugin/nvim_lsp.lua lua < g[ PrevDiagnosticCycle -" nnoremap g] NextDiagnosticCycle - " have a fixed column for the diagnostics to appear in " this removes the jitter when warnings/errors flow in -set signcolumn=yes +set signcolumn=yes:2 diff --git a/modules/terminal-life/nvim/ui.vim b/modules/terminal-life/nvim/ui.vim index 0071792f..3131188f 100644 --- a/modules/terminal-life/nvim/ui.vim +++ b/modules/terminal-life/nvim/ui.vim @@ -14,3 +14,19 @@ let g:airline#extensions#tabline#formatter = 'unique_tail_improved' let g:airline_powerline_fonts = 1 " Use powerline fonts let g:airline_theme = 'sonokai' +" Customize fzf colors to match your color scheme +" - fzf#wrap translates this to a set of `--color` options +let g:fzf_colors = +\ { 'fg': ['fg', 'Normal'], + \ 'bg': ['bg', 'Normal'], + \ 'hl': ['fg', 'Comment'], + \ 'fg+': ['fg', 'CursorLine', 'CursorColumn', 'Normal'], + \ 'bg+': ['bg', 'CursorLine', 'CursorColumn'], + \ 'hl+': ['fg', 'Statement'], + \ 'info': ['fg', 'PreProc'], + \ 'border': ['fg', 'Ignore'], + \ 'prompt': ['fg', 'Conditional'], + \ 'pointer': ['fg', 'Exception'], + \ 'marker': ['fg', 'Keyword'], + \ 'spinner': ['fg', 'Label'], + \ 'header': ['fg', 'Comment'] } -- 2.44.2 From f731adc0604e43c0252b18c5cf03ced2c95549fc Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 9 Apr 2022 16:54:06 +0200 Subject: [PATCH 189/320] Update flake lock --- flake.lock | 135 +++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 104 insertions(+), 31 deletions(-) diff --git a/flake.lock b/flake.lock index d91fc204..44737dd4 100644 --- a/flake.lock +++ b/flake.lock @@ -158,11 +158,11 @@ ] }, "locked": { - "lastModified": 1648937792, - "narHash": "sha256-KoR/L4tYoFaoIo4knVuaqjzLn6yAvQmO8e5YcfUsxY4=", + "lastModified": 1649221292, + "narHash": "sha256-HIvIL/rcMeKzS18MKj9XpN+6qiHS94VtdqMRTvdz7MQ=", "owner": "divnix", "repo": "digga", - "rev": "afa1c70e0c48395058112adf795c4999ac88eccf", + "rev": "e2bb8ea28c5bbc7bb46ac91df3ac846ce9a3964c", "type": "github" }, "original": { @@ -236,7 +236,7 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": "flake-utils_2" + "flake-utils": "flake-utils_3" }, "locked": { "lastModified": 1639385028, @@ -253,6 +253,21 @@ } }, "flake-utils_2": { + "locked": { + "lastModified": 1648297722, + "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { "locked": { "lastModified": 1638122382, "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", @@ -267,7 +282,7 @@ "type": "github" } }, - "flake-utils_3": { + "flake-utils_4": { "locked": { "lastModified": 1644229661, "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", @@ -282,7 +297,7 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_5": { "locked": { "lastModified": 1638122382, "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", @@ -336,11 +351,11 @@ }, "latest_2": { "locked": { - "lastModified": 1648632716, - "narHash": "sha256-kCmnDeiaMsdhfnNKjxdOzwRh2H6eQb8yWAL+nNabC/Y=", + "lastModified": 1649225869, + "narHash": "sha256-u1zLtPmQzhT9mNXyM8Ey9pk7orDrIKdwooeGDEXm5xM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "710fed5a2483f945b14f4a58af2cd3676b42d8c8", + "rev": "b6966d911da89e5a7301aaef8b4f0a44c77e103c", "type": "github" }, "original": { @@ -357,11 +372,11 @@ ] }, "locked": { - "lastModified": 1648544490, - "narHash": "sha256-EoBDcccV70tfz2LAs5lK0BjC7en5mzUVlgLsd5E6DW4=", + "lastModified": 1649096192, + "narHash": "sha256-7O8e+eZEYeU+ET98u/zW5epuoN/xYx9G+CIh4DjZVzY=", "owner": "nmattia", "repo": "naersk", - "rev": "e30ef9a5ce9b3de8bb438f15829c50f9525ca730", + "rev": "d626f73332a8f587b613b0afe7293dd0777be07d", "type": "github" }, "original": { @@ -372,7 +387,7 @@ }, "nix-dram": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "nixpkgs": [ "latest" ] @@ -391,29 +406,63 @@ "type": "github" } }, + "nixlib": { + "locked": { + "lastModified": 1636849918, + "narHash": "sha256-nzUK6dPcTmNVrgTAC1EOybSMsrcx+QrVPyqRdyKLkjA=", + "owner": "nix-community", + "repo": "nixpkgs.lib", + "rev": "28a5b0557f14124608db68d3ee1f77e9329e9dd5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixpkgs.lib", + "type": "github" + } + }, "nixos": { "locked": { - "lastModified": 1649000662, - "narHash": "sha256-KLOmqt2gBWd9h1FQJm6JtV0+T8roxH6Wq2F5wyun+l0=", + "lastModified": 1649368816, + "narHash": "sha256-lVzCpg2xfTUrfcankjlym/mrh/7F/gpWQ7CYQM6BcPY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "14775340a53c22a6398ab30f75428998759a9f8c", + "rev": "29abf698b384258b540e39a86b53ea980495ac4c", "type": "github" }, "original": { "owner": "nixos", - "ref": "release-21.11", + "ref": "nixos-21.11", "repo": "nixpkgs", "type": "github" } }, + "nixos-generators": { + "inputs": { + "nixlib": "nixlib", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1649421936, + "narHash": "sha256-AnY5SbvQqDgb4u/bMWRpsxd9eGpm2IkDZLTldBckxQs=", + "owner": "nix-community", + "repo": "nixos-generators", + "rev": "f5587111742dea4841650d4666f24d3f6577792c", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nixos-generators", + "type": "github" + } + }, "nixos-hardware": { "locked": { - "lastModified": 1648141026, - "narHash": "sha256-h8e3+5EZFbYHTMb0DN2ACuQTJBNHpqigvmEV1w2WIuE=", + "lastModified": 1649488242, + "narHash": "sha256-GFahTvlMnqotZ8i1AO3J8OtVFrJe4QHcEPxpFH+DIEw=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "feceb4d24f582817d8f6e737cd40af9e162dee05", + "rev": "850308db3ef0bcc7454155063b5fec28b4ffbc8c", "type": "github" }, "original": { @@ -438,6 +487,37 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1649515668, + "narHash": "sha256-PjOPJvJiV1GyCyVTDad4Vb7Cz9jAta/76Av66+A08RY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7bbf0f0ec9acb2c2f55f2c223a4cffbd16913997", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1637186689, + "narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nur": { "locked": { "lastModified": 1626378135, @@ -454,7 +534,7 @@ "nvfetcher": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_5", "nixpkgs": [ "nixos" ] @@ -475,16 +555,8 @@ }, "poetry2nix": { "inputs": { - "flake-utils": [ - "bud", - "beautysh", - "flake-utils" - ], - "nixpkgs": [ - "bud", - "beautysh", - "nixpkgs" - ] + "flake-utils": "flake-utils_2", + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1633382856, @@ -512,6 +584,7 @@ "naersk": "naersk", "nix-dram": "nix-dram", "nixos": "nixos", + "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", "nur": "nur", "nvfetcher": "nvfetcher" -- 2.44.2 From d85b48d19138d4eacedaad769230567707ea0f7c Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Apr 2022 11:19:50 +0200 Subject: [PATCH 190/320] nix-direnv: use flake-aware version 2.0.0 --- .envrc | 19 +++++++++++-------- overlays/overrides.nix | 1 + 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/.envrc b/.envrc index c878da9a..e32c27da 100644 --- a/.envrc +++ b/.envrc @@ -1,10 +1,13 @@ # reload when these files change -watch_file flake.nix -watch_file shell.nix +watch_file shell/* flake.nix +use flake || use nix -{ - # shell gc root dir - mkdir -p "$(direnv_layout_dir)" - - eval "$(nix print-dev-env --profile $(direnv_layout_dir)/flake-profile)" -} || use nix +#watch_file flake.nix +#watch_file shell.nix +# +#{ +# # shell gc root dir +# mkdir -p "$(direnv_layout_dir)" +# +# eval "$(nix print-dev-env --profile $(direnv_layout_dir)/flake-profile)" +#} || use nix diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 6637706b..098b92e5 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -22,6 +22,7 @@ channels: final: prev: { obs-studio obs-studio-plugins looking-glass-client + nix-direnv vimPlugins ; -- 2.44.2 From 88bb8f3eb8f3574404c1675e2366ce78e5a56a2a Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Apr 2022 11:30:17 +0200 Subject: [PATCH 191/320] cachix: trust pub.solar public keys for nix-dram --- flake.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index 1d44e66d..862e78c3 100644 --- a/flake.nix +++ b/flake.nix @@ -2,8 +2,8 @@ description = "A highly structured configuration database."; nixConfig.extra-experimental-features = "nix-command flakes"; - nixConfig.extra-substituters = "https://nrdxp.cachix.org https://nix-community.cachix.org"; - nixConfig.extra-trusted-public-keys = "nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="; + nixConfig.extra-substituters = "https://nix-dram.cachix.org https://dram.cachix.org https://nrdxp.cachix.org https://nix-community.cachix.org"; + nixConfig.extra-trusted-public-keys = "nix-dram.cachix.org-1:CKjZ0L1ZiqH3kzYAZRt8tg8vewAx5yj8Du/+iR8Efpg= dram.cachix.org-1:baoy1SXpwYdKbqdTbfKGTKauDDeDlHhUpC+QuuILEMY= nrdxp.cachix.org-1:Fc5PSqY2Jm1TrWfm88l6cvGWwz3s93c6IOifQWnhNW4= nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="; inputs = { -- 2.44.2 From 469c2a3ed9e5bc23300a18764637aded0f7b16b8 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Apr 2022 11:33:44 +0200 Subject: [PATCH 192/320] neovim: fix lsp for neovim 0.7.0 --- modules/terminal-life/nvim/lsp.vim | 54 ++++++++++++++---------------- 1 file changed, 25 insertions(+), 29 deletions(-) diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index db887ec3..1b4a4d31 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -16,36 +16,35 @@ set shortmess+=c lua <e', 'lua vim.diagnostic.open_float()', opts) + vim.api.nvim_set_keymap('n', 'g[', 'lua vim.diagnostic.goto_prev()', opts) + vim.api.nvim_set_keymap('n', 'g]', 'lua vim.diagnostic.goto_next()', opts) + vim.api.nvim_set_keymap('n', 'dq', 'lua vim.diagnostic.setloclist()', opts) + vim.api.nvim_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) + -- Use an on_attach function to only map the following keys -- after the language server attaches to the current buffer local on_attach = function(client, bufnr) - local function buf_set_keymap(...) vim.api.nvim_buf_set_keymap(bufnr, ...) end - local function buf_set_option(...) vim.api.nvim_buf_set_option(bufnr, ...) end - -- Enable completion triggered by - buf_set_option('omnifunc', 'v:lua.vim.lsp.omnifunc') - - -- Mappings. - local opts = { noremap=true, silent=true } + vim.api.nvim_buf_set_option(bufnr, 'omnifunc', 'v:lua.vim.lsp.omnifunc') + -- Mappings (available if LSP is configured and attached to buffer) -- See `:help vim.lsp.*` for documentation on any of the below functions - buf_set_keymap('n', 'gD', 'lua vim.lsp.buf.declaration()', opts) - buf_set_keymap('n', 'gd', 'lua vim.lsp.buf.definition()', opts) - buf_set_keymap('n', 'K', 'lua vim.lsp.buf.hover()', opts) - buf_set_keymap('n', 'gi', 'lua vim.lsp.buf.implementation()', opts) - buf_set_keymap('n', '', 'lua vim.lsp.buf.signature_help()', opts) - buf_set_keymap('n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) - buf_set_keymap('n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) - buf_set_keymap('n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) - buf_set_keymap('n', 'D', 'lua vim.lsp.buf.type_definition()', opts) - buf_set_keymap('n', 'rn', 'lua vim.lsp.buf.rename()', opts) - buf_set_keymap('n', 'ca', 'lua vim.lsp.buf.code_action()', opts) - buf_set_keymap('n', 'gr', 'lua vim.lsp.buf.references()', opts) - buf_set_keymap('n', 'e', 'lua vim.diagnostic.open_float()', opts) - buf_set_keymap('n', 'g[', 'lua vim.diagnostic.goto_prev()', opts) - buf_set_keymap('n', 'g]', 'lua vim.diagnostic.goto_next()', opts) - buf_set_keymap('n', 'q', 'lua vim.diagnostic.setloclist()', opts) - buf_set_keymap('n', 'f', 'lua vim.lsp.buf.formatting()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gD', 'lua vim.lsp.buf.declaration()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gd', 'lua vim.lsp.buf.definition()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'K', 'lua vim.lsp.buf.hover()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gi', 'lua vim.lsp.buf.implementation()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', '', 'lua vim.lsp.buf.signature_help()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wa', 'lua vim.lsp.buf.add_workspace_folder()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wr', 'lua vim.lsp.buf.remove_workspace_folder()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'wl', 'lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'D', 'lua vim.lsp.buf.type_definition()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'rn', 'lua vim.lsp.buf.rename()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'ca', 'lua vim.lsp.buf.code_action()', opts) + vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gr', 'lua vim.lsp.buf.references()', opts) end @@ -117,11 +116,8 @@ lua < Date: Tue, 26 Apr 2022 11:38:26 +0200 Subject: [PATCH 193/320] Update flake lock --- flake.lock | 126 ++++++++++++++++++++++------------------------------- 1 file changed, 52 insertions(+), 74 deletions(-) diff --git a/flake.lock b/flake.lock index 44737dd4..1e79ce16 100644 --- a/flake.lock +++ b/flake.lock @@ -87,11 +87,11 @@ ] }, "locked": { - "lastModified": 1648278671, - "narHash": "sha256-1WrR9ex+rKTjZtODNUZQhkWYUprtfOkjOyo9YWL2NMs=", + "lastModified": 1650920635, + "narHash": "sha256-csLLku/jHa7oTPAEJCQhFfyGYstD7jmJJV+3MiOyA+E=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "4fdbb8168f61d31d3f90bb0d07f48de709c4fe79", + "rev": "1a387b8b3e4d65d7e65ae3fd85ac62b7c114c9c8", "type": "github" }, "original": { @@ -158,11 +158,11 @@ ] }, "locked": { - "lastModified": 1649221292, - "narHash": "sha256-HIvIL/rcMeKzS18MKj9XpN+6qiHS94VtdqMRTvdz7MQ=", + "lastModified": 1650465041, + "narHash": "sha256-rAvwIjzHUBd2wBR0psWe2EtJr7w046TIOXZcSjLD2qg=", "owner": "divnix", "repo": "digga", - "rev": "e2bb8ea28c5bbc7bb46ac91df3ac846ce9a3964c", + "rev": "d60f27f697d7bb8038f85917030ca706a99eea49", "type": "github" }, "original": { @@ -206,11 +206,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1627913399, - "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=", + "lastModified": 1648199409, + "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=", "owner": "edolstra", "repo": "flake-compat", - "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2", + "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03", "type": "github" }, "original": { @@ -236,7 +236,7 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": "flake-utils_3" + "flake-utils": "flake-utils_2" }, "locked": { "lastModified": 1639385028, @@ -253,21 +253,6 @@ } }, "flake-utils_2": { - "locked": { - "lastModified": 1648297722, - "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { "locked": { "lastModified": 1638122382, "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", @@ -282,7 +267,7 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_3": { "locked": { "lastModified": 1644229661, "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", @@ -297,13 +282,13 @@ "type": "github" } }, - "flake-utils_5": { + "flake-utils_4": { "locked": { - "lastModified": 1638122382, - "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "lastModified": 1649676176, + "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", "owner": "numtide", "repo": "flake-utils", - "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", "type": "github" }, "original": { @@ -319,11 +304,11 @@ ] }, "locked": { - "lastModified": 1648834319, - "narHash": "sha256-i5Aj4Aw64D/A0X6XW5LxSS4XBnYj7gMz+kN4dpsbdk8=", + "lastModified": 1650841545, + "narHash": "sha256-AF3fk+p/mHbdtyrI3kpms+MoMVOdGIBGJ+7LT7WWdaU=", "owner": "nix-community", "repo": "home-manager", - "rev": "0bdbdea2e26c984b096f4f7d10e3c88536a980b0", + "rev": "236c6ec21420e44c38ec76de4fc3335bec1859b5", "type": "github" }, "original": { @@ -351,11 +336,11 @@ }, "latest_2": { "locked": { - "lastModified": 1649225869, - "narHash": "sha256-u1zLtPmQzhT9mNXyM8Ey9pk7orDrIKdwooeGDEXm5xM=", + "lastModified": 1650831523, + "narHash": "sha256-6pDZ08SAXsUx5rOP391x+TG39ENP/XA8VMa1tQvgEjc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b6966d911da89e5a7301aaef8b4f0a44c77e103c", + "rev": "87d34a6b8982e901b8e50096b8e79ebc0e66cda0", "type": "github" }, "original": { @@ -372,11 +357,11 @@ ] }, "locked": { - "lastModified": 1649096192, - "narHash": "sha256-7O8e+eZEYeU+ET98u/zW5epuoN/xYx9G+CIh4DjZVzY=", + "lastModified": 1650265945, + "narHash": "sha256-SO8+1db4jTOjnwP++29vVgImLIfETSXyoz0FuLkiikE=", "owner": "nmattia", "repo": "naersk", - "rev": "d626f73332a8f587b613b0afe7293dd0777be07d", + "rev": "e8f9f8d037774becd82fce2781e1abdb7836d7df", "type": "github" }, "original": { @@ -387,17 +372,17 @@ }, "nix-dram": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "nixpkgs": [ "latest" ] }, "locked": { - "lastModified": 1647510905, - "narHash": "sha256-kQ+cftZtnqzI/dIYvhm0NtxT5sKnD9Sh9Ou/Bkni/vI=", + "lastModified": 1649569158, + "narHash": "sha256-Wtmiyu/1d+3YGGcRxTnQyEtnJaKKR/Ry0kNbOY48Afs=", "owner": "dramforever", "repo": "nix-dram", - "rev": "ea68798b61f32032d093c09b9357b461fed37254", + "rev": "84c47c0dc93c77f7edfd996f71618d278844c1c4", "type": "github" }, "original": { @@ -423,11 +408,11 @@ }, "nixos": { "locked": { - "lastModified": 1649368816, - "narHash": "sha256-lVzCpg2xfTUrfcankjlym/mrh/7F/gpWQ7CYQM6BcPY=", + "lastModified": 1650830814, + "narHash": "sha256-P7vGsHdS19eHVUJt4BeQA4JfauL2nOpEcnYKIbX76YM=", "owner": "nixos", "repo": "nixpkgs", - "rev": "29abf698b384258b540e39a86b53ea980495ac4c", + "rev": "c254b8c915ac912ae9ee9dc74eac555ccbf33795", "type": "github" }, "original": { @@ -440,14 +425,14 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1649421936, - "narHash": "sha256-AnY5SbvQqDgb4u/bMWRpsxd9eGpm2IkDZLTldBckxQs=", + "lastModified": 1650388175, + "narHash": "sha256-auVEdcVtIIuBnoygUXedJewfmsf/2gSMwCrAcq/QNhM=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "f5587111742dea4841650d4666f24d3f6577792c", + "rev": "b0326ae4f0761b9b482b8472975b3a8e86940ce2", "type": "github" }, "original": { @@ -458,11 +443,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1649488242, - "narHash": "sha256-GFahTvlMnqotZ8i1AO3J8OtVFrJe4QHcEPxpFH+DIEw=", + "lastModified": 1650522846, + "narHash": "sha256-SxWHXRI3qJwswyXAtzsi6PKVY3KLNNnb072KaJthII8=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "850308db3ef0bcc7454155063b5fec28b4ffbc8c", + "rev": "6b4ebea9093c997c5f275c820e679108de4871ab", "type": "github" }, "original": { @@ -488,21 +473,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1649515668, - "narHash": "sha256-PjOPJvJiV1GyCyVTDad4Vb7Cz9jAta/76Av66+A08RY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7bbf0f0ec9acb2c2f55f2c223a4cffbd16913997", - "type": "github" - }, - "original": { - "owner": "NixOS", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1637186689, "narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=", @@ -534,17 +504,17 @@ "nvfetcher": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixos" ] }, "locked": { - "lastModified": 1648145722, - "narHash": "sha256-iC04ukXdms4XnvKh/o1LoYXDiAURD6y0vae8V6ovQfw=", + "lastModified": 1650169042, + "narHash": "sha256-x8469XNOU/ebIh5YCuvjcOAaAptwHjkEl1aTFrevu1o=", "owner": "berberman", "repo": "nvfetcher", - "rev": "daea67a8b6ec8aa89eb3a474c3d9e9ce2b2cc6f1", + "rev": "db780dba6923e531b5aedca502a36d3d9627fca9", "type": "github" }, "original": { @@ -555,8 +525,16 @@ }, "poetry2nix": { "inputs": { - "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_2" + "flake-utils": [ + "bud", + "beautysh", + "flake-utils" + ], + "nixpkgs": [ + "bud", + "beautysh", + "nixpkgs" + ] }, "locked": { "lastModified": 1633382856, -- 2.44.2 From a7215fa101160c6167568903fb4191163b7fbe73 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Apr 2022 11:31:50 +0200 Subject: [PATCH 194/320] neovim: add template for shell.nix files --- modules/terminal-life/nvim/lsp.vim | 8 ++++++++ profiles/base-user/home.nix | 14 ++++++++++++++ 2 files changed, 22 insertions(+) diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 1b4a4d31..2c132414 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -8,6 +8,14 @@ set completeopt=menuone,noinsert,noselect " Avoid showing extra messages when using completion set shortmess+=c +function AddTemplate(tmpl_file) + exe "0read " . a:tmpl_file + set nomodified + 6 +endfunction + +autocmd BufNewFile shell.nix call AddTemplate("$XDG_DATA_HOME/nvim/templates/shell.nix.tmpl") + " Configure neovim 0.6+ experimental LSPs " https://github.com/neovim/nvim-lspconfig " https://github.com/neovim/nvim-lspconfig/blob/master/doc/server_configurations.md diff --git a/profiles/base-user/home.nix b/profiles/base-user/home.nix index 4becfab3..0736b6d4 100644 --- a/profiles/base-user/home.nix +++ b/profiles/base-user/home.nix @@ -54,6 +54,20 @@ in # Ensure nvim backup directory gets created # Workaround for E510: Can't make backup file (add ! to override) xdg.dataFile."nvim/backup/.keep".text = ""; + xdg.dataFile."nvim/templates/.keep".text = ""; + xdg.dataFile."shell.nix.tmpl" = { + text = '' + let + unstable = import (fetchTarball https://github.com/nixos/nixpkgs/archive/nixos-unstable.tar.gz) { }; + in + { nixpkgs ? import {} }: + with nixpkgs; mkShell { + buildInputs = [ + ]; + } + ''; + target = "nvim/templates/shell.nix.tmpl"; + }; # Allow unfree packages only on a user basis, not on a system-wide basis xdg.configFile."nixpkgs/config.nix".text = " { allowUnfree = true; } "; -- 2.44.2 From af67e0d15f87399c14fb6e165a1d460d38a4a933 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 15:12:26 +0200 Subject: [PATCH 195/320] neovim: don't show diagnostics when in insert mode --- modules/terminal-life/nvim/lsp.vim | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 2c132414..10231631 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -54,6 +54,22 @@ lua <ca', 'lua vim.lsp.buf.code_action()', opts) vim.api.nvim_buf_set_keymap(bufnr, 'n', 'gr', 'lua vim.lsp.buf.references()', opts) + -- Show diagnostic popup on cursor hold + vim.api.nvim_create_autocmd("CursorHold", { + buffer = bufnr, + callback = function() + local opts = { + focusable = false, + close_events = { "BufLeave", "CursorMoved", "InsertEnter", "FocusLost" }, + border = 'rounded', + source = 'always', + prefix = ' ', + scope = 'cursor', + } + vim.diagnostic.open_float(nil, opts) + end + }) + end -- Add additional capabilities supported by nvim-cmp @@ -198,8 +214,7 @@ for type, icon in pairs(signs) do end EOF -" Show diagnostic popup on cursor hold -autocmd CursorHold,CursorHoldI * lua vim.diagnostic.open_float(nil, { focus = false, scope = "cursor" }) +"autocmd CursorHold * lua vim.diagnostic.open_float(nil, { focus = false, scope = "cursor" }) " have a fixed column for the diagnostics to appear in " this removes the jitter when warnings/errors flow in -- 2.44.2 From c56a3eaee2a45742a74ee30b5d605f5d0ba56275 Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Sat, 30 Apr 2022 15:19:17 +0200 Subject: [PATCH 196/320] Wrap signal-desktop to add flag to disable gpu processing --- modules/social/default.nix | 3 +-- pkgs/default.nix | 3 +++ pkgs/ps-signal-desktop.nix | 3 +++ 3 files changed, 7 insertions(+), 2 deletions(-) create mode 100644 pkgs/ps-signal-desktop.nix diff --git a/modules/social/default.nix b/modules/social/default.nix index f3aa63b7..9c53718d 100644 --- a/modules/social/default.nix +++ b/modules/social/default.nix @@ -12,8 +12,7 @@ in config = mkIf cfg.enable { home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { home.packages = [ - #mySignalDesktop - signal-desktop + ps-signal-desktop tdesktop element-desktop irssi diff --git a/pkgs/default.nix b/pkgs/default.nix index 312e685f..b2403502 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -16,4 +16,7 @@ with final; { toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); uhk-agent = import ./uhk-agent.nix final; wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); + + # ps-fixes + ps-signal-desktop = writeShellScriptBin "signal-desktop" (import ./ps-signal-desktop.nix final); } diff --git a/pkgs/ps-signal-desktop.nix b/pkgs/ps-signal-desktop.nix new file mode 100644 index 00000000..c1d3967a --- /dev/null +++ b/pkgs/ps-signal-desktop.nix @@ -0,0 +1,3 @@ +self: with self; '' + exec ${signal-desktop}/bin/signal-desktop --disable-gpu -- "$@" +'' -- 2.44.2 From 2852efbbbca773665966f68b8fdcb087531cf4d7 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 15:13:20 +0200 Subject: [PATCH 197/320] tree-wide: gnome3 -> gnome, add hicolor-icon-theme as fallback --- modules/crypto/default.nix | 2 +- modules/graphical/default.nix | 8 +++++--- modules/office/default.nix | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/modules/crypto/default.nix b/modules/crypto/default.nix index 8e9c5ee9..712787aa 100644 --- a/modules/crypto/default.nix +++ b/modules/crypto/default.nix @@ -30,7 +30,7 @@ in }; home.packages = [ - gnome3.seahorse + gnome.seahorse keepassxc libsecret qMasterPassword diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index bbf8f59d..6910769a 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -89,9 +89,11 @@ in flameshot libnotify - gnome3.adwaita-icon-theme + gnome.adwaita-icon-theme gnome.eog - gnome3.nautilus + gnome.nautilus + gnome.yelp + hicolor-icon-theme wine @@ -112,7 +114,7 @@ in enable = true; font.name = "Lato"; iconTheme = { - package = pkgs.papirus-maia-icon-theme; + package = pkgs.papirus-icon-theme; name = "Papirus-Adapta-Nokto-Maia"; }; theme = { diff --git a/modules/office/default.nix b/modules/office/default.nix index c1b552b7..204e3ae8 100644 --- a/modules/office/default.nix +++ b/modules/office/default.nix @@ -17,7 +17,7 @@ in home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { home.packages = [ libreoffice-fresh - gnome3.simple-scan + gnome.simple-scan # Tools like pdfunite poppler_utils # tool for annotating PDFs -- 2.44.2 From 2c53b3c3b134db21df56371797ffb476e60fba54 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 15:15:29 +0200 Subject: [PATCH 198/320] virtualisation: generalize for intel CPUs by adding intel_iommu to kernelParams --- modules/virtualisation/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/virtualisation/default.nix b/modules/virtualisation/default.nix index 4d588622..8fc25024 100644 --- a/modules/virtualisation/default.nix +++ b/modules/virtualisation/default.nix @@ -14,6 +14,7 @@ in config = mkIf cfg.enable { boot.kernelParams = [ "amd_iommu=on" + "intel_iommu=on" "iommu=pt" ]; -- 2.44.2 From b326f183446b0e7686cab9925b4483160d3439f7 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 26 Apr 2022 11:43:55 +0200 Subject: [PATCH 199/320] zsh: use max length for dir to allow enough space for the right hand indicators --- modules/terminal-life/zsh/p10k.zsh | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/modules/terminal-life/zsh/p10k.zsh b/modules/terminal-life/zsh/p10k.zsh index be207b58..90734313 100644 --- a/modules/terminal-life/zsh/p10k.zsh +++ b/modules/terminal-life/zsh/p10k.zsh @@ -195,7 +195,16 @@ typeset -g POWERLEVEL9K_DIR_{HOME,HOME_SUBFOLDER}_BACKGROUND=1 typeset -g POWERLEVEL9K_DIR_NOT_WRITABLE_BACKGROUND=1 - typeset -g POWERLEVEL9K_DIR_ANCHOR_BOLD=true + # If directory is too long, shorten some of its segments to the shortest possible unique + # prefix. The shortened directory can be tab-completed to the original. + typeset -g POWERLEVEL9K_SHORTEN_STRATEGY=truncate_to_unique + # Color of the shortened directory segments. + typeset -g POWERLEVEL9K_DIR_SHORTENED_FOREGROUND=0 + # Color of the anchor directory segments. Anchor segments are never shortened. The first + # segment is always an anchor. + typeset -g POWERLEVEL9K_DIR_ANCHOR_FOREGROUND=0 + # Display anchor directory segments in bold. + typeset -g POWERLEVEL9K_DIR_ANCHOR_BOLD=false # Don't shorten directories that contain any of these files. They are anchors. local anchor_files=( .bzr @@ -228,13 +237,13 @@ # contains a marker (.git) and other directories don't. typeset -g POWERLEVEL9K_DIR_TRUNCATE_BEFORE_MARKER=false # Don't shorten this many last directory segments. They are anchors. - typeset -g POWERLEVEL9K_SHORTEN_DIR_LENGTH=100 + typeset -g POWERLEVEL9K_SHORTEN_DIR_LENGTH=1 # Shorten directory if it's longer than this even if there is space for it. The value can # be either absolute (e.g., '80') or a percentage of terminal width (e.g, '50%'). If empty, # directory will be shortened only when prompt doesn't fit or when other parameters demand it # (see POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS and POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS_PCT below). # If set to `0`, directory will always be shortened to its minimum length. - typeset -g POWERLEVEL9K_DIR_MAX_LENGTH= + typeset -g POWERLEVEL9K_DIR_MAX_LENGTH=80 # When `dir` segment is on the last prompt line, try to shorten it enough to leave at least this # many columns for typing commands. typeset -g POWERLEVEL9K_DIR_MIN_COMMAND_COLUMNS=40 -- 2.44.2 From 6f2c137c06ea995cb2a1eaa4eb29dd9592b930c4 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 15:58:00 +0200 Subject: [PATCH 200/320] direnv: update envrc --- .envrc | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/.envrc b/.envrc index c878da9a..7f6e3ecd 100644 --- a/.envrc +++ b/.envrc @@ -1,10 +1,3 @@ # reload when these files change -watch_file flake.nix -watch_file shell.nix - -{ - # shell gc root dir - mkdir -p "$(direnv_layout_dir)" - - eval "$(nix print-dev-env --profile $(direnv_layout_dir)/flake-profile)" -} || use nix +watch_file shell/* flake.nix +use flake || use nix -- 2.44.2 From e956a69abfd9a0e79f42fee11c6f841fb49857a6 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 16:38:19 +0200 Subject: [PATCH 201/320] Re-enable CI Check step --- .drone.yml | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/.drone.yml b/.drone.yml index 8d6ccf6a..aa614c4a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -87,26 +87,26 @@ trigger: event: - cron -#--- -#kind: pipeline -#type: docker -#name: Check -# -#steps: -# - name: "Check" -# image: docker.nix-community.org/nixpkgs/nix-flakes:latest -# when: -# event: -# - pull_request -# - tag -# environment: -# NIX_FLAGS: "--print-build-logs --verbose" -# commands: -# - 'echo NIX_FLAGS: $NIX_FLAGS' -# - nix $$NIX_FLAGS flake check -# - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" -# - nix $$NIX_FLAGS develop --command echo OK -# - nix $$NIX_FLAGS develop --command bud --help +--- +kind: pipeline +type: docker +name: Check + +steps: + - name: "Check" + image: docker.nix-community.org/nixpkgs/nix-flakes:latest + when: + event: + - pull_request + - tag + environment: + NIX_FLAGS: "--print-build-logs --verbose" + commands: + - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' + - nix $$NIX_FLAGS flake check + - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" + - nix $$NIX_FLAGS develop --command echo OK + - nix $$NIX_FLAGS develop --command bud --help --- kind: pipeline @@ -158,6 +158,6 @@ volumes: --- kind: signature -hmac: e87b38b90d8b247719f395fd1f15df7ef534d036a5bc5efe140cee8e3a8643da +hmac: 84b008b7e96a6407fec3dd387032b30ecbb1dd7558ceb94bbb51c9ac115948a2 ... -- 2.44.2 From d23376f7fb337f1b5823b41c6aef619b6b0ddd75 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 16:45:51 +0200 Subject: [PATCH 202/320] Workaround ps-signal-desktop is not supported on aarch64-linux using fake metadata --- pkgs/ps-signal-desktop.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/pkgs/ps-signal-desktop.nix b/pkgs/ps-signal-desktop.nix index c1d3967a..ff615639 100644 --- a/pkgs/ps-signal-desktop.nix +++ b/pkgs/ps-signal-desktop.nix @@ -1,3 +1,9 @@ -self: with self; '' +self: with self; +let + signal-desktop = self.signal-desktop.overrideAttrs (old: { + meta.platforms = [ "x86_64-linux" "aarch64-linux" ]; + }); +in +'' exec ${signal-desktop}/bin/signal-desktop --disable-gpu -- "$@" '' -- 2.44.2 From 47ed302f7abba50ca010de919feb4dc663011f59 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 17:03:00 +0200 Subject: [PATCH 203/320] drone: add check step --- .drone.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index aa614c4a..f683f2af 100644 --- a/.drone.yml +++ b/.drone.yml @@ -145,8 +145,8 @@ steps: - /var/nix/iso-cache/*.iso strip_components: 3 -#depends_on: -# - Check +depends_on: + - Check trigger: event: @@ -158,6 +158,6 @@ volumes: --- kind: signature -hmac: 84b008b7e96a6407fec3dd387032b30ecbb1dd7558ceb94bbb51c9ac115948a2 +hmac: e806a6980afdc1bf451be231db1a61e7917822a1f78afe3f2136eadfd632d521 ... -- 2.44.2 From cf5dd8c72cb8505f9606c2f6e845eb9ba0b6f738 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 17:03:13 +0200 Subject: [PATCH 204/320] clean up bud --- shell/bud/get.bash | 1 - 1 file changed, 1 deletion(-) delete mode 100644 shell/bud/get.bash diff --git a/shell/bud/get.bash b/shell/bud/get.bash deleted file mode 100644 index b88081b4..00000000 --- a/shell/bud/get.bash +++ /dev/null @@ -1 +0,0 @@ -nix flake new -t "github:divnix/devos/main" "${2:-devos}" -- 2.44.2 From b516473f69a5eecc0ab93dc5c9d5b7a864df989c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 30 Apr 2022 17:51:41 +0200 Subject: [PATCH 205/320] Change terminal title to cwd --- modules/terminal-life/zsh/default.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/modules/terminal-life/zsh/default.nix b/modules/terminal-life/zsh/default.nix index 9bb5b28d..f9acb23f 100644 --- a/modules/terminal-life/zsh/default.nix +++ b/modules/terminal-life/zsh/default.nix @@ -22,7 +22,6 @@ in [ "$(tty)" = "/dev/tty1" ] && exec sway ''; - shellAliases = { nano = "nvim"; vi = "nvim"; @@ -84,6 +83,10 @@ in stty -ixon stty erase '^?' + precmd () { + echo -e "\e]2;$(pwd)\e\\" + } + # If a command is not found, show me where it is source ${pkgs.nix-index}/etc/profile.d/command-not-found.sh '' -- 2.44.2 From ed26820593f402aab306a70ef70c10524822fcb5 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 18:11:43 +0200 Subject: [PATCH 206/320] neovim: remove unneeded autocmd CursorHold --- modules/terminal-life/nvim/lsp.vim | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 10231631..35c065a6 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -214,8 +214,6 @@ for type, icon in pairs(signs) do end EOF -"autocmd CursorHold * lua vim.diagnostic.open_float(nil, { focus = false, scope = "cursor" }) - " have a fixed column for the diagnostics to appear in " this removes the jitter when warnings/errors flow in set signcolumn=yes:2 -- 2.44.2 From 84fa70513f1aa6a31d1466c75da60adc28834cfb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 30 Apr 2022 18:27:42 +0200 Subject: [PATCH 207/320] Improve terminal pwd title by shortening home to ~ --- modules/terminal-life/zsh/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/terminal-life/zsh/default.nix b/modules/terminal-life/zsh/default.nix index f9acb23f..a914a536 100644 --- a/modules/terminal-life/zsh/default.nix +++ b/modules/terminal-life/zsh/default.nix @@ -84,7 +84,8 @@ in stty erase '^?' precmd () { - echo -e "\e]2;$(pwd)\e\\" + DIR_NAME=$(pwd | sed "s|^$HOME|~|g") + echo -e "\e]2;$DIR_NAME\e\\" } # If a command is not found, show me where it is -- 2.44.2 From 4b915053b4ec212e23ed7eadfa6e4ac94d3c9506 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 30 Apr 2022 20:57:35 +0200 Subject: [PATCH 208/320] zsh: precmd() don't echo trailing newline --- modules/terminal-life/zsh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/terminal-life/zsh/default.nix b/modules/terminal-life/zsh/default.nix index daf437e2..a612ed36 100644 --- a/modules/terminal-life/zsh/default.nix +++ b/modules/terminal-life/zsh/default.nix @@ -85,7 +85,7 @@ in stty erase '^?' precmd () { - echo -e "\e]2;$(pwd)\e\\" + echo -e -n "\e]2;$(pwd)\e\\" } # If a command is not found, show me where it is -- 2.44.2 From 1f1ac4c575cab94b6c8cd466883f16ef90b4dde0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 30 Apr 2022 21:25:38 +0200 Subject: [PATCH 209/320] Add gitmessage template to global git config --- profiles/base-user/.config/git/config.nix | 1 + profiles/base-user/.config/git/gitmessage.nix | 35 +++++++++++++++++++ profiles/base-user/home.nix | 1 + 3 files changed, 37 insertions(+) create mode 100644 profiles/base-user/.config/git/gitmessage.nix diff --git a/profiles/base-user/.config/git/config.nix b/profiles/base-user/.config/git/config.nix index 53c53a77..2553ec66 100644 --- a/profiles/base-user/.config/git/config.nix +++ b/profiles/base-user/.config/git/config.nix @@ -24,6 +24,7 @@ in [commit] gpgsign = true + template = ${xdg.configHome}/git/gitmessage [tag] gpgsign = true [init] diff --git a/profiles/base-user/.config/git/gitmessage.nix b/profiles/base-user/.config/git/gitmessage.nix new file mode 100644 index 00000000..11cac0f9 --- /dev/null +++ b/profiles/base-user/.config/git/gitmessage.nix @@ -0,0 +1,35 @@ +{ config, pkgs, ... }: +let + user = config.pub-solar.user; + xdg = config.home-manager.users."${user.name}".xdg; +in +'' +# Title: Summary, imperative, start upper case, don't end with a period +# No more than 50 chars. #### 50 chars is here: # +# + +# +# Remember blank line between title and body. +# + +# +# Body: Explain *what* and *why* (not *how*). Include issue number. +# Wrap at 72 chars. ################################## which is here: # +# + +# +# At the end: Include Co-authored-by for all contributors. +# Include at least one empty line before it. Format: +# +Co-authored-by: ${user.fullName} <${user.email}> + +# Please enter the commit message for your changes. Lines starting +# with '#' will be ignored, and an empty message aborts the commit. +# +# On branch master +# Your branch is up to date with 'origin/main'. +# +# Changes to be committed: +# new file: installation.md +# +'' diff --git a/profiles/base-user/home.nix b/profiles/base-user/home.nix index 6cb59b11..1ae6bd36 100644 --- a/profiles/base-user/home.nix +++ b/profiles/base-user/home.nix @@ -32,6 +32,7 @@ in xdg.mimeApps = import ./mimeapps.nix; xdg.configFile."git/config".text = import ./.config/git/config.nix { inherit config; inherit pkgs; }; + xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix { inherit config; inherit pkgs; }; xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix { inherit config; inherit pkgs; }; xdg.configFile."dircolors".source = ./.config/dircolors; xdg.configFile."xmodmap".source = ./.config/xmodmap; -- 2.44.2 From 4c9dd20e4a85409244b36aee92aa1c8ebffc7e12 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 30 Apr 2022 21:35:32 +0200 Subject: [PATCH 210/320] better newlines --- profiles/base-user/.config/git/gitmessage.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/profiles/base-user/.config/git/gitmessage.nix b/profiles/base-user/.config/git/gitmessage.nix index 11cac0f9..7f4b1c64 100644 --- a/profiles/base-user/.config/git/gitmessage.nix +++ b/profiles/base-user/.config/git/gitmessage.nix @@ -8,18 +8,15 @@ in # No more than 50 chars. #### 50 chars is here: # # -# -# Remember blank line between title and body. -# -# +# ^ Remember ending with an extra blank line # Body: Explain *what* and *why* (not *how*). Include issue number. # Wrap at 72 chars. ################################## which is here: # # -# + +# ^ Remember ending with an extra blank line # At the end: Include Co-authored-by for all contributors. -# Include at least one empty line before it. Format: # Co-authored-by: ${user.fullName} <${user.email}> -- 2.44.2 From d2f8f0537c978a661b7b426b3e0c5a4ae9863a79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 30 Apr 2022 21:41:43 +0200 Subject: [PATCH 211/320] Show notification when changing keyboard layouts --- pkgs/toggle-kbd-layout.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/toggle-kbd-layout.nix b/pkgs/toggle-kbd-layout.nix index 0d837b0a..529b7028 100644 --- a/pkgs/toggle-kbd-layout.nix +++ b/pkgs/toggle-kbd-layout.nix @@ -10,5 +10,6 @@ self: with self; '' next_layout=0; fi + notify-send "$next_layout" ${sway}/bin/swaymsg input '*' xkb_switch_layout "$next_layout" '' -- 2.44.2 From c48e1c8a75efd7a0321cc5e074a704dbb6df737f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 30 Apr 2022 21:43:56 +0200 Subject: [PATCH 212/320] Add package import of libnotify --- pkgs/toggle-kbd-layout.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/toggle-kbd-layout.nix b/pkgs/toggle-kbd-layout.nix index 529b7028..6418d043 100644 --- a/pkgs/toggle-kbd-layout.nix +++ b/pkgs/toggle-kbd-layout.nix @@ -10,6 +10,6 @@ self: with self; '' next_layout=0; fi - notify-send "$next_layout" + ${libnotify}/bin/notify-send "$next_layout" ${sway}/bin/swaymsg input '*' xkb_switch_layout "$next_layout" '' -- 2.44.2 From a94a41f444c11509cb32f995184b5bc8294a3d28 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 30 Apr 2022 22:12:52 +0200 Subject: [PATCH 213/320] Use our patched version of digga --- flake.lock | 10 +++++----- flake.nix | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 8fc8adf4..3713f1cc 100644 --- a/flake.lock +++ b/flake.lock @@ -188,15 +188,15 @@ "nixpkgs-unstable": "nixpkgs-unstable" }, "locked": { - "lastModified": 1651210705, - "narHash": "sha256-2RzKrjEnWDhsBQ4Et2gm2LjV5pXyszeqV1xNe+LtNT8=", - "owner": "divnix", + "lastModified": 1651349453, + "narHash": "sha256-0ZAYPYWXm16reXFT0bJi/4f6GeYubnlj2YruXcmp0hs=", + "owner": "pub-solar", "repo": "digga", - "rev": "0ffa2dff5ede12a03ca83fbc514972f94cf18f42", + "rev": "531dd67b7aef37d7828fb28c2e45f09de0425c6b", "type": "github" }, "original": { - "owner": "divnix", + "owner": "pub-solar", "repo": "digga", "type": "github" } diff --git a/flake.nix b/flake.nix index e9b91fc9..340ca686 100644 --- a/flake.nix +++ b/flake.nix @@ -11,7 +11,7 @@ nixos.url = "github:nixos/nixpkgs/nixos-21.11"; latest.url = "github:nixos/nixpkgs/nixos-unstable"; - digga.url = "github:divnix/digga"; + digga.url = "github:pub-solar/digga"; digga.inputs.nixpkgs.follows = "nixos"; digga.inputs.nixlib.follows = "nixos"; digga.inputs.home-manager.follows = "home"; -- 2.44.2 From 3dc6e6a5f6c569c4a6def1404767701aae678315 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 30 Apr 2022 23:20:47 +0200 Subject: [PATCH 214/320] Change bootstrap isoImage command in CI --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index f683f2af..1c979c5a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -123,7 +123,7 @@ steps: - | nix --print-build-logs --verbose \ develop --command \ - bud build bootstrap bootstrapIso + bud build bootstrap isoImage - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -158,6 +158,6 @@ volumes: --- kind: signature -hmac: e806a6980afdc1bf451be231db1a61e7917822a1f78afe3f2136eadfd632d521 +hmac: 0c0731948a73c30cff44c3dbbf4d1a131680b8777d9986ca04699b9f5c82bab2 ... -- 2.44.2 From d2f8a2d837904cecc978bbc3b5a77026e73b9bda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 30 Apr 2022 23:56:02 +0200 Subject: [PATCH 215/320] Remove swaylock-bg from install list --- modules/sway/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/sway/default.nix b/modules/sway/default.nix index 83f407e4..88426536 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -75,7 +75,6 @@ in xsettingsd ydotool - swaylock-bg sway-launcher import-gtk-settings s -- 2.44.2 From 4b828cd91f8063047efcfce3c453465300c6e527 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 1 May 2022 17:04:29 +0200 Subject: [PATCH 216/320] Shorten time until hibernate --- modules/sway/swayidle.service.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index 549f153f..61f32591 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -11,8 +11,8 @@ pkgs: Type = "simple"; Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin"; ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ - timeout 300 'swaymsg "output * dpms off"' \ - timeout 600 'systemctl hibernate' \ + timeout 150 'swaymsg "output * dpms off"' \ + timeout 300 'systemctl hibernate' \ ''; }; Install = { -- 2.44.2 From 0c4987ede101bd0348e599409626e74314f43ffd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 1 May 2022 17:29:21 +0200 Subject: [PATCH 217/320] Add resume device --- .../config/config.d/custom-keybindings.conf | 2 +- modules/x-os/boot.nix | 24 +++++++++++-------- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index 157ae8ee..172b7e53 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -23,7 +23,7 @@ bindsym $mod+F5 exec $term -e 'mocp -C $XDG_CONFIG_DIR/mocp/config' bindsym $mod+Shift+m exec mu bindsym $mod+Shift+h exec xdg-open /usr/share/doc/manjaro/i3_help.pdf -# Screenshofts +# Screenshots bindsym $mod+Ctrl+p exec grim -g "$(slurp -d -b \#ffffff11)" ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png bindsym $mod+Shift+p exec grim ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png bindsym $mod+Ctrl+f exec "( pkill flameshot || true && flameshot & ) && ( sleep 0.5s && flameshot gui )" diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 0633bec4..268f1547 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -10,18 +10,22 @@ in description = "Feature flag for iso builds"; }; config = { - # Enable plymouth for better experience of booting - boot.plymouth.enable = true; + boot = { + # Enable plymouth for better experience of booting + plymouth.enable = true; - # Mount / luks device in initrd - # Allow fstrim to work on it. - # The ! makes this enabled by default - boot.initrd = mkIf (!cfg.iso-options.enable) { - luks.devices."cryptroot" = { - allowDiscards = true; + # Mount / luks device in initrd + # Allow fstrim to work on it. + # The ! makes this enabled by default + initrd = mkIf (!cfg.iso-options.enable) { + luks.devices."cryptroot" = { + allowDiscards = true; + }; }; - }; - boot.loader.systemd-boot.enable = true; + resumeDevice = "/swapfile"; + + loader.systemd-boot.enable = true; + }; }; } -- 2.44.2 From 4712e535f9a9f670eb564cded3e5fdcecfd02d62 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 2 May 2022 01:23:18 +0200 Subject: [PATCH 218/320] sway: fix cursor not scaling correctly --- modules/sway/config/config.d/theme.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/sway/config/config.d/theme.conf b/modules/sway/config/config.d/theme.conf index 27ae794a..eb4427aa 100644 --- a/modules/sway/config/config.d/theme.conf +++ b/modules/sway/config/config.d/theme.conf @@ -11,3 +11,6 @@ exec_always import-gtk-settings \ gtk-theme:gtk-theme-name \ icon-theme:gtk-icon-theme-name \ cursor-theme:gtk-cursor-theme-name + +# Workaround to fix cursor scaling, see https://github.com/swaywm/sway/issues/4112 +seat seat0 xcursor_theme Adwaita -- 2.44.2 From a772a91d7b9f4a60fff50ec7f48149297b44562e Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 2 May 2022 01:23:41 +0200 Subject: [PATCH 219/320] zsh: precmd() don't echo trailing newline --- modules/terminal-life/zsh/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/terminal-life/zsh/default.nix b/modules/terminal-life/zsh/default.nix index 2541fdd0..91bb422c 100644 --- a/modules/terminal-life/zsh/default.nix +++ b/modules/terminal-life/zsh/default.nix @@ -86,7 +86,7 @@ in precmd () { DIR_NAME=$(pwd | sed "s|^$HOME|~|g") - echo -e "\e]2;$DIR_NAME\e\\" + echo -e -n "\e]2;$DIR_NAME\e\\" } # If a command is not found, show me where it is -- 2.44.2 From 91605af1357f82c1e101e18cd70ddc725da95e07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 2 May 2022 09:49:14 +0200 Subject: [PATCH 220/320] Revert "Merge pull request 'fix/boostrap-iso' (#75) from fix/boostrap-iso into main" This reverts commit 48be9cfa75b270d32d6b3eb379f1fabf0827826f, reversing changes made to 281d7b56b4d6d4435c053e051f05943f2daab25a. --- .drone.yml | 4 ++-- flake.lock | 10 +++++----- flake.nix | 2 +- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.drone.yml b/.drone.yml index 1c979c5a..f683f2af 100644 --- a/.drone.yml +++ b/.drone.yml @@ -123,7 +123,7 @@ steps: - | nix --print-build-logs --verbose \ develop --command \ - bud build bootstrap isoImage + bud build bootstrap bootstrapIso - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -158,6 +158,6 @@ volumes: --- kind: signature -hmac: 0c0731948a73c30cff44c3dbbf4d1a131680b8777d9986ca04699b9f5c82bab2 +hmac: e806a6980afdc1bf451be231db1a61e7917822a1f78afe3f2136eadfd632d521 ... diff --git a/flake.lock b/flake.lock index 3713f1cc..8fc8adf4 100644 --- a/flake.lock +++ b/flake.lock @@ -188,15 +188,15 @@ "nixpkgs-unstable": "nixpkgs-unstable" }, "locked": { - "lastModified": 1651349453, - "narHash": "sha256-0ZAYPYWXm16reXFT0bJi/4f6GeYubnlj2YruXcmp0hs=", - "owner": "pub-solar", + "lastModified": 1651210705, + "narHash": "sha256-2RzKrjEnWDhsBQ4Et2gm2LjV5pXyszeqV1xNe+LtNT8=", + "owner": "divnix", "repo": "digga", - "rev": "531dd67b7aef37d7828fb28c2e45f09de0425c6b", + "rev": "0ffa2dff5ede12a03ca83fbc514972f94cf18f42", "type": "github" }, "original": { - "owner": "pub-solar", + "owner": "divnix", "repo": "digga", "type": "github" } diff --git a/flake.nix b/flake.nix index 340ca686..e9b91fc9 100644 --- a/flake.nix +++ b/flake.nix @@ -11,7 +11,7 @@ nixos.url = "github:nixos/nixpkgs/nixos-21.11"; latest.url = "github:nixos/nixpkgs/nixos-unstable"; - digga.url = "github:pub-solar/digga"; + digga.url = "github:divnix/digga"; digga.inputs.nixpkgs.follows = "nixos"; digga.inputs.nixlib.follows = "nixos"; digga.inputs.home-manager.follows = "home"; -- 2.44.2 From 077ab8b4f4974f41d71aeb3b81ff8a20b910feff Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 2 May 2022 01:22:49 +0200 Subject: [PATCH 221/320] Fix ISO target path for publishing --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 1c979c5a..527c0853 100644 --- a/.drone.yml +++ b/.drone.yml @@ -140,7 +140,7 @@ steps: from_secret: ssh_port key: from_secret: ssh_key - target: /var/www/pub.solar + target: /srv/os source: - /var/nix/iso-cache/*.iso strip_components: 3 @@ -158,6 +158,6 @@ volumes: --- kind: signature -hmac: 0c0731948a73c30cff44c3dbbf4d1a131680b8777d9986ca04699b9f5c82bab2 +hmac: 7aa9b1eadc2638d7c0b6da2eea92cce650232a8c44ce9ab4a2b0e563f7432693 ... -- 2.44.2 From 159ae86722bc706ff42d4d3e4b0f49ede2f253de Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Mon, 2 May 2022 20:19:04 +0200 Subject: [PATCH 222/320] Start sway as a systemd user process again After login on TTY1 sway was started by calling exec sway See also b84d88fc92c6710cff8e294315eb23ceb7ecf40e Co-authored-by: Hendrik Sokolowski --- modules/sway/config/config.d/custom-keybindings.conf | 2 +- modules/sway/default.nix | 1 + modules/terminal-life/zsh/default.nix | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index 5faddece..d5887e3e 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -37,7 +37,7 @@ set $mode_system (l)ock, (e)xit, (s)uspend, (h)ibernate, (r)eboot, (Shift+s)hutd bindsym $mod+0 mode "$mode_system" mode "$mode_system" { bindsym l exec swaylock-bg, mode "default" - bindsym e exec swaymsg exit, mode "default" + bindsym e exec systemctl --user stop graphical-session.target, mode "default" bindsym s exec systemctl suspend, mode "default" bindsym h exec systemctl hibernate, mode "default" bindsym r exec systemctl reboot, mode "default" diff --git a/modules/sway/default.nix b/modules/sway/default.nix index 83f407e4..35013dd2 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -86,6 +86,7 @@ in #programs.waybar.systemd.enable = true; systemd.user.services.mako = import ./mako.service.nix pkgs; + systemd.user.services.sway = import ./sway.service.nix pkgs; systemd.user.services.swayidle = import ./swayidle.service.nix pkgs; systemd.user.services.xsettingsd = import ./xsettingsd.service.nix pkgs; systemd.user.services.waybar = import ./waybar.service.nix pkgs; diff --git a/modules/terminal-life/zsh/default.nix b/modules/terminal-life/zsh/default.nix index 91bb422c..5cc81ca8 100644 --- a/modules/terminal-life/zsh/default.nix +++ b/modules/terminal-life/zsh/default.nix @@ -19,7 +19,7 @@ in }; loginExtra = '' - [ "$(tty)" = "/dev/tty1" ] && exec sway + [ "$(tty)" = "/dev/tty1" ] && exec ${pkgs.sway-service}/bin/sway-service ''; shellAliases = { -- 2.44.2 From 87d76973260c14b6f047cd37ef7b6fd8a93cb061 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 2 May 2022 23:53:34 +0200 Subject: [PATCH 223/320] Add docker drone runner wrapper Adds a small sh wrapper around a drone runner docker container. The `stop` and `logs` functionality is barely better than using straight up docker, but at least it saves you from having to know any of the implementation details. --- pkgs/default.nix | 1 + pkgs/drone-docker-runner.nix | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) create mode 100644 pkgs/drone-docker-runner.nix diff --git a/pkgs/default.nix b/pkgs/default.nix index b2403502..dcbd0f0e 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -16,6 +16,7 @@ with final; { toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); uhk-agent = import ./uhk-agent.nix final; wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); + drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final); # ps-fixes ps-signal-desktop = writeShellScriptBin "signal-desktop" (import ./ps-signal-desktop.nix final); diff --git a/pkgs/drone-docker-runner.nix b/pkgs/drone-docker-runner.nix new file mode 100644 index 00000000..7d098536 --- /dev/null +++ b/pkgs/drone-docker-runner.nix @@ -0,0 +1,32 @@ +self: with self; '' + case $1 in + start) + ${self.docker}/bin/docker run --detach \ + --volume=/var/run/docker.sock:/var/run/docker.sock \ + --env=DRONE_RPC_PROTO=$DRONE_RPC_PROTO \ + --env=DRONE_RPC_HOST=$DRONE_RPC_HOST \ + --env=DRONE_RPC_SECRET=$(${self.libsecret}/bin/secret-tool lookup drone rpc-secret) \ + --env=DRONE_RUNNER_CAPACITY=4 \ + --env=DRONE_RUNNER_NAME=$(${self.inetutils}/bin/hostname) \ + --publish=3000:3000 \ + --restart=always \ + --name=drone-runner \ + drone/drone-runner-docker:1 + ;; + + stop) + ${self.docker}/bin/docker stop drone-runner + ${self.docker}/bin/docker rm drone-runner + ;; + + logs) + ${self.docker}/bin/docker logs drone-runner + ;; + + *) + echo "Usage: drone-docker-runner " + exit 1; + ;; + esac + +'' -- 2.44.2 From 07577283e3c7e1a4712d769e25c42359bed7110c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Tue, 3 May 2022 11:43:36 +0200 Subject: [PATCH 224/320] Remove fake comment from gitmessage This was part of a botched copy paste and should not be in the actual gitmessage, since the real change list will come from git itself. --- profiles/base-user/.config/git/gitmessage.nix | 31 +++++++------------ 1 file changed, 11 insertions(+), 20 deletions(-) diff --git a/profiles/base-user/.config/git/gitmessage.nix b/profiles/base-user/.config/git/gitmessage.nix index 7f4b1c64..69d2ca72 100644 --- a/profiles/base-user/.config/git/gitmessage.nix +++ b/profiles/base-user/.config/git/gitmessage.nix @@ -4,29 +4,20 @@ let xdg = config.home-manager.users."${user.name}".xdg; in '' -# Title: Summary, imperative, start upper case, don't end with a period -# No more than 50 chars. #### 50 chars is here: # -# + # Title: Summary, imperative, start upper case, don't end with a period + # No more than 50 chars. #### 50 chars is here: # + # -# ^ Remember ending with an extra blank line -# Body: Explain *what* and *why* (not *how*). Include issue number. -# Wrap at 72 chars. ################################## which is here: # -# + # ^ Remember ending with an extra blank line + # Body: Explain *what* and *why* (not *how*). Include issue number. + # Wrap at 72 chars. ################################## which is here: # + # -# ^ Remember ending with an extra blank line -# At the end: Include Co-authored-by for all contributors. -# -Co-authored-by: ${user.fullName} <${user.email}> + # ^ Remember ending with an extra blank line + # At the end: Include Co-authored-by for all contributors. + # + Co-authored-by: ${user.fullName} <${user.email}> -# Please enter the commit message for your changes. Lines starting -# with '#' will be ignored, and an empty message aborts the commit. -# -# On branch master -# Your branch is up to date with 'origin/main'. -# -# Changes to be committed: -# new file: installation.md -# '' -- 2.44.2 From af12b9eabda8931c717902136b74b309d575fff4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Tue, 3 May 2022 11:48:00 +0200 Subject: [PATCH 225/320] Remove gitmessage indentation -- 2.44.2 From f4a2cc34bb3b913717fd6402b986219fde453ef3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Tue, 3 May 2022 12:43:32 +0200 Subject: [PATCH 226/320] Comment Co-Authored-by --- profiles/base-user/.config/git/gitmessage.nix | 23 +++++++++---------- 1 file changed, 11 insertions(+), 12 deletions(-) diff --git a/profiles/base-user/.config/git/gitmessage.nix b/profiles/base-user/.config/git/gitmessage.nix index 69d2ca72..0d80f469 100644 --- a/profiles/base-user/.config/git/gitmessage.nix +++ b/profiles/base-user/.config/git/gitmessage.nix @@ -4,20 +4,19 @@ let xdg = config.home-manager.users."${user.name}".xdg; in '' - # Title: Summary, imperative, start upper case, don't end with a period - # No more than 50 chars. #### 50 chars is here: # - # +# Title: Summary, imperative, start upper case, don't end with a period +# No more than 50 chars. #### 50 chars is here: # +# - # ^ Remember ending with an extra blank line - # Body: Explain *what* and *why* (not *how*). Include issue number. - # Wrap at 72 chars. ################################## which is here: # - # +# ^ Remember ending with an extra blank line +# Body: Explain *what* and *why* (not *how*). Include issue number. +# Wrap at 72 chars. ################################## which is here: # +# - # ^ Remember ending with an extra blank line - # At the end: Include Co-authored-by for all contributors. - # - Co-authored-by: ${user.fullName} <${user.email}> - +# ^ Remember ending with an extra blank line +# At the end: Include Co-authored-by for all contributors. +# +# Co-authored-by: Example Name '' -- 2.44.2 From 3ce121ce60ac150b68413173814f273a9972acdf Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Tue, 3 May 2022 19:11:25 +0200 Subject: [PATCH 227/320] Introduce option to enable autologin This option allows to disable autologin which is enabled by default. --- modules/graphical/default.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index d38b4d1a..0bb9781c 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -26,6 +26,11 @@ in default = { }; }; }; + autologin.enable = mkOption { + type = types.bool; + default = true; + description = "Feature flag enabling autologin after boot."; + }; wayland.software-renderer.enable = mkOption { type = types.bool; default = false; @@ -54,7 +59,7 @@ in }; }; - services.getty.autologinUser = mkForce "${psCfg.user.name}"; + services.getty.autologinUser = mkIf cfg.autologin.enable "${psCfg.user.name}"; qt5 = { enable = true; -- 2.44.2 From 3fae0d93faf761cf358884f91cbfd81cfa1c9851 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 5 May 2022 16:06:52 +0200 Subject: [PATCH 228/320] graphical: move FF sharing indicator to sway ws 7 The Firefox sharing indicator sometimes doesn't like to float like it should, and when it does, it usually floats over UI elements you'd like to use. Moving it to sway workspace 7 should get it mostly out of the way --- modules/sway/config/config.d/applications.conf | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/modules/sway/config/config.d/applications.conf b/modules/sway/config/config.d/applications.conf index 8691bc4f..3bab265d 100644 --- a/modules/sway/config/config.d/applications.conf +++ b/modules/sway/config/config.d/applications.conf @@ -58,10 +58,11 @@ for_window [window_role="task_dialog"] floating enable for_window [window_role="Preferences"] floating enable for_window [window_type="dialog"] floating enable for_window [window_type="menu"] floating enable -for_window [title="About Mozilla Firefox"] floating enabled -for_window [title="Password Required - Mozilla Firefox"] floating enabled -for_window [title="Firefox — Sharing Indicator"] floating enabled -for_window [title="Extension: (Open in Browser)*"] floating enabled +for_window [title="About Mozilla Firefox"] floating enable +for_window [title="Password Required - Mozilla Firefox"] floating enable +for_window [title="Firefox — Sharing Indicator"] move to workspace $ws7, floating enable +no_focus [title="Firefox — Sharing Indicator"] +for_window [title="Extension: (Open in Browser)*"] floating enable # qMasterPassword floating menu for_window [title="qMasterPassword"] focus -- 2.44.2 From 8e43046dee1233e966cc6fc236ca3ed51849e747 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 2 Jun 2022 10:09:42 +0200 Subject: [PATCH 229/320] nixos: follow release-22.05 home: follow release-22.05 branch Fixes for upstream changes: ag renamed to silver-searcher, extfat-utils is now exfat, lot's of overrides no longer needed, as they're now in the release branch, services.caddy.config split up into globalConfig and extraConfig --- flake.lock | 85 +++++++++++++++---------------- flake.nix | 4 +- modules/terminal-life/default.nix | 2 +- modules/x-os/networking.nix | 8 +-- overlays/overrides.nix | 10 ---- profiles/core/default.nix | 2 +- 6 files changed, 50 insertions(+), 61 deletions(-) diff --git a/flake.lock b/flake.lock index 8fc8adf4..d29bd0f0 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1648942457, - "narHash": "sha256-i29Z1t3sVfCNfpp+KAfeExvpqHQSbLO1KWylTtfradU=", + "lastModified": 1652712410, + "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=", "owner": "ryantm", "repo": "agenix", - "rev": "0d5e59ed645e4c7b60174bc6f6aac6a203dc0b01", + "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b", "type": "github" }, "original": { @@ -87,11 +87,11 @@ ] }, "locked": { - "lastModified": 1650976225, - "narHash": "sha256-PGM65SQHS63Dd5MmLJo3GJsZP9lJVZmpWxluQoG1Dt8=", + "lastModified": 1651916036, + "narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "bb3baef6e115ae47bc2ab4973bd3a486488485b0", + "rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba", "type": "github" }, "original": { @@ -130,11 +130,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1648475189, - "narHash": "sha256-gAGAS6IagwoUr1B0ohE3iR6sZ8hP4LSqzYLC8Mq3WGU=", + "lastModified": 1653594315, + "narHash": "sha256-kJ0ENmnQJ4qL2FeYKZba9kvv1KmIuB3NVpBwMeI7AJQ=", "owner": "serokell", "repo": "deploy-rs", - "rev": "83e0c78291cd08cb827ba0d553ad9158ae5a95c3", + "rev": "184349d8149436748986d1bdba087e4149e9c160", "type": "github" }, "original": { @@ -188,11 +188,11 @@ "nixpkgs-unstable": "nixpkgs-unstable" }, "locked": { - "lastModified": 1651210705, - "narHash": "sha256-2RzKrjEnWDhsBQ4Et2gm2LjV5pXyszeqV1xNe+LtNT8=", + "lastModified": 1652713922, + "narHash": "sha256-era1h0M+QP9wP/hbwXRpxOiT8M5n+loWX/Zrq7duq5w=", "owner": "divnix", "repo": "digga", - "rev": "0ffa2dff5ede12a03ca83fbc514972f94cf18f42", + "rev": "29bbac0173859812893d777fdce204af83a231ea", "type": "github" }, "original": { @@ -269,11 +269,11 @@ "flake-utils": "flake-utils_3" }, "locked": { - "lastModified": 1647259887, - "narHash": "sha256-yEkMbEHVO9qydluQ3uHGWX1PkfZhgDKxnd1rhZYZ72w=", + "lastModified": 1652704544, + "narHash": "sha256-UTKE33tYgCmDszaVyWA33a8mtegM5xfH4fH8w4y6TxA=", "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", - "rev": "06dba5f3b4fa2cc0bfc98ce9cd6f9a4d8db11d46", + "rev": "f8d6d1f87b6177e3bc674c29f247bdbf897ba274", "type": "github" }, "original": { @@ -314,11 +314,11 @@ }, "flake-utils_4": { "locked": { - "lastModified": 1644229661, - "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", + "lastModified": 1652776076, + "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=", "owner": "numtide", "repo": "flake-utils", - "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", + "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8", "type": "github" }, "original": { @@ -349,16 +349,16 @@ ] }, "locked": { - "lastModified": 1651007218, - "narHash": "sha256-NkQAMtqW0PSJTbLHalyZtaqj0ai2TZMOedug9yDIcFw=", + "lastModified": 1654113405, + "narHash": "sha256-VpK+0QaWG2JRgB00lw77N9TjkE3ec0iMYIX1TzGpxa4=", "owner": "nix-community", "repo": "home-manager", - "rev": "d14adb99f3fb562ec74ad18c032efc154b438034", + "rev": "ac2287df5a2d6f0a44bbcbd11701dbbf6ec43675", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-21.11", + "ref": "release-22.05", "repo": "home-manager", "type": "github" } @@ -381,11 +381,11 @@ }, "latest_2": { "locked": { - "lastModified": 1651007983, - "narHash": "sha256-GNay7yDPtLcRcKCNHldug85AhAvBpTtPEJWSSDYBw8U=", + "lastModified": 1653931853, + "narHash": "sha256-O3wncIouj9x7gBPntzHeK/Hkmm9M1SGlYq7JI7saTAE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e10da1c7f542515b609f8dfbcf788f3d85b14936", + "rev": "f1c167688a6f81f4a51ab542e5f476c8c595e457", "type": "github" }, "original": { @@ -402,11 +402,11 @@ ] }, "locked": { - "lastModified": 1650265945, - "narHash": "sha256-SO8+1db4jTOjnwP++29vVgImLIfETSXyoz0FuLkiikE=", + "lastModified": 1653413650, + "narHash": "sha256-wojDHjb+eU80MPH+3HQaK0liUy8EgR95rvmCl24i58Y=", "owner": "nmattia", "repo": "naersk", - "rev": "e8f9f8d037774becd82fce2781e1abdb7836d7df", + "rev": "69daaceebe12c070cd5ae69ba38f277bbf033695", "type": "github" }, "original": { @@ -423,11 +423,11 @@ ] }, "locked": { - "lastModified": 1649569158, - "narHash": "sha256-Wtmiyu/1d+3YGGcRxTnQyEtnJaKKR/Ry0kNbOY48Afs=", + "lastModified": 1653198236, + "narHash": "sha256-nzW2BaqWTGGQthOtFzHUJTHK5wK+mkh4aOhETGj5nBk=", "owner": "dramforever", "repo": "nix-dram", - "rev": "84c47c0dc93c77f7edfd996f71618d278844c1c4", + "rev": "e10086d39ca49abfd2a3b77d2a77baa6037ec31e", "type": "github" }, "original": { @@ -453,16 +453,16 @@ }, "nixos": { "locked": { - "lastModified": 1651093906, - "narHash": "sha256-kHXSbv+Hc73eV0/JVJ5YsJGr08bA4vJ3/XZew5PgZg0=", + "lastModified": 1654005557, + "narHash": "sha256-J6elwUzPoco+r5qWPHhvS2EHVWomUtNcxzkfdAQOwEU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "feea25c58657fa81d16e0e51f80e1a02ef4cbd49", + "rev": "08950a6e29cf7bddee466592eb790a417550f7f9", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-21.11", + "ref": "nixos-22.05", "repo": "nixpkgs", "type": "github" } @@ -473,11 +473,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1650997411, - "narHash": "sha256-r4a3qsSv5UTtx+pxTUEdOphBkwTx1+AAVog3c457A0M=", + "lastModified": 1653339081, + "narHash": "sha256-dpim9Mtd57Yj6qt7p7UKwjWm6NnOU3S7jaEyEscSyPE=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "3cdf22c79bc80910e2b610cd59fcb8408354ddbc", + "rev": "fb3ee0f618b8c80dea1239691b15dfeb4bb46331", "type": "github" }, "original": { @@ -488,11 +488,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1650522846, - "narHash": "sha256-SxWHXRI3qJwswyXAtzsi6PKVY3KLNNnb072KaJthII8=", + "lastModified": 1654057797, + "narHash": "sha256-mXo7C4v7Jj2feBzcReu1Eu/3Rnw5b023E9kOyFsHZQw=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "6b4ebea9093c997c5f275c820e679108de4871ab", + "rev": "0cab18a48de7914ef8cad35dca0bb36868f3e1af", "type": "github" }, "original": { @@ -551,10 +551,9 @@ }, "nur": { "locked": { - "lastModified": 1626378135, + "lastModified": 0, "narHash": "sha256-koC6DBYmLCrgXA+AMHVaODf1uHYPmvcFygHfy3eg6vI=", "path": "/nix/store/6mfkswqi67m35qwv0vh7kpk8rypbl2rq-source", - "rev": "00c2ec8f0bbdf0cfb2135bde55fbae5d6b64aa6d", "type": "path" }, "original": { diff --git a/flake.nix b/flake.nix index e9b91fc9..7f3c2803 100644 --- a/flake.nix +++ b/flake.nix @@ -8,7 +8,7 @@ inputs = { # Track channels with commits tested and built by hydra - nixos.url = "github:nixos/nixpkgs/nixos-21.11"; + nixos.url = "github:nixos/nixpkgs/nixos-22.05"; latest.url = "github:nixos/nixpkgs/nixos-unstable"; digga.url = "github:divnix/digga"; @@ -21,7 +21,7 @@ bud.inputs.nixpkgs.follows = "nixos"; bud.inputs.devshell.follows = "digga/devshell"; - home.url = "github:nix-community/home-manager/release-21.11"; + home.url = "github:nix-community/home-manager/release-22.05"; home.inputs.nixpkgs.follows = "nixos"; darwin.url = "github:LnL7/nix-darwin"; diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index 75ca2bd3..8ecb9919 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -27,7 +27,6 @@ in home.packages = [ ack asciinema - ag bat exa fd @@ -35,6 +34,7 @@ in glow nnn powerline + silver-searcher vifm watson ]; diff --git a/modules/x-os/networking.nix b/modules/x-os/networking.nix index 1e981290..347fe750 100644 --- a/modules/x-os/networking.nix +++ b/modules/x-os/networking.nix @@ -40,10 +40,10 @@ in # Caddy reverse proxy for local services like cups services.caddy = { enable = true; - config = '' - { - auto_https off - } + globalConfig = '' + auto_https off + ''; + extraConfig = '' cups.local:80 bind 127.0.0.1 request_header Host localhost:631 diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 9b463e96..8c016e15 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -14,17 +14,7 @@ channels: final: prev: { starship deploy-rs - nixUnstable - neovim-unwrapped tdesktop - xdg-desktop-portal - xdg-desktop-portal-gtk - xdg-desktop-portal-wlr - obs-studio - obs-studio-plugins - looking-glass-client - nix-direnv - vimPlugins ; diff --git a/profiles/core/default.nix b/profiles/core/default.nix index 9348249b..f3136372 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -48,7 +48,7 @@ in dateutils diffutils findutils - exfat-utils + exfat file # zippit -- 2.44.2 From 6054a02ebf8805522959b89ac2400a1b606757dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 4 Jun 2022 19:32:12 +0200 Subject: [PATCH 230/320] Make sure we're all successful --- modules/terminal-life/zsh/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/terminal-life/zsh/default.nix b/modules/terminal-life/zsh/default.nix index 5cc81ca8..685a9479 100644 --- a/modules/terminal-life/zsh/default.nix +++ b/modules/terminal-life/zsh/default.nix @@ -87,6 +87,10 @@ in precmd () { DIR_NAME=$(pwd | sed "s|^$HOME|~|g") echo -e -n "\e]2;$DIR_NAME\e\\" + + if [ $? -eq 0 ]; then + echo "success" + fi } # If a command is not found, show me where it is -- 2.44.2 From 63fe359cab47e62e5adc29d6bfc657e749093bb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 4 Jun 2022 16:49:07 +0200 Subject: [PATCH 231/320] Add denols to nvim In Deno projects `tsserver` is less than ideal. This PR starts `denols` instead of `tsserver` if `nvim` finds the `NVIM_USE_DENOLS` variable when reading the lsp config. --- modules/terminal-life/nvim/lsp.vim | 43 +++++++++++++++++++----------- 1 file changed, 28 insertions(+), 15 deletions(-) diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 025d2b5f..8ba4ea94 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -79,6 +79,8 @@ lua < Date: Sat, 4 Jun 2022 16:45:33 +0200 Subject: [PATCH 232/320] Remove unused scream pulse service file --- .../virtualisation/scream-pulse.service.nix | 19 ------------------- 1 file changed, 19 deletions(-) delete mode 100644 modules/virtualisation/scream-pulse.service.nix diff --git a/modules/virtualisation/scream-pulse.service.nix b/modules/virtualisation/scream-pulse.service.nix deleted file mode 100644 index c4337fa0..00000000 --- a/modules/virtualisation/scream-pulse.service.nix +++ /dev/null @@ -1,19 +0,0 @@ -pkgs: -{ - enable = true; - wantedBy = [ "multi-user.target" ]; - unitConfig = { - Description = "Scream IVSHMEM pulse reciever"; - BindsTo = [ "pipewire-pulse.service" ]; - After = [ "pipewire-pulse.service" ]; - Wants = [ "pipewire-pulse.service" ]; - }; - serviceConfig = { - Type = "simple"; - ExecStartPre = [ - "${pkgs.coreutils-full}/bin/truncate -s 0 /dev/shm/scream-ivshmem" - "${pkgs.coreutils-full}/bin/dd if=/dev/zero of=/dev/shm/scream-ivshmem bs=1M count=2" - ]; - ExecStart = "${pkgs.scream}/bin/scream -m /dev/shm/scream-ivshmem"; - }; -} -- 2.44.2 From 5094495a79fe15f6354eb5bb803b16b805848d09 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 4 Jun 2022 20:29:09 +0200 Subject: [PATCH 233/320] Less annoying --- modules/terminal-life/zsh/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/terminal-life/zsh/default.nix b/modules/terminal-life/zsh/default.nix index 685a9479..2db8bc41 100644 --- a/modules/terminal-life/zsh/default.nix +++ b/modules/terminal-life/zsh/default.nix @@ -88,8 +88,10 @@ in DIR_NAME=$(pwd | sed "s|^$HOME|~|g") echo -e -n "\e]2;$DIR_NAME\e\\" - if [ $? -eq 0 ]; then - echo "success" + if [ $(date +%d%m) = '0104' ]; then + if [ $? -eq 0 ]; then + echo "Success! That was a great command! I can't wait to see what amazing stuff you'll be up to next." + fi fi } -- 2.44.2 From 3bd0b3c50237be867e91c355247b3f59f3e804f3 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 7 Jul 2022 22:24:43 +0200 Subject: [PATCH 234/320] signal-desktop: works without workaround again Also add --use-tray-icon flag, since it works now --- modules/social/default.nix | 2 +- modules/sway/config/config.d/custom-keybindings.conf | 2 +- pkgs/default.nix | 1 - pkgs/ps-signal-desktop.nix | 9 --------- 4 files changed, 2 insertions(+), 12 deletions(-) delete mode 100644 pkgs/ps-signal-desktop.nix diff --git a/modules/social/default.nix b/modules/social/default.nix index 9c53718d..e0d12449 100644 --- a/modules/social/default.nix +++ b/modules/social/default.nix @@ -12,7 +12,7 @@ in config = mkIf cfg.enable { home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { home.packages = [ - ps-signal-desktop + signal-desktop tdesktop element-desktop irssi diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index d5887e3e..bb452ddc 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -18,7 +18,7 @@ bindsym $mod+F2 exec firefox bindsym $mod+F3 exec $term -e vifm bindsym $mod+Shift+F3 exec gksu $term -e vifm bindsym $mod+F4 exec nautilus -w -bindsym $mod+Shift+F4 exec signal-desktop +bindsym $mod+Shift+F4 exec signal-desktop --use-tray-icon bindsym $mod+F5 exec $term -e 'mocp -C $XDG_CONFIG_DIR/mocp/config' bindsym $mod+Shift+m exec mu bindsym $mod+Shift+h exec xdg-open /usr/share/doc/manjaro/i3_help.pdf diff --git a/pkgs/default.nix b/pkgs/default.nix index dcbd0f0e..ecac30a3 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -19,5 +19,4 @@ with final; { drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final); # ps-fixes - ps-signal-desktop = writeShellScriptBin "signal-desktop" (import ./ps-signal-desktop.nix final); } diff --git a/pkgs/ps-signal-desktop.nix b/pkgs/ps-signal-desktop.nix deleted file mode 100644 index ff615639..00000000 --- a/pkgs/ps-signal-desktop.nix +++ /dev/null @@ -1,9 +0,0 @@ -self: with self; -let - signal-desktop = self.signal-desktop.overrideAttrs (old: { - meta.platforms = [ "x86_64-linux" "aarch64-linux" ]; - }); -in -'' - exec ${signal-desktop}/bin/signal-desktop --disable-gpu -- "$@" -'' -- 2.44.2 From 6a5b09a26a1cdd9eb8daf92152cf4a860d54b98b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 7 Jul 2022 22:26:08 +0200 Subject: [PATCH 235/320] audio: remove mopidy-spotify, upstream abandonded support --- modules/audio/mopidy.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/audio/mopidy.nix b/modules/audio/mopidy.nix index 99552113..9d37eaba 100644 --- a/modules/audio/mopidy.nix +++ b/modules/audio/mopidy.nix @@ -1,7 +1,6 @@ pkgs: { enable = true; extensionPackages = with pkgs; [ - mopidy-spotify mopidy-mpd mopidy-soundcloud mopidy-youtube -- 2.44.2 From 237a7534744f5fe8b6033bfe2c9d39a3f999de8d Mon Sep 17 00:00:00 2001 From: teutat3s Date: Fri, 8 Jul 2022 14:18:10 +0200 Subject: [PATCH 236/320] audio: switch to wireplumber for pipewire configuration https://nixos.wiki/wiki/PipeWire#Bluetooth_Configuration --- modules/audio/default.nix | 35 +++++++++++------------------------ 1 file changed, 11 insertions(+), 24 deletions(-) diff --git a/modules/audio/default.nix b/modules/audio/default.nix index fcceefd3..3fb67664 100644 --- a/modules/audio/default.nix +++ b/modules/audio/default.nix @@ -43,32 +43,19 @@ in }; }; config.pipewire-pulse = builtins.fromJSON (builtins.readFile ./pipewire-pulse.conf.json); + }; - # Bluetooth configuration for pipewire - media-session.config.bluez-monitor.rules = mkIf cfg.bluetooth.enable [ - { - # Matches all cards - matches = [{ "device.name" = "~bluez_card.*"; }]; - actions = { - "update-props" = { - "bluez5.reconnect-profiles" = [ "hfp_hf" "hsp_hs" "a2dp_sink" ]; - # mSBC is not expected to work on all headset + adapter combinations. - "bluez5.msbc-support" = true; - }; - }; + # Bluetooth configuration using wireplumber + # https://nixos.wiki/wiki/PipeWire#Bluetooth_Configuration + environment.etc = mkIf cfg.bluetooth.enable { + "wireplumber/bluetooth.lua.d/51-bluez-config.lua".text = '' + bluez_monitor.properties = { + ["bluez5.enable-sbc-xq"] = true, + ["bluez5.enable-msbc"] = true, + ["bluez5.enable-hw-volume"] = true, + ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]" } - { - matches = [ - # Matches all sources - { "node.name" = "~bluez_input.*"; } - # Matches all outputs - { "node.name" = "~bluez_output.*"; } - ]; - actions = { - "node.pause-on-idle" = false; - }; - } - ]; + ''; }; # Enable bluetooth -- 2.44.2 From f7fbdb80afd9aace0342c4ef62384a2bce21fa03 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Fri, 8 Jul 2022 14:13:41 +0200 Subject: [PATCH 237/320] hosts: add missing system.stateVersion --- hosts/PubSolarOS.nix | 8 ++++++++ hosts/bootstrap.nix | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/hosts/PubSolarOS.nix b/hosts/PubSolarOS.nix index 70cf7a08..d741a4d1 100644 --- a/hosts/PubSolarOS.nix +++ b/hosts/PubSolarOS.nix @@ -12,4 +12,12 @@ networking.networkmanager.enable = true; fileSystems."/" = { device = "/dev/disk/by-label/nixos"; }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.05"; # Did you read the comment? } diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index c6d8f105..acadc449 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -18,4 +18,12 @@ # will be overridden by the bootstrapIso instrumentation fileSystems."/" = { device = "/dev/disk/by-label/nixos"; }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? } -- 2.44.2 From b25b0431765309225486aa46f35017b4223efce1 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 9 Aug 2022 11:54:19 +0200 Subject: [PATCH 238/320] nvfetcher: use nixpkgs version --- flake.nix | 1 - shell/devos.nix | 6 +++--- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index 7f3c2803..f18df6df 100644 --- a/flake.nix +++ b/flake.nix @@ -76,7 +76,6 @@ overlays = [ nur.overlay agenix.overlay - nvfetcher.overlay ./pkgs/default.nix ]; }; diff --git a/shell/devos.nix b/shell/devos.nix index bb9f1744..f49254fa 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -38,9 +38,9 @@ in (devos agenix) { category = "devos"; - name = pkgs.nvfetcher-bin.pname; - help = pkgs.nvfetcher-bin.meta.description; - command = "cd $PRJ_ROOT/pkgs; ${pkgs.nvfetcher-bin}/bin/nvfetcher -c ./sources.toml $@"; + name = pkgs.nvfetcher.pname; + help = pkgs.nvfetcher.meta.description; + command = "cd $PRJ_ROOT/pkgs; ${pkgs.nvfetcher}/bin/nvfetcher -c ./sources.toml $@"; } (linter nixpkgs-fmt) (linter editorconfig-checker) -- 2.44.2 From 0cc621a4ec2b5363b058c3111145aaedbef70803 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 9 Aug 2022 11:54:49 +0200 Subject: [PATCH 239/320] deploy-rs: use nixpkgs version --- shell/devos.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shell/devos.nix b/shell/devos.nix index f49254fa..f799ca03 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -46,7 +46,7 @@ in (linter editorconfig-checker) # (docs python3Packages.grip) too many deps (docs mdbook) - (devos inputs.deploy.packages.${pkgs.system}.deploy-rs) + (devos deploy-rs) ] ++ lib.optional (system != "i686-linux") -- 2.44.2 From 3142c58cf4bc6a56891d98ac97e25cd94591b5c3 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 2 Aug 2022 15:28:45 +0200 Subject: [PATCH 240/320] neovim, caddy: add json-schema, use tabs in Caddyfiles, add vim-caddyfile --- modules/terminal-life/nvim/default.nix | 11 + modules/terminal-life/nvim/lsp.vim | 13 +- modules/terminal-life/nvim/plugins.vim | 3 + .../share/nvim/json-schemas/caddy_schema.json | 8087 +++++++++++++++++ profiles/base-user/home.nix | 4 + 5 files changed, 8117 insertions(+), 1 deletion(-) create mode 100644 profiles/base-user/.local/share/nvim/json-schemas/caddy_schema.json diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 13b5fb3d..8e073288 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -15,6 +15,16 @@ let }; }; + vim-caddyfile = pkgs.vimUtils.buildVimPlugin { + name = "vim-caddyfile"; + src = pkgs.fetchFromGitHub { + owner = "isobit"; + repo = "vim-caddyfile"; + rev = "24fe0720551883e407cb70ae1d7c03f162d1d5a0"; + sha256 = "sha256-rRYv3vnt31g7hNTxttTD6BWdv5JJ+ko3rPNyDUEOZ9o="; + }; + }; + workspace = pkgs.vimUtils.buildVimPlugin { name = "vim-workspace"; src = pkgs.fetchFromGitHub { @@ -123,6 +133,7 @@ in ansible-vim emmet-vim rust-vim + vim-caddyfile vim-go vim-javascript vim-json diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 025d2b5f..b9b8c421 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -105,7 +105,18 @@ lua < " Go formatting autocmd FileType go setlocal noexpandtab shiftwidth=4 tabstop=4 softtabstop=4 nolist +" Caddyfile indentation +autocmd FileType caddyfile setlocal noexpandtab shiftwidth=8 tabstop=8 softtabstop=8 nolist + " vim-go disable text-objects let g:go_textobj_enabled = 0 diff --git a/profiles/base-user/.local/share/nvim/json-schemas/caddy_schema.json b/profiles/base-user/.local/share/nvim/json-schemas/caddy_schema.json new file mode 100644 index 00000000..71873a05 --- /dev/null +++ b/profiles/base-user/.local/share/nvim/json-schemas/caddy_schema.json @@ -0,0 +1,8087 @@ +{ + "title": "Caddy v2 autogenerated JSON schema \nhttps://github.com/abiosoft/caddy-json-schema", + "description": ": object\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Config\nConfig is the top (or beginning) of the Caddy configuration structure.\nCaddy config is expressed natively as a JSON document. If you prefer\nnot to work with JSON directly, there are [many config adapters](/docs/config-adapters)\navailable that can convert various inputs into Caddy JSON.\n\nMany parts of this config are extensible through the use of Caddy modules.\nFields which have a json.RawMessage type and which appear as dots (•••) in\nthe online docs can be fulfilled by modules in a certain module\nnamespace. The docs show which modules can be used in a given place.\n\nWhenever a module is used, its name must be given either inline as part of\nthe module, or as the key to the module's value. The docs will make it clear\nwhich to use.\n\nGenerally, all config settings are optional, as it is Caddy convention to\nhave good, documented default values. If a parameter is required, the docs\nshould say so.\n\nGo programs which are directly building a Config struct value should take\ncare to populate the JSON-encodable fields of the struct (i.e. the fields\nwith `json` struct tags) if employing the module lifecycle (e.g. Provision\nmethod calls).\n\n", + "markdownDescription": ": `object` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Config) \nConfig is the top (or beginning) of the Caddy configuration structure.\nCaddy config is expressed natively as a JSON document. If you prefer\nnot to work with JSON directly, there are [many config adapters](/docs/config-adapters)\navailable that can convert various inputs into Caddy JSON.\n\nMany parts of this config are extensible through the use of Caddy modules.\nFields which have a json.RawMessage type and which appear as dots (•••) in\nthe online docs can be fulfilled by modules in a certain module\nnamespace. The docs show which modules can be used in a given place.\n\nWhenever a module is used, its name must be given either inline as part of\nthe module, or as the key to the module's value. The docs will make it clear\nwhich to use.\n\nGenerally, all config settings are optional, as it is Caddy convention to\nhave good, documented default values. If a parameter is required, the docs\nshould say so.\n\nGo programs which are directly building a Config struct value should take\ncare to populate the JSON-encodable fields of the struct (i.e. the fields\nwith `json` struct tags) if employing the module lifecycle (e.g. Provision\nmethod calls).\n \n", + "type": "object", + "definitions": { + "admin.api.load": { + "description": "load: object\nModule: admin.api.load", + "markdownDescription": "load: `object` \nModule: `admin.api.load`", + "type": "object" + }, + "admin.api.metrics": { + "description": "metrics: object\nModule: admin.api.metrics\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/metrics#AdminMetrics", + "markdownDescription": "metrics: `object` \nModule: `admin.api.metrics` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/metrics#AdminMetrics)", + "type": "object" + }, + "admin.api.pki": { + "description": "pki: object\nModule: admin.api.pki", + "markdownDescription": "pki: `object` \nModule: `admin.api.pki`", + "type": "object" + }, + "admin.api.reverse_proxy": { + "description": "reverse_proxy: object\nModule: admin.api.reverse_proxy", + "markdownDescription": "reverse_proxy: `object` \nModule: `admin.api.reverse_proxy`", + "type": "object" + }, + "caddy.adapters.caddyfile": { + "description": "caddyfile: object\nModule: caddy.adapters.caddyfile", + "markdownDescription": "caddyfile: `object` \nModule: `caddy.adapters.caddyfile`", + "type": "object" + }, + "caddy.config_loaders.http": { + "description": "http: object\nModule: caddy.config_loaders.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/caddyconfig#HTTPLoader\nHTTPLoader can load Caddy configs over HTTP(S). It can adapt the config\nbased on the Content-Type header of the HTTP response.\n\n", + "markdownDescription": "http: `object` \nModule: `caddy.config_loaders.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/caddyconfig#HTTPLoader) \nHTTPLoader can load Caddy configs over HTTP(S). It can adapt the config\nbased on the Content-Type header of the HTTP response.\n \n", + "type": "object", + "properties": { + "header": { + "description": "header: object\nModule: caddy.config_loaders.http\nHTTP headers to add to the request.\n", + "markdownDescription": "header: `object` \nModule: `caddy.config_loaders.http` \nHTTP headers to add to the request. \n", + "type": "object", + "additionalProperties": { + "description": "HTTP headers to add to the request.\n", + "markdownDescription": "HTTP headers to add to the request. \n", + "type": "array", + "items": { + "type": "string" + } + } + }, + "method": { + "description": "method: string\nModule: caddy.config_loaders.http\nThe method for the request. Default: GET\n", + "markdownDescription": "method: `string` \nModule: `caddy.config_loaders.http` \nThe method for the request. Default: GET \n", + "type": "string" + }, + "timeout": { + "description": "timeout: number\nModule: caddy.config_loaders.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nMaximum time allowed for a complete connection and request.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "timeout: `number` \nModule: `caddy.config_loaders.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nMaximum time allowed for a complete connection and request.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "tls": { + "description": "tls: object\nModule: caddy.config_loaders.http\n", + "markdownDescription": "tls: `object` \nModule: `caddy.config_loaders.http` \n", + "type": "object", + "properties": { + "client_certificate_file": { + "description": "client_certificate_file: string\nModule: caddy.config_loaders.http\n", + "markdownDescription": "client_certificate_file: `string` \nModule: `caddy.config_loaders.http` \n", + "type": "string" + }, + "client_certificate_key_file": { + "description": "client_certificate_key_file: string\nModule: caddy.config_loaders.http\n", + "markdownDescription": "client_certificate_key_file: `string` \nModule: `caddy.config_loaders.http` \n", + "type": "string" + }, + "root_ca_pem_files": { + "description": "root_ca_pem_files: array\nModule: caddy.config_loaders.http\n", + "markdownDescription": "root_ca_pem_files: `array` \nModule: `caddy.config_loaders.http` \n", + "type": "array", + "items": { + "type": "string" + } + }, + "use_server_identity": { + "description": "use_server_identity: boolean\nModule: caddy.config_loaders.http\n", + "markdownDescription": "use_server_identity: `boolean` \nModule: `caddy.config_loaders.http` \n", + "type": "boolean" + } + } + }, + "url": { + "description": "url: string\nModule: caddy.config_loaders.http\nThe URL of the request.\n", + "markdownDescription": "url: `string` \nModule: `caddy.config_loaders.http` \nThe URL of the request. \n", + "type": "string" + } + } + }, + "caddy.listeners.http_redirect": { + "description": "http_redirect: object\nModule: caddy.listeners.http_redirect\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#HTTPRedirectListenerWrapper\nHTTPRedirectListenerWrapper provides HTTP-\u003eHTTPS redirects for\nconnections that come on the TLS port as an HTTP request,\nby detecting using the first few bytes that it's not a TLS\nhandshake, but instead an HTTP request.\n\nThis is especially useful when using a non-standard HTTPS port.\nA user may simply type the address in their browser without the\nhttps:// scheme, which would cause the browser to attempt the\nconnection over HTTP, but this would cause a \"Client sent an\nHTTP request to an HTTPS server\" error response.\n\nThis listener wrapper must be placed BEFORE the \"tls\" listener\nwrapper, for it to work properly.\n\n", + "markdownDescription": "http_redirect: `object` \nModule: `caddy.listeners.http_redirect` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#HTTPRedirectListenerWrapper) \nHTTPRedirectListenerWrapper provides HTTP-\u003eHTTPS redirects for\nconnections that come on the TLS port as an HTTP request,\nby detecting using the first few bytes that it's not a TLS\nhandshake, but instead an HTTP request.\n\nThis is especially useful when using a non-standard HTTPS port.\nA user may simply type the address in their browser without the\nhttps:// scheme, which would cause the browser to attempt the\nconnection over HTTP, but this would cause a \"Client sent an\nHTTP request to an HTTPS server\" error response.\n\nThis listener wrapper must be placed BEFORE the \"tls\" listener\nwrapper, for it to work properly.\n \n", + "type": "object" + }, + "caddy.listeners.tls": { + "description": "tls: object\nModule: caddy.listeners.tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#tlsPlaceholderWrapper\ntlsPlaceholderWrapper is a no-op listener wrapper that marks\nwhere the TLS listener should be in a chain of listener wrappers.\nIt should only be used if another listener wrapper must be placed\nin front of the TLS handshake.\n\n", + "markdownDescription": "tls: `object` \nModule: `caddy.listeners.tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#tlsPlaceholderWrapper) \ntlsPlaceholderWrapper is a no-op listener wrapper that marks\nwhere the TLS listener should be in a chain of listener wrappers.\nIt should only be used if another listener wrapper must be placed\nin front of the TLS handshake.\n \n", + "type": "object" + }, + "caddy.logging.encoders.console": { + "description": "console: object\nModule: caddy.logging.encoders.console\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#ConsoleEncoder\nConsoleEncoder encodes log entries that are mostly human-readable.\n\n", + "markdownDescription": "console: `object` \nModule: `caddy.logging.encoders.console` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#ConsoleEncoder) \nConsoleEncoder encodes log entries that are mostly human-readable.\n \n", + "type": "object", + "properties": { + "caller_key": { + "description": "caller_key: string\nModule: caddy.logging.encoders.console\n", + "markdownDescription": "caller_key: `string` \nModule: `caddy.logging.encoders.console` \n", + "type": "string" + }, + "duration_format": { + "description": "duration_format: string\nModule: caddy.logging.encoders.console\n", + "markdownDescription": "duration_format: `string` \nModule: `caddy.logging.encoders.console` \n", + "type": "string" + }, + "level_format": { + "description": "level_format: string\nModule: caddy.logging.encoders.console\n", + "markdownDescription": "level_format: `string` \nModule: `caddy.logging.encoders.console` \n", + "type": "string" + }, + "level_key": { + "description": "level_key: string\nModule: caddy.logging.encoders.console\n", + "markdownDescription": "level_key: `string` \nModule: `caddy.logging.encoders.console` \n", + "type": "string" + }, + "line_ending": { + "description": "line_ending: string\nModule: caddy.logging.encoders.console\n", + "markdownDescription": "line_ending: `string` \nModule: `caddy.logging.encoders.console` \n", + "type": "string" + }, + "message_key": { + "description": "message_key: string\nModule: caddy.logging.encoders.console\n", + "markdownDescription": "message_key: `string` \nModule: `caddy.logging.encoders.console` \n", + "type": "string" + }, + "name_key": { + "description": "name_key: string\nModule: caddy.logging.encoders.console\n", + "markdownDescription": "name_key: `string` \nModule: `caddy.logging.encoders.console` \n", + "type": "string" + }, + "stacktrace_key": { + "description": "stacktrace_key: string\nModule: caddy.logging.encoders.console\n", + "markdownDescription": "stacktrace_key: `string` \nModule: `caddy.logging.encoders.console` \n", + "type": "string" + }, + "time_format": { + "description": "time_format: string\nModule: caddy.logging.encoders.console\n", + "markdownDescription": "time_format: `string` \nModule: `caddy.logging.encoders.console` \n", + "type": "string" + }, + "time_key": { + "description": "time_key: string\nModule: caddy.logging.encoders.console\n", + "markdownDescription": "time_key: `string` \nModule: `caddy.logging.encoders.console` \n", + "type": "string" + } + } + }, + "caddy.logging.encoders.filter": { + "description": "filter: object\nModule: caddy.logging.encoders.filter\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#FilterEncoder\nFilterEncoder can filter (manipulate) fields on\nlog entries before they are actually encoded by\nan underlying encoder.\n\n", + "markdownDescription": "filter: `object` \nModule: `caddy.logging.encoders.filter` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#FilterEncoder) \nFilterEncoder can filter (manipulate) fields on\nlog entries before they are actually encoded by\nan underlying encoder.\n \n", + "type": "object", + "properties": { + "fields": { + "description": "fields: object\nModule: caddy.logging.encoders.filter\nA map of field names to their filters. Note that this\nis not a module map; the keys are field names.\n\nNested fields can be referenced by representing a\nlayer of nesting with `\u003e`. In other words, for an\nobject like `{\"a\":{\"b\":0}}`, the inner field can\nbe referenced as `a\u003eb`.\n\nThe following fields are fundamental to the log and\ncannot be filtered because they are added by the\nunderlying logging library as special cases: ts,\nlevel, logger, and msg.\n", + "markdownDescription": "fields: `object` \nModule: `caddy.logging.encoders.filter` \nA map of field names to their filters. Note that this\nis not a module map; the keys are field names.\n\nNested fields can be referenced by representing a\nlayer of nesting with `\u003e`. In other words, for an\nobject like `{\"a\":{\"b\":0}}`, the inner field can\nbe referenced as `a\u003eb`.\n\nThe following fields are fundamental to the log and\ncannot be filtered because they are added by the\nunderlying logging library as special cases: ts,\nlevel, logger, and msg. \n", + "type": "object", + "additionalProperties": { + "required": [ + "filter" + ], + "allOf": [ + { + "if": { + "properties": { + "filter": { + "const": "rename" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.filter.rename" + } + }, + { + "if": { + "properties": { + "filter": { + "const": "replace" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.filter.replace" + } + }, + { + "if": { + "properties": { + "filter": { + "const": "cookie" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.filter.cookie" + } + }, + { + "if": { + "properties": { + "filter": { + "const": "delete" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.filter.delete" + } + }, + { + "if": { + "properties": { + "filter": { + "const": "hash" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.filter.hash" + } + }, + { + "if": { + "properties": { + "filter": { + "const": "ip_mask" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.filter.ip_mask" + } + }, + { + "if": { + "properties": { + "filter": { + "const": "query" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.filter.query" + } + }, + { + "if": { + "properties": { + "filter": { + "const": "regexp" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.filter.regexp" + } + }, + { + "properties": { + "filter": { + "description": "key to identify fields module.\nfilter: string\nModule: caddy.logging.encoders.filter", + "markdownDescription": "key to identify `fields` module. \nfilter: `string` \nModule: `caddy.logging.encoders.filter`", + "type": "string", + "enum": [ + "rename", + "replace", + "cookie", + "delete", + "hash", + "ip_mask", + "query", + "regexp" + ] + } + } + } + ] + } + }, + "wrap": { + "description": "wrap: object\nModule: caddy.logging.encoders\nThe underlying encoder that actually\nencodes the log entries. Required.\n", + "markdownDescription": "wrap: `object` \nModule: `caddy.logging.encoders` \nThe underlying encoder that actually\nencodes the log entries. Required. \n", + "type": "object", + "required": [ + "format" + ], + "allOf": [ + { + "if": { + "properties": { + "format": { + "const": "json" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.json" + } + }, + { + "if": { + "properties": { + "format": { + "const": "console" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.console" + } + }, + { + "if": { + "properties": { + "format": { + "const": "filter" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.filter" + } + }, + { + "properties": { + "format": { + "description": "key to identify wrap module.\nformat: string\nModule: caddy.logging.encoders", + "markdownDescription": "key to identify `wrap` module. \nformat: `string` \nModule: `caddy.logging.encoders`", + "type": "string", + "enum": [ + "json", + "console", + "filter" + ] + } + } + } + ] + } + } + }, + "caddy.logging.encoders.filter.cookie": { + "description": "cookie: object\nModule: caddy.logging.encoders.filter.cookie\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#CookieFilter", + "markdownDescription": "cookie: `object` \nModule: `caddy.logging.encoders.filter.cookie` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#CookieFilter)", + "type": "object", + "properties": { + "actions": { + "description": "actions: array\nModule: caddy.logging.encoders.filter.cookie\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#CookieFilter", + "markdownDescription": "actions: `array` \nModule: `caddy.logging.encoders.filter.cookie` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#CookieFilter)", + "type": "array", + "items": { + "type": "object", + "properties": { + "name": { + "description": "name: string\nModule: caddy.logging.encoders.filter.cookie\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#CookieFilter", + "markdownDescription": "name: `string` \nModule: `caddy.logging.encoders.filter.cookie` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#CookieFilter)", + "type": "string" + }, + "type": { + "description": "type: string\nModule: caddy.logging.encoders.filter.cookie\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#CookieFilter", + "markdownDescription": "type: `string` \nModule: `caddy.logging.encoders.filter.cookie` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#CookieFilter)", + "type": "string" + }, + "value": { + "description": "value: string\nModule: caddy.logging.encoders.filter.cookie\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#CookieFilter", + "markdownDescription": "value: `string` \nModule: `caddy.logging.encoders.filter.cookie` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#CookieFilter)", + "type": "string" + } + } + } + } + } + }, + "caddy.logging.encoders.filter.delete": { + "description": "delete: object\nModule: caddy.logging.encoders.filter.delete\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#DeleteFilter", + "markdownDescription": "delete: `object` \nModule: `caddy.logging.encoders.filter.delete` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#DeleteFilter)", + "type": "object" + }, + "caddy.logging.encoders.filter.hash": { + "description": "hash: object\nModule: caddy.logging.encoders.filter.hash\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#HashFilter", + "markdownDescription": "hash: `object` \nModule: `caddy.logging.encoders.filter.hash` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#HashFilter)", + "type": "object" + }, + "caddy.logging.encoders.filter.ip_mask": { + "description": "ip_mask: object\nModule: caddy.logging.encoders.filter.ip_mask\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#IPMaskFilter", + "markdownDescription": "ip_mask: `object` \nModule: `caddy.logging.encoders.filter.ip_mask` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#IPMaskFilter)", + "type": "object", + "properties": { + "ipv4_cidr": { + "description": "ipv4_cidr: number\nModule: caddy.logging.encoders.filter.ip_mask\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#IPMaskFilter", + "markdownDescription": "ipv4_cidr: `number` \nModule: `caddy.logging.encoders.filter.ip_mask` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#IPMaskFilter)", + "type": "number" + }, + "ipv6_cidr": { + "description": "ipv6_cidr: number\nModule: caddy.logging.encoders.filter.ip_mask\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#IPMaskFilter", + "markdownDescription": "ipv6_cidr: `number` \nModule: `caddy.logging.encoders.filter.ip_mask` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#IPMaskFilter)", + "type": "number" + } + } + }, + "caddy.logging.encoders.filter.query": { + "description": "query: object\nModule: caddy.logging.encoders.filter.query\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#QueryFilter", + "markdownDescription": "query: `object` \nModule: `caddy.logging.encoders.filter.query` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#QueryFilter)", + "type": "object", + "properties": { + "actions": { + "description": "actions: array\nModule: caddy.logging.encoders.filter.query\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#QueryFilter", + "markdownDescription": "actions: `array` \nModule: `caddy.logging.encoders.filter.query` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#QueryFilter)", + "type": "array", + "items": { + "type": "object", + "properties": { + "parameter": { + "description": "parameter: string\nModule: caddy.logging.encoders.filter.query\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#QueryFilter", + "markdownDescription": "parameter: `string` \nModule: `caddy.logging.encoders.filter.query` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#QueryFilter)", + "type": "string" + }, + "type": { + "description": "type: string\nModule: caddy.logging.encoders.filter.query\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#QueryFilter", + "markdownDescription": "type: `string` \nModule: `caddy.logging.encoders.filter.query` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#QueryFilter)", + "type": "string" + }, + "value": { + "description": "value: string\nModule: caddy.logging.encoders.filter.query\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#QueryFilter", + "markdownDescription": "value: `string` \nModule: `caddy.logging.encoders.filter.query` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#QueryFilter)", + "type": "string" + } + } + } + } + } + }, + "caddy.logging.encoders.filter.regexp": { + "description": "regexp: object\nModule: caddy.logging.encoders.filter.regexp\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#RegexpFilter", + "markdownDescription": "regexp: `object` \nModule: `caddy.logging.encoders.filter.regexp` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#RegexpFilter)", + "type": "object", + "properties": { + "regexp": { + "description": "regexp: string\nModule: caddy.logging.encoders.filter.regexp\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#RegexpFilter", + "markdownDescription": "regexp: `string` \nModule: `caddy.logging.encoders.filter.regexp` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#RegexpFilter)", + "type": "string" + }, + "value": { + "description": "value: string\nModule: caddy.logging.encoders.filter.regexp\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#RegexpFilter", + "markdownDescription": "value: `string` \nModule: `caddy.logging.encoders.filter.regexp` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#RegexpFilter)", + "type": "string" + } + } + }, + "caddy.logging.encoders.filter.rename": { + "description": "rename: object\nModule: caddy.logging.encoders.filter.rename\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#RenameFilter", + "markdownDescription": "rename: `object` \nModule: `caddy.logging.encoders.filter.rename` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#RenameFilter)", + "type": "object", + "properties": { + "name": { + "description": "name: string\nModule: caddy.logging.encoders.filter.rename\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#RenameFilter", + "markdownDescription": "name: `string` \nModule: `caddy.logging.encoders.filter.rename` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#RenameFilter)", + "type": "string" + } + } + }, + "caddy.logging.encoders.filter.replace": { + "description": "replace: object\nModule: caddy.logging.encoders.filter.replace\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#ReplaceFilter", + "markdownDescription": "replace: `object` \nModule: `caddy.logging.encoders.filter.replace` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#ReplaceFilter)", + "type": "object", + "properties": { + "value": { + "description": "value: string\nModule: caddy.logging.encoders.filter.replace\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#ReplaceFilter", + "markdownDescription": "value: `string` \nModule: `caddy.logging.encoders.filter.replace` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#ReplaceFilter)", + "type": "string" + } + } + }, + "caddy.logging.encoders.json": { + "description": "json: object\nModule: caddy.logging.encoders.json\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#JSONEncoder\nJSONEncoder encodes entries as JSON.\n\n", + "markdownDescription": "json: `object` \nModule: `caddy.logging.encoders.json` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#JSONEncoder) \nJSONEncoder encodes entries as JSON.\n \n", + "type": "object", + "properties": { + "caller_key": { + "description": "caller_key: string\nModule: caddy.logging.encoders.json\n", + "markdownDescription": "caller_key: `string` \nModule: `caddy.logging.encoders.json` \n", + "type": "string" + }, + "duration_format": { + "description": "duration_format: string\nModule: caddy.logging.encoders.json\n", + "markdownDescription": "duration_format: `string` \nModule: `caddy.logging.encoders.json` \n", + "type": "string" + }, + "level_format": { + "description": "level_format: string\nModule: caddy.logging.encoders.json\n", + "markdownDescription": "level_format: `string` \nModule: `caddy.logging.encoders.json` \n", + "type": "string" + }, + "level_key": { + "description": "level_key: string\nModule: caddy.logging.encoders.json\n", + "markdownDescription": "level_key: `string` \nModule: `caddy.logging.encoders.json` \n", + "type": "string" + }, + "line_ending": { + "description": "line_ending: string\nModule: caddy.logging.encoders.json\n", + "markdownDescription": "line_ending: `string` \nModule: `caddy.logging.encoders.json` \n", + "type": "string" + }, + "message_key": { + "description": "message_key: string\nModule: caddy.logging.encoders.json\n", + "markdownDescription": "message_key: `string` \nModule: `caddy.logging.encoders.json` \n", + "type": "string" + }, + "name_key": { + "description": "name_key: string\nModule: caddy.logging.encoders.json\n", + "markdownDescription": "name_key: `string` \nModule: `caddy.logging.encoders.json` \n", + "type": "string" + }, + "stacktrace_key": { + "description": "stacktrace_key: string\nModule: caddy.logging.encoders.json\n", + "markdownDescription": "stacktrace_key: `string` \nModule: `caddy.logging.encoders.json` \n", + "type": "string" + }, + "time_format": { + "description": "time_format: string\nModule: caddy.logging.encoders.json\n", + "markdownDescription": "time_format: `string` \nModule: `caddy.logging.encoders.json` \n", + "type": "string" + }, + "time_key": { + "description": "time_key: string\nModule: caddy.logging.encoders.json\n", + "markdownDescription": "time_key: `string` \nModule: `caddy.logging.encoders.json` \n", + "type": "string" + } + } + }, + "caddy.logging.writers.discard": { + "description": "discard: object\nModule: caddy.logging.writers.discard\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#DiscardWriter\nDiscardWriter discards all writes.\n\n", + "markdownDescription": "discard: `object` \nModule: `caddy.logging.writers.discard` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#DiscardWriter) \nDiscardWriter discards all writes.\n \n", + "type": "object" + }, + "caddy.logging.writers.file": { + "description": "file: object\nModule: caddy.logging.writers.file\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#FileWriter\nFileWriter can write logs to files. By default, log files\nare rotated (\"rolled\") when they get large, and old log\nfiles get deleted, to ensure that the process does not\nexhaust disk space.\n\n", + "markdownDescription": "file: `object` \nModule: `caddy.logging.writers.file` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#FileWriter) \nFileWriter can write logs to files. By default, log files\nare rotated (\"rolled\") when they get large, and old log\nfiles get deleted, to ensure that the process does not\nexhaust disk space.\n \n", + "type": "object", + "properties": { + "filename": { + "description": "filename: string\nModule: caddy.logging.writers.file\nFilename is the name of the file to write.\n", + "markdownDescription": "filename: `string` \nModule: `caddy.logging.writers.file` \nFilename is the name of the file to write. \n", + "type": "string" + }, + "roll": { + "description": "roll: boolean\nModule: caddy.logging.writers.file\nRoll toggles log rolling or rotation, which is\nenabled by default.\n", + "markdownDescription": "roll: `boolean` \nModule: `caddy.logging.writers.file` \nRoll toggles log rolling or rotation, which is\nenabled by default. \n", + "type": "boolean" + }, + "roll_gzip": { + "description": "roll_gzip: boolean\nModule: caddy.logging.writers.file\nWhether to compress rolled files. Default: true\n", + "markdownDescription": "roll_gzip: `boolean` \nModule: `caddy.logging.writers.file` \nWhether to compress rolled files. Default: true \n", + "type": "boolean" + }, + "roll_keep": { + "description": "roll_keep: number\nModule: caddy.logging.writers.file\nThe maximum number of rolled log files to keep.\nDefault: 10\n", + "markdownDescription": "roll_keep: `number` \nModule: `caddy.logging.writers.file` \nThe maximum number of rolled log files to keep.\nDefault: 10 \n", + "type": "number" + }, + "roll_keep_days": { + "description": "roll_keep_days: number\nModule: caddy.logging.writers.file\nHow many days to keep rolled log files. Default: 90\n", + "markdownDescription": "roll_keep_days: `number` \nModule: `caddy.logging.writers.file` \nHow many days to keep rolled log files. Default: 90 \n", + "type": "number" + }, + "roll_local_time": { + "description": "roll_local_time: boolean\nModule: caddy.logging.writers.file\nWhether to use local timestamps in rolled filenames.\nDefault: false\n", + "markdownDescription": "roll_local_time: `boolean` \nModule: `caddy.logging.writers.file` \nWhether to use local timestamps in rolled filenames.\nDefault: false \n", + "type": "boolean" + }, + "roll_size_mb": { + "description": "roll_size_mb: number\nModule: caddy.logging.writers.file\nWhen a log file reaches approximately this size,\nit will be rotated.\n", + "markdownDescription": "roll_size_mb: `number` \nModule: `caddy.logging.writers.file` \nWhen a log file reaches approximately this size,\nit will be rotated. \n", + "type": "number" + } + } + }, + "caddy.logging.writers.net": { + "description": "net: object\nModule: caddy.logging.writers.net\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#NetWriter\nNetWriter implements a log writer that outputs to a network socket. If\nthe socket goes down, it will dump logs to stderr while it attempts to\nreconnect.\n\n", + "markdownDescription": "net: `object` \nModule: `caddy.logging.writers.net` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/logging#NetWriter) \nNetWriter implements a log writer that outputs to a network socket. If\nthe socket goes down, it will dump logs to stderr while it attempts to\nreconnect.\n \n", + "type": "object", + "properties": { + "address": { + "description": "address: string\nModule: caddy.logging.writers.net\nThe address of the network socket to which to connect.\n", + "markdownDescription": "address: `string` \nModule: `caddy.logging.writers.net` \nThe address of the network socket to which to connect. \n", + "type": "string" + }, + "dial_timeout": { + "description": "dial_timeout: number\nModule: caddy.logging.writers.net\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nThe timeout to wait while connecting to the socket.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "dial_timeout: `number` \nModule: `caddy.logging.writers.net` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nThe timeout to wait while connecting to the socket.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + } + } + }, + "caddy.logging.writers.stderr": { + "description": "stderr: object\nModule: caddy.logging.writers.stderr\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#StderrWriter\nStderrWriter writes logs to standard error.\n\n", + "markdownDescription": "stderr: `object` \nModule: `caddy.logging.writers.stderr` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#StderrWriter) \nStderrWriter writes logs to standard error.\n \n", + "type": "object" + }, + "caddy.logging.writers.stdout": { + "description": "stdout: object\nModule: caddy.logging.writers.stdout\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#StdoutWriter\nStdoutWriter writes logs to standard out.\n\n", + "markdownDescription": "stdout: `object` \nModule: `caddy.logging.writers.stdout` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#StdoutWriter) \nStdoutWriter writes logs to standard out.\n \n", + "type": "object" + }, + "caddy.storage.consul": { + "description": "consul: object\nModule: caddy.storage.consul\nhttps://pkg.go.dev/github.com/pteich/caddy-tlsconsul#ConsulStorage\nConsulStorage allows to store certificates and other TLS resources\nin a shared cluster environment using Consul's key/value-store.\nIt uses distributed locks to ensure consistency.\n\n", + "markdownDescription": "consul: `object` \nModule: `caddy.storage.consul` \n[godoc](https://pkg.go.dev/github.com/pteich/caddy-tlsconsul#ConsulStorage) \nConsulStorage allows to store certificates and other TLS resources\nin a shared cluster environment using Consul's key/value-store.\nIt uses distributed locks to ensure consistency.\n \n", + "type": "object", + "properties": { + "address": { + "description": "address: string\nModule: caddy.storage.consul\n", + "markdownDescription": "address: `string` \nModule: `caddy.storage.consul` \n", + "type": "string" + }, + "aes_key": { + "description": "aes_key: array\nModule: caddy.storage.consul\n", + "markdownDescription": "aes_key: `array` \nModule: `caddy.storage.consul` \n", + "type": "array", + "items": { + "type": "number" + } + }, + "prefix": { + "description": "prefix: string\nModule: caddy.storage.consul\n", + "markdownDescription": "prefix: `string` \nModule: `caddy.storage.consul` \n", + "type": "string" + }, + "timeout": { + "description": "timeout: number\nModule: caddy.storage.consul\n", + "markdownDescription": "timeout: `number` \nModule: `caddy.storage.consul` \n", + "type": "number" + }, + "tls_enabled": { + "description": "tls_enabled: boolean\nModule: caddy.storage.consul\n", + "markdownDescription": "tls_enabled: `boolean` \nModule: `caddy.storage.consul` \n", + "type": "boolean" + }, + "tls_insecure": { + "description": "tls_insecure: boolean\nModule: caddy.storage.consul\n", + "markdownDescription": "tls_insecure: `boolean` \nModule: `caddy.storage.consul` \n", + "type": "boolean" + }, + "token": { + "description": "token: string\nModule: caddy.storage.consul\n", + "markdownDescription": "token: `string` \nModule: `caddy.storage.consul` \n", + "type": "string" + }, + "value_prefix": { + "description": "value_prefix: string\nModule: caddy.storage.consul\n", + "markdownDescription": "value_prefix: `string` \nModule: `caddy.storage.consul` \n", + "type": "string" + } + } + }, + "caddy.storage.file_system": { + "description": "file_system: object\nModule: caddy.storage.file_system\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/filestorage#FileStorage\nFileStorage is a certmagic.Storage wrapper for certmagic.FileStorage.\n\n", + "markdownDescription": "file_system: `object` \nModule: `caddy.storage.file_system` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/filestorage#FileStorage) \nFileStorage is a certmagic.Storage wrapper for certmagic.FileStorage.\n \n", + "type": "object", + "properties": { + "root": { + "description": "root: string\nModule: caddy.storage.file_system\nThe base path to the folder used for storage.\n", + "markdownDescription": "root: `string` \nModule: `caddy.storage.file_system` \nThe base path to the folder used for storage. \n", + "type": "string" + } + } + }, + "http": { + "description": "http: object\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#App\nApp is a robust, production-ready HTTP server.\n\nHTTPS is enabled by default if host matchers with qualifying names are used\nin any of routes; certificates are automatically provisioned and renewed.\nAdditionally, automatic HTTPS will also enable HTTPS for servers that listen\nonly on the HTTPS port but which do not have any TLS connection policies\ndefined by adding a good, default TLS connection policy.\n\nIn HTTP routes, additional placeholders are available (replace any `*`):\n\nPlaceholder | Description\n------------|---------------\n`{http.request.body}` | The request body (⚠️ inefficient; use only for debugging)\n`{http.request.cookie.*}` | HTTP request cookie\n`{http.request.duration}` | Time up to now spent handling the request (after decoding headers from client)\n`{http.request.duration_ms}` | Same as 'duration', but in milliseconds.\n`{http.request.uuid}` | The request unique identifier\n`{http.request.header.*}` | Specific request header field\n`{http.request.host.labels.*}` | Request host labels (0-based from right); e.g. for foo.example.com: 0=com, 1=example, 2=foo\n`{http.request.host}` | The host part of the request's Host header\n`{http.request.hostport}` | The host and port from the request's Host header\n`{http.request.method}` | The request method\n`{http.request.orig_method}` | The request's original method\n`{http.request.orig_uri.path.dir}` | The request's original directory\n`{http.request.orig_uri.path.file}` | The request's original filename\n`{http.request.orig_uri.path}` | The request's original path\n`{http.request.orig_uri.query}` | The request's original query string (without `?`)\n`{http.request.orig_uri}` | The request's original URI\n`{http.request.port}` | The port part of the request's Host header\n`{http.request.proto}` | The protocol of the request\n`{http.request.remote.host}` | The host part of the remote client's address\n`{http.request.remote.port}` | The port part of the remote client's address\n`{http.request.remote}` | The address of the remote client\n`{http.request.scheme}` | The request scheme\n`{http.request.tls.version}` | The TLS version name\n`{http.request.tls.cipher_suite}` | The TLS cipher suite\n`{http.request.tls.resumed}` | The TLS connection resumed a previous connection\n`{http.request.tls.proto}` | The negotiated next protocol\n`{http.request.tls.proto_mutual}` | The negotiated next protocol was advertised by the server\n`{http.request.tls.server_name}` | The server name requested by the client, if any\n`{http.request.tls.client.fingerprint}` | The SHA256 checksum of the client certificate\n`{http.request.tls.client.public_key}` | The public key of the client certificate.\n`{http.request.tls.client.public_key_sha256}` | The SHA256 checksum of the client's public key.\n`{http.request.tls.client.certificate_pem}` | The PEM-encoded value of the certificate.\n`{http.request.tls.client.certificate_der_base64}` | The base64-encoded value of the certificate.\n`{http.request.tls.client.issuer}` | The issuer DN of the client certificate\n`{http.request.tls.client.serial}` | The serial number of the client certificate\n`{http.request.tls.client.subject}` | The subject DN of the client certificate\n`{http.request.tls.client.san.dns_names.*}` | SAN DNS names(index optional)\n`{http.request.tls.client.san.emails.*}` | SAN email addresses (index optional)\n`{http.request.tls.client.san.ips.*}` | SAN IP addresses (index optional)\n`{http.request.tls.client.san.uris.*}` | SAN URIs (index optional)\n`{http.request.uri.path.*}` | Parts of the path, split by `/` (0-based from left)\n`{http.request.uri.path.dir}` | The directory, excluding leaf filename\n`{http.request.uri.path.file}` | The filename of the path, excluding directory\n`{http.request.uri.path}` | The path component of the request URI\n`{http.request.uri.query.*}` | Individual query string value\n`{http.request.uri.query}` | The query string (without `?`)\n`{http.request.uri}` | The full request URI\n`{http.response.header.*}` | Specific response header field\n`{http.vars.*}` | Custom variables in the HTTP handler chain\n\n", + "markdownDescription": "http: `object` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#App) \nApp is a robust, production-ready HTTP server.\n\nHTTPS is enabled by default if host matchers with qualifying names are used\nin any of routes; certificates are automatically provisioned and renewed.\nAdditionally, automatic HTTPS will also enable HTTPS for servers that listen\nonly on the HTTPS port but which do not have any TLS connection policies\ndefined by adding a good, default TLS connection policy.\n\nIn HTTP routes, additional placeholders are available (replace any `*`):\n\nPlaceholder | Description\n------------|---------------\n`{http.request.body}` | The request body (⚠️ inefficient; use only for debugging)\n`{http.request.cookie.*}` | HTTP request cookie\n`{http.request.duration}` | Time up to now spent handling the request (after decoding headers from client)\n`{http.request.duration_ms}` | Same as 'duration', but in milliseconds.\n`{http.request.uuid}` | The request unique identifier\n`{http.request.header.*}` | Specific request header field\n`{http.request.host.labels.*}` | Request host labels (0-based from right); e.g. for foo.example.com: 0=com, 1=example, 2=foo\n`{http.request.host}` | The host part of the request's Host header\n`{http.request.hostport}` | The host and port from the request's Host header\n`{http.request.method}` | The request method\n`{http.request.orig_method}` | The request's original method\n`{http.request.orig_uri.path.dir}` | The request's original directory\n`{http.request.orig_uri.path.file}` | The request's original filename\n`{http.request.orig_uri.path}` | The request's original path\n`{http.request.orig_uri.query}` | The request's original query string (without `?`)\n`{http.request.orig_uri}` | The request's original URI\n`{http.request.port}` | The port part of the request's Host header\n`{http.request.proto}` | The protocol of the request\n`{http.request.remote.host}` | The host part of the remote client's address\n`{http.request.remote.port}` | The port part of the remote client's address\n`{http.request.remote}` | The address of the remote client\n`{http.request.scheme}` | The request scheme\n`{http.request.tls.version}` | The TLS version name\n`{http.request.tls.cipher_suite}` | The TLS cipher suite\n`{http.request.tls.resumed}` | The TLS connection resumed a previous connection\n`{http.request.tls.proto}` | The negotiated next protocol\n`{http.request.tls.proto_mutual}` | The negotiated next protocol was advertised by the server\n`{http.request.tls.server_name}` | The server name requested by the client, if any\n`{http.request.tls.client.fingerprint}` | The SHA256 checksum of the client certificate\n`{http.request.tls.client.public_key}` | The public key of the client certificate.\n`{http.request.tls.client.public_key_sha256}` | The SHA256 checksum of the client's public key.\n`{http.request.tls.client.certificate_pem}` | The PEM-encoded value of the certificate.\n`{http.request.tls.client.certificate_der_base64}` | The base64-encoded value of the certificate.\n`{http.request.tls.client.issuer}` | The issuer DN of the client certificate\n`{http.request.tls.client.serial}` | The serial number of the client certificate\n`{http.request.tls.client.subject}` | The subject DN of the client certificate\n`{http.request.tls.client.san.dns_names.*}` | SAN DNS names(index optional)\n`{http.request.tls.client.san.emails.*}` | SAN email addresses (index optional)\n`{http.request.tls.client.san.ips.*}` | SAN IP addresses (index optional)\n`{http.request.tls.client.san.uris.*}` | SAN URIs (index optional)\n`{http.request.uri.path.*}` | Parts of the path, split by `/` (0-based from left)\n`{http.request.uri.path.dir}` | The directory, excluding leaf filename\n`{http.request.uri.path.file}` | The filename of the path, excluding directory\n`{http.request.uri.path}` | The path component of the request URI\n`{http.request.uri.query.*}` | Individual query string value\n`{http.request.uri.query}` | The query string (without `?`)\n`{http.request.uri}` | The full request URI\n`{http.response.header.*}` | Specific response header field\n`{http.vars.*}` | Custom variables in the HTTP handler chain\n \n", + "type": "object", + "properties": { + "grace_period": { + "description": "grace_period: number\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nGracePeriod is how long to wait for active connections when shutting\ndown the server. Once the grace period is over, connections will\nbe forcefully closed.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "grace_period: `number` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nGracePeriod is how long to wait for active connections when shutting\ndown the server. Once the grace period is over, connections will\nbe forcefully closed.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "http_port": { + "description": "http_port: number\nModule: http\nHTTPPort specifies the port to use for HTTP (as opposed to HTTPS),\nwhich is used when setting up HTTP-\u003eHTTPS redirects or ACME HTTP\nchallenge solvers. Default: 80.\n", + "markdownDescription": "http_port: `number` \nModule: `http` \nHTTPPort specifies the port to use for HTTP (as opposed to HTTPS),\nwhich is used when setting up HTTP-\u003eHTTPS redirects or ACME HTTP\nchallenge solvers. Default: 80. \n", + "type": "number" + }, + "https_port": { + "description": "https_port: number\nModule: http\nHTTPSPort specifies the port to use for HTTPS, which is used when\nsolving the ACME TLS-ALPN challenges, or whenever HTTPS is needed\nbut no specific port number is given. Default: 443.\n", + "markdownDescription": "https_port: `number` \nModule: `http` \nHTTPSPort specifies the port to use for HTTPS, which is used when\nsolving the ACME TLS-ALPN challenges, or whenever HTTPS is needed\nbut no specific port number is given. Default: 443. \n", + "type": "number" + }, + "servers": { + "description": "servers: object\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Server\nServers is the list of servers, keyed by arbitrary names chosen\nat your discretion for your own convenience; the keys do not\naffect functionality.\n\n\nServer describes an HTTP server.\n", + "markdownDescription": "servers: `object` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Server) \nServers is the list of servers, keyed by arbitrary names chosen\nat your discretion for your own convenience; the keys do not\naffect functionality.\n\n\nServer describes an HTTP server. \n", + "type": "object", + "additionalProperties": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Server\nServers is the list of servers, keyed by arbitrary names chosen\nat your discretion for your own convenience; the keys do not\naffect functionality.\n\n\nServer describes an HTTP server.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Server) \nServers is the list of servers, keyed by arbitrary names chosen\nat your discretion for your own convenience; the keys do not\naffect functionality.\n\n\nServer describes an HTTP server. \n", + "properties": { + "allow_h2c": { + "description": "allow_h2c: boolean\nModule: http\nEnables H2C (\"Cleartext HTTP/2\" or \"H2 over TCP\") support,\nwhich will serve HTTP/2 over plaintext TCP connections if\nthe client supports it. Because this is not implemented by the\nGo standard library, using H2C is incompatible with most\nof the other options for this server. Do not enable this\nonly to achieve maximum client compatibility. In practice,\nvery few clients implement H2C, and even fewer require it.\nThis setting applies only to unencrypted HTTP listeners.\n⚠️ Experimental feature; subject to change or removal.\n", + "markdownDescription": "allow_h2c: `boolean` \nModule: `http` \nEnables H2C (\"Cleartext HTTP/2\" or \"H2 over TCP\") support,\nwhich will serve HTTP/2 over plaintext TCP connections if\nthe client supports it. Because this is not implemented by the\nGo standard library, using H2C is incompatible with most\nof the other options for this server. Do not enable this\nonly to achieve maximum client compatibility. In practice,\nvery few clients implement H2C, and even fewer require it.\nThis setting applies only to unencrypted HTTP listeners.\n⚠️ Experimental feature; subject to change or removal. \n", + "type": "boolean" + }, + "automatic_https": { + "description": "automatic_https: object\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#AutoHTTPSConfig\nAutoHTTPS configures or disables automatic HTTPS within this server.\nHTTPS is enabled automatically and by default when qualifying names\nare present in a Host matcher and/or when the server is listening\nonly on the HTTPS port.\n\n\nAutoHTTPSConfig is used to disable automatic HTTPS\nor certain aspects of it for a specific server.\nHTTPS is enabled automatically and by default when\nqualifying hostnames are available from the config.\n", + "markdownDescription": "automatic_https: `object` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#AutoHTTPSConfig) \nAutoHTTPS configures or disables automatic HTTPS within this server.\nHTTPS is enabled automatically and by default when qualifying names\nare present in a Host matcher and/or when the server is listening\nonly on the HTTPS port.\n\n\nAutoHTTPSConfig is used to disable automatic HTTPS\nor certain aspects of it for a specific server.\nHTTPS is enabled automatically and by default when\nqualifying hostnames are available from the config. \n", + "type": "object", + "properties": { + "disable": { + "description": "disable: boolean\nModule: http\nIf true, automatic HTTPS will be entirely disabled,\nincluding certificate management and redirects.\n", + "markdownDescription": "disable: `boolean` \nModule: `http` \nIf true, automatic HTTPS will be entirely disabled,\nincluding certificate management and redirects. \n", + "type": "boolean" + }, + "disable_certificates": { + "description": "disable_certificates: boolean\nModule: http\nIf true, automatic certificate management will be\ndisabled, but other auto-HTTPS features will\nremain enabled.\n", + "markdownDescription": "disable_certificates: `boolean` \nModule: `http` \nIf true, automatic certificate management will be\ndisabled, but other auto-HTTPS features will\nremain enabled. \n", + "type": "boolean" + }, + "disable_redirects": { + "description": "disable_redirects: boolean\nModule: http\nIf true, only automatic HTTP-\u003eHTTPS redirects will\nbe disabled, but other auto-HTTPS features will\nremain enabled.\n", + "markdownDescription": "disable_redirects: `boolean` \nModule: `http` \nIf true, only automatic HTTP-\u003eHTTPS redirects will\nbe disabled, but other auto-HTTPS features will\nremain enabled. \n", + "type": "boolean" + }, + "ignore_loaded_certificates": { + "description": "ignore_loaded_certificates: boolean\nModule: http\nBy default, automatic HTTPS will obtain and renew\ncertificates for qualifying hostnames. However, if\na certificate with a matching SAN is already loaded\ninto the cache, certificate management will not be\nenabled. To force automated certificate management\nregardless of loaded certificates, set this to true.\n", + "markdownDescription": "ignore_loaded_certificates: `boolean` \nModule: `http` \nBy default, automatic HTTPS will obtain and renew\ncertificates for qualifying hostnames. However, if\na certificate with a matching SAN is already loaded\ninto the cache, certificate management will not be\nenabled. To force automated certificate management\nregardless of loaded certificates, set this to true. \n", + "type": "boolean" + }, + "skip": { + "description": "skip: array\nModule: http\nHosts/domain names listed here will not be included\nin automatic HTTPS (they will not have certificates\nloaded nor redirects applied).\n", + "markdownDescription": "skip: `array` \nModule: `http` \nHosts/domain names listed here will not be included\nin automatic HTTPS (they will not have certificates\nloaded nor redirects applied). \n", + "type": "array", + "items": { + "description": "Hosts/domain names listed here will not be included\nin automatic HTTPS (they will not have certificates\nloaded nor redirects applied).\n", + "markdownDescription": "Hosts/domain names listed here will not be included\nin automatic HTTPS (they will not have certificates\nloaded nor redirects applied). \n", + "type": "string" + } + }, + "skip_certificates": { + "description": "skip_certificates: array\nModule: http\nHosts/domain names listed here will still be enabled\nfor automatic HTTPS (unless in the Skip list), except\nthat certificates will not be provisioned and managed\nfor these names.\n", + "markdownDescription": "skip_certificates: `array` \nModule: `http` \nHosts/domain names listed here will still be enabled\nfor automatic HTTPS (unless in the Skip list), except\nthat certificates will not be provisioned and managed\nfor these names. \n", + "type": "array", + "items": { + "description": "Hosts/domain names listed here will still be enabled\nfor automatic HTTPS (unless in the Skip list), except\nthat certificates will not be provisioned and managed\nfor these names.\n", + "markdownDescription": "Hosts/domain names listed here will still be enabled\nfor automatic HTTPS (unless in the Skip list), except\nthat certificates will not be provisioned and managed\nfor these names. \n", + "type": "string" + } + } + } + }, + "errors": { + "description": "errors: object\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#HTTPErrorConfig\nErrors is how this server will handle errors returned from any\nof the handlers in the primary routes. If the primary handler\nchain returns an error, the error along with its recommended\nstatus code are bubbled back up to the HTTP server which\nexecutes a separate error route, specified using this property.\nThe error routes work exactly like the normal routes.\n\n\nHTTPErrorConfig determines how to handle errors\nfrom the HTTP handlers.\n", + "markdownDescription": "errors: `object` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#HTTPErrorConfig) \nErrors is how this server will handle errors returned from any\nof the handlers in the primary routes. If the primary handler\nchain returns an error, the error along with its recommended\nstatus code are bubbled back up to the HTTP server which\nexecutes a separate error route, specified using this property.\nThe error routes work exactly like the normal routes.\n\n\nHTTPErrorConfig determines how to handle errors\nfrom the HTTP handlers. \n", + "type": "object", + "properties": { + "routes": { + "description": "routes: array\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route\nThe routes to evaluate after the primary handler\nchain returns an error. In an error route, extra\nplaceholders are available:\n\nPlaceholder | Description\n------------|---------------\n`{http.error.status_code}` | The recommended HTTP status code\n`{http.error.status_text}` | The status text associated with the recommended status code\n`{http.error.message}` | The error message\n`{http.error.trace}` | The origin of the error\n`{http.error.id}` | An identifier for this occurrence of the error\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner.\n", + "markdownDescription": "routes: `array` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route) \nThe routes to evaluate after the primary handler\nchain returns an error. In an error route, extra\nplaceholders are available:\n\nPlaceholder | Description\n------------|---------------\n`{http.error.status_code}` | The recommended HTTP status code\n`{http.error.status_text}` | The status text associated with the recommended status code\n`{http.error.message}` | The error message\n`{http.error.trace}` | The origin of the error\n`{http.error.id}` | An identifier for this occurrence of the error\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route\nThe routes to evaluate after the primary handler\nchain returns an error. In an error route, extra\nplaceholders are available:\n\nPlaceholder | Description\n------------|---------------\n`{http.error.status_code}` | The recommended HTTP status code\n`{http.error.status_text}` | The status text associated with the recommended status code\n`{http.error.message}` | The error message\n`{http.error.trace}` | The origin of the error\n`{http.error.id}` | An identifier for this occurrence of the error\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route) \nThe routes to evaluate after the primary handler\nchain returns an error. In an error route, extra\nplaceholders are available:\n\nPlaceholder | Description\n------------|---------------\n`{http.error.status_code}` | The recommended HTTP status code\n`{http.error.status_text}` | The status text associated with the recommended status code\n`{http.error.message}` | The error message\n`{http.error.trace}` | The origin of the error\n`{http.error.id}` | An identifier for this occurrence of the error\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner. \n", + "type": "object", + "properties": { + "group": { + "description": "group: string\nModule: http\nGroup is an optional name for a group to which this\nroute belongs. Grouping a route makes it mutually\nexclusive with others in its group; if a route belongs\nto a group, only the first matching route in that group\nwill be executed.\n", + "markdownDescription": "group: `string` \nModule: `http` \nGroup is an optional name for a group to which this\nroute belongs. Grouping a route makes it mutually\nexclusive with others in its group; if a route belongs\nto a group, only the first matching route in that group\nwill be executed. \n", + "type": "string" + }, + "handle": { + "description": "handle: array\nModule: http.handlers\nThe list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes.\n", + "markdownDescription": "handle: `array` \nModule: `http.handlers` \nThe list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes. \n", + "type": "array", + "items": { + "description": "The list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes.\n", + "markdownDescription": "The list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes. \n", + "required": [ + "handler" + ], + "allOf": [ + { + "if": { + "properties": { + "handler": { + "const": "headers" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.headers" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "metrics" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.metrics" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "request_body" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.request_body" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "rewrite" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.rewrite" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "subroute" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.subroute" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "tracing" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.tracing" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "encode" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.encode" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "static_response" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.static_response" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "authentication" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.authentication" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response_headers" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response_headers" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "error" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.error" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "file_server" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.file_server" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "map" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.map" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "reverse_proxy" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.reverse_proxy" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "templates" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.templates" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "acme_server" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.acme_server" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "vars" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.vars" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "push" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.push" + } + }, + { + "properties": { + "handler": { + "description": "key to identify handle module.\nhandler: string\nModule: http.handlers", + "markdownDescription": "key to identify `handle` module. \nhandler: `string` \nModule: `http.handlers`", + "type": "string", + "enum": [ + "headers", + "metrics", + "request_body", + "rewrite", + "subroute", + "tracing", + "encode", + "static_response", + "authentication", + "copy_response", + "copy_response_headers", + "error", + "file_server", + "map", + "reverse_proxy", + "templates", + "acme_server", + "vars", + "push" + ] + } + } + } + ] + } + }, + "match": { + "description": "match: array\nModule: http.matchers\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "match: `array` \nModule: `http.matchers` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "properties": { + "expression": { + "$ref": "#/definitions/http.matchers.expression" + }, + "file": { + "$ref": "#/definitions/http.matchers.file" + }, + "header": { + "$ref": "#/definitions/http.matchers.header" + }, + "header_regexp": { + "$ref": "#/definitions/http.matchers.header_regexp" + }, + "host": { + "$ref": "#/definitions/http.matchers.host" + }, + "method": { + "$ref": "#/definitions/http.matchers.method" + }, + "not": { + "$ref": "#/definitions/http.matchers.not" + }, + "path": { + "$ref": "#/definitions/http.matchers.path" + }, + "path_regexp": { + "$ref": "#/definitions/http.matchers.path_regexp" + }, + "protocol": { + "$ref": "#/definitions/http.matchers.protocol" + }, + "query": { + "$ref": "#/definitions/http.matchers.query" + }, + "remote_ip": { + "$ref": "#/definitions/http.matchers.remote_ip" + }, + "vars": { + "$ref": "#/definitions/http.matchers.vars" + }, + "vars_regexp": { + "$ref": "#/definitions/http.matchers.vars_regexp" + } + } + } + }, + "terminal": { + "description": "terminal: boolean\nModule: http\nIf true, no more routes will be executed after this one.\n", + "markdownDescription": "terminal: `boolean` \nModule: `http` \nIf true, no more routes will be executed after this one. \n", + "type": "boolean" + } + } + } + } + } + }, + "experimental_http3": { + "description": "experimental_http3: boolean\nModule: http\nEnable experimental HTTP/3 support. Note that HTTP/3 is not a\nfinished standard and has extremely limited client support.\nThis field is not subject to compatibility promises.\n", + "markdownDescription": "experimental_http3: `boolean` \nModule: `http` \nEnable experimental HTTP/3 support. Note that HTTP/3 is not a\nfinished standard and has extremely limited client support.\nThis field is not subject to compatibility promises. \n", + "type": "boolean" + }, + "idle_timeout": { + "description": "idle_timeout: number\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nIdleTimeout is the maximum time to wait for the next request\nwhen keep-alives are enabled. If zero, a default timeout of\n5m is applied to help avoid resource exhaustion.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "idle_timeout: `number` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nIdleTimeout is the maximum time to wait for the next request\nwhen keep-alives are enabled. If zero, a default timeout of\n5m is applied to help avoid resource exhaustion.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "listen": { + "description": "listen: array\nModule: http\nSocket addresses to which to bind listeners. Accepts\n[network addresses](/docs/conventions#network-addresses)\nthat may include port ranges. Listener addresses must\nbe unique; they cannot be repeated across all defined\nservers.\n", + "markdownDescription": "listen: `array` \nModule: `http` \nSocket addresses to which to bind listeners. Accepts\n[network addresses](/docs/conventions#network-addresses)\nthat may include port ranges. Listener addresses must\nbe unique; they cannot be repeated across all defined\nservers. \n", + "type": "array", + "items": { + "description": "Socket addresses to which to bind listeners. Accepts\n[network addresses](/docs/conventions#network-addresses)\nthat may include port ranges. Listener addresses must\nbe unique; they cannot be repeated across all defined\nservers.\n", + "markdownDescription": "Socket addresses to which to bind listeners. Accepts\n[network addresses](/docs/conventions#network-addresses)\nthat may include port ranges. Listener addresses must\nbe unique; they cannot be repeated across all defined\nservers. \n", + "type": "string" + } + }, + "listener_wrappers": { + "description": "listener_wrappers: array\nModule: caddy.listeners\nA list of listener wrapper modules, which can modify the behavior\nof the base listener. They are applied in the given order.\n", + "markdownDescription": "listener_wrappers: `array` \nModule: `caddy.listeners` \nA list of listener wrapper modules, which can modify the behavior\nof the base listener. They are applied in the given order. \n", + "type": "array", + "items": { + "description": "A list of listener wrapper modules, which can modify the behavior\nof the base listener. They are applied in the given order.\n", + "markdownDescription": "A list of listener wrapper modules, which can modify the behavior\nof the base listener. They are applied in the given order. \n", + "required": [ + "wrapper" + ], + "allOf": [ + { + "if": { + "properties": { + "wrapper": { + "const": "http_redirect" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.listeners.http_redirect" + } + }, + { + "if": { + "properties": { + "wrapper": { + "const": "tls" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.listeners.tls" + } + }, + { + "properties": { + "wrapper": { + "description": "key to identify listener_wrappers module.\nwrapper: string\nModule: caddy.listeners", + "markdownDescription": "key to identify `listener_wrappers` module. \nwrapper: `string` \nModule: `caddy.listeners`", + "type": "string", + "enum": [ + "http_redirect", + "tls" + ] + } + } + } + ] + } + }, + "logs": { + "description": "logs: object\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#ServerLogConfig\nEnables access logging and configures how access logs are handled\nin this server. To minimally enable access logs, simply set this\nto a non-null, empty struct.\n\n\nServerLogConfig describes a server's logging configuration. If\nenabled without customization, all requests to this server are\nlogged to the default logger; logger destinations may be\ncustomized per-request-host.\n", + "markdownDescription": "logs: `object` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#ServerLogConfig) \nEnables access logging and configures how access logs are handled\nin this server. To minimally enable access logs, simply set this\nto a non-null, empty struct.\n\n\nServerLogConfig describes a server's logging configuration. If\nenabled without customization, all requests to this server are\nlogged to the default logger; logger destinations may be\ncustomized per-request-host. \n", + "type": "object", + "properties": { + "default_logger_name": { + "description": "default_logger_name: string\nModule: http\nThe default logger name for all logs emitted by this server for\nhostnames that are not in the LoggerNames (logger_names) map.\n", + "markdownDescription": "default_logger_name: `string` \nModule: `http` \nThe default logger name for all logs emitted by this server for\nhostnames that are not in the LoggerNames (logger_names) map. \n", + "type": "string" + }, + "logger_names": { + "description": "logger_names: object\nModule: http\nLoggerNames maps request hostnames to a custom logger name.\nFor example, a mapping of \"example.com\" to \"example\" would\ncause access logs from requests with a Host of example.com\nto be emitted by a logger named \"http.log.access.example\".\n", + "markdownDescription": "logger_names: `object` \nModule: `http` \nLoggerNames maps request hostnames to a custom logger name.\nFor example, a mapping of \"example.com\" to \"example\" would\ncause access logs from requests with a Host of example.com\nto be emitted by a logger named \"http.log.access.example\". \n", + "type": "object", + "additionalProperties": { + "description": "LoggerNames maps request hostnames to a custom logger name.\nFor example, a mapping of \"example.com\" to \"example\" would\ncause access logs from requests with a Host of example.com\nto be emitted by a logger named \"http.log.access.example\".\n", + "markdownDescription": "LoggerNames maps request hostnames to a custom logger name.\nFor example, a mapping of \"example.com\" to \"example\" would\ncause access logs from requests with a Host of example.com\nto be emitted by a logger named \"http.log.access.example\". \n" + } + }, + "should_log_credentials": { + "description": "should_log_credentials: boolean\nModule: http\nIf true, credentials that are otherwise omitted, will be logged.\nThe definition of credentials is defined by https://fetch.spec.whatwg.org/#credentials,\nand this includes some request and response headers, i.e `Cookie`,\n`Set-Cookie`, `Authorization`, and `Proxy-Authorization`.\n", + "markdownDescription": "should_log_credentials: `boolean` \nModule: `http` \nIf true, credentials that are otherwise omitted, will be logged.\nThe definition of credentials is defined by https://fetch.spec.whatwg.org/#credentials,\nand this includes some request and response headers, i.e `Cookie`,\n`Set-Cookie`, `Authorization`, and `Proxy-Authorization`. \n", + "type": "boolean" + }, + "skip_hosts": { + "description": "skip_hosts: array\nModule: http\nBy default, all requests to this server will be logged if\naccess logging is enabled. This field lists the request\nhosts for which access logging should be disabled.\n", + "markdownDescription": "skip_hosts: `array` \nModule: `http` \nBy default, all requests to this server will be logged if\naccess logging is enabled. This field lists the request\nhosts for which access logging should be disabled. \n", + "type": "array", + "items": { + "description": "By default, all requests to this server will be logged if\naccess logging is enabled. This field lists the request\nhosts for which access logging should be disabled.\n", + "markdownDescription": "By default, all requests to this server will be logged if\naccess logging is enabled. This field lists the request\nhosts for which access logging should be disabled. \n", + "type": "string" + } + }, + "skip_unmapped_hosts": { + "description": "skip_unmapped_hosts: boolean\nModule: http\nIf true, requests to any host not appearing in the\nLoggerNames (logger_names) map will not be logged.\n", + "markdownDescription": "skip_unmapped_hosts: `boolean` \nModule: `http` \nIf true, requests to any host not appearing in the\nLoggerNames (logger_names) map will not be logged. \n", + "type": "boolean" + } + } + }, + "max_header_bytes": { + "description": "max_header_bytes: number\nModule: http\nMaxHeaderBytes is the maximum size to parse from a client's\nHTTP request headers.\n", + "markdownDescription": "max_header_bytes: `number` \nModule: `http` \nMaxHeaderBytes is the maximum size to parse from a client's\nHTTP request headers. \n", + "type": "number" + }, + "read_header_timeout": { + "description": "read_header_timeout: number\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nReadHeaderTimeout is like ReadTimeout but for request headers.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "read_header_timeout: `number` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nReadHeaderTimeout is like ReadTimeout but for request headers.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "read_timeout": { + "description": "read_timeout: number\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to allow a read from a client's upload. Setting this\nto a short, non-zero value can mitigate slowloris attacks, but\nmay also affect legitimately slow clients.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "read_timeout: `number` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to allow a read from a client's upload. Setting this\nto a short, non-zero value can mitigate slowloris attacks, but\nmay also affect legitimately slow clients.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "routes": { + "description": "routes: array\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route\nRoutes describes how this server will handle requests.\nRoutes are executed sequentially. First a route's matchers\nare evaluated, then its grouping. If it matches and has\nnot been mutually-excluded by its grouping, then its\nhandlers are executed sequentially. The sequence of invoked\nhandlers comprises a compiled middleware chain that flows\nfrom each matching route and its handlers to the next.\n\nBy default, all unrouted requests receive a 200 OK response\nto indicate the server is working.\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner.\n", + "markdownDescription": "routes: `array` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route) \nRoutes describes how this server will handle requests.\nRoutes are executed sequentially. First a route's matchers\nare evaluated, then its grouping. If it matches and has\nnot been mutually-excluded by its grouping, then its\nhandlers are executed sequentially. The sequence of invoked\nhandlers comprises a compiled middleware chain that flows\nfrom each matching route and its handlers to the next.\n\nBy default, all unrouted requests receive a 200 OK response\nto indicate the server is working.\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route\nRoutes describes how this server will handle requests.\nRoutes are executed sequentially. First a route's matchers\nare evaluated, then its grouping. If it matches and has\nnot been mutually-excluded by its grouping, then its\nhandlers are executed sequentially. The sequence of invoked\nhandlers comprises a compiled middleware chain that flows\nfrom each matching route and its handlers to the next.\n\nBy default, all unrouted requests receive a 200 OK response\nto indicate the server is working.\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route) \nRoutes describes how this server will handle requests.\nRoutes are executed sequentially. First a route's matchers\nare evaluated, then its grouping. If it matches and has\nnot been mutually-excluded by its grouping, then its\nhandlers are executed sequentially. The sequence of invoked\nhandlers comprises a compiled middleware chain that flows\nfrom each matching route and its handlers to the next.\n\nBy default, all unrouted requests receive a 200 OK response\nto indicate the server is working.\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner. \n", + "type": "object", + "properties": { + "group": { + "description": "group: string\nModule: http\nGroup is an optional name for a group to which this\nroute belongs. Grouping a route makes it mutually\nexclusive with others in its group; if a route belongs\nto a group, only the first matching route in that group\nwill be executed.\n", + "markdownDescription": "group: `string` \nModule: `http` \nGroup is an optional name for a group to which this\nroute belongs. Grouping a route makes it mutually\nexclusive with others in its group; if a route belongs\nto a group, only the first matching route in that group\nwill be executed. \n", + "type": "string" + }, + "handle": { + "description": "handle: array\nModule: http.handlers\nThe list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes.\n", + "markdownDescription": "handle: `array` \nModule: `http.handlers` \nThe list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes. \n", + "type": "array", + "items": { + "description": "The list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes.\n", + "markdownDescription": "The list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes. \n", + "required": [ + "handler" + ], + "allOf": [ + { + "if": { + "properties": { + "handler": { + "const": "encode" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.encode" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "headers" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.headers" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "metrics" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.metrics" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "request_body" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.request_body" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "rewrite" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.rewrite" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "subroute" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.subroute" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "tracing" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.tracing" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "authentication" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.authentication" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "static_response" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.static_response" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "acme_server" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.acme_server" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response_headers" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response_headers" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "error" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.error" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "file_server" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.file_server" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "map" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.map" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "reverse_proxy" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.reverse_proxy" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "templates" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.templates" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "push" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.push" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "vars" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.vars" + } + }, + { + "properties": { + "handler": { + "description": "key to identify handle module.\nhandler: string\nModule: http.handlers", + "markdownDescription": "key to identify `handle` module. \nhandler: `string` \nModule: `http.handlers`", + "type": "string", + "enum": [ + "encode", + "headers", + "metrics", + "request_body", + "rewrite", + "subroute", + "tracing", + "authentication", + "static_response", + "acme_server", + "copy_response", + "copy_response_headers", + "error", + "file_server", + "map", + "reverse_proxy", + "templates", + "push", + "vars" + ] + } + } + } + ] + } + }, + "match": { + "description": "match: array\nModule: http.matchers\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "match: `array` \nModule: `http.matchers` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "properties": { + "expression": { + "$ref": "#/definitions/http.matchers.expression" + }, + "file": { + "$ref": "#/definitions/http.matchers.file" + }, + "header": { + "$ref": "#/definitions/http.matchers.header" + }, + "header_regexp": { + "$ref": "#/definitions/http.matchers.header_regexp" + }, + "host": { + "$ref": "#/definitions/http.matchers.host" + }, + "method": { + "$ref": "#/definitions/http.matchers.method" + }, + "not": { + "$ref": "#/definitions/http.matchers.not" + }, + "path": { + "$ref": "#/definitions/http.matchers.path" + }, + "path_regexp": { + "$ref": "#/definitions/http.matchers.path_regexp" + }, + "protocol": { + "$ref": "#/definitions/http.matchers.protocol" + }, + "query": { + "$ref": "#/definitions/http.matchers.query" + }, + "remote_ip": { + "$ref": "#/definitions/http.matchers.remote_ip" + }, + "vars": { + "$ref": "#/definitions/http.matchers.vars" + }, + "vars_regexp": { + "$ref": "#/definitions/http.matchers.vars_regexp" + } + } + } + }, + "terminal": { + "description": "terminal: boolean\nModule: http\nIf true, no more routes will be executed after this one.\n", + "markdownDescription": "terminal: `boolean` \nModule: `http` \nIf true, no more routes will be executed after this one. \n", + "type": "boolean" + } + } + } + }, + "strict_sni_host": { + "description": "strict_sni_host: boolean\nModule: http\nIf true, will require that a request's Host header match\nthe value of the ServerName sent by the client's TLS\nClientHello; often a necessary safeguard when using TLS\nclient authentication.\n", + "markdownDescription": "strict_sni_host: `boolean` \nModule: `http` \nIf true, will require that a request's Host header match\nthe value of the ServerName sent by the client's TLS\nClientHello; often a necessary safeguard when using TLS\nclient authentication. \n", + "type": "boolean" + }, + "tls_connection_policies": { + "description": "tls_connection_policies: array\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ConnectionPolicy\nHow to handle TLS connections. At least one policy is\nrequired to enable HTTPS on this server if automatic\nHTTPS is disabled or does not apply.\n\n\nConnectionPolicy specifies the logic for handling a TLS handshake.\nAn empty policy is valid; safe and sensible defaults will be used.\n", + "markdownDescription": "tls_connection_policies: `array` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ConnectionPolicy) \nHow to handle TLS connections. At least one policy is\nrequired to enable HTTPS on this server if automatic\nHTTPS is disabled or does not apply.\n\n\nConnectionPolicy specifies the logic for handling a TLS handshake.\nAn empty policy is valid; safe and sensible defaults will be used. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ConnectionPolicy\nHow to handle TLS connections. At least one policy is\nrequired to enable HTTPS on this server if automatic\nHTTPS is disabled or does not apply.\n\n\nConnectionPolicy specifies the logic for handling a TLS handshake.\nAn empty policy is valid; safe and sensible defaults will be used.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ConnectionPolicy) \nHow to handle TLS connections. At least one policy is\nrequired to enable HTTPS on this server if automatic\nHTTPS is disabled or does not apply.\n\n\nConnectionPolicy specifies the logic for handling a TLS handshake.\nAn empty policy is valid; safe and sensible defaults will be used. \n", + "type": "object", + "properties": { + "alpn": { + "description": "alpn: array\nModule: http\nProtocols to use for Application-Layer Protocol\nNegotiation (ALPN) during the handshake.\n", + "markdownDescription": "alpn: `array` \nModule: `http` \nProtocols to use for Application-Layer Protocol\nNegotiation (ALPN) during the handshake. \n", + "type": "array", + "items": { + "description": "Protocols to use for Application-Layer Protocol\nNegotiation (ALPN) during the handshake.\n", + "markdownDescription": "Protocols to use for Application-Layer Protocol\nNegotiation (ALPN) during the handshake. \n", + "type": "string" + } + }, + "certificate_selection": { + "description": "certificate_selection: object\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CustomCertSelectionPolicy\nHow to choose a certificate if more than one matched\nthe given ServerName (SNI) value.\n\n\nCustomCertSelectionPolicy represents a policy for selecting the certificate\nused to complete a handshake when there may be multiple options. All fields\nspecified must match the candidate certificate for it to be chosen.\nThis was needed to solve https://github.com/caddyserver/caddy/issues/2588.\n", + "markdownDescription": "certificate_selection: `object` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CustomCertSelectionPolicy) \nHow to choose a certificate if more than one matched\nthe given ServerName (SNI) value.\n\n\nCustomCertSelectionPolicy represents a policy for selecting the certificate\nused to complete a handshake when there may be multiple options. All fields\nspecified must match the candidate certificate for it to be chosen.\nThis was needed to solve https://github.com/caddyserver/caddy/issues/2588. \n", + "type": "object", + "properties": { + "all_tags": { + "description": "all_tags: array\nModule: http\nThe certificate must have all of the tags in the list.\n", + "markdownDescription": "all_tags: `array` \nModule: `http` \nThe certificate must have all of the tags in the list. \n", + "type": "array", + "items": { + "description": "The certificate must have all of the tags in the list.\n", + "markdownDescription": "The certificate must have all of the tags in the list. \n", + "type": "string" + } + }, + "any_tag": { + "description": "any_tag: array\nModule: http\nThe certificate must have at least one of the tags in the list.\n", + "markdownDescription": "any_tag: `array` \nModule: `http` \nThe certificate must have at least one of the tags in the list. \n", + "type": "array", + "items": { + "description": "The certificate must have at least one of the tags in the list.\n", + "markdownDescription": "The certificate must have at least one of the tags in the list. \n", + "type": "string" + } + }, + "public_key_algorithm": { + "description": "public_key_algorithm: number\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#PublicKeyAlgorithm\nThe certificate must use this public key algorithm.\n\n\nPublicKeyAlgorithm is a JSON-unmarshalable wrapper type.\n", + "markdownDescription": "public_key_algorithm: `number` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#PublicKeyAlgorithm) \nThe certificate must use this public key algorithm.\n\n\nPublicKeyAlgorithm is a JSON-unmarshalable wrapper type. \n", + "type": "number" + }, + "serial_number": { + "description": "serial_number: array\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#bigInt\nThe certificate must have one of these serial numbers.\n\n\nbigInt is a big.Int type that interops with JSON encodings as a string.\n", + "markdownDescription": "serial_number: `array` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#bigInt) \nThe certificate must have one of these serial numbers.\n\n\nbigInt is a big.Int type that interops with JSON encodings as a string. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#bigInt\nThe certificate must have one of these serial numbers.\n\n\nbigInt is a big.Int type that interops with JSON encodings as a string.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#bigInt) \nThe certificate must have one of these serial numbers.\n\n\nbigInt is a big.Int type that interops with JSON encodings as a string. \n", + "type": "object" + } + }, + "subject_organization": { + "description": "subject_organization: array\nModule: http\nThe certificate must have one of these organization names.\n", + "markdownDescription": "subject_organization: `array` \nModule: `http` \nThe certificate must have one of these organization names. \n", + "type": "array", + "items": { + "description": "The certificate must have one of these organization names.\n", + "markdownDescription": "The certificate must have one of these organization names. \n", + "type": "string" + } + } + } + }, + "cipher_suites": { + "description": "cipher_suites: array\nModule: http\nThe list of cipher suites to support. Caddy's\ndefaults are modern and secure.\n", + "markdownDescription": "cipher_suites: `array` \nModule: `http` \nThe list of cipher suites to support. Caddy's\ndefaults are modern and secure. \n", + "type": "array", + "items": { + "description": "The list of cipher suites to support. Caddy's\ndefaults are modern and secure.\n", + "markdownDescription": "The list of cipher suites to support. Caddy's\ndefaults are modern and secure. \n", + "type": "string" + } + }, + "client_authentication": { + "description": "client_authentication: object\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ClientAuthentication\nEnables and configures TLS client authentication.\n\n\nClientAuthentication configures TLS client auth.\n", + "markdownDescription": "client_authentication: `object` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ClientAuthentication) \nEnables and configures TLS client authentication.\n\n\nClientAuthentication configures TLS client auth. \n", + "type": "object", + "properties": { + "mode": { + "description": "mode: string\nModule: http\nThe mode for authenticating the client. Allowed values are:\n\nMode | Description\n-----|---------------\n`request` | Ask clients for a certificate, but allow even if there isn't one; do not verify it\n`require` | Require clients to present a certificate, but do not verify it\n`verify_if_given` | Ask clients for a certificate; allow even if there isn't one, but verify it if there is\n`require_and_verify` | Require clients to present a valid certificate that is verified\n\nThe default mode is `require_and_verify` if any\nTrustedCACerts or TrustedCACertPEMFiles or TrustedLeafCerts\nare provided; otherwise, the default mode is `require`.\n", + "markdownDescription": "mode: `string` \nModule: `http` \nThe mode for authenticating the client. Allowed values are:\n\nMode | Description\n-----|---------------\n`request` | Ask clients for a certificate, but allow even if there isn't one; do not verify it\n`require` | Require clients to present a certificate, but do not verify it\n`verify_if_given` | Ask clients for a certificate; allow even if there isn't one, but verify it if there is\n`require_and_verify` | Require clients to present a valid certificate that is verified\n\nThe default mode is `require_and_verify` if any\nTrustedCACerts or TrustedCACertPEMFiles or TrustedLeafCerts\nare provided; otherwise, the default mode is `require`. \n", + "type": "string" + }, + "trusted_ca_certs": { + "description": "trusted_ca_certs: array\nModule: http\nA list of base64 DER-encoded CA certificates\nagainst which to validate client certificates.\nClient certs which are not signed by any of\nthese CAs will be rejected.\n", + "markdownDescription": "trusted_ca_certs: `array` \nModule: `http` \nA list of base64 DER-encoded CA certificates\nagainst which to validate client certificates.\nClient certs which are not signed by any of\nthese CAs will be rejected. \n", + "type": "array", + "items": { + "description": "A list of base64 DER-encoded CA certificates\nagainst which to validate client certificates.\nClient certs which are not signed by any of\nthese CAs will be rejected.\n", + "markdownDescription": "A list of base64 DER-encoded CA certificates\nagainst which to validate client certificates.\nClient certs which are not signed by any of\nthese CAs will be rejected. \n", + "type": "string" + } + }, + "trusted_ca_certs_pem_files": { + "description": "trusted_ca_certs_pem_files: array\nModule: http\nTrustedCACertPEMFiles is a list of PEM file names\nfrom which to load certificates of trusted CAs.\nClient certificates which are not signed by any of\nthese CA certificates will be rejected.\n", + "markdownDescription": "trusted_ca_certs_pem_files: `array` \nModule: `http` \nTrustedCACertPEMFiles is a list of PEM file names\nfrom which to load certificates of trusted CAs.\nClient certificates which are not signed by any of\nthese CA certificates will be rejected. \n", + "type": "array", + "items": { + "description": "TrustedCACertPEMFiles is a list of PEM file names\nfrom which to load certificates of trusted CAs.\nClient certificates which are not signed by any of\nthese CA certificates will be rejected.\n", + "markdownDescription": "TrustedCACertPEMFiles is a list of PEM file names\nfrom which to load certificates of trusted CAs.\nClient certificates which are not signed by any of\nthese CA certificates will be rejected. \n", + "type": "string" + } + }, + "trusted_leaf_certs": { + "description": "trusted_leaf_certs: array\nModule: http\nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected.\n", + "markdownDescription": "trusted_leaf_certs: `array` \nModule: `http` \nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected. \n", + "type": "array", + "items": { + "description": "A list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected.\n", + "markdownDescription": "A list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected. \n", + "type": "string" + } + }, + "verifiers": { + "description": "verifiers: array\nModule: tls.client_auth", + "markdownDescription": "verifiers: `array` \nModule: `tls.client_auth`", + "type": "array", + "items": { + "required": [ + "verifier" + ], + "allOf": [ + { + "if": { + "properties": { + "verifier": { + "const": "leaf" + } + } + }, + "then": { + "$ref": "#/definitions/tls.client_auth.leaf" + } + }, + { + "properties": { + "verifier": { + "description": "key to identify verifiers module.\nverifier: string\nModule: tls.client_auth", + "markdownDescription": "key to identify `verifiers` module. \nverifier: `string` \nModule: `tls.client_auth`", + "type": "string", + "enum": [ + "leaf" + ] + } + } + } + ] + } + } + } + }, + "curves": { + "description": "curves: array\nModule: http\nThe list of elliptic curves to support. Caddy's\ndefaults are modern and secure.\n", + "markdownDescription": "curves: `array` \nModule: `http` \nThe list of elliptic curves to support. Caddy's\ndefaults are modern and secure. \n", + "type": "array", + "items": { + "description": "The list of elliptic curves to support. Caddy's\ndefaults are modern and secure.\n", + "markdownDescription": "The list of elliptic curves to support. Caddy's\ndefaults are modern and secure. \n", + "type": "string" + } + }, + "default_sni": { + "description": "default_sni: string\nModule: http\nDefaultSNI becomes the ServerName in a ClientHello if there\nis no policy configured for the empty SNI value.\n", + "markdownDescription": "default_sni: `string` \nModule: `http` \nDefaultSNI becomes the ServerName in a ClientHello if there\nis no policy configured for the empty SNI value. \n", + "type": "string" + }, + "match": { + "description": "match: object\nModule: tls.handshake_match\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nHow to match this policy with a TLS ClientHello. If\nthis policy is the first to match, it will be used.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "match: `object` \nModule: `tls.handshake_match` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nHow to match this policy with a TLS ClientHello. If\nthis policy is the first to match, it will be used.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "type": "object", + "properties": { + "alpn": { + "$ref": "#/definitions/tls.handshake_match.alpn" + }, + "remote_ip": { + "$ref": "#/definitions/tls.handshake_match.remote_ip" + }, + "sni": { + "$ref": "#/definitions/tls.handshake_match.sni" + } + } + }, + "protocol_max": { + "description": "protocol_max: string\nModule: http\nMaximum TLS protocol version to allow. Default: `tls1.3`\n", + "markdownDescription": "protocol_max: `string` \nModule: `http` \nMaximum TLS protocol version to allow. Default: `tls1.3` \n", + "type": "string" + }, + "protocol_min": { + "description": "protocol_min: string\nModule: http\nMinimum TLS protocol version to allow. Default: `tls1.2`\n", + "markdownDescription": "protocol_min: `string` \nModule: `http` \nMinimum TLS protocol version to allow. Default: `tls1.2` \n", + "type": "string" + } + } + } + }, + "write_timeout": { + "description": "write_timeout: number\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nWriteTimeout is how long to allow a write to a client. Note\nthat setting this to a small value when serving large files\nmay negatively affect legitimately slow clients.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "write_timeout: `number` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nWriteTimeout is how long to allow a write to a client. Note\nthat setting this to a small value when serving large files\nmay negatively affect legitimately slow clients.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + } + } + } + } + } + }, + "http.authentication.hashes.bcrypt": { + "description": "bcrypt: object\nModule: http.authentication.hashes.bcrypt\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#BcryptHash", + "markdownDescription": "bcrypt: `object` \nModule: `http.authentication.hashes.bcrypt` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#BcryptHash)", + "type": "object" + }, + "http.authentication.hashes.scrypt": { + "description": "scrypt: object\nModule: http.authentication.hashes.scrypt\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#ScryptHash", + "markdownDescription": "scrypt: `object` \nModule: `http.authentication.hashes.scrypt` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#ScryptHash)", + "type": "object", + "properties": { + "N": { + "description": "N: number\nModule: http.authentication.hashes.scrypt\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#ScryptHash", + "markdownDescription": "N: `number` \nModule: `http.authentication.hashes.scrypt` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#ScryptHash)", + "type": "number" + }, + "key_length": { + "description": "key_length: number\nModule: http.authentication.hashes.scrypt\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#ScryptHash", + "markdownDescription": "key_length: `number` \nModule: `http.authentication.hashes.scrypt` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#ScryptHash)", + "type": "number" + }, + "p": { + "description": "p: number\nModule: http.authentication.hashes.scrypt\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#ScryptHash", + "markdownDescription": "p: `number` \nModule: `http.authentication.hashes.scrypt` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#ScryptHash)", + "type": "number" + }, + "r": { + "description": "r: number\nModule: http.authentication.hashes.scrypt\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#ScryptHash", + "markdownDescription": "r: `number` \nModule: `http.authentication.hashes.scrypt` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#ScryptHash)", + "type": "number" + } + } + }, + "http.authentication.providers.http_basic": { + "description": "http_basic: object\nModule: http.authentication.providers.http_basic\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth", + "markdownDescription": "http_basic: `object` \nModule: `http.authentication.providers.http_basic` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth)", + "type": "object", + "properties": { + "accounts": { + "description": "accounts: array\nModule: http.authentication.providers.http_basic\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth", + "markdownDescription": "accounts: `array` \nModule: `http.authentication.providers.http_basic` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth)", + "type": "array", + "items": { + "type": "object", + "properties": { + "password": { + "description": "password: string\nModule: http.authentication.providers.http_basic\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth", + "markdownDescription": "password: `string` \nModule: `http.authentication.providers.http_basic` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth)", + "type": "string" + }, + "salt": { + "description": "salt: string\nModule: http.authentication.providers.http_basic\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth", + "markdownDescription": "salt: `string` \nModule: `http.authentication.providers.http_basic` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth)", + "type": "string" + }, + "username": { + "description": "username: string\nModule: http.authentication.providers.http_basic\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth", + "markdownDescription": "username: `string` \nModule: `http.authentication.providers.http_basic` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth)", + "type": "string" + } + } + } + }, + "hash": { + "description": "hash: object\nModule: http.authentication.hashes", + "markdownDescription": "hash: `object` \nModule: `http.authentication.hashes`", + "type": "object", + "required": [ + "algorithm" + ], + "allOf": [ + { + "if": { + "properties": { + "algorithm": { + "const": "bcrypt" + } + } + }, + "then": { + "$ref": "#/definitions/http.authentication.hashes.bcrypt" + } + }, + { + "if": { + "properties": { + "algorithm": { + "const": "scrypt" + } + } + }, + "then": { + "$ref": "#/definitions/http.authentication.hashes.scrypt" + } + }, + { + "properties": { + "algorithm": { + "description": "key to identify hash module.\nalgorithm: string\nModule: http.authentication.hashes", + "markdownDescription": "key to identify `hash` module. \nalgorithm: `string` \nModule: `http.authentication.hashes`", + "type": "string", + "enum": [ + "bcrypt", + "scrypt" + ] + } + } + } + ] + }, + "hash_cache": { + "description": "hash_cache: object\nModule: http.authentication.providers.http_basic\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth", + "markdownDescription": "hash_cache: `object` \nModule: `http.authentication.providers.http_basic` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth)", + "type": "object" + }, + "realm": { + "description": "realm: string\nModule: http.authentication.providers.http_basic\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth", + "markdownDescription": "realm: `string` \nModule: `http.authentication.providers.http_basic` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth)", + "type": "string" + } + } + }, + "http.encoders.gzip": { + "description": "gzip: object\nModule: http.encoders.gzip\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/gzip#Gzip", + "markdownDescription": "gzip: `object` \nModule: `http.encoders.gzip` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/gzip#Gzip)", + "type": "object", + "properties": { + "level": { + "description": "level: number\nModule: http.encoders.gzip\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/gzip#Gzip", + "markdownDescription": "level: `number` \nModule: `http.encoders.gzip` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/gzip#Gzip)", + "type": "number" + } + } + }, + "http.encoders.zstd": { + "description": "zstd: object\nModule: http.encoders.zstd\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/zstd#Zstd", + "markdownDescription": "zstd: `object` \nModule: `http.encoders.zstd` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/zstd#Zstd)", + "type": "object" + }, + "http.handlers.acme_server": { + "description": "acme_server: object\nModule: http.handlers.acme_server\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddypki/acmeserver#Handler\nHandler is an ACME server handler.\n\n", + "markdownDescription": "acme_server: `object` \nModule: `http.handlers.acme_server` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddypki/acmeserver#Handler) \nHandler is an ACME server handler.\n \n", + "type": "object", + "properties": { + "ca": { + "description": "ca: string\nModule: http.handlers.acme_server\nThe ID of the CA to use for signing. This refers to\nthe ID given to the CA in the `pki` app. If omitted,\nthe default ID is \"local\".\n", + "markdownDescription": "ca: `string` \nModule: `http.handlers.acme_server` \nThe ID of the CA to use for signing. This refers to\nthe ID given to the CA in the `pki` app. If omitted,\nthe default ID is \"local\". \n", + "type": "string" + }, + "host": { + "description": "host: string\nModule: http.handlers.acme_server\nThe hostname or IP address by which ACME clients\nwill access the server. This is used to populate\nthe ACME directory endpoint. If not set, the Host\nheader of the request will be used.\nCOMPATIBILITY NOTE / TODO: This property may go away in the\nfuture. Do not rely on this property long-term; check release notes.\n", + "markdownDescription": "host: `string` \nModule: `http.handlers.acme_server` \nThe hostname or IP address by which ACME clients\nwill access the server. This is used to populate\nthe ACME directory endpoint. If not set, the Host\nheader of the request will be used.\nCOMPATIBILITY NOTE / TODO: This property may go away in the\nfuture. Do not rely on this property long-term; check release notes. \n", + "type": "string" + }, + "path_prefix": { + "description": "path_prefix: string\nModule: http.handlers.acme_server\nThe path prefix under which to serve all ACME\nendpoints. All other requests will not be served\nby this handler and will be passed through to\nthe next one. Default: \"/acme/\".\nCOMPATIBILITY NOTE / TODO: This property may go away in the\nfuture, as it is currently only required due to\nlimitations in the underlying library. Do not rely\non this property long-term; check release notes.\n", + "markdownDescription": "path_prefix: `string` \nModule: `http.handlers.acme_server` \nThe path prefix under which to serve all ACME\nendpoints. All other requests will not be served\nby this handler and will be passed through to\nthe next one. Default: \"/acme/\".\nCOMPATIBILITY NOTE / TODO: This property may go away in the\nfuture, as it is currently only required due to\nlimitations in the underlying library. Do not rely\non this property long-term; check release notes. \n", + "type": "string" + }, + "sign_with_root": { + "description": "sign_with_root: boolean\nModule: http.handlers.acme_server\nIf true, the CA's root will be the issuer instead of\nthe intermediate. This is NOT recommended and should\nonly be used when devices/clients do not properly\nvalidate certificate chains. EXPERIMENTAL: Might be\nchanged or removed in the future.\n", + "markdownDescription": "sign_with_root: `boolean` \nModule: `http.handlers.acme_server` \nIf true, the CA's root will be the issuer instead of\nthe intermediate. This is NOT recommended and should\nonly be used when devices/clients do not properly\nvalidate certificate chains. EXPERIMENTAL: Might be\nchanged or removed in the future. \n", + "type": "boolean" + } + } + }, + "http.handlers.authentication": { + "description": "authentication: object\nModule: http.handlers.authentication\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#Authentication\nAuthentication is a middleware which provides user authentication.\nRejects requests with HTTP 401 if the request is not authenticated.\n\nAfter a successful authentication, the placeholder\n`{http.auth.user.id}` will be set to the username, and also\n`{http.auth.user.*}` placeholders may be set for any authentication\nmodules that provide user metadata.\n\nIts API is still experimental and may be subject to change.\n\n", + "markdownDescription": "authentication: `object` \nModule: `http.handlers.authentication` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#Authentication) \nAuthentication is a middleware which provides user authentication.\nRejects requests with HTTP 401 if the request is not authenticated.\n\nAfter a successful authentication, the placeholder\n`{http.auth.user.id}` will be set to the username, and also\n`{http.auth.user.*}` placeholders may be set for any authentication\nmodules that provide user metadata.\n\nIts API is still experimental and may be subject to change.\n \n", + "type": "object", + "properties": { + "providers": { + "description": "providers: object\nModule: http.authentication.providers\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nA set of authentication providers. If none are specified,\nall requests will always be unauthenticated.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "providers: `object` \nModule: `http.authentication.providers` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nA set of authentication providers. If none are specified,\nall requests will always be unauthenticated.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "type": "object", + "properties": { + "http_basic": { + "$ref": "#/definitions/http.authentication.providers.http_basic" + } + } + } + } + }, + "http.handlers.copy_response": { + "description": "copy_response: object\nModule: http.handlers.copy_response\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#CopyResponseHandler\nCopyResponseHandler is a special HTTP handler which may\nonly be used within reverse_proxy's handle_response routes,\nto copy the proxy response. EXPERIMENTAL, subject to change.\n\n", + "markdownDescription": "copy_response: `object` \nModule: `http.handlers.copy_response` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#CopyResponseHandler) \nCopyResponseHandler is a special HTTP handler which may\nonly be used within reverse_proxy's handle_response routes,\nto copy the proxy response. EXPERIMENTAL, subject to change.\n \n", + "type": "object", + "properties": { + "status_code": { + "description": "status_code: string\nModule: http.handlers.copy_response\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#WeakString\nTo write the upstream response's body but with a different\nstatus code, set this field to the desired status code.\n\n\nWeakString is a type that unmarshals any JSON value\nas a string literal, with the following exceptions:\n\n1. actual string values are decoded as strings; and\n2. null is decoded as empty string;\n\nand provides methods for getting the value as various\nprimitive types. However, using this type removes any\ntype safety as far as deserializing JSON is concerned.\n", + "markdownDescription": "status_code: `string` \nModule: `http.handlers.copy_response` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#WeakString) \nTo write the upstream response's body but with a different\nstatus code, set this field to the desired status code.\n\n\nWeakString is a type that unmarshals any JSON value\nas a string literal, with the following exceptions:\n\n1. actual string values are decoded as strings; and\n2. null is decoded as empty string;\n\nand provides methods for getting the value as various\nprimitive types. However, using this type removes any\ntype safety as far as deserializing JSON is concerned. \n", + "type": "string" + } + } + }, + "http.handlers.copy_response_headers": { + "description": "copy_response_headers: object\nModule: http.handlers.copy_response_headers\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#CopyResponseHeadersHandler\nCopyResponseHeadersHandler is a special HTTP handler which may\nonly be used within reverse_proxy's handle_response routes,\nto copy headers from the proxy response. EXPERIMENTAL;\nsubject to change.\n\n", + "markdownDescription": "copy_response_headers: `object` \nModule: `http.handlers.copy_response_headers` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#CopyResponseHeadersHandler) \nCopyResponseHeadersHandler is a special HTTP handler which may\nonly be used within reverse_proxy's handle_response routes,\nto copy headers from the proxy response. EXPERIMENTAL;\nsubject to change.\n \n", + "type": "object", + "properties": { + "exclude": { + "description": "exclude: array\nModule: http.handlers.copy_response_headers\nA list of header fields to skip copying from the response.\nCannot be defined at the same time as Include.\n", + "markdownDescription": "exclude: `array` \nModule: `http.handlers.copy_response_headers` \nA list of header fields to skip copying from the response.\nCannot be defined at the same time as Include. \n", + "type": "array", + "items": { + "description": "A list of header fields to skip copying from the response.\nCannot be defined at the same time as Include.\n", + "markdownDescription": "A list of header fields to skip copying from the response.\nCannot be defined at the same time as Include. \n", + "type": "string" + } + }, + "include": { + "description": "include: array\nModule: http.handlers.copy_response_headers\nA list of header fields to copy from the response.\nCannot be defined at the same time as Exclude.\n", + "markdownDescription": "include: `array` \nModule: `http.handlers.copy_response_headers` \nA list of header fields to copy from the response.\nCannot be defined at the same time as Exclude. \n", + "type": "array", + "items": { + "description": "A list of header fields to copy from the response.\nCannot be defined at the same time as Exclude.\n", + "markdownDescription": "A list of header fields to copy from the response.\nCannot be defined at the same time as Exclude. \n", + "type": "string" + } + } + } + }, + "http.handlers.encode": { + "description": "encode: object\nModule: http.handlers.encode\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode#Encode\nEncode is a middleware which can encode responses.\n\n", + "markdownDescription": "encode: `object` \nModule: `http.handlers.encode` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode#Encode) \nEncode is a middleware which can encode responses.\n \n", + "type": "object", + "properties": { + "encodings": { + "description": "encodings: object\nModule: http.encoders\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nSelection of compression algorithms to choose from. The best one\nwill be chosen based on the client's Accept-Encoding header.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "encodings: `object` \nModule: `http.encoders` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nSelection of compression algorithms to choose from. The best one\nwill be chosen based on the client's Accept-Encoding header.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "type": "object", + "properties": { + "gzip": { + "$ref": "#/definitions/http.encoders.gzip" + }, + "zstd": { + "$ref": "#/definitions/http.encoders.zstd" + } + } + }, + "match": { + "description": "match: object\nModule: http.handlers.encode\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#ResponseMatcher\nOnly encode responses that match against this ResponseMmatcher.\nThe default is a collection of text-based Content-Type headers.\n\n\nResponseMatcher is a type which can determine if an\nHTTP response matches some criteria.\n", + "markdownDescription": "match: `object` \nModule: `http.handlers.encode` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#ResponseMatcher) \nOnly encode responses that match against this ResponseMmatcher.\nThe default is a collection of text-based Content-Type headers.\n\n\nResponseMatcher is a type which can determine if an\nHTTP response matches some criteria. \n", + "type": "object", + "properties": { + "headers": { + "description": "headers: object\nModule: http.handlers.encode\nIf set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/).\n", + "markdownDescription": "headers: `object` \nModule: `http.handlers.encode` \nIf set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/). \n", + "type": "object", + "additionalProperties": { + "description": "If set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/).\n", + "markdownDescription": "If set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/). \n", + "type": "array", + "items": { + "type": "string" + } + } + }, + "status_code": { + "description": "status_code: array\nModule: http.handlers.encode\nIf set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes).\n", + "markdownDescription": "status_code: `array` \nModule: `http.handlers.encode` \nIf set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes). \n", + "type": "array", + "items": { + "description": "If set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes).\n", + "markdownDescription": "If set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes). \n", + "type": "number" + } + } + } + }, + "minimum_length": { + "description": "minimum_length: number\nModule: http.handlers.encode\nOnly encode responses that are at least this many bytes long.\n", + "markdownDescription": "minimum_length: `number` \nModule: `http.handlers.encode` \nOnly encode responses that are at least this many bytes long. \n", + "type": "number" + }, + "prefer": { + "description": "prefer: array\nModule: http.handlers.encode\nIf the client has no strong preference, choose these encodings in order.\n", + "markdownDescription": "prefer: `array` \nModule: `http.handlers.encode` \nIf the client has no strong preference, choose these encodings in order. \n", + "type": "array", + "items": { + "description": "If the client has no strong preference, choose these encodings in order.\n", + "markdownDescription": "If the client has no strong preference, choose these encodings in order. \n", + "type": "string" + } + } + } + }, + "http.handlers.error": { + "description": "error: object\nModule: http.handlers.error\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#StaticError\nStaticError implements a simple handler that returns an error.\nThis handler returns an error value, but does not write a response.\nThis is useful when you want the server to act as if an error\noccurred; for example, to invoke your custom error handling logic.\n\nSince this handler does not write a response, the error information\nis for use by the server to know how to handle the error.\n\n", + "markdownDescription": "error: `object` \nModule: `http.handlers.error` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#StaticError) \nStaticError implements a simple handler that returns an error.\nThis handler returns an error value, but does not write a response.\nThis is useful when you want the server to act as if an error\noccurred; for example, to invoke your custom error handling logic.\n\nSince this handler does not write a response, the error information\nis for use by the server to know how to handle the error.\n \n", + "type": "object", + "properties": { + "error": { + "description": "error: string\nModule: http.handlers.error\nThe error message. Optional. Default is no error message.\n", + "markdownDescription": "error: `string` \nModule: `http.handlers.error` \nThe error message. Optional. Default is no error message. \n", + "type": "string" + }, + "status_code": { + "description": "status_code: string\nModule: http.handlers.error\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#WeakString\nThe recommended HTTP status code. Can be either an integer or a\nstring if placeholders are needed. Optional. Default is 500.\n\n\nWeakString is a type that unmarshals any JSON value\nas a string literal, with the following exceptions:\n\n1. actual string values are decoded as strings; and\n2. null is decoded as empty string;\n\nand provides methods for getting the value as various\nprimitive types. However, using this type removes any\ntype safety as far as deserializing JSON is concerned.\n", + "markdownDescription": "status_code: `string` \nModule: `http.handlers.error` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#WeakString) \nThe recommended HTTP status code. Can be either an integer or a\nstring if placeholders are needed. Optional. Default is 500.\n\n\nWeakString is a type that unmarshals any JSON value\nas a string literal, with the following exceptions:\n\n1. actual string values are decoded as strings; and\n2. null is decoded as empty string;\n\nand provides methods for getting the value as various\nprimitive types. However, using this type removes any\ntype safety as far as deserializing JSON is concerned. \n", + "type": "string" + } + } + }, + "http.handlers.file_server": { + "description": "file_server: object\nModule: http.handlers.file_server\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver#FileServer\nFileServer implements a static file server responder for Caddy.\n\n", + "markdownDescription": "file_server: `object` \nModule: `http.handlers.file_server` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver#FileServer) \nFileServer implements a static file server responder for Caddy.\n \n", + "type": "object", + "properties": { + "browse": { + "description": "browse: object\nModule: http.handlers.file_server\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver#Browse\nEnables file listings if a directory was requested and no index\nfile is present.\n\n\nBrowse configures directory browsing.\n", + "markdownDescription": "browse: `object` \nModule: `http.handlers.file_server` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver#Browse) \nEnables file listings if a directory was requested and no index\nfile is present.\n\n\nBrowse configures directory browsing. \n", + "type": "object", + "properties": { + "template_file": { + "description": "template_file: string\nModule: http.handlers.file_server\nUse this template file instead of the default browse template.\n", + "markdownDescription": "template_file: `string` \nModule: `http.handlers.file_server` \nUse this template file instead of the default browse template. \n", + "type": "string" + } + } + }, + "canonical_uris": { + "description": "canonical_uris: boolean\nModule: http.handlers.file_server\nUse redirects to enforce trailing slashes for directories, or to\nremove trailing slash from URIs for files. Default is true.\n\nCanonicalization will not happen if the last element of the request's\npath (the filename) is changed in an internal rewrite, to avoid\nclobbering the explicit rewrite with implicit behavior.\n", + "markdownDescription": "canonical_uris: `boolean` \nModule: `http.handlers.file_server` \nUse redirects to enforce trailing slashes for directories, or to\nremove trailing slash from URIs for files. Default is true.\n\nCanonicalization will not happen if the last element of the request's\npath (the filename) is changed in an internal rewrite, to avoid\nclobbering the explicit rewrite with implicit behavior. \n", + "type": "boolean" + }, + "hide": { + "description": "hide: array\nModule: http.handlers.file_server\nA list of files or folders to hide; the file server will pretend as if\nthey don't exist. Accepts globular patterns like `*.ext` or `/foo/*/bar`\nas well as placeholders. Because site roots can be dynamic, this list\nuses file system paths, not request paths. To clarify, the base of\nrelative paths is the current working directory, NOT the site root.\n\nEntries without a path separator (`/` or `\\` depending on OS) will match\nany file or directory of that name regardless of its path. To hide only a\nspecific file with a name that may not be unique, always use a path\nseparator. For example, to hide all files or folder trees named \"hidden\",\nput \"hidden\" in the list. To hide only ./hidden, put \"./hidden\" in the list.\n\nWhen possible, all paths are resolved to their absolute form before\ncomparisons are made. For maximum clarity and explictness, use complete,\nabsolute paths; or, for greater portability, use relative paths instead.\n", + "markdownDescription": "hide: `array` \nModule: `http.handlers.file_server` \nA list of files or folders to hide; the file server will pretend as if\nthey don't exist. Accepts globular patterns like `*.ext` or `/foo/*/bar`\nas well as placeholders. Because site roots can be dynamic, this list\nuses file system paths, not request paths. To clarify, the base of\nrelative paths is the current working directory, NOT the site root.\n\nEntries without a path separator (`/` or `\\` depending on OS) will match\nany file or directory of that name regardless of its path. To hide only a\nspecific file with a name that may not be unique, always use a path\nseparator. For example, to hide all files or folder trees named \"hidden\",\nput \"hidden\" in the list. To hide only ./hidden, put \"./hidden\" in the list.\n\nWhen possible, all paths are resolved to their absolute form before\ncomparisons are made. For maximum clarity and explictness, use complete,\nabsolute paths; or, for greater portability, use relative paths instead. \n", + "type": "array", + "items": { + "description": "A list of files or folders to hide; the file server will pretend as if\nthey don't exist. Accepts globular patterns like `*.ext` or `/foo/*/bar`\nas well as placeholders. Because site roots can be dynamic, this list\nuses file system paths, not request paths. To clarify, the base of\nrelative paths is the current working directory, NOT the site root.\n\nEntries without a path separator (`/` or `\\` depending on OS) will match\nany file or directory of that name regardless of its path. To hide only a\nspecific file with a name that may not be unique, always use a path\nseparator. For example, to hide all files or folder trees named \"hidden\",\nput \"hidden\" in the list. To hide only ./hidden, put \"./hidden\" in the list.\n\nWhen possible, all paths are resolved to their absolute form before\ncomparisons are made. For maximum clarity and explictness, use complete,\nabsolute paths; or, for greater portability, use relative paths instead.\n", + "markdownDescription": "A list of files or folders to hide; the file server will pretend as if\nthey don't exist. Accepts globular patterns like `*.ext` or `/foo/*/bar`\nas well as placeholders. Because site roots can be dynamic, this list\nuses file system paths, not request paths. To clarify, the base of\nrelative paths is the current working directory, NOT the site root.\n\nEntries without a path separator (`/` or `\\` depending on OS) will match\nany file or directory of that name regardless of its path. To hide only a\nspecific file with a name that may not be unique, always use a path\nseparator. For example, to hide all files or folder trees named \"hidden\",\nput \"hidden\" in the list. To hide only ./hidden, put \"./hidden\" in the list.\n\nWhen possible, all paths are resolved to their absolute form before\ncomparisons are made. For maximum clarity and explictness, use complete,\nabsolute paths; or, for greater portability, use relative paths instead. \n", + "type": "string" + } + }, + "index_names": { + "description": "index_names: array\nModule: http.handlers.file_server\nThe names of files to try as index files if a folder is requested.\n", + "markdownDescription": "index_names: `array` \nModule: `http.handlers.file_server` \nThe names of files to try as index files if a folder is requested. \n", + "type": "array", + "items": { + "description": "The names of files to try as index files if a folder is requested.\n", + "markdownDescription": "The names of files to try as index files if a folder is requested. \n", + "type": "string" + } + }, + "pass_thru": { + "description": "pass_thru: boolean\nModule: http.handlers.file_server\nIf pass-thru mode is enabled and a requested file is not found,\nit will invoke the next handler in the chain instead of returning\na 404 error. By default, this is false (disabled).\n", + "markdownDescription": "pass_thru: `boolean` \nModule: `http.handlers.file_server` \nIf pass-thru mode is enabled and a requested file is not found,\nit will invoke the next handler in the chain instead of returning\na 404 error. By default, this is false (disabled). \n", + "type": "boolean" + }, + "precompressed": { + "description": "precompressed: object\nModule: http.precompressed\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nSelection of encoders to use to check for precompressed files.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "precompressed: `object` \nModule: `http.precompressed` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nSelection of encoders to use to check for precompressed files.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "type": "object", + "properties": { + "br": { + "$ref": "#/definitions/http.precompressed.br" + }, + "gzip": { + "$ref": "#/definitions/http.precompressed.gzip" + }, + "zstd": { + "$ref": "#/definitions/http.precompressed.zstd" + } + } + }, + "precompressed_order": { + "description": "precompressed_order: array\nModule: http.handlers.file_server\nIf the client has no strong preference (q-factor), choose these encodings in order.\nIf no order specified here, the first encoding from the Accept-Encoding header\nthat both client and server support is used\n", + "markdownDescription": "precompressed_order: `array` \nModule: `http.handlers.file_server` \nIf the client has no strong preference (q-factor), choose these encodings in order.\nIf no order specified here, the first encoding from the Accept-Encoding header\nthat both client and server support is used \n", + "type": "array", + "items": { + "description": "If the client has no strong preference (q-factor), choose these encodings in order.\nIf no order specified here, the first encoding from the Accept-Encoding header\nthat both client and server support is used\n", + "markdownDescription": "If the client has no strong preference (q-factor), choose these encodings in order.\nIf no order specified here, the first encoding from the Accept-Encoding header\nthat both client and server support is used \n", + "type": "string" + } + }, + "root": { + "description": "root: string\nModule: http.handlers.file_server\nThe path to the root of the site. Default is `{http.vars.root}` if set,\nor current working directory otherwise.\n", + "markdownDescription": "root: `string` \nModule: `http.handlers.file_server` \nThe path to the root of the site. Default is `{http.vars.root}` if set,\nor current working directory otherwise. \n", + "type": "string" + }, + "status_code": { + "description": "status_code: string\nModule: http.handlers.file_server\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#WeakString\nOverride the status code written when successfully serving a file.\nParticularly useful when explicitly serving a file as display for\nan error, like a 404 page. A placeholder may be used. By default,\nthe status code will typically be 200, or 206 for partial content.\n\n\nWeakString is a type that unmarshals any JSON value\nas a string literal, with the following exceptions:\n\n1. actual string values are decoded as strings; and\n2. null is decoded as empty string;\n\nand provides methods for getting the value as various\nprimitive types. However, using this type removes any\ntype safety as far as deserializing JSON is concerned.\n", + "markdownDescription": "status_code: `string` \nModule: `http.handlers.file_server` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#WeakString) \nOverride the status code written when successfully serving a file.\nParticularly useful when explicitly serving a file as display for\nan error, like a 404 page. A placeholder may be used. By default,\nthe status code will typically be 200, or 206 for partial content.\n\n\nWeakString is a type that unmarshals any JSON value\nas a string literal, with the following exceptions:\n\n1. actual string values are decoded as strings; and\n2. null is decoded as empty string;\n\nand provides methods for getting the value as various\nprimitive types. However, using this type removes any\ntype safety as far as deserializing JSON is concerned. \n", + "type": "string" + } + } + }, + "http.handlers.headers": { + "description": "headers: object\nModule: http.handlers.headers\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Handler\nHandler is a middleware which modifies request and response headers.\n\nChanges to headers are applied immediately, except for the response\nheaders when Deferred is true or when Required is set. In those cases,\nthe changes are applied when the headers are written to the response.\nNote that deferred changes do not take effect if an error occurs later\nin the middleware chain.\n\nProperties in this module accept placeholders.\n\nResponse header operations can be conditioned upon response status code\nand/or other header values.\n\n", + "markdownDescription": "headers: `object` \nModule: `http.handlers.headers` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Handler) \nHandler is a middleware which modifies request and response headers.\n\nChanges to headers are applied immediately, except for the response\nheaders when Deferred is true or when Required is set. In those cases,\nthe changes are applied when the headers are written to the response.\nNote that deferred changes do not take effect if an error occurs later\nin the middleware chain.\n\nProperties in this module accept placeholders.\n\nResponse header operations can be conditioned upon response status code\nand/or other header values.\n \n", + "type": "object", + "properties": { + "request": { + "description": "request: object\nModule: http.handlers.headers\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#HeaderOps\nHeaderOps defines manipulations for HTTP headers.\n\n", + "markdownDescription": "request: `object` \nModule: `http.handlers.headers` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#HeaderOps) \nHeaderOps defines manipulations for HTTP headers.\n \n", + "type": "object", + "properties": { + "add": { + "description": "add: object\nModule: http.handlers.headers\nAdds HTTP headers; does not replace any existing header fields.\n", + "markdownDescription": "add: `object` \nModule: `http.handlers.headers` \nAdds HTTP headers; does not replace any existing header fields. \n", + "type": "object", + "additionalProperties": { + "description": "Adds HTTP headers; does not replace any existing header fields.\n", + "markdownDescription": "Adds HTTP headers; does not replace any existing header fields. \n", + "type": "array", + "items": { + "type": "string" + } + } + }, + "delete": { + "description": "delete: array\nModule: http.handlers.headers\nNames of HTTP header fields to delete.\n", + "markdownDescription": "delete: `array` \nModule: `http.handlers.headers` \nNames of HTTP header fields to delete. \n", + "type": "array", + "items": { + "description": "Names of HTTP header fields to delete.\n", + "markdownDescription": "Names of HTTP header fields to delete. \n", + "type": "string" + } + }, + "replace": { + "description": "replace: object\nModule: http.handlers.headers\nPerforms substring replacements of HTTP headers in-situ.\n", + "markdownDescription": "replace: `object` \nModule: `http.handlers.headers` \nPerforms substring replacements of HTTP headers in-situ. \n", + "type": "object", + "additionalProperties": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement\nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement) \nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement\nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement) \nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n \n", + "type": "object", + "properties": { + "replace": { + "description": "replace: string\nModule: http.handlers.headers\nThe string with which to replace matches.\n", + "markdownDescription": "replace: `string` \nModule: `http.handlers.headers` \nThe string with which to replace matches. \n", + "type": "string" + }, + "search": { + "description": "search: string\nModule: http.handlers.headers\nThe substring to search for.\n", + "markdownDescription": "search: `string` \nModule: `http.handlers.headers` \nThe substring to search for. \n", + "type": "string" + }, + "search_regexp": { + "description": "search_regexp: string\nModule: http.handlers.headers\nThe regular expression to search with.\n", + "markdownDescription": "search_regexp: `string` \nModule: `http.handlers.headers` \nThe regular expression to search with. \n", + "type": "string" + } + } + } + } + }, + "set": { + "description": "set: object\nModule: http.handlers.headers\nSets HTTP headers; replaces existing header fields.\n", + "markdownDescription": "set: `object` \nModule: `http.handlers.headers` \nSets HTTP headers; replaces existing header fields. \n", + "type": "object", + "additionalProperties": { + "description": "Sets HTTP headers; replaces existing header fields.\n", + "markdownDescription": "Sets HTTP headers; replaces existing header fields. \n", + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "response": { + "description": "response: object\nModule: http.handlers.headers\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#RespHeaderOps\nRespHeaderOps defines manipulations for response headers.\n\n", + "markdownDescription": "response: `object` \nModule: `http.handlers.headers` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#RespHeaderOps) \nRespHeaderOps defines manipulations for response headers.\n \n", + "type": "object", + "properties": { + "add": { + "description": "add: object\nModule: http.handlers.headers\nAdds HTTP headers; does not replace any existing header fields.\n", + "markdownDescription": "add: `object` \nModule: `http.handlers.headers` \nAdds HTTP headers; does not replace any existing header fields. \n", + "type": "object", + "additionalProperties": { + "description": "Adds HTTP headers; does not replace any existing header fields.\n", + "markdownDescription": "Adds HTTP headers; does not replace any existing header fields. \n", + "type": "array", + "items": { + "type": "string" + } + } + }, + "deferred": { + "description": "deferred: boolean\nModule: http.handlers.headers\nIf true, header operations will be deferred until\nthey are written out. Superceded if Require is set.\nUsually you will need to set this to true if any\nfields are being deleted.\n", + "markdownDescription": "deferred: `boolean` \nModule: `http.handlers.headers` \nIf true, header operations will be deferred until\nthey are written out. Superceded if Require is set.\nUsually you will need to set this to true if any\nfields are being deleted. \n", + "type": "boolean" + }, + "delete": { + "description": "delete: array\nModule: http.handlers.headers\nNames of HTTP header fields to delete.\n", + "markdownDescription": "delete: `array` \nModule: `http.handlers.headers` \nNames of HTTP header fields to delete. \n", + "type": "array", + "items": { + "description": "Names of HTTP header fields to delete.\n", + "markdownDescription": "Names of HTTP header fields to delete. \n", + "type": "string" + } + }, + "replace": { + "description": "replace: object\nModule: http.handlers.headers\nPerforms substring replacements of HTTP headers in-situ.\n", + "markdownDescription": "replace: `object` \nModule: `http.handlers.headers` \nPerforms substring replacements of HTTP headers in-situ. \n", + "type": "object", + "additionalProperties": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement\nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement) \nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement\nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement) \nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n \n", + "type": "object", + "properties": { + "replace": { + "description": "replace: string\nModule: http.handlers.headers\nThe string with which to replace matches.\n", + "markdownDescription": "replace: `string` \nModule: `http.handlers.headers` \nThe string with which to replace matches. \n", + "type": "string" + }, + "search": { + "description": "search: string\nModule: http.handlers.headers\nThe substring to search for.\n", + "markdownDescription": "search: `string` \nModule: `http.handlers.headers` \nThe substring to search for. \n", + "type": "string" + }, + "search_regexp": { + "description": "search_regexp: string\nModule: http.handlers.headers\nThe regular expression to search with.\n", + "markdownDescription": "search_regexp: `string` \nModule: `http.handlers.headers` \nThe regular expression to search with. \n", + "type": "string" + } + } + } + } + }, + "require": { + "description": "require: object\nModule: http.handlers.headers\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#ResponseMatcher\nIf set, header operations will be deferred until\nthey are written out and only performed if the\nresponse matches these criteria.\n\n\nResponseMatcher is a type which can determine if an\nHTTP response matches some criteria.\n", + "markdownDescription": "require: `object` \nModule: `http.handlers.headers` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#ResponseMatcher) \nIf set, header operations will be deferred until\nthey are written out and only performed if the\nresponse matches these criteria.\n\n\nResponseMatcher is a type which can determine if an\nHTTP response matches some criteria. \n", + "type": "object", + "properties": { + "headers": { + "description": "headers: object\nModule: http.handlers.headers\nIf set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/).\n", + "markdownDescription": "headers: `object` \nModule: `http.handlers.headers` \nIf set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/). \n", + "type": "object", + "additionalProperties": { + "description": "If set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/).\n", + "markdownDescription": "If set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/). \n", + "type": "array", + "items": { + "type": "string" + } + } + }, + "status_code": { + "description": "status_code: array\nModule: http.handlers.headers\nIf set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes).\n", + "markdownDescription": "status_code: `array` \nModule: `http.handlers.headers` \nIf set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes). \n", + "type": "array", + "items": { + "description": "If set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes).\n", + "markdownDescription": "If set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes). \n", + "type": "number" + } + } + } + }, + "set": { + "description": "set: object\nModule: http.handlers.headers\nSets HTTP headers; replaces existing header fields.\n", + "markdownDescription": "set: `object` \nModule: `http.handlers.headers` \nSets HTTP headers; replaces existing header fields. \n", + "type": "object", + "additionalProperties": { + "description": "Sets HTTP headers; replaces existing header fields.\n", + "markdownDescription": "Sets HTTP headers; replaces existing header fields. \n", + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "http.handlers.map": { + "description": "map: object\nModule: http.handlers.map\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/map#Handler\nHandler implements a middleware that maps inputs to outputs. Specifically, it\ncompares a source value against the map inputs, and for one that matches, it\napplies the output values to each destination. Destinations become placeholder\nnames.\n\nMapped placeholders are not evaluated until they are used, so even for very\nlarge mappings, this handler is quite efficient.\n\n", + "markdownDescription": "map: `object` \nModule: `http.handlers.map` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/map#Handler) \nHandler implements a middleware that maps inputs to outputs. Specifically, it\ncompares a source value against the map inputs, and for one that matches, it\napplies the output values to each destination. Destinations become placeholder\nnames.\n\nMapped placeholders are not evaluated until they are used, so even for very\nlarge mappings, this handler is quite efficient.\n \n", + "type": "object", + "properties": { + "defaults": { + "description": "defaults: array\nModule: http.handlers.map\nIf no mappings match or if the mapped output is null/nil, the associated\ndefault output will be applied (optional).\n", + "markdownDescription": "defaults: `array` \nModule: `http.handlers.map` \nIf no mappings match or if the mapped output is null/nil, the associated\ndefault output will be applied (optional). \n", + "type": "array", + "items": { + "description": "If no mappings match or if the mapped output is null/nil, the associated\ndefault output will be applied (optional).\n", + "markdownDescription": "If no mappings match or if the mapped output is null/nil, the associated\ndefault output will be applied (optional). \n", + "type": "string" + } + }, + "destinations": { + "description": "destinations: array\nModule: http.handlers.map\nDestinations are the names of placeholders in which to store the outputs.\n", + "markdownDescription": "destinations: `array` \nModule: `http.handlers.map` \nDestinations are the names of placeholders in which to store the outputs. \n", + "type": "array", + "items": { + "description": "Destinations are the names of placeholders in which to store the outputs.\n", + "markdownDescription": "Destinations are the names of placeholders in which to store the outputs. \n", + "type": "string" + } + }, + "mappings": { + "description": "mappings: array\nModule: http.handlers.map\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/map#Mapping\nMappings from source values (inputs) to destination values (outputs).\nThe first matching, non-nil mapping will be applied.\n\n\nMapping describes a mapping from input to outputs.\n", + "markdownDescription": "mappings: `array` \nModule: `http.handlers.map` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/map#Mapping) \nMappings from source values (inputs) to destination values (outputs).\nThe first matching, non-nil mapping will be applied.\n\n\nMapping describes a mapping from input to outputs. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/map#Mapping\nMappings from source values (inputs) to destination values (outputs).\nThe first matching, non-nil mapping will be applied.\n\n\nMapping describes a mapping from input to outputs.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/map#Mapping) \nMappings from source values (inputs) to destination values (outputs).\nThe first matching, non-nil mapping will be applied.\n\n\nMapping describes a mapping from input to outputs. \n", + "type": "object", + "properties": { + "input": { + "description": "input: string\nModule: http.handlers.map\nThe input value to match. Must be distinct from other mappings.\nMutually exclusive to input_regexp.\n", + "markdownDescription": "input: `string` \nModule: `http.handlers.map` \nThe input value to match. Must be distinct from other mappings.\nMutually exclusive to input_regexp. \n", + "type": "string" + }, + "input_regexp": { + "description": "input_regexp: string\nModule: http.handlers.map\nThe input regular expression to match. Mutually exclusive to input.\n", + "markdownDescription": "input_regexp: `string` \nModule: `http.handlers.map` \nThe input regular expression to match. Mutually exclusive to input. \n", + "type": "string" + }, + "outputs": { + "description": "outputs: array\nModule: http.handlers.map\nUpon a match with the input, each output is positionally correlated\nwith each destination of the parent handler. An output that is null\n(nil) will be treated as if it was not mapped at all.\n", + "markdownDescription": "outputs: `array` \nModule: `http.handlers.map` \nUpon a match with the input, each output is positionally correlated\nwith each destination of the parent handler. An output that is null\n(nil) will be treated as if it was not mapped at all. \n", + "type": "array", + "items": { + "type": [ + "string", + "null" + ], + "description": "Upon a match with the input, each output is positionally correlated\nwith each destination of the parent handler. An output that is null\n(nil) will be treated as if it was not mapped at all.\n", + "markdownDescription": "Upon a match with the input, each output is positionally correlated\nwith each destination of the parent handler. An output that is null\n(nil) will be treated as if it was not mapped at all. \n" + } + } + } + } + }, + "source": { + "description": "source: string\nModule: http.handlers.map\nSource is the placeholder from which to get the input value.\n", + "markdownDescription": "source: `string` \nModule: `http.handlers.map` \nSource is the placeholder from which to get the input value. \n", + "type": "string" + } + } + }, + "http.handlers.metrics": { + "description": "metrics: object\nModule: http.handlers.metrics\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/metrics#Metrics\nMetrics is a module that serves a /metrics endpoint so that any gathered\nmetrics can be exposed for scraping. This module is configurable by end-users\nunlike AdminMetrics.\n\n", + "markdownDescription": "metrics: `object` \nModule: `http.handlers.metrics` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/metrics#Metrics) \nMetrics is a module that serves a /metrics endpoint so that any gathered\nmetrics can be exposed for scraping. This module is configurable by end-users\nunlike AdminMetrics.\n \n", + "type": "object", + "properties": { + "disable_openmetrics": { + "description": "disable_openmetrics: boolean\nModule: http.handlers.metrics\nDisable OpenMetrics negotiation, enabled by default. May be necessary if\nthe produced metrics cannot be parsed by the service scraping metrics.\n", + "markdownDescription": "disable_openmetrics: `boolean` \nModule: `http.handlers.metrics` \nDisable OpenMetrics negotiation, enabled by default. May be necessary if\nthe produced metrics cannot be parsed by the service scraping metrics. \n", + "type": "boolean" + } + } + }, + "http.handlers.push": { + "description": "push: object\nModule: http.handlers.push\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Handler\nHandler is a middleware for manipulating the request body.\n\n", + "markdownDescription": "push: `object` \nModule: `http.handlers.push` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Handler) \nHandler is a middleware for manipulating the request body.\n \n", + "type": "object", + "properties": { + "headers": { + "description": "headers: object\nModule: http.handlers.push\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#HeaderConfig\nHeaderConfig configures headers for synthetic push requests.\n\n", + "markdownDescription": "headers: `object` \nModule: `http.handlers.push` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#HeaderConfig) \nHeaderConfig configures headers for synthetic push requests.\n \n", + "type": "object", + "properties": { + "add": { + "description": "add: object\nModule: http.handlers.push\nAdds HTTP headers; does not replace any existing header fields.\n", + "markdownDescription": "add: `object` \nModule: `http.handlers.push` \nAdds HTTP headers; does not replace any existing header fields. \n", + "type": "object", + "additionalProperties": { + "description": "Adds HTTP headers; does not replace any existing header fields.\n", + "markdownDescription": "Adds HTTP headers; does not replace any existing header fields. \n", + "type": "array", + "items": { + "type": "string" + } + } + }, + "delete": { + "description": "delete: array\nModule: http.handlers.push\nNames of HTTP header fields to delete.\n", + "markdownDescription": "delete: `array` \nModule: `http.handlers.push` \nNames of HTTP header fields to delete. \n", + "type": "array", + "items": { + "description": "Names of HTTP header fields to delete.\n", + "markdownDescription": "Names of HTTP header fields to delete. \n", + "type": "string" + } + }, + "replace": { + "description": "replace: object\nModule: http.handlers.push\nPerforms substring replacements of HTTP headers in-situ.\n", + "markdownDescription": "replace: `object` \nModule: `http.handlers.push` \nPerforms substring replacements of HTTP headers in-situ. \n", + "type": "object", + "additionalProperties": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement\nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement) \nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement\nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement) \nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n \n", + "type": "object", + "properties": { + "replace": { + "description": "replace: string\nModule: http.handlers.push\nThe string with which to replace matches.\n", + "markdownDescription": "replace: `string` \nModule: `http.handlers.push` \nThe string with which to replace matches. \n", + "type": "string" + }, + "search": { + "description": "search: string\nModule: http.handlers.push\nThe substring to search for.\n", + "markdownDescription": "search: `string` \nModule: `http.handlers.push` \nThe substring to search for. \n", + "type": "string" + }, + "search_regexp": { + "description": "search_regexp: string\nModule: http.handlers.push\nThe regular expression to search with.\n", + "markdownDescription": "search_regexp: `string` \nModule: `http.handlers.push` \nThe regular expression to search with. \n", + "type": "string" + } + } + } + } + }, + "set": { + "description": "set: object\nModule: http.handlers.push\nSets HTTP headers; replaces existing header fields.\n", + "markdownDescription": "set: `object` \nModule: `http.handlers.push` \nSets HTTP headers; replaces existing header fields. \n", + "type": "object", + "additionalProperties": { + "description": "Sets HTTP headers; replaces existing header fields.\n", + "markdownDescription": "Sets HTTP headers; replaces existing header fields. \n", + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "resources": { + "description": "resources: array\nModule: http.handlers.push\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Resource\nResource represents a request for a resource to push.\n\n", + "markdownDescription": "resources: `array` \nModule: `http.handlers.push` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Resource) \nResource represents a request for a resource to push.\n \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Resource\nResource represents a request for a resource to push.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Resource) \nResource represents a request for a resource to push.\n \n", + "type": "object", + "properties": { + "method": { + "description": "method: string\nModule: http.handlers.push\nMethod is the request method, which must be GET or HEAD.\nDefault is GET.\n", + "markdownDescription": "method: `string` \nModule: `http.handlers.push` \nMethod is the request method, which must be GET or HEAD.\nDefault is GET. \n", + "type": "string" + }, + "target": { + "description": "target: string\nModule: http.handlers.push\nTarget is the path to the resource being pushed.\n", + "markdownDescription": "target: `string` \nModule: `http.handlers.push` \nTarget is the path to the resource being pushed. \n", + "type": "string" + } + } + } + } + } + }, + "http.handlers.request_body": { + "description": "request_body: object\nModule: http.handlers.request_body\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/requestbody#RequestBody\nRequestBody is a middleware for manipulating the request body.\n\n", + "markdownDescription": "request_body: `object` \nModule: `http.handlers.request_body` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/requestbody#RequestBody) \nRequestBody is a middleware for manipulating the request body.\n \n", + "type": "object", + "properties": { + "max_size": { + "description": "max_size: number\nModule: http.handlers.request_body\nThe maximum number of bytes to allow reading from the body by a later handler.\nIf more bytes are read, an error with HTTP status 413 is returned.\n", + "markdownDescription": "max_size: `number` \nModule: `http.handlers.request_body` \nThe maximum number of bytes to allow reading from the body by a later handler.\nIf more bytes are read, an error with HTTP status 413 is returned. \n", + "type": "number" + } + } + }, + "http.handlers.reverse_proxy": { + "description": "reverse_proxy: object\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#Handler\nHandler implements a highly configurable and production-ready reverse proxy.\n\nUpon proxying, this module sets the following placeholders (which can be used\nboth within and after this handler; for example, in response headers):\n\nPlaceholder | Description\n------------|-------------\n`{http.reverse_proxy.upstream.address}` | The full address to the upstream as given in the config\n`{http.reverse_proxy.upstream.hostport}` | The host:port of the upstream\n`{http.reverse_proxy.upstream.host}` | The host of the upstream\n`{http.reverse_proxy.upstream.port}` | The port of the upstream\n`{http.reverse_proxy.upstream.requests}` | The approximate current number of requests to the upstream\n`{http.reverse_proxy.upstream.max_requests}` | The maximum approximate number of requests allowed to the upstream\n`{http.reverse_proxy.upstream.fails}` | The number of recent failed requests to the upstream\n`{http.reverse_proxy.upstream.latency}` | How long it took the proxy upstream to write the response header.\n`{http.reverse_proxy.upstream.latency_ms}` | Same as 'latency', but in milliseconds.\n`{http.reverse_proxy.upstream.duration}` | Time spent proxying to the upstream, including writing response body to client.\n`{http.reverse_proxy.upstream.duration_ms}` | Same as 'upstream.duration', but in milliseconds.\n`{http.reverse_proxy.duration}` | Total time spent proxying, including selecting an upstream, retries, and writing response.\n`{http.reverse_proxy.duration_ms}` | Same as 'duration', but in milliseconds.\n\n", + "markdownDescription": "reverse_proxy: `object` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#Handler) \nHandler implements a highly configurable and production-ready reverse proxy.\n\nUpon proxying, this module sets the following placeholders (which can be used\nboth within and after this handler; for example, in response headers):\n\nPlaceholder | Description\n------------|-------------\n`{http.reverse_proxy.upstream.address}` | The full address to the upstream as given in the config\n`{http.reverse_proxy.upstream.hostport}` | The host:port of the upstream\n`{http.reverse_proxy.upstream.host}` | The host of the upstream\n`{http.reverse_proxy.upstream.port}` | The port of the upstream\n`{http.reverse_proxy.upstream.requests}` | The approximate current number of requests to the upstream\n`{http.reverse_proxy.upstream.max_requests}` | The maximum approximate number of requests allowed to the upstream\n`{http.reverse_proxy.upstream.fails}` | The number of recent failed requests to the upstream\n`{http.reverse_proxy.upstream.latency}` | How long it took the proxy upstream to write the response header.\n`{http.reverse_proxy.upstream.latency_ms}` | Same as 'latency', but in milliseconds.\n`{http.reverse_proxy.upstream.duration}` | Time spent proxying to the upstream, including writing response body to client.\n`{http.reverse_proxy.upstream.duration_ms}` | Same as 'upstream.duration', but in milliseconds.\n`{http.reverse_proxy.duration}` | Total time spent proxying, including selecting an upstream, retries, and writing response.\n`{http.reverse_proxy.duration_ms}` | Same as 'duration', but in milliseconds.\n \n", + "type": "object", + "properties": { + "buffer_requests": { + "description": "buffer_requests: boolean\nModule: http.handlers.reverse_proxy\nIf true, the entire request body will be read and buffered\nin memory before being proxied to the backend. This should\nbe avoided if at all possible for performance reasons, but\ncould be useful if the backend is intolerant of read latency.\n", + "markdownDescription": "buffer_requests: `boolean` \nModule: `http.handlers.reverse_proxy` \nIf true, the entire request body will be read and buffered\nin memory before being proxied to the backend. This should\nbe avoided if at all possible for performance reasons, but\ncould be useful if the backend is intolerant of read latency. \n", + "type": "boolean" + }, + "buffer_responses": { + "description": "buffer_responses: boolean\nModule: http.handlers.reverse_proxy\nIf true, the entire response body will be read and buffered\nin memory before being proxied to the client. This should\nbe avoided if at all possible for performance reasons, but\ncould be useful if the backend has tighter memory constraints.\n", + "markdownDescription": "buffer_responses: `boolean` \nModule: `http.handlers.reverse_proxy` \nIf true, the entire response body will be read and buffered\nin memory before being proxied to the client. This should\nbe avoided if at all possible for performance reasons, but\ncould be useful if the backend has tighter memory constraints. \n", + "type": "boolean" + }, + "circuit_breaker": { + "description": "circuit_breaker: any\nModule: http.reverse_proxy.circuit_breakers\nA circuit breaker may be used to relieve pressure on a backend\nthat is beginning to exhibit symptoms of stress or latency.\nBy default, there is no circuit breaker.\n", + "markdownDescription": "circuit_breaker: `any` \nModule: `http.reverse_proxy.circuit_breakers` \nA circuit breaker may be used to relieve pressure on a backend\nthat is beginning to exhibit symptoms of stress or latency.\nBy default, there is no circuit breaker. \n" + }, + "dynamic_upstreams": { + "description": "dynamic_upstreams: object\nModule: http.reverse_proxy.upstreams\nA module for retrieving the list of upstreams dynamically. Dynamic\nupstreams are retrieved at every iteration of the proxy loop for\neach request (i.e. before every proxy attempt within every request).\nActive health checks do not work on dynamic upstreams, and passive\nhealth checks are only effective on dynamic upstreams if the proxy\nserver is busy enough that concurrent requests to the same backends\nare continuous. Instead of health checks for dynamic upstreams, it\nis recommended that the dynamic upstream module only return available\nbackends in the first place.\n", + "markdownDescription": "dynamic_upstreams: `object` \nModule: `http.reverse_proxy.upstreams` \nA module for retrieving the list of upstreams dynamically. Dynamic\nupstreams are retrieved at every iteration of the proxy loop for\neach request (i.e. before every proxy attempt within every request).\nActive health checks do not work on dynamic upstreams, and passive\nhealth checks are only effective on dynamic upstreams if the proxy\nserver is busy enough that concurrent requests to the same backends\nare continuous. Instead of health checks for dynamic upstreams, it\nis recommended that the dynamic upstream module only return available\nbackends in the first place. \n", + "type": "object", + "required": [ + "source" + ], + "allOf": [ + { + "if": { + "properties": { + "source": { + "const": "a" + } + } + }, + "then": { + "$ref": "#/definitions/http.reverse_proxy.upstreams.a" + } + }, + { + "if": { + "properties": { + "source": { + "const": "srv" + } + } + }, + "then": { + "$ref": "#/definitions/http.reverse_proxy.upstreams.srv" + } + }, + { + "properties": { + "source": { + "description": "key to identify dynamic_upstreams module.\nsource: string\nModule: http.reverse_proxy.upstreams", + "markdownDescription": "key to identify `dynamic_upstreams` module. \nsource: `string` \nModule: `http.reverse_proxy.upstreams`", + "type": "string", + "enum": [ + "a", + "srv" + ] + } + } + } + ] + }, + "flush_interval": { + "description": "flush_interval: number\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nAdjusts how often to flush the response buffer. By default,\nno periodic flushing is done. A negative value disables\nresponse buffering, and flushes immediately after each\nwrite to the client. This option is ignored when the upstream's\nresponse is recognized as a streaming response, or if its\ncontent length is -1; for such responses, writes are flushed\nto the client immediately.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "flush_interval: `number` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nAdjusts how often to flush the response buffer. By default,\nno periodic flushing is done. A negative value disables\nresponse buffering, and flushes immediately after each\nwrite to the client. This option is ignored when the upstream's\nresponse is recognized as a streaming response, or if its\ncontent length is -1; for such responses, writes are flushed\nto the client immediately.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "handle_response": { + "description": "handle_response: array\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#ResponseHandler\nList of handlers and their associated matchers to evaluate\nafter successful roundtrips. The first handler that matches\nthe response from a backend will be invoked. The response\nbody from the backend will not be written to the client;\nit is up to the handler to finish handling the response.\nIf passive health checks are enabled, any errors from the\nhandler chain will not affect the health status of the\nbackend.\n\nThree new placeholders are available in this handler chain:\n- `{http.reverse_proxy.status_code}` The status code from the response\n- `{http.reverse_proxy.status_text}` The status text from the response\n- `{http.reverse_proxy.header.*}` The headers from the response\n\n\nResponseHandler pairs a response matcher with custom handling\nlogic. Either the status code can be changed to something else\nwhile using the original response body, or, if a status code\nis not set, it can execute a custom route list; this is useful\nfor executing handler routes based on the properties of an HTTP\nresponse that has not been written out to the client yet.\n\nTo use this type, provision it at module load time, then when\nready to use, match the response against its matcher; if it\nmatches (or doesn't have a matcher), change the status code on\nthe response if configured; otherwise invoke the routes by\ncalling `rh.Routes.Compile(next).ServeHTTP(rw, req)` (or similar).\n", + "markdownDescription": "handle_response: `array` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#ResponseHandler) \nList of handlers and their associated matchers to evaluate\nafter successful roundtrips. The first handler that matches\nthe response from a backend will be invoked. The response\nbody from the backend will not be written to the client;\nit is up to the handler to finish handling the response.\nIf passive health checks are enabled, any errors from the\nhandler chain will not affect the health status of the\nbackend.\n\nThree new placeholders are available in this handler chain:\n- `{http.reverse_proxy.status_code}` The status code from the response\n- `{http.reverse_proxy.status_text}` The status text from the response\n- `{http.reverse_proxy.header.*}` The headers from the response\n\n\nResponseHandler pairs a response matcher with custom handling\nlogic. Either the status code can be changed to something else\nwhile using the original response body, or, if a status code\nis not set, it can execute a custom route list; this is useful\nfor executing handler routes based on the properties of an HTTP\nresponse that has not been written out to the client yet.\n\nTo use this type, provision it at module load time, then when\nready to use, match the response against its matcher; if it\nmatches (or doesn't have a matcher), change the status code on\nthe response if configured; otherwise invoke the routes by\ncalling `rh.Routes.Compile(next).ServeHTTP(rw, req)` (or similar). \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#ResponseHandler\nList of handlers and their associated matchers to evaluate\nafter successful roundtrips. The first handler that matches\nthe response from a backend will be invoked. The response\nbody from the backend will not be written to the client;\nit is up to the handler to finish handling the response.\nIf passive health checks are enabled, any errors from the\nhandler chain will not affect the health status of the\nbackend.\n\nThree new placeholders are available in this handler chain:\n- `{http.reverse_proxy.status_code}` The status code from the response\n- `{http.reverse_proxy.status_text}` The status text from the response\n- `{http.reverse_proxy.header.*}` The headers from the response\n\n\nResponseHandler pairs a response matcher with custom handling\nlogic. Either the status code can be changed to something else\nwhile using the original response body, or, if a status code\nis not set, it can execute a custom route list; this is useful\nfor executing handler routes based on the properties of an HTTP\nresponse that has not been written out to the client yet.\n\nTo use this type, provision it at module load time, then when\nready to use, match the response against its matcher; if it\nmatches (or doesn't have a matcher), change the status code on\nthe response if configured; otherwise invoke the routes by\ncalling `rh.Routes.Compile(next).ServeHTTP(rw, req)` (or similar).\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#ResponseHandler) \nList of handlers and their associated matchers to evaluate\nafter successful roundtrips. The first handler that matches\nthe response from a backend will be invoked. The response\nbody from the backend will not be written to the client;\nit is up to the handler to finish handling the response.\nIf passive health checks are enabled, any errors from the\nhandler chain will not affect the health status of the\nbackend.\n\nThree new placeholders are available in this handler chain:\n- `{http.reverse_proxy.status_code}` The status code from the response\n- `{http.reverse_proxy.status_text}` The status text from the response\n- `{http.reverse_proxy.header.*}` The headers from the response\n\n\nResponseHandler pairs a response matcher with custom handling\nlogic. Either the status code can be changed to something else\nwhile using the original response body, or, if a status code\nis not set, it can execute a custom route list; this is useful\nfor executing handler routes based on the properties of an HTTP\nresponse that has not been written out to the client yet.\n\nTo use this type, provision it at module load time, then when\nready to use, match the response against its matcher; if it\nmatches (or doesn't have a matcher), change the status code on\nthe response if configured; otherwise invoke the routes by\ncalling `rh.Routes.Compile(next).ServeHTTP(rw, req)` (or similar). \n", + "type": "object", + "properties": { + "match": { + "description": "match: object\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#ResponseMatcher\nThe response matcher for this handler. If empty/nil,\nit always matches.\n\n\nResponseMatcher is a type which can determine if an\nHTTP response matches some criteria.\n", + "markdownDescription": "match: `object` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#ResponseMatcher) \nThe response matcher for this handler. If empty/nil,\nit always matches.\n\n\nResponseMatcher is a type which can determine if an\nHTTP response matches some criteria. \n", + "type": "object", + "properties": { + "headers": { + "description": "headers: object\nModule: http.handlers.reverse_proxy\nIf set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/).\n", + "markdownDescription": "headers: `object` \nModule: `http.handlers.reverse_proxy` \nIf set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/). \n", + "type": "object", + "additionalProperties": { + "description": "If set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/).\n", + "markdownDescription": "If set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/). \n", + "type": "array", + "items": { + "type": "string" + } + } + }, + "status_code": { + "description": "status_code: array\nModule: http.handlers.reverse_proxy\nIf set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes).\n", + "markdownDescription": "status_code: `array` \nModule: `http.handlers.reverse_proxy` \nIf set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes). \n", + "type": "array", + "items": { + "description": "If set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes).\n", + "markdownDescription": "If set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes). \n", + "type": "number" + } + } + } + }, + "routes": { + "description": "routes: array\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route\nThe list of HTTP routes to execute if no status code is\nspecified. If evaluated, the original response body\nwill not be written.\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner.\n", + "markdownDescription": "routes: `array` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route) \nThe list of HTTP routes to execute if no status code is\nspecified. If evaluated, the original response body\nwill not be written.\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route\nThe list of HTTP routes to execute if no status code is\nspecified. If evaluated, the original response body\nwill not be written.\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route) \nThe list of HTTP routes to execute if no status code is\nspecified. If evaluated, the original response body\nwill not be written.\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner. \n", + "type": "object", + "properties": { + "group": { + "description": "group: string\nModule: http.handlers.reverse_proxy\nGroup is an optional name for a group to which this\nroute belongs. Grouping a route makes it mutually\nexclusive with others in its group; if a route belongs\nto a group, only the first matching route in that group\nwill be executed.\n", + "markdownDescription": "group: `string` \nModule: `http.handlers.reverse_proxy` \nGroup is an optional name for a group to which this\nroute belongs. Grouping a route makes it mutually\nexclusive with others in its group; if a route belongs\nto a group, only the first matching route in that group\nwill be executed. \n", + "type": "string" + }, + "handle": { + "description": "handle: array\nModule: http.handlers\nThe list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes.\n", + "markdownDescription": "handle: `array` \nModule: `http.handlers` \nThe list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes. \n", + "type": "array", + "items": { + "description": "The list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes.\n", + "markdownDescription": "The list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes. \n", + "required": [ + "handler" + ], + "allOf": [ + { + "if": { + "properties": { + "handler": { + "const": "static_response" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.static_response" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "authentication" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.authentication" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response_headers" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response_headers" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "error" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.error" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "file_server" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.file_server" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "map" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.map" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "reverse_proxy" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.reverse_proxy" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "templates" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.templates" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "acme_server" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.acme_server" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "vars" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.vars" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "push" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.push" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "headers" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.headers" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "metrics" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.metrics" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "request_body" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.request_body" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "rewrite" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.rewrite" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "subroute" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.subroute" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "tracing" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.tracing" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "encode" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.encode" + } + }, + { + "properties": { + "handler": { + "description": "key to identify handle module.\nhandler: string\nModule: http.handlers", + "markdownDescription": "key to identify `handle` module. \nhandler: `string` \nModule: `http.handlers`", + "type": "string", + "enum": [ + "static_response", + "authentication", + "copy_response", + "copy_response_headers", + "error", + "file_server", + "map", + "reverse_proxy", + "templates", + "acme_server", + "vars", + "push", + "headers", + "metrics", + "request_body", + "rewrite", + "subroute", + "tracing", + "encode" + ] + } + } + } + ] + } + }, + "match": { + "description": "match: array\nModule: http.matchers\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "match: `array` \nModule: `http.matchers` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "properties": { + "expression": { + "$ref": "#/definitions/http.matchers.expression" + }, + "file": { + "$ref": "#/definitions/http.matchers.file" + }, + "header": { + "$ref": "#/definitions/http.matchers.header" + }, + "header_regexp": { + "$ref": "#/definitions/http.matchers.header_regexp" + }, + "host": { + "$ref": "#/definitions/http.matchers.host" + }, + "method": { + "$ref": "#/definitions/http.matchers.method" + }, + "not": { + "$ref": "#/definitions/http.matchers.not" + }, + "path": { + "$ref": "#/definitions/http.matchers.path" + }, + "path_regexp": { + "$ref": "#/definitions/http.matchers.path_regexp" + }, + "protocol": { + "$ref": "#/definitions/http.matchers.protocol" + }, + "query": { + "$ref": "#/definitions/http.matchers.query" + }, + "remote_ip": { + "$ref": "#/definitions/http.matchers.remote_ip" + }, + "vars": { + "$ref": "#/definitions/http.matchers.vars" + }, + "vars_regexp": { + "$ref": "#/definitions/http.matchers.vars_regexp" + } + } + } + }, + "terminal": { + "description": "terminal: boolean\nModule: http.handlers.reverse_proxy\nIf true, no more routes will be executed after this one.\n", + "markdownDescription": "terminal: `boolean` \nModule: `http.handlers.reverse_proxy` \nIf true, no more routes will be executed after this one. \n", + "type": "boolean" + } + } + } + }, + "status_code": { + "description": "status_code: string\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#WeakString\nTo write the original response body but with a different\nstatus code, set this field to the desired status code.\nIf set, this takes priority over routes.\n\n\nWeakString is a type that unmarshals any JSON value\nas a string literal, with the following exceptions:\n\n1. actual string values are decoded as strings; and\n2. null is decoded as empty string;\n\nand provides methods for getting the value as various\nprimitive types. However, using this type removes any\ntype safety as far as deserializing JSON is concerned.\n", + "markdownDescription": "status_code: `string` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#WeakString) \nTo write the original response body but with a different\nstatus code, set this field to the desired status code.\nIf set, this takes priority over routes.\n\n\nWeakString is a type that unmarshals any JSON value\nas a string literal, with the following exceptions:\n\n1. actual string values are decoded as strings; and\n2. null is decoded as empty string;\n\nand provides methods for getting the value as various\nprimitive types. However, using this type removes any\ntype safety as far as deserializing JSON is concerned. \n", + "type": "string" + } + } + } + }, + "headers": { + "description": "headers: object\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Handler\nHeaders manipulates headers between Caddy and the backend.\nBy default, all headers are passed-thru without changes,\nwith the exceptions of special hop-by-hop headers.\n\nX-Forwarded-For, X-Forwarded-Proto and X-Forwarded-Host\nare also set implicitly.\n\n\nHandler is a middleware which modifies request and response headers.\n\nChanges to headers are applied immediately, except for the response\nheaders when Deferred is true or when Required is set. In those cases,\nthe changes are applied when the headers are written to the response.\nNote that deferred changes do not take effect if an error occurs later\nin the middleware chain.\n\nProperties in this module accept placeholders.\n\nResponse header operations can be conditioned upon response status code\nand/or other header values.\n", + "markdownDescription": "headers: `object` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Handler) \nHeaders manipulates headers between Caddy and the backend.\nBy default, all headers are passed-thru without changes,\nwith the exceptions of special hop-by-hop headers.\n\nX-Forwarded-For, X-Forwarded-Proto and X-Forwarded-Host\nare also set implicitly.\n\n\nHandler is a middleware which modifies request and response headers.\n\nChanges to headers are applied immediately, except for the response\nheaders when Deferred is true or when Required is set. In those cases,\nthe changes are applied when the headers are written to the response.\nNote that deferred changes do not take effect if an error occurs later\nin the middleware chain.\n\nProperties in this module accept placeholders.\n\nResponse header operations can be conditioned upon response status code\nand/or other header values. \n", + "type": "object", + "properties": { + "request": { + "description": "request: object\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#HeaderOps\nHeaderOps defines manipulations for HTTP headers.\n\n", + "markdownDescription": "request: `object` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#HeaderOps) \nHeaderOps defines manipulations for HTTP headers.\n \n", + "type": "object", + "properties": { + "add": { + "description": "add: object\nModule: http.handlers.reverse_proxy\nAdds HTTP headers; does not replace any existing header fields.\n", + "markdownDescription": "add: `object` \nModule: `http.handlers.reverse_proxy` \nAdds HTTP headers; does not replace any existing header fields. \n", + "type": "object", + "additionalProperties": { + "description": "Adds HTTP headers; does not replace any existing header fields.\n", + "markdownDescription": "Adds HTTP headers; does not replace any existing header fields. \n", + "type": "array", + "items": { + "type": "string" + } + } + }, + "delete": { + "description": "delete: array\nModule: http.handlers.reverse_proxy\nNames of HTTP header fields to delete.\n", + "markdownDescription": "delete: `array` \nModule: `http.handlers.reverse_proxy` \nNames of HTTP header fields to delete. \n", + "type": "array", + "items": { + "description": "Names of HTTP header fields to delete.\n", + "markdownDescription": "Names of HTTP header fields to delete. \n", + "type": "string" + } + }, + "replace": { + "description": "replace: object\nModule: http.handlers.reverse_proxy\nPerforms substring replacements of HTTP headers in-situ.\n", + "markdownDescription": "replace: `object` \nModule: `http.handlers.reverse_proxy` \nPerforms substring replacements of HTTP headers in-situ. \n", + "type": "object", + "additionalProperties": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement\nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement) \nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement\nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement) \nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n \n", + "type": "object", + "properties": { + "replace": { + "description": "replace: string\nModule: http.handlers.reverse_proxy\nThe string with which to replace matches.\n", + "markdownDescription": "replace: `string` \nModule: `http.handlers.reverse_proxy` \nThe string with which to replace matches. \n", + "type": "string" + }, + "search": { + "description": "search: string\nModule: http.handlers.reverse_proxy\nThe substring to search for.\n", + "markdownDescription": "search: `string` \nModule: `http.handlers.reverse_proxy` \nThe substring to search for. \n", + "type": "string" + }, + "search_regexp": { + "description": "search_regexp: string\nModule: http.handlers.reverse_proxy\nThe regular expression to search with.\n", + "markdownDescription": "search_regexp: `string` \nModule: `http.handlers.reverse_proxy` \nThe regular expression to search with. \n", + "type": "string" + } + } + } + } + }, + "set": { + "description": "set: object\nModule: http.handlers.reverse_proxy\nSets HTTP headers; replaces existing header fields.\n", + "markdownDescription": "set: `object` \nModule: `http.handlers.reverse_proxy` \nSets HTTP headers; replaces existing header fields. \n", + "type": "object", + "additionalProperties": { + "description": "Sets HTTP headers; replaces existing header fields.\n", + "markdownDescription": "Sets HTTP headers; replaces existing header fields. \n", + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "response": { + "description": "response: object\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#RespHeaderOps\nRespHeaderOps defines manipulations for response headers.\n\n", + "markdownDescription": "response: `object` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#RespHeaderOps) \nRespHeaderOps defines manipulations for response headers.\n \n", + "type": "object", + "properties": { + "add": { + "description": "add: object\nModule: http.handlers.reverse_proxy\nAdds HTTP headers; does not replace any existing header fields.\n", + "markdownDescription": "add: `object` \nModule: `http.handlers.reverse_proxy` \nAdds HTTP headers; does not replace any existing header fields. \n", + "type": "object", + "additionalProperties": { + "description": "Adds HTTP headers; does not replace any existing header fields.\n", + "markdownDescription": "Adds HTTP headers; does not replace any existing header fields. \n", + "type": "array", + "items": { + "type": "string" + } + } + }, + "deferred": { + "description": "deferred: boolean\nModule: http.handlers.reverse_proxy\nIf true, header operations will be deferred until\nthey are written out. Superceded if Require is set.\nUsually you will need to set this to true if any\nfields are being deleted.\n", + "markdownDescription": "deferred: `boolean` \nModule: `http.handlers.reverse_proxy` \nIf true, header operations will be deferred until\nthey are written out. Superceded if Require is set.\nUsually you will need to set this to true if any\nfields are being deleted. \n", + "type": "boolean" + }, + "delete": { + "description": "delete: array\nModule: http.handlers.reverse_proxy\nNames of HTTP header fields to delete.\n", + "markdownDescription": "delete: `array` \nModule: `http.handlers.reverse_proxy` \nNames of HTTP header fields to delete. \n", + "type": "array", + "items": { + "description": "Names of HTTP header fields to delete.\n", + "markdownDescription": "Names of HTTP header fields to delete. \n", + "type": "string" + } + }, + "replace": { + "description": "replace: object\nModule: http.handlers.reverse_proxy\nPerforms substring replacements of HTTP headers in-situ.\n", + "markdownDescription": "replace: `object` \nModule: `http.handlers.reverse_proxy` \nPerforms substring replacements of HTTP headers in-situ. \n", + "type": "object", + "additionalProperties": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement\nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement) \nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement\nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement) \nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n \n", + "type": "object", + "properties": { + "replace": { + "description": "replace: string\nModule: http.handlers.reverse_proxy\nThe string with which to replace matches.\n", + "markdownDescription": "replace: `string` \nModule: `http.handlers.reverse_proxy` \nThe string with which to replace matches. \n", + "type": "string" + }, + "search": { + "description": "search: string\nModule: http.handlers.reverse_proxy\nThe substring to search for.\n", + "markdownDescription": "search: `string` \nModule: `http.handlers.reverse_proxy` \nThe substring to search for. \n", + "type": "string" + }, + "search_regexp": { + "description": "search_regexp: string\nModule: http.handlers.reverse_proxy\nThe regular expression to search with.\n", + "markdownDescription": "search_regexp: `string` \nModule: `http.handlers.reverse_proxy` \nThe regular expression to search with. \n", + "type": "string" + } + } + } + } + }, + "require": { + "description": "require: object\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#ResponseMatcher\nIf set, header operations will be deferred until\nthey are written out and only performed if the\nresponse matches these criteria.\n\n\nResponseMatcher is a type which can determine if an\nHTTP response matches some criteria.\n", + "markdownDescription": "require: `object` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#ResponseMatcher) \nIf set, header operations will be deferred until\nthey are written out and only performed if the\nresponse matches these criteria.\n\n\nResponseMatcher is a type which can determine if an\nHTTP response matches some criteria. \n", + "type": "object", + "properties": { + "headers": { + "description": "headers: object\nModule: http.handlers.reverse_proxy\nIf set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/).\n", + "markdownDescription": "headers: `object` \nModule: `http.handlers.reverse_proxy` \nIf set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/). \n", + "type": "object", + "additionalProperties": { + "description": "If set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/).\n", + "markdownDescription": "If set, each header specified must be one of the\nspecified values, with the same logic used by the\n[request header matcher](/docs/json/apps/http/servers/routes/match/header/). \n", + "type": "array", + "items": { + "type": "string" + } + } + }, + "status_code": { + "description": "status_code: array\nModule: http.handlers.reverse_proxy\nIf set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes).\n", + "markdownDescription": "status_code: `array` \nModule: `http.handlers.reverse_proxy` \nIf set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes). \n", + "type": "array", + "items": { + "description": "If set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes).\n", + "markdownDescription": "If set, one of these status codes would be required.\nA one-digit status can be used to represent all codes\nin that class (e.g. 3 for all 3xx codes). \n", + "type": "number" + } + } + } + }, + "set": { + "description": "set: object\nModule: http.handlers.reverse_proxy\nSets HTTP headers; replaces existing header fields.\n", + "markdownDescription": "set: `object` \nModule: `http.handlers.reverse_proxy` \nSets HTTP headers; replaces existing header fields. \n", + "type": "object", + "additionalProperties": { + "description": "Sets HTTP headers; replaces existing header fields.\n", + "markdownDescription": "Sets HTTP headers; replaces existing header fields. \n", + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + } + }, + "health_checks": { + "description": "health_checks: object\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HealthChecks\nHealth checks update the status of backends, whether they are\nup or down. Down backends will not be proxied to.\n\n\nHealthChecks configures active and passive health checks.\n", + "markdownDescription": "health_checks: `object` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HealthChecks) \nHealth checks update the status of backends, whether they are\nup or down. Down backends will not be proxied to.\n\n\nHealthChecks configures active and passive health checks. \n", + "type": "object", + "properties": { + "active": { + "description": "active: object\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#ActiveHealthChecks\nActive health checks run in the background on a timer. To\nminimally enable active health checks, set either path or\nport (or both). Note that active health check status\n(healthy/unhealthy) is stored per-proxy-handler, not\nglobally; this allows different handlers to use different\ncriteria to decide what defines a healthy backend.\n\nActive health checks do not run for dynamic upstreams.\n\n\nActiveHealthChecks holds configuration related to active\nhealth checks (that is, health checks which occur in a\nbackground goroutine independently).\n", + "markdownDescription": "active: `object` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#ActiveHealthChecks) \nActive health checks run in the background on a timer. To\nminimally enable active health checks, set either path or\nport (or both). Note that active health check status\n(healthy/unhealthy) is stored per-proxy-handler, not\nglobally; this allows different handlers to use different\ncriteria to decide what defines a healthy backend.\n\nActive health checks do not run for dynamic upstreams.\n\n\nActiveHealthChecks holds configuration related to active\nhealth checks (that is, health checks which occur in a\nbackground goroutine independently). \n", + "type": "object", + "properties": { + "expect_body": { + "description": "expect_body: string\nModule: http.handlers.reverse_proxy\nA regular expression against which to match the response\nbody of a healthy backend.\n", + "markdownDescription": "expect_body: `string` \nModule: `http.handlers.reverse_proxy` \nA regular expression against which to match the response\nbody of a healthy backend. \n", + "type": "string" + }, + "expect_status": { + "description": "expect_status: number\nModule: http.handlers.reverse_proxy\nThe HTTP status code to expect from a healthy backend.\n", + "markdownDescription": "expect_status: `number` \nModule: `http.handlers.reverse_proxy` \nThe HTTP status code to expect from a healthy backend. \n", + "type": "number" + }, + "headers": { + "description": "headers: object\nModule: http.handlers.reverse_proxy\nHTTP headers to set on health check requests.\n", + "markdownDescription": "headers: `object` \nModule: `http.handlers.reverse_proxy` \nHTTP headers to set on health check requests. \n", + "type": "object", + "additionalProperties": { + "description": "HTTP headers to set on health check requests.\n", + "markdownDescription": "HTTP headers to set on health check requests. \n", + "type": "array", + "items": { + "type": "string" + } + } + }, + "interval": { + "description": "interval: number\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow frequently to perform active health checks (default 30s).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "interval: `number` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow frequently to perform active health checks (default 30s).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "max_size": { + "description": "max_size: number\nModule: http.handlers.reverse_proxy\nThe maximum response body to download from the backend\nduring a health check.\n", + "markdownDescription": "max_size: `number` \nModule: `http.handlers.reverse_proxy` \nThe maximum response body to download from the backend\nduring a health check. \n", + "type": "number" + }, + "path": { + "description": "path: string\nModule: http.handlers.reverse_proxy\nDEPRECATED: Use 'uri' instead. This field will be removed. TODO: remove this field\n", + "markdownDescription": "path: `string` \nModule: `http.handlers.reverse_proxy` \nDEPRECATED: Use 'uri' instead. This field will be removed. TODO: remove this field \n", + "type": "string" + }, + "port": { + "description": "port: number\nModule: http.handlers.reverse_proxy\nThe port to use (if different from the upstream's dial\naddress) for health checks.\n", + "markdownDescription": "port: `number` \nModule: `http.handlers.reverse_proxy` \nThe port to use (if different from the upstream's dial\naddress) for health checks. \n", + "type": "number" + }, + "timeout": { + "description": "timeout: number\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to wait for a response from a backend before\nconsidering it unhealthy (default 5s).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "timeout: `number` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to wait for a response from a backend before\nconsidering it unhealthy (default 5s).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "uri": { + "description": "uri: string\nModule: http.handlers.reverse_proxy\nThe URI (path and query) to use for health checks\n", + "markdownDescription": "uri: `string` \nModule: `http.handlers.reverse_proxy` \nThe URI (path and query) to use for health checks \n", + "type": "string" + } + } + }, + "passive": { + "description": "passive: object\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#PassiveHealthChecks\nPassive health checks monitor proxied requests for errors or timeouts.\nTo minimally enable passive health checks, specify at least an empty\nconfig object. Passive health check state is shared (stored globally),\nso a failure from one handler will be counted by all handlers; but\nthe tolerances or standards for what defines healthy/unhealthy backends\nis configured per-proxy-handler.\n\nPassive health checks technically do operate on dynamic upstreams,\nbut are only effective for very busy proxies where the list of\nupstreams is mostly stable. This is because the shared/global\nstate of upstreams is cleaned up when the upstreams are no longer\nused. Since dynamic upstreams are allocated dynamically at each\nrequest (specifically, each iteration of the proxy loop per request),\nthey are also cleaned up after every request. Thus, if there is a\nmoment when no requests are actively referring to a particular\nupstream host, the passive health check state will be reset because\nit will be garbage-collected. It is usually better for the dynamic\nupstream module to only return healthy, available backends instead.\n\n\nPassiveHealthChecks holds configuration related to passive\nhealth checks (that is, health checks which occur during\nthe normal flow of request proxying).\n", + "markdownDescription": "passive: `object` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#PassiveHealthChecks) \nPassive health checks monitor proxied requests for errors or timeouts.\nTo minimally enable passive health checks, specify at least an empty\nconfig object. Passive health check state is shared (stored globally),\nso a failure from one handler will be counted by all handlers; but\nthe tolerances or standards for what defines healthy/unhealthy backends\nis configured per-proxy-handler.\n\nPassive health checks technically do operate on dynamic upstreams,\nbut are only effective for very busy proxies where the list of\nupstreams is mostly stable. This is because the shared/global\nstate of upstreams is cleaned up when the upstreams are no longer\nused. Since dynamic upstreams are allocated dynamically at each\nrequest (specifically, each iteration of the proxy loop per request),\nthey are also cleaned up after every request. Thus, if there is a\nmoment when no requests are actively referring to a particular\nupstream host, the passive health check state will be reset because\nit will be garbage-collected. It is usually better for the dynamic\nupstream module to only return healthy, available backends instead.\n\n\nPassiveHealthChecks holds configuration related to passive\nhealth checks (that is, health checks which occur during\nthe normal flow of request proxying). \n", + "type": "object", + "properties": { + "fail_duration": { + "description": "fail_duration: number\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to remember a failed request to a backend. A duration \u003e 0\nenables passive health checking. Default is 0.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "fail_duration: `number` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to remember a failed request to a backend. A duration \u003e 0\nenables passive health checking. Default is 0.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "max_fails": { + "description": "max_fails: number\nModule: http.handlers.reverse_proxy\nThe number of failed requests within the FailDuration window to\nconsider a backend as \"down\". Must be \u003e= 1; default is 1. Requires\nthat FailDuration be \u003e 0.\n", + "markdownDescription": "max_fails: `number` \nModule: `http.handlers.reverse_proxy` \nThe number of failed requests within the FailDuration window to\nconsider a backend as \"down\". Must be \u003e= 1; default is 1. Requires\nthat FailDuration be \u003e 0. \n", + "type": "number" + }, + "unhealthy_latency": { + "description": "unhealthy_latency: number\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nCount the request as failed if the response takes at least this\nlong to receive.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "unhealthy_latency: `number` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nCount the request as failed if the response takes at least this\nlong to receive.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "unhealthy_request_count": { + "description": "unhealthy_request_count: number\nModule: http.handlers.reverse_proxy\nLimits the number of simultaneous requests to a backend by\nmarking the backend as \"down\" if it has this many concurrent\nrequests or more.\n", + "markdownDescription": "unhealthy_request_count: `number` \nModule: `http.handlers.reverse_proxy` \nLimits the number of simultaneous requests to a backend by\nmarking the backend as \"down\" if it has this many concurrent\nrequests or more. \n", + "type": "number" + }, + "unhealthy_status": { + "description": "unhealthy_status: array\nModule: http.handlers.reverse_proxy\nCount the request as failed if the response comes back with\none of these status codes.\n", + "markdownDescription": "unhealthy_status: `array` \nModule: `http.handlers.reverse_proxy` \nCount the request as failed if the response comes back with\none of these status codes. \n", + "type": "array", + "items": { + "description": "Count the request as failed if the response comes back with\none of these status codes.\n", + "markdownDescription": "Count the request as failed if the response comes back with\none of these status codes. \n", + "type": "number" + } + } + } + } + } + }, + "load_balancing": { + "description": "load_balancing: object\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#LoadBalancing\nLoad balancing distributes load/requests between backends.\n\n\nLoadBalancing has parameters related to load balancing.\n", + "markdownDescription": "load_balancing: `object` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#LoadBalancing) \nLoad balancing distributes load/requests between backends.\n\n\nLoadBalancing has parameters related to load balancing. \n", + "type": "object", + "properties": { + "retry_match": { + "description": "retry_match: array\nModule: http.matchers\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nA list of matcher sets that restricts with which requests retries are\nallowed. A request must match any of the given matcher sets in order\nto be retried if the connection to the upstream succeeded but the\nsubsequent round-trip failed. If the connection to the upstream failed,\na retry is always allowed. If unspecified, only GET requests will be\nallowed to be retried. Note that a retry is done with the next available\nhost according to the load balancing policy.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "retry_match: `array` \nModule: `http.matchers` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nA list of matcher sets that restricts with which requests retries are\nallowed. A request must match any of the given matcher sets in order\nto be retried if the connection to the upstream succeeded but the\nsubsequent round-trip failed. If the connection to the upstream failed,\na retry is always allowed. If unspecified, only GET requests will be\nallowed to be retried. Note that a retry is done with the next available\nhost according to the load balancing policy.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nA list of matcher sets that restricts with which requests retries are\nallowed. A request must match any of the given matcher sets in order\nto be retried if the connection to the upstream succeeded but the\nsubsequent round-trip failed. If the connection to the upstream failed,\na retry is always allowed. If unspecified, only GET requests will be\nallowed to be retried. Note that a retry is done with the next available\nhost according to the load balancing policy.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nA list of matcher sets that restricts with which requests retries are\nallowed. A request must match any of the given matcher sets in order\nto be retried if the connection to the upstream succeeded but the\nsubsequent round-trip failed. If the connection to the upstream failed,\na retry is always allowed. If unspecified, only GET requests will be\nallowed to be retried. Note that a retry is done with the next available\nhost according to the load balancing policy.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "properties": { + "expression": { + "$ref": "#/definitions/http.matchers.expression" + }, + "file": { + "$ref": "#/definitions/http.matchers.file" + }, + "header": { + "$ref": "#/definitions/http.matchers.header" + }, + "header_regexp": { + "$ref": "#/definitions/http.matchers.header_regexp" + }, + "host": { + "$ref": "#/definitions/http.matchers.host" + }, + "method": { + "$ref": "#/definitions/http.matchers.method" + }, + "not": { + "$ref": "#/definitions/http.matchers.not" + }, + "path": { + "$ref": "#/definitions/http.matchers.path" + }, + "path_regexp": { + "$ref": "#/definitions/http.matchers.path_regexp" + }, + "protocol": { + "$ref": "#/definitions/http.matchers.protocol" + }, + "query": { + "$ref": "#/definitions/http.matchers.query" + }, + "remote_ip": { + "$ref": "#/definitions/http.matchers.remote_ip" + }, + "vars": { + "$ref": "#/definitions/http.matchers.vars" + }, + "vars_regexp": { + "$ref": "#/definitions/http.matchers.vars_regexp" + } + } + } + }, + "selection_policy": { + "description": "selection_policy: object\nModule: http.reverse_proxy.selection_policies\nA selection policy is how to choose an available backend.\nThe default policy is random selection.\n", + "markdownDescription": "selection_policy: `object` \nModule: `http.reverse_proxy.selection_policies` \nA selection policy is how to choose an available backend.\nThe default policy is random selection. \n", + "type": "object", + "required": [ + "policy" + ], + "allOf": [ + { + "if": { + "properties": { + "policy": { + "const": "first" + } + } + }, + "then": { + "$ref": "#/definitions/http.reverse_proxy.selection_policies.first" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "ip_hash" + } + } + }, + "then": { + "$ref": "#/definitions/http.reverse_proxy.selection_policies.ip_hash" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "uri_hash" + } + } + }, + "then": { + "$ref": "#/definitions/http.reverse_proxy.selection_policies.uri_hash" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "cookie" + } + } + }, + "then": { + "$ref": "#/definitions/http.reverse_proxy.selection_policies.cookie" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "header" + } + } + }, + "then": { + "$ref": "#/definitions/http.reverse_proxy.selection_policies.header" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "least_conn" + } + } + }, + "then": { + "$ref": "#/definitions/http.reverse_proxy.selection_policies.least_conn" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "random" + } + } + }, + "then": { + "$ref": "#/definitions/http.reverse_proxy.selection_policies.random" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "random_choose" + } + } + }, + "then": { + "$ref": "#/definitions/http.reverse_proxy.selection_policies.random_choose" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "round_robin" + } + } + }, + "then": { + "$ref": "#/definitions/http.reverse_proxy.selection_policies.round_robin" + } + }, + { + "properties": { + "policy": { + "description": "key to identify selection_policy module.\npolicy: string\nModule: http.reverse_proxy.selection_policies", + "markdownDescription": "key to identify `selection_policy` module. \npolicy: `string` \nModule: `http.reverse_proxy.selection_policies`", + "type": "string", + "enum": [ + "first", + "ip_hash", + "uri_hash", + "cookie", + "header", + "least_conn", + "random", + "random_choose", + "round_robin" + ] + } + } + } + ] + }, + "try_duration": { + "description": "try_duration: number\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to try selecting available backends for each request\nif the next available host is down. By default, this retry is\ndisabled. Clients will wait for up to this long while the load\nbalancer tries to find an available upstream host.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "try_duration: `number` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to try selecting available backends for each request\nif the next available host is down. By default, this retry is\ndisabled. Clients will wait for up to this long while the load\nbalancer tries to find an available upstream host.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "try_interval": { + "description": "try_interval: number\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to wait between selecting the next host from the pool. Default\nis 250ms. Only relevant when a request to an upstream host fails. Be\naware that setting this to 0 with a non-zero try_duration can cause the\nCPU to spin if all backends are down and latency is very low.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "try_interval: `number` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to wait between selecting the next host from the pool. Default\nis 250ms. Only relevant when a request to an upstream host fails. Be\naware that setting this to 0 with a non-zero try_duration can cause the\nCPU to spin if all backends are down and latency is very low.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + } + } + }, + "max_buffer_size": { + "description": "max_buffer_size: number\nModule: http.handlers.reverse_proxy\nIf body buffering is enabled, the maximum size of the buffers\nused for the requests and responses (in bytes).\n", + "markdownDescription": "max_buffer_size: `number` \nModule: `http.handlers.reverse_proxy` \nIf body buffering is enabled, the maximum size of the buffers\nused for the requests and responses (in bytes). \n", + "type": "number" + }, + "rewrite": { + "description": "rewrite: object\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#Rewrite\nIf configured, rewrites the copy of the upstream request.\nAllows changing the request method and URI (path and query).\nSince the rewrite is applied to the copy, it does not persist\npast the reverse proxy handler.\nIf the method is changed to `GET` or `HEAD`, the request body\nwill not be copied to the backend. This allows a later request\nhandler -- either in a `handle_response` route, or after -- to\nread the body.\nBy default, no rewrite is performed, and the method and URI\nfrom the incoming request is used as-is for proxying.\n\n\nRewrite is a middleware which can rewrite HTTP requests.\n\nThe Method and URI properties are \"setters\": the request URI\nwill be set to the given values. Other properties are \"modifiers\":\nthey modify existing files but do not explicitly specify what the\nresult will be. It is atypical to combine the use of setters and\nmodifiers in a single rewrite.\n", + "markdownDescription": "rewrite: `object` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#Rewrite) \nIf configured, rewrites the copy of the upstream request.\nAllows changing the request method and URI (path and query).\nSince the rewrite is applied to the copy, it does not persist\npast the reverse proxy handler.\nIf the method is changed to `GET` or `HEAD`, the request body\nwill not be copied to the backend. This allows a later request\nhandler -- either in a `handle_response` route, or after -- to\nread the body.\nBy default, no rewrite is performed, and the method and URI\nfrom the incoming request is used as-is for proxying.\n\n\nRewrite is a middleware which can rewrite HTTP requests.\n\nThe Method and URI properties are \"setters\": the request URI\nwill be set to the given values. Other properties are \"modifiers\":\nthey modify existing files but do not explicitly specify what the\nresult will be. It is atypical to combine the use of setters and\nmodifiers in a single rewrite. \n", + "type": "object", + "properties": { + "method": { + "description": "method: string\nModule: http.handlers.reverse_proxy\nChanges the request's HTTP verb.\n", + "markdownDescription": "method: `string` \nModule: `http.handlers.reverse_proxy` \nChanges the request's HTTP verb. \n", + "type": "string" + }, + "path_regexp": { + "description": "path_regexp: array\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#regexReplacer\nPerforms regular expression replacements on the URI path.\n\n\nregexReplacer describes a replacement using a regular expression.\n", + "markdownDescription": "path_regexp: `array` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#regexReplacer) \nPerforms regular expression replacements on the URI path.\n\n\nregexReplacer describes a replacement using a regular expression. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#regexReplacer\nPerforms regular expression replacements on the URI path.\n\n\nregexReplacer describes a replacement using a regular expression.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#regexReplacer) \nPerforms regular expression replacements on the URI path.\n\n\nregexReplacer describes a replacement using a regular expression. \n", + "type": "object", + "properties": { + "find": { + "description": "find: string\nModule: http.handlers.reverse_proxy\nThe regular expression to find.\n", + "markdownDescription": "find: `string` \nModule: `http.handlers.reverse_proxy` \nThe regular expression to find. \n", + "type": "string" + }, + "replace": { + "description": "replace: string\nModule: http.handlers.reverse_proxy\nThe substring to replace with. Supports placeholders and\nregular expression capture groups.\n", + "markdownDescription": "replace: `string` \nModule: `http.handlers.reverse_proxy` \nThe substring to replace with. Supports placeholders and\nregular expression capture groups. \n", + "type": "string" + } + } + } + }, + "strip_path_prefix": { + "description": "strip_path_prefix: string\nModule: http.handlers.reverse_proxy\nStrips the given prefix from the beginning of the URI path.\n", + "markdownDescription": "strip_path_prefix: `string` \nModule: `http.handlers.reverse_proxy` \nStrips the given prefix from the beginning of the URI path. \n", + "type": "string" + }, + "strip_path_suffix": { + "description": "strip_path_suffix: string\nModule: http.handlers.reverse_proxy\nStrips the given suffix from the end of the URI path.\n", + "markdownDescription": "strip_path_suffix: `string` \nModule: `http.handlers.reverse_proxy` \nStrips the given suffix from the end of the URI path. \n", + "type": "string" + }, + "uri": { + "description": "uri: string\nModule: http.handlers.reverse_proxy\nChanges the request's URI, which consists of path and query string.\nOnly components of the URI that are specified will be changed.\nFor example, a value of \"/foo.html\" or \"foo.html\" will only change\nthe path and will preserve any existing query string. Similarly, a\nvalue of \"?a=b\" will only change the query string and will not affect\nthe path. Both can also be changed: \"/foo?a=b\" - this sets both the\npath and query string at the same time.\n\nYou can also use placeholders. For example, to preserve the existing\nquery string, you might use: \"?{http.request.uri.query}\u0026a=b\". Any\nkey-value pairs you add to the query string will not overwrite\nexisting values (individual pairs are append-only).\n\nTo clear the query string, explicitly set an empty one: \"?\"\n", + "markdownDescription": "uri: `string` \nModule: `http.handlers.reverse_proxy` \nChanges the request's URI, which consists of path and query string.\nOnly components of the URI that are specified will be changed.\nFor example, a value of \"/foo.html\" or \"foo.html\" will only change\nthe path and will preserve any existing query string. Similarly, a\nvalue of \"?a=b\" will only change the query string and will not affect\nthe path. Both can also be changed: \"/foo?a=b\" - this sets both the\npath and query string at the same time.\n\nYou can also use placeholders. For example, to preserve the existing\nquery string, you might use: \"?{http.request.uri.query}\u0026a=b\". Any\nkey-value pairs you add to the query string will not overwrite\nexisting values (individual pairs are append-only).\n\nTo clear the query string, explicitly set an empty one: \"?\" \n", + "type": "string" + }, + "uri_substring": { + "description": "uri_substring: array\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#substrReplacer\nPerforms substring replacements on the URI.\n\n\nsubstrReplacer describes either a simple and fast substring replacement.\n", + "markdownDescription": "uri_substring: `array` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#substrReplacer) \nPerforms substring replacements on the URI.\n\n\nsubstrReplacer describes either a simple and fast substring replacement. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#substrReplacer\nPerforms substring replacements on the URI.\n\n\nsubstrReplacer describes either a simple and fast substring replacement.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#substrReplacer) \nPerforms substring replacements on the URI.\n\n\nsubstrReplacer describes either a simple and fast substring replacement. \n", + "type": "object", + "properties": { + "find": { + "description": "find: string\nModule: http.handlers.reverse_proxy\nA substring to find. Supports placeholders.\n", + "markdownDescription": "find: `string` \nModule: `http.handlers.reverse_proxy` \nA substring to find. Supports placeholders. \n", + "type": "string" + }, + "limit": { + "description": "limit: number\nModule: http.handlers.reverse_proxy\nMaximum number of replacements per string.\nSet to \u003c= 0 for no limit (default).\n", + "markdownDescription": "limit: `number` \nModule: `http.handlers.reverse_proxy` \nMaximum number of replacements per string.\nSet to \u003c= 0 for no limit (default). \n", + "type": "number" + }, + "replace": { + "description": "replace: string\nModule: http.handlers.reverse_proxy\nThe substring to replace with. Supports placeholders.\n", + "markdownDescription": "replace: `string` \nModule: `http.handlers.reverse_proxy` \nThe substring to replace with. Supports placeholders. \n", + "type": "string" + } + } + } + } + } + }, + "transport": { + "description": "transport: object\nModule: http.reverse_proxy.transport\nConfigures the method of transport for the proxy. A transport\nis what performs the actual \"round trip\" to the backend.\nThe default transport is plaintext HTTP.\n", + "markdownDescription": "transport: `object` \nModule: `http.reverse_proxy.transport` \nConfigures the method of transport for the proxy. A transport\nis what performs the actual \"round trip\" to the backend.\nThe default transport is plaintext HTTP. \n", + "type": "object", + "required": [ + "protocol" + ], + "allOf": [ + { + "if": { + "properties": { + "protocol": { + "const": "fastcgi" + } + } + }, + "then": { + "$ref": "#/definitions/http.reverse_proxy.transport.fastcgi" + } + }, + { + "if": { + "properties": { + "protocol": { + "const": "http" + } + } + }, + "then": { + "$ref": "#/definitions/http.reverse_proxy.transport.http" + } + }, + { + "properties": { + "protocol": { + "description": "key to identify transport module.\nprotocol: string\nModule: http.reverse_proxy.transport", + "markdownDescription": "key to identify `transport` module. \nprotocol: `string` \nModule: `http.reverse_proxy.transport`", + "type": "string", + "enum": [ + "fastcgi", + "http" + ] + } + } + } + ] + }, + "trusted_proxies": { + "description": "trusted_proxies: array\nModule: http.handlers.reverse_proxy\nA list of IP ranges (supports CIDR notation) from which\nX-Forwarded-* header values should be trusted. By default,\nno proxies are trusted, so existing values will be ignored\nwhen setting these headers. If the proxy is trusted, then\nexisting values will be used when constructing the final\nheader values.\n", + "markdownDescription": "trusted_proxies: `array` \nModule: `http.handlers.reverse_proxy` \nA list of IP ranges (supports CIDR notation) from which\nX-Forwarded-* header values should be trusted. By default,\nno proxies are trusted, so existing values will be ignored\nwhen setting these headers. If the proxy is trusted, then\nexisting values will be used when constructing the final\nheader values. \n", + "type": "array", + "items": { + "description": "A list of IP ranges (supports CIDR notation) from which\nX-Forwarded-* header values should be trusted. By default,\nno proxies are trusted, so existing values will be ignored\nwhen setting these headers. If the proxy is trusted, then\nexisting values will be used when constructing the final\nheader values.\n", + "markdownDescription": "A list of IP ranges (supports CIDR notation) from which\nX-Forwarded-* header values should be trusted. By default,\nno proxies are trusted, so existing values will be ignored\nwhen setting these headers. If the proxy is trusted, then\nexisting values will be used when constructing the final\nheader values. \n", + "type": "string" + } + }, + "upstreams": { + "description": "upstreams: array\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#Upstream\nUpstreams is the static list of backends to proxy to.\n\n\nUpstream bridges this proxy's configuration to the\nstate of the backend host it is correlated with.\nUpstream values must not be copied.\n", + "markdownDescription": "upstreams: `array` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#Upstream) \nUpstreams is the static list of backends to proxy to.\n\n\nUpstream bridges this proxy's configuration to the\nstate of the backend host it is correlated with.\nUpstream values must not be copied. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#Upstream\nUpstreams is the static list of backends to proxy to.\n\n\nUpstream bridges this proxy's configuration to the\nstate of the backend host it is correlated with.\nUpstream values must not be copied.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#Upstream) \nUpstreams is the static list of backends to proxy to.\n\n\nUpstream bridges this proxy's configuration to the\nstate of the backend host it is correlated with.\nUpstream values must not be copied. \n", + "type": "object", + "properties": { + "dial": { + "description": "dial: string\nModule: http.handlers.reverse_proxy\nThe [network address](/docs/conventions#network-addresses)\nto dial to connect to the upstream. Must represent precisely\none socket (i.e. no port ranges). A valid network address\neither has a host and port or is a unix socket address.\n\nPlaceholders may be used to make the upstream dynamic, but be\naware of the health check implications of this: a single\nupstream that represents numerous (perhaps arbitrary) backends\ncan be considered down if one or enough of the arbitrary\nbackends is down. Also be aware of open proxy vulnerabilities.\n", + "markdownDescription": "dial: `string` \nModule: `http.handlers.reverse_proxy` \nThe [network address](/docs/conventions#network-addresses)\nto dial to connect to the upstream. Must represent precisely\none socket (i.e. no port ranges). A valid network address\neither has a host and port or is a unix socket address.\n\nPlaceholders may be used to make the upstream dynamic, but be\naware of the health check implications of this: a single\nupstream that represents numerous (perhaps arbitrary) backends\ncan be considered down if one or enough of the arbitrary\nbackends is down. Also be aware of open proxy vulnerabilities. \n", + "type": "string" + }, + "lookup_srv": { + "description": "lookup_srv: string\nModule: http.handlers.reverse_proxy\nDEPRECATED: Use the SRVUpstreams module instead\n(http.reverse_proxy.upstreams.srv). This field will be\nremoved in a future version of Caddy. TODO: Remove this field.\n\nIf DNS SRV records are used for service discovery with this\nupstream, specify the DNS name for which to look up SRV\nrecords here, instead of specifying a dial address.\n", + "markdownDescription": "lookup_srv: `string` \nModule: `http.handlers.reverse_proxy` \nDEPRECATED: Use the SRVUpstreams module instead\n(http.reverse_proxy.upstreams.srv). This field will be\nremoved in a future version of Caddy. TODO: Remove this field.\n\nIf DNS SRV records are used for service discovery with this\nupstream, specify the DNS name for which to look up SRV\nrecords here, instead of specifying a dial address. \n", + "type": "string" + }, + "max_requests": { + "description": "max_requests: number\nModule: http.handlers.reverse_proxy\nThe maximum number of simultaneous requests to allow to\nthis upstream. If set, overrides the global passive health\ncheck UnhealthyRequestCount value.\n", + "markdownDescription": "max_requests: `number` \nModule: `http.handlers.reverse_proxy` \nThe maximum number of simultaneous requests to allow to\nthis upstream. If set, overrides the global passive health\ncheck UnhealthyRequestCount value. \n", + "type": "number" + } + } + } + } + } + }, + "http.handlers.rewrite": { + "description": "rewrite: object\nModule: http.handlers.rewrite\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#Rewrite\nRewrite is a middleware which can rewrite HTTP requests.\n\nThe Method and URI properties are \"setters\": the request URI\nwill be set to the given values. Other properties are \"modifiers\":\nthey modify existing files but do not explicitly specify what the\nresult will be. It is atypical to combine the use of setters and\nmodifiers in a single rewrite.\n\n", + "markdownDescription": "rewrite: `object` \nModule: `http.handlers.rewrite` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#Rewrite) \nRewrite is a middleware which can rewrite HTTP requests.\n\nThe Method and URI properties are \"setters\": the request URI\nwill be set to the given values. Other properties are \"modifiers\":\nthey modify existing files but do not explicitly specify what the\nresult will be. It is atypical to combine the use of setters and\nmodifiers in a single rewrite.\n \n", + "type": "object", + "properties": { + "method": { + "description": "method: string\nModule: http.handlers.rewrite\nChanges the request's HTTP verb.\n", + "markdownDescription": "method: `string` \nModule: `http.handlers.rewrite` \nChanges the request's HTTP verb. \n", + "type": "string" + }, + "path_regexp": { + "description": "path_regexp: array\nModule: http.handlers.rewrite\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#regexReplacer\nPerforms regular expression replacements on the URI path.\n\n\nregexReplacer describes a replacement using a regular expression.\n", + "markdownDescription": "path_regexp: `array` \nModule: `http.handlers.rewrite` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#regexReplacer) \nPerforms regular expression replacements on the URI path.\n\n\nregexReplacer describes a replacement using a regular expression. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#regexReplacer\nPerforms regular expression replacements on the URI path.\n\n\nregexReplacer describes a replacement using a regular expression.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#regexReplacer) \nPerforms regular expression replacements on the URI path.\n\n\nregexReplacer describes a replacement using a regular expression. \n", + "type": "object", + "properties": { + "find": { + "description": "find: string\nModule: http.handlers.rewrite\nThe regular expression to find.\n", + "markdownDescription": "find: `string` \nModule: `http.handlers.rewrite` \nThe regular expression to find. \n", + "type": "string" + }, + "replace": { + "description": "replace: string\nModule: http.handlers.rewrite\nThe substring to replace with. Supports placeholders and\nregular expression capture groups.\n", + "markdownDescription": "replace: `string` \nModule: `http.handlers.rewrite` \nThe substring to replace with. Supports placeholders and\nregular expression capture groups. \n", + "type": "string" + } + } + } + }, + "strip_path_prefix": { + "description": "strip_path_prefix: string\nModule: http.handlers.rewrite\nStrips the given prefix from the beginning of the URI path.\n", + "markdownDescription": "strip_path_prefix: `string` \nModule: `http.handlers.rewrite` \nStrips the given prefix from the beginning of the URI path. \n", + "type": "string" + }, + "strip_path_suffix": { + "description": "strip_path_suffix: string\nModule: http.handlers.rewrite\nStrips the given suffix from the end of the URI path.\n", + "markdownDescription": "strip_path_suffix: `string` \nModule: `http.handlers.rewrite` \nStrips the given suffix from the end of the URI path. \n", + "type": "string" + }, + "uri": { + "description": "uri: string\nModule: http.handlers.rewrite\nChanges the request's URI, which consists of path and query string.\nOnly components of the URI that are specified will be changed.\nFor example, a value of \"/foo.html\" or \"foo.html\" will only change\nthe path and will preserve any existing query string. Similarly, a\nvalue of \"?a=b\" will only change the query string and will not affect\nthe path. Both can also be changed: \"/foo?a=b\" - this sets both the\npath and query string at the same time.\n\nYou can also use placeholders. For example, to preserve the existing\nquery string, you might use: \"?{http.request.uri.query}\u0026a=b\". Any\nkey-value pairs you add to the query string will not overwrite\nexisting values (individual pairs are append-only).\n\nTo clear the query string, explicitly set an empty one: \"?\"\n", + "markdownDescription": "uri: `string` \nModule: `http.handlers.rewrite` \nChanges the request's URI, which consists of path and query string.\nOnly components of the URI that are specified will be changed.\nFor example, a value of \"/foo.html\" or \"foo.html\" will only change\nthe path and will preserve any existing query string. Similarly, a\nvalue of \"?a=b\" will only change the query string and will not affect\nthe path. Both can also be changed: \"/foo?a=b\" - this sets both the\npath and query string at the same time.\n\nYou can also use placeholders. For example, to preserve the existing\nquery string, you might use: \"?{http.request.uri.query}\u0026a=b\". Any\nkey-value pairs you add to the query string will not overwrite\nexisting values (individual pairs are append-only).\n\nTo clear the query string, explicitly set an empty one: \"?\" \n", + "type": "string" + }, + "uri_substring": { + "description": "uri_substring: array\nModule: http.handlers.rewrite\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#substrReplacer\nPerforms substring replacements on the URI.\n\n\nsubstrReplacer describes either a simple and fast substring replacement.\n", + "markdownDescription": "uri_substring: `array` \nModule: `http.handlers.rewrite` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#substrReplacer) \nPerforms substring replacements on the URI.\n\n\nsubstrReplacer describes either a simple and fast substring replacement. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#substrReplacer\nPerforms substring replacements on the URI.\n\n\nsubstrReplacer describes either a simple and fast substring replacement.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#substrReplacer) \nPerforms substring replacements on the URI.\n\n\nsubstrReplacer describes either a simple and fast substring replacement. \n", + "type": "object", + "properties": { + "find": { + "description": "find: string\nModule: http.handlers.rewrite\nA substring to find. Supports placeholders.\n", + "markdownDescription": "find: `string` \nModule: `http.handlers.rewrite` \nA substring to find. Supports placeholders. \n", + "type": "string" + }, + "limit": { + "description": "limit: number\nModule: http.handlers.rewrite\nMaximum number of replacements per string.\nSet to \u003c= 0 for no limit (default).\n", + "markdownDescription": "limit: `number` \nModule: `http.handlers.rewrite` \nMaximum number of replacements per string.\nSet to \u003c= 0 for no limit (default). \n", + "type": "number" + }, + "replace": { + "description": "replace: string\nModule: http.handlers.rewrite\nThe substring to replace with. Supports placeholders.\n", + "markdownDescription": "replace: `string` \nModule: `http.handlers.rewrite` \nThe substring to replace with. Supports placeholders. \n", + "type": "string" + } + } + } + } + } + }, + "http.handlers.static_response": { + "description": "static_response: object\nModule: http.handlers.static_response\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#StaticResponse\nStaticResponse implements a simple responder for static responses.\n\n", + "markdownDescription": "static_response: `object` \nModule: `http.handlers.static_response` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#StaticResponse) \nStaticResponse implements a simple responder for static responses.\n \n", + "type": "object", + "properties": { + "abort": { + "description": "abort: boolean\nModule: http.handlers.static_response\nImmediately and forcefully closes the connection without\nwriting a response. Interrupts any other HTTP streams on\nthe same connection.\n", + "markdownDescription": "abort: `boolean` \nModule: `http.handlers.static_response` \nImmediately and forcefully closes the connection without\nwriting a response. Interrupts any other HTTP streams on\nthe same connection. \n", + "type": "boolean" + }, + "body": { + "description": "body: string\nModule: http.handlers.static_response\nThe response body.\n", + "markdownDescription": "body: `string` \nModule: `http.handlers.static_response` \nThe response body. \n", + "type": "string" + }, + "close": { + "description": "close: boolean\nModule: http.handlers.static_response\nIf true, the server will close the client's connection\nafter writing the response.\n", + "markdownDescription": "close: `boolean` \nModule: `http.handlers.static_response` \nIf true, the server will close the client's connection\nafter writing the response. \n", + "type": "boolean" + }, + "headers": { + "description": "headers: object\nModule: http.handlers.static_response\nHeader fields to set on the response.\n", + "markdownDescription": "headers: `object` \nModule: `http.handlers.static_response` \nHeader fields to set on the response. \n", + "type": "object", + "additionalProperties": { + "description": "Header fields to set on the response.\n", + "markdownDescription": "Header fields to set on the response. \n", + "type": "array", + "items": { + "type": "string" + } + } + }, + "status_code": { + "description": "status_code: string\nModule: http.handlers.static_response\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#WeakString\nThe HTTP status code to respond with. Can be an integer or,\nif needing to use a placeholder, a string.\n\n\nWeakString is a type that unmarshals any JSON value\nas a string literal, with the following exceptions:\n\n1. actual string values are decoded as strings; and\n2. null is decoded as empty string;\n\nand provides methods for getting the value as various\nprimitive types. However, using this type removes any\ntype safety as far as deserializing JSON is concerned.\n", + "markdownDescription": "status_code: `string` \nModule: `http.handlers.static_response` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#WeakString) \nThe HTTP status code to respond with. Can be an integer or,\nif needing to use a placeholder, a string.\n\n\nWeakString is a type that unmarshals any JSON value\nas a string literal, with the following exceptions:\n\n1. actual string values are decoded as strings; and\n2. null is decoded as empty string;\n\nand provides methods for getting the value as various\nprimitive types. However, using this type removes any\ntype safety as far as deserializing JSON is concerned. \n", + "type": "string" + } + } + }, + "http.handlers.subroute": { + "description": "subroute: object\nModule: http.handlers.subroute\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Subroute\nSubroute implements a handler that compiles and executes routes.\nThis is useful for a batch of routes that all inherit the same\nmatchers, or for multiple routes that should be treated as a\nsingle route.\n\nYou can also use subroutes to handle errors from its handlers.\nFirst the primary routes will be executed, and if they return an\nerror, the errors routes will be executed; in that case, an error\nis only returned to the entry point at the server if there is an\nadditional error returned from the errors routes.\n\n", + "markdownDescription": "subroute: `object` \nModule: `http.handlers.subroute` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Subroute) \nSubroute implements a handler that compiles and executes routes.\nThis is useful for a batch of routes that all inherit the same\nmatchers, or for multiple routes that should be treated as a\nsingle route.\n\nYou can also use subroutes to handle errors from its handlers.\nFirst the primary routes will be executed, and if they return an\nerror, the errors routes will be executed; in that case, an error\nis only returned to the entry point at the server if there is an\nadditional error returned from the errors routes.\n \n", + "type": "object", + "properties": { + "errors": { + "description": "errors: object\nModule: http.handlers.subroute\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#HTTPErrorConfig\nIf the primary routes return an error, error handling\ncan be promoted to this configuration instead.\n\n\nHTTPErrorConfig determines how to handle errors\nfrom the HTTP handlers.\n", + "markdownDescription": "errors: `object` \nModule: `http.handlers.subroute` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#HTTPErrorConfig) \nIf the primary routes return an error, error handling\ncan be promoted to this configuration instead.\n\n\nHTTPErrorConfig determines how to handle errors\nfrom the HTTP handlers. \n", + "type": "object", + "properties": { + "routes": { + "description": "routes: array\nModule: http.handlers.subroute\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route\nThe routes to evaluate after the primary handler\nchain returns an error. In an error route, extra\nplaceholders are available:\n\nPlaceholder | Description\n------------|---------------\n`{http.error.status_code}` | The recommended HTTP status code\n`{http.error.status_text}` | The status text associated with the recommended status code\n`{http.error.message}` | The error message\n`{http.error.trace}` | The origin of the error\n`{http.error.id}` | An identifier for this occurrence of the error\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner.\n", + "markdownDescription": "routes: `array` \nModule: `http.handlers.subroute` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route) \nThe routes to evaluate after the primary handler\nchain returns an error. In an error route, extra\nplaceholders are available:\n\nPlaceholder | Description\n------------|---------------\n`{http.error.status_code}` | The recommended HTTP status code\n`{http.error.status_text}` | The status text associated with the recommended status code\n`{http.error.message}` | The error message\n`{http.error.trace}` | The origin of the error\n`{http.error.id}` | An identifier for this occurrence of the error\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route\nThe routes to evaluate after the primary handler\nchain returns an error. In an error route, extra\nplaceholders are available:\n\nPlaceholder | Description\n------------|---------------\n`{http.error.status_code}` | The recommended HTTP status code\n`{http.error.status_text}` | The status text associated with the recommended status code\n`{http.error.message}` | The error message\n`{http.error.trace}` | The origin of the error\n`{http.error.id}` | An identifier for this occurrence of the error\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route) \nThe routes to evaluate after the primary handler\nchain returns an error. In an error route, extra\nplaceholders are available:\n\nPlaceholder | Description\n------------|---------------\n`{http.error.status_code}` | The recommended HTTP status code\n`{http.error.status_text}` | The status text associated with the recommended status code\n`{http.error.message}` | The error message\n`{http.error.trace}` | The origin of the error\n`{http.error.id}` | An identifier for this occurrence of the error\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner. \n", + "type": "object", + "properties": { + "group": { + "description": "group: string\nModule: http.handlers.subroute\nGroup is an optional name for a group to which this\nroute belongs. Grouping a route makes it mutually\nexclusive with others in its group; if a route belongs\nto a group, only the first matching route in that group\nwill be executed.\n", + "markdownDescription": "group: `string` \nModule: `http.handlers.subroute` \nGroup is an optional name for a group to which this\nroute belongs. Grouping a route makes it mutually\nexclusive with others in its group; if a route belongs\nto a group, only the first matching route in that group\nwill be executed. \n", + "type": "string" + }, + "handle": { + "description": "handle: array\nModule: http.handlers\nThe list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes.\n", + "markdownDescription": "handle: `array` \nModule: `http.handlers` \nThe list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes. \n", + "type": "array", + "items": { + "description": "The list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes.\n", + "markdownDescription": "The list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes. \n", + "required": [ + "handler" + ], + "allOf": [ + { + "if": { + "properties": { + "handler": { + "const": "authentication" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.authentication" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "static_response" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.static_response" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "file_server" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.file_server" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "map" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.map" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "reverse_proxy" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.reverse_proxy" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "templates" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.templates" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "acme_server" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.acme_server" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response_headers" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response_headers" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "error" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.error" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "push" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.push" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "vars" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.vars" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "rewrite" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.rewrite" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "subroute" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.subroute" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "tracing" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.tracing" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "encode" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.encode" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "headers" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.headers" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "metrics" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.metrics" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "request_body" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.request_body" + } + }, + { + "properties": { + "handler": { + "description": "key to identify handle module.\nhandler: string\nModule: http.handlers", + "markdownDescription": "key to identify `handle` module. \nhandler: `string` \nModule: `http.handlers`", + "type": "string", + "enum": [ + "authentication", + "static_response", + "file_server", + "map", + "reverse_proxy", + "templates", + "acme_server", + "copy_response", + "copy_response_headers", + "error", + "push", + "vars", + "rewrite", + "subroute", + "tracing", + "encode", + "headers", + "metrics", + "request_body" + ] + } + } + } + ] + } + }, + "match": { + "description": "match: array\nModule: http.matchers\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "match: `array` \nModule: `http.matchers` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "properties": { + "expression": { + "$ref": "#/definitions/http.matchers.expression" + }, + "file": { + "$ref": "#/definitions/http.matchers.file" + }, + "header": { + "$ref": "#/definitions/http.matchers.header" + }, + "header_regexp": { + "$ref": "#/definitions/http.matchers.header_regexp" + }, + "host": { + "$ref": "#/definitions/http.matchers.host" + }, + "method": { + "$ref": "#/definitions/http.matchers.method" + }, + "not": { + "$ref": "#/definitions/http.matchers.not" + }, + "path": { + "$ref": "#/definitions/http.matchers.path" + }, + "path_regexp": { + "$ref": "#/definitions/http.matchers.path_regexp" + }, + "protocol": { + "$ref": "#/definitions/http.matchers.protocol" + }, + "query": { + "$ref": "#/definitions/http.matchers.query" + }, + "remote_ip": { + "$ref": "#/definitions/http.matchers.remote_ip" + }, + "vars": { + "$ref": "#/definitions/http.matchers.vars" + }, + "vars_regexp": { + "$ref": "#/definitions/http.matchers.vars_regexp" + } + } + } + }, + "terminal": { + "description": "terminal: boolean\nModule: http.handlers.subroute\nIf true, no more routes will be executed after this one.\n", + "markdownDescription": "terminal: `boolean` \nModule: `http.handlers.subroute` \nIf true, no more routes will be executed after this one. \n", + "type": "boolean" + } + } + } + } + } + }, + "routes": { + "description": "routes: array\nModule: http.handlers.subroute\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route\nThe primary list of routes to compile and execute.\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner.\n", + "markdownDescription": "routes: `array` \nModule: `http.handlers.subroute` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route) \nThe primary list of routes to compile and execute.\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route\nThe primary list of routes to compile and execute.\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Route) \nThe primary list of routes to compile and execute.\n\n\nRoute consists of a set of rules for matching HTTP requests,\na list of handlers to execute, and optional flow control\nparameters which customize the handling of HTTP requests\nin a highly flexible and performant manner. \n", + "type": "object", + "properties": { + "group": { + "description": "group: string\nModule: http.handlers.subroute\nGroup is an optional name for a group to which this\nroute belongs. Grouping a route makes it mutually\nexclusive with others in its group; if a route belongs\nto a group, only the first matching route in that group\nwill be executed.\n", + "markdownDescription": "group: `string` \nModule: `http.handlers.subroute` \nGroup is an optional name for a group to which this\nroute belongs. Grouping a route makes it mutually\nexclusive with others in its group; if a route belongs\nto a group, only the first matching route in that group\nwill be executed. \n", + "type": "string" + }, + "handle": { + "description": "handle: array\nModule: http.handlers\nThe list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes.\n", + "markdownDescription": "handle: `array` \nModule: `http.handlers` \nThe list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes. \n", + "type": "array", + "items": { + "description": "The list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes.\n", + "markdownDescription": "The list of handlers for this route. Upon matching a request, they are chained\ntogether in a middleware fashion: requests flow from the first handler to the last\n(top of the list to the bottom), with the possibility that any handler could stop\nthe chain and/or return an error. Responses flow back through the chain (bottom of\nthe list to the top) as they are written out to the client.\n\nNot all handlers call the next handler in the chain. For example, the reverse_proxy\nhandler always sends a request upstream or returns an error. Thus, configuring\nhandlers after reverse_proxy in the same route is illogical, since they would never\nbe executed. You will want to put handlers which originate the response at the very\nend of your route(s). The documentation for a module should state whether it invokes\nthe next handler, but sometimes it is common sense.\n\nSome handlers manipulate the response. Remember that requests flow down the list, and\nresponses flow up the list.\n\nFor example, if you wanted to use both `templates` and `encode` handlers, you would\nneed to put `templates` after `encode` in your route, because responses flow up.\nThus, `templates` will be able to parse and execute the plain-text response as a\ntemplate, and then return it up to the `encode` handler which will then compress it\ninto a binary format.\n\nIf `templates` came before `encode`, then `encode` would write a compressed,\nbinary-encoded response to `templates` which would not be able to parse the response\nproperly.\n\nThe correct order, then, is this:\n\n [\n {\"handler\": \"encode\"},\n {\"handler\": \"templates\"},\n {\"handler\": \"file_server\"}\n ]\n\nThe request flows ⬇️ DOWN (`encode` -\u003e `templates` -\u003e `file_server`).\n\n1. First, `encode` will choose how to `encode` the response and wrap the response.\n2. Then, `templates` will wrap the response with a buffer.\n3. Finally, `file_server` will originate the content from a file.\n\nThe response flows ⬆️ UP (`file_server` -\u003e `templates` -\u003e `encode`):\n\n1. First, `file_server` will write the file to the response.\n2. That write will be buffered and then executed by `templates`.\n3. Lastly, the write from `templates` will flow into `encode` which will compress the stream.\n\nIf you think of routes in this way, it will be easy and even fun to solve the puzzle of writing correct routes. \n", + "required": [ + "handler" + ], + "allOf": [ + { + "if": { + "properties": { + "handler": { + "const": "reverse_proxy" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.reverse_proxy" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "templates" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.templates" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "acme_server" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.acme_server" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response_headers" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response_headers" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "error" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.error" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "file_server" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.file_server" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "map" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.map" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "push" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.push" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "vars" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.vars" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "tracing" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.tracing" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "encode" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.encode" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "headers" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.headers" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "metrics" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.metrics" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "request_body" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.request_body" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "rewrite" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.rewrite" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "subroute" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.subroute" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "authentication" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.authentication" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "static_response" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.static_response" + } + }, + { + "properties": { + "handler": { + "description": "key to identify handle module.\nhandler: string\nModule: http.handlers", + "markdownDescription": "key to identify `handle` module. \nhandler: `string` \nModule: `http.handlers`", + "type": "string", + "enum": [ + "reverse_proxy", + "templates", + "acme_server", + "copy_response", + "copy_response_headers", + "error", + "file_server", + "map", + "push", + "vars", + "tracing", + "encode", + "headers", + "metrics", + "request_body", + "rewrite", + "subroute", + "authentication", + "static_response" + ] + } + } + } + ] + } + }, + "match": { + "description": "match: array\nModule: http.matchers\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "match: `array` \nModule: `http.matchers` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nThe matcher sets which will be used to qualify this\nroute for a request (essentially the \"if\" statement\nof this route). Each matcher set is OR'ed, but matchers\nwithin a set are AND'ed together.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "properties": { + "expression": { + "$ref": "#/definitions/http.matchers.expression" + }, + "file": { + "$ref": "#/definitions/http.matchers.file" + }, + "header": { + "$ref": "#/definitions/http.matchers.header" + }, + "header_regexp": { + "$ref": "#/definitions/http.matchers.header_regexp" + }, + "host": { + "$ref": "#/definitions/http.matchers.host" + }, + "method": { + "$ref": "#/definitions/http.matchers.method" + }, + "not": { + "$ref": "#/definitions/http.matchers.not" + }, + "path": { + "$ref": "#/definitions/http.matchers.path" + }, + "path_regexp": { + "$ref": "#/definitions/http.matchers.path_regexp" + }, + "protocol": { + "$ref": "#/definitions/http.matchers.protocol" + }, + "query": { + "$ref": "#/definitions/http.matchers.query" + }, + "remote_ip": { + "$ref": "#/definitions/http.matchers.remote_ip" + }, + "vars": { + "$ref": "#/definitions/http.matchers.vars" + }, + "vars_regexp": { + "$ref": "#/definitions/http.matchers.vars_regexp" + } + } + } + }, + "terminal": { + "description": "terminal: boolean\nModule: http.handlers.subroute\nIf true, no more routes will be executed after this one.\n", + "markdownDescription": "terminal: `boolean` \nModule: `http.handlers.subroute` \nIf true, no more routes will be executed after this one. \n", + "type": "boolean" + } + } + } + } + } + }, + "http.handlers.templates": { + "description": "templates: object\nModule: http.handlers.templates\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/templates#Templates\nTemplates is a middleware which executes response bodies as Go templates.\nThe syntax is documented in the Go standard library's\n[text/template package](https://golang.org/pkg/text/template/).\n\n⚠️ Template functions/actions are still experimental, so they are subject to change.\n\nCustom template functions can be registered by creating a plugin module under the `http.handlers.templates.functions.*` namespace that implements the `CustomFunctions` interface.\n\n[All Sprig functions](https://masterminds.github.io/sprig/) are supported.\n\nIn addition to the standard functions and the Sprig library, Caddy adds\nextra functions and data that are available to a template:\n\n##### `.Args`\n\nA slice of arguments passed to this page/context, for example as the result of a `include`.\n\n```\n{{index .Args 0}} // first argument\n```\n\n##### `.Cookie`\n\nGets the value of a cookie by name.\n\n```\n{{.Cookie \"cookiename\"}}\n```\n\n##### `env`\n\nGets an environment variable.\n\n```\n{{env \"VAR_NAME\"}}\n```\n\n##### `placeholder`\n\nGets an [placeholder variable](/docs/conventions#placeholders).\nThe braces (`{}`) have to be omitted.\n\n```\n{{placeholder \"http.request.uri.path\"}}\n{{placeholder \"http.error.status_code\"}}\n```\n\n##### `.Host`\n\nReturns the hostname portion (no port) of the Host header of the HTTP request.\n\n```\n{{.Host}}\n```\n\n##### `httpInclude`\n\nIncludes the contents of another file by making a virtual HTTP request (also known as a sub-request). The URI path must exist on the same virtual server because the request does not use sockets; instead, the request is crafted in memory and the handler is invoked directly for increased efficiency.\n\n```\n{{httpInclude \"/foo/bar?q=val\"}}\n```\n\n##### `import`\n\nImports the contents of another file and adds any template definitions to the template stack. If there are no defitions, the filepath will be the defition name. Any {{ define }} blocks will be accessible by {{ template }} or {{ block }}. Imports must happen before the template or block action is called\n\n**filename.html**\n```\n{{ define \"main\" }}\ncontent\n{{ end }}\n```\n\n**index.html**\n```\n{{ import \"/path/to/file.html\" }}\n{{ template \"main\" }}\n```\n\n##### `include`\n\nIncludes the contents of another file and renders in-place. Optionally can pass key-value pairs as arguments to be accessed by the included file.\n\n```\n{{include \"path/to/file.html\"}} // no arguments\n{{include \"path/to/file.html\" \"arg1\" 2 \"value 3\"}} // with arguments\n```\n\n##### `listFiles`\n\nReturns a list of the files in the given directory, which is relative to the template context's file root.\n\n```\n{{listFiles \"/mydir\"}}\n```\n\n##### `markdown`\n\nRenders the given Markdown text as HTML. This uses the\n[Goldmark](https://github.com/yuin/goldmark) library,\nwhich is CommonMark compliant. It also has these plugins\nenabled: Github Flavored Markdown, Footnote and syntax\nhighlighting provided by [Chroma](https://github.com/alecthomas/chroma).\n\n```\n{{markdown \"My _markdown_ text\"}}\n```\n\n##### `.RemoteIP`\n\nReturns the client's IP address.\n\n```\n{{.RemoteIP}}\n```\n\n##### `.Req`\n\nAccesses the current HTTP request, which has various fields, including:\n\n - `.Method` - the method\n - `.URL` - the URL, which in turn has component fields (Scheme, Host, Path, etc.)\n - `.Header` - the header fields\n - `.Host` - the Host or :authority header of the request\n\n```\n{{.Req.Header.Get \"User-Agent\"}}\n```\n\n##### `.OriginalReq`\n\nLike .Req, except it accesses the original HTTP request before rewrites or other internal modifications.\n\n##### `.RespHeader.Add`\n\nAdds a header field to the HTTP response.\n\n```\n{{.RespHeader.Add \"Field-Name\" \"val\"}}\n```\n\n##### `.RespHeader.Del`\n\nDeletes a header field on the HTTP response.\n\n```\n{{.RespHeader.Del \"Field-Name\"}}\n```\n\n##### `.RespHeader.Set`\n\nSets a header field on the HTTP response, replacing any existing value.\n\n```\n{{.RespHeader.Set \"Field-Name\" \"val\"}}\n```\n\n##### `splitFrontMatter`\n\nSplits front matter out from the body. Front matter is metadata that appears at the very beginning of a file or string. Front matter can be in YAML, TOML, or JSON formats:\n\n**TOML** front matter starts and ends with `+++`:\n\n```\n+++\ntemplate = \"blog\"\ntitle = \"Blog Homepage\"\nsitename = \"A Caddy site\"\n+++\n```\n\n**YAML** is surrounded by `---`:\n\n```\n---\ntemplate: blog\ntitle: Blog Homepage\nsitename: A Caddy site\n---\n```\n\n**JSON** is simply `{` and `}`:\n\n```\n{\n\t\"template\": \"blog\",\n\t\"title\": \"Blog Homepage\",\n\t\"sitename\": \"A Caddy site\"\n}\n```\n\nThe resulting front matter will be made available like so:\n\n- `.Meta` to access the metadata fields, for example: `{{$parsed.Meta.title}}`\n- `.Body` to access the body after the front matter, for example: `{{markdown $parsed.Body}}`\n\n##### `stripHTML`\n\nRemoves HTML from a string.\n\n```\n{{stripHTML \"Shows \u003cb\u003eonly\u003c/b\u003e text content\"}}\n```\n\n", + "markdownDescription": "templates: `object` \nModule: `http.handlers.templates` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/templates#Templates) \nTemplates is a middleware which executes response bodies as Go templates.\nThe syntax is documented in the Go standard library's\n[text/template package](https://golang.org/pkg/text/template/).\n\n⚠️ Template functions/actions are still experimental, so they are subject to change.\n\nCustom template functions can be registered by creating a plugin module under the `http.handlers.templates.functions.*` namespace that implements the `CustomFunctions` interface.\n\n[All Sprig functions](https://masterminds.github.io/sprig/) are supported.\n\nIn addition to the standard functions and the Sprig library, Caddy adds\nextra functions and data that are available to a template:\n\n##### `.Args`\n\nA slice of arguments passed to this page/context, for example as the result of a `include`.\n\n```\n{{index .Args 0}} // first argument\n```\n\n##### `.Cookie`\n\nGets the value of a cookie by name.\n\n```\n{{.Cookie \"cookiename\"}}\n```\n\n##### `env`\n\nGets an environment variable.\n\n```\n{{env \"VAR_NAME\"}}\n```\n\n##### `placeholder`\n\nGets an [placeholder variable](/docs/conventions#placeholders).\nThe braces (`{}`) have to be omitted.\n\n```\n{{placeholder \"http.request.uri.path\"}}\n{{placeholder \"http.error.status_code\"}}\n```\n\n##### `.Host`\n\nReturns the hostname portion (no port) of the Host header of the HTTP request.\n\n```\n{{.Host}}\n```\n\n##### `httpInclude`\n\nIncludes the contents of another file by making a virtual HTTP request (also known as a sub-request). The URI path must exist on the same virtual server because the request does not use sockets; instead, the request is crafted in memory and the handler is invoked directly for increased efficiency.\n\n```\n{{httpInclude \"/foo/bar?q=val\"}}\n```\n\n##### `import`\n\nImports the contents of another file and adds any template definitions to the template stack. If there are no defitions, the filepath will be the defition name. Any {{ define }} blocks will be accessible by {{ template }} or {{ block }}. Imports must happen before the template or block action is called\n\n**filename.html**\n```\n{{ define \"main\" }}\ncontent\n{{ end }}\n```\n\n**index.html**\n```\n{{ import \"/path/to/file.html\" }}\n{{ template \"main\" }}\n```\n\n##### `include`\n\nIncludes the contents of another file and renders in-place. Optionally can pass key-value pairs as arguments to be accessed by the included file.\n\n```\n{{include \"path/to/file.html\"}} // no arguments\n{{include \"path/to/file.html\" \"arg1\" 2 \"value 3\"}} // with arguments\n```\n\n##### `listFiles`\n\nReturns a list of the files in the given directory, which is relative to the template context's file root.\n\n```\n{{listFiles \"/mydir\"}}\n```\n\n##### `markdown`\n\nRenders the given Markdown text as HTML. This uses the\n[Goldmark](https://github.com/yuin/goldmark) library,\nwhich is CommonMark compliant. It also has these plugins\nenabled: Github Flavored Markdown, Footnote and syntax\nhighlighting provided by [Chroma](https://github.com/alecthomas/chroma).\n\n```\n{{markdown \"My _markdown_ text\"}}\n```\n\n##### `.RemoteIP`\n\nReturns the client's IP address.\n\n```\n{{.RemoteIP}}\n```\n\n##### `.Req`\n\nAccesses the current HTTP request, which has various fields, including:\n\n - `.Method` - the method\n - `.URL` - the URL, which in turn has component fields (Scheme, Host, Path, etc.)\n - `.Header` - the header fields\n - `.Host` - the Host or :authority header of the request\n\n```\n{{.Req.Header.Get \"User-Agent\"}}\n```\n\n##### `.OriginalReq`\n\nLike .Req, except it accesses the original HTTP request before rewrites or other internal modifications.\n\n##### `.RespHeader.Add`\n\nAdds a header field to the HTTP response.\n\n```\n{{.RespHeader.Add \"Field-Name\" \"val\"}}\n```\n\n##### `.RespHeader.Del`\n\nDeletes a header field on the HTTP response.\n\n```\n{{.RespHeader.Del \"Field-Name\"}}\n```\n\n##### `.RespHeader.Set`\n\nSets a header field on the HTTP response, replacing any existing value.\n\n```\n{{.RespHeader.Set \"Field-Name\" \"val\"}}\n```\n\n##### `splitFrontMatter`\n\nSplits front matter out from the body. Front matter is metadata that appears at the very beginning of a file or string. Front matter can be in YAML, TOML, or JSON formats:\n\n**TOML** front matter starts and ends with `+++`:\n\n```\n+++\ntemplate = \"blog\"\ntitle = \"Blog Homepage\"\nsitename = \"A Caddy site\"\n+++\n```\n\n**YAML** is surrounded by `---`:\n\n```\n---\ntemplate: blog\ntitle: Blog Homepage\nsitename: A Caddy site\n---\n```\n\n**JSON** is simply `{` and `}`:\n\n```\n{\n\t\"template\": \"blog\",\n\t\"title\": \"Blog Homepage\",\n\t\"sitename\": \"A Caddy site\"\n}\n```\n\nThe resulting front matter will be made available like so:\n\n- `.Meta` to access the metadata fields, for example: `{{$parsed.Meta.title}}`\n- `.Body` to access the body after the front matter, for example: `{{markdown $parsed.Body}}`\n\n##### `stripHTML`\n\nRemoves HTML from a string.\n\n```\n{{stripHTML \"Shows \u003cb\u003eonly\u003c/b\u003e text content\"}}\n```\n \n", + "type": "object", + "properties": { + "delimiters": { + "description": "delimiters: array\nModule: http.handlers.templates\nThe template action delimiters. If set, must be precisely two elements:\nthe opening and closing delimiters. Default: `[\"{{\", \"}}\"]`\n", + "markdownDescription": "delimiters: `array` \nModule: `http.handlers.templates` \nThe template action delimiters. If set, must be precisely two elements:\nthe opening and closing delimiters. Default: `[\"{{\", \"}}\"]` \n", + "type": "array", + "items": { + "description": "The template action delimiters. If set, must be precisely two elements:\nthe opening and closing delimiters. Default: `[\"{{\", \"}}\"]`\n", + "markdownDescription": "The template action delimiters. If set, must be precisely two elements:\nthe opening and closing delimiters. Default: `[\"{{\", \"}}\"]` \n", + "type": "string" + } + }, + "file_root": { + "description": "file_root: string\nModule: http.handlers.templates\nThe root path from which to load files. Required if template functions\naccessing the file system are used (such as include). Default is\n`{http.vars.root}` if set, or current working directory otherwise.\n", + "markdownDescription": "file_root: `string` \nModule: `http.handlers.templates` \nThe root path from which to load files. Required if template functions\naccessing the file system are used (such as include). Default is\n`{http.vars.root}` if set, or current working directory otherwise. \n", + "type": "string" + }, + "mime_types": { + "description": "mime_types: array\nModule: http.handlers.templates\nThe MIME types for which to render templates. It is important to use\nthis if the route matchers do not exclude images or other binary files.\nDefault is text/plain, text/markdown, and text/html.\n", + "markdownDescription": "mime_types: `array` \nModule: `http.handlers.templates` \nThe MIME types for which to render templates. It is important to use\nthis if the route matchers do not exclude images or other binary files.\nDefault is text/plain, text/markdown, and text/html. \n", + "type": "array", + "items": { + "description": "The MIME types for which to render templates. It is important to use\nthis if the route matchers do not exclude images or other binary files.\nDefault is text/plain, text/markdown, and text/html.\n", + "markdownDescription": "The MIME types for which to render templates. It is important to use\nthis if the route matchers do not exclude images or other binary files.\nDefault is text/plain, text/markdown, and text/html. \n", + "type": "string" + } + } + } + }, + "http.handlers.tracing": { + "description": "tracing: object\nModule: http.handlers.tracing\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/tracing#Tracing\nTracing implements an HTTP handler that adds support for distributed tracing,\nusing OpenTelemetry. This module is responsible for the injection and\npropagation of the trace context. Configure this module via environment\nvariables (see https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/sdk-environment-variables.md).\nSome values can be overwritten in the configuration file.\n\n", + "markdownDescription": "tracing: `object` \nModule: `http.handlers.tracing` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/tracing#Tracing) \nTracing implements an HTTP handler that adds support for distributed tracing,\nusing OpenTelemetry. This module is responsible for the injection and\npropagation of the trace context. Configure this module via environment\nvariables (see https://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/sdk-environment-variables.md).\nSome values can be overwritten in the configuration file.\n \n", + "type": "object", + "properties": { + "span": { + "description": "span: string\nModule: http.handlers.tracing\nSpanName is a span name. It should follow the naming guidelines here:\nhttps://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/api.md#span\n", + "markdownDescription": "span: `string` \nModule: `http.handlers.tracing` \nSpanName is a span name. It should follow the naming guidelines here:\nhttps://github.com/open-telemetry/opentelemetry-specification/blob/main/specification/trace/api.md#span \n", + "type": "string" + } + } + }, + "http.handlers.vars": { + "description": "vars: object\nModule: http.handlers.vars\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#VarsMiddleware\nVarsMiddleware is an HTTP middleware which sets variables to\nhave values that can be used in the HTTP request handler\nchain. The primary way to access variables is with placeholders,\nwhich have the form: `{http.vars.variable_name}`, or with\nthe `vars` and `vars_regexp` request matchers.\n\nThe key is the variable name, and the value is the value of the\nvariable. Both the name and value may use or contain placeholders.\n\n", + "markdownDescription": "vars: `object` \nModule: `http.handlers.vars` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#VarsMiddleware) \nVarsMiddleware is an HTTP middleware which sets variables to\nhave values that can be used in the HTTP request handler\nchain. The primary way to access variables is with placeholders,\nwhich have the form: `{http.vars.variable_name}`, or with\nthe `vars` and `vars_regexp` request matchers.\n\nThe key is the variable name, and the value is the value of the\nvariable. Both the name and value may use or contain placeholders.\n \n", + "type": "object", + "additionalProperties": {} + }, + "http.matchers.expression": { + "description": "expression: string\nModule: http.matchers.expression\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchExpression\nMatchExpression matches requests by evaluating a\n[CEL](https://github.com/google/cel-spec) expression.\nThis enables complex logic to be expressed using a comfortable,\nfamiliar syntax. Please refer to\n[the standard definitions of CEL functions and operators](https://github.com/google/cel-spec/blob/master/doc/langdef.md#standard-definitions).\n\nThis matcher's JSON interface is actually a string, not a struct.\nThe generated docs are not correct because this type has custom\nmarshaling logic.\n\nCOMPATIBILITY NOTE: This module is still experimental and is not\nsubject to Caddy's compatibility guarantee.\n\n", + "markdownDescription": "expression: `string` \nModule: `http.matchers.expression` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchExpression) \nMatchExpression matches requests by evaluating a\n[CEL](https://github.com/google/cel-spec) expression.\nThis enables complex logic to be expressed using a comfortable,\nfamiliar syntax. Please refer to\n[the standard definitions of CEL functions and operators](https://github.com/google/cel-spec/blob/master/doc/langdef.md#standard-definitions).\n\nThis matcher's JSON interface is actually a string, not a struct.\nThe generated docs are not correct because this type has custom\nmarshaling logic.\n\nCOMPATIBILITY NOTE: This module is still experimental and is not\nsubject to Caddy's compatibility guarantee.\n \n", + "type": "string" + }, + "http.matchers.file": { + "description": "file: object\nModule: http.matchers.file\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver#MatchFile\nMatchFile is an HTTP request matcher that can match\nrequests based upon file existence.\n\nUpon matching, three new placeholders will be made\navailable:\n\n- `{http.matchers.file.relative}` The root-relative\npath of the file. This is often useful when rewriting\nrequests.\n- `{http.matchers.file.absolute}` The absolute path\nof the matched file.\n- `{http.matchers.file.type}` Set to \"directory\" if\nthe matched file is a directory, \"file\" otherwise.\n- `{http.matchers.file.remainder}` Set to the remainder\nof the path if the path was split by `split_path`.\n\n", + "markdownDescription": "file: `object` \nModule: `http.matchers.file` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver#MatchFile) \nMatchFile is an HTTP request matcher that can match\nrequests based upon file existence.\n\nUpon matching, three new placeholders will be made\navailable:\n\n- `{http.matchers.file.relative}` The root-relative\npath of the file. This is often useful when rewriting\nrequests.\n- `{http.matchers.file.absolute}` The absolute path\nof the matched file.\n- `{http.matchers.file.type}` Set to \"directory\" if\nthe matched file is a directory, \"file\" otherwise.\n- `{http.matchers.file.remainder}` Set to the remainder\nof the path if the path was split by `split_path`.\n \n", + "type": "object", + "properties": { + "root": { + "description": "root: string\nModule: http.matchers.file\nThe root directory, used for creating absolute\nfile paths, and required when working with\nrelative paths; if not specified, `{http.vars.root}`\nwill be used, if set; otherwise, the current\ndirectory is assumed. Accepts placeholders.\n", + "markdownDescription": "root: `string` \nModule: `http.matchers.file` \nThe root directory, used for creating absolute\nfile paths, and required when working with\nrelative paths; if not specified, `{http.vars.root}`\nwill be used, if set; otherwise, the current\ndirectory is assumed. Accepts placeholders. \n", + "type": "string" + }, + "split_path": { + "description": "split_path: array\nModule: http.matchers.file\nA list of delimiters to use to split the path in two\nwhen trying files. If empty, no splitting will\noccur, and the path will be tried as-is. For each\nsplit value, the left-hand side of the split,\nincluding the split value, will be the path tried.\nFor example, the path `/remote.php/dav/` using the\nsplit value `.php` would try the file `/remote.php`.\nEach delimiter must appear at the end of a URI path\ncomponent in order to be used as a split delimiter.\n", + "markdownDescription": "split_path: `array` \nModule: `http.matchers.file` \nA list of delimiters to use to split the path in two\nwhen trying files. If empty, no splitting will\noccur, and the path will be tried as-is. For each\nsplit value, the left-hand side of the split,\nincluding the split value, will be the path tried.\nFor example, the path `/remote.php/dav/` using the\nsplit value `.php` would try the file `/remote.php`.\nEach delimiter must appear at the end of a URI path\ncomponent in order to be used as a split delimiter. \n", + "type": "array", + "items": { + "description": "A list of delimiters to use to split the path in two\nwhen trying files. If empty, no splitting will\noccur, and the path will be tried as-is. For each\nsplit value, the left-hand side of the split,\nincluding the split value, will be the path tried.\nFor example, the path `/remote.php/dav/` using the\nsplit value `.php` would try the file `/remote.php`.\nEach delimiter must appear at the end of a URI path\ncomponent in order to be used as a split delimiter.\n", + "markdownDescription": "A list of delimiters to use to split the path in two\nwhen trying files. If empty, no splitting will\noccur, and the path will be tried as-is. For each\nsplit value, the left-hand side of the split,\nincluding the split value, will be the path tried.\nFor example, the path `/remote.php/dav/` using the\nsplit value `.php` would try the file `/remote.php`.\nEach delimiter must appear at the end of a URI path\ncomponent in order to be used as a split delimiter. \n", + "type": "string" + } + }, + "try_files": { + "description": "try_files: array\nModule: http.matchers.file\nThe list of files to try. Each path here is\nconsidered related to Root. If nil, the request\nURL's path will be assumed. Files and\ndirectories are treated distinctly, so to match\na directory, the filepath MUST end in a forward\nslash `/`. To match a regular file, there must\nbe no trailing slash. Accepts placeholders. If\nthe policy is \"first_exist\", then an error may\nbe triggered as a fallback by configuring \"=\"\nfollowed by a status code number,\nfor example \"=404\".\n", + "markdownDescription": "try_files: `array` \nModule: `http.matchers.file` \nThe list of files to try. Each path here is\nconsidered related to Root. If nil, the request\nURL's path will be assumed. Files and\ndirectories are treated distinctly, so to match\na directory, the filepath MUST end in a forward\nslash `/`. To match a regular file, there must\nbe no trailing slash. Accepts placeholders. If\nthe policy is \"first_exist\", then an error may\nbe triggered as a fallback by configuring \"=\"\nfollowed by a status code number,\nfor example \"=404\". \n", + "type": "array", + "items": { + "description": "The list of files to try. Each path here is\nconsidered related to Root. If nil, the request\nURL's path will be assumed. Files and\ndirectories are treated distinctly, so to match\na directory, the filepath MUST end in a forward\nslash `/`. To match a regular file, there must\nbe no trailing slash. Accepts placeholders. If\nthe policy is \"first_exist\", then an error may\nbe triggered as a fallback by configuring \"=\"\nfollowed by a status code number,\nfor example \"=404\".\n", + "markdownDescription": "The list of files to try. Each path here is\nconsidered related to Root. If nil, the request\nURL's path will be assumed. Files and\ndirectories are treated distinctly, so to match\na directory, the filepath MUST end in a forward\nslash `/`. To match a regular file, there must\nbe no trailing slash. Accepts placeholders. If\nthe policy is \"first_exist\", then an error may\nbe triggered as a fallback by configuring \"=\"\nfollowed by a status code number,\nfor example \"=404\". \n", + "type": "string" + } + }, + "try_policy": { + "description": "try_policy: string\nModule: http.matchers.file\nHow to choose a file in TryFiles. Can be:\n\n- first_exist\n- smallest_size\n- largest_size\n- most_recently_modified\n\nDefault is first_exist.\n", + "markdownDescription": "try_policy: `string` \nModule: `http.matchers.file` \nHow to choose a file in TryFiles. Can be:\n\n- first_exist\n- smallest_size\n- largest_size\n- most_recently_modified\n\nDefault is first_exist. \n", + "type": "string" + } + } + }, + "http.matchers.header": { + "description": "header: object\nModule: http.matchers.header\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchHeader\nMatchHeader matches requests by header fields. The key is the field\nname and the array is the list of field values. It performs fast,\nexact string comparisons of the field values. Fast prefix, suffix,\nand substring matches can also be done by suffixing, prefixing, or\nsurrounding the value with the wildcard `*` character, respectively.\nIf a list is null, the header must not exist. If the list is empty,\nthe field must simply exist, regardless of its value.\n\n", + "markdownDescription": "header: `object` \nModule: `http.matchers.header` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchHeader) \nMatchHeader matches requests by header fields. The key is the field\nname and the array is the list of field values. It performs fast,\nexact string comparisons of the field values. Fast prefix, suffix,\nand substring matches can also be done by suffixing, prefixing, or\nsurrounding the value with the wildcard `*` character, respectively.\nIf a list is null, the header must not exist. If the list is empty,\nthe field must simply exist, regardless of its value.\n \n", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "http.matchers.header_regexp": { + "description": "header_regexp: object\nModule: http.matchers.header_regexp\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchRegexp\nMatchRegexp is an embedable type for matching\nusing regular expressions. It adds placeholders\nto the request's replacer.\n\n", + "markdownDescription": "header_regexp: `object` \nModule: `http.matchers.header_regexp` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchRegexp) \nMatchRegexp is an embedable type for matching\nusing regular expressions. It adds placeholders\nto the request's replacer.\n \n", + "type": "object", + "additionalProperties": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchRegexp\nMatchRegexp is an embedable type for matching\nusing regular expressions. It adds placeholders\nto the request's replacer.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchRegexp) \nMatchRegexp is an embedable type for matching\nusing regular expressions. It adds placeholders\nto the request's replacer.\n \n", + "properties": { + "name": { + "description": "name: string\nModule: http.matchers.header_regexp\nA unique name for this regular expression. Optional,\nbut useful to prevent overwriting captures from other\nregexp matchers.\n", + "markdownDescription": "name: `string` \nModule: `http.matchers.header_regexp` \nA unique name for this regular expression. Optional,\nbut useful to prevent overwriting captures from other\nregexp matchers. \n", + "type": "string" + }, + "pattern": { + "description": "pattern: string\nModule: http.matchers.header_regexp\nThe regular expression to evaluate, in RE2 syntax,\nwhich is the same general syntax used by Go, Perl,\nand Python. For details, see\n[Go's regexp package](https://golang.org/pkg/regexp/).\nCaptures are accessible via placeholders. Unnamed\ncapture groups are exposed as their numeric, 1-based\nindex, while named capture groups are available by\nthe capture group name.\n", + "markdownDescription": "pattern: `string` \nModule: `http.matchers.header_regexp` \nThe regular expression to evaluate, in RE2 syntax,\nwhich is the same general syntax used by Go, Perl,\nand Python. For details, see\n[Go's regexp package](https://golang.org/pkg/regexp/).\nCaptures are accessible via placeholders. Unnamed\ncapture groups are exposed as their numeric, 1-based\nindex, while named capture groups are available by\nthe capture group name. \n", + "type": "string" + } + } + } + }, + "http.matchers.host": { + "description": "host: array\nModule: http.matchers.host\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchHost\nMatchHost matches requests by the Host value (case-insensitive).\n\nWhen used in a top-level HTTP route,\n[qualifying domain names](/docs/automatic-https#hostname-requirements)\nmay trigger [automatic HTTPS](/docs/automatic-https), which automatically\nprovisions and renews certificates for you. Before doing this, you\nshould ensure that DNS records for these domains are properly configured,\nespecially A/AAAA pointed at your server.\n\nAutomatic HTTPS can be\n[customized or disabled](/docs/modules/http#servers/automatic_https).\n\nWildcards (`*`) may be used to represent exactly one label of the\nhostname, in accordance with RFC 1034 (because host matchers are also\nused for automatic HTTPS which influences TLS certificates). Thus,\na host of `*` matches hosts like `localhost` or `internal` but not\n`example.com`. To catch all hosts, omit the host matcher entirely.\n\nThe wildcard can be useful for matching all subdomains, for example:\n`*.example.com` matches `foo.example.com` but not `foo.bar.example.com`.\n\nDuplicate entries will return an error.\n\n", + "markdownDescription": "host: `array` \nModule: `http.matchers.host` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchHost) \nMatchHost matches requests by the Host value (case-insensitive).\n\nWhen used in a top-level HTTP route,\n[qualifying domain names](/docs/automatic-https#hostname-requirements)\nmay trigger [automatic HTTPS](/docs/automatic-https), which automatically\nprovisions and renews certificates for you. Before doing this, you\nshould ensure that DNS records for these domains are properly configured,\nespecially A/AAAA pointed at your server.\n\nAutomatic HTTPS can be\n[customized or disabled](/docs/modules/http#servers/automatic_https).\n\nWildcards (`*`) may be used to represent exactly one label of the\nhostname, in accordance with RFC 1034 (because host matchers are also\nused for automatic HTTPS which influences TLS certificates). Thus,\na host of `*` matches hosts like `localhost` or `internal` but not\n`example.com`. To catch all hosts, omit the host matcher entirely.\n\nThe wildcard can be useful for matching all subdomains, for example:\n`*.example.com` matches `foo.example.com` but not `foo.bar.example.com`.\n\nDuplicate entries will return an error.\n \n", + "type": "array", + "items": { + "type": "string" + } + }, + "http.matchers.method": { + "description": "method: array\nModule: http.matchers.method\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchMethod\nMatchMethod matches requests by the method.\n\n", + "markdownDescription": "method: `array` \nModule: `http.matchers.method` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchMethod) \nMatchMethod matches requests by the method.\n \n", + "type": "array", + "items": { + "type": "string" + } + }, + "http.matchers.not": { + "description": "not: array\nModule: http.matchers.not\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchNot\nMatchNot matches requests by negating the results of its matcher\nsets. A single \"not\" matcher takes one or more matcher sets. Each\nmatcher set is OR'ed; in other words, if any matcher set returns\ntrue, the final result of the \"not\" matcher is false. Individual\nmatchers within a set work the same (i.e. different matchers in\nthe same set are AND'ed).\n\nNOTE: The generated docs which describe the structure of this\nmodule are wrong because of how this type unmarshals JSON in a\ncustom way. The correct structure is:\n\n```json\n[\n\t{},\n\t{}\n]\n```\n\nwhere each of the array elements is a matcher set, i.e. an\nobject keyed by matcher name.\n\n", + "markdownDescription": "not: `array` \nModule: `http.matchers.not` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchNot) \nMatchNot matches requests by negating the results of its matcher\nsets. A single \"not\" matcher takes one or more matcher sets. Each\nmatcher set is OR'ed; in other words, if any matcher set returns\ntrue, the final result of the \"not\" matcher is false. Individual\nmatchers within a set work the same (i.e. different matchers in\nthe same set are AND'ed).\n\nNOTE: The generated docs which describe the structure of this\nmodule are wrong because of how this type unmarshals JSON in a\ncustom way. The correct structure is:\n\n```json\n[\n\t{},\n\t{}\n]\n```\n\nwhere each of the array elements is a matcher set, i.e. an\nobject keyed by matcher name.\n \n", + "type": "array", + "items": { + "properties": { + "expression": { + "$ref": "#/definitions/http.matchers.expression" + }, + "file": { + "$ref": "#/definitions/http.matchers.file" + }, + "header": { + "$ref": "#/definitions/http.matchers.header" + }, + "header_regexp": { + "$ref": "#/definitions/http.matchers.header_regexp" + }, + "host": { + "$ref": "#/definitions/http.matchers.host" + }, + "method": { + "$ref": "#/definitions/http.matchers.method" + }, + "not": { + "$ref": "#/definitions/http.matchers.not" + }, + "path": { + "$ref": "#/definitions/http.matchers.path" + }, + "path_regexp": { + "$ref": "#/definitions/http.matchers.path_regexp" + }, + "protocol": { + "$ref": "#/definitions/http.matchers.protocol" + }, + "query": { + "$ref": "#/definitions/http.matchers.query" + }, + "remote_ip": { + "$ref": "#/definitions/http.matchers.remote_ip" + }, + "vars": { + "$ref": "#/definitions/http.matchers.vars" + }, + "vars_regexp": { + "$ref": "#/definitions/http.matchers.vars_regexp" + } + } + } + }, + "http.matchers.path": { + "description": "path: array\nModule: http.matchers.path\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchPath\nMatchPath matches requests by the URI's path (case-insensitive). Path\nmatches are exact, but wildcards may be used:\n\n- At the end, for a prefix match (`/prefix/*`)\n- At the beginning, for a suffix match (`*.suffix`)\n- On both sides, for a substring match (`*/contains/*`)\n- In the middle, for a globular match (`/accounts/*/info`)\n\nThis matcher is fast, so it does not support regular expressions or\ncapture groups. For slower but more powerful matching, use the\npath_regexp matcher.\n\n", + "markdownDescription": "path: `array` \nModule: `http.matchers.path` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchPath) \nMatchPath matches requests by the URI's path (case-insensitive). Path\nmatches are exact, but wildcards may be used:\n\n- At the end, for a prefix match (`/prefix/*`)\n- At the beginning, for a suffix match (`*.suffix`)\n- On both sides, for a substring match (`*/contains/*`)\n- In the middle, for a globular match (`/accounts/*/info`)\n\nThis matcher is fast, so it does not support regular expressions or\ncapture groups. For slower but more powerful matching, use the\npath_regexp matcher.\n \n", + "type": "array", + "items": { + "type": "string" + } + }, + "http.matchers.path_regexp": { + "description": "path_regexp: object\nModule: http.matchers.path_regexp\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchPathRE\nMatchPathRE matches requests by a regular expression on the URI's path.\n\nUpon a match, it adds placeholders to the request: `{http.regexp.name.capture_group}`\nwhere `name` is the regular expression's name, and `capture_group` is either\nthe named or positional capture group from the expression itself. If no name\nis given, then the placeholder omits the name: `{http.regexp.capture_group}`\n(potentially leading to collisions).\n\n", + "markdownDescription": "path_regexp: `object` \nModule: `http.matchers.path_regexp` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchPathRE) \nMatchPathRE matches requests by a regular expression on the URI's path.\n\nUpon a match, it adds placeholders to the request: `{http.regexp.name.capture_group}`\nwhere `name` is the regular expression's name, and `capture_group` is either\nthe named or positional capture group from the expression itself. If no name\nis given, then the placeholder omits the name: `{http.regexp.capture_group}`\n(potentially leading to collisions).\n \n", + "type": "object", + "properties": { + "name": { + "description": "name: string\nModule: http.matchers.path_regexp\nA unique name for this regular expression. Optional,\nbut useful to prevent overwriting captures from other\nregexp matchers.\n", + "markdownDescription": "name: `string` \nModule: `http.matchers.path_regexp` \nA unique name for this regular expression. Optional,\nbut useful to prevent overwriting captures from other\nregexp matchers. \n", + "type": "string" + }, + "pattern": { + "description": "pattern: string\nModule: http.matchers.path_regexp\nThe regular expression to evaluate, in RE2 syntax,\nwhich is the same general syntax used by Go, Perl,\nand Python. For details, see\n[Go's regexp package](https://golang.org/pkg/regexp/).\nCaptures are accessible via placeholders. Unnamed\ncapture groups are exposed as their numeric, 1-based\nindex, while named capture groups are available by\nthe capture group name.\n", + "markdownDescription": "pattern: `string` \nModule: `http.matchers.path_regexp` \nThe regular expression to evaluate, in RE2 syntax,\nwhich is the same general syntax used by Go, Perl,\nand Python. For details, see\n[Go's regexp package](https://golang.org/pkg/regexp/).\nCaptures are accessible via placeholders. Unnamed\ncapture groups are exposed as their numeric, 1-based\nindex, while named capture groups are available by\nthe capture group name. \n", + "type": "string" + } + } + }, + "http.matchers.protocol": { + "description": "protocol: string\nModule: http.matchers.protocol\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchProtocol\nMatchProtocol matches requests by protocol. Recognized values are\n\"http\", \"https\", and \"grpc\".\n\n", + "markdownDescription": "protocol: `string` \nModule: `http.matchers.protocol` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchProtocol) \nMatchProtocol matches requests by protocol. Recognized values are\n\"http\", \"https\", and \"grpc\".\n \n", + "type": "string" + }, + "http.matchers.query": { + "description": "query: object\nModule: http.matchers.query\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchQuery\nMatchQuery matches requests by the URI's query string. It takes a JSON object\nkeyed by the query keys, with an array of string values to match for that key.\nQuery key matches are exact, but wildcards may be used for value matches. Both\nkeys and values may be placeholders.\nAn example of the structure to match `?key=value\u0026topic=api\u0026query=something` is:\n\n```json\n{\n\t\"key\": [\"value\"],\n\t\"topic\": [\"api\"],\n\t\"query\": [\"*\"]\n}\n```\n\n", + "markdownDescription": "query: `object` \nModule: `http.matchers.query` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchQuery) \nMatchQuery matches requests by the URI's query string. It takes a JSON object\nkeyed by the query keys, with an array of string values to match for that key.\nQuery key matches are exact, but wildcards may be used for value matches. Both\nkeys and values may be placeholders.\nAn example of the structure to match `?key=value\u0026topic=api\u0026query=something` is:\n\n```json\n{\n\t\"key\": [\"value\"],\n\t\"topic\": [\"api\"],\n\t\"query\": [\"*\"]\n}\n```\n \n", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "http.matchers.remote_ip": { + "description": "remote_ip: object\nModule: http.matchers.remote_ip\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchRemoteIP\nMatchRemoteIP matches requests by client IP (or CIDR range).\n\n", + "markdownDescription": "remote_ip: `object` \nModule: `http.matchers.remote_ip` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchRemoteIP) \nMatchRemoteIP matches requests by client IP (or CIDR range).\n \n", + "type": "object", + "properties": { + "forwarded": { + "description": "forwarded: boolean\nModule: http.matchers.remote_ip\nIf true, prefer the first IP in the request's X-Forwarded-For\nheader, if present, rather than the immediate peer's IP, as\nthe reference IP against which to match. Note that it is easy\nto spoof request headers. Default: false\n", + "markdownDescription": "forwarded: `boolean` \nModule: `http.matchers.remote_ip` \nIf true, prefer the first IP in the request's X-Forwarded-For\nheader, if present, rather than the immediate peer's IP, as\nthe reference IP against which to match. Note that it is easy\nto spoof request headers. Default: false \n", + "type": "boolean" + }, + "ranges": { + "description": "ranges: array\nModule: http.matchers.remote_ip\nThe IPs or CIDR ranges to match.\n", + "markdownDescription": "ranges: `array` \nModule: `http.matchers.remote_ip` \nThe IPs or CIDR ranges to match. \n", + "type": "array", + "items": { + "description": "The IPs or CIDR ranges to match.\n", + "markdownDescription": "The IPs or CIDR ranges to match. \n", + "type": "string" + } + } + } + }, + "http.matchers.vars": { + "description": "vars: object\nModule: http.matchers.vars\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#VarsMatcher\nVarsMatcher is an HTTP request matcher which can match\nrequests based on variables in the context. The key is\nthe name of the variable, and the values are possible\nvalues the variable can be in order to match (OR'ed).\n\nAs a special case, this matcher can also match on\nplaceholders generally. If the key is not an HTTP chain\nvariable, it will be checked to see if it is a\nplaceholder name, and if so, will compare its value.\n\n", + "markdownDescription": "vars: `object` \nModule: `http.matchers.vars` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#VarsMatcher) \nVarsMatcher is an HTTP request matcher which can match\nrequests based on variables in the context. The key is\nthe name of the variable, and the values are possible\nvalues the variable can be in order to match (OR'ed).\n\nAs a special case, this matcher can also match on\nplaceholders generally. If the key is not an HTTP chain\nvariable, it will be checked to see if it is a\nplaceholder name, and if so, will compare its value.\n \n", + "type": "object", + "additionalProperties": { + "type": "array", + "items": { + "type": "string" + } + } + }, + "http.matchers.vars_regexp": { + "description": "vars_regexp: object\nModule: http.matchers.vars_regexp\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchRegexp\nMatchRegexp is an embedable type for matching\nusing regular expressions. It adds placeholders\nto the request's replacer.\n\n", + "markdownDescription": "vars_regexp: `object` \nModule: `http.matchers.vars_regexp` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchRegexp) \nMatchRegexp is an embedable type for matching\nusing regular expressions. It adds placeholders\nto the request's replacer.\n \n", + "type": "object", + "additionalProperties": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchRegexp\nMatchRegexp is an embedable type for matching\nusing regular expressions. It adds placeholders\nto the request's replacer.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchRegexp) \nMatchRegexp is an embedable type for matching\nusing regular expressions. It adds placeholders\nto the request's replacer.\n \n", + "properties": { + "name": { + "description": "name: string\nModule: http.matchers.vars_regexp\nA unique name for this regular expression. Optional,\nbut useful to prevent overwriting captures from other\nregexp matchers.\n", + "markdownDescription": "name: `string` \nModule: `http.matchers.vars_regexp` \nA unique name for this regular expression. Optional,\nbut useful to prevent overwriting captures from other\nregexp matchers. \n", + "type": "string" + }, + "pattern": { + "description": "pattern: string\nModule: http.matchers.vars_regexp\nThe regular expression to evaluate, in RE2 syntax,\nwhich is the same general syntax used by Go, Perl,\nand Python. For details, see\n[Go's regexp package](https://golang.org/pkg/regexp/).\nCaptures are accessible via placeholders. Unnamed\ncapture groups are exposed as their numeric, 1-based\nindex, while named capture groups are available by\nthe capture group name.\n", + "markdownDescription": "pattern: `string` \nModule: `http.matchers.vars_regexp` \nThe regular expression to evaluate, in RE2 syntax,\nwhich is the same general syntax used by Go, Perl,\nand Python. For details, see\n[Go's regexp package](https://golang.org/pkg/regexp/).\nCaptures are accessible via placeholders. Unnamed\ncapture groups are exposed as their numeric, 1-based\nindex, while named capture groups are available by\nthe capture group name. \n", + "type": "string" + } + } + } + }, + "http.precompressed.br": { + "description": "br: object\nModule: http.precompressed.br\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/brotli#BrotliPrecompressed", + "markdownDescription": "br: `object` \nModule: `http.precompressed.br` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/brotli#BrotliPrecompressed)", + "type": "object" + }, + "http.precompressed.gzip": { + "description": "gzip: object\nModule: http.precompressed.gzip\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/gzip#GzipPrecompressed", + "markdownDescription": "gzip: `object` \nModule: `http.precompressed.gzip` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/gzip#GzipPrecompressed)", + "type": "object", + "properties": { + "level": { + "description": "level: number\nModule: http.precompressed.gzip\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/gzip#GzipPrecompressed", + "markdownDescription": "level: `number` \nModule: `http.precompressed.gzip` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/gzip#GzipPrecompressed)", + "type": "number" + } + } + }, + "http.precompressed.zstd": { + "description": "zstd: object\nModule: http.precompressed.zstd\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/zstd#ZstdPrecompressed", + "markdownDescription": "zstd: `object` \nModule: `http.precompressed.zstd` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/encode/zstd#ZstdPrecompressed)", + "type": "object" + }, + "http.reverse_proxy.selection_policies.cookie": { + "description": "cookie: object\nModule: http.reverse_proxy.selection_policies.cookie\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#CookieHashSelection", + "markdownDescription": "cookie: `object` \nModule: `http.reverse_proxy.selection_policies.cookie` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#CookieHashSelection)", + "type": "object", + "properties": { + "name": { + "description": "name: string\nModule: http.reverse_proxy.selection_policies.cookie\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#CookieHashSelection", + "markdownDescription": "name: `string` \nModule: `http.reverse_proxy.selection_policies.cookie` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#CookieHashSelection)", + "type": "string" + }, + "secret": { + "description": "secret: string\nModule: http.reverse_proxy.selection_policies.cookie\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#CookieHashSelection", + "markdownDescription": "secret: `string` \nModule: `http.reverse_proxy.selection_policies.cookie` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#CookieHashSelection)", + "type": "string" + } + } + }, + "http.reverse_proxy.selection_policies.first": { + "description": "first: object\nModule: http.reverse_proxy.selection_policies.first\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#FirstSelection", + "markdownDescription": "first: `object` \nModule: `http.reverse_proxy.selection_policies.first` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#FirstSelection)", + "type": "object" + }, + "http.reverse_proxy.selection_policies.header": { + "description": "header: object\nModule: http.reverse_proxy.selection_policies.header\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HeaderHashSelection", + "markdownDescription": "header: `object` \nModule: `http.reverse_proxy.selection_policies.header` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HeaderHashSelection)", + "type": "object", + "properties": { + "field": { + "description": "field: string\nModule: http.reverse_proxy.selection_policies.header\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HeaderHashSelection", + "markdownDescription": "field: `string` \nModule: `http.reverse_proxy.selection_policies.header` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HeaderHashSelection)", + "type": "string" + } + } + }, + "http.reverse_proxy.selection_policies.ip_hash": { + "description": "ip_hash: object\nModule: http.reverse_proxy.selection_policies.ip_hash\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#IPHashSelection", + "markdownDescription": "ip_hash: `object` \nModule: `http.reverse_proxy.selection_policies.ip_hash` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#IPHashSelection)", + "type": "object" + }, + "http.reverse_proxy.selection_policies.least_conn": { + "description": "least_conn: object\nModule: http.reverse_proxy.selection_policies.least_conn\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#LeastConnSelection", + "markdownDescription": "least_conn: `object` \nModule: `http.reverse_proxy.selection_policies.least_conn` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#LeastConnSelection)", + "type": "object" + }, + "http.reverse_proxy.selection_policies.random": { + "description": "random: object\nModule: http.reverse_proxy.selection_policies.random\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#RandomSelection", + "markdownDescription": "random: `object` \nModule: `http.reverse_proxy.selection_policies.random` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#RandomSelection)", + "type": "object" + }, + "http.reverse_proxy.selection_policies.random_choose": { + "description": "random_choose: object\nModule: http.reverse_proxy.selection_policies.random_choose\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#RandomChoiceSelection", + "markdownDescription": "random_choose: `object` \nModule: `http.reverse_proxy.selection_policies.random_choose` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#RandomChoiceSelection)", + "type": "object", + "properties": { + "choose": { + "description": "choose: number\nModule: http.reverse_proxy.selection_policies.random_choose\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#RandomChoiceSelection", + "markdownDescription": "choose: `number` \nModule: `http.reverse_proxy.selection_policies.random_choose` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#RandomChoiceSelection)", + "type": "number" + } + } + }, + "http.reverse_proxy.selection_policies.round_robin": { + "description": "round_robin: object\nModule: http.reverse_proxy.selection_policies.round_robin\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#RoundRobinSelection", + "markdownDescription": "round_robin: `object` \nModule: `http.reverse_proxy.selection_policies.round_robin` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#RoundRobinSelection)", + "type": "object" + }, + "http.reverse_proxy.selection_policies.uri_hash": { + "description": "uri_hash: object\nModule: http.reverse_proxy.selection_policies.uri_hash\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#URIHashSelection", + "markdownDescription": "uri_hash: `object` \nModule: `http.reverse_proxy.selection_policies.uri_hash` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#URIHashSelection)", + "type": "object" + }, + "http.reverse_proxy.transport.fastcgi": { + "description": "fastcgi: object\nModule: http.reverse_proxy.transport.fastcgi\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport", + "markdownDescription": "fastcgi: `object` \nModule: `http.reverse_proxy.transport.fastcgi` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport)", + "type": "object", + "properties": { + "dial_timeout": { + "description": "dial_timeout: number\nModule: http.reverse_proxy.transport.fastcgi\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport", + "markdownDescription": "dial_timeout: `number` \nModule: `http.reverse_proxy.transport.fastcgi` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport)", + "type": "number" + }, + "env": { + "description": "env: object\nModule: http.reverse_proxy.transport.fastcgi\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport", + "markdownDescription": "env: `object` \nModule: `http.reverse_proxy.transport.fastcgi` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport)", + "type": "object", + "additionalProperties": {} + }, + "read_timeout": { + "description": "read_timeout: number\nModule: http.reverse_proxy.transport.fastcgi\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport", + "markdownDescription": "read_timeout: `number` \nModule: `http.reverse_proxy.transport.fastcgi` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport)", + "type": "number" + }, + "resolve_root_symlink": { + "description": "resolve_root_symlink: boolean\nModule: http.reverse_proxy.transport.fastcgi\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport", + "markdownDescription": "resolve_root_symlink: `boolean` \nModule: `http.reverse_proxy.transport.fastcgi` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport)", + "type": "boolean" + }, + "root": { + "description": "root: string\nModule: http.reverse_proxy.transport.fastcgi\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport", + "markdownDescription": "root: `string` \nModule: `http.reverse_proxy.transport.fastcgi` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport)", + "type": "string" + }, + "split_path": { + "description": "split_path: array\nModule: http.reverse_proxy.transport.fastcgi\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport", + "markdownDescription": "split_path: `array` \nModule: `http.reverse_proxy.transport.fastcgi` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport)", + "type": "array", + "items": { + "type": "string" + } + }, + "write_timeout": { + "description": "write_timeout: number\nModule: http.reverse_proxy.transport.fastcgi\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport", + "markdownDescription": "write_timeout: `number` \nModule: `http.reverse_proxy.transport.fastcgi` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport)", + "type": "number" + } + } + }, + "http.reverse_proxy.transport.http": { + "description": "http: object\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "http: `object` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "object", + "properties": { + "compression": { + "description": "compression: boolean\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "compression: `boolean` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "boolean" + }, + "dial_fallback_delay": { + "description": "dial_fallback_delay: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "dial_fallback_delay: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "number" + }, + "dial_timeout": { + "description": "dial_timeout: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "dial_timeout: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "number" + }, + "expect_continue_timeout": { + "description": "expect_continue_timeout: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "expect_continue_timeout: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "number" + }, + "keep_alive": { + "description": "keep_alive: object\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "keep_alive: `object` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "object", + "properties": { + "enabled": { + "description": "enabled: boolean\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "enabled: `boolean` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "boolean" + }, + "idle_timeout": { + "description": "idle_timeout: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "idle_timeout: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "number" + }, + "max_idle_conns": { + "description": "max_idle_conns: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "max_idle_conns: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "number" + }, + "max_idle_conns_per_host": { + "description": "max_idle_conns_per_host: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "max_idle_conns_per_host: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "number" + }, + "probe_interval": { + "description": "probe_interval: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "probe_interval: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "number" + } + } + }, + "max_conns_per_host": { + "description": "max_conns_per_host: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "max_conns_per_host: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "number" + }, + "max_response_header_size": { + "description": "max_response_header_size: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "max_response_header_size: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "number" + }, + "read_buffer_size": { + "description": "read_buffer_size: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "read_buffer_size: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "number" + }, + "resolver": { + "description": "resolver: object\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "resolver: `object` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "object", + "properties": { + "addresses": { + "description": "addresses: array\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "addresses: `array` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "response_header_timeout": { + "description": "response_header_timeout: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "response_header_timeout: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "number" + }, + "tls": { + "description": "tls: object\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "tls: `object` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "object", + "properties": { + "client_certificate_automate": { + "description": "client_certificate_automate: string\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "client_certificate_automate: `string` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "string" + }, + "client_certificate_file": { + "description": "client_certificate_file: string\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "client_certificate_file: `string` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "string" + }, + "client_certificate_key_file": { + "description": "client_certificate_key_file: string\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "client_certificate_key_file: `string` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "string" + }, + "except_ports": { + "description": "except_ports: array\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "except_ports: `array` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "array", + "items": { + "type": "string" + } + }, + "handshake_timeout": { + "description": "handshake_timeout: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "handshake_timeout: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "number" + }, + "insecure_skip_verify": { + "description": "insecure_skip_verify: boolean\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "insecure_skip_verify: `boolean` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "boolean" + }, + "renegotiation": { + "description": "renegotiation: string\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "renegotiation: `string` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "string" + }, + "root_ca_pem_files": { + "description": "root_ca_pem_files: array\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "root_ca_pem_files: `array` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "array", + "items": { + "type": "string" + } + }, + "root_ca_pool": { + "description": "root_ca_pool: array\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "root_ca_pool: `array` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "array", + "items": { + "type": "string" + } + }, + "server_name": { + "description": "server_name: string\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "server_name: `string` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "string" + } + } + }, + "versions": { + "description": "versions: array\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "versions: `array` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "array", + "items": { + "type": "string" + } + }, + "write_buffer_size": { + "description": "write_buffer_size: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", + "markdownDescription": "write_buffer_size: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", + "type": "number" + } + } + }, + "http.reverse_proxy.upstreams.a": { + "description": "a: object\nModule: http.reverse_proxy.upstreams.a\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams", + "markdownDescription": "a: `object` \nModule: `http.reverse_proxy.upstreams.a` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams)", + "type": "object", + "properties": { + "dial_fallback_delay": { + "description": "dial_fallback_delay: number\nModule: http.reverse_proxy.upstreams.a\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams", + "markdownDescription": "dial_fallback_delay: `number` \nModule: `http.reverse_proxy.upstreams.a` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams)", + "type": "number" + }, + "dial_timeout": { + "description": "dial_timeout: number\nModule: http.reverse_proxy.upstreams.a\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams", + "markdownDescription": "dial_timeout: `number` \nModule: `http.reverse_proxy.upstreams.a` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams)", + "type": "number" + }, + "name": { + "description": "name: string\nModule: http.reverse_proxy.upstreams.a\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams", + "markdownDescription": "name: `string` \nModule: `http.reverse_proxy.upstreams.a` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams)", + "type": "string" + }, + "port": { + "description": "port: string\nModule: http.reverse_proxy.upstreams.a\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams", + "markdownDescription": "port: `string` \nModule: `http.reverse_proxy.upstreams.a` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams)", + "type": "string" + }, + "refresh": { + "description": "refresh: number\nModule: http.reverse_proxy.upstreams.a\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams", + "markdownDescription": "refresh: `number` \nModule: `http.reverse_proxy.upstreams.a` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams)", + "type": "number" + }, + "resolver": { + "description": "resolver: object\nModule: http.reverse_proxy.upstreams.a\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams", + "markdownDescription": "resolver: `object` \nModule: `http.reverse_proxy.upstreams.a` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams)", + "type": "object", + "properties": { + "addresses": { + "description": "addresses: array\nModule: http.reverse_proxy.upstreams.a\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams", + "markdownDescription": "addresses: `array` \nModule: `http.reverse_proxy.upstreams.a` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#AUpstreams)", + "type": "array", + "items": { + "type": "string" + } + } + } + } + } + }, + "http.reverse_proxy.upstreams.srv": { + "description": "srv: object\nModule: http.reverse_proxy.upstreams.srv\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams", + "markdownDescription": "srv: `object` \nModule: `http.reverse_proxy.upstreams.srv` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams)", + "type": "object", + "properties": { + "dial_fallback_delay": { + "description": "dial_fallback_delay: number\nModule: http.reverse_proxy.upstreams.srv\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams", + "markdownDescription": "dial_fallback_delay: `number` \nModule: `http.reverse_proxy.upstreams.srv` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams)", + "type": "number" + }, + "dial_timeout": { + "description": "dial_timeout: number\nModule: http.reverse_proxy.upstreams.srv\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams", + "markdownDescription": "dial_timeout: `number` \nModule: `http.reverse_proxy.upstreams.srv` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams)", + "type": "number" + }, + "name": { + "description": "name: string\nModule: http.reverse_proxy.upstreams.srv\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams", + "markdownDescription": "name: `string` \nModule: `http.reverse_proxy.upstreams.srv` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams)", + "type": "string" + }, + "proto": { + "description": "proto: string\nModule: http.reverse_proxy.upstreams.srv\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams", + "markdownDescription": "proto: `string` \nModule: `http.reverse_proxy.upstreams.srv` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams)", + "type": "string" + }, + "refresh": { + "description": "refresh: number\nModule: http.reverse_proxy.upstreams.srv\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams", + "markdownDescription": "refresh: `number` \nModule: `http.reverse_proxy.upstreams.srv` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams)", + "type": "number" + }, + "resolver": { + "description": "resolver: object\nModule: http.reverse_proxy.upstreams.srv\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams", + "markdownDescription": "resolver: `object` \nModule: `http.reverse_proxy.upstreams.srv` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams)", + "type": "object", + "properties": { + "addresses": { + "description": "addresses: array\nModule: http.reverse_proxy.upstreams.srv\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams", + "markdownDescription": "addresses: `array` \nModule: `http.reverse_proxy.upstreams.srv` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams)", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "service": { + "description": "service: string\nModule: http.reverse_proxy.upstreams.srv\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams", + "markdownDescription": "service: `string` \nModule: `http.reverse_proxy.upstreams.srv` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams)", + "type": "string" + } + } + }, + "layer4": { + "description": "layer4: object\nModule: layer4\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/layer4#App\nApp is a Caddy app that operates closest to layer 4 of the OSI model.\n\n", + "markdownDescription": "layer4: `object` \nModule: `layer4` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/layer4#App) \nApp is a Caddy app that operates closest to layer 4 of the OSI model.\n \n", + "type": "object", + "properties": { + "servers": { + "description": "servers: object\nModule: layer4\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/layer4#Server\nServer represents a Caddy layer4 server.\n\n", + "markdownDescription": "servers: `object` \nModule: `layer4` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/layer4#Server) \nServer represents a Caddy layer4 server.\n \n", + "type": "object", + "additionalProperties": { + "description": "https://pkg.go.dev/github.com/mholt/caddy-l4/layer4#Server\nServer represents a Caddy layer4 server.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/layer4#Server) \nServer represents a Caddy layer4 server.\n \n", + "properties": { + "listen": { + "description": "listen: array\nModule: layer4\n", + "markdownDescription": "listen: `array` \nModule: `layer4` \n", + "type": "array", + "items": { + "type": "string" + } + }, + "routes": { + "description": "routes: array\nModule: layer4\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/layer4#Route\nRoute represents a collection of handlers that are gated\nby matching and other kinds of logic.\n\n", + "markdownDescription": "routes: `array` \nModule: `layer4` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/layer4#Route) \nRoute represents a collection of handlers that are gated\nby matching and other kinds of logic.\n \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/mholt/caddy-l4/layer4#Route\nRoute represents a collection of handlers that are gated\nby matching and other kinds of logic.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/layer4#Route) \nRoute represents a collection of handlers that are gated\nby matching and other kinds of logic.\n \n", + "type": "object", + "properties": { + "handle": { + "description": "handle: array\nModule: layer4.handlers\n", + "markdownDescription": "handle: `array` \nModule: `layer4.handlers` \n", + "type": "array", + "items": { + "required": [ + "handler" + ], + "allOf": [ + { + "if": { + "properties": { + "handler": { + "const": "throttle" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.throttle" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "tls" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.tls" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "echo" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.echo" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "proxy" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.proxy" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "proxy_protocol" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.proxy_protocol" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "subroute" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.subroute" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "tee" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.tee" + } + }, + { + "properties": { + "handler": { + "description": "key to identify handle module.\nhandler: string\nModule: layer4.handlers", + "markdownDescription": "key to identify `handle` module. \nhandler: `string` \nModule: `layer4.handlers`", + "type": "string", + "enum": [ + "throttle", + "tls", + "echo", + "proxy", + "proxy_protocol", + "subroute", + "tee" + ] + } + } + } + ] + } + }, + "match": { + "description": "match: array\nModule: layer4.matchers\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n\n", + "markdownDescription": "match: `array` \nModule: `layer4.matchers` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n \n", + "properties": { + "http": { + "$ref": "#/definitions/layer4.matchers.http" + }, + "ip": { + "$ref": "#/definitions/layer4.matchers.ip" + }, + "proxy_protocol": { + "$ref": "#/definitions/layer4.matchers.proxy_protocol" + }, + "ssh": { + "$ref": "#/definitions/layer4.matchers.ssh" + }, + "tls": { + "$ref": "#/definitions/layer4.matchers.tls" + }, + "xmpp": { + "$ref": "#/definitions/layer4.matchers.xmpp" + } + } + } + } + } + } + } + } + } + } + } + }, + "layer4.handlers.echo": { + "description": "echo: object\nModule: layer4.handlers.echo\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4echo#Handler\nHandler is a simple handler that writes what it reads.\n\n", + "markdownDescription": "echo: `object` \nModule: `layer4.handlers.echo` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4echo#Handler) \nHandler is a simple handler that writes what it reads.\n \n", + "type": "object" + }, + "layer4.handlers.proxy": { + "description": "proxy: object\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#Handler\nHandler is a handler that can proxy connections.\n\n", + "markdownDescription": "proxy: `object` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#Handler) \nHandler is a handler that can proxy connections.\n \n", + "type": "object", + "properties": { + "health_checks": { + "description": "health_checks: object\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#HealthChecks\nHealth checks update the status of backends, whether they are\nup or down. Down backends will not be proxied to.\n\n\nHealthChecks configures active and passive health checks.\n", + "markdownDescription": "health_checks: `object` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#HealthChecks) \nHealth checks update the status of backends, whether they are\nup or down. Down backends will not be proxied to.\n\n\nHealthChecks configures active and passive health checks. \n", + "type": "object", + "properties": { + "active": { + "description": "active: object\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#ActiveHealthChecks\nActive health checks run in the background on a timer. To\nminimally enable active health checks, set either path or\nport (or both).\n\n\nActiveHealthChecks holds configuration related to active health\nchecks (that is, health checks which occur independently in a\nbackground goroutine).\n", + "markdownDescription": "active: `object` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#ActiveHealthChecks) \nActive health checks run in the background on a timer. To\nminimally enable active health checks, set either path or\nport (or both).\n\n\nActiveHealthChecks holds configuration related to active health\nchecks (that is, health checks which occur independently in a\nbackground goroutine). \n", + "type": "object", + "properties": { + "interval": { + "description": "interval: number\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow frequently to perform active health checks (default 30s).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "interval: `number` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow frequently to perform active health checks (default 30s).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "port": { + "description": "port: number\nModule: layer4.handlers.proxy\nThe port to use (if different from the upstream's dial\naddress) for health checks.\n", + "markdownDescription": "port: `number` \nModule: `layer4.handlers.proxy` \nThe port to use (if different from the upstream's dial\naddress) for health checks. \n", + "type": "number" + }, + "timeout": { + "description": "timeout: number\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to wait for a connection to be established with\npeer before considering it unhealthy (default 5s).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "timeout: `number` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to wait for a connection to be established with\npeer before considering it unhealthy (default 5s).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + } + } + }, + "passive": { + "description": "passive: object\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#PassiveHealthChecks\nPassive health checks monitor proxied connections for errors or timeouts.\nTo minimally enable passive health checks, specify at least an empty\nconfig object.\n\n\nPassiveHealthChecks holds configuration related to passive\nhealth checks (that is, health checks which occur during\nthe normal flow of connection proxying).\n", + "markdownDescription": "passive: `object` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#PassiveHealthChecks) \nPassive health checks monitor proxied connections for errors or timeouts.\nTo minimally enable passive health checks, specify at least an empty\nconfig object.\n\n\nPassiveHealthChecks holds configuration related to passive\nhealth checks (that is, health checks which occur during\nthe normal flow of connection proxying). \n", + "type": "object", + "properties": { + "fail_duration": { + "description": "fail_duration: number\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to remember a failed connection to a backend. A\nduration \u003e 0 enables passive health checking. Default 0.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "fail_duration: `number` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to remember a failed connection to a backend. A\nduration \u003e 0 enables passive health checking. Default 0.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "max_fails": { + "description": "max_fails: number\nModule: layer4.handlers.proxy\nThe number of failed connections within the FailDuration window to\nconsider a backend as \"down\". Must be \u003e= 1; default is 1. Requires\nthat FailDuration be \u003e 0.\n", + "markdownDescription": "max_fails: `number` \nModule: `layer4.handlers.proxy` \nThe number of failed connections within the FailDuration window to\nconsider a backend as \"down\". Must be \u003e= 1; default is 1. Requires\nthat FailDuration be \u003e 0. \n", + "type": "number" + }, + "unhealthy_connnection_count": { + "description": "unhealthy_connnection_count: number\nModule: layer4.handlers.proxy\nLimits the number of simultaneous connections to a backend by\nmarking the backend as \"down\" if it has this many or more\nconcurrent connections.\n", + "markdownDescription": "unhealthy_connnection_count: `number` \nModule: `layer4.handlers.proxy` \nLimits the number of simultaneous connections to a backend by\nmarking the backend as \"down\" if it has this many or more\nconcurrent connections. \n", + "type": "number" + } + } + } + } + }, + "load_balancing": { + "description": "load_balancing: object\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#LoadBalancing\nLoad balancing distributes load/connections between backends.\n\n\nLoadBalancing has parameters related to load balancing.\n", + "markdownDescription": "load_balancing: `object` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#LoadBalancing) \nLoad balancing distributes load/connections between backends.\n\n\nLoadBalancing has parameters related to load balancing. \n", + "type": "object", + "properties": { + "selection": { + "description": "selection: object\nModule: layer4.proxy.selection_policies\nA selection policy is how to choose an available backend.\nThe default policy is random selection.\n", + "markdownDescription": "selection: `object` \nModule: `layer4.proxy.selection_policies` \nA selection policy is how to choose an available backend.\nThe default policy is random selection. \n", + "type": "object", + "required": [ + "policy" + ], + "allOf": [ + { + "if": { + "properties": { + "policy": { + "const": "random" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.proxy.selection_policies.random" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "random_choose" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.proxy.selection_policies.random_choose" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "round_robin" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.proxy.selection_policies.round_robin" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "first" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.proxy.selection_policies.first" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "ip_hash" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.proxy.selection_policies.ip_hash" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "least_conn" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.proxy.selection_policies.least_conn" + } + }, + { + "properties": { + "policy": { + "description": "key to identify selection module.\npolicy: string\nModule: layer4.proxy.selection_policies", + "markdownDescription": "key to identify `selection` module. \npolicy: `string` \nModule: `layer4.proxy.selection_policies`", + "type": "string", + "enum": [ + "random", + "random_choose", + "round_robin", + "first", + "ip_hash", + "least_conn" + ] + } + } + } + ] + }, + "try_duration": { + "description": "try_duration: number\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to try selecting available backends for each connection\nif the next available host is down. By default, this retry is\ndisabled. Clients will wait for up to this long while the load\nbalancer tries to find an available upstream host.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "try_duration: `number` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to try selecting available backends for each connection\nif the next available host is down. By default, this retry is\ndisabled. Clients will wait for up to this long while the load\nbalancer tries to find an available upstream host.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "try_interval": { + "description": "try_interval: number\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to wait between selecting the next host from the pool. Default\nis 250ms. Only relevant when a connection to an upstream host fails. Be\naware that setting this to 0 with a non-zero try_duration can cause the\nCPU to spin if all backends are down and latency is very low.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "try_interval: `number` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to wait between selecting the next host from the pool. Default\nis 250ms. Only relevant when a connection to an upstream host fails. Be\naware that setting this to 0 with a non-zero try_duration can cause the\nCPU to spin if all backends are down and latency is very low.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + } + } + }, + "proxy_protocol": { + "description": "proxy_protocol: string\nModule: layer4.handlers.proxy\nSpecifies the version of the Proxy Protocol header to add, either \"v1\" or \"v2\".\nRef: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt\n", + "markdownDescription": "proxy_protocol: `string` \nModule: `layer4.handlers.proxy` \nSpecifies the version of the Proxy Protocol header to add, either \"v1\" or \"v2\".\nRef: https://www.haproxy.org/download/1.8/doc/proxy-protocol.txt \n", + "type": "string" + }, + "upstreams": { + "description": "upstreams: array\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#Upstream\nUpstreams is the list of backends to proxy to.\n\n\nUpstream represents a proxy upstream.\n", + "markdownDescription": "upstreams: `array` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#Upstream) \nUpstreams is the list of backends to proxy to.\n\n\nUpstream represents a proxy upstream. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#Upstream\nUpstreams is the list of backends to proxy to.\n\n\nUpstream represents a proxy upstream.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#Upstream) \nUpstreams is the list of backends to proxy to.\n\n\nUpstream represents a proxy upstream. \n", + "type": "object", + "properties": { + "dial": { + "description": "dial: array\nModule: layer4.handlers.proxy\nThe network addresses to dial. Supports placeholders, but not port\nranges currently (each address must be exactly 1 socket).\n", + "markdownDescription": "dial: `array` \nModule: `layer4.handlers.proxy` \nThe network addresses to dial. Supports placeholders, but not port\nranges currently (each address must be exactly 1 socket). \n", + "type": "array", + "items": { + "description": "The network addresses to dial. Supports placeholders, but not port\nranges currently (each address must be exactly 1 socket).\n", + "markdownDescription": "The network addresses to dial. Supports placeholders, but not port\nranges currently (each address must be exactly 1 socket). \n", + "type": "string" + } + }, + "max_connections": { + "description": "max_connections: number\nModule: layer4.handlers.proxy\nHow many connections this upstream is allowed to\nhave before being marked as unhealthy (if \u003e 0).\n", + "markdownDescription": "max_connections: `number` \nModule: `layer4.handlers.proxy` \nHow many connections this upstream is allowed to\nhave before being marked as unhealthy (if \u003e 0). \n", + "type": "number" + }, + "tls": { + "description": "tls: object\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#TLSConfig\nSet this field to enable TLS to the upstream.\n\n\nTLSConfig holds configuration related to the TLS configuration for the\ntransport/client.\n", + "markdownDescription": "tls: `object` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#TLSConfig) \nSet this field to enable TLS to the upstream.\n\n\nTLSConfig holds configuration related to the TLS configuration for the\ntransport/client. \n", + "type": "object", + "properties": { + "client_certificate_automate": { + "description": "client_certificate_automate: string\nModule: layer4.handlers.proxy\nIf specified, Caddy will use and automate a client certificate\nwith this subject name.\n", + "markdownDescription": "client_certificate_automate: `string` \nModule: `layer4.handlers.proxy` \nIf specified, Caddy will use and automate a client certificate\nwith this subject name. \n", + "type": "string" + }, + "client_certificate_file": { + "description": "client_certificate_file: string\nModule: layer4.handlers.proxy\nPEM-encoded client certificate filename to present to servers.\n", + "markdownDescription": "client_certificate_file: `string` \nModule: `layer4.handlers.proxy` \nPEM-encoded client certificate filename to present to servers. \n", + "type": "string" + }, + "client_certificate_key_file": { + "description": "client_certificate_key_file: string\nModule: layer4.handlers.proxy\nPEM-encoded key to use with the client certificate.\n", + "markdownDescription": "client_certificate_key_file: `string` \nModule: `layer4.handlers.proxy` \nPEM-encoded key to use with the client certificate. \n", + "type": "string" + }, + "except_ports": { + "description": "except_ports: array\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#Handler", + "markdownDescription": "except_ports: `array` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#Handler)", + "type": "array", + "items": { + "type": "string" + } + }, + "handshake_timeout": { + "description": "handshake_timeout: number\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nThe duration to allow a TLS handshake to a server. Default: No timeout.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "handshake_timeout: `number` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nThe duration to allow a TLS handshake to a server. Default: No timeout.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "insecure_skip_verify": { + "description": "insecure_skip_verify: boolean\nModule: layer4.handlers.proxy\nIf true, TLS verification of server certificates will be disabled.\nThis is insecure and may be removed in the future. Do not use this\noption except in testing or local development environments.\n", + "markdownDescription": "insecure_skip_verify: `boolean` \nModule: `layer4.handlers.proxy` \nIf true, TLS verification of server certificates will be disabled.\nThis is insecure and may be removed in the future. Do not use this\noption except in testing or local development environments. \n", + "type": "boolean" + }, + "renegotiation": { + "description": "renegotiation: string\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#Handler", + "markdownDescription": "renegotiation: `string` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#Handler)", + "type": "string" + }, + "root_ca_pem_files": { + "description": "root_ca_pem_files: array\nModule: layer4.handlers.proxy\nList of PEM-encoded CA certificate files to add to the same trust\nstore as RootCAPool (or root_ca_pool in the JSON).\n", + "markdownDescription": "root_ca_pem_files: `array` \nModule: `layer4.handlers.proxy` \nList of PEM-encoded CA certificate files to add to the same trust\nstore as RootCAPool (or root_ca_pool in the JSON). \n", + "type": "array", + "items": { + "description": "List of PEM-encoded CA certificate files to add to the same trust\nstore as RootCAPool (or root_ca_pool in the JSON).\n", + "markdownDescription": "List of PEM-encoded CA certificate files to add to the same trust\nstore as RootCAPool (or root_ca_pool in the JSON). \n", + "type": "string" + } + }, + "root_ca_pool": { + "description": "root_ca_pool: array\nModule: layer4.handlers.proxy\nOptional list of base64-encoded DER-encoded CA certificates to trust.\n", + "markdownDescription": "root_ca_pool: `array` \nModule: `layer4.handlers.proxy` \nOptional list of base64-encoded DER-encoded CA certificates to trust. \n", + "type": "array", + "items": { + "description": "Optional list of base64-encoded DER-encoded CA certificates to trust.\n", + "markdownDescription": "Optional list of base64-encoded DER-encoded CA certificates to trust. \n", + "type": "string" + } + }, + "server_name": { + "description": "server_name: string\nModule: layer4.handlers.proxy\nThe server name (SNI) to use in TLS handshakes.\n", + "markdownDescription": "server_name: `string` \nModule: `layer4.handlers.proxy` \nThe server name (SNI) to use in TLS handshakes. \n", + "type": "string" + } + } + } + } + } + } + } + }, + "layer4.handlers.proxy_protocol": { + "description": "proxy_protocol: object\nModule: layer4.handlers.proxy_protocol\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxyprotocol#Handler\nHandler is a connection handler that accepts the PROXY protocol.\n\n", + "markdownDescription": "proxy_protocol: `object` \nModule: `layer4.handlers.proxy_protocol` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxyprotocol#Handler) \nHandler is a connection handler that accepts the PROXY protocol.\n \n", + "type": "object", + "properties": { + "allow": { + "description": "allow: array\nModule: layer4.handlers.proxy_protocol\nAn optional list of CIDR ranges to allow/require PROXY headers from.\n", + "markdownDescription": "allow: `array` \nModule: `layer4.handlers.proxy_protocol` \nAn optional list of CIDR ranges to allow/require PROXY headers from. \n", + "type": "array", + "items": { + "description": "An optional list of CIDR ranges to allow/require PROXY headers from.\n", + "markdownDescription": "An optional list of CIDR ranges to allow/require PROXY headers from. \n", + "type": "string" + } + }, + "timeout": { + "description": "timeout: number\nModule: layer4.handlers.proxy_protocol\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to wait for the PROXY protocol header to be received.\nDefaults to zero, which means timeout is disabled.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "timeout: `number` \nModule: `layer4.handlers.proxy_protocol` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to wait for the PROXY protocol header to be received.\nDefaults to zero, which means timeout is disabled.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + } + } + }, + "layer4.handlers.subroute": { + "description": "subroute: object\nModule: layer4.handlers.subroute\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4subroute#Handler", + "markdownDescription": "subroute: `object` \nModule: `layer4.handlers.subroute` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4subroute#Handler)", + "type": "object", + "properties": { + "routes": { + "description": "routes: array\nModule: layer4.handlers.subroute\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4subroute#Handler", + "markdownDescription": "routes: `array` \nModule: `layer4.handlers.subroute` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4subroute#Handler)", + "type": "array", + "items": { + "type": "object", + "properties": { + "handle": { + "description": "handle: array\nModule: layer4.handlers", + "markdownDescription": "handle: `array` \nModule: `layer4.handlers`", + "type": "array", + "items": { + "required": [ + "handler" + ], + "allOf": [ + { + "if": { + "properties": { + "handler": { + "const": "echo" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.echo" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "proxy" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.proxy" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "proxy_protocol" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.proxy_protocol" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "subroute" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.subroute" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "tee" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.tee" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "throttle" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.throttle" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "tls" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.tls" + } + }, + { + "properties": { + "handler": { + "description": "key to identify handle module.\nhandler: string\nModule: layer4.handlers", + "markdownDescription": "key to identify `handle` module. \nhandler: `string` \nModule: `layer4.handlers`", + "type": "string", + "enum": [ + "echo", + "proxy", + "proxy_protocol", + "subroute", + "tee", + "throttle", + "tls" + ] + } + } + } + ] + } + }, + "match": { + "description": "match: array\nModule: layer4.matchers", + "markdownDescription": "match: `array` \nModule: `layer4.matchers`", + "type": "array", + "items": { + "properties": { + "http": { + "$ref": "#/definitions/layer4.matchers.http" + }, + "ip": { + "$ref": "#/definitions/layer4.matchers.ip" + }, + "proxy_protocol": { + "$ref": "#/definitions/layer4.matchers.proxy_protocol" + }, + "ssh": { + "$ref": "#/definitions/layer4.matchers.ssh" + }, + "tls": { + "$ref": "#/definitions/layer4.matchers.tls" + }, + "xmpp": { + "$ref": "#/definitions/layer4.matchers.xmpp" + } + } + } + } + } + } + } + } + }, + "layer4.handlers.tee": { + "description": "tee: object\nModule: layer4.handlers.tee\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4tee#Handler\nHandler is a layer4 handler that replicates a connection so\nthat a branch of handlers can concurrently handle it. Reads\nhappen in lock-step with all concurrent branches so as to\navoid buffering: if one of the branches (including the main\nhandler chain) stops reading from the connection, it will\nblock all branches.\n\n", + "markdownDescription": "tee: `object` \nModule: `layer4.handlers.tee` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4tee#Handler) \nHandler is a layer4 handler that replicates a connection so\nthat a branch of handlers can concurrently handle it. Reads\nhappen in lock-step with all concurrent branches so as to\navoid buffering: if one of the branches (including the main\nhandler chain) stops reading from the connection, it will\nblock all branches.\n \n", + "type": "object", + "properties": { + "branch": { + "description": "branch: array\nModule: layer4.handlers\nHandlers is the list of handlers that constitute this\nconcurrent branch. Any handlers that do connection\nmatching (which involves recording and rewinding the\nstream) are unsafe to tee, so do all connection\nmatching before teeing.\n", + "markdownDescription": "branch: `array` \nModule: `layer4.handlers` \nHandlers is the list of handlers that constitute this\nconcurrent branch. Any handlers that do connection\nmatching (which involves recording and rewinding the\nstream) are unsafe to tee, so do all connection\nmatching before teeing. \n", + "type": "array", + "items": { + "description": "Handlers is the list of handlers that constitute this\nconcurrent branch. Any handlers that do connection\nmatching (which involves recording and rewinding the\nstream) are unsafe to tee, so do all connection\nmatching before teeing.\n", + "markdownDescription": "Handlers is the list of handlers that constitute this\nconcurrent branch. Any handlers that do connection\nmatching (which involves recording and rewinding the\nstream) are unsafe to tee, so do all connection\nmatching before teeing. \n", + "required": [ + "handler" + ], + "allOf": [ + { + "if": { + "properties": { + "handler": { + "const": "subroute" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.subroute" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "tee" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.tee" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "throttle" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.throttle" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "tls" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.tls" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "echo" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.echo" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "proxy" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.proxy" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "proxy_protocol" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.proxy_protocol" + } + }, + { + "properties": { + "handler": { + "description": "key to identify branch module.\nhandler: string\nModule: layer4.handlers", + "markdownDescription": "key to identify `branch` module. \nhandler: `string` \nModule: `layer4.handlers`", + "type": "string", + "enum": [ + "subroute", + "tee", + "throttle", + "tls", + "echo", + "proxy", + "proxy_protocol" + ] + } + } + } + ] + } + } + } + }, + "layer4.handlers.throttle": { + "description": "throttle: object\nModule: layer4.handlers.throttle\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4throttle#Handler\nHandler throttles connections using leaky bucket rate limiting.\n\n", + "markdownDescription": "throttle: `object` \nModule: `layer4.handlers.throttle` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4throttle#Handler) \nHandler throttles connections using leaky bucket rate limiting.\n \n", + "type": "object", + "properties": { + "latency": { + "description": "latency: number\nModule: layer4.handlers.throttle\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nDelay before initial read on each connection.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "latency: `number` \nModule: `layer4.handlers.throttle` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nDelay before initial read on each connection.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "read_burst_size": { + "description": "read_burst_size: number\nModule: layer4.handlers.throttle\nThe maximum number of bytes to read at once (rate permitting) per connection.\nIf a rate is specified, burst must be greater than zero; default is same as\nthe rate (truncated to integer).\n", + "markdownDescription": "read_burst_size: `number` \nModule: `layer4.handlers.throttle` \nThe maximum number of bytes to read at once (rate permitting) per connection.\nIf a rate is specified, burst must be greater than zero; default is same as\nthe rate (truncated to integer). \n", + "type": "number" + }, + "read_bytes_per_second": { + "description": "read_bytes_per_second: object\nModule: layer4.handlers.throttle\nThe number of bytes to read per second, per connection.\n", + "markdownDescription": "read_bytes_per_second: `object` \nModule: `layer4.handlers.throttle` \nThe number of bytes to read per second, per connection. \n", + "type": "object" + }, + "total_read_burst_size": { + "description": "total_read_burst_size: number\nModule: layer4.handlers.throttle\nThe maximum number of bytes to read at once (rate permitting) across all\nconnections (\"per handler\"). If a rate is specified, burst must be greater\nthan zero; default is same as the rate (truncated to integer).\n", + "markdownDescription": "total_read_burst_size: `number` \nModule: `layer4.handlers.throttle` \nThe maximum number of bytes to read at once (rate permitting) across all\nconnections (\"per handler\"). If a rate is specified, burst must be greater\nthan zero; default is same as the rate (truncated to integer). \n", + "type": "number" + }, + "total_read_bytes_per_second": { + "description": "total_read_bytes_per_second: object\nModule: layer4.handlers.throttle\nThe number of bytes to read per second, across all connections (\"per handler\").\n", + "markdownDescription": "total_read_bytes_per_second: `object` \nModule: `layer4.handlers.throttle` \nThe number of bytes to read per second, across all connections (\"per handler\"). \n", + "type": "object" + } + } + }, + "layer4.handlers.tls": { + "description": "tls: object\nModule: layer4.handlers.tls\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4tls#Handler\nHandler is a connection handler that terminates TLS.\n\n", + "markdownDescription": "tls: `object` \nModule: `layer4.handlers.tls` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4tls#Handler) \nHandler is a connection handler that terminates TLS.\n \n", + "type": "object", + "properties": { + "connection_policies": { + "description": "connection_policies: array\nModule: layer4.handlers.tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ConnectionPolicy\nConnectionPolicy specifies the logic for handling a TLS handshake.\nAn empty policy is valid; safe and sensible defaults will be used.\n\n", + "markdownDescription": "connection_policies: `array` \nModule: `layer4.handlers.tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ConnectionPolicy) \nConnectionPolicy specifies the logic for handling a TLS handshake.\nAn empty policy is valid; safe and sensible defaults will be used.\n \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ConnectionPolicy\nConnectionPolicy specifies the logic for handling a TLS handshake.\nAn empty policy is valid; safe and sensible defaults will be used.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ConnectionPolicy) \nConnectionPolicy specifies the logic for handling a TLS handshake.\nAn empty policy is valid; safe and sensible defaults will be used.\n \n", + "type": "object", + "properties": { + "alpn": { + "description": "alpn: array\nModule: layer4.handlers.tls\nProtocols to use for Application-Layer Protocol\nNegotiation (ALPN) during the handshake.\n", + "markdownDescription": "alpn: `array` \nModule: `layer4.handlers.tls` \nProtocols to use for Application-Layer Protocol\nNegotiation (ALPN) during the handshake. \n", + "type": "array", + "items": { + "description": "Protocols to use for Application-Layer Protocol\nNegotiation (ALPN) during the handshake.\n", + "markdownDescription": "Protocols to use for Application-Layer Protocol\nNegotiation (ALPN) during the handshake. \n", + "type": "string" + } + }, + "certificate_selection": { + "description": "certificate_selection: object\nModule: layer4.handlers.tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CustomCertSelectionPolicy\nHow to choose a certificate if more than one matched\nthe given ServerName (SNI) value.\n\n\nCustomCertSelectionPolicy represents a policy for selecting the certificate\nused to complete a handshake when there may be multiple options. All fields\nspecified must match the candidate certificate for it to be chosen.\nThis was needed to solve https://github.com/caddyserver/caddy/issues/2588.\n", + "markdownDescription": "certificate_selection: `object` \nModule: `layer4.handlers.tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CustomCertSelectionPolicy) \nHow to choose a certificate if more than one matched\nthe given ServerName (SNI) value.\n\n\nCustomCertSelectionPolicy represents a policy for selecting the certificate\nused to complete a handshake when there may be multiple options. All fields\nspecified must match the candidate certificate for it to be chosen.\nThis was needed to solve https://github.com/caddyserver/caddy/issues/2588. \n", + "type": "object", + "properties": { + "all_tags": { + "description": "all_tags: array\nModule: layer4.handlers.tls\nThe certificate must have all of the tags in the list.\n", + "markdownDescription": "all_tags: `array` \nModule: `layer4.handlers.tls` \nThe certificate must have all of the tags in the list. \n", + "type": "array", + "items": { + "description": "The certificate must have all of the tags in the list.\n", + "markdownDescription": "The certificate must have all of the tags in the list. \n", + "type": "string" + } + }, + "any_tag": { + "description": "any_tag: array\nModule: layer4.handlers.tls\nThe certificate must have at least one of the tags in the list.\n", + "markdownDescription": "any_tag: `array` \nModule: `layer4.handlers.tls` \nThe certificate must have at least one of the tags in the list. \n", + "type": "array", + "items": { + "description": "The certificate must have at least one of the tags in the list.\n", + "markdownDescription": "The certificate must have at least one of the tags in the list. \n", + "type": "string" + } + }, + "public_key_algorithm": { + "description": "public_key_algorithm: number\nModule: layer4.handlers.tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#PublicKeyAlgorithm\nThe certificate must use this public key algorithm.\n\n\nPublicKeyAlgorithm is a JSON-unmarshalable wrapper type.\n", + "markdownDescription": "public_key_algorithm: `number` \nModule: `layer4.handlers.tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#PublicKeyAlgorithm) \nThe certificate must use this public key algorithm.\n\n\nPublicKeyAlgorithm is a JSON-unmarshalable wrapper type. \n", + "type": "number" + }, + "serial_number": { + "description": "serial_number: array\nModule: layer4.handlers.tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#bigInt\nThe certificate must have one of these serial numbers.\n\n\nbigInt is a big.Int type that interops with JSON encodings as a string.\n", + "markdownDescription": "serial_number: `array` \nModule: `layer4.handlers.tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#bigInt) \nThe certificate must have one of these serial numbers.\n\n\nbigInt is a big.Int type that interops with JSON encodings as a string. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#bigInt\nThe certificate must have one of these serial numbers.\n\n\nbigInt is a big.Int type that interops with JSON encodings as a string.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#bigInt) \nThe certificate must have one of these serial numbers.\n\n\nbigInt is a big.Int type that interops with JSON encodings as a string. \n", + "type": "object" + } + }, + "subject_organization": { + "description": "subject_organization: array\nModule: layer4.handlers.tls\nThe certificate must have one of these organization names.\n", + "markdownDescription": "subject_organization: `array` \nModule: `layer4.handlers.tls` \nThe certificate must have one of these organization names. \n", + "type": "array", + "items": { + "description": "The certificate must have one of these organization names.\n", + "markdownDescription": "The certificate must have one of these organization names. \n", + "type": "string" + } + } + } + }, + "cipher_suites": { + "description": "cipher_suites: array\nModule: layer4.handlers.tls\nThe list of cipher suites to support. Caddy's\ndefaults are modern and secure.\n", + "markdownDescription": "cipher_suites: `array` \nModule: `layer4.handlers.tls` \nThe list of cipher suites to support. Caddy's\ndefaults are modern and secure. \n", + "type": "array", + "items": { + "description": "The list of cipher suites to support. Caddy's\ndefaults are modern and secure.\n", + "markdownDescription": "The list of cipher suites to support. Caddy's\ndefaults are modern and secure. \n", + "type": "string" + } + }, + "client_authentication": { + "description": "client_authentication: object\nModule: layer4.handlers.tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ClientAuthentication\nEnables and configures TLS client authentication.\n\n\nClientAuthentication configures TLS client auth.\n", + "markdownDescription": "client_authentication: `object` \nModule: `layer4.handlers.tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ClientAuthentication) \nEnables and configures TLS client authentication.\n\n\nClientAuthentication configures TLS client auth. \n", + "type": "object", + "properties": { + "mode": { + "description": "mode: string\nModule: layer4.handlers.tls\nThe mode for authenticating the client. Allowed values are:\n\nMode | Description\n-----|---------------\n`request` | Ask clients for a certificate, but allow even if there isn't one; do not verify it\n`require` | Require clients to present a certificate, but do not verify it\n`verify_if_given` | Ask clients for a certificate; allow even if there isn't one, but verify it if there is\n`require_and_verify` | Require clients to present a valid certificate that is verified\n\nThe default mode is `require_and_verify` if any\nTrustedCACerts or TrustedCACertPEMFiles or TrustedLeafCerts\nare provided; otherwise, the default mode is `require`.\n", + "markdownDescription": "mode: `string` \nModule: `layer4.handlers.tls` \nThe mode for authenticating the client. Allowed values are:\n\nMode | Description\n-----|---------------\n`request` | Ask clients for a certificate, but allow even if there isn't one; do not verify it\n`require` | Require clients to present a certificate, but do not verify it\n`verify_if_given` | Ask clients for a certificate; allow even if there isn't one, but verify it if there is\n`require_and_verify` | Require clients to present a valid certificate that is verified\n\nThe default mode is `require_and_verify` if any\nTrustedCACerts or TrustedCACertPEMFiles or TrustedLeafCerts\nare provided; otherwise, the default mode is `require`. \n", + "type": "string" + }, + "trusted_ca_certs": { + "description": "trusted_ca_certs: array\nModule: layer4.handlers.tls\nA list of base64 DER-encoded CA certificates\nagainst which to validate client certificates.\nClient certs which are not signed by any of\nthese CAs will be rejected.\n", + "markdownDescription": "trusted_ca_certs: `array` \nModule: `layer4.handlers.tls` \nA list of base64 DER-encoded CA certificates\nagainst which to validate client certificates.\nClient certs which are not signed by any of\nthese CAs will be rejected. \n", + "type": "array", + "items": { + "description": "A list of base64 DER-encoded CA certificates\nagainst which to validate client certificates.\nClient certs which are not signed by any of\nthese CAs will be rejected.\n", + "markdownDescription": "A list of base64 DER-encoded CA certificates\nagainst which to validate client certificates.\nClient certs which are not signed by any of\nthese CAs will be rejected. \n", + "type": "string" + } + }, + "trusted_ca_certs_pem_files": { + "description": "trusted_ca_certs_pem_files: array\nModule: layer4.handlers.tls\nTrustedCACertPEMFiles is a list of PEM file names\nfrom which to load certificates of trusted CAs.\nClient certificates which are not signed by any of\nthese CA certificates will be rejected.\n", + "markdownDescription": "trusted_ca_certs_pem_files: `array` \nModule: `layer4.handlers.tls` \nTrustedCACertPEMFiles is a list of PEM file names\nfrom which to load certificates of trusted CAs.\nClient certificates which are not signed by any of\nthese CA certificates will be rejected. \n", + "type": "array", + "items": { + "description": "TrustedCACertPEMFiles is a list of PEM file names\nfrom which to load certificates of trusted CAs.\nClient certificates which are not signed by any of\nthese CA certificates will be rejected.\n", + "markdownDescription": "TrustedCACertPEMFiles is a list of PEM file names\nfrom which to load certificates of trusted CAs.\nClient certificates which are not signed by any of\nthese CA certificates will be rejected. \n", + "type": "string" + } + }, + "trusted_leaf_certs": { + "description": "trusted_leaf_certs: array\nModule: layer4.handlers.tls\nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected.\n", + "markdownDescription": "trusted_leaf_certs: `array` \nModule: `layer4.handlers.tls` \nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected. \n", + "type": "array", + "items": { + "description": "A list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected.\n", + "markdownDescription": "A list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected. \n", + "type": "string" + } + }, + "verifiers": { + "description": "verifiers: array\nModule: tls.client_auth", + "markdownDescription": "verifiers: `array` \nModule: `tls.client_auth`", + "type": "array", + "items": { + "required": [ + "verifier" + ], + "allOf": [ + { + "if": { + "properties": { + "verifier": { + "const": "leaf" + } + } + }, + "then": { + "$ref": "#/definitions/tls.client_auth.leaf" + } + }, + { + "properties": { + "verifier": { + "description": "key to identify verifiers module.\nverifier: string\nModule: tls.client_auth", + "markdownDescription": "key to identify `verifiers` module. \nverifier: `string` \nModule: `tls.client_auth`", + "type": "string", + "enum": [ + "leaf" + ] + } + } + } + ] + } + } + } + }, + "curves": { + "description": "curves: array\nModule: layer4.handlers.tls\nThe list of elliptic curves to support. Caddy's\ndefaults are modern and secure.\n", + "markdownDescription": "curves: `array` \nModule: `layer4.handlers.tls` \nThe list of elliptic curves to support. Caddy's\ndefaults are modern and secure. \n", + "type": "array", + "items": { + "description": "The list of elliptic curves to support. Caddy's\ndefaults are modern and secure.\n", + "markdownDescription": "The list of elliptic curves to support. Caddy's\ndefaults are modern and secure. \n", + "type": "string" + } + }, + "default_sni": { + "description": "default_sni: string\nModule: layer4.handlers.tls\nDefaultSNI becomes the ServerName in a ClientHello if there\nis no policy configured for the empty SNI value.\n", + "markdownDescription": "default_sni: `string` \nModule: `layer4.handlers.tls` \nDefaultSNI becomes the ServerName in a ClientHello if there\nis no policy configured for the empty SNI value. \n", + "type": "string" + }, + "match": { + "description": "match: object\nModule: tls.handshake_match\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nHow to match this policy with a TLS ClientHello. If\nthis policy is the first to match, it will be used.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "match: `object` \nModule: `tls.handshake_match` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nHow to match this policy with a TLS ClientHello. If\nthis policy is the first to match, it will be used.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "type": "object", + "properties": { + "alpn": { + "$ref": "#/definitions/tls.handshake_match.alpn" + }, + "remote_ip": { + "$ref": "#/definitions/tls.handshake_match.remote_ip" + }, + "sni": { + "$ref": "#/definitions/tls.handshake_match.sni" + } + } + }, + "protocol_max": { + "description": "protocol_max: string\nModule: layer4.handlers.tls\nMaximum TLS protocol version to allow. Default: `tls1.3`\n", + "markdownDescription": "protocol_max: `string` \nModule: `layer4.handlers.tls` \nMaximum TLS protocol version to allow. Default: `tls1.3` \n", + "type": "string" + }, + "protocol_min": { + "description": "protocol_min: string\nModule: layer4.handlers.tls\nMinimum TLS protocol version to allow. Default: `tls1.2`\n", + "markdownDescription": "protocol_min: `string` \nModule: `layer4.handlers.tls` \nMinimum TLS protocol version to allow. Default: `tls1.2` \n", + "type": "string" + } + } + } + } + } + }, + "layer4.matchers.http": { + "description": "http: any\nModule: layer4.matchers.http\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4http#MatchHTTP\nMatchHTTP is able to match HTTP connections. The auto-generated\ndocumentation for this type is wrong; instead of an object, it\nis an array of matcher set objects.\n\n", + "markdownDescription": "http: `any` \nModule: `layer4.matchers.http` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4http#MatchHTTP) \nMatchHTTP is able to match HTTP connections. The auto-generated\ndocumentation for this type is wrong; instead of an object, it\nis an array of matcher set objects.\n \n" + }, + "layer4.matchers.ip": { + "description": "ip: object\nModule: layer4.matchers.ip\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/layer4#MatchIP\nMatchIP matches requests by remote IP (or CIDR range).\n\n", + "markdownDescription": "ip: `object` \nModule: `layer4.matchers.ip` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/layer4#MatchIP) \nMatchIP matches requests by remote IP (or CIDR range).\n \n", + "type": "object", + "properties": { + "ranges": { + "description": "ranges: array\nModule: layer4.matchers.ip\n", + "markdownDescription": "ranges: `array` \nModule: `layer4.matchers.ip` \n", + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "layer4.matchers.proxy_protocol": { + "description": "proxy_protocol: object\nModule: layer4.matchers.proxy_protocol\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxyprotocol#MatchProxyProtocol", + "markdownDescription": "proxy_protocol: `object` \nModule: `layer4.matchers.proxy_protocol` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxyprotocol#MatchProxyProtocol)", + "type": "object" + }, + "layer4.matchers.ssh": { + "description": "ssh: object\nModule: layer4.matchers.ssh\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4ssh#MatchSSH\nMatchSSH is able to match SSH connections.\n\n", + "markdownDescription": "ssh: `object` \nModule: `layer4.matchers.ssh` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4ssh#MatchSSH) \nMatchSSH is able to match SSH connections.\n \n", + "type": "object" + }, + "layer4.matchers.tls": { + "description": "tls: any\nModule: layer4.matchers.tls\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4tls#MatchTLS\nMatchTLS is able to match TLS connections. Its structure\nis different from the auto-generated documentation. This\nvalue should be a map of matcher names to their values.\n\n", + "markdownDescription": "tls: `any` \nModule: `layer4.matchers.tls` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4tls#MatchTLS) \nMatchTLS is able to match TLS connections. Its structure\nis different from the auto-generated documentation. This\nvalue should be a map of matcher names to their values.\n \n" + }, + "layer4.matchers.xmpp": { + "description": "xmpp: object\nModule: layer4.matchers.xmpp\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4xmpp#MatchXMPP\nMatchXMPP is able to match XMPP connections.\n\n", + "markdownDescription": "xmpp: `object` \nModule: `layer4.matchers.xmpp` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4xmpp#MatchXMPP) \nMatchXMPP is able to match XMPP connections.\n \n", + "type": "object" + }, + "layer4.proxy.selection_policies.first": { + "description": "first: object\nModule: layer4.proxy.selection_policies.first\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#FirstSelection", + "markdownDescription": "first: `object` \nModule: `layer4.proxy.selection_policies.first` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#FirstSelection)", + "type": "object" + }, + "layer4.proxy.selection_policies.ip_hash": { + "description": "ip_hash: object\nModule: layer4.proxy.selection_policies.ip_hash\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#IPHashSelection", + "markdownDescription": "ip_hash: `object` \nModule: `layer4.proxy.selection_policies.ip_hash` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#IPHashSelection)", + "type": "object" + }, + "layer4.proxy.selection_policies.least_conn": { + "description": "least_conn: object\nModule: layer4.proxy.selection_policies.least_conn\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#LeastConnSelection", + "markdownDescription": "least_conn: `object` \nModule: `layer4.proxy.selection_policies.least_conn` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#LeastConnSelection)", + "type": "object" + }, + "layer4.proxy.selection_policies.random": { + "description": "random: object\nModule: layer4.proxy.selection_policies.random\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#RandomSelection", + "markdownDescription": "random: `object` \nModule: `layer4.proxy.selection_policies.random` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#RandomSelection)", + "type": "object" + }, + "layer4.proxy.selection_policies.random_choose": { + "description": "random_choose: object\nModule: layer4.proxy.selection_policies.random_choose\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#RandomChoiceSelection", + "markdownDescription": "random_choose: `object` \nModule: `layer4.proxy.selection_policies.random_choose` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#RandomChoiceSelection)", + "type": "object", + "properties": { + "choose": { + "description": "choose: number\nModule: layer4.proxy.selection_policies.random_choose\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#RandomChoiceSelection", + "markdownDescription": "choose: `number` \nModule: `layer4.proxy.selection_policies.random_choose` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#RandomChoiceSelection)", + "type": "number" + } + } + }, + "layer4.proxy.selection_policies.round_robin": { + "description": "round_robin: object\nModule: layer4.proxy.selection_policies.round_robin\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#RoundRobinSelection", + "markdownDescription": "round_robin: `object` \nModule: `layer4.proxy.selection_policies.round_robin` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#RoundRobinSelection)", + "type": "object" + }, + "pki": { + "description": "pki: object\nModule: pki\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddypki#PKI\nPKI provides Public Key Infrastructure facilities for Caddy.\n\nThis app can define certificate authorities (CAs) which are capable\nof signing certificates. Other modules can be configured to use\nthe CAs defined by this app for issuing certificates or getting\nkey information needed for establishing trust.\n\n", + "markdownDescription": "pki: `object` \nModule: `pki` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddypki#PKI) \nPKI provides Public Key Infrastructure facilities for Caddy.\n\nThis app can define certificate authorities (CAs) which are capable\nof signing certificates. Other modules can be configured to use\nthe CAs defined by this app for issuing certificates or getting\nkey information needed for establishing trust.\n \n", + "type": "object", + "properties": { + "certificate_authorities": { + "description": "certificate_authorities: object\nModule: pki\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddypki#CA\nThe certificate authorities to manage. Each CA is keyed by an\nID that is used to uniquely identify it from other CAs.\nAt runtime, the GetCA() method should be used instead to ensure\nthe default CA is provisioned if it hadn't already been.\nThe default CA ID is \"local\".\n\n\nCA describes a certificate authority, which consists of\nroot/signing certificates and various settings pertaining\nto the issuance of certificates and trusting them.\n", + "markdownDescription": "certificate_authorities: `object` \nModule: `pki` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddypki#CA) \nThe certificate authorities to manage. Each CA is keyed by an\nID that is used to uniquely identify it from other CAs.\nAt runtime, the GetCA() method should be used instead to ensure\nthe default CA is provisioned if it hadn't already been.\nThe default CA ID is \"local\".\n\n\nCA describes a certificate authority, which consists of\nroot/signing certificates and various settings pertaining\nto the issuance of certificates and trusting them. \n", + "type": "object", + "additionalProperties": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddypki#CA\nThe certificate authorities to manage. Each CA is keyed by an\nID that is used to uniquely identify it from other CAs.\nAt runtime, the GetCA() method should be used instead to ensure\nthe default CA is provisioned if it hadn't already been.\nThe default CA ID is \"local\".\n\n\nCA describes a certificate authority, which consists of\nroot/signing certificates and various settings pertaining\nto the issuance of certificates and trusting them.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddypki#CA) \nThe certificate authorities to manage. Each CA is keyed by an\nID that is used to uniquely identify it from other CAs.\nAt runtime, the GetCA() method should be used instead to ensure\nthe default CA is provisioned if it hadn't already been.\nThe default CA ID is \"local\".\n\n\nCA describes a certificate authority, which consists of\nroot/signing certificates and various settings pertaining\nto the issuance of certificates and trusting them. \n", + "properties": { + "install_trust": { + "description": "install_trust: boolean\nModule: pki\nWhether Caddy will attempt to install the CA's root\ninto the system trust store, as well as into Java\nand Mozilla Firefox trust stores. Default: true.\n", + "markdownDescription": "install_trust: `boolean` \nModule: `pki` \nWhether Caddy will attempt to install the CA's root\ninto the system trust store, as well as into Java\nand Mozilla Firefox trust stores. Default: true. \n", + "type": "boolean" + }, + "intermediate": { + "description": "intermediate: object\nModule: pki\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddypki#KeyPair\nThe intermediate (signing) certificate; if null, one will be generated.\n\n\nKeyPair represents a public-private key pair, where the\npublic key is also called a certificate.\n", + "markdownDescription": "intermediate: `object` \nModule: `pki` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddypki#KeyPair) \nThe intermediate (signing) certificate; if null, one will be generated.\n\n\nKeyPair represents a public-private key pair, where the\npublic key is also called a certificate. \n", + "type": "object", + "properties": { + "certificate": { + "description": "certificate: string\nModule: pki\nThe certificate. By default, this should be the path to\na PEM file unless format is something else.\n", + "markdownDescription": "certificate: `string` \nModule: `pki` \nThe certificate. By default, this should be the path to\na PEM file unless format is something else. \n", + "type": "string" + }, + "format": { + "description": "format: string\nModule: pki\nThe format in which the certificate and private\nkey are provided. Default: pem_file\n", + "markdownDescription": "format: `string` \nModule: `pki` \nThe format in which the certificate and private\nkey are provided. Default: pem_file \n", + "type": "string" + }, + "private_key": { + "description": "private_key: string\nModule: pki\nThe private key. By default, this should be the path to\na PEM file unless format is something else.\n", + "markdownDescription": "private_key: `string` \nModule: `pki` \nThe private key. By default, this should be the path to\na PEM file unless format is something else. \n", + "type": "string" + } + } + }, + "intermediate_common_name": { + "description": "intermediate_common_name: string\nModule: pki\nThe name to put in the CommonName field of the\nintermediate certificates.\n", + "markdownDescription": "intermediate_common_name: `string` \nModule: `pki` \nThe name to put in the CommonName field of the\nintermediate certificates. \n", + "type": "string" + }, + "name": { + "description": "name: string\nModule: pki\nThe user-facing name of the certificate authority.\n", + "markdownDescription": "name: `string` \nModule: `pki` \nThe user-facing name of the certificate authority. \n", + "type": "string" + }, + "root": { + "description": "root: object\nModule: pki\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddypki#KeyPair\nThe root certificate to use; if null, one will be generated.\n\n\nKeyPair represents a public-private key pair, where the\npublic key is also called a certificate.\n", + "markdownDescription": "root: `object` \nModule: `pki` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddypki#KeyPair) \nThe root certificate to use; if null, one will be generated.\n\n\nKeyPair represents a public-private key pair, where the\npublic key is also called a certificate. \n", + "type": "object", + "properties": { + "certificate": { + "description": "certificate: string\nModule: pki\nThe certificate. By default, this should be the path to\na PEM file unless format is something else.\n", + "markdownDescription": "certificate: `string` \nModule: `pki` \nThe certificate. By default, this should be the path to\na PEM file unless format is something else. \n", + "type": "string" + }, + "format": { + "description": "format: string\nModule: pki\nThe format in which the certificate and private\nkey are provided. Default: pem_file\n", + "markdownDescription": "format: `string` \nModule: `pki` \nThe format in which the certificate and private\nkey are provided. Default: pem_file \n", + "type": "string" + }, + "private_key": { + "description": "private_key: string\nModule: pki\nThe private key. By default, this should be the path to\na PEM file unless format is something else.\n", + "markdownDescription": "private_key: `string` \nModule: `pki` \nThe private key. By default, this should be the path to\na PEM file unless format is something else. \n", + "type": "string" + } + } + }, + "root_common_name": { + "description": "root_common_name: string\nModule: pki\nThe name to put in the CommonName field of the\nroot certificate.\n", + "markdownDescription": "root_common_name: `string` \nModule: `pki` \nThe name to put in the CommonName field of the\nroot certificate. \n", + "type": "string" + }, + "storage": { + "description": "storage: object\nModule: caddy.storage\nOptionally configure a separate storage module associated with this\nissuer, instead of using Caddy's global/default-configured storage.\nThis can be useful if you want to keep your signing keys in a\nseparate location from your leaf certificates.\n", + "markdownDescription": "storage: `object` \nModule: `caddy.storage` \nOptionally configure a separate storage module associated with this\nissuer, instead of using Caddy's global/default-configured storage.\nThis can be useful if you want to keep your signing keys in a\nseparate location from your leaf certificates. \n", + "type": "object", + "required": [ + "module" + ], + "allOf": [ + { + "if": { + "properties": { + "module": { + "const": "consul" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.storage.consul" + } + }, + { + "if": { + "properties": { + "module": { + "const": "file_system" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.storage.file_system" + } + }, + { + "properties": { + "module": { + "description": "key to identify storage module.\nmodule: string\nModule: caddy.storage", + "markdownDescription": "key to identify `storage` module. \nmodule: `string` \nModule: `caddy.storage`", + "type": "string", + "enum": [ + "consul", + "file_system" + ] + } + } + } + ] + } + } + } + } + } + }, + "tls": { + "description": "tls: object\nModule: tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#TLS\nTLS provides TLS facilities including certificate\nloading and management, client auth, and more.\n\n", + "markdownDescription": "tls: `object` \nModule: `tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#TLS) \nTLS provides TLS facilities including certificate\nloading and management, client auth, and more.\n \n", + "type": "object", + "properties": { + "automation": { + "description": "automation: object\nModule: tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#AutomationConfig\nConfigures certificate automation.\n\n\nAutomationConfig governs the automated management of TLS certificates.\n", + "markdownDescription": "automation: `object` \nModule: `tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#AutomationConfig) \nConfigures certificate automation.\n\n\nAutomationConfig governs the automated management of TLS certificates. \n", + "type": "object", + "properties": { + "ocsp_interval": { + "description": "ocsp_interval: number\nModule: tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nCaddy staples OCSP (and caches the response) for all\nqualifying certificates by default. This setting\nchanges how often it scans responses for freshness,\nand updates them if they are getting stale. Default: 1h\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "ocsp_interval: `number` \nModule: `tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nCaddy staples OCSP (and caches the response) for all\nqualifying certificates by default. This setting\nchanges how often it scans responses for freshness,\nand updates them if they are getting stale. Default: 1h\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "on_demand": { + "description": "on_demand: object\nModule: tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#OnDemandConfig\nOn-Demand TLS defers certificate operations to the\nmoment they are needed, e.g. during a TLS handshake.\nUseful when you don't know all the hostnames at\nconfig-time, or when you are not in control of the\ndomain names you are managing certificates for.\nIn 2015, Caddy became the first web server to\nimplement this experimental technology.\n\nNote that this field does not enable on-demand TLS;\nit only configures it for when it is used. To enable\nit, create an automation policy with `on_demand`.\n\n\nOnDemandConfig configures on-demand TLS, for obtaining\nneeded certificates at handshake-time. Because this\nfeature can easily be abused, you should use this to\nestablish rate limits and/or an internal endpoint that\nCaddy can \"ask\" if it should be allowed to manage\ncertificates for a given hostname.\n", + "markdownDescription": "on_demand: `object` \nModule: `tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#OnDemandConfig) \nOn-Demand TLS defers certificate operations to the\nmoment they are needed, e.g. during a TLS handshake.\nUseful when you don't know all the hostnames at\nconfig-time, or when you are not in control of the\ndomain names you are managing certificates for.\nIn 2015, Caddy became the first web server to\nimplement this experimental technology.\n\nNote that this field does not enable on-demand TLS;\nit only configures it for when it is used. To enable\nit, create an automation policy with `on_demand`.\n\n\nOnDemandConfig configures on-demand TLS, for obtaining\nneeded certificates at handshake-time. Because this\nfeature can easily be abused, you should use this to\nestablish rate limits and/or an internal endpoint that\nCaddy can \"ask\" if it should be allowed to manage\ncertificates for a given hostname. \n", + "type": "object", + "properties": { + "ask": { + "description": "ask: string\nModule: tls\nIf Caddy needs to obtain or renew a certificate\nduring a TLS handshake, it will perform a quick\nHTTP request to this URL to check if it should be\nallowed to try to get a certificate for the name\nin the \"domain\" query string parameter, like so:\n`?domain=example.com`. The endpoint must return a\n200 OK status if a certificate is allowed;\nanything else will cause it to be denied.\nRedirects are not followed.\n", + "markdownDescription": "ask: `string` \nModule: `tls` \nIf Caddy needs to obtain or renew a certificate\nduring a TLS handshake, it will perform a quick\nHTTP request to this URL to check if it should be\nallowed to try to get a certificate for the name\nin the \"domain\" query string parameter, like so:\n`?domain=example.com`. The endpoint must return a\n200 OK status if a certificate is allowed;\nanything else will cause it to be denied.\nRedirects are not followed. \n", + "type": "string" + }, + "rate_limit": { + "description": "rate_limit: object\nModule: tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#RateLimit\nAn optional rate limit to throttle the\nissuance of certificates from handshakes.\n\n\nRateLimit specifies an interval with optional burst size.\n", + "markdownDescription": "rate_limit: `object` \nModule: `tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#RateLimit) \nAn optional rate limit to throttle the\nissuance of certificates from handshakes.\n\n\nRateLimit specifies an interval with optional burst size. \n", + "type": "object", + "properties": { + "burst": { + "description": "burst: number\nModule: tls\nHow many times during an interval a certificate can be obtained.\n", + "markdownDescription": "burst: `number` \nModule: `tls` \nHow many times during an interval a certificate can be obtained. \n", + "type": "number" + }, + "interval": { + "description": "interval: number\nModule: tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nA duration value. A certificate may be obtained 'burst'\ntimes during this interval.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "interval: `number` \nModule: `tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nA duration value. A certificate may be obtained 'burst'\ntimes during this interval.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + } + } + } + } + }, + "policies": { + "description": "policies: array\nModule: tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#AutomationPolicy\nThe list of automation policies. The first policy matching\na certificate or subject name will be applied.\n\n\nAutomationPolicy designates the policy for automating the\nmanagement (obtaining, renewal, and revocation) of managed\nTLS certificates.\n\nAn AutomationPolicy value is not valid until it has been\nprovisioned; use the `AddAutomationPolicy()` method on the\nTLS app to properly provision a new policy.\n", + "markdownDescription": "policies: `array` \nModule: `tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#AutomationPolicy) \nThe list of automation policies. The first policy matching\na certificate or subject name will be applied.\n\n\nAutomationPolicy designates the policy for automating the\nmanagement (obtaining, renewal, and revocation) of managed\nTLS certificates.\n\nAn AutomationPolicy value is not valid until it has been\nprovisioned; use the `AddAutomationPolicy()` method on the\nTLS app to properly provision a new policy. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#AutomationPolicy\nThe list of automation policies. The first policy matching\na certificate or subject name will be applied.\n\n\nAutomationPolicy designates the policy for automating the\nmanagement (obtaining, renewal, and revocation) of managed\nTLS certificates.\n\nAn AutomationPolicy value is not valid until it has been\nprovisioned; use the `AddAutomationPolicy()` method on the\nTLS app to properly provision a new policy.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#AutomationPolicy) \nThe list of automation policies. The first policy matching\na certificate or subject name will be applied.\n\n\nAutomationPolicy designates the policy for automating the\nmanagement (obtaining, renewal, and revocation) of managed\nTLS certificates.\n\nAn AutomationPolicy value is not valid until it has been\nprovisioned; use the `AddAutomationPolicy()` method on the\nTLS app to properly provision a new policy. \n", + "type": "object", + "properties": { + "disable_ocsp_stapling": { + "description": "disable_ocsp_stapling: boolean\nModule: tls\nDisables OCSP stapling. Disabling OCSP stapling puts clients at\ngreater risk, reduces their privacy, and usually lowers client\nperformance. It is NOT recommended to disable this unless you\nare able to justify the costs.\nEXPERIMENTAL. Subject to change.\n", + "markdownDescription": "disable_ocsp_stapling: `boolean` \nModule: `tls` \nDisables OCSP stapling. Disabling OCSP stapling puts clients at\ngreater risk, reduces their privacy, and usually lowers client\nperformance. It is NOT recommended to disable this unless you\nare able to justify the costs.\nEXPERIMENTAL. Subject to change. \n", + "type": "boolean" + }, + "get_certificate": { + "description": "get_certificate: array\nModule: tls.get_certificate\nModules that can get a custom certificate to use for any\ngiven TLS handshake at handshake-time. Custom certificates\ncan be useful if another entity is managing certificates\nand Caddy need only get it and serve it.\n\nTODO: This is an EXPERIMENTAL feature. It is subject to change or removal.\n", + "markdownDescription": "get_certificate: `array` \nModule: `tls.get_certificate` \nModules that can get a custom certificate to use for any\ngiven TLS handshake at handshake-time. Custom certificates\ncan be useful if another entity is managing certificates\nand Caddy need only get it and serve it.\n\nTODO: This is an EXPERIMENTAL feature. It is subject to change or removal. \n", + "type": "array", + "items": { + "description": "Modules that can get a custom certificate to use for any\ngiven TLS handshake at handshake-time. Custom certificates\ncan be useful if another entity is managing certificates\nand Caddy need only get it and serve it.\n\nTODO: This is an EXPERIMENTAL feature. It is subject to change or removal.\n", + "markdownDescription": "Modules that can get a custom certificate to use for any\ngiven TLS handshake at handshake-time. Custom certificates\ncan be useful if another entity is managing certificates\nand Caddy need only get it and serve it.\n\nTODO: This is an EXPERIMENTAL feature. It is subject to change or removal. \n", + "required": [ + "via" + ], + "allOf": [ + { + "if": { + "properties": { + "via": { + "const": "http" + } + } + }, + "then": { + "$ref": "#/definitions/tls.get_certificate.http" + } + }, + { + "if": { + "properties": { + "via": { + "const": "tailscale" + } + } + }, + "then": { + "$ref": "#/definitions/tls.get_certificate.tailscale" + } + }, + { + "properties": { + "via": { + "description": "key to identify get_certificate module.\nvia: string\nModule: tls.get_certificate", + "markdownDescription": "key to identify `get_certificate` module. \nvia: `string` \nModule: `tls.get_certificate`", + "type": "string", + "enum": [ + "http", + "tailscale" + ] + } + } + } + ] + } + }, + "issuers": { + "description": "issuers: array\nModule: tls.issuance\nThe modules that may issue certificates. Default: internal if all\nsubjects do not qualify for public certificates; othewise acme and\nzerossl.\n", + "markdownDescription": "issuers: `array` \nModule: `tls.issuance` \nThe modules that may issue certificates. Default: internal if all\nsubjects do not qualify for public certificates; othewise acme and\nzerossl. \n", + "type": "array", + "items": { + "description": "The modules that may issue certificates. Default: internal if all\nsubjects do not qualify for public certificates; othewise acme and\nzerossl.\n", + "markdownDescription": "The modules that may issue certificates. Default: internal if all\nsubjects do not qualify for public certificates; othewise acme and\nzerossl. \n", + "required": [ + "module" + ], + "allOf": [ + { + "if": { + "properties": { + "module": { + "const": "zerossl" + } + } + }, + "then": { + "$ref": "#/definitions/tls.issuance.zerossl" + } + }, + { + "if": { + "properties": { + "module": { + "const": "acme" + } + } + }, + "then": { + "$ref": "#/definitions/tls.issuance.acme" + } + }, + { + "if": { + "properties": { + "module": { + "const": "internal" + } + } + }, + "then": { + "$ref": "#/definitions/tls.issuance.internal" + } + }, + { + "properties": { + "module": { + "description": "key to identify issuers module.\nmodule: string\nModule: tls.issuance", + "markdownDescription": "key to identify `issuers` module. \nmodule: `string` \nModule: `tls.issuance`", + "type": "string", + "enum": [ + "zerossl", + "acme", + "internal" + ] + } + } + } + ] + } + }, + "key_type": { + "description": "key_type: string\nModule: tls\nThe type of key to generate for certificates.\nSupported values: `ed25519`, `p256`, `p384`, `rsa2048`, `rsa4096`.\n", + "markdownDescription": "key_type: `string` \nModule: `tls` \nThe type of key to generate for certificates.\nSupported values: `ed25519`, `p256`, `p384`, `rsa2048`, `rsa4096`. \n", + "type": "string" + }, + "must_staple": { + "description": "must_staple: boolean\nModule: tls\nIf true, certificates will be requested with MustStaple. Not all\nCAs support this, and there are potentially serious consequences\nof enabling this feature without proper threat modeling.\n", + "markdownDescription": "must_staple: `boolean` \nModule: `tls` \nIf true, certificates will be requested with MustStaple. Not all\nCAs support this, and there are potentially serious consequences\nof enabling this feature without proper threat modeling. \n", + "type": "boolean" + }, + "ocsp_overrides": { + "description": "ocsp_overrides: object\nModule: tls\nOverrides the URLs of OCSP responders embedded in certificates.\nEach key is a OCSP server URL to override, and its value is the\nreplacement. An empty value will disable querying of that server.\nEXPERIMENTAL. Subject to change.\n", + "markdownDescription": "ocsp_overrides: `object` \nModule: `tls` \nOverrides the URLs of OCSP responders embedded in certificates.\nEach key is a OCSP server URL to override, and its value is the\nreplacement. An empty value will disable querying of that server.\nEXPERIMENTAL. Subject to change. \n", + "type": "object", + "additionalProperties": { + "description": "Overrides the URLs of OCSP responders embedded in certificates.\nEach key is a OCSP server URL to override, and its value is the\nreplacement. An empty value will disable querying of that server.\nEXPERIMENTAL. Subject to change.\n", + "markdownDescription": "Overrides the URLs of OCSP responders embedded in certificates.\nEach key is a OCSP server URL to override, and its value is the\nreplacement. An empty value will disable querying of that server.\nEXPERIMENTAL. Subject to change. \n" + } + }, + "on_demand": { + "description": "on_demand: boolean\nModule: tls\nIf true, certificates will be managed \"on demand\"; that is, during\nTLS handshakes or when needed, as opposed to at startup or config\nload. This enables On-Demand TLS for this policy.\n", + "markdownDescription": "on_demand: `boolean` \nModule: `tls` \nIf true, certificates will be managed \"on demand\"; that is, during\nTLS handshakes or when needed, as opposed to at startup or config\nload. This enables On-Demand TLS for this policy. \n", + "type": "boolean" + }, + "renewal_window_ratio": { + "description": "renewal_window_ratio: object\nModule: tls\nHow long before a certificate's expiration to try renewing it,\nas a function of its total lifetime. As a general and conservative\nrule, it is a good idea to renew a certificate when it has about\n1/3 of its total lifetime remaining. This utilizes the majority\nof the certificate's lifetime while still saving time to\ntroubleshoot problems. However, for extremely short-lived certs,\nyou may wish to increase the ratio to ~1/2.\n", + "markdownDescription": "renewal_window_ratio: `object` \nModule: `tls` \nHow long before a certificate's expiration to try renewing it,\nas a function of its total lifetime. As a general and conservative\nrule, it is a good idea to renew a certificate when it has about\n1/3 of its total lifetime remaining. This utilizes the majority\nof the certificate's lifetime while still saving time to\ntroubleshoot problems. However, for extremely short-lived certs,\nyou may wish to increase the ratio to ~1/2. \n", + "type": "object" + }, + "storage": { + "description": "storage: object\nModule: caddy.storage\nOptionally configure a separate storage module associated with this\nmanager, instead of using Caddy's global/default-configured storage.\n", + "markdownDescription": "storage: `object` \nModule: `caddy.storage` \nOptionally configure a separate storage module associated with this\nmanager, instead of using Caddy's global/default-configured storage. \n", + "type": "object", + "required": [ + "module" + ], + "allOf": [ + { + "if": { + "properties": { + "module": { + "const": "consul" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.storage.consul" + } + }, + { + "if": { + "properties": { + "module": { + "const": "file_system" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.storage.file_system" + } + }, + { + "properties": { + "module": { + "description": "key to identify storage module.\nmodule: string\nModule: caddy.storage", + "markdownDescription": "key to identify `storage` module. \nmodule: `string` \nModule: `caddy.storage`", + "type": "string", + "enum": [ + "consul", + "file_system" + ] + } + } + } + ] + }, + "subjects": { + "description": "subjects: array\nModule: tls\nWhich subjects (hostnames or IP addresses) this policy applies to.\n", + "markdownDescription": "subjects: `array` \nModule: `tls` \nWhich subjects (hostnames or IP addresses) this policy applies to. \n", + "type": "array", + "items": { + "description": "Which subjects (hostnames or IP addresses) this policy applies to.\n", + "markdownDescription": "Which subjects (hostnames or IP addresses) this policy applies to. \n", + "type": "string" + } + } + } + } + }, + "renew_interval": { + "description": "renew_interval: number\nModule: tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nEvery so often, Caddy will scan all loaded, managed\ncertificates for expiration. This setting changes how\nfrequently the scan for expiring certificates is\nperformed. Default: 10m\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "renew_interval: `number` \nModule: `tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nEvery so often, Caddy will scan all loaded, managed\ncertificates for expiration. This setting changes how\nfrequently the scan for expiring certificates is\nperformed. Default: 10m\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "storage_clean_interval": { + "description": "storage_clean_interval: number\nModule: tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow often to scan storage units for old or expired\nassets and remove them. These scans exert lots of\nreads (and list operations) on the storage module, so\nchoose a longer interval for large deployments.\nDefault: 24h\n\nStorage will always be cleaned when the process first\nstarts. Then, a new cleaning will be started this\nduration after the previous cleaning started if the\nprevious cleaning finished in less than half the time\nof this interval (otherwise next start will be skipped).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "storage_clean_interval: `number` \nModule: `tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow often to scan storage units for old or expired\nassets and remove them. These scans exert lots of\nreads (and list operations) on the storage module, so\nchoose a longer interval for large deployments.\nDefault: 24h\n\nStorage will always be cleaned when the process first\nstarts. Then, a new cleaning will be started this\nduration after the previous cleaning started if the\nprevious cleaning finished in less than half the time\nof this interval (otherwise next start will be skipped).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + } + } + }, + "cache": { + "description": "cache: object\nModule: tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CertCacheOptions\nConfigures the in-memory certificate cache.\n\n\nCertCacheOptions configures the certificate cache.\n", + "markdownDescription": "cache: `object` \nModule: `tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CertCacheOptions) \nConfigures the in-memory certificate cache.\n\n\nCertCacheOptions configures the certificate cache. \n", + "type": "object", + "properties": { + "capacity": { + "description": "capacity: number\nModule: tls\nMaximum number of certificates to allow in the\ncache. If reached, certificates will be randomly\nevicted to make room for new ones. Default: 10,000\n", + "markdownDescription": "capacity: `number` \nModule: `tls` \nMaximum number of certificates to allow in the\ncache. If reached, certificates will be randomly\nevicted to make room for new ones. Default: 10,000 \n", + "type": "number" + } + } + }, + "certificates": { + "description": "certificates: object\nModule: tls.certificates\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nCaches certificates in memory for quick use during\nTLS handshakes. Each key is the name of a certificate\nloader module. All loaded certificates get pooled\ninto the same cache and may be used to complete TLS\nhandshakes for the relevant server names (SNI).\nCertificates loaded manually (anything other than\n\"automate\") are not automatically managed and will\nhave to be refreshed manually before they expire.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "certificates: `object` \nModule: `tls.certificates` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nCaches certificates in memory for quick use during\nTLS handshakes. Each key is the name of a certificate\nloader module. All loaded certificates get pooled\ninto the same cache and may be used to complete TLS\nhandshakes for the relevant server names (SNI).\nCertificates loaded manually (anything other than\n\"automate\") are not automatically managed and will\nhave to be refreshed manually before they expire.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "type": "object", + "properties": { + "automate": { + "$ref": "#/definitions/tls.certificates.automate" + }, + "load_files": { + "$ref": "#/definitions/tls.certificates.load_files" + }, + "load_folders": { + "$ref": "#/definitions/tls.certificates.load_folders" + }, + "load_pem": { + "$ref": "#/definitions/tls.certificates.load_pem" + }, + "load_storage": { + "$ref": "#/definitions/tls.certificates.load_storage" + } + } + }, + "disable_ocsp_stapling": { + "description": "disable_ocsp_stapling: boolean\nModule: tls\nDisables OCSP stapling for manually-managed certificates only.\nTo configure OCSP stapling for automated certificates, use an\nautomation policy instead.\n\nDisabling OCSP stapling puts clients at greater risk, reduces their\nprivacy, and usually lowers client performance. It is NOT recommended\nto disable this unless you are able to justify the costs.\nEXPERIMENTAL. Subject to change.\n", + "markdownDescription": "disable_ocsp_stapling: `boolean` \nModule: `tls` \nDisables OCSP stapling for manually-managed certificates only.\nTo configure OCSP stapling for automated certificates, use an\nautomation policy instead.\n\nDisabling OCSP stapling puts clients at greater risk, reduces their\nprivacy, and usually lowers client performance. It is NOT recommended\nto disable this unless you are able to justify the costs.\nEXPERIMENTAL. Subject to change. \n", + "type": "boolean" + }, + "session_tickets": { + "description": "session_tickets: object\nModule: tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#SessionTicketService\nConfigures session ticket ephemeral keys (STEKs).\n\n\nSessionTicketService configures and manages TLS session tickets.\n", + "markdownDescription": "session_tickets: `object` \nModule: `tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#SessionTicketService) \nConfigures session ticket ephemeral keys (STEKs).\n\n\nSessionTicketService configures and manages TLS session tickets. \n", + "type": "object", + "properties": { + "disable_rotation": { + "description": "disable_rotation: boolean\nModule: tls\nDisables STEK rotation.\n", + "markdownDescription": "disable_rotation: `boolean` \nModule: `tls` \nDisables STEK rotation. \n", + "type": "boolean" + }, + "disabled": { + "description": "disabled: boolean\nModule: tls\nDisables TLS session resumption by tickets.\n", + "markdownDescription": "disabled: `boolean` \nModule: `tls` \nDisables TLS session resumption by tickets. \n", + "type": "boolean" + }, + "key_source": { + "description": "key_source: object\nModule: tls.stek\nKeySource is the method by which Caddy produces or obtains\nTLS session ticket keys (STEKs). By default, Caddy generates\nthem internally using a secure pseudorandom source.\n", + "markdownDescription": "key_source: `object` \nModule: `tls.stek` \nKeySource is the method by which Caddy produces or obtains\nTLS session ticket keys (STEKs). By default, Caddy generates\nthem internally using a secure pseudorandom source. \n", + "type": "object", + "required": [ + "provider" + ], + "allOf": [ + { + "if": { + "properties": { + "provider": { + "const": "distributed" + } + } + }, + "then": { + "$ref": "#/definitions/tls.stek.distributed" + } + }, + { + "if": { + "properties": { + "provider": { + "const": "standard" + } + } + }, + "then": { + "$ref": "#/definitions/tls.stek.standard" + } + }, + { + "properties": { + "provider": { + "description": "key to identify key_source module.\nprovider: string\nModule: tls.stek", + "markdownDescription": "key to identify `key_source` module. \nprovider: `string` \nModule: `tls.stek`", + "type": "string", + "enum": [ + "distributed", + "standard" + ] + } + } + } + ] + }, + "max_keys": { + "description": "max_keys: number\nModule: tls\nThe maximum number of keys to keep in rotation. Default: 4.\n", + "markdownDescription": "max_keys: `number` \nModule: `tls` \nThe maximum number of keys to keep in rotation. Default: 4. \n", + "type": "number" + }, + "rotation_interval": { + "description": "rotation_interval: number\nModule: tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow often Caddy rotates STEKs. Default: 12h.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "rotation_interval: `number` \nModule: `tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow often Caddy rotates STEKs. Default: 12h.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + } + } + } + } + }, + "tls.certificates.automate": { + "description": "automate: array\nModule: tls.certificates.automate\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#AutomateLoader\nAutomateLoader will automatically manage certificates for the names in the\nlist, including obtaining and renewing certificates. Automated certificates\nare managed according to their matching automation policy, configured\nelsewhere in this app.\n\nTechnically, this is a no-op certificate loader module that is treated as\na special case: it uses this app's automation features to load certificates\nfor the list of hostnames, rather than loading certificates manually.\n\n", + "markdownDescription": "automate: `array` \nModule: `tls.certificates.automate` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#AutomateLoader) \nAutomateLoader will automatically manage certificates for the names in the\nlist, including obtaining and renewing certificates. Automated certificates\nare managed according to their matching automation policy, configured\nelsewhere in this app.\n\nTechnically, this is a no-op certificate loader module that is treated as\na special case: it uses this app's automation features to load certificates\nfor the list of hostnames, rather than loading certificates manually.\n \n", + "type": "array", + "items": { + "type": "string" + } + }, + "tls.certificates.load_files": { + "description": "load_files: array\nModule: tls.certificates.load_files\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CertKeyFilePair\nCertKeyFilePair pairs certificate and key file names along with their\nencoding format so that they can be loaded from disk.\n\n", + "markdownDescription": "load_files: `array` \nModule: `tls.certificates.load_files` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CertKeyFilePair) \nCertKeyFilePair pairs certificate and key file names along with their\nencoding format so that they can be loaded from disk.\n \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CertKeyFilePair\nCertKeyFilePair pairs certificate and key file names along with their\nencoding format so that they can be loaded from disk.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CertKeyFilePair) \nCertKeyFilePair pairs certificate and key file names along with their\nencoding format so that they can be loaded from disk.\n \n", + "type": "object", + "properties": { + "certificate": { + "description": "certificate: string\nModule: tls.certificates.load_files\nPath to the certificate (public key) file.\n", + "markdownDescription": "certificate: `string` \nModule: `tls.certificates.load_files` \nPath to the certificate (public key) file. \n", + "type": "string" + }, + "format": { + "description": "format: string\nModule: tls.certificates.load_files\nThe format of the cert and key. Can be \"pem\". Default: \"pem\"\n", + "markdownDescription": "format: `string` \nModule: `tls.certificates.load_files` \nThe format of the cert and key. Can be \"pem\". Default: \"pem\" \n", + "type": "string" + }, + "key": { + "description": "key: string\nModule: tls.certificates.load_files\nPath to the private key file.\n", + "markdownDescription": "key: `string` \nModule: `tls.certificates.load_files` \nPath to the private key file. \n", + "type": "string" + }, + "tags": { + "description": "tags: array\nModule: tls.certificates.load_files\nArbitrary values to associate with this certificate.\nCan be useful when you want to select a particular\ncertificate when there may be multiple valid candidates.\n", + "markdownDescription": "tags: `array` \nModule: `tls.certificates.load_files` \nArbitrary values to associate with this certificate.\nCan be useful when you want to select a particular\ncertificate when there may be multiple valid candidates. \n", + "type": "array", + "items": { + "description": "Arbitrary values to associate with this certificate.\nCan be useful when you want to select a particular\ncertificate when there may be multiple valid candidates.\n", + "markdownDescription": "Arbitrary values to associate with this certificate.\nCan be useful when you want to select a particular\ncertificate when there may be multiple valid candidates. \n", + "type": "string" + } + } + } + } + }, + "tls.certificates.load_folders": { + "description": "load_folders: array\nModule: tls.certificates.load_folders\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#FolderLoader\nFolderLoader loads certificates and their associated keys from disk\nby recursively walking the specified directories, looking for PEM\nfiles which contain both a certificate and a key.\n\n", + "markdownDescription": "load_folders: `array` \nModule: `tls.certificates.load_folders` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#FolderLoader) \nFolderLoader loads certificates and their associated keys from disk\nby recursively walking the specified directories, looking for PEM\nfiles which contain both a certificate and a key.\n \n", + "type": "array", + "items": { + "type": "string" + } + }, + "tls.certificates.load_pem": { + "description": "load_pem: array\nModule: tls.certificates.load_pem\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CertKeyPEMPair\nCertKeyPEMPair pairs certificate and key PEM blocks.\n\n", + "markdownDescription": "load_pem: `array` \nModule: `tls.certificates.load_pem` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CertKeyPEMPair) \nCertKeyPEMPair pairs certificate and key PEM blocks.\n \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CertKeyPEMPair\nCertKeyPEMPair pairs certificate and key PEM blocks.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CertKeyPEMPair) \nCertKeyPEMPair pairs certificate and key PEM blocks.\n \n", + "type": "object", + "properties": { + "certificate": { + "description": "certificate: string\nModule: tls.certificates.load_pem\nThe certificate (public key) in PEM format.\n", + "markdownDescription": "certificate: `string` \nModule: `tls.certificates.load_pem` \nThe certificate (public key) in PEM format. \n", + "type": "string" + }, + "key": { + "description": "key: string\nModule: tls.certificates.load_pem\nThe private key in PEM format.\n", + "markdownDescription": "key: `string` \nModule: `tls.certificates.load_pem` \nThe private key in PEM format. \n", + "type": "string" + }, + "tags": { + "description": "tags: array\nModule: tls.certificates.load_pem\nArbitrary values to associate with this certificate.\nCan be useful when you want to select a particular\ncertificate when there may be multiple valid candidates.\n", + "markdownDescription": "tags: `array` \nModule: `tls.certificates.load_pem` \nArbitrary values to associate with this certificate.\nCan be useful when you want to select a particular\ncertificate when there may be multiple valid candidates. \n", + "type": "array", + "items": { + "description": "Arbitrary values to associate with this certificate.\nCan be useful when you want to select a particular\ncertificate when there may be multiple valid candidates.\n", + "markdownDescription": "Arbitrary values to associate with this certificate.\nCan be useful when you want to select a particular\ncertificate when there may be multiple valid candidates. \n", + "type": "string" + } + } + } + } + }, + "tls.certificates.load_storage": { + "description": "load_storage: object\nModule: tls.certificates.load_storage\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#StorageLoader\nStorageLoader loads certificates and their associated keys\nfrom the globally configured storage module.\n\n", + "markdownDescription": "load_storage: `object` \nModule: `tls.certificates.load_storage` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#StorageLoader) \nStorageLoader loads certificates and their associated keys\nfrom the globally configured storage module.\n \n", + "type": "object", + "properties": { + "pairs": { + "description": "pairs: array\nModule: tls.certificates.load_storage\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CertKeyFilePair\nA list of pairs of certificate and key file names along with their\nencoding format so that they can be loaded from storage.\n\n\nCertKeyFilePair pairs certificate and key file names along with their\nencoding format so that they can be loaded from disk.\n", + "markdownDescription": "pairs: `array` \nModule: `tls.certificates.load_storage` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CertKeyFilePair) \nA list of pairs of certificate and key file names along with their\nencoding format so that they can be loaded from storage.\n\n\nCertKeyFilePair pairs certificate and key file names along with their\nencoding format so that they can be loaded from disk. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CertKeyFilePair\nA list of pairs of certificate and key file names along with their\nencoding format so that they can be loaded from storage.\n\n\nCertKeyFilePair pairs certificate and key file names along with their\nencoding format so that they can be loaded from disk.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#CertKeyFilePair) \nA list of pairs of certificate and key file names along with their\nencoding format so that they can be loaded from storage.\n\n\nCertKeyFilePair pairs certificate and key file names along with their\nencoding format so that they can be loaded from disk. \n", + "type": "object", + "properties": { + "certificate": { + "description": "certificate: string\nModule: tls.certificates.load_storage\nPath to the certificate (public key) file.\n", + "markdownDescription": "certificate: `string` \nModule: `tls.certificates.load_storage` \nPath to the certificate (public key) file. \n", + "type": "string" + }, + "format": { + "description": "format: string\nModule: tls.certificates.load_storage\nThe format of the cert and key. Can be \"pem\". Default: \"pem\"\n", + "markdownDescription": "format: `string` \nModule: `tls.certificates.load_storage` \nThe format of the cert and key. Can be \"pem\". Default: \"pem\" \n", + "type": "string" + }, + "key": { + "description": "key: string\nModule: tls.certificates.load_storage\nPath to the private key file.\n", + "markdownDescription": "key: `string` \nModule: `tls.certificates.load_storage` \nPath to the private key file. \n", + "type": "string" + }, + "tags": { + "description": "tags: array\nModule: tls.certificates.load_storage\nArbitrary values to associate with this certificate.\nCan be useful when you want to select a particular\ncertificate when there may be multiple valid candidates.\n", + "markdownDescription": "tags: `array` \nModule: `tls.certificates.load_storage` \nArbitrary values to associate with this certificate.\nCan be useful when you want to select a particular\ncertificate when there may be multiple valid candidates. \n", + "type": "array", + "items": { + "description": "Arbitrary values to associate with this certificate.\nCan be useful when you want to select a particular\ncertificate when there may be multiple valid candidates.\n", + "markdownDescription": "Arbitrary values to associate with this certificate.\nCan be useful when you want to select a particular\ncertificate when there may be multiple valid candidates. \n", + "type": "string" + } + } + } + } + } + } + }, + "tls.client_auth.leaf": { + "description": "leaf: any\nModule: tls.client_auth.leaf\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#LeafCertClientAuth", + "markdownDescription": "leaf: `any` \nModule: `tls.client_auth.leaf` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#LeafCertClientAuth)" + }, + "tls.get_certificate.http": { + "description": "http: object\nModule: tls.get_certificate.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#HTTPCertGetter\nHTTPCertGetter can get a certificate via HTTP(S) request.\n\n", + "markdownDescription": "http: `object` \nModule: `tls.get_certificate.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#HTTPCertGetter) \nHTTPCertGetter can get a certificate via HTTP(S) request.\n \n", + "type": "object", + "properties": { + "url": { + "description": "url: string\nModule: tls.get_certificate.http\nThe URL from which to download the certificate. Required.\n\nThe URL will be augmented with query string parameters taken\nfrom the TLS handshake:\n\n- server_name: The SNI value\n- signature_schemes: Comma-separated list of hex IDs of signatures\n- cipher_suites: Comma-separated list of hex IDs of cipher suites\n\nTo be valid, the response must be HTTP 200 with a PEM body\nconsisting of blocks for the certificate chain and the private\nkey.\n", + "markdownDescription": "url: `string` \nModule: `tls.get_certificate.http` \nThe URL from which to download the certificate. Required.\n\nThe URL will be augmented with query string parameters taken\nfrom the TLS handshake:\n\n- server_name: The SNI value\n- signature_schemes: Comma-separated list of hex IDs of signatures\n- cipher_suites: Comma-separated list of hex IDs of cipher suites\n\nTo be valid, the response must be HTTP 200 with a PEM body\nconsisting of blocks for the certificate chain and the private\nkey. \n", + "type": "string" + } + } + }, + "tls.get_certificate.tailscale": { + "description": "tailscale: object\nModule: tls.get_certificate.tailscale\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#Tailscale\nTailscale is a module that can get certificates from the local Tailscale process.\n\n", + "markdownDescription": "tailscale: `object` \nModule: `tls.get_certificate.tailscale` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#Tailscale) \nTailscale is a module that can get certificates from the local Tailscale process.\n \n", + "type": "object", + "properties": { + "optional": { + "description": "optional: boolean\nModule: tls.get_certificate.tailscale\nIf true, this module will operate in \"best-effort\" mode and\nignore \"soft\" errors; i.e. try Tailscale, and if it doesn't connect\nor return a certificate, oh well. Failure to connect to Tailscale\nresults in a no-op instead of an error. Intended for the use case\nwhere this module is added implicitly for convenience, even if\nTailscale isn't necessarily running.\n", + "markdownDescription": "optional: `boolean` \nModule: `tls.get_certificate.tailscale` \nIf true, this module will operate in \"best-effort\" mode and\nignore \"soft\" errors; i.e. try Tailscale, and if it doesn't connect\nor return a certificate, oh well. Failure to connect to Tailscale\nresults in a no-op instead of an error. Intended for the use case\nwhere this module is added implicitly for convenience, even if\nTailscale isn't necessarily running. \n", + "type": "boolean" + } + } + }, + "tls.handshake_match.alpn": { + "description": "alpn: array\nModule: tls.handshake_match.alpn\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4tls#MatchALPN", + "markdownDescription": "alpn: `array` \nModule: `tls.handshake_match.alpn` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4tls#MatchALPN)", + "type": "array", + "items": { + "type": "string" + } + }, + "tls.handshake_match.remote_ip": { + "description": "remote_ip: object\nModule: tls.handshake_match.remote_ip\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#MatchRemoteIP\nMatchRemoteIP matches based on the remote IP of the\nconnection. Specific IPs or CIDR ranges can be specified.\n\nNote that IPs can sometimes be spoofed, so do not rely\non this as a replacement for actual authentication.\n\n", + "markdownDescription": "remote_ip: `object` \nModule: `tls.handshake_match.remote_ip` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#MatchRemoteIP) \nMatchRemoteIP matches based on the remote IP of the\nconnection. Specific IPs or CIDR ranges can be specified.\n\nNote that IPs can sometimes be spoofed, so do not rely\non this as a replacement for actual authentication.\n \n", + "type": "object", + "properties": { + "not_ranges": { + "description": "not_ranges: array\nModule: tls.handshake_match.remote_ip\nThe IPs or CIDR ranges to *NOT* match.\n", + "markdownDescription": "not_ranges: `array` \nModule: `tls.handshake_match.remote_ip` \nThe IPs or CIDR ranges to *NOT* match. \n", + "type": "array", + "items": { + "description": "The IPs or CIDR ranges to *NOT* match.\n", + "markdownDescription": "The IPs or CIDR ranges to *NOT* match. \n", + "type": "string" + } + }, + "ranges": { + "description": "ranges: array\nModule: tls.handshake_match.remote_ip\nThe IPs or CIDR ranges to match.\n", + "markdownDescription": "ranges: `array` \nModule: `tls.handshake_match.remote_ip` \nThe IPs or CIDR ranges to match. \n", + "type": "array", + "items": { + "description": "The IPs or CIDR ranges to match.\n", + "markdownDescription": "The IPs or CIDR ranges to match. \n", + "type": "string" + } + } + } + }, + "tls.handshake_match.sni": { + "description": "sni: array\nModule: tls.handshake_match.sni\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#MatchServerName\nMatchServerName matches based on SNI. Names in\nthis list may use left-most-label wildcards,\nsimilar to wildcard certificates.\n\n", + "markdownDescription": "sni: `array` \nModule: `tls.handshake_match.sni` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#MatchServerName) \nMatchServerName matches based on SNI. Names in\nthis list may use left-most-label wildcards,\nsimilar to wildcard certificates.\n \n", + "type": "array", + "items": { + "type": "string" + } + }, + "tls.issuance.acme": { + "description": "acme: object\nModule: tls.issuance.acme\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ACMEIssuer\nACMEIssuer manages certificates using the ACME protocol (RFC 8555).\n\n", + "markdownDescription": "acme: `object` \nModule: `tls.issuance.acme` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ACMEIssuer) \nACMEIssuer manages certificates using the ACME protocol (RFC 8555).\n \n", + "type": "object", + "properties": { + "account_key": { + "description": "account_key: string\nModule: tls.issuance.acme\nIf you have an existing account with the ACME server, put\nthe private key here in PEM format. The ACME client will\nlook up your account information with this key first before\ntrying to create a new one. You can use placeholders here,\nfor example if you have it in an environment variable.\n", + "markdownDescription": "account_key: `string` \nModule: `tls.issuance.acme` \nIf you have an existing account with the ACME server, put\nthe private key here in PEM format. The ACME client will\nlook up your account information with this key first before\ntrying to create a new one. You can use placeholders here,\nfor example if you have it in an environment variable. \n", + "type": "string" + }, + "acme_timeout": { + "description": "acme_timeout: number\nModule: tls.issuance.acme\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nTime to wait before timing out an ACME operation.\nDefault: 0 (no timeout)\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "acme_timeout: `number` \nModule: `tls.issuance.acme` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nTime to wait before timing out an ACME operation.\nDefault: 0 (no timeout)\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "ca": { + "description": "ca: string\nModule: tls.issuance.acme\nThe URL to the CA's ACME directory endpoint. Default:\nhttps://acme-v02.api.letsencrypt.org/directory\n", + "markdownDescription": "ca: `string` \nModule: `tls.issuance.acme` \nThe URL to the CA's ACME directory endpoint. Default:\nhttps://acme-v02.api.letsencrypt.org/directory \n", + "type": "string" + }, + "challenges": { + "description": "challenges: object\nModule: tls.issuance.acme\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ChallengesConfig\nConfigures the various ACME challenge types.\n\n\nChallengesConfig configures the ACME challenges.\n", + "markdownDescription": "challenges: `object` \nModule: `tls.issuance.acme` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ChallengesConfig) \nConfigures the various ACME challenge types.\n\n\nChallengesConfig configures the ACME challenges. \n", + "type": "object", + "properties": { + "bind_host": { + "description": "bind_host: string\nModule: tls.issuance.acme\nOptionally customize the host to which a listener\nis bound if required for solving a challenge.\n", + "markdownDescription": "bind_host: `string` \nModule: `tls.issuance.acme` \nOptionally customize the host to which a listener\nis bound if required for solving a challenge. \n", + "type": "string" + }, + "dns": { + "description": "dns: object\nModule: tls.issuance.acme\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#DNSChallengeConfig\nConfigures the ACME DNS challenge. Because this\nchallenge typically requires credentials for\ninterfacing with a DNS provider, this challenge is\nnot enabled by default. This is the only challenge\ntype which does not require a direct connection\nto Caddy from an external server.\n\nNOTE: DNS providers are currently being upgraded,\nand this API is subject to change, but should be\nstabilized soon.\n\n\nDNSChallengeConfig configures the ACME DNS challenge.\n\nNOTE: This API is still experimental and is subject to change.\n", + "markdownDescription": "dns: `object` \nModule: `tls.issuance.acme` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#DNSChallengeConfig) \nConfigures the ACME DNS challenge. Because this\nchallenge typically requires credentials for\ninterfacing with a DNS provider, this challenge is\nnot enabled by default. This is the only challenge\ntype which does not require a direct connection\nto Caddy from an external server.\n\nNOTE: DNS providers are currently being upgraded,\nand this API is subject to change, but should be\nstabilized soon.\n\n\nDNSChallengeConfig configures the ACME DNS challenge.\n\nNOTE: This API is still experimental and is subject to change. \n", + "type": "object", + "properties": { + "override_domain": { + "description": "override_domain: string\nModule: tls.issuance.acme\nOverride the domain to use for the DNS challenge. This\nis to delegate the challenge to a different domain,\ne.g. one that updates faster or one with a provider API.\n", + "markdownDescription": "override_domain: `string` \nModule: `tls.issuance.acme` \nOverride the domain to use for the DNS challenge. This\nis to delegate the challenge to a different domain,\ne.g. one that updates faster or one with a provider API. \n", + "type": "string" + }, + "propagation_delay": { + "description": "propagation_delay: number\nModule: tls.issuance.acme\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to wait before starting propagation checks.\nDefault: 0 (no wait).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "propagation_delay: `number` \nModule: `tls.issuance.acme` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to wait before starting propagation checks.\nDefault: 0 (no wait).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "propagation_timeout": { + "description": "propagation_timeout: number\nModule: tls.issuance.acme\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nMaximum time to wait for temporary DNS record to appear.\nSet to -1 to disable propagation checks.\nDefault: 2 minutes.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "propagation_timeout: `number` \nModule: `tls.issuance.acme` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nMaximum time to wait for temporary DNS record to appear.\nSet to -1 to disable propagation checks.\nDefault: 2 minutes.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "provider": { + "description": "provider: any\nModule: dns.providers\nThe DNS provider module to use which will manage\nthe DNS records relevant to the ACME challenge.\n", + "markdownDescription": "provider: `any` \nModule: `dns.providers` \nThe DNS provider module to use which will manage\nthe DNS records relevant to the ACME challenge. \n" + }, + "resolvers": { + "description": "resolvers: array\nModule: tls.issuance.acme\nCustom DNS resolvers to prefer over system/built-in defaults.\nOften necessary to configure when using split-horizon DNS.\n", + "markdownDescription": "resolvers: `array` \nModule: `tls.issuance.acme` \nCustom DNS resolvers to prefer over system/built-in defaults.\nOften necessary to configure when using split-horizon DNS. \n", + "type": "array", + "items": { + "description": "Custom DNS resolvers to prefer over system/built-in defaults.\nOften necessary to configure when using split-horizon DNS.\n", + "markdownDescription": "Custom DNS resolvers to prefer over system/built-in defaults.\nOften necessary to configure when using split-horizon DNS. \n", + "type": "string" + } + }, + "ttl": { + "description": "ttl: number\nModule: tls.issuance.acme\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nThe TTL of the TXT record used for the DNS challenge.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "ttl: `number` \nModule: `tls.issuance.acme` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nThe TTL of the TXT record used for the DNS challenge.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + } + } + }, + "http": { + "description": "http: object\nModule: tls.issuance.acme\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#HTTPChallengeConfig\nHTTP configures the ACME HTTP challenge. This\nchallenge is enabled and used automatically\nand by default.\n\n\nHTTPChallengeConfig configures the ACME HTTP challenge.\n", + "markdownDescription": "http: `object` \nModule: `tls.issuance.acme` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#HTTPChallengeConfig) \nHTTP configures the ACME HTTP challenge. This\nchallenge is enabled and used automatically\nand by default.\n\n\nHTTPChallengeConfig configures the ACME HTTP challenge. \n", + "type": "object", + "properties": { + "alternate_port": { + "description": "alternate_port: number\nModule: tls.issuance.acme\nAn alternate port on which to service this\nchallenge. Note that the HTTP challenge port is\nhard-coded into the spec and cannot be changed,\nso you would have to forward packets from the\nstandard HTTP challenge port to this one.\n", + "markdownDescription": "alternate_port: `number` \nModule: `tls.issuance.acme` \nAn alternate port on which to service this\nchallenge. Note that the HTTP challenge port is\nhard-coded into the spec and cannot be changed,\nso you would have to forward packets from the\nstandard HTTP challenge port to this one. \n", + "type": "number" + }, + "disabled": { + "description": "disabled: boolean\nModule: tls.issuance.acme\nIf true, the HTTP challenge will be disabled.\n", + "markdownDescription": "disabled: `boolean` \nModule: `tls.issuance.acme` \nIf true, the HTTP challenge will be disabled. \n", + "type": "boolean" + } + } + }, + "tls-alpn": { + "description": "tls-alpn: object\nModule: tls.issuance.acme\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#TLSALPNChallengeConfig\nTLSALPN configures the ACME TLS-ALPN challenge.\nThis challenge is enabled and used automatically\nand by default.\n\n\nTLSALPNChallengeConfig configures the ACME TLS-ALPN challenge.\n", + "markdownDescription": "tls-alpn: `object` \nModule: `tls.issuance.acme` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#TLSALPNChallengeConfig) \nTLSALPN configures the ACME TLS-ALPN challenge.\nThis challenge is enabled and used automatically\nand by default.\n\n\nTLSALPNChallengeConfig configures the ACME TLS-ALPN challenge. \n", + "type": "object", + "properties": { + "alternate_port": { + "description": "alternate_port: number\nModule: tls.issuance.acme\nAn alternate port on which to service this\nchallenge. Note that the TLS-ALPN challenge port\nis hard-coded into the spec and cannot be changed,\nso you would have to forward packets from the\nstandard TLS-ALPN challenge port to this one.\n", + "markdownDescription": "alternate_port: `number` \nModule: `tls.issuance.acme` \nAn alternate port on which to service this\nchallenge. Note that the TLS-ALPN challenge port\nis hard-coded into the spec and cannot be changed,\nso you would have to forward packets from the\nstandard TLS-ALPN challenge port to this one. \n", + "type": "number" + }, + "disabled": { + "description": "disabled: boolean\nModule: tls.issuance.acme\nIf true, the TLS-ALPN challenge will be disabled.\n", + "markdownDescription": "disabled: `boolean` \nModule: `tls.issuance.acme` \nIf true, the TLS-ALPN challenge will be disabled. \n", + "type": "boolean" + } + } + } + } + }, + "email": { + "description": "email: string\nModule: tls.issuance.acme\nYour email address, so the CA can contact you if necessary.\nNot required, but strongly recommended to provide one so\nyou can be reached if there is a problem. Your email is\nnot sent to any Caddy mothership or used for any purpose\nother than ACME transactions.\n", + "markdownDescription": "email: `string` \nModule: `tls.issuance.acme` \nYour email address, so the CA can contact you if necessary.\nNot required, but strongly recommended to provide one so\nyou can be reached if there is a problem. Your email is\nnot sent to any Caddy mothership or used for any purpose\nother than ACME transactions. \n", + "type": "string" + }, + "external_account": { + "description": "external_account: object\nModule: tls.issuance.acme\nhttps://pkg.go.dev/github.com/mholt/acmez/acme#EAB\nIf using an ACME CA that requires an external account\nbinding, specify the CA-provided credentials here.\n\n\nEAB (External Account Binding) contains information\nnecessary to bind or map an ACME account to some\nother account known by the CA.\n\nExternal account bindings are \"used to associate an\nACME account with an existing account in a non-ACME\nsystem, such as a CA customer database.\"\n\n\"To enable ACME account binding, the CA operating the\nACME server needs to provide the ACME client with a\nMAC key and a key identifier, using some mechanism\noutside of ACME.\" §7.3.4\n", + "markdownDescription": "external_account: `object` \nModule: `tls.issuance.acme` \n[godoc](https://pkg.go.dev/github.com/mholt/acmez/acme#EAB) \nIf using an ACME CA that requires an external account\nbinding, specify the CA-provided credentials here.\n\n\nEAB (External Account Binding) contains information\nnecessary to bind or map an ACME account to some\nother account known by the CA.\n\nExternal account bindings are \"used to associate an\nACME account with an existing account in a non-ACME\nsystem, such as a CA customer database.\"\n\n\"To enable ACME account binding, the CA operating the\nACME server needs to provide the ACME client with a\nMAC key and a key identifier, using some mechanism\noutside of ACME.\" §7.3.4 \n", + "type": "object", + "properties": { + "key_id": { + "description": "key_id: string\nModule: tls.issuance.acme\n\"The key identifier MUST be an ASCII string.\" §7.3.4\n", + "markdownDescription": "key_id: `string` \nModule: `tls.issuance.acme` \n\"The key identifier MUST be an ASCII string.\" §7.3.4 \n", + "type": "string" + }, + "mac_key": { + "description": "mac_key: string\nModule: tls.issuance.acme\n\"The MAC key SHOULD be provided in base64url-encoded\nform, to maximize compatibility between non-ACME\nprovisioning systems and ACME clients.\" §7.3.4\n", + "markdownDescription": "mac_key: `string` \nModule: `tls.issuance.acme` \n\"The MAC key SHOULD be provided in base64url-encoded\nform, to maximize compatibility between non-ACME\nprovisioning systems and ACME clients.\" §7.3.4 \n", + "type": "string" + } + } + }, + "preferred_chains": { + "description": "preferred_chains: object\nModule: tls.issuance.acme\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ChainPreference\nPreferences for selecting alternate certificate chains, if offered\nby the CA. By default, the first offered chain will be selected.\nIf configured, the chains may be sorted and the first matching chain\nwill be selected.\n\n\nChainPreference describes the client's preferred certificate chain,\nuseful if the CA offers alternate chains. The first matching chain\nwill be selected.\n", + "markdownDescription": "preferred_chains: `object` \nModule: `tls.issuance.acme` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ChainPreference) \nPreferences for selecting alternate certificate chains, if offered\nby the CA. By default, the first offered chain will be selected.\nIf configured, the chains may be sorted and the first matching chain\nwill be selected.\n\n\nChainPreference describes the client's preferred certificate chain,\nuseful if the CA offers alternate chains. The first matching chain\nwill be selected. \n", + "type": "object", + "properties": { + "any_common_name": { + "description": "any_common_name: array\nModule: tls.issuance.acme\nSelect first chain that has any issuer with one\nof these common names.\n", + "markdownDescription": "any_common_name: `array` \nModule: `tls.issuance.acme` \nSelect first chain that has any issuer with one\nof these common names. \n", + "type": "array", + "items": { + "description": "Select first chain that has any issuer with one\nof these common names.\n", + "markdownDescription": "Select first chain that has any issuer with one\nof these common names. \n", + "type": "string" + } + }, + "root_common_name": { + "description": "root_common_name: array\nModule: tls.issuance.acme\nSelect first chain having a root with one of\nthese common names.\n", + "markdownDescription": "root_common_name: `array` \nModule: `tls.issuance.acme` \nSelect first chain having a root with one of\nthese common names. \n", + "type": "array", + "items": { + "description": "Select first chain having a root with one of\nthese common names.\n", + "markdownDescription": "Select first chain having a root with one of\nthese common names. \n", + "type": "string" + } + }, + "smallest": { + "description": "smallest: boolean\nModule: tls.issuance.acme\nPrefer chains with the fewest number of bytes.\n", + "markdownDescription": "smallest: `boolean` \nModule: `tls.issuance.acme` \nPrefer chains with the fewest number of bytes. \n", + "type": "boolean" + } + } + }, + "test_ca": { + "description": "test_ca: string\nModule: tls.issuance.acme\nThe URL to the test CA's ACME directory endpoint.\nThis endpoint is only used during retries if there\nis a failure using the primary CA. Default:\nhttps://acme-staging-v02.api.letsencrypt.org/directory\n", + "markdownDescription": "test_ca: `string` \nModule: `tls.issuance.acme` \nThe URL to the test CA's ACME directory endpoint.\nThis endpoint is only used during retries if there\nis a failure using the primary CA. Default:\nhttps://acme-staging-v02.api.letsencrypt.org/directory \n", + "type": "string" + }, + "trusted_roots_pem_files": { + "description": "trusted_roots_pem_files: array\nModule: tls.issuance.acme\nAn array of files of CA certificates to accept when connecting to the\nACME CA. Generally, you should only use this if the ACME CA endpoint\nis internal or for development/testing purposes.\n", + "markdownDescription": "trusted_roots_pem_files: `array` \nModule: `tls.issuance.acme` \nAn array of files of CA certificates to accept when connecting to the\nACME CA. Generally, you should only use this if the ACME CA endpoint\nis internal or for development/testing purposes. \n", + "type": "array", + "items": { + "description": "An array of files of CA certificates to accept when connecting to the\nACME CA. Generally, you should only use this if the ACME CA endpoint\nis internal or for development/testing purposes.\n", + "markdownDescription": "An array of files of CA certificates to accept when connecting to the\nACME CA. Generally, you should only use this if the ACME CA endpoint\nis internal or for development/testing purposes. \n", + "type": "string" + } + } + } + }, + "tls.issuance.internal": { + "description": "internal: object\nModule: tls.issuance.internal\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#InternalIssuer\nInternalIssuer is a certificate issuer that generates\ncertificates internally using a locally-configured\nCA which can be customized using the `pki` app.\n\n", + "markdownDescription": "internal: `object` \nModule: `tls.issuance.internal` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#InternalIssuer) \nInternalIssuer is a certificate issuer that generates\ncertificates internally using a locally-configured\nCA which can be customized using the `pki` app.\n \n", + "type": "object", + "properties": { + "ca": { + "description": "ca: string\nModule: tls.issuance.internal\nThe ID of the CA to use for signing. The default\nCA ID is \"local\". The CA can be configured with the\n`pki` app.\n", + "markdownDescription": "ca: `string` \nModule: `tls.issuance.internal` \nThe ID of the CA to use for signing. The default\nCA ID is \"local\". The CA can be configured with the\n`pki` app. \n", + "type": "string" + }, + "lifetime": { + "description": "lifetime: number\nModule: tls.issuance.internal\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nThe validity period of certificates.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "lifetime: `number` \nModule: `tls.issuance.internal` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nThe validity period of certificates.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "sign_with_root": { + "description": "sign_with_root: boolean\nModule: tls.issuance.internal\nIf true, the root will be the issuer instead of\nthe intermediate. This is NOT recommended and should\nonly be used when devices/clients do not properly\nvalidate certificate chains.\n", + "markdownDescription": "sign_with_root: `boolean` \nModule: `tls.issuance.internal` \nIf true, the root will be the issuer instead of\nthe intermediate. This is NOT recommended and should\nonly be used when devices/clients do not properly\nvalidate certificate chains. \n", + "type": "boolean" + } + } + }, + "tls.issuance.zerossl": { + "description": "zerossl: object\nModule: tls.issuance.zerossl\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ZeroSSLIssuer\nZeroSSLIssuer makes an ACME manager\nfor managing certificates using ACME.\n\n", + "markdownDescription": "zerossl: `object` \nModule: `tls.issuance.zerossl` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ZeroSSLIssuer) \nZeroSSLIssuer makes an ACME manager\nfor managing certificates using ACME.\n \n", + "type": "object", + "properties": { + "account_key": { + "description": "account_key: string\nModule: tls.issuance.zerossl\nIf you have an existing account with the ACME server, put\nthe private key here in PEM format. The ACME client will\nlook up your account information with this key first before\ntrying to create a new one. You can use placeholders here,\nfor example if you have it in an environment variable.\n", + "markdownDescription": "account_key: `string` \nModule: `tls.issuance.zerossl` \nIf you have an existing account with the ACME server, put\nthe private key here in PEM format. The ACME client will\nlook up your account information with this key first before\ntrying to create a new one. You can use placeholders here,\nfor example if you have it in an environment variable. \n", + "type": "string" + }, + "acme_timeout": { + "description": "acme_timeout: number\nModule: tls.issuance.zerossl\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nTime to wait before timing out an ACME operation.\nDefault: 0 (no timeout)\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "acme_timeout: `number` \nModule: `tls.issuance.zerossl` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nTime to wait before timing out an ACME operation.\nDefault: 0 (no timeout)\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "api_key": { + "description": "api_key: string\nModule: tls.issuance.zerossl\nThe API key (or \"access key\") for using the ZeroSSL API.\n", + "markdownDescription": "api_key: `string` \nModule: `tls.issuance.zerossl` \nThe API key (or \"access key\") for using the ZeroSSL API. \n", + "type": "string" + }, + "ca": { + "description": "ca: string\nModule: tls.issuance.zerossl\nThe URL to the CA's ACME directory endpoint. Default:\nhttps://acme-v02.api.letsencrypt.org/directory\n", + "markdownDescription": "ca: `string` \nModule: `tls.issuance.zerossl` \nThe URL to the CA's ACME directory endpoint. Default:\nhttps://acme-v02.api.letsencrypt.org/directory \n", + "type": "string" + }, + "challenges": { + "description": "challenges: object\nModule: tls.issuance.zerossl\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ChallengesConfig\nConfigures the various ACME challenge types.\n\n\nChallengesConfig configures the ACME challenges.\n", + "markdownDescription": "challenges: `object` \nModule: `tls.issuance.zerossl` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ChallengesConfig) \nConfigures the various ACME challenge types.\n\n\nChallengesConfig configures the ACME challenges. \n", + "type": "object", + "properties": { + "bind_host": { + "description": "bind_host: string\nModule: tls.issuance.zerossl\nOptionally customize the host to which a listener\nis bound if required for solving a challenge.\n", + "markdownDescription": "bind_host: `string` \nModule: `tls.issuance.zerossl` \nOptionally customize the host to which a listener\nis bound if required for solving a challenge. \n", + "type": "string" + }, + "dns": { + "description": "dns: object\nModule: tls.issuance.zerossl\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#DNSChallengeConfig\nConfigures the ACME DNS challenge. Because this\nchallenge typically requires credentials for\ninterfacing with a DNS provider, this challenge is\nnot enabled by default. This is the only challenge\ntype which does not require a direct connection\nto Caddy from an external server.\n\nNOTE: DNS providers are currently being upgraded,\nand this API is subject to change, but should be\nstabilized soon.\n\n\nDNSChallengeConfig configures the ACME DNS challenge.\n\nNOTE: This API is still experimental and is subject to change.\n", + "markdownDescription": "dns: `object` \nModule: `tls.issuance.zerossl` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#DNSChallengeConfig) \nConfigures the ACME DNS challenge. Because this\nchallenge typically requires credentials for\ninterfacing with a DNS provider, this challenge is\nnot enabled by default. This is the only challenge\ntype which does not require a direct connection\nto Caddy from an external server.\n\nNOTE: DNS providers are currently being upgraded,\nand this API is subject to change, but should be\nstabilized soon.\n\n\nDNSChallengeConfig configures the ACME DNS challenge.\n\nNOTE: This API is still experimental and is subject to change. \n", + "type": "object", + "properties": { + "override_domain": { + "description": "override_domain: string\nModule: tls.issuance.zerossl\nOverride the domain to use for the DNS challenge. This\nis to delegate the challenge to a different domain,\ne.g. one that updates faster or one with a provider API.\n", + "markdownDescription": "override_domain: `string` \nModule: `tls.issuance.zerossl` \nOverride the domain to use for the DNS challenge. This\nis to delegate the challenge to a different domain,\ne.g. one that updates faster or one with a provider API. \n", + "type": "string" + }, + "propagation_delay": { + "description": "propagation_delay: number\nModule: tls.issuance.zerossl\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to wait before starting propagation checks.\nDefault: 0 (no wait).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "propagation_delay: `number` \nModule: `tls.issuance.zerossl` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to wait before starting propagation checks.\nDefault: 0 (no wait).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "propagation_timeout": { + "description": "propagation_timeout: number\nModule: tls.issuance.zerossl\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nMaximum time to wait for temporary DNS record to appear.\nSet to -1 to disable propagation checks.\nDefault: 2 minutes.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "propagation_timeout: `number` \nModule: `tls.issuance.zerossl` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nMaximum time to wait for temporary DNS record to appear.\nSet to -1 to disable propagation checks.\nDefault: 2 minutes.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + }, + "provider": { + "description": "provider: any\nModule: dns.providers\nThe DNS provider module to use which will manage\nthe DNS records relevant to the ACME challenge.\n", + "markdownDescription": "provider: `any` \nModule: `dns.providers` \nThe DNS provider module to use which will manage\nthe DNS records relevant to the ACME challenge. \n" + }, + "resolvers": { + "description": "resolvers: array\nModule: tls.issuance.zerossl\nCustom DNS resolvers to prefer over system/built-in defaults.\nOften necessary to configure when using split-horizon DNS.\n", + "markdownDescription": "resolvers: `array` \nModule: `tls.issuance.zerossl` \nCustom DNS resolvers to prefer over system/built-in defaults.\nOften necessary to configure when using split-horizon DNS. \n", + "type": "array", + "items": { + "description": "Custom DNS resolvers to prefer over system/built-in defaults.\nOften necessary to configure when using split-horizon DNS.\n", + "markdownDescription": "Custom DNS resolvers to prefer over system/built-in defaults.\nOften necessary to configure when using split-horizon DNS. \n", + "type": "string" + } + }, + "ttl": { + "description": "ttl: number\nModule: tls.issuance.zerossl\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nThe TTL of the TXT record used for the DNS challenge.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "ttl: `number` \nModule: `tls.issuance.zerossl` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nThe TTL of the TXT record used for the DNS challenge.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "type": "number" + } + } + }, + "http": { + "description": "http: object\nModule: tls.issuance.zerossl\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#HTTPChallengeConfig\nHTTP configures the ACME HTTP challenge. This\nchallenge is enabled and used automatically\nand by default.\n\n\nHTTPChallengeConfig configures the ACME HTTP challenge.\n", + "markdownDescription": "http: `object` \nModule: `tls.issuance.zerossl` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#HTTPChallengeConfig) \nHTTP configures the ACME HTTP challenge. This\nchallenge is enabled and used automatically\nand by default.\n\n\nHTTPChallengeConfig configures the ACME HTTP challenge. \n", + "type": "object", + "properties": { + "alternate_port": { + "description": "alternate_port: number\nModule: tls.issuance.zerossl\nAn alternate port on which to service this\nchallenge. Note that the HTTP challenge port is\nhard-coded into the spec and cannot be changed,\nso you would have to forward packets from the\nstandard HTTP challenge port to this one.\n", + "markdownDescription": "alternate_port: `number` \nModule: `tls.issuance.zerossl` \nAn alternate port on which to service this\nchallenge. Note that the HTTP challenge port is\nhard-coded into the spec and cannot be changed,\nso you would have to forward packets from the\nstandard HTTP challenge port to this one. \n", + "type": "number" + }, + "disabled": { + "description": "disabled: boolean\nModule: tls.issuance.zerossl\nIf true, the HTTP challenge will be disabled.\n", + "markdownDescription": "disabled: `boolean` \nModule: `tls.issuance.zerossl` \nIf true, the HTTP challenge will be disabled. \n", + "type": "boolean" + } + } + }, + "tls-alpn": { + "description": "tls-alpn: object\nModule: tls.issuance.zerossl\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#TLSALPNChallengeConfig\nTLSALPN configures the ACME TLS-ALPN challenge.\nThis challenge is enabled and used automatically\nand by default.\n\n\nTLSALPNChallengeConfig configures the ACME TLS-ALPN challenge.\n", + "markdownDescription": "tls-alpn: `object` \nModule: `tls.issuance.zerossl` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#TLSALPNChallengeConfig) \nTLSALPN configures the ACME TLS-ALPN challenge.\nThis challenge is enabled and used automatically\nand by default.\n\n\nTLSALPNChallengeConfig configures the ACME TLS-ALPN challenge. \n", + "type": "object", + "properties": { + "alternate_port": { + "description": "alternate_port: number\nModule: tls.issuance.zerossl\nAn alternate port on which to service this\nchallenge. Note that the TLS-ALPN challenge port\nis hard-coded into the spec and cannot be changed,\nso you would have to forward packets from the\nstandard TLS-ALPN challenge port to this one.\n", + "markdownDescription": "alternate_port: `number` \nModule: `tls.issuance.zerossl` \nAn alternate port on which to service this\nchallenge. Note that the TLS-ALPN challenge port\nis hard-coded into the spec and cannot be changed,\nso you would have to forward packets from the\nstandard TLS-ALPN challenge port to this one. \n", + "type": "number" + }, + "disabled": { + "description": "disabled: boolean\nModule: tls.issuance.zerossl\nIf true, the TLS-ALPN challenge will be disabled.\n", + "markdownDescription": "disabled: `boolean` \nModule: `tls.issuance.zerossl` \nIf true, the TLS-ALPN challenge will be disabled. \n", + "type": "boolean" + } + } + } + } + }, + "email": { + "description": "email: string\nModule: tls.issuance.zerossl\nYour email address, so the CA can contact you if necessary.\nNot required, but strongly recommended to provide one so\nyou can be reached if there is a problem. Your email is\nnot sent to any Caddy mothership or used for any purpose\nother than ACME transactions.\n", + "markdownDescription": "email: `string` \nModule: `tls.issuance.zerossl` \nYour email address, so the CA can contact you if necessary.\nNot required, but strongly recommended to provide one so\nyou can be reached if there is a problem. Your email is\nnot sent to any Caddy mothership or used for any purpose\nother than ACME transactions. \n", + "type": "string" + }, + "external_account": { + "description": "external_account: object\nModule: tls.issuance.zerossl\nhttps://pkg.go.dev/github.com/mholt/acmez/acme#EAB\nIf using an ACME CA that requires an external account\nbinding, specify the CA-provided credentials here.\n\n\nEAB (External Account Binding) contains information\nnecessary to bind or map an ACME account to some\nother account known by the CA.\n\nExternal account bindings are \"used to associate an\nACME account with an existing account in a non-ACME\nsystem, such as a CA customer database.\"\n\n\"To enable ACME account binding, the CA operating the\nACME server needs to provide the ACME client with a\nMAC key and a key identifier, using some mechanism\noutside of ACME.\" §7.3.4\n", + "markdownDescription": "external_account: `object` \nModule: `tls.issuance.zerossl` \n[godoc](https://pkg.go.dev/github.com/mholt/acmez/acme#EAB) \nIf using an ACME CA that requires an external account\nbinding, specify the CA-provided credentials here.\n\n\nEAB (External Account Binding) contains information\nnecessary to bind or map an ACME account to some\nother account known by the CA.\n\nExternal account bindings are \"used to associate an\nACME account with an existing account in a non-ACME\nsystem, such as a CA customer database.\"\n\n\"To enable ACME account binding, the CA operating the\nACME server needs to provide the ACME client with a\nMAC key and a key identifier, using some mechanism\noutside of ACME.\" §7.3.4 \n", + "type": "object", + "properties": { + "key_id": { + "description": "key_id: string\nModule: tls.issuance.zerossl\n\"The key identifier MUST be an ASCII string.\" §7.3.4\n", + "markdownDescription": "key_id: `string` \nModule: `tls.issuance.zerossl` \n\"The key identifier MUST be an ASCII string.\" §7.3.4 \n", + "type": "string" + }, + "mac_key": { + "description": "mac_key: string\nModule: tls.issuance.zerossl\n\"The MAC key SHOULD be provided in base64url-encoded\nform, to maximize compatibility between non-ACME\nprovisioning systems and ACME clients.\" §7.3.4\n", + "markdownDescription": "mac_key: `string` \nModule: `tls.issuance.zerossl` \n\"The MAC key SHOULD be provided in base64url-encoded\nform, to maximize compatibility between non-ACME\nprovisioning systems and ACME clients.\" §7.3.4 \n", + "type": "string" + } + } + }, + "preferred_chains": { + "description": "preferred_chains: object\nModule: tls.issuance.zerossl\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ChainPreference\nPreferences for selecting alternate certificate chains, if offered\nby the CA. By default, the first offered chain will be selected.\nIf configured, the chains may be sorted and the first matching chain\nwill be selected.\n\n\nChainPreference describes the client's preferred certificate chain,\nuseful if the CA offers alternate chains. The first matching chain\nwill be selected.\n", + "markdownDescription": "preferred_chains: `object` \nModule: `tls.issuance.zerossl` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ChainPreference) \nPreferences for selecting alternate certificate chains, if offered\nby the CA. By default, the first offered chain will be selected.\nIf configured, the chains may be sorted and the first matching chain\nwill be selected.\n\n\nChainPreference describes the client's preferred certificate chain,\nuseful if the CA offers alternate chains. The first matching chain\nwill be selected. \n", + "type": "object", + "properties": { + "any_common_name": { + "description": "any_common_name: array\nModule: tls.issuance.zerossl\nSelect first chain that has any issuer with one\nof these common names.\n", + "markdownDescription": "any_common_name: `array` \nModule: `tls.issuance.zerossl` \nSelect first chain that has any issuer with one\nof these common names. \n", + "type": "array", + "items": { + "description": "Select first chain that has any issuer with one\nof these common names.\n", + "markdownDescription": "Select first chain that has any issuer with one\nof these common names. \n", + "type": "string" + } + }, + "root_common_name": { + "description": "root_common_name: array\nModule: tls.issuance.zerossl\nSelect first chain having a root with one of\nthese common names.\n", + "markdownDescription": "root_common_name: `array` \nModule: `tls.issuance.zerossl` \nSelect first chain having a root with one of\nthese common names. \n", + "type": "array", + "items": { + "description": "Select first chain having a root with one of\nthese common names.\n", + "markdownDescription": "Select first chain having a root with one of\nthese common names. \n", + "type": "string" + } + }, + "smallest": { + "description": "smallest: boolean\nModule: tls.issuance.zerossl\nPrefer chains with the fewest number of bytes.\n", + "markdownDescription": "smallest: `boolean` \nModule: `tls.issuance.zerossl` \nPrefer chains with the fewest number of bytes. \n", + "type": "boolean" + } + } + }, + "test_ca": { + "description": "test_ca: string\nModule: tls.issuance.zerossl\nThe URL to the test CA's ACME directory endpoint.\nThis endpoint is only used during retries if there\nis a failure using the primary CA. Default:\nhttps://acme-staging-v02.api.letsencrypt.org/directory\n", + "markdownDescription": "test_ca: `string` \nModule: `tls.issuance.zerossl` \nThe URL to the test CA's ACME directory endpoint.\nThis endpoint is only used during retries if there\nis a failure using the primary CA. Default:\nhttps://acme-staging-v02.api.letsencrypt.org/directory \n", + "type": "string" + }, + "trusted_roots_pem_files": { + "description": "trusted_roots_pem_files: array\nModule: tls.issuance.zerossl\nAn array of files of CA certificates to accept when connecting to the\nACME CA. Generally, you should only use this if the ACME CA endpoint\nis internal or for development/testing purposes.\n", + "markdownDescription": "trusted_roots_pem_files: `array` \nModule: `tls.issuance.zerossl` \nAn array of files of CA certificates to accept when connecting to the\nACME CA. Generally, you should only use this if the ACME CA endpoint\nis internal or for development/testing purposes. \n", + "type": "array", + "items": { + "description": "An array of files of CA certificates to accept when connecting to the\nACME CA. Generally, you should only use this if the ACME CA endpoint\nis internal or for development/testing purposes.\n", + "markdownDescription": "An array of files of CA certificates to accept when connecting to the\nACME CA. Generally, you should only use this if the ACME CA endpoint\nis internal or for development/testing purposes. \n", + "type": "string" + } + } + } + }, + "tls.stek.distributed": { + "description": "distributed: object\nModule: tls.stek.distributed\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls/distributedstek#Provider\nProvider implements a distributed STEK provider. This\nmodule will obtain STEKs from a storage module instead\nof generating STEKs internally. This allows STEKs to be\ncoordinated, improving TLS session resumption in a cluster.\n\n", + "markdownDescription": "distributed: `object` \nModule: `tls.stek.distributed` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls/distributedstek#Provider) \nProvider implements a distributed STEK provider. This\nmodule will obtain STEKs from a storage module instead\nof generating STEKs internally. This allows STEKs to be\ncoordinated, improving TLS session resumption in a cluster.\n \n", + "type": "object", + "properties": { + "storage": { + "description": "storage: object\nModule: caddy.storage\nThe storage module wherein to store and obtain session\nticket keys. If unset, Caddy's default/global-configured\nstorage module will be used.\n", + "markdownDescription": "storage: `object` \nModule: `caddy.storage` \nThe storage module wherein to store and obtain session\nticket keys. If unset, Caddy's default/global-configured\nstorage module will be used. \n", + "type": "object", + "required": [ + "module" + ], + "allOf": [ + { + "if": { + "properties": { + "module": { + "const": "consul" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.storage.consul" + } + }, + { + "if": { + "properties": { + "module": { + "const": "file_system" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.storage.file_system" + } + }, + { + "properties": { + "module": { + "description": "key to identify storage module.\nmodule: string\nModule: caddy.storage", + "markdownDescription": "key to identify `storage` module. \nmodule: `string` \nModule: `caddy.storage`", + "type": "string", + "enum": [ + "consul", + "file_system" + ] + } + } + } + ] + } + } + }, + "tls.stek.standard": { + "description": "standard: object\nModule: tls.stek.standard", + "markdownDescription": "standard: `object` \nModule: `tls.stek.standard`", + "type": "object" + } + }, + "properties": { + "admin": { + "description": "admin: object\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#AdminConfig\nAdminConfig configures Caddy's API endpoint, which is used\nto manage Caddy while it is running.\n\n", + "markdownDescription": "admin: `object` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#AdminConfig) \nAdminConfig configures Caddy's API endpoint, which is used\nto manage Caddy while it is running.\n \n", + "type": "object", + "properties": { + "config": { + "description": "config: object\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ConfigSettings\nOptions pertaining to configuration management.\n\n\nConfigSettings configures the management of configuration.\n", + "markdownDescription": "config: `object` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ConfigSettings) \nOptions pertaining to configuration management.\n\n\nConfigSettings configures the management of configuration. \n", + "type": "object", + "properties": { + "load": { + "description": "load: object\nModule: caddy.config_loaders\nLoads a configuration to use. This is helpful if your configs are\nmanaged elsewhere, and you want Caddy to pull its config dynamically\nwhen it starts. The pulled config completely replaces the current\none, just like any other config load. It is an error if a pulled\nconfig is configured to pull another config.\n\nEXPERIMENTAL: Subject to change.\n", + "markdownDescription": "load: `object` \nModule: `caddy.config_loaders` \nLoads a configuration to use. This is helpful if your configs are\nmanaged elsewhere, and you want Caddy to pull its config dynamically\nwhen it starts. The pulled config completely replaces the current\none, just like any other config load. It is an error if a pulled\nconfig is configured to pull another config.\n\nEXPERIMENTAL: Subject to change. \n", + "type": "object", + "required": [ + "module" + ], + "allOf": [ + { + "if": { + "properties": { + "module": { + "const": "http" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.config_loaders.http" + } + }, + { + "properties": { + "module": { + "description": "key to identify load module.\nmodule: string\nModule: caddy.config_loaders", + "markdownDescription": "key to identify `load` module. \nmodule: `string` \nModule: `caddy.config_loaders`", + "type": "string", + "enum": [ + "http" + ] + } + } + } + ] + }, + "load_delay": { + "description": "load_delay: number", + "markdownDescription": "load_delay: `number`", + "type": "number" + }, + "persist": { + "description": "persist: boolean\nWhether to keep a copy of the active config on disk. Default is true.\nNote that \"pulled\" dynamic configs (using the neighboring \"load\" module)\nare not persisted; only configs that are pushed to Caddy get persisted.\n", + "markdownDescription": "persist: `boolean` \nWhether to keep a copy of the active config on disk. Default is true.\nNote that \"pulled\" dynamic configs (using the neighboring \"load\" module)\nare not persisted; only configs that are pushed to Caddy get persisted. \n", + "type": "boolean" + } + } + }, + "disabled": { + "description": "disabled: boolean\nIf true, the admin endpoint will be completely disabled.\nNote that this makes any runtime changes to the config\nimpossible, since the interface to do so is through the\nadmin endpoint.\n", + "markdownDescription": "disabled: `boolean` \nIf true, the admin endpoint will be completely disabled.\nNote that this makes any runtime changes to the config\nimpossible, since the interface to do so is through the\nadmin endpoint. \n", + "type": "boolean" + }, + "enforce_origin": { + "description": "enforce_origin: boolean\nIf true, CORS headers will be emitted, and requests to the\nAPI will be rejected if their `Host` and `Origin` headers\ndo not match the expected value(s). Use `origins` to\ncustomize which origins/hosts are allowed. If `origins` is\nnot set, the listen address is the only value allowed by\ndefault. Enforced only on local (plaintext) endpoint.\n", + "markdownDescription": "enforce_origin: `boolean` \nIf true, CORS headers will be emitted, and requests to the\nAPI will be rejected if their `Host` and `Origin` headers\ndo not match the expected value(s). Use `origins` to\ncustomize which origins/hosts are allowed. If `origins` is\nnot set, the listen address is the only value allowed by\ndefault. Enforced only on local (plaintext) endpoint. \n", + "type": "boolean" + }, + "identity": { + "description": "identity: object\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#IdentityConfig\nOptions that establish this server's identity. Identity refers to\ncredentials which can be used to uniquely identify and authenticate\nthis server instance. This is required if remote administration is\nenabled (but does not require remote administration to be enabled).\nDefault: no identity management.\n\n\nIdentityConfig configures management of this server's identity. An identity\nconsists of credentials that uniquely verify this instance; for example,\nTLS certificates (public + private key pairs).\n", + "markdownDescription": "identity: `object` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#IdentityConfig) \nOptions that establish this server's identity. Identity refers to\ncredentials which can be used to uniquely identify and authenticate\nthis server instance. This is required if remote administration is\nenabled (but does not require remote administration to be enabled).\nDefault: no identity management.\n\n\nIdentityConfig configures management of this server's identity. An identity\nconsists of credentials that uniquely verify this instance; for example,\nTLS certificates (public + private key pairs). \n", + "type": "object", + "properties": { + "identifiers": { + "description": "identifiers: array\nList of names or IP addresses which refer to this server.\nCertificates will be obtained for these identifiers so\nsecure TLS connections can be made using them.\n", + "markdownDescription": "identifiers: `array` \nList of names or IP addresses which refer to this server.\nCertificates will be obtained for these identifiers so\nsecure TLS connections can be made using them. \n", + "type": "array", + "items": { + "description": "List of names or IP addresses which refer to this server.\nCertificates will be obtained for these identifiers so\nsecure TLS connections can be made using them.\n", + "markdownDescription": "List of names or IP addresses which refer to this server.\nCertificates will be obtained for these identifiers so\nsecure TLS connections can be made using them. \n", + "type": "string" + } + }, + "issuers": { + "description": "issuers: array\nModule: tls.issuance\nIssuers that can provide this admin endpoint its identity\ncertificate(s). Default: ACME issuers configured for\nZeroSSL and Let's Encrypt. Be sure to change this if you\nrequire credentials for private identifiers.\n", + "markdownDescription": "issuers: `array` \nModule: `tls.issuance` \nIssuers that can provide this admin endpoint its identity\ncertificate(s). Default: ACME issuers configured for\nZeroSSL and Let's Encrypt. Be sure to change this if you\nrequire credentials for private identifiers. \n", + "type": "array", + "items": { + "description": "Issuers that can provide this admin endpoint its identity\ncertificate(s). Default: ACME issuers configured for\nZeroSSL and Let's Encrypt. Be sure to change this if you\nrequire credentials for private identifiers.\n", + "markdownDescription": "Issuers that can provide this admin endpoint its identity\ncertificate(s). Default: ACME issuers configured for\nZeroSSL and Let's Encrypt. Be sure to change this if you\nrequire credentials for private identifiers. \n", + "required": [ + "module" + ], + "allOf": [ + { + "if": { + "properties": { + "module": { + "const": "acme" + } + } + }, + "then": { + "$ref": "#/definitions/tls.issuance.acme" + } + }, + { + "if": { + "properties": { + "module": { + "const": "internal" + } + } + }, + "then": { + "$ref": "#/definitions/tls.issuance.internal" + } + }, + { + "if": { + "properties": { + "module": { + "const": "zerossl" + } + } + }, + "then": { + "$ref": "#/definitions/tls.issuance.zerossl" + } + }, + { + "properties": { + "module": { + "description": "key to identify issuers module.\nmodule: string\nModule: tls.issuance", + "markdownDescription": "key to identify `issuers` module. \nmodule: `string` \nModule: `tls.issuance`", + "type": "string", + "enum": [ + "acme", + "internal", + "zerossl" + ] + } + } + } + ] + } + } + } + }, + "listen": { + "description": "listen: string\nThe address to which the admin endpoint's listener should\nbind itself. Can be any single network address that can be\nparsed by Caddy. Default: localhost:2019\n", + "markdownDescription": "listen: `string` \nThe address to which the admin endpoint's listener should\nbind itself. Can be any single network address that can be\nparsed by Caddy. Default: localhost:2019 \n", + "type": "string" + }, + "origins": { + "description": "origins: array\nThe list of allowed origins/hosts for API requests. Only needed\nif accessing the admin endpoint from a host different from the\nsocket's network interface or if `enforce_origin` is true. If not\nset, the listener address will be the default value. If set but\nempty, no origins will be allowed. Enforced only on local\n(plaintext) endpoint.\n", + "markdownDescription": "origins: `array` \nThe list of allowed origins/hosts for API requests. Only needed\nif accessing the admin endpoint from a host different from the\nsocket's network interface or if `enforce_origin` is true. If not\nset, the listener address will be the default value. If set but\nempty, no origins will be allowed. Enforced only on local\n(plaintext) endpoint. \n", + "type": "array", + "items": { + "description": "The list of allowed origins/hosts for API requests. Only needed\nif accessing the admin endpoint from a host different from the\nsocket's network interface or if `enforce_origin` is true. If not\nset, the listener address will be the default value. If set but\nempty, no origins will be allowed. Enforced only on local\n(plaintext) endpoint.\n", + "markdownDescription": "The list of allowed origins/hosts for API requests. Only needed\nif accessing the admin endpoint from a host different from the\nsocket's network interface or if `enforce_origin` is true. If not\nset, the listener address will be the default value. If set but\nempty, no origins will be allowed. Enforced only on local\n(plaintext) endpoint. \n", + "type": "string" + } + }, + "remote": { + "description": "remote: object\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#RemoteAdmin\nOptions pertaining to remote administration. By default, remote\nadministration is disabled. If enabled, identity management must\nalso be configured, as that is how the endpoint is secured.\nSee the neighboring \"identity\" object.\n\nEXPERIMENTAL: This feature is subject to change.\n\n\nRemoteAdmin enables and configures remote administration. If enabled,\na secure listener enforcing mutual TLS authentication will be started\non a different port from the standard plaintext admin server.\n\nThis endpoint is secured using identity management, which must be\nconfigured separately (because identity management does not depend\non remote administration). See the admin/identity config struct.\n\nEXPERIMENTAL: Subject to change.\n", + "markdownDescription": "remote: `object` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#RemoteAdmin) \nOptions pertaining to remote administration. By default, remote\nadministration is disabled. If enabled, identity management must\nalso be configured, as that is how the endpoint is secured.\nSee the neighboring \"identity\" object.\n\nEXPERIMENTAL: This feature is subject to change.\n\n\nRemoteAdmin enables and configures remote administration. If enabled,\na secure listener enforcing mutual TLS authentication will be started\non a different port from the standard plaintext admin server.\n\nThis endpoint is secured using identity management, which must be\nconfigured separately (because identity management does not depend\non remote administration). See the admin/identity config struct.\n\nEXPERIMENTAL: Subject to change. \n", + "type": "object", + "properties": { + "access_control": { + "description": "access_control: array\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#AdminAccess\nList of access controls for this secure admin endpoint.\nThis configures TLS mutual authentication (i.e. authorized\nclient certificates), but also application-layer permissions\nlike which paths and methods each identity is authorized for.\n\n\nAdminAccess specifies what permissions an identity or group\nof identities are granted.\n", + "markdownDescription": "access_control: `array` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#AdminAccess) \nList of access controls for this secure admin endpoint.\nThis configures TLS mutual authentication (i.e. authorized\nclient certificates), but also application-layer permissions\nlike which paths and methods each identity is authorized for.\n\n\nAdminAccess specifies what permissions an identity or group\nof identities are granted. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2#AdminAccess\nList of access controls for this secure admin endpoint.\nThis configures TLS mutual authentication (i.e. authorized\nclient certificates), but also application-layer permissions\nlike which paths and methods each identity is authorized for.\n\n\nAdminAccess specifies what permissions an identity or group\nof identities are granted.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#AdminAccess) \nList of access controls for this secure admin endpoint.\nThis configures TLS mutual authentication (i.e. authorized\nclient certificates), but also application-layer permissions\nlike which paths and methods each identity is authorized for.\n\n\nAdminAccess specifies what permissions an identity or group\nof identities are granted. \n", + "type": "object", + "properties": { + "permissions": { + "description": "permissions: array\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#AdminPermissions\nLimits what the associated identities are allowed to do.\nIf unspecified, all permissions are granted.\n\n\nAdminPermissions specifies what kinds of requests are allowed\nto be made to the admin endpoint.\n", + "markdownDescription": "permissions: `array` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#AdminPermissions) \nLimits what the associated identities are allowed to do.\nIf unspecified, all permissions are granted.\n\n\nAdminPermissions specifies what kinds of requests are allowed\nto be made to the admin endpoint. \n", + "type": "array", + "items": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2#AdminPermissions\nLimits what the associated identities are allowed to do.\nIf unspecified, all permissions are granted.\n\n\nAdminPermissions specifies what kinds of requests are allowed\nto be made to the admin endpoint.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#AdminPermissions) \nLimits what the associated identities are allowed to do.\nIf unspecified, all permissions are granted.\n\n\nAdminPermissions specifies what kinds of requests are allowed\nto be made to the admin endpoint. \n", + "type": "object", + "properties": { + "methods": { + "description": "methods: array\nThe HTTP methods allowed for the given paths.\n", + "markdownDescription": "methods: `array` \nThe HTTP methods allowed for the given paths. \n", + "type": "array", + "items": { + "description": "The HTTP methods allowed for the given paths.\n", + "markdownDescription": "The HTTP methods allowed for the given paths. \n", + "type": "string" + } + }, + "paths": { + "description": "paths: array\nThe API paths allowed. Paths are simple prefix matches.\nAny subpath of the specified paths will be allowed.\n", + "markdownDescription": "paths: `array` \nThe API paths allowed. Paths are simple prefix matches.\nAny subpath of the specified paths will be allowed. \n", + "type": "array", + "items": { + "description": "The API paths allowed. Paths are simple prefix matches.\nAny subpath of the specified paths will be allowed.\n", + "markdownDescription": "The API paths allowed. Paths are simple prefix matches.\nAny subpath of the specified paths will be allowed. \n", + "type": "string" + } + } + } + } + }, + "public_keys": { + "description": "public_keys: array\nBase64-encoded DER certificates containing public keys to accept.\n(The contents of PEM certificate blocks are base64-encoded DER.)\nAny of these public keys can appear in any part of a verified chain.\n", + "markdownDescription": "public_keys: `array` \nBase64-encoded DER certificates containing public keys to accept.\n(The contents of PEM certificate blocks are base64-encoded DER.)\nAny of these public keys can appear in any part of a verified chain. \n", + "type": "array", + "items": { + "description": "Base64-encoded DER certificates containing public keys to accept.\n(The contents of PEM certificate blocks are base64-encoded DER.)\nAny of these public keys can appear in any part of a verified chain.\n", + "markdownDescription": "Base64-encoded DER certificates containing public keys to accept.\n(The contents of PEM certificate blocks are base64-encoded DER.)\nAny of these public keys can appear in any part of a verified chain. \n", + "type": "string" + } + } + } + } + }, + "listen": { + "description": "listen: string\nThe address on which to start the secure listener.\nDefault: :2021\n", + "markdownDescription": "listen: `string` \nThe address on which to start the secure listener.\nDefault: :2021 \n", + "type": "string" + } + } + } + } + }, + "apps": { + "description": "apps: object\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nAppsRaw are the apps that Caddy will load and run. The\napp module name is the key, and the app's config is the\nassociated value.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", + "markdownDescription": "apps: `object` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nAppsRaw are the apps that Caddy will load and run. The\napp module name is the key, and the app's config is the\nassociated value.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", + "type": "object", + "properties": { + "http": { + "$ref": "#/definitions/http" + }, + "layer4": { + "$ref": "#/definitions/layer4" + }, + "pki": { + "$ref": "#/definitions/pki" + }, + "tls": { + "$ref": "#/definitions/tls" + } + } + }, + "logging": { + "description": "logging: object\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Logging\nLogging facilitates logging within Caddy. The default log is\ncalled \"default\" and you can customize it. You can also define\nadditional logs.\n\nBy default, all logs at INFO level and higher are written to\nstandard error (\"stderr\" writer) in a human-readable format\n(\"console\" encoder if stdout is an interactive terminal, \"json\"\nencoder otherwise).\n\nAll defined logs accept all log entries by default, but you\ncan filter by level and module/logger names. A logger's name\nis the same as the module's name, but a module may append to\nlogger names for more specificity. For example, you can\nfilter logs emitted only by HTTP handlers using the name\n\"http.handlers\", because all HTTP handler module names have\nthat prefix.\n\nCaddy logs (except the sink) are zero-allocation, so they are\nvery high-performing in terms of memory and CPU time. Enabling\nsampling can further increase throughput on extremely high-load\nservers.\n\n", + "markdownDescription": "logging: `object` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Logging) \nLogging facilitates logging within Caddy. The default log is\ncalled \"default\" and you can customize it. You can also define\nadditional logs.\n\nBy default, all logs at INFO level and higher are written to\nstandard error (\"stderr\" writer) in a human-readable format\n(\"console\" encoder if stdout is an interactive terminal, \"json\"\nencoder otherwise).\n\nAll defined logs accept all log entries by default, but you\ncan filter by level and module/logger names. A logger's name\nis the same as the module's name, but a module may append to\nlogger names for more specificity. For example, you can\nfilter logs emitted only by HTTP handlers using the name\n\"http.handlers\", because all HTTP handler module names have\nthat prefix.\n\nCaddy logs (except the sink) are zero-allocation, so they are\nvery high-performing in terms of memory and CPU time. Enabling\nsampling can further increase throughput on extremely high-load\nservers.\n \n", + "type": "object", + "properties": { + "logs": { + "description": "logs: object\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#CustomLog\nLogs are your logs, keyed by an arbitrary name of your\nchoosing. The default log can be customized by defining\na log called \"default\". You can further define other logs\nand filter what kinds of entries they accept.\n\n\nCustomLog represents a custom logger configuration.\n\nBy default, a log will emit all log entries. Some entries\nwill be skipped if sampling is enabled. Further, the Include\nand Exclude parameters define which loggers (by name) are\nallowed or rejected from emitting in this log. If both Include\nand Exclude are populated, their values must be mutually\nexclusive, and longer namespaces have priority. If neither\nare populated, all logs are emitted.\n", + "markdownDescription": "logs: `object` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#CustomLog) \nLogs are your logs, keyed by an arbitrary name of your\nchoosing. The default log can be customized by defining\na log called \"default\". You can further define other logs\nand filter what kinds of entries they accept.\n\n\nCustomLog represents a custom logger configuration.\n\nBy default, a log will emit all log entries. Some entries\nwill be skipped if sampling is enabled. Further, the Include\nand Exclude parameters define which loggers (by name) are\nallowed or rejected from emitting in this log. If both Include\nand Exclude are populated, their values must be mutually\nexclusive, and longer namespaces have priority. If neither\nare populated, all logs are emitted. \n", + "type": "object", + "additionalProperties": { + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2#CustomLog\nLogs are your logs, keyed by an arbitrary name of your\nchoosing. The default log can be customized by defining\na log called \"default\". You can further define other logs\nand filter what kinds of entries they accept.\n\n\nCustomLog represents a custom logger configuration.\n\nBy default, a log will emit all log entries. Some entries\nwill be skipped if sampling is enabled. Further, the Include\nand Exclude parameters define which loggers (by name) are\nallowed or rejected from emitting in this log. If both Include\nand Exclude are populated, their values must be mutually\nexclusive, and longer namespaces have priority. If neither\nare populated, all logs are emitted.\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#CustomLog) \nLogs are your logs, keyed by an arbitrary name of your\nchoosing. The default log can be customized by defining\na log called \"default\". You can further define other logs\nand filter what kinds of entries they accept.\n\n\nCustomLog represents a custom logger configuration.\n\nBy default, a log will emit all log entries. Some entries\nwill be skipped if sampling is enabled. Further, the Include\nand Exclude parameters define which loggers (by name) are\nallowed or rejected from emitting in this log. If both Include\nand Exclude are populated, their values must be mutually\nexclusive, and longer namespaces have priority. If neither\nare populated, all logs are emitted. \n", + "properties": { + "encoder": { + "description": "encoder: object\nModule: caddy.logging.encoders\nThe encoder is how the log entries are formatted or encoded.\n", + "markdownDescription": "encoder: `object` \nModule: `caddy.logging.encoders` \nThe encoder is how the log entries are formatted or encoded. \n", + "type": "object", + "required": [ + "format" + ], + "allOf": [ + { + "if": { + "properties": { + "format": { + "const": "console" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.console" + } + }, + { + "if": { + "properties": { + "format": { + "const": "filter" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.filter" + } + }, + { + "if": { + "properties": { + "format": { + "const": "json" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.json" + } + }, + { + "properties": { + "format": { + "description": "key to identify encoder module.\nformat: string\nModule: caddy.logging.encoders", + "markdownDescription": "key to identify `encoder` module. \nformat: `string` \nModule: `caddy.logging.encoders`", + "type": "string", + "enum": [ + "console", + "filter", + "json" + ] + } + } + } + ] + }, + "exclude": { + "description": "exclude: array\nExclude defines the names of loggers that should be\nskipped by this log. For example, to exclude only\nHTTP access logs, you would exclude \"http.log.access\".\n", + "markdownDescription": "exclude: `array` \nExclude defines the names of loggers that should be\nskipped by this log. For example, to exclude only\nHTTP access logs, you would exclude \"http.log.access\". \n", + "type": "array", + "items": { + "description": "Exclude defines the names of loggers that should be\nskipped by this log. For example, to exclude only\nHTTP access logs, you would exclude \"http.log.access\".\n", + "markdownDescription": "Exclude defines the names of loggers that should be\nskipped by this log. For example, to exclude only\nHTTP access logs, you would exclude \"http.log.access\". \n", + "type": "string" + } + }, + "include": { + "description": "include: array\nInclude defines the names of loggers to emit in this\nlog. For example, to include only logs emitted by the\nadmin API, you would include \"admin.api\".\n", + "markdownDescription": "include: `array` \nInclude defines the names of loggers to emit in this\nlog. For example, to include only logs emitted by the\nadmin API, you would include \"admin.api\". \n", + "type": "array", + "items": { + "description": "Include defines the names of loggers to emit in this\nlog. For example, to include only logs emitted by the\nadmin API, you would include \"admin.api\".\n", + "markdownDescription": "Include defines the names of loggers to emit in this\nlog. For example, to include only logs emitted by the\nadmin API, you would include \"admin.api\". \n", + "type": "string" + } + }, + "level": { + "description": "level: string\nLevel is the minimum level to emit, and is inclusive.\nPossible levels: DEBUG, INFO, WARN, ERROR, PANIC, and FATAL\n", + "markdownDescription": "level: `string` \nLevel is the minimum level to emit, and is inclusive.\nPossible levels: DEBUG, INFO, WARN, ERROR, PANIC, and FATAL \n", + "type": "string" + }, + "sampling": { + "description": "sampling: object\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#LogSampling\nSampling configures log entry sampling. If enabled,\nonly some log entries will be emitted. This is useful\nfor improving performance on extremely high-pressure\nservers.\n\n\nLogSampling configures log entry sampling.\n", + "markdownDescription": "sampling: `object` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#LogSampling) \nSampling configures log entry sampling. If enabled,\nonly some log entries will be emitted. This is useful\nfor improving performance on extremely high-pressure\nservers.\n\n\nLogSampling configures log entry sampling. \n", + "type": "object", + "properties": { + "first": { + "description": "first: number\nLog this many entries within a given level and\nmessage for each interval.\n", + "markdownDescription": "first: `number` \nLog this many entries within a given level and\nmessage for each interval. \n", + "type": "number" + }, + "interval": { + "description": "interval: number\nhttps://pkg.go.dev/time#Duration\nThe window over which to conduct sampling.\n\n\nA Duration represents the elapsed time between two instants\nas an int64 nanosecond count. The representation limits the\nlargest representable duration to approximately 290 years.\n", + "markdownDescription": "interval: `number` \n[godoc](https://pkg.go.dev/time#Duration) \nThe window over which to conduct sampling.\n\n\nA Duration represents the elapsed time between two instants\nas an int64 nanosecond count. The representation limits the\nlargest representable duration to approximately 290 years. \n", + "type": "number" + }, + "thereafter": { + "description": "thereafter: number\nIf more entries with the same level and message\nare seen during the same interval, keep one in\nthis many entries until the end of the interval.\n", + "markdownDescription": "thereafter: `number` \nIf more entries with the same level and message\nare seen during the same interval, keep one in\nthis many entries until the end of the interval. \n", + "type": "number" + } + } + }, + "writer": { + "description": "writer: object\nModule: caddy.logging.writers\nThe writer defines where log entries are emitted.\n", + "markdownDescription": "writer: `object` \nModule: `caddy.logging.writers` \nThe writer defines where log entries are emitted. \n", + "type": "object", + "required": [ + "output" + ], + "allOf": [ + { + "if": { + "properties": { + "output": { + "const": "discard" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.writers.discard" + } + }, + { + "if": { + "properties": { + "output": { + "const": "file" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.writers.file" + } + }, + { + "if": { + "properties": { + "output": { + "const": "net" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.writers.net" + } + }, + { + "if": { + "properties": { + "output": { + "const": "stderr" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.writers.stderr" + } + }, + { + "if": { + "properties": { + "output": { + "const": "stdout" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.writers.stdout" + } + }, + { + "properties": { + "output": { + "description": "key to identify writer module.\noutput: string\nModule: caddy.logging.writers", + "markdownDescription": "key to identify `writer` module. \noutput: `string` \nModule: `caddy.logging.writers`", + "type": "string", + "enum": [ + "discard", + "file", + "net", + "stderr", + "stdout" + ] + } + } + } + ] + } + } + } + }, + "sink": { + "description": "sink: object\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#StandardLibLog\nSink is the destination for all unstructured logs emitted\nfrom Go's standard library logger. These logs are common\nin dependencies that are not designed specifically for use\nin Caddy. Because it is global and unstructured, the sink\nlacks most advanced features and customizations.\n\n\nStandardLibLog configures the default Go standard library\nglobal logger in the log package. This is necessary because\nmodule dependencies which are not built specifically for\nCaddy will use the standard logger. This is also known as\nthe \"sink\" logger.\n", + "markdownDescription": "sink: `object` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#StandardLibLog) \nSink is the destination for all unstructured logs emitted\nfrom Go's standard library logger. These logs are common\nin dependencies that are not designed specifically for use\nin Caddy. Because it is global and unstructured, the sink\nlacks most advanced features and customizations.\n\n\nStandardLibLog configures the default Go standard library\nglobal logger in the log package. This is necessary because\nmodule dependencies which are not built specifically for\nCaddy will use the standard logger. This is also known as\nthe \"sink\" logger. \n", + "type": "object", + "properties": { + "writer": { + "description": "writer: object\nModule: caddy.logging.writers\nThe module that writes out log entries for the sink.\n", + "markdownDescription": "writer: `object` \nModule: `caddy.logging.writers` \nThe module that writes out log entries for the sink. \n", + "type": "object", + "required": [ + "output" + ], + "allOf": [ + { + "if": { + "properties": { + "output": { + "const": "net" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.writers.net" + } + }, + { + "if": { + "properties": { + "output": { + "const": "stderr" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.writers.stderr" + } + }, + { + "if": { + "properties": { + "output": { + "const": "stdout" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.writers.stdout" + } + }, + { + "if": { + "properties": { + "output": { + "const": "discard" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.writers.discard" + } + }, + { + "if": { + "properties": { + "output": { + "const": "file" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.writers.file" + } + }, + { + "properties": { + "output": { + "description": "key to identify writer module.\noutput: string\nModule: caddy.logging.writers", + "markdownDescription": "key to identify `writer` module. \noutput: `string` \nModule: `caddy.logging.writers`", + "type": "string", + "enum": [ + "net", + "stderr", + "stdout", + "discard", + "file" + ] + } + } + } + ] + } + } + } + } + }, + "storage": { + "description": "storage: object\nModule: caddy.storage\nStorageRaw is a storage module that defines how/where Caddy\nstores assets (such as TLS certificates). The default storage\nmodule is `caddy.storage.file_system` (the local file system),\nand the default path\n[depends on the OS and environment](/docs/conventions#data-directory).\n", + "markdownDescription": "storage: `object` \nModule: `caddy.storage` \nStorageRaw is a storage module that defines how/where Caddy\nstores assets (such as TLS certificates). The default storage\nmodule is `caddy.storage.file_system` (the local file system),\nand the default path\n[depends on the OS and environment](/docs/conventions#data-directory). \n", + "type": "object", + "required": [ + "module" + ], + "allOf": [ + { + "if": { + "properties": { + "module": { + "const": "consul" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.storage.consul" + } + }, + { + "if": { + "properties": { + "module": { + "const": "file_system" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.storage.file_system" + } + }, + { + "properties": { + "module": { + "description": "key to identify storage module.\nmodule: string\nModule: caddy.storage", + "markdownDescription": "key to identify `storage` module. \nmodule: `string` \nModule: `caddy.storage`", + "type": "string", + "enum": [ + "consul", + "file_system" + ] + } + } + } + ] + } + }, + "additionalItems": true +} diff --git a/profiles/base-user/home.nix b/profiles/base-user/home.nix index 1ae6bd36..f87c136a 100644 --- a/profiles/base-user/home.nix +++ b/profiles/base-user/home.nix @@ -55,6 +55,10 @@ in # Ensure nvim backup directory gets created # Workaround for E510: Can't make backup file (add ! to override) xdg.dataFile."nvim/backup/.keep".text = ""; + xdg.dataFile."nvim/json-schemas/.keep".text = ""; + # Generated with: + # docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json + xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json; xdg.dataFile."nvim/templates/.keep".text = ""; xdg.dataFile."shell.nix.tmpl" = { text = '' -- 2.44.2 From 4339f04f7ccd929212ba7fc59b7ce1d40f9b2813 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 2 Aug 2022 15:31:06 +0200 Subject: [PATCH 241/320] neovim: use vimagit from latest master commit --- modules/terminal-life/nvim/default.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 8e073288..0613d511 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -5,6 +5,16 @@ let preview-file = pkgs.writeShellScriptBin "preview-file" (import ./preview-file.nix pkgs); + vimagit-master = pkgs.vimUtils.buildVimPlugin { + name = "vimagit-master"; + src = pkgs.fetchFromGitHub { + owner = "jreybert"; + repo = "vimagit"; + rev = "308650ddc1e9a94e49fae0ea04bbc1c45f23d4c4"; + sha256 = "sha256-fhazQQqyFaO0fdoeNI9nBshwTDhKNHH262H/QThtuO0="; + }; + }; + instant-nvim = pkgs.vimUtils.buildVimPlugin { name = "instant"; src = pkgs.fetchFromGitHub { @@ -118,7 +128,7 @@ in fugitive vim-gitgutter vim-rhubarb - vimagit + vimagit-master fzf-vim fzfWrapper -- 2.44.2 From 0619a69f32309c5624de0d679197c12518c83390 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 2 Aug 2022 15:31:27 +0200 Subject: [PATCH 242/320] neovim: add vim-nixhash plugin --- modules/terminal-life/nvim/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 0613d511..1d6645ff 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -150,6 +150,7 @@ in SchemaStore-nvim vim-markdown vim-nix + vim-nixhash vim-ruby vim-toml vim-vue -- 2.44.2 From be0ae1a79932c06ff0b10c2d57c54ae5700938a6 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 2 Aug 2022 15:32:24 +0200 Subject: [PATCH 243/320] neovim: fix quoting, use vim.fn.stdpath to get the neovim config directory path --- modules/terminal-life/nvim/lsp.vim | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index b9b8c421..bf7f0322 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -126,10 +126,10 @@ lua < Date: Wed, 10 Aug 2022 22:42:14 +0200 Subject: [PATCH 244/320] Add spotify as an audio option Adds a `config.pub-solar.audio.spotify` option that when enabled installs and configures `spotifyd` as a systemd daemon and `spotify-tui` as the terminal-based UI. After enabling, run `spt` in the terminal to open the UI. --- modules/audio/default.nix | 27 ++++++++++++++++++++++++++- profiles/base-user/default.nix | 8 +++++++- 2 files changed, 33 insertions(+), 2 deletions(-) diff --git a/modules/audio/default.nix b/modules/audio/default.nix index fcceefd3..b43dc4ac 100644 --- a/modules/audio/default.nix +++ b/modules/audio/default.nix @@ -9,10 +9,21 @@ in options.pub-solar.audio = { enable = mkEnableOption "Life in highs and lows"; mopidy.enable = mkEnableOption "Life with mopidy"; + spotify.enable = mkEnableOption "Life in DRM"; + spotify.username = mkOption { + description = "Spotify login username or email"; + type = types.str; + example = "yourname@example.com"; + default = ""; + }; bluetooth.enable = mkEnableOption "Life with bluetooth"; }; config = mkIf cfg.enable { + users.users = pkgs.lib.setAttrByPath [ psCfg.user.name ] { + extraGroups = [ "audio" ]; + }; + home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { home.packages = [ # easyeffects, e.g. for microphone noise filtering @@ -24,9 +35,23 @@ in # Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?) pulseaudio vimpc - ]; + ] ++ (if cfg.spotify.enable then [ pkgs.spotify-tui ] else [ ]); xdg.configFile."vimpc/vimpcrc".source = ./.config/vimpc/vimpcrc; systemd.user.services.easyeffects = import ./easyeffects.service.nix pkgs; + + services.spotifyd = mkIf cfg.spotify.enable { + enable = true; + settings = { + global = { + username = cfg.spotify.username; + password_cmd = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1001/bus ${pkgs.libsecret}/bin/secret-tool lookup spotify password"; + bitrate = 320; + volume_normalisation = true; + no_audio_cache = false; + max_cache_size = 1000000000; + }; + }; + }; }; # Enable sound using pipewire-pulse diff --git a/profiles/base-user/default.nix b/profiles/base-user/default.nix index 8f304794..9ff21c8e 100644 --- a/profiles/base-user/default.nix +++ b/profiles/base-user/default.nix @@ -16,7 +16,13 @@ in # home to /home/username, useDefaultShell to true, and isSystemUser to false. isNormalUser = true; description = psCfg.user.description; - extraGroups = [ "wheel" "docker" "input" "audio" "networkmanager" "lp" "scanner" ]; + extraGroups = [ + "wheel" + "input" + "networkmanager" + "lp" + "scanner" + ]; initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else ""; shell = pkgs.zsh; openssh.authorizedKeys.keyFiles = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else [ ]; -- 2.44.2 From 45202d98ec26067f4dce7910194e7edbeb9db3c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Wed, 10 Aug 2022 22:43:54 +0200 Subject: [PATCH 245/320] Add Arduino module This adds a small arduino development module that installs development tooling and adds the user to the `dialout` group. --- modules/arduino/default.nix | 23 +++++++++++++++++++++++ overlays/overrides.nix | 2 ++ 2 files changed, 25 insertions(+) create mode 100644 modules/arduino/default.nix diff --git a/modules/arduino/default.nix b/modules/arduino/default.nix new file mode 100644 index 00000000..926a0f62 --- /dev/null +++ b/modules/arduino/default.nix @@ -0,0 +1,23 @@ +{ lib, config, pkgs, ... }: +with lib; +let + psCfg = config.pub-solar; + cfg = config.pub-solar.devops; +in +{ + options.pub-solar.arduino = { + enable = mkEnableOption "Life with home automation"; + }; + config = mkIf cfg.enable { + users.users = pkgs.lib.setAttrByPath [ psCfg.user.name ] { + extraGroups = [ "dialout" ]; + }; + + home-manager = with pkgs; pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { + home.packages = [ + arduino + arduino-cli + ]; + }; + }; +} diff --git a/overlays/overrides.nix b/overlays/overrides.nix index 8c016e15..df75736d 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -15,6 +15,8 @@ channels: final: prev: { deploy-rs tdesktop + arduino + arduino-cli ; -- 2.44.2 From d11b90d830c2976bcfc4489380fbea3c98dbbe9c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 13 Aug 2022 12:06:24 +0200 Subject: [PATCH 246/320] Update lock file so deploy-rs is available --- flake.lock | 109 +++++++++++++++++++++++++++-------------------------- 1 file changed, 55 insertions(+), 54 deletions(-) diff --git a/flake.lock b/flake.lock index d29bd0f0..f6a8edfc 100644 --- a/flake.lock +++ b/flake.lock @@ -67,11 +67,11 @@ ] }, "locked": { - "lastModified": 1642035816, - "narHash": "sha256-1Lq5c1AeUv/1SK08+O704JVfDdD/zodHzA0cv0TIga8=", + "lastModified": 1654190822, + "narHash": "sha256-B8z3stYaULNDBBjzJHrFHGgiJHrLqhBkxH+9u5iBP7E=", "owner": "divnix", "repo": "bud", - "rev": "a789d710851441ba7e7cd59be378623b1fe05688", + "rev": "0ff3e4e4b8791ea4d827bf5bfcac28cef060f209", "type": "github" }, "original": { @@ -87,11 +87,11 @@ ] }, "locked": { - "lastModified": 1651916036, - "narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=", + "lastModified": 1657835815, + "narHash": "sha256-CnZszAYpNKydh6N7+xg+eRtWNVoAAGqc6bg+Lpgq1xc=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba", + "rev": "54a24f042f93c79f5679f133faddedec61955cf2", "type": "github" }, "original": { @@ -108,11 +108,11 @@ ] }, "locked": { - "lastModified": 1650976225, - "narHash": "sha256-PGM65SQHS63Dd5MmLJo3GJsZP9lJVZmpWxluQoG1Dt8=", + "lastModified": 1651916036, + "narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "bb3baef6e115ae47bc2ab4973bd3a486488485b0", + "rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba", "type": "github" }, "original": { @@ -130,11 +130,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1653594315, - "narHash": "sha256-kJ0ENmnQJ4qL2FeYKZba9kvv1KmIuB3NVpBwMeI7AJQ=", + "lastModified": 1659725433, + "narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=", "owner": "serokell", "repo": "deploy-rs", - "rev": "184349d8149436748986d1bdba087e4149e9c160", + "rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb", "type": "github" }, "original": { @@ -152,11 +152,11 @@ ] }, "locked": { - "lastModified": 1650389807, - "narHash": "sha256-GFRBdHMJ/T/ifaE2GS58RWpxyufH0LqI3oGS6oWAnHk=", + "lastModified": 1655976588, + "narHash": "sha256-VreHyH6ITkf/1EX/8h15UqhddJnUleb0HgbC3gMkAEQ=", "owner": "numtide", "repo": "devshell", - "rev": "5a53bbf3eb4c908d83884d725a86b3a3bde35979", + "rev": "899ca4629020592a13a46783587f6e674179d1db", "type": "github" }, "original": { @@ -188,11 +188,11 @@ "nixpkgs-unstable": "nixpkgs-unstable" }, "locked": { - "lastModified": 1652713922, - "narHash": "sha256-era1h0M+QP9wP/hbwXRpxOiT8M5n+loWX/Zrq7duq5w=", + "lastModified": 1659622306, + "narHash": "sha256-Kpfm2PNs+kZU0W7qcugoPATLG8I2P7FJFGTgsf1LJiU=", "owner": "divnix", "repo": "digga", - "rev": "29bbac0173859812893d777fdce204af83a231ea", + "rev": "d1193743a535d7fbbc7f3eda4e51295b10bd4d2c", "type": "github" }, "original": { @@ -269,15 +269,16 @@ "flake-utils": "flake-utils_3" }, "locked": { - "lastModified": 1652704544, - "narHash": "sha256-UTKE33tYgCmDszaVyWA33a8mtegM5xfH4fH8w4y6TxA=", + "lastModified": 1654029967, + "narHash": "sha256-my3GQ3mQIw/1f6GPV1IhUZrcYQSWh0YJAMPNBjhXJDw=", "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", - "rev": "f8d6d1f87b6177e3bc674c29f247bdbf897ba274", + "rev": "6271cf3842ff9c8a9af9e3508c547f86bc77d199", "type": "github" }, "original": { "owner": "gytis-ivaskevicius", + "ref": "refs/pull/120/head", "repo": "flake-utils-plus", "type": "github" } @@ -314,11 +315,11 @@ }, "flake-utils_4": { "locked": { - "lastModified": 1652776076, - "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=", + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "owner": "numtide", "repo": "flake-utils", - "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "type": "github" }, "original": { @@ -349,11 +350,11 @@ ] }, "locked": { - "lastModified": 1654113405, - "narHash": "sha256-VpK+0QaWG2JRgB00lw77N9TjkE3ec0iMYIX1TzGpxa4=", + "lastModified": 1656169755, + "narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=", "owner": "nix-community", "repo": "home-manager", - "rev": "ac2287df5a2d6f0a44bbcbd11701dbbf6ec43675", + "rev": "4a3d01fb53f52ac83194081272795aa4612c2381", "type": "github" }, "original": { @@ -365,11 +366,11 @@ }, "latest": { "locked": { - "lastModified": 1650701402, - "narHash": "sha256-XKfstdtqDg+O+gNBx1yGVKWIhLgfEDg/e2lvJSsp9vU=", + "lastModified": 1657265485, + "narHash": "sha256-PUQ9C7mfi0/BnaAUX2R/PIkoNCb/Jtx9EpnhMBNrO/o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bc41b01dd7a9fdffd32d9b03806798797532a5fe", + "rev": "b39924fc7764c08ae3b51beef9a3518c414cdb7d", "type": "github" }, "original": { @@ -381,11 +382,11 @@ }, "latest_2": { "locked": { - "lastModified": 1653931853, - "narHash": "sha256-O3wncIouj9x7gBPntzHeK/Hkmm9M1SGlYq7JI7saTAE=", + "lastModified": 1660305968, + "narHash": "sha256-r0X1pZCSEA6mzt5OuTA7nHuLmvnbkwgpFAh1iLIx4GU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f1c167688a6f81f4a51ab542e5f476c8c595e457", + "rev": "c4a0efdd5a728e20791b8d8d2f26f90ac228ee8d", "type": "github" }, "original": { @@ -402,11 +403,11 @@ ] }, "locked": { - "lastModified": 1653413650, - "narHash": "sha256-wojDHjb+eU80MPH+3HQaK0liUy8EgR95rvmCl24i58Y=", + "lastModified": 1659610603, + "narHash": "sha256-LYgASYSPYo7O71WfeUOaEUzYfzuXm8c8eavJcel+pfI=", "owner": "nmattia", "repo": "naersk", - "rev": "69daaceebe12c070cd5ae69ba38f277bbf033695", + "rev": "c6a45e4277fa58abd524681466d3450f896dc094", "type": "github" }, "original": { @@ -423,11 +424,11 @@ ] }, "locked": { - "lastModified": 1653198236, - "narHash": "sha256-nzW2BaqWTGGQthOtFzHUJTHK5wK+mkh4aOhETGj5nBk=", + "lastModified": 1660180791, + "narHash": "sha256-oPO+keK4S9daL9ubU51hZ+QOWVSMbZ56F20iFI9Px3s=", "owner": "dramforever", "repo": "nix-dram", - "rev": "e10086d39ca49abfd2a3b77d2a77baa6037ec31e", + "rev": "ae7f0b7c5d39eec5941fe21e9f202106bdea9ac2", "type": "github" }, "original": { @@ -453,11 +454,11 @@ }, "nixos": { "locked": { - "lastModified": 1654005557, - "narHash": "sha256-J6elwUzPoco+r5qWPHhvS2EHVWomUtNcxzkfdAQOwEU=", + "lastModified": 1660318005, + "narHash": "sha256-g9WCa9lVUmOV6dYRbEPjv/TLOR5hamjeCcKExVGS3OQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "08950a6e29cf7bddee466592eb790a417550f7f9", + "rev": "5c211b47aeadcc178c5320afd4e74c7eed5c389f", "type": "github" }, "original": { @@ -473,11 +474,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1653339081, - "narHash": "sha256-dpim9Mtd57Yj6qt7p7UKwjWm6NnOU3S7jaEyEscSyPE=", + "lastModified": 1657748715, + "narHash": "sha256-WecDwDY/hEcDQYzFnccCNa+5Umht0lfjx/d1qGDy/rQ=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "fb3ee0f618b8c80dea1239691b15dfeb4bb46331", + "rev": "3323b944d99b026aebfd8de439e001409dde067d", "type": "github" }, "original": { @@ -488,11 +489,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1654057797, - "narHash": "sha256-mXo7C4v7Jj2feBzcReu1Eu/3Rnw5b023E9kOyFsHZQw=", + "lastModified": 1660291411, + "narHash": "sha256-9UfJMJeCl+T/DrOJMd1vLCoV8U3V7f9Qrv/QyH0Nn28=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "0cab18a48de7914ef8cad35dca0bb36868f3e1af", + "rev": "78f56d8ec2c67a1f80f2de649ca9aadc284f65b6", "type": "github" }, "original": { @@ -519,11 +520,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1650726686, - "narHash": "sha256-hE5PCqQlsdgWH3AUTwesvjZWs5ZUZ8SjMS5cnFB6W54=", + "lastModified": 1657292830, + "narHash": "sha256-ldfVSTveWceDCmW6gf3B4kR6vwmz/XS80y5wsLLHFJU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3c0f57e36ed0cf9947281e3b31f1bebb7ce5d4a1", + "rev": "334ec8b503c3981e37a04b817a70e8d026ea9e84", "type": "github" }, "original": { @@ -570,11 +571,11 @@ ] }, "locked": { - "lastModified": 1650169042, - "narHash": "sha256-x8469XNOU/ebIh5YCuvjcOAaAptwHjkEl1aTFrevu1o=", + "lastModified": 1654975372, + "narHash": "sha256-wkNZ16akgKViuZzE/IM+bux4uaJ04KIwUeexH8gBjgw=", "owner": "berberman", "repo": "nvfetcher", - "rev": "db780dba6923e531b5aedca502a36d3d9627fca9", + "rev": "d4b237c10f14f72f8266b0f658faad822e491e55", "type": "github" }, "original": { -- 2.44.2 From 93aaab26850ee648f840b77e057515587c149813 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 13 Aug 2022 12:32:16 +0200 Subject: [PATCH 247/320] Make cryptroot optional --- modules/x-os/boot.nix | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 0633bec4..0ee29b84 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -9,6 +9,11 @@ in default = false; description = "Feature flag for iso builds"; }; + options.pub-solar.x-os.disk-encryption-active = mkOption { + type = types.bool; + default = true; + description = "Whether it should be assumed that there is a cryptroot device"; + }; config = { # Enable plymouth for better experience of booting boot.plymouth.enable = true; @@ -16,7 +21,7 @@ in # Mount / luks device in initrd # Allow fstrim to work on it. # The ! makes this enabled by default - boot.initrd = mkIf (!cfg.iso-options.enable) { + boot.initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) { luks.devices."cryptroot" = { allowDiscards = true; }; -- 2.44.2 From a5848ad06e4b9a254f1eb5f07d067947e1a3f870 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 13 Aug 2022 17:08:26 +0200 Subject: [PATCH 248/320] Bump flake.lock, fix error: attribute 'deploy-rs' missing --- flake.lock | 109 +++++++++++++++++++++++++++-------------------------- 1 file changed, 55 insertions(+), 54 deletions(-) diff --git a/flake.lock b/flake.lock index d29bd0f0..f6a8edfc 100644 --- a/flake.lock +++ b/flake.lock @@ -67,11 +67,11 @@ ] }, "locked": { - "lastModified": 1642035816, - "narHash": "sha256-1Lq5c1AeUv/1SK08+O704JVfDdD/zodHzA0cv0TIga8=", + "lastModified": 1654190822, + "narHash": "sha256-B8z3stYaULNDBBjzJHrFHGgiJHrLqhBkxH+9u5iBP7E=", "owner": "divnix", "repo": "bud", - "rev": "a789d710851441ba7e7cd59be378623b1fe05688", + "rev": "0ff3e4e4b8791ea4d827bf5bfcac28cef060f209", "type": "github" }, "original": { @@ -87,11 +87,11 @@ ] }, "locked": { - "lastModified": 1651916036, - "narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=", + "lastModified": 1657835815, + "narHash": "sha256-CnZszAYpNKydh6N7+xg+eRtWNVoAAGqc6bg+Lpgq1xc=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba", + "rev": "54a24f042f93c79f5679f133faddedec61955cf2", "type": "github" }, "original": { @@ -108,11 +108,11 @@ ] }, "locked": { - "lastModified": 1650976225, - "narHash": "sha256-PGM65SQHS63Dd5MmLJo3GJsZP9lJVZmpWxluQoG1Dt8=", + "lastModified": 1651916036, + "narHash": "sha256-UuD9keUGm4IuVEV6wdSYbuRm7CwfXE63hVkzKDjVsh4=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "bb3baef6e115ae47bc2ab4973bd3a486488485b0", + "rev": "2f2bdf658d2b79bada78dc914af99c53cad37cba", "type": "github" }, "original": { @@ -130,11 +130,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1653594315, - "narHash": "sha256-kJ0ENmnQJ4qL2FeYKZba9kvv1KmIuB3NVpBwMeI7AJQ=", + "lastModified": 1659725433, + "narHash": "sha256-1ZxuK67TL29YLw88vQ18Y2Y6iYg8Jb7I6/HVzmNB6nM=", "owner": "serokell", "repo": "deploy-rs", - "rev": "184349d8149436748986d1bdba087e4149e9c160", + "rev": "41f15759dd8b638e7b4f299730d94d5aa46ab7eb", "type": "github" }, "original": { @@ -152,11 +152,11 @@ ] }, "locked": { - "lastModified": 1650389807, - "narHash": "sha256-GFRBdHMJ/T/ifaE2GS58RWpxyufH0LqI3oGS6oWAnHk=", + "lastModified": 1655976588, + "narHash": "sha256-VreHyH6ITkf/1EX/8h15UqhddJnUleb0HgbC3gMkAEQ=", "owner": "numtide", "repo": "devshell", - "rev": "5a53bbf3eb4c908d83884d725a86b3a3bde35979", + "rev": "899ca4629020592a13a46783587f6e674179d1db", "type": "github" }, "original": { @@ -188,11 +188,11 @@ "nixpkgs-unstable": "nixpkgs-unstable" }, "locked": { - "lastModified": 1652713922, - "narHash": "sha256-era1h0M+QP9wP/hbwXRpxOiT8M5n+loWX/Zrq7duq5w=", + "lastModified": 1659622306, + "narHash": "sha256-Kpfm2PNs+kZU0W7qcugoPATLG8I2P7FJFGTgsf1LJiU=", "owner": "divnix", "repo": "digga", - "rev": "29bbac0173859812893d777fdce204af83a231ea", + "rev": "d1193743a535d7fbbc7f3eda4e51295b10bd4d2c", "type": "github" }, "original": { @@ -269,15 +269,16 @@ "flake-utils": "flake-utils_3" }, "locked": { - "lastModified": 1652704544, - "narHash": "sha256-UTKE33tYgCmDszaVyWA33a8mtegM5xfH4fH8w4y6TxA=", + "lastModified": 1654029967, + "narHash": "sha256-my3GQ3mQIw/1f6GPV1IhUZrcYQSWh0YJAMPNBjhXJDw=", "owner": "gytis-ivaskevicius", "repo": "flake-utils-plus", - "rev": "f8d6d1f87b6177e3bc674c29f247bdbf897ba274", + "rev": "6271cf3842ff9c8a9af9e3508c547f86bc77d199", "type": "github" }, "original": { "owner": "gytis-ivaskevicius", + "ref": "refs/pull/120/head", "repo": "flake-utils-plus", "type": "github" } @@ -314,11 +315,11 @@ }, "flake-utils_4": { "locked": { - "lastModified": 1652776076, - "narHash": "sha256-gzTw/v1vj4dOVbpBSJX4J0DwUR6LIyXo7/SuuTJp1kM=", + "lastModified": 1656928814, + "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", "owner": "numtide", "repo": "flake-utils", - "rev": "04c1b180862888302ddfb2e3ad9eaa63afc60cf8", + "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", "type": "github" }, "original": { @@ -349,11 +350,11 @@ ] }, "locked": { - "lastModified": 1654113405, - "narHash": "sha256-VpK+0QaWG2JRgB00lw77N9TjkE3ec0iMYIX1TzGpxa4=", + "lastModified": 1656169755, + "narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=", "owner": "nix-community", "repo": "home-manager", - "rev": "ac2287df5a2d6f0a44bbcbd11701dbbf6ec43675", + "rev": "4a3d01fb53f52ac83194081272795aa4612c2381", "type": "github" }, "original": { @@ -365,11 +366,11 @@ }, "latest": { "locked": { - "lastModified": 1650701402, - "narHash": "sha256-XKfstdtqDg+O+gNBx1yGVKWIhLgfEDg/e2lvJSsp9vU=", + "lastModified": 1657265485, + "narHash": "sha256-PUQ9C7mfi0/BnaAUX2R/PIkoNCb/Jtx9EpnhMBNrO/o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "bc41b01dd7a9fdffd32d9b03806798797532a5fe", + "rev": "b39924fc7764c08ae3b51beef9a3518c414cdb7d", "type": "github" }, "original": { @@ -381,11 +382,11 @@ }, "latest_2": { "locked": { - "lastModified": 1653931853, - "narHash": "sha256-O3wncIouj9x7gBPntzHeK/Hkmm9M1SGlYq7JI7saTAE=", + "lastModified": 1660305968, + "narHash": "sha256-r0X1pZCSEA6mzt5OuTA7nHuLmvnbkwgpFAh1iLIx4GU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f1c167688a6f81f4a51ab542e5f476c8c595e457", + "rev": "c4a0efdd5a728e20791b8d8d2f26f90ac228ee8d", "type": "github" }, "original": { @@ -402,11 +403,11 @@ ] }, "locked": { - "lastModified": 1653413650, - "narHash": "sha256-wojDHjb+eU80MPH+3HQaK0liUy8EgR95rvmCl24i58Y=", + "lastModified": 1659610603, + "narHash": "sha256-LYgASYSPYo7O71WfeUOaEUzYfzuXm8c8eavJcel+pfI=", "owner": "nmattia", "repo": "naersk", - "rev": "69daaceebe12c070cd5ae69ba38f277bbf033695", + "rev": "c6a45e4277fa58abd524681466d3450f896dc094", "type": "github" }, "original": { @@ -423,11 +424,11 @@ ] }, "locked": { - "lastModified": 1653198236, - "narHash": "sha256-nzW2BaqWTGGQthOtFzHUJTHK5wK+mkh4aOhETGj5nBk=", + "lastModified": 1660180791, + "narHash": "sha256-oPO+keK4S9daL9ubU51hZ+QOWVSMbZ56F20iFI9Px3s=", "owner": "dramforever", "repo": "nix-dram", - "rev": "e10086d39ca49abfd2a3b77d2a77baa6037ec31e", + "rev": "ae7f0b7c5d39eec5941fe21e9f202106bdea9ac2", "type": "github" }, "original": { @@ -453,11 +454,11 @@ }, "nixos": { "locked": { - "lastModified": 1654005557, - "narHash": "sha256-J6elwUzPoco+r5qWPHhvS2EHVWomUtNcxzkfdAQOwEU=", + "lastModified": 1660318005, + "narHash": "sha256-g9WCa9lVUmOV6dYRbEPjv/TLOR5hamjeCcKExVGS3OQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "08950a6e29cf7bddee466592eb790a417550f7f9", + "rev": "5c211b47aeadcc178c5320afd4e74c7eed5c389f", "type": "github" }, "original": { @@ -473,11 +474,11 @@ "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1653339081, - "narHash": "sha256-dpim9Mtd57Yj6qt7p7UKwjWm6NnOU3S7jaEyEscSyPE=", + "lastModified": 1657748715, + "narHash": "sha256-WecDwDY/hEcDQYzFnccCNa+5Umht0lfjx/d1qGDy/rQ=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "fb3ee0f618b8c80dea1239691b15dfeb4bb46331", + "rev": "3323b944d99b026aebfd8de439e001409dde067d", "type": "github" }, "original": { @@ -488,11 +489,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1654057797, - "narHash": "sha256-mXo7C4v7Jj2feBzcReu1Eu/3Rnw5b023E9kOyFsHZQw=", + "lastModified": 1660291411, + "narHash": "sha256-9UfJMJeCl+T/DrOJMd1vLCoV8U3V7f9Qrv/QyH0Nn28=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "0cab18a48de7914ef8cad35dca0bb36868f3e1af", + "rev": "78f56d8ec2c67a1f80f2de649ca9aadc284f65b6", "type": "github" }, "original": { @@ -519,11 +520,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1650726686, - "narHash": "sha256-hE5PCqQlsdgWH3AUTwesvjZWs5ZUZ8SjMS5cnFB6W54=", + "lastModified": 1657292830, + "narHash": "sha256-ldfVSTveWceDCmW6gf3B4kR6vwmz/XS80y5wsLLHFJU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3c0f57e36ed0cf9947281e3b31f1bebb7ce5d4a1", + "rev": "334ec8b503c3981e37a04b817a70e8d026ea9e84", "type": "github" }, "original": { @@ -570,11 +571,11 @@ ] }, "locked": { - "lastModified": 1650169042, - "narHash": "sha256-x8469XNOU/ebIh5YCuvjcOAaAptwHjkEl1aTFrevu1o=", + "lastModified": 1654975372, + "narHash": "sha256-wkNZ16akgKViuZzE/IM+bux4uaJ04KIwUeexH8gBjgw=", "owner": "berberman", "repo": "nvfetcher", - "rev": "db780dba6923e531b5aedca502a36d3d9627fca9", + "rev": "d4b237c10f14f72f8266b0f658faad822e491e55", "type": "github" }, "original": { -- 2.44.2 From 6817fb3d5f29eb5d533cb53ae25da9003554f403 Mon Sep 17 00:00:00 2001 From: vlalentim Date: Sat, 13 Aug 2022 20:05:51 +0200 Subject: [PATCH 249/320] Theme change for fzf --- pkgs/sway-launcher.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/sway-launcher.nix b/pkgs/sway-launcher.nix index afa09d07..57c7afe4 100644 --- a/pkgs/sway-launcher.nix +++ b/pkgs/sway-launcher.nix @@ -23,7 +23,7 @@ self: with self; '' # search command list command_str=$(printf "%s\n" "''${command_history}" "''${command_list}" | \ sed -E 's/^[0-9]+ (.+)$/\1/' | \ - fzf --exact --no-extended --print-query --no-sort | \ + fzf --color=16 --exact --no-extended --print-query --no-sort | \ tail -n1) || exit 1 if [ "$command_str" = "" ]; then -- 2.44.2 From 616b7af85820608efe796dabb2de014b050af87d Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 13 Aug 2022 21:50:23 +0200 Subject: [PATCH 250/320] devos: include upstream commits https://github.com/divnix/digga/commit/780620d8659fdcb04d4952a2607ce363e0d3a3be https://github.com/divnix/digga/commit/e6b14d39d6d2e0a0544dbc50c7cc235acb2bc123 https://github.com/divnix/digga/commit/dd51f64bc5ff2a2127237805d9dcd6bd7ffebfed --- overlays/overrides.nix | 1 + shell/devos.nix | 28 +++++++++++++++++++--------- shell/hooks/pre-commit.sh | 7 +++++-- 3 files changed, 25 insertions(+), 11 deletions(-) diff --git a/overlays/overrides.nix b/overlays/overrides.nix index df75736d..6c9e8e71 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -8,6 +8,7 @@ channels: final: prev: { discord element-desktop rage + nix-index nixpkgs-fmt qutebrowser signal-desktop diff --git a/shell/devos.nix b/shell/devos.nix index f799ca03..b7c6f108 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -1,12 +1,22 @@ -{ pkgs, extraModulesPath, inputs, ... }: +{ pkgs, extraModulesPath, inputs, lib, ... }: let + inherit (pkgs) + agenix + cachix + editorconfig-checker + mdbook + nixUnstable + nixpkgs-fmt + nvfetcher + ; + hooks = import ./hooks; pkgWithCategory = category: package: { inherit package category; }; + devos = pkgWithCategory "devos"; linter = pkgWithCategory "linter"; docs = pkgWithCategory "docs"; - devos = pkgWithCategory "devos"; in { @@ -44,15 +54,15 @@ in } (linter nixpkgs-fmt) (linter editorconfig-checker) - # (docs python3Packages.grip) too many deps + (docs mdbook) + ] + ++ lib.optionals (!pkgs.stdenv.buildPlatform.isi686) [ + (devos cachix) + ] + ++ lib.optionals (pkgs.stdenv.hostPlatform.isLinux && !pkgs.stdenv.buildPlatform.isDarwin) [ + (devos inputs.nixos-generators.defaultPackage.${pkgs.system}) (devos deploy-rs) ] - ++ lib.optional - (system != "i686-linux") - (devos cachix) - ++ lib.optional - (system != "aarch64-darwin") - (devos inputs.nixos-generators.defaultPackage.${pkgs.system}) ; } diff --git a/shell/hooks/pre-commit.sh b/shell/hooks/pre-commit.sh index 985d3b40..a7fa9083 100755 --- a/shell/hooks/pre-commit.sh +++ b/shell/hooks/pre-commit.sh @@ -14,13 +14,16 @@ nix_files=($($diff -- '*.nix')) all_files=($($diff)) # Format staged nix files. -if [[ -n "${nix_files[@]}" ]]; then +if (( ${#nix_files[@]} != 0 )); then nixpkgs-fmt "${nix_files[@]}" \ && git add "${nix_files[@]}" fi # check editorconfig -editorconfig-checker -- "${all_files[@]}" +if (( ${#all_files[@]} != 0 )); then + editorconfig-checker -- "${all_files[@]}" +fi + if [[ $? != '0' ]]; then printf "%b\n" \ "\nCode is not aligned with .editorconfig" \ -- 2.44.2 From 0b229a771e846893e759cd4102172e60a541d439 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 13 Aug 2022 20:38:41 +0200 Subject: [PATCH 251/320] Barebones ci-runner module This adds a barebones CI-runner module with the following option: `pub-solar.ci-runner.enable` If enabled, this will start a systemd service on boot that runs `drone-runner-exec`. The configuration expects you to have a file called `secrets/drone-runner-exec-config` handled by agenix that gets put into `/run/agenix/drone-runner-exec-config` and is owned by root. This file should contain a configuration similar to the following: ``` CLIENT_DRONE_RPC_PROTO=https CLIENT_DRONE_RPC_HOST=drone.company.com CLIENT_DRONE_RPC_SECRET=super-duper-secret ``` --- modules/ci-runner/default.nix | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 modules/ci-runner/default.nix diff --git a/modules/ci-runner/default.nix b/modules/ci-runner/default.nix new file mode 100644 index 00000000..28325b14 --- /dev/null +++ b/modules/ci-runner/default.nix @@ -0,0 +1,35 @@ +{ lib, config, pkgs, self, ... }: +with lib; +let + psCfg = config.pub-solar; + cfg = config.pub-solar.ci-runner; +in +{ + options.pub-solar.ci-runner = { + enable = mkEnableOption "Enables a systemd service that runs drone-ci-runner"; + }; + + config = mkIf cfg.enable { + systemd.services.ci-runner = { + enable = true; + + description = "CI runner for the PubSolarOS repository that can run test VM instances with KVM."; + + serviceConfig = { + Type = "simple"; + Restart = "always"; + }; + + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" "libvirtd.service" ]; + + script = ''${pkgs.drone-runner-exec}/bin/drone-runner-exec daemon /run/agenix/drone-runner-exec-config''; + }; + + age.secrets."drone-runner-exec-config" = { + file = "${self}/secrets/drone-runner-exec-config"; + mode = "700"; + owner = "root"; + }; + }; +} -- 2.44.2 From e3d76f1999d0512cc4f8f4e8032858000665c3a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sat, 13 Aug 2022 22:31:30 +0200 Subject: [PATCH 252/320] Move ci-runner to user and add git, virsh and nix to path --- modules/ci-runner/default.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/modules/ci-runner/default.nix b/modules/ci-runner/default.nix index 28325b14..4db42286 100644 --- a/modules/ci-runner/default.nix +++ b/modules/ci-runner/default.nix @@ -10,7 +10,7 @@ in }; config = mkIf cfg.enable { - systemd.services.ci-runner = { + systemd.user.services.ci-runner = { enable = true; description = "CI runner for the PubSolarOS repository that can run test VM instances with KVM."; @@ -20,6 +20,8 @@ in Restart = "always"; }; + path = "${pkgs.git}/bin:${pkgs.nix}/bin:${pkgs.libvirt}/bin"; + wantedBy = [ "multi-user.target" ]; after = [ "network.target" "libvirtd.service" ]; @@ -29,7 +31,7 @@ in age.secrets."drone-runner-exec-config" = { file = "${self}/secrets/drone-runner-exec-config"; mode = "700"; - owner = "root"; + owner = psCfg.user.name; }; }; } -- 2.44.2 From 18e9b4a009a5de26bc29f3ff88afc642d4cc691e Mon Sep 17 00:00:00 2001 From: hensoko Date: Sat, 13 Aug 2022 20:35:43 +0000 Subject: [PATCH 253/320] feature/restructure-core-profile (#109) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Hendrik Sokolowski Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/109 Reviewed-by: Benjamin Bädorf Reviewed-by: teutat3s --- flake.nix | 5 +- modules/x-os/boot.nix | 6 +++ modules/x-os/default.nix | 3 ++ modules/x-os/fonts.nix | 12 +++++ modules/x-os/nix.nix | 25 ++++++++++ modules/x-os/services.nix | 13 +++++ profiles/core/default.nix | 56 ---------------------- profiles/core/starship.toml | 95 ------------------------------------- profiles/dram/default.nix | 5 ++ 9 files changed, 66 insertions(+), 154 deletions(-) create mode 100644 modules/x-os/fonts.nix create mode 100644 modules/x-os/nix.nix create mode 100644 modules/x-os/services.nix delete mode 100644 profiles/core/starship.toml create mode 100644 profiles/dram/default.nix diff --git a/flake.nix b/flake.nix index f18df6df..7d43b67c 100644 --- a/flake.nix +++ b/flake.nix @@ -120,7 +120,7 @@ suites = with profiles; rec { base = [ core users.pub-solar users.root ]; iso = base ++ [ base-user graphical pub-solar-iso ]; - pubsolaros = [ core full-install base-user users.root ]; + pubsolaros = [ core dram full-install base-user users.root ]; anonymous = [ pubsolaros users.pub-solar ]; }; }; @@ -145,6 +145,5 @@ homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations; deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { }; - } - ; + }; } diff --git a/modules/x-os/boot.nix b/modules/x-os/boot.nix index 0ee29b84..dd788d26 100644 --- a/modules/x-os/boot.nix +++ b/modules/x-os/boot.nix @@ -28,5 +28,11 @@ in }; boot.loader.systemd-boot.enable = true; + + # Use latest LTS linux kernel by default + boot.kernelPackages = pkgs.linuxPackages_5_15; + + # Support ntfs drives + boot.supportedFilesystems = [ "ntfs" ]; }; } diff --git a/modules/x-os/default.nix b/modules/x-os/default.nix index 6276bf5f..0fd734f3 100644 --- a/modules/x-os/default.nix +++ b/modules/x-os/default.nix @@ -1,7 +1,10 @@ { ... }: { imports = [ ./boot.nix + ./fonts.nix ./i18n.nix ./networking.nix + ./nix.nix + ./services.nix ]; } diff --git a/modules/x-os/fonts.nix b/modules/x-os/fonts.nix new file mode 100644 index 00000000..979ffc68 --- /dev/null +++ b/modules/x-os/fonts.nix @@ -0,0 +1,12 @@ +{ config, pkgs, lib, ... }: + +{ + fonts = { + fonts = with pkgs; [ powerline-fonts dejavu_fonts ]; + fontconfig.defaultFonts = { + monospace = [ "DejaVu Sans Mono for Powerline" ]; + sansSerif = [ "DejaVu Sans" ]; + }; + }; +} + diff --git a/modules/x-os/nix.nix b/modules/x-os/nix.nix new file mode 100644 index 00000000..56b677da --- /dev/null +++ b/modules/x-os/nix.nix @@ -0,0 +1,25 @@ +{ config, pkgs, lib, inputs, ... }: + +{ + nix = { + # Improve nix store disk usage + autoOptimiseStore = true; + gc.automatic = true; + optimise.automatic = true; + # Prevents impurities in builds + useSandbox = true; + # give root and @wheel special privileges with nix + trustedUsers = [ "root" "@wheel" ]; + # This is just a representation of the nix default + systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; + # Generally useful nix option defaults + extraOptions = '' + min-free = 536870912 + keep-outputs = true + keep-derivations = true + fallback = true + # used by nix-dram + default-flake = flake:nixpkgs + ''; + }; +} diff --git a/modules/x-os/services.nix b/modules/x-os/services.nix new file mode 100644 index 00000000..98a058a3 --- /dev/null +++ b/modules/x-os/services.nix @@ -0,0 +1,13 @@ +{ config, pkgs, lib, ... }: + +{ + + # For rage encryption, all hosts need a ssh key pair + services.openssh = { + enable = true; + openFirewall = lib.mkDefault false; + }; + + # Service that makes Out of Memory Killer more effective + services.earlyoom.enable = true; +} diff --git a/profiles/core/default.nix b/profiles/core/default.nix index f3136372..b35fb673 100644 --- a/profiles/core/default.nix +++ b/profiles/core/default.nix @@ -11,11 +11,7 @@ in pub-solar.crypto.enable = true; pub-solar.devops.enable = true; - # This is just a representation of the nix default - nix.systemFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; - environment = { - systemPackages = with pkgs; [ # Core unix utility packages coreutils-full @@ -75,57 +71,5 @@ in neofetch ]; }; - - fonts = { - fonts = with pkgs; [ powerline-fonts dejavu_fonts ]; - - fontconfig.defaultFonts = { - - monospace = [ "DejaVu Sans Mono for Powerline" ]; - - sansSerif = [ "DejaVu Sans" ]; - - }; - }; - - nix = { - # use nix-dram, a patched nix command, see: https://github.com/dramforever/nix-dram - package = inputs.nix-dram.packages.${pkgs.system}.nix-dram; - - # Improve nix store disk usage - autoOptimiseStore = true; - gc.automatic = true; - optimise.automatic = true; - - # Prevents impurities in builds - useSandbox = true; - - # give root and @wheel special privileges with nix - trustedUsers = [ "root" "@wheel" ]; - - # Generally useful nix option defaults - extraOptions = '' - min-free = 536870912 - keep-outputs = true - keep-derivations = true - fallback = true - # used by nix-dram - default-flake = flake:nixpkgs - ''; - }; - - # For rage encryption, all hosts need a ssh key pair - services.openssh = { - enable = true; - openFirewall = lib.mkDefault false; - }; - - # Service that makes Out of Memory Killer more effective - services.earlyoom.enable = true; - - # Use latest LTS linux kernel by default - boot.kernelPackages = pkgs.linuxPackages_5_15; - - boot.supportedFilesystems = [ "ntfs" ]; }; } diff --git a/profiles/core/starship.toml b/profiles/core/starship.toml deleted file mode 100644 index 6ed366b5..00000000 --- a/profiles/core/starship.toml +++ /dev/null @@ -1,95 +0,0 @@ -[aws] -symbol = " " - -[character] -success_symbol = "[❯](bold purple)" -vicmd_symbol = "[❮](bold purple)" - -[battery] -full_symbol = "" -charging_symbol = "" -discharging_symbol = "" - -[conda] -symbol = " " - -[directory] -style = "cyan" -read_only = " 🔒" - -[docker] -symbol = " " - -[elixir] -symbol = " " - -[elm] -symbol = " " - -[git_branch] -format = "[$symbol$branch]($style) " -symbol = " " -style = "bold dimmed white" - -[git_status] -format = '([「$all_status$ahead_behind」]($style) )' -conflicted = "⚠️" -ahead = "⟫${count} " -behind = "⟪${count}" -diverged = "🔀 " -untracked = "📁 " -stashed = "↪ " -modified = "𝚫 " -staged = "✔ " -renamed = "⇆ " -deleted = "✘ " -style = "bold bright-white" - -[golang] -symbol = " " - -[haskell] -symbol = " " - -[hg_branch] -symbol = " " - -[java] -symbol = " " - -[julia] -symbol = " " - -[memory_usage] -symbol = " " -disabled = false - -[nim] -symbol = " " - -[nix_shell] -format = '[$symbol$state]($style) ' -symbol = " " -pure_msg = "λ" -impure_msg = "⎔" - -[nodejs] -symbol = " " - -[package] -symbol = " " - -[php] -symbol = " " - -[python] -symbol = " " - -[ruby] -symbol = " " - -[rust] -symbol = " " - -[status] -disabled = false diff --git a/profiles/dram/default.nix b/profiles/dram/default.nix new file mode 100644 index 00000000..0b7fc3ee --- /dev/null +++ b/profiles/dram/default.nix @@ -0,0 +1,5 @@ +{ self, config, lib, pkgs, inputs, ... }: + +{ + nix.package = inputs.nix-dram.packages.${pkgs.system}.nix-dram; +} -- 2.44.2 From 9031dacbb54bad963aa611583df26eeac7296cb5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 14:11:10 +0200 Subject: [PATCH 254/320] Add AGPLv3 License --- LICENSE.md | 660 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 660 insertions(+) create mode 100644 LICENSE.md diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 00000000..cba6f6a1 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,660 @@ +### GNU AFFERO GENERAL PUBLIC LICENSE + +Version 3, 19 November 2007 + +Copyright (C) 2007 Free Software Foundation, Inc. + + +Everyone is permitted to copy and distribute verbatim copies of this +license document, but changing it is not allowed. + +### Preamble + +The GNU Affero General Public License is a free, copyleft license for +software and other kinds of works, specifically designed to ensure +cooperation with the community in the case of network server software. + +The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +our General Public Licenses are intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains +free software for all its users. + +When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + +Developers that use our General Public Licenses protect your rights +with two steps: (1) assert copyright on the software, and (2) offer +you this License which gives you legal permission to copy, distribute +and/or modify the software. + +A secondary benefit of defending all users' freedom is that +improvements made in alternate versions of the program, if they +receive widespread use, become available for other developers to +incorporate. Many developers of free software are heartened and +encouraged by the resulting cooperation. However, in the case of +software used on network servers, this result may fail to come about. +The GNU General Public License permits making a modified version and +letting the public access it on a server without ever releasing its +source code to the public. + +The GNU Affero General Public License is designed specifically to +ensure that, in such cases, the modified source code becomes available +to the community. It requires the operator of a network server to +provide the source code of the modified version running there to the +users of that server. Therefore, public use of a modified version, on +a publicly accessible server, gives the public access to the source +code of the modified version. + +An older license, called the Affero General Public License and +published by Affero, was designed to accomplish similar goals. This is +a different license, not a version of the Affero GPL, but Affero has +released a new version of the Affero GPL which permits relicensing +under this license. + +The precise terms and conditions for copying, distribution and +modification follow. + +### TERMS AND CONDITIONS + +#### 0. Definitions. + +"This License" refers to version 3 of the GNU Affero General Public +License. + +"Copyright" also means copyright-like laws that apply to other kinds +of works, such as semiconductor masks. + +"The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + +To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of +an exact copy. The resulting work is called a "modified version" of +the earlier work or a work "based on" the earlier work. + +A "covered work" means either the unmodified Program or a work based +on the Program. + +To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + +To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user +through a computer network, with no transfer of a copy, is not +conveying. + +An interactive user interface displays "Appropriate Legal Notices" to +the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + +#### 1. Source Code. + +The "source code" for a work means the preferred form of the work for +making modifications to it. "Object code" means any non-source form of +a work. + +A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + +The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + +The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + +The Corresponding Source need not include anything that users can +regenerate automatically from other parts of the Corresponding Source. + +The Corresponding Source for a work in source code form is that same +work. + +#### 2. Basic Permissions. + +All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not convey, +without conditions so long as your license otherwise remains in force. +You may convey covered works to others for the sole purpose of having +them make modifications exclusively for you, or provide you with +facilities for running those works, provided that you comply with the +terms of this License in conveying all material for which you do not +control copyright. Those thus making or running the covered works for +you must do so exclusively on your behalf, under your direction and +control, on terms that prohibit them from making any copies of your +copyrighted material outside their relationship with you. + +Conveying under any other circumstances is permitted solely under the +conditions stated below. Sublicensing is not allowed; section 10 makes +it unnecessary. + +#### 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + +No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + +When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such +circumvention is effected by exercising rights under this License with +respect to the covered work, and you disclaim any intention to limit +operation or modification of the work as a means of enforcing, against +the work's users, your or third parties' legal rights to forbid +circumvention of technological measures. + +#### 4. Conveying Verbatim Copies. + +You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + +You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + +#### 5. Conveying Modified Source Versions. + +You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these +conditions: + +- a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. +- b) The work must carry prominent notices stating that it is + released under this License and any conditions added under + section 7. This requirement modifies the requirement in section 4 + to "keep intact all notices". +- c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. +- d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + +A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + +#### 6. Conveying Non-Source Forms. + +You may convey a covered work in object code form under the terms of +sections 4 and 5, provided that you also convey the machine-readable +Corresponding Source under the terms of this License, in one of these +ways: + +- a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. +- b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the Corresponding + Source from a network server at no charge. +- c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. +- d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. +- e) Convey the object code using peer-to-peer transmission, + provided you inform other peers where the object code and + Corresponding Source of the work are being offered to the general + public at no charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + +A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, +family, or household purposes, or (2) anything designed or sold for +incorporation into a dwelling. In determining whether a product is a +consumer product, doubtful cases shall be resolved in favor of +coverage. For a particular product received by a particular user, +"normally used" refers to a typical or common use of that class of +product, regardless of the status of the particular user or of the way +in which the particular user actually uses, or expects or is expected +to use, the product. A product is a consumer product regardless of +whether the product has substantial commercial, industrial or +non-consumer uses, unless such uses represent the only significant +mode of use of the product. + +"Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to +install and execute modified versions of a covered work in that User +Product from a modified version of its Corresponding Source. The +information must suffice to ensure that the continued functioning of +the modified object code is in no case prevented or interfered with +solely because modification has been made. + +If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + +The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or +updates for a work that has been modified or installed by the +recipient, or for the User Product in which it has been modified or +installed. Access to a network may be denied when the modification +itself materially and adversely affects the operation of the network +or violates the rules and protocols for communication across the +network. + +Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + +#### 7. Additional Terms. + +"Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders +of that material) supplement the terms of this License with terms: + +- a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or +- b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or +- c) Prohibiting misrepresentation of the origin of that material, + or requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or +- d) Limiting the use for publicity purposes of names of licensors + or authors of the material; or +- e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or +- f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions + of it) with contractual assumptions of liability to the recipient, + for any liability that these contractual assumptions directly + impose on those licensors and authors. + +All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + +If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; the +above requirements apply either way. + +#### 8. Termination. + +You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + +However, if you cease all violation of this License, then your license +from a particular copyright holder is reinstated (a) provisionally, +unless and until the copyright holder explicitly and finally +terminates your license, and (b) permanently, if the copyright holder +fails to notify you of the violation by some reasonable means prior to +60 days after the cessation. + +Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + +Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + +#### 9. Acceptance Not Required for Having Copies. + +You are not required to accept this License in order to receive or run +a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + +#### 10. Automatic Licensing of Downstream Recipients. + +Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + +An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + +#### 11. Patents. + +A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + +A contributor's "essential patent claims" are all patent claims owned +or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + +In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + +If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + +A patent license is "discriminatory" if it does not include within the +scope of its coverage, prohibits the exercise of, or is conditioned on +the non-exercise of one or more of the rights that are specifically +granted under this License. You may not convey a covered work if you +are a party to an arrangement with a third party that is in the +business of distributing software, under which you make payment to the +third party based on the extent of your activity of conveying the +work, and under which the third party grants, to any of the parties +who would receive the covered work from you, a discriminatory patent +license (a) in connection with copies of the covered work conveyed by +you (or copies made from those copies), or (b) primarily for and in +connection with specific products or compilations that contain the +covered work, unless you entered into that arrangement, or that patent +license was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + +#### 12. No Surrender of Others' Freedom. + +If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under +this License and any other pertinent obligations, then as a +consequence you may not convey it at all. For example, if you agree to +terms that obligate you to collect a royalty for further conveying +from those to whom you convey the Program, the only way you could +satisfy both those terms and this License would be to refrain entirely +from conveying the Program. + +#### 13. Remote Network Interaction; Use with the GNU General Public License. + +Notwithstanding any other provision of this License, if you modify the +Program, your modified version must prominently offer all users +interacting with it remotely through a computer network (if your +version supports such interaction) an opportunity to receive the +Corresponding Source of your version by providing access to the +Corresponding Source from a network server at no charge, through some +standard or customary means of facilitating copying of software. This +Corresponding Source shall include the Corresponding Source for any +work covered by version 3 of the GNU General Public License that is +incorporated pursuant to the following paragraph. + +Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the work with which it is combined will remain governed by version +3 of the GNU General Public License. + +#### 14. Revised Versions of this License. + +The Free Software Foundation may publish revised and/or new versions +of the GNU Affero General Public License from time to time. Such new +versions will be similar in spirit to the present version, but may +differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies that a certain numbered version of the GNU Affero General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU Affero General Public License, you may choose any version ever +published by the Free Software Foundation. + +If the Program specifies that a proxy can decide which future versions +of the GNU Affero General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + +Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + +#### 15. Disclaimer of Warranty. + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT +WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND +PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE +DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR +CORRECTION. + +#### 16. Limitation of Liability. + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR +CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES +ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT +NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR +LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM +TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER +PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. + +#### 17. Interpretation of Sections 15 and 16. + +If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + +END OF TERMS AND CONDITIONS + +### How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these +terms. + +To do so, attach the following notices to the program. It is safest to +attach them to the start of each source file to most effectively state +the exclusion of warranty; and each file should have at least the +"copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as + published by the Free Software Foundation, either version 3 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper +mail. + +If your software can interact with users remotely through a computer +network, you should also make sure that it provides a way for users to +get its source. For example, if your program is a web application, its +interface could display a "Source" link that leads users to an archive +of the code. There are many ways you could offer source, and different +solutions will be better for different programs; see section 13 for +the specific requirements. + +You should also get your employer (if you work as a programmer) or +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. For more information on this, and how to apply and follow +the GNU AGPL, see . -- 2.44.2 From b3a4ae5bbcbec4b2a955a77bb9b823c6fefa678d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 14:14:17 +0200 Subject: [PATCH 255/320] Our first real readme --- README.md | 131 +++++++++++++++++------------------------------------- 1 file changed, 41 insertions(+), 90 deletions(-) diff --git a/README.md b/README.md index e2a83eb9..f655075c 100644 --- a/README.md +++ b/README.md @@ -1,95 +1,46 @@ -[![NixOS](https://img.shields.io/badge/NixOS-unstable-blue.svg?style=flat&logo=NixOS&logoColor=white)](https://nixos.org) -[![MIT License](https://img.shields.io/github/license/divnix/devos)][mit] -[![Chat](https://img.shields.io/matrix/devos:nixos.org.svg?label=%23devos%3Anixos.org&logo=matrix&server_fqdn=matrix.org)][matrix] +# PubSolarOS -> #### ⚠ Advisory ⚠ -> DevOS requires the [flakes][flakes] feature available via an _experimental_ -> branch of [nix][nix]. Until nix 2.4 is released, this project -> should be considered unstable. +Welcome to PubSolarOS, a very opiniated Linux (NixOS) distribution for the nerdy. -### Why? -Make an awesome template for NixOS users, with consideration for common tools like [home-manager][home-manager], -[devshell][devshell], and [more](./doc/integrations). +We're creating this distribution for our own personal use and fun, but +take pride in our craft. As of 14.08.22 it's running on 14 physical devices, +both `x86_64` and `ARM`. -### No. Why _flakes_? -Flakes are a part of an explicit push to improve [Nix's UX](https://github.com/NixOS/nix/blob/master/doc/manual/src/contributing/cli-guideline.md), and have become an integral part of that effort. +At its core, it's a NixOS installation running our configuration. The UX +decisions and the way the project is structured are what make it +_PubSolarOS_: -They also make [Nix expressions](https://nixos.org/manual/nix/unstable/expressions/expression-syntax.html) easier to distribute and reuse with convient [flake references](https://github.com/NixOS/nix/blob/master/src/nix/flake.md#flake-references) for building or using packages, modules, and whole systems. +* Reproducibility is king, and the future is with declarative and functional + programming. Even if Nix does not turn out to be the end-all-be-all of + reproducible package management (Guix looks good), it has a plethora + of packages, a very active and helpful community, and very solid + software engineering practices. +* Because reproducibility is king, we're using nix flakes for locking flake + dependencies. [Digga](https://github.com/divnix/digga) is our flake + utility library, made by the wonderful people of the Divnix community. +* Physical devices are not shared anymore nowadays. Only seldomly will you + find shared devices that need more than one user account. For this + reason, only one user (excluding `root`) is assumed. +* Keyboard navigation wins where it matters; ergonomics, programmability, + efficiency, and speed. We use a tiling window manager (`sway`) and + prioritize cli-based solutions where sensible. The editor is `neovim` + configured to be just as opiniated as the operating system it is a part + of. For mailing, `neomutt` is the default, but we're more divided on + that part. +* We like new and shiny things, so we've moved to Wayland and pipewire. +* SICHERHEIT is written in capital letters at pub.solar, so we have first- + class disk-encryption support. Currently in the works is a paranoid + mode where the device can only hibernate (no more sleep or lockscreen) + so your data is locked any time you leave the device. +* Free software is better. If we can avoid it, nonfree software is avoided. + By default, `allowUnfree` is `false` so we don't ship non-free software + in a basic PubSolarOS ISO. However, nothing prevents you from using + as much non-free software as you like. +* Automation is better. The reproducibility of nix feels so much more + powerful once you're deploying your new configuration from your laptop + to all your other devices with one command. We've automated CI (WIP). +* Community is important. We just like working on this together, and it + feels really good to see our progress at the end of a + [hakken.irl](https://pub.solar/hakken) session. -## Getting Started -Check out the [guide](https://devos.divnix.com/start) to get up and running. -Also, have a look at [_flake.nix_](./flake.nix). If anything is not immediately -discoverable via "[`digga`][digga]'s [`mkFlake`][mk-flake], -please file a bug report. - -### Status: Beta -Although this project has already matured quite a bit, especially through -recent outfactoring of [`digga`][digga], a fair amount of api polishing is still -expected. There are unstable versions (0._x_._x_) to help users keep track -of changes and progress, and a [`develop`](https://github.com/divnix/devos/tree/develop) branch for the brave 😜 - -## In the Wild -* @Pacman99: [Personal](https://gitlab.com/coffeetables/lower), [Server](https://gitlab.com/coffeetables/myrdd) -* [@danielphan2003](https://github.com/danielphan2003/flk) and make sure to also check out [devos-ext-lib][devos-ext-lib] -* [PubSolarOS](https://git.sr.ht/~b12f/pub-solar-os) - -## Shoulders -This work does not reinvent the wheel. It stands on the [shoulders of the -following giants][giants]: - -### :onion: — like the layers of an onion -- [`divnix/digga`][digga] -- [`gytis-ivaskevicius/flake-utils-plus`][fup] -- [`numtide/flake-utils`][fu] - -### :family: — like family -- [`numtide/devshell`][devshell] -- [`serokell/deploy-rs`][deploy] -- [`berberman/nvfetcher`][nvfetcher] -- [`NixOS/nixpkgs`][nixpkgs] - -:heart: - -## Inspiration & Art -- [hlissner/dotfiles][dotfiles] -- [nix-user-chroot](https://github.com/nix-community/nix-user-chroot) -- [Nickel](https://github.com/tweag/nickel) -- [Awesome Nix](https://github.com/nix-community/awesome-nix) -- [devshell](https://github.com/numtide/devshell) - -## Divnix -The divnix org is an open space that spontaneously formed out of "the Nix". -It is really just a place where otherwise unrelated people work -together and get stuff done. - -It's a place to stop "geeking out in isolation" (or within company boundaries). -A place to experiment, learn together, and iterate quickly on best practices. -That's what it is. - -It might eventually become a non-profit if that's not too complicated or, if those -goals are sufficiently upstreamed into "the Nix", dissolved. - -# License -DevOS is licensed under the [MIT License][mit]. - -[community]: https://github.com/divnix/devos/tree/community -[core]: https://github.com/divnix/devos -[deploy]: https://github.com/serokell/deploy-rs -[devshell]: https://github.com/numtide/devshell -[digga]: https://github.com/divnix/digga -[dotfiles]: https://github.com/hlissner/dotfiles -[flake-doc]: https://github.com/NixOS/nix/blob/master/src/nix/flake.md -[flakes]: https://nixos.wiki/wiki/Flakes -[fu]: https://github.com/numtide/flake-utils -[fup]: https://github.com/gytis-ivaskevicius/flake-utils-plus -[giants]: https://en.wikipedia.org/wiki/Standing_on_the_shoulders_of_giants -[home-manager]: https://nix-community.github.io/home-manager -[mit]: https://mit-license.org -[mk-flake]: https://github.com/divnix/digga/tree/main/src/mkFlake -[nix]: https://nixos.org/manual/nix/stable -[nixos]: https://nixos.org/manual/nixos/stable -[nixpkgs]: https://github.com/NixOS/nixpkgs -[nvfetcher]: https://github.com/berberman/nvfetcher -[please]: https://github.com/nrdxp/devos/tree/nrd -[matrix]: https://matrix.to/#/#devos:nixos.org -[devos-ext-lib]: https://github.com/divnix/devos-ext-lib +To get started, take a look at the quick start guide in our docs. -- 2.44.2 From 552b2ee53e5103284b0e2de77d1c446e94b33452 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 14:15:02 +0200 Subject: [PATCH 256/320] Remove nonfree software This commit removes the default, global `allowUnfree = true;` setting and removes nonfree packages where I could find them. Tested by building the `PubSolarOS` host once. --- flake.nix | 4 +++- modules/graphical/default.nix | 25 +++++++++++++------------ modules/printing/default.nix | 4 ---- 3 files changed, 16 insertions(+), 17 deletions(-) diff --git a/flake.nix b/flake.nix index f18df6df..d6be04da 100644 --- a/flake.nix +++ b/flake.nix @@ -66,7 +66,9 @@ { inherit self inputs; - channelsConfig = { allowUnfree = true; }; + channelsConfig = { + # allowUnfree = true; + }; supportedSystems = [ "x86_64-linux" "aarch64-linux" ]; diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index 0bb9781c..a506c2ef 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -5,17 +5,19 @@ let cfg = config.pub-solar.graphical; yamlFormat = pkgs.formats.yaml { }; recursiveMerge = attrList: - let f = attrPath: - zipAttrsWith (n: values: - if tail values == [ ] - then head values - else if all isList values - then unique (concatLists values) - else if all isAttrs values - then f (attrPath ++ [ n ]) values - else last values - ); - in f [ ] attrList; + let + f = attrPath: + zipAttrsWith (n: values: + if tail values == [ ] + then head values + else if all isList values + then unique (concatLists values) + else if all isAttrs values + then f (attrPath ++ [ n ]) values + else last values + ); + in + f [ ] attrList; in { options.pub-solar.graphical = { @@ -77,7 +79,6 @@ in fonts.enableDefaultFonts = true; fonts.fonts = with pkgs; [ - corefonts fira-code fira-code-symbols google-fonts diff --git a/modules/printing/default.nix b/modules/printing/default.nix index ea9ce166..4688c842 100644 --- a/modules/printing/default.nix +++ b/modules/printing/default.nix @@ -21,10 +21,6 @@ in services.printing.defaultShared = false; services.printing.drivers = [ pkgs.gutenprint - pkgs.brgenml1lpr - pkgs.brgenml1cupswrapper - pkgs.brlaser - pkgs.cups-brother-hl3140cw ]; hardware.sane = { enable = true; -- 2.44.2 From c2c9a65fc4403c200621693681ebd11e5b2051f5 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 14 Aug 2022 14:21:11 +0200 Subject: [PATCH 257/320] devos: move common overlays to sharedOverlays for fup passthrough See: https://github.com/divnix/digga/commit/89d9b3ea97decc70598e1c26f0cf963edec8d0dd --- flake.nix | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/flake.nix b/flake.nix index 7d43b67c..5bb7a948 100644 --- a/flake.nix +++ b/flake.nix @@ -73,11 +73,7 @@ channels = { nixos = { imports = [ (digga.lib.importOverlays ./overlays) ]; - overlays = [ - nur.overlay - agenix.overlay - ./pkgs/default.nix - ]; + overlays = [ ]; }; latest = { }; }; @@ -91,6 +87,10 @@ our = self.lib; }); }) + nur.overlay + agenix.overlay + + (import ./pkgs) ]; nixos = { -- 2.44.2 From 2f9225457c566fb6bd52653e3f5dfcb837e16d89 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 14 Aug 2022 14:40:44 +0200 Subject: [PATCH 258/320] readme: ARM -> aarch64 --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index f655075c..18b1aebf 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Welcome to PubSolarOS, a very opiniated Linux (NixOS) distribution for the nerdy We're creating this distribution for our own personal use and fun, but take pride in our craft. As of 14.08.22 it's running on 14 physical devices, -both `x86_64` and `ARM`. +both `x86_64` and `aarch64`. At its core, it's a NixOS installation running our configuration. The UX decisions and the way the project is structured are what make it -- 2.44.2 From 99d5e53ec8ef2e48f575922721726e7519568380 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 14 Aug 2022 14:41:20 +0200 Subject: [PATCH 259/320] readme: add link to https://ci.b12f.io --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 18b1aebf..31e84212 100644 --- a/README.md +++ b/README.md @@ -38,7 +38,7 @@ _PubSolarOS_: as much non-free software as you like. * Automation is better. The reproducibility of nix feels so much more powerful once you're deploying your new configuration from your laptop - to all your other devices with one command. We've automated CI (WIP). + to all your other devices with one command. [We have an automated CI using drone](https://ci.b12f.io/pub-solar/os). * Community is important. We just like working on this together, and it feels really good to see our progress at the end of a [hakken.irl](https://pub.solar/hakken) session. -- 2.44.2 From 4190818304cc2e2f23c97f9fc42eea1fd92dfee3 Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Sat, 13 Aug 2022 22:59:05 +0200 Subject: [PATCH 260/320] Rework of x-os module / core profile * move core settings to x-os * add option to only install a lite core * rename x-os module to core * remove core profile from flake.nix --- flake.nix | 4 +- modules/{x-os => core}/boot.nix | 6 +-- modules/core/default.nix | 30 +++++++++++ modules/{x-os => core}/fonts.nix | 0 modules/{x-os => core}/i18n.nix | 0 modules/core/modules.nix | 11 ++++ modules/{x-os => core}/networking.nix | 4 +- modules/{x-os => core}/nix.nix | 0 modules/core/packages.nix | 76 +++++++++++++++++++++++++++ modules/{x-os => core}/services.nix | 1 - modules/x-os/default.nix | 10 ---- profiles/core/default.nix | 75 -------------------------- profiles/pub-solar-iso/default.nix | 2 +- 13 files changed, 125 insertions(+), 94 deletions(-) rename modules/{x-os => core}/boot.nix (85%) create mode 100644 modules/core/default.nix rename modules/{x-os => core}/fonts.nix (100%) rename modules/{x-os => core}/i18n.nix (100%) create mode 100644 modules/core/modules.nix rename modules/{x-os => core}/networking.nix (95%) rename modules/{x-os => core}/nix.nix (100%) create mode 100644 modules/core/packages.nix rename modules/{x-os => core}/services.nix (99%) delete mode 100644 modules/x-os/default.nix delete mode 100644 profiles/core/default.nix diff --git a/flake.nix b/flake.nix index 7d43b67c..0c8a1c92 100644 --- a/flake.nix +++ b/flake.nix @@ -118,9 +118,9 @@ users = digga.lib.rakeLeaves ./users; }; suites = with profiles; rec { - base = [ core users.pub-solar users.root ]; + base = [ users.pub-solar users.root ]; iso = base ++ [ base-user graphical pub-solar-iso ]; - pubsolaros = [ core dram full-install base-user users.root ]; + pubsolaros = [ dram full-install base-user users.root ]; anonymous = [ pubsolaros users.pub-solar ]; }; }; diff --git a/modules/x-os/boot.nix b/modules/core/boot.nix similarity index 85% rename from modules/x-os/boot.nix rename to modules/core/boot.nix index dd788d26..9e9af88e 100644 --- a/modules/x-os/boot.nix +++ b/modules/core/boot.nix @@ -1,15 +1,15 @@ { config, pkgs, lib, ... }: with lib; let - cfg = config.pub-solar.x-os; + cfg = config.pub-solar.core; in { - options.pub-solar.x-os.iso-options.enable = mkOption { + options.pub-solar.core.iso-options.enable = mkOption { type = types.bool; default = false; description = "Feature flag for iso builds"; }; - options.pub-solar.x-os.disk-encryption-active = mkOption { + options.pub-solar.core.disk-encryption-active = mkOption { type = types.bool; default = true; description = "Whether it should be assumed that there is a cryptroot device"; diff --git a/modules/core/default.nix b/modules/core/default.nix new file mode 100644 index 00000000..dae70e79 --- /dev/null +++ b/modules/core/default.nix @@ -0,0 +1,30 @@ +{ lib, ... }: + +with lib; +let + psCfg = config.pub-solar; + cfg = config.pub-solar.core; +in +{ + imports = [ + ./boot.nix + ./fonts.nix + ./i18n.nix + ./modules.nix + ./networking.nix + ./nix.nix + ./packages.nix + ./services.nix + ]; + + options.pub-solar.core = { + lite-core-active = mkOption { + description = '' + Whether the node should run as a server or agent. + Note that the server, by default, also runs as an agent. + ''; + default = false; + type = types.bool; + }; + }; +} diff --git a/modules/x-os/fonts.nix b/modules/core/fonts.nix similarity index 100% rename from modules/x-os/fonts.nix rename to modules/core/fonts.nix diff --git a/modules/x-os/i18n.nix b/modules/core/i18n.nix similarity index 100% rename from modules/x-os/i18n.nix rename to modules/core/i18n.nix diff --git a/modules/core/modules.nix b/modules/core/modules.nix new file mode 100644 index 00000000..b55281eb --- /dev/null +++ b/modules/core/modules.nix @@ -0,0 +1,11 @@ +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.pub-solar.core; +in +{ + pub-solar.terminal-life.enable = lib.mkIf (!cfg.lite-core-active) true; + pub-solar.audio.enable = lib.mkIf (!cfg.lite-core-active) true; + pub-solar.crypto.enable = lib.mkIf (!cfg.lite-core-active) true; + pub-solar.devops.enable = lib.mkIf (!cfg.lite-core-active) true; +} diff --git a/modules/x-os/networking.nix b/modules/core/networking.nix similarity index 95% rename from modules/x-os/networking.nix rename to modules/core/networking.nix index 347fe750..ce3248d8 100644 --- a/modules/x-os/networking.nix +++ b/modules/core/networking.nix @@ -2,10 +2,10 @@ with lib; -let cfg = config.pub-solar.x-os; +let cfg = config.pub-solar.core; in { - options.pub-solar.x-os = { + options.pub-solar.core = { binaryCaches = mkOption { type = types.listOf types.str; default = [ ]; diff --git a/modules/x-os/nix.nix b/modules/core/nix.nix similarity index 100% rename from modules/x-os/nix.nix rename to modules/core/nix.nix diff --git a/modules/core/packages.nix b/modules/core/packages.nix new file mode 100644 index 00000000..07263245 --- /dev/null +++ b/modules/core/packages.nix @@ -0,0 +1,76 @@ +{ config, pkgs, lib, ... }: + +with lib; +let + psCfg = config.pub-solar; + cfg = config.pub-solar.core; +in +{ + environment = { + systemPackages = with pkgs; [ + # Core unix utility packages + coreutils-full + dnsutils + inetutils + progress + pciutils + usbutils + + wget + openssl + openssh + curl + htop + lsof + psmisc + file + ] + + ++ lib.optionals (!cfg.lite-core-active) [ + mtr + + gitFull + git-lfs + git-bug + + xdg-utils + sysfsutils + renameutils + nfs-utils + moreutils + mailutils + keyutils + input-utils + elfutils + binutils + dateutils + diffutils + findutils + exfat + + + # zippit + zip + unzip + + # Modern modern utilities + p7zip + croc + jq + + # Nix specific utilities + niv + manix + nix-index + nix-tree + nixpkgs-review + # Build broken, python2.7-PyJWT-2.0.1.drv' failed + #nixops + psos + nvd + + # Fun + neofetch + ]; + }; +} diff --git a/modules/x-os/services.nix b/modules/core/services.nix similarity index 99% rename from modules/x-os/services.nix rename to modules/core/services.nix index 98a058a3..61ba6ea0 100644 --- a/modules/x-os/services.nix +++ b/modules/core/services.nix @@ -1,7 +1,6 @@ { config, pkgs, lib, ... }: { - # For rage encryption, all hosts need a ssh key pair services.openssh = { enable = true; diff --git a/modules/x-os/default.nix b/modules/x-os/default.nix deleted file mode 100644 index 0fd734f3..00000000 --- a/modules/x-os/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: { - imports = [ - ./boot.nix - ./fonts.nix - ./i18n.nix - ./networking.nix - ./nix.nix - ./services.nix - ]; -} diff --git a/profiles/core/default.nix b/profiles/core/default.nix deleted file mode 100644 index b35fb673..00000000 --- a/profiles/core/default.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ self, config, lib, pkgs, inputs, ... }: -let inherit (lib) fileContents; -in -{ - # Sets nrdxp.cachix.org binary cache which just speeds up some builds - imports = [ ../cachix ]; - - config = { - pub-solar.terminal-life.enable = true; - pub-solar.audio.enable = true; - pub-solar.crypto.enable = true; - pub-solar.devops.enable = true; - - environment = { - systemPackages = with pkgs; [ - # Core unix utility packages - coreutils-full - progress - dnsutils - inetutils - mtr - pciutils - usbutils - gitFull - git-lfs - git-bug - wget - openssl - openssh - curl - htop - lsof - psmisc - xdg-utils - sysfsutils - renameutils - nfs-utils - moreutils - mailutils - keyutils - input-utils - elfutils - binutils - dateutils - diffutils - findutils - exfat - file - - # zippit - zip - unzip - - # Modern modern utilities - p7zip - croc - jq - - # Nix specific utilities - niv - manix - nix-index - nix-tree - nixpkgs-review - # Build broken, python2.7-PyJWT-2.0.1.drv' failed - #nixops - psos - nvd - - # Fun - neofetch - ]; - }; - }; -} diff --git a/profiles/pub-solar-iso/default.nix b/profiles/pub-solar-iso/default.nix index 24b5e1b3..4aa8c6fd 100644 --- a/profiles/pub-solar-iso/default.nix +++ b/profiles/pub-solar-iso/default.nix @@ -6,6 +6,6 @@ in config = { pub-solar.graphical.wayland.software-renderer.enable = true; pub-solar.sway.terminal = "foot"; - pub-solar.x-os.iso-options.enable = true; + pub-solar.core.iso-options.enable = true; }; } -- 2.44.2 From 7785744d73b8a60ae8376ddb1e9bcce7fe0daf6b Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Sun, 14 Aug 2022 15:11:01 +0200 Subject: [PATCH 261/320] Move some packages from full to default set, move options for modules to default.nix --- modules/core/default.nix | 10 +++++++--- modules/core/modules.nix | 11 ----------- modules/core/packages.nix | 21 ++++++++++----------- 3 files changed, 17 insertions(+), 25 deletions(-) delete mode 100644 modules/core/modules.nix diff --git a/modules/core/default.nix b/modules/core/default.nix index dae70e79..8aec7846 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -17,11 +17,15 @@ in ./services.nix ]; + pub-solar.terminal-life.enable = true; + pub-solar.audio.enable = lib.mkIf (!cfg.lite) true; + pub-solar.crypto.enable = lib.mkIf (!cfg.lite) true; + pub-solar.devops.enable = lib.mkIf (!cfg.lite) true; + options.pub-solar.core = { - lite-core-active = mkOption { + lite = mkOption { description = '' - Whether the node should run as a server or agent. - Note that the server, by default, also runs as an agent. + Enable a lite edition of core with less default modules and a reduced package set. ''; default = false; type = types.bool; diff --git a/modules/core/modules.nix b/modules/core/modules.nix deleted file mode 100644 index b55281eb..00000000 --- a/modules/core/modules.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, pkgs, lib, ... }: -with lib; -let - cfg = config.pub-solar.core; -in -{ - pub-solar.terminal-life.enable = lib.mkIf (!cfg.lite-core-active) true; - pub-solar.audio.enable = lib.mkIf (!cfg.lite-core-active) true; - pub-solar.crypto.enable = lib.mkIf (!cfg.lite-core-active) true; - pub-solar.devops.enable = lib.mkIf (!cfg.lite-core-active) true; -} diff --git a/modules/core/packages.nix b/modules/core/packages.nix index 07263245..f6867816 100644 --- a/modules/core/packages.nix +++ b/modules/core/packages.nix @@ -24,9 +24,18 @@ in lsof psmisc file + + # zippit + zip + unzip + + # Modern modern utilities + p7zip + croc + jq ] - ++ lib.optionals (!cfg.lite-core-active) [ + ++ lib.optionals (!cfg.lite) [ mtr gitFull @@ -48,16 +57,6 @@ in findutils exfat - - # zippit - zip - unzip - - # Modern modern utilities - p7zip - croc - jq - # Nix specific utilities niv manix -- 2.44.2 From bf581d1e9c19df13ff30ab7c0ff8330cefdd3626 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 14 Aug 2022 14:23:37 +0200 Subject: [PATCH 262/320] nix-dram: remove nix-dram as default nix binary nix-dram as default nix binary isn't worth the maintenance work anymore, CI builds started failing because of it: https://ci.b12f.io/pub-solar/os/533/1/2 Automatic builds still happen each night and can be checked in our fork of nix-dram: https://github.com/pub-solar/nix-dram/actions Users of nix-dram can continue to use it via devshells or nix run github:dramforever/nix-dram -- --version --- flake.nix | 7 +------ modules/x-os/nix.nix | 2 -- overlays/overrides.nix | 1 + profiles/dram/default.nix | 5 ----- shell/devos.nix | 2 +- 5 files changed, 3 insertions(+), 14 deletions(-) delete mode 100644 profiles/dram/default.nix diff --git a/flake.nix b/flake.nix index 5bb7a948..4ed511d5 100644 --- a/flake.nix +++ b/flake.nix @@ -42,10 +42,6 @@ nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-generators.url = "github:nix-community/nixos-generators"; - - # PubSolarOS additions - nix-dram.url = "github:dramforever/nix-dram"; - nix-dram.inputs.nixpkgs.follows = "latest"; }; outputs = @@ -59,7 +55,6 @@ , agenix , nvfetcher , deploy - , nix-dram , ... } @ inputs: digga.lib.mkFlake @@ -120,7 +115,7 @@ suites = with profiles; rec { base = [ core users.pub-solar users.root ]; iso = base ++ [ base-user graphical pub-solar-iso ]; - pubsolaros = [ core dram full-install base-user users.root ]; + pubsolaros = [ core full-install base-user users.root ]; anonymous = [ pubsolaros users.pub-solar ]; }; }; diff --git a/modules/x-os/nix.nix b/modules/x-os/nix.nix index 56b677da..38b70cfc 100644 --- a/modules/x-os/nix.nix +++ b/modules/x-os/nix.nix @@ -18,8 +18,6 @@ keep-outputs = true keep-derivations = true fallback = true - # used by nix-dram - default-flake = flake:nixpkgs ''; }; } diff --git a/overlays/overrides.nix b/overlays/overrides.nix index df75736d..fd0b836f 100644 --- a/overlays/overrides.nix +++ b/overlays/overrides.nix @@ -13,6 +13,7 @@ channels: final: prev: { signal-desktop starship deploy-rs + nix tdesktop arduino diff --git a/profiles/dram/default.nix b/profiles/dram/default.nix deleted file mode 100644 index 0b7fc3ee..00000000 --- a/profiles/dram/default.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ self, config, lib, pkgs, inputs, ... }: - -{ - nix.package = inputs.nix-dram.packages.${pkgs.system}.nix-dram; -} diff --git a/shell/devos.nix b/shell/devos.nix index f799ca03..2198052f 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -34,7 +34,7 @@ in ''); commands = with pkgs; [ - (devos nixUnstable) + (devos nix) (devos agenix) { category = "devos"; -- 2.44.2 From 9d25b3ee9b3c4a6198c20361ebb488260cf4b92e Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 14 Aug 2022 14:24:53 +0200 Subject: [PATCH 263/320] Fix build of rnix-lsp for nix verion 2.10+ This fix didn't land in a released tag of rnix-lsp yet. Build it from the master branch until next release Upstream PR: https://github.com/nix-community/rnix-lsp/pull/94 Also bump flake.lock --- flake.lock | 45 ++++--------------------------------------- overlays/rnix-lsp.nix | 18 +++++++++++++++++ 2 files changed, 22 insertions(+), 41 deletions(-) create mode 100644 overlays/rnix-lsp.nix diff --git a/flake.lock b/flake.lock index f6a8edfc..2e4bdbcd 100644 --- a/flake.lock +++ b/flake.lock @@ -314,21 +314,6 @@ } }, "flake-utils_4": { - "locked": { - "lastModified": 1656928814, - "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_5": { "locked": { "lastModified": 1649676176, "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", @@ -416,27 +401,6 @@ "type": "github" } }, - "nix-dram": { - "inputs": { - "flake-utils": "flake-utils_4", - "nixpkgs": [ - "latest" - ] - }, - "locked": { - "lastModified": 1660180791, - "narHash": "sha256-oPO+keK4S9daL9ubU51hZ+QOWVSMbZ56F20iFI9Px3s=", - "owner": "dramforever", - "repo": "nix-dram", - "rev": "ae7f0b7c5d39eec5941fe21e9f202106bdea9ac2", - "type": "github" - }, - "original": { - "owner": "dramforever", - "repo": "nix-dram", - "type": "github" - } - }, "nixlib": { "locked": { "lastModified": 1636849918, @@ -489,11 +453,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1660291411, - "narHash": "sha256-9UfJMJeCl+T/DrOJMd1vLCoV8U3V7f9Qrv/QyH0Nn28=", + "lastModified": 1660407119, + "narHash": "sha256-04lWO0pDbhAXFdL4v2VzzwgxrZ5IefKn+TmZPiPeKxg=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "78f56d8ec2c67a1f80f2de649ca9aadc284f65b6", + "rev": "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1", "type": "github" }, "original": { @@ -565,7 +529,7 @@ "nvfetcher": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs": [ "nixos" ] @@ -621,7 +585,6 @@ "home": "home", "latest": "latest_2", "naersk": "naersk", - "nix-dram": "nix-dram", "nixos": "nixos", "nixos-generators": "nixos-generators", "nixos-hardware": "nixos-hardware", diff --git a/overlays/rnix-lsp.nix b/overlays/rnix-lsp.nix new file mode 100644 index 00000000..62c0f2b0 --- /dev/null +++ b/overlays/rnix-lsp.nix @@ -0,0 +1,18 @@ +final: prev: { + rnix-lsp = prev.rnix-lsp.overrideAttrs (oldAttrs: rec { + version = "unstable-2022-07-28"; + + src = prev.fetchFromGitHub { + owner = "nix-community"; + repo = "rnix-lsp"; + rev = "ff18e04551a39ccdab0ff9c83926db3807b23478"; + sha256 = "sha256-4OIpATLdPQvryyhRQPELeqNYC0n6PCyjD6LCPdwOztc="; + }; + + cargoDeps = oldAttrs.cargoDeps.overrideAttrs (prev.lib.const { + name = "rnix-lsp-vendor.tar.gz"; + inherit src; + outputHash = "sha256-SroynaHaFpvKlMSEagoGQhZcY7A0tE4xTbUXYFcneo8="; + }); + }); +} -- 2.44.2 From c43b96c4d5f61cf07aa1a83b2cf753f0e95a3276 Mon Sep 17 00:00:00 2001 From: hensoko Date: Sun, 14 Aug 2022 13:54:19 +0000 Subject: [PATCH 264/320] Fix core module (#116) Co-authored-by: Hendrik Sokolowski Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/116 Reviewed-by: teutat3s --- hosts/bootstrap.nix | 1 - modules/core/default.nix | 17 ++++++++++------- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index acadc449..541ca6fb 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -6,7 +6,6 @@ # interface that has the local link to the target machine imports = [ # profiles.networking - profiles.core profiles.users.root # make sure to configure ssh keys profiles.users.pub-solar profiles.base-user diff --git a/modules/core/default.nix b/modules/core/default.nix index 8aec7846..c7457c1b 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ config, lib, ... }: with lib; let @@ -10,18 +10,12 @@ in ./boot.nix ./fonts.nix ./i18n.nix - ./modules.nix ./networking.nix ./nix.nix ./packages.nix ./services.nix ]; - pub-solar.terminal-life.enable = true; - pub-solar.audio.enable = lib.mkIf (!cfg.lite) true; - pub-solar.crypto.enable = lib.mkIf (!cfg.lite) true; - pub-solar.devops.enable = lib.mkIf (!cfg.lite) true; - options.pub-solar.core = { lite = mkOption { description = '' @@ -31,4 +25,13 @@ in type = types.bool; }; }; + + config = { + pub-solar = { + terminal-life.enable = true; + audio.enable = lib.mkIf (!cfg.lite) true; + crypto.enable = lib.mkIf (!cfg.lite) true; + devops.enable = lib.mkIf (!cfg.lite) true; + }; + }; } -- 2.44.2 From 4c0991c7e1a7670526ec2331c0def1a5ae46e918 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 17:10:30 +0200 Subject: [PATCH 265/320] Put always hibernate behind a flag Hibernation is now a core option: ``` pub-solar.core.hibernation.enable = true; ``` And there's a paranoia mode, that keeps the disk encrypted as much as possible by enabling hibernation and removing the options for sleep, screen locking. Idle locking now hibernates, and it does it on very short notice. --- modules/core/boot.nix | 10 ++++- modules/paranoia/default.nix | 24 +++++++++++ .../config/config.d/custom-keybindings.conf | 19 --------- .../sway/config/config.d/mode_system.conf.nix | 21 ++++++++++ modules/sway/default.nix | 40 ++++++++++--------- modules/sway/gammastep.service.nix | 2 +- modules/sway/libinput-gestures.service.nix | 2 +- modules/sway/mako.service.nix | 2 +- modules/sway/sway-session.target.nix | 2 +- modules/sway/sway.service.nix | 2 +- modules/sway/swayidle.service.nix | 15 +++++-- modules/sway/waybar.service.nix | 2 +- modules/sway/xsettingsd.service.nix | 2 +- modules/sway/ydotool.service.nix | 2 +- pkgs/default.nix | 1 + pkgs/swaylock-bg.nix | 20 ++++++++++ 16 files changed, 115 insertions(+), 51 deletions(-) create mode 100644 modules/paranoia/default.nix create mode 100644 modules/sway/config/config.d/mode_system.conf.nix create mode 100644 pkgs/swaylock-bg.nix diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 99b6d76c..6f93fabf 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -16,6 +16,14 @@ in description = "Whether it should be assumed that there is a cryptroot device"; }; + options.pub-solar.core.hibernation = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether the device can hibernate. This creates a swapfile at /swapfile."; + }; + }; + config = { boot = { # Enable plymouth for better experience of booting @@ -30,7 +38,7 @@ in }; }; - resumeDevice = "/swapfile"; + resumeDevice = mkIf cfg.core.hibernation.enable "/swapfile"; loader.systemd-boot.enable = true; diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix new file mode 100644 index 00000000..ec530fc3 --- /dev/null +++ b/modules/paranoia/default.nix @@ -0,0 +1,24 @@ +{ config, lib, ... }: + +with lib; +let + psCfg = config.pub-solar; + cfg = config.pub-solar.paranoia; +in +{ + options.pub-solar.paranoia = { + enable = mkOption { + description = '' + Only offer hibernation instead of screen locking and sleeping. This only makes sense + if your hard drive is encrypted, and ensures that the contents of your drive are + encrypted if you are not actively using the device. + ''; + default = false; + type = types.bool; + }; + }; + + config = mkIf cfg.enable { + pub-solar.core.allow-hibernation = true; + }; +} diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index fdeac97a..659a4660 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -31,22 +31,3 @@ bindsym $mod+Ctrl+f exec "( pkill flameshot || true && flameshot & ) && ( sleep # Launcher set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher bindsym $mod+Space exec $menu - -# Set shut down, restart and locking features -set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown -bindsym $mod+0 mode "$mode_system" -mode "$mode_system" { - bindsym e exec swaymsg exit, mode "default" -#======= - bindsym l exec swaylock-bg, mode "default" - bindsym e exec systemctl --user stop graphical-session.target, mode "default" - bindsym s exec systemctl suspend, mode "default" -#>>>>>>> main - bindsym h exec systemctl hibernate, mode "default" - bindsym r exec systemctl reboot, mode "default" - bindsym Shift+s exec systemctl poweroff, mode "default" - - # exit system mode: "Enter" or "Escape" - bindsym Return mode "default" - bindsym Escape mode "default" -} diff --git a/modules/sway/config/config.d/mode_system.conf.nix b/modules/sway/config/config.d/mode_system.conf.nix new file mode 100644 index 00000000..ef11a461 --- /dev/null +++ b/modules/sway/config/config.d/mode_system.conf.nix @@ -0,0 +1,21 @@ +{ psCfg, ... }: '' +# Set shut down, restart and locking features +set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown +bindsym $mod+0 mode "$mode_system" +mode "$mode_system" { + bindsym e exec swaymsg exit, mode "default" +'' + (if !psCfg.core.allow-hibernation then '' + bindsym h exec systemctl hibernate, mode "default" +'' else "") + + (if !psCfg.paranoia.enable then '' + bindsym l exec swaylock-bg, mode "default" + bindsym s exec systemctl suspend, mode "default" +'' else "") + '' + bindsym r exec systemctl reboot, mode "default" + bindsym Shift+s exec systemctl poweroff, mode "default" + + # exit system mode: "Enter" or "Escape" + bindsym Return mode "default" + bindsym Escape mode "default" +} +'' diff --git a/modules/sway/default.nix b/modules/sway/default.nix index 59b6ff09..2872a3b3 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -2,25 +2,26 @@ with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.sway; in { options.pub-solar.sway = { enable = mkEnableOption "Life in boxes"; - }; - options.pub-solar.sway.terminal = mkOption { - type = types.nullOr types.str; - default = "alacritty"; - description = "Choose sway's default terminal"; - }; - options.pub-solar.sway.v4l2loopback.enable = mkOption { - type = types.bool; - default = true; - description = "WebCam streaming tool"; + + terminal = mkOption { + type = types.nullOr types.str; + default = "alacritty"; + description = "Choose sway's default terminal"; + }; + + v4l2loopback.enable = mkOption { + type = types.bool; + default = true; + description = "WebCam streaming tool"; + }; }; - config = mkIf cfg.enable (mkMerge [ - (mkIf (cfg.v4l2loopback.enable) { + config = mkIf psCfg.sway.enable (mkMerge [ + (mkIf (psCfg.sway.v4l2loopback.enable) { boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; boot.kernelModules = [ "v4l2loopback" ]; boot.extraModprobeConfig = '' @@ -84,18 +85,19 @@ in programs.waybar.enable = true; #programs.waybar.systemd.enable = true; - systemd.user.services.mako = import ./mako.service.nix pkgs; - systemd.user.services.sway = import ./sway.service.nix pkgs; - systemd.user.services.swayidle = import ./swayidle.service.nix pkgs; - systemd.user.services.xsettingsd = import ./xsettingsd.service.nix pkgs; - systemd.user.services.waybar = import ./waybar.service.nix pkgs; - systemd.user.targets.sway-session = import ./sway-session.target.nix pkgs; + systemd.user.services.mako = import ./mako.service.nix { inherit pkgs psCfg; }; + systemd.user.services.sway = import ./sway.service.nix { inherit pkgs psCfg; }; + systemd.user.services.swayidle = import ./swayidle.service.nix { inherit pkgs psCfg; }; + systemd.user.services.xsettingsd = import ./xsettingsd.service.nix { inherit pkgs psCfg; }; + systemd.user.services.waybar = import ./waybar.service.nix { inherit pkgs psCfg; }; + systemd.user.targets.sway-session = import ./sway-session.target.nix { inherit pkgs psCfg; }; xdg.configFile."sway/config".text = import ./config/config.nix { inherit config pkgs; }; xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf; xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; + xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.config.nix { inherit psCfg; }; xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; }; diff --git a/modules/sway/gammastep.service.nix b/modules/sway/gammastep.service.nix index f59edf02..3960d1ae 100644 --- a/modules/sway/gammastep.service.nix +++ b/modules/sway/gammastep.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "set color temperature of display according to time of day"; diff --git a/modules/sway/libinput-gestures.service.nix b/modules/sway/libinput-gestures.service.nix index c4c860da..798d10d6 100644 --- a/modules/sway/libinput-gestures.service.nix +++ b/modules/sway/libinput-gestures.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "Actions gestures on your touchpad using libinput"; diff --git a/modules/sway/mako.service.nix b/modules/sway/mako.service.nix index 190b986d..b155e148 100644 --- a/modules/sway/mako.service.nix +++ b/modules/sway/mako.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "Lightweight Wayland notification daemon"; diff --git a/modules/sway/sway-session.target.nix b/modules/sway/sway-session.target.nix index 3eb4d24c..7b25376a 100644 --- a/modules/sway/sway-session.target.nix +++ b/modules/sway/sway-session.target.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "sway compositor session"; diff --git a/modules/sway/sway.service.nix b/modules/sway/sway.service.nix index 95efc3e6..0d0d782c 100644 --- a/modules/sway/sway.service.nix +++ b/modules/sway/sway.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "sway - SirCmpwn's Wayland window manager"; diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index 61f32591..3b87c610 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, psCfg, ... }: { Unit = { Description = "Idle manager for Wayland"; @@ -10,9 +10,16 @@ pkgs: Service = { Type = "simple"; Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin"; - ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ - timeout 150 'swaymsg "output * dpms off"' \ - timeout 300 'systemctl hibernate' \ + ExecStart = if psCfg.paranoia.enable then '' + ${pkgs.swayidle}/bin/swayidle -w \ + timeout 120 'swaymsg "output * dpms off"' \ + timeout 150 'systemctl hibernate' \ + '' else '' + ${pkgs.swayidle}/bin/swayidle -w \ + timeout 600 'swaylock-bg' \ + timeout 900 'swaymsg "output * dpms off"' \ + resume 'swaymsg "output * dpms on"' \ + before-sleep 'swaylock-bg' ''; }; Install = { diff --git a/modules/sway/waybar.service.nix b/modules/sway/waybar.service.nix index ee5e8938..98b8ed35 100644 --- a/modules/sway/waybar.service.nix +++ b/modules/sway/waybar.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors."; diff --git a/modules/sway/xsettingsd.service.nix b/modules/sway/xsettingsd.service.nix index 0d729cb2..db3e842c 100644 --- a/modules/sway/xsettingsd.service.nix +++ b/modules/sway/xsettingsd.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "X Settings Daemon"; diff --git a/modules/sway/ydotool.service.nix b/modules/sway/ydotool.service.nix index d53bfcd7..24b64432 100644 --- a/modules/sway/ydotool.service.nix +++ b/modules/sway/ydotool.service.nix @@ -1,4 +1,4 @@ -pkgs: +{ pkgs, ... }: { Unit = { Description = "ydotool - Generic command-line automation tool (no X!)"; diff --git a/pkgs/default.nix b/pkgs/default.nix index 1b04f378..28e513b7 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -12,6 +12,7 @@ with final; { s = writeShellScriptBin "s" (import ./s.nix final); sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final); sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final); + swaylock-bg = writeShellScriptBin "swaylock-bg" (import ./swaylock-bg.nix final); toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); uhk-agent = import ./uhk-agent.nix final; wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); diff --git a/pkgs/swaylock-bg.nix b/pkgs/swaylock-bg.nix new file mode 100644 index 00000000..b55c32ae --- /dev/null +++ b/pkgs/swaylock-bg.nix @@ -0,0 +1,20 @@ +self: with self; '' + # Dependencies: + # swaylock + + # Make sure we aren't running twice + RUNNING=$(ps -A | grep swaylock | wc -l) + if [ $RUNNING -ne 0 ]; then + exit 0 + fi + + IMAGE=$XDG_CONFIG_HOME/wallpaper.jpg + LOCKARGS="" + + for OUTPUT in `${sway}/bin/swaymsg -t get_outputs | jq -r '.[].name'` + do + LOCKARGS="''${LOCKARGS} --image ''${OUTPUT}:''${IMAGE}" + IMAGES="''${IMAGES} ''${IMAGE}" + done + exec ${swaylock}/bin/swaylock $LOCKARGS +'' -- 2.44.2 From 762e78677b39b722dbd12990025d9d3b5e943df7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 17:15:50 +0200 Subject: [PATCH 266/320] Fix hibernation enabling in paranoia mode --- modules/paranoia/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix index ec530fc3..19c470ad 100644 --- a/modules/paranoia/default.nix +++ b/modules/paranoia/default.nix @@ -19,6 +19,6 @@ in }; config = mkIf cfg.enable { - pub-solar.core.allow-hibernation = true; + pub-solar.core.hibernate.enable = true; }; } -- 2.44.2 From 1c015508e1f38551977e36ade2c3b21697cc8521 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 13 Aug 2022 21:34:46 +0200 Subject: [PATCH 267/320] tree: remove bud and all mentions of it Include upstream update doc updates --- doc/CONTRIBUTING.md | 17 +-- doc/SUMMARY.md | 11 +- doc/api-reference-channels.md | 91 +++++++++++++ doc/api-reference-devshell.md | 72 +++++++++++ doc/api-reference-home.md | 119 +++++++++++++++++ doc/api-reference-nixos.md | 234 ++++++++++++++++++++++++++++++++++ doc/api-reference.md | 80 ++++++++++++ doc/bud/get.md | 10 -- doc/bud/index.md | 24 ---- doc/concepts/users.md | 13 +- doc/start/bootstrapping.md | 102 --------------- doc/start/from-nixos.md | 51 -------- doc/start/index.md | 37 ++++-- doc/start/iso.md | 40 ++++-- flake.lock | 128 ++----------------- flake.nix | 6 - hosts/bootstrap.nix | 2 +- shell/default.nix | 1 - 18 files changed, 678 insertions(+), 360 deletions(-) create mode 100755 doc/api-reference-channels.md create mode 100755 doc/api-reference-devshell.md create mode 100755 doc/api-reference-home.md create mode 100755 doc/api-reference-nixos.md create mode 100755 doc/api-reference.md delete mode 100644 doc/bud/get.md delete mode 100644 doc/bud/index.md delete mode 100644 doc/start/bootstrapping.md delete mode 100644 doc/start/from-nixos.md diff --git a/doc/CONTRIBUTING.md b/doc/CONTRIBUTING.md index 86f5dd70..e3af7e20 100644 --- a/doc/CONTRIBUTING.md +++ b/doc/CONTRIBUTING.md @@ -1,18 +1,13 @@ -# Pull Requests - -## TL;DR; +# TL;DR; - **Target Branch**: `main` -- **Merge Policy**: [`bors`][bors] is always right (→ `bors try`) -- **Docs**: every changeset is expected to contain doc updates +- **Merge Policy**: green check: merge away. yellow circle: have patience. red x: try again. +- **Docs**: every change set is expected to contain doc updates - **Commit Msg**: be a poet! Comprehensive and explanatory commit messages should cover the motivation and use case in an easily understandable manner even when read after a few months. -- **Test Driven Development**: please default to test driven development where possible. +- **Test Driven Development**: please default to test driven development you can + make use of the `./examples` & `./e2e` and wire test up in the devshell. ### Within the Devshell (`nix develop`) - **Hooks**: please `git commit` within the devshell -- **Fail Early**: please run from within the devshell on your local machine: - - `nix flake check` - -[bors]: https://bors.tech - +- **Fail Early**: please run `check-all` from within the devshell on your local machine diff --git a/doc/SUMMARY.md b/doc/SUMMARY.md index 1d7bafe9..09d2d626 100644 --- a/doc/SUMMARY.md +++ b/doc/SUMMARY.md @@ -3,8 +3,6 @@ - [Introduction](../README.md) - [Quick Start](./start/index.md) - [ISO](./start/iso.md) - - [Bootstrapping](./start/bootstrapping.md) - - [From NixOS](./start/from-nixos.md) - [Key Concepts](./concepts/index.md) - [Hosts](./concepts/hosts.md) - [Overrides](./concepts/overrides.md) @@ -18,11 +16,16 @@ - [Concerns]() - [Secrets](./secrets.md) - [Tests](./tests.md) -- [Helper Script – `bud`](./bud/index.md) - - [get](./bud/get.md) - [Integrations](./integrations/index.md) - [Cachix](./integrations/cachix.md) - [Deploy RS](./integrations/deploy.md) - [NvFetcher](./integrations/nvfetcher.md) - [Hercules CI](./integrations/hercules.md) +- [API Reference](./api-reference.md) + - [Channels](./api-reference-channels.md) + - [Home](./api-reference-home.md) + - [Devshell](./api-reference-devshell.md) + - [NixOS](./api-reference-nixos.md) +- [Library Reference]() - [Contributing](./CONTRIBUTING.md) + diff --git a/doc/api-reference-channels.md b/doc/api-reference-channels.md new file mode 100755 index 00000000..533e6e91 --- /dev/null +++ b/doc/api-reference-channels.md @@ -0,0 +1,91 @@ +# Channels API Container +Configure your channels that you can use throughout your configurations. + +> #### ⚠ Gotcha ⚠ +> Devshell & (non-host-specific) Home-Manager `pkgs` instances are rendered off the +> `nixos.hostDefaults.channelName` (default) channel. + + +## channels +nixpkgs channels to create + + +*_Type_*: +attribute set of submodules or path convertible to it + + +*_Default_* +``` +{} +``` + + + + +## channels.\.config +nixpkgs config for this channel + + +*_Type_*: +attribute set or path convertible to it + + +*_Default_* +``` +{} +``` + + + + +## channels.\.input +nixpkgs flake input to use for this channel + + +*_Type_*: +nix flake + + +*_Default_* +``` +"self.inputs." +``` + + + + +## channels.\.overlays +overlays to apply to this channel +these will get exported under the 'overlays' flake output +as \/\ and any overlay pulled from \ +will be filtered out + + +*_Type_*: +list of valid Nixpkgs overlay or path convertible to its or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + +## channels.\.patches +patches to apply to this channel + + +*_Type_*: +list of paths + + +*_Default_* +``` +[] +``` + + + + diff --git a/doc/api-reference-devshell.md b/doc/api-reference-devshell.md new file mode 100755 index 00000000..28f18087 --- /dev/null +++ b/doc/api-reference-devshell.md @@ -0,0 +1,72 @@ +# Devshell API Container +Configure your devshell module collections of your environment. + + +## devshell +Modules to include in your DevOS shell. the `modules` argument +will be exported under the `devshellModules` output + + +*_Type_*: +submodule or path convertible to it + + +*_Default_* +``` +{} +``` + + + + +## devshell.exportedModules +modules to include in all hosts and export to devshellModules output + + +*_Type_*: +list of valid module or path convertible to its or anything convertible to it + + +*_Default_* +``` +[] +``` + + + + +## devshell.externalModules +The `externalModules` option has been removed. +Any modules that should be exported should be defined with the `exportedModules` +option and all other modules should just go into the `modules` option. + + +*_Type_*: +list of valid modules or anything convertible to it + + +*_Default_* +``` +[] +``` + + + + +## devshell.modules +modules to include that won't be exported +meant importing modules from external flakes + + +*_Type_*: +list of valid modules or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + diff --git a/doc/api-reference-home.md b/doc/api-reference-home.md new file mode 100755 index 00000000..0ab62f36 --- /dev/null +++ b/doc/api-reference-home.md @@ -0,0 +1,119 @@ +# Home-Manager API Container +Configure your home manager modules, profiles & suites. + + +## home +hosts, modules, suites, and profiles for home-manager + + +*_Type_*: +submodule or path convertible to it + + +*_Default_* +``` +{} +``` + + + + +## home.exportedModules +modules to include in all hosts and export to homeModules output + + +*_Type_*: +list of valid modules or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + +## home.externalModules +The `externalModules` option has been removed. +Any modules that should be exported should be defined with the `exportedModules` +option and all other modules should just go into the `modules` option. + + +*_Type_*: +list of valid modules or anything convertible to it + + +*_Default_* +``` +[] +``` + + + + +## home.importables +Packages of paths to be passed to modules as `specialArgs`. + + +*_Type_*: +attribute set + + +*_Default_* +``` +{} +``` + + + + +## home.importables.suites +collections of profiles + + +*_Type_*: +null or attribute set of list of paths or anything convertible to its or path convertible to it + + +*_Default_* +``` +null +``` + + + + +## home.modules +modules to include that won't be exported +meant importing modules from external flakes + + +*_Type_*: +list of valid modules or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + +## home.users +HM users that can be deployed portably without a host. + + +*_Type_*: +attribute set of HM user configs + + +*_Default_* +``` +{} +``` + + + + diff --git a/doc/api-reference-nixos.md b/doc/api-reference-nixos.md new file mode 100755 index 00000000..7428b161 --- /dev/null +++ b/doc/api-reference-nixos.md @@ -0,0 +1,234 @@ +# NixOS API Container +Configure your nixos modules, profiles & suites. + + +## nixos +hosts, modules, suites, and profiles for NixOS + + +*_Type_*: +submodule or path convertible to it + + +*_Default_* +``` +{} +``` + + + + +## nixos.hostDefaults +Defaults for all hosts. +the modules passed under hostDefaults will be exported +to the 'nixosModules' flake output. +They will also be added to all hosts. + + +*_Type_*: +submodule + + +*_Default_* +``` +{} +``` + + + + +## nixos.hostDefaults.channelName +Channel this host should follow + + +*_Type_*: +channel defined in `channels` + + + + + + +## nixos.hostDefaults.exportedModules +modules to include in all hosts and export to nixosModules output + + +*_Type_*: +list of valid modules or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + +## nixos.hostDefaults.externalModules +The `externalModules` option has been removed. +Any modules that should be exported should be defined with the `exportedModules` +option and all other modules should just go into the `modules` option. + + +*_Type_*: +list of valid modules or anything convertible to it + + +*_Default_* +``` +[] +``` + + + + +## nixos.hostDefaults.modules +modules to include that won't be exported +meant importing modules from external flakes + + +*_Type_*: +list of valid modules or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + +## nixos.hostDefaults.system +system for this host + + +*_Type_*: +null or system defined in `supportedSystems` + + +*_Default_* +``` +null +``` + + + + +## nixos.hosts +configurations to include in the nixosConfigurations output + + +*_Type_*: +attribute set of submodules + + +*_Default_* +``` +{} +``` + + + + +## nixos.hosts.\.channelName +Channel this host should follow + + +*_Type_*: +null or channel defined in `channels` + + +*_Default_* +``` +null +``` + + + + +## nixos.hosts.\.modules +modules to include + + +*_Type_*: +list of valid modules or anything convertible to it or path convertible to it + + +*_Default_* +``` +[] +``` + + + + +## nixos.hosts.\.system +system for this host + + +*_Type_*: +null or system defined in `supportedSystems` + + +*_Default_* +``` +null +``` + + + + +## nixos.hosts.\.tests +tests to run + + +*_Type_*: +list of valid NixOS test or path convertible to its or anything convertible to it + + +*_Default_* +``` +[] +``` + + +*_Example_* +``` +{"_type":"literalExpression","text":"[\n {\n name = \"testname1\";\n machine = { ... };\n testScript = ''\n # ...\n '';\n }\n ({ corutils, writers, ... }: {\n name = \"testname2\";\n machine = { ... };\n testScript = ''\n # ...\n '';\n })\n ./path/to/test.nix\n];\n"} +``` + + +## nixos.importables +Packages of paths to be passed to modules as `specialArgs`. + + +*_Type_*: +attribute set + + +*_Default_* +``` +{} +``` + + + + +## nixos.importables.suites +collections of profiles + + +*_Type_*: +null or attribute set of list of paths or anything convertible to its or path convertible to it + + +*_Default_* +``` +null +``` + + + + diff --git a/doc/api-reference.md b/doc/api-reference.md new file mode 100755 index 00000000..47eb1284 --- /dev/null +++ b/doc/api-reference.md @@ -0,0 +1,80 @@ +# Top Level API +`digga`'s top level API. API Containers are documented in their respective sub-chapter: + +- [Channels](./api-reference-channels.md) +- [Home](./api-reference-home.md) +- [Devshell](./api-reference-devshell.md) +- [NixOS](./api-reference-nixos.md) +- [Darwin](./api-reference-darwin.md) + +## channelsConfig +nixpkgs config for all channels + + +*_Type_*: +attribute set or path convertible to it + + +*_Default_* +``` +{} +``` + + + + +## inputs +The flake's inputs + +*_Type_*: +attribute set of nix flakes + + + + + + +## outputsBuilder +builder for flake system-spaced outputs +The builder gets passed an attrset of all channels + + +*_Type_*: +function that evaluates to a(n) attribute set or path convertible to it + + +*_Default_* +``` +"channels: { }" +``` + + + + +## self +The flake to create the DevOS outputs for + +*_Type_*: +nix flake + + + + + + +## supportedSystems +The systems supported by this flake + + +*_Type_*: +list of strings + + +*_Default_* +``` +["aarch64-linux","aarch64-darwin","i686-linux","x86_64-darwin","x86_64-linux"] +``` + + + + diff --git a/doc/bud/get.md b/doc/bud/get.md deleted file mode 100644 index 12263df0..00000000 --- a/doc/bud/get.md +++ /dev/null @@ -1,10 +0,0 @@ -# get -The `get` subcommand is useful for getting a bare copy of devos without the -git history. - -## Usage -```sh -bud get DEST-DIR -``` - -If DEST-DIR is ommitted, it defaults to _./devos_. diff --git a/doc/bud/index.md b/doc/bud/index.md deleted file mode 100644 index 7b985792..00000000 --- a/doc/bud/index.md +++ /dev/null @@ -1,24 +0,0 @@ -# [`bud`][bud] command -The template incudes a convenient script for managing your system called [`bud`][bud]. - -It is a portable and highly composable system control tool that work anywhere on your host -or in the flake's devshell. - -Although it comes with some predefined standard helpers, -it is very extensible and you are encouraged to write your own script snippets -to ease your workflows. An example is the bud module for a `get` command that -comes included with `devos`. - -While writing scripts you can convenientely access smart environment variables -that can tell the current architecture, user or host name, among others, regardless -wether you invoke `bud` within the devshell or as the system-wide installed `bud`. - -For details, please review the [bud repo][bud]. - -## Usage -```sh -bud help -``` - - -[bud]: https://github.com/divnix/bud diff --git a/doc/concepts/users.md b/doc/concepts/users.md index b2a6c2a3..b3454244 100644 --- a/doc/concepts/users.md +++ b/doc/concepts/users.md @@ -49,19 +49,18 @@ argument that gets passed to your home-manager users. ## External Usage You can easily use the defined home-manager configurations outside of NixOS -using the `homeConfigurations` flake output. The [bud](../bud/index.md) helper -script makes this even easier. +using the `homeConfigurations` flake output. -This is great for keeping your environment consistent across Unix systems, -including OSX. +This is great for keeping your environment consistent across Unix-like systems, +including macOS. ### From within the projects devshell: ```sh -# builds the nixos user defined in the NixOS host -bud home NixOS nixos +# builds the pub-solar user defined in the PubSolarOS host +nix build '.#homeConfigurations."pub-solar@PubSolarOS".activationPackage' # build and activate -bud home NixOS nixos switch +nix build '.#homeConfigurations."pub-solar@PubSolarOS".activationPackage' && ./result/activate && unlink result ``` ### Manually from outside the project: diff --git a/doc/start/bootstrapping.md b/doc/start/bootstrapping.md deleted file mode 100644 index b8a0ad04..00000000 --- a/doc/start/bootstrapping.md +++ /dev/null @@ -1,102 +0,0 @@ -# Bootstrapping - -This will help you boostrap a bare host with the help of the -[bespoke iso](./iso.md) live installer. - -_Note: nothing prevents you from remotely executing the boostrapping -process. See below._ - -Once your target host has booted into the live iso, you need to partition -and format your disk according to the [official manual][manual]. - -## Mount partitions - -Then properly mount the formatted partitions at `/mnt`, so that you can -install your system to those new partitions. - -Mount `nixos` partition to `/mnt` and — for UEFI — `boot` -partition to `/mnt/boot`: - -```console -$ mount /dev/disk/by-label/nixos /mnt -$ mkdir -p /mnt/boot && mount /dev/disk/by-label/boot /mnt/boot # UEFI only -$ swapon /dev/disk/by-label/swap -``` - -Add some extra space to the store. In the iso, it's running on a tmpfs -off your RAM: -```console -$ mkdir -p /mnt/tmpstore/{work,store} -$ mount -t overlay overlay -olowerdir=/nix/store,upperdir=/mnt/tmpstore/store,workdir=/mnt/tmpstore/work /nix/store -``` - -## Install - -Install off of a copy of devos from the time the iso was built: - -```console -$ cd /iso/devos -$ nixos-install --flake .#NixOS -``` - -## Notes of interest - -### Remote access to the live installer - -The iso live installer comes preconfigured with a network configuration -which announces it's hostname via [MulticastDNS][mDNS] as `hostname.local`, -that is `bootstrap.local` in the [iso example](./iso). - -In the rare case that [MulticastDNS][mDNS] is not availabe or turned off -in your network, there is a static link-local IPv6 address configured to -`fe80::47`(mnemonic from the letter's position in the english alphabet: -`n=14 i=9 x=24; 47 = n+i+x`). - -Provided that you have added your public key to the authorized keys of the -`root` user _(hint: [`deploy-rs`](../integrations/deploy.md) needs passwordless -sudo access)_: - -```nix -{ ... }: -{ - users.users.root.openssh.authorizedKeys.keyFiles = [ - ../secrets/path/to/key.pub - ]; -} -``` - -You can then ssh into the live installer through one of the -following options: - -```console -ssh root@bootstrap.local - -ssh root@fe80::47%eno1 # where eno1 is your network interface on which you are linked to the target -``` - -_Note: the [static link-local IPv6 address][staticLLA] and [MulticastDNS][mDNS] is only -configured on the live installer. If you wish to enable [MulticastDNS][mDNS] -for your environment, you ought to configure that in a regular [profile](../concepts/profiles.md)._ - -### EUI-64 LLA & Host Identity - -The iso's IPv6 Link Local Address (LLA) is configured with a static 64-bit Extended -Unique Identifiers (EUI-64) that is derived from the host interface's Message -Authentication Code (MAC) address. - -After a little while (a few seconds), you can remotely discover this unique and host -specific address over [NDP][NDP] for example with: - -```console -ip -6 neigh show # also shows fe80::47 -``` - -***This LLA is stable for the host, unless you need to swap that particular network card.*** -Under this reservation, though, you may use this EUI-64 to wire up a specific -(cryptographic) host identity. - - -[manual]: https://nixos.org/manual/nixos/stable/index.html#sec-installation-partitioning -[mDNS]: https://en.wikipedia.org/wiki/Multicast_DNS -[NDP]: https://en.wikipedia.org/wiki/Neighbor_Discovery_Protocol -[staticLLA]: https://tools.ietf.org/html/rfc7404 diff --git a/doc/start/from-nixos.md b/doc/start/from-nixos.md deleted file mode 100644 index 3e8c84d6..00000000 --- a/doc/start/from-nixos.md +++ /dev/null @@ -1,51 +0,0 @@ -# From NixOS - -## Generate Configuration -Assuming you're happy with your existing partition layout, you can generate a -basic NixOS configuration for your system using: -```sh -bud up -``` - -This will make a new file `hosts/up-$(hostname).nix`, which you can edit to -your liking. - -You must then add a host to `nixos.hosts` in flake.nix: -```nix -{ - nixos.hosts = { - modules = hosts/NixOS.nix; - }; -} -``` - -Make sure your `i18n.defaultLocale` and `time.timeZone` are set properly for -your region. Keep in mind that `networking.hostName` will be automatically -set to the name of your host; - -Now might be a good time to read the docs on [suites](../concepts/suites.md) and -[profiles](../concepts/profiles.md) and add or create any that you need. - -> ##### _Note:_ -> While the `up` sub-command is provided as a convenience to quickly set up and -> install a "fresh" NixOS system on current hardware, committing these files is -> discouraged. -> -> They are placed in the git staging area automatically because they would be -> invisible to the flake otherwise, but it is best to move what you need from -> them directly into a host module of your own making, and commit that instead. -# Installation - -Once you're ready to deploy `hosts/my-host.nix`: -```sh -bud my-host switch -``` - - -This calls `nixos-rebuild` with sudo to build and install your configuration. - -> ##### _Notes:_ -> - Instead of `switch`, you can pass `build`, `test`, `boot`, etc just as with -> `nixos-rebuild`. - - diff --git a/doc/start/index.md b/doc/start/index.md index 2cd14d9a..9650ba05 100644 --- a/doc/start/index.md +++ b/doc/start/index.md @@ -2,25 +2,35 @@ The only dependency is nix, so make sure you have it [installed][install-nix]. ## Get the Template -Here is a snippet that will get you the template without the git history: +If you currently don't have flakes setup, you can utilize the digga shell to pull the template: ```sh -nix-shell -p cachix --run "cachix use nrdxp" - -nix-shell https://github.com/divnix/devos/archive/main.tar.gz -A shell \ - --run "bud get main" - -cd devos - -nix-shell +nix-shell "https://github.com/divnix/digga/archive/main.tar.gz" \ + --run "nix flake init -t github:divnix/digga" +``` +If you already have flakes support, you can directly pull the template: +```sh +nix flake init -t github:divnix/digga +``` +Then make sure to create the git repository: +```sh git init git add . git commit -m init ``` -This will place you in a new folder named `devos` with git initialized, and a -nix-shell that provides all the dependencies, including the unstable nix -version required. +To drop into a nix-shell, if you don't have flakes setup, use the digga shell to create a `flake.lock`: +```sh +nix-shell "https://github.com/divnix/digga/archive/main.tar.gz" \ + --run "nix flake lock" +``` +Or if you do have flakes support, just run: +```sh +nix flake lock +``` + +Finally, run `nix-shell` to get to an interactive shell with all the dependencies, including the unstable nix +version required. You can run `menu` to confirm that you are using digga (expected output includes [docs], [general commands], [linter], etc.). In addition, the [binary cache](../integrations/cachix.md) is added for faster deployment. @@ -33,9 +43,8 @@ In addition, the [binary cache](../integrations/cachix.md) is added for faster d > you can try with sudo: `sudo nix-shell -p cachix --run "cachix use nrdxp"` ## Next Steps: + - [Make installable ISO](./iso.md) -- [Bootstrap Host](./bootstrapping.md) -- [Already on NixOS](./from-nixos.md) [install-nix]: https://nixos.org/manual/nix/stable/#sect-multi-user-installation diff --git a/doc/start/iso.md b/doc/start/iso.md index 76af1c6e..b8fa6659 100644 --- a/doc/start/iso.md +++ b/doc/start/iso.md @@ -1,22 +1,36 @@ -# ISO +# Installation Media + +This project leverages [nix-community/nixos-generators][nixos-generators] for +building machine images. In most cases, you'll probably want to use the +`install-iso` format. + +Making an installable ISO for `hosts/bootstrap.nix` is as simple as: -Making and writing an installable iso for `hosts/bootstrap.nix` is as simple as: ```sh -bud build bootstrap bootstrapIso -sudo -E $(which bud) burn +nix run github:nix-community/nixos-generators -- \ + --format install-iso \ + --flake '.#bootstrap' ``` -This works for any host. +Then "burn" the ISO to your USB stick (or CD-R if you like!) following the +[instructions in the NixOS manual][burn] (or using your preferred USB burner). -## ISO image nix store & cache +You can also swap out the `--format` for [any of the others][formats] supported +by nixos-generators. -The iso image holds the store to the live environment and _also_ acts as a binary cache -to the installer. To considerably speed up things, the image already includes all flake -`inputs` as well as the `devshell` closures. +Continue by following the usual installation instructions in the NixOS manual. -While you _could_ provision any machine with a single stick, a custom-made iso for -the host you want to install DevOS to, maximises those local cache hits. +## ISO Nix Store and Cache -For hosts that don't differ too much, a single usb stick might be ok, whereas when -there are bigger differences, a custom-made usb stick will be considerably faster. +The ISO image holds the Nix store for the live environment and _also_ acts as a +binary cache to the installer. To considerably speed things up, the image +already includes all flake `inputs` as well as the `devshell` closures. +While you _could_ provision any NixOS machine with the same USB stick, an ISO +custom-made for your target host will maximise those local cache hits. For hosts +that don't differ too much, a single USB stick might be ok, whereas when there +are bigger differences, a custom-made USB stick will be considerably faster. + +[nixos-generators]: https://github.com/nix-community/nixos-generators +[burn]: https://nixos.org/manual/nixos/stable/index.html#sec-booting-from-usb +[formats]: https://github.com/nix-community/nixos-generators/tree/master/formats diff --git a/flake.lock b/flake.lock index 2e4bdbcd..857bb989 100644 --- a/flake.lock +++ b/flake.lock @@ -20,26 +20,6 @@ "type": "github" } }, - "beautysh": { - "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": "nixpkgs", - "poetry2nix": "poetry2nix" - }, - "locked": { - "lastModified": 1641830469, - "narHash": "sha256-uhDmgNP/biOWe4FtOa6c2xZnREH+NP9rdrMm0LccRUk=", - "owner": "lovesegfault", - "repo": "beautysh", - "rev": "e85d9736927c0fcf2abb05cb3a2d8d9b4502a2eb", - "type": "github" - }, - "original": { - "owner": "lovesegfault", - "repo": "beautysh", - "type": "github" - } - }, "blank": { "locked": { "lastModified": 1625557891, @@ -55,31 +35,6 @@ "type": "github" } }, - "bud": { - "inputs": { - "beautysh": "beautysh", - "devshell": [ - "digga", - "devshell" - ], - "nixpkgs": [ - "nixos" - ] - }, - "locked": { - "lastModified": 1654190822, - "narHash": "sha256-B8z3stYaULNDBBjzJHrFHGgiJHrLqhBkxH+9u5iBP7E=", - "owner": "divnix", - "repo": "bud", - "rev": "0ff3e4e4b8791ea4d827bf5bfcac28cef060f209", - "type": "github" - }, - "original": { - "owner": "divnix", - "repo": "bud", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -145,7 +100,7 @@ }, "devshell": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils", "nixpkgs": [ "digga", "nixpkgs" @@ -251,11 +206,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1631561581, - "narHash": "sha256-3VQMV5zvxaVLvqqUrNz3iJelLw30mIVSfZmAaauM3dA=", + "lastModified": 1642700792, + "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", "owner": "numtide", "repo": "flake-utils", - "rev": "7e5bf3925f6fbdfaf50a2a7ca0be2879c4261d19", + "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", "type": "github" }, "original": { @@ -266,7 +221,7 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": "flake-utils_3" + "flake-utils": "flake-utils_2" }, "locked": { "lastModified": 1654029967, @@ -284,21 +239,6 @@ } }, "flake-utils_2": { - "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { "locked": { "lastModified": 1644229661, "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", @@ -313,7 +253,7 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_3": { "locked": { "lastModified": 1649676176, "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", @@ -435,7 +375,7 @@ "nixos-generators": { "inputs": { "nixlib": "nixlib", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1657748715, @@ -468,16 +408,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1633971123, - "narHash": "sha256-WmI4NbH1IPGFWVkuBkKoYgOnxgwSfWDgdZplJlQ93vA=", + "lastModified": 1637186689, + "narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e4ef597edfd8a0ba5f12362932fc9b1dd01a0aef", + "rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-unstable-small", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -498,22 +438,6 @@ "type": "github" } }, - "nixpkgs_2": { - "locked": { - "lastModified": 1637186689, - "narHash": "sha256-NU7BhgnwA/3ibmCeSzFK6xGi+Bari9mPfn+4cBmyEjw=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "7fad01d9d5a3f82081c00fb57918d64145dc904c", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "nur": { "locked": { "lastModified": 0, @@ -529,7 +453,7 @@ "nvfetcher": { "inputs": { "flake-compat": "flake-compat_3", - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixos" ] @@ -548,37 +472,9 @@ "type": "github" } }, - "poetry2nix": { - "inputs": { - "flake-utils": [ - "bud", - "beautysh", - "flake-utils" - ], - "nixpkgs": [ - "bud", - "beautysh", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1633382856, - "narHash": "sha256-hYlet806M9xJj4yxf0g5fhDT2IEUVIMAl7sqIeZ8DUM=", - "owner": "nix-community", - "repo": "poetry2nix", - "rev": "705cbfa10e3d9bfed2e59e0256844ae3704dbd7e", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "poetry2nix", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", - "bud": "bud", "darwin": "darwin", "deploy": "deploy", "digga": "digga", diff --git a/flake.nix b/flake.nix index 85e05602..bf050b2e 100644 --- a/flake.nix +++ b/flake.nix @@ -17,10 +17,6 @@ digga.inputs.home-manager.follows = "home"; digga.inputs.deploy.follows = "deploy"; - bud.url = "github:divnix/bud"; - bud.inputs.nixpkgs.follows = "nixos"; - bud.inputs.devshell.follows = "digga/devshell"; - home.url = "github:nix-community/home-manager/release-22.05"; home.inputs.nixpkgs.follows = "nixos"; @@ -47,7 +43,6 @@ outputs = { self , digga - , bud , nixos , home , nixos-hardware @@ -101,7 +96,6 @@ digga.nixosModules.nixConfig home.nixosModules.home-manager agenix.nixosModules.age - bud.nixosModules.bud ]; }; diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index 541ca6fb..ba509911 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -1,6 +1,6 @@ { profiles, ... }: { - # build with: `bud build bootstrap bootstrapIso` + # build with: `nix build '.#nixosConfigurations.bootstrap.config.system.build.bootstrapIso'` # reachable on the local link via ssh root@fe80::47%eno1 # where 'eno1' is replaced by your own machine's network # interface that has the local link to the target machine diff --git a/shell/default.nix b/shell/default.nix index d22b3af4..597a2d2d 100644 --- a/shell/default.nix +++ b/shell/default.nix @@ -1,7 +1,6 @@ { self, inputs, ... }: { modules = with inputs; [ - bud.devshellModules.bud ]; exportedModules = [ ./devos.nix -- 2.44.2 From b42f7b72ad5a7c8b72bbd93039e8addb2a95a6d2 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 14 Aug 2022 12:31:53 +0200 Subject: [PATCH 268/320] Remove bud from CI, too --- .drone.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.drone.yml b/.drone.yml index 23805095..f54bd8f9 100644 --- a/.drone.yml +++ b/.drone.yml @@ -106,7 +106,6 @@ steps: - nix $$NIX_FLAGS flake check - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix $$NIX_FLAGS develop --command echo OK - - nix $$NIX_FLAGS develop --command bud --help --- kind: pipeline @@ -122,8 +121,8 @@ steps: commands: - | nix --print-build-logs --verbose \ - develop --command \ - bud build bootstrap bootstrapIso + build \ + '.#nixosConfigurations.bootstrap.config.system.build.bootstrapIso' - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -158,6 +157,6 @@ volumes: --- kind: signature -hmac: bdbefb07b97dc8efc44d8eb36ee4d1bb89eec3b7255b49929e126e86a4b4a788 +hmac: da951ba8ede88996728acfb47846e01880eb0e3b91f66e47848d6c1cc727c5d9 ... -- 2.44.2 From cb5c75b1cc37e9272422bf45ecd3e6353abb0cd2 Mon Sep 17 00:00:00 2001 From: hensoko Date: Sun, 14 Aug 2022 15:17:35 +0000 Subject: [PATCH 269/320] feature/terminal-life-lite-mode (#117) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/117 Reviewed-by: Benjamin Bädorf --- modules/core/default.nix | 6 +++++- modules/terminal-life/default.nix | 8 ++++++++ modules/terminal-life/nvim/default.nix | 3 ++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/modules/core/default.nix b/modules/core/default.nix index c7457c1b..7b168268 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -28,10 +28,14 @@ in config = { pub-solar = { - terminal-life.enable = true; audio.enable = lib.mkIf (!cfg.lite) true; crypto.enable = lib.mkIf (!cfg.lite) true; devops.enable = lib.mkIf (!cfg.lite) true; + + terminal-life = { + enable = true; + lite = cfg.lite; + }; }; }; } diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index 8ecb9919..6bd0312f 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -7,6 +7,14 @@ in { options.pub-solar.terminal-life = { enable = mkEnableOption "Life in black and white"; + + lite = mkOption { + description = '' + Enable a lite edition of terminal-life with less modules and a reduced package set. + ''; + default = false; + type = types.bool; + }; }; config = mkIf cfg.enable { diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 1d6645ff..bc06943b 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -1,6 +1,7 @@ { config, pkgs, ... }: let psCfg = config.pub-solar; + cfg = config.pub-solar.terminal-life; xdg = config.home-manager.users."${psCfg.user.name}".xdg; preview-file = pkgs.writeShellScriptBin "preview-file" (import ./preview-file.nix pkgs); @@ -76,7 +77,7 @@ in withRuby = true; withPython3 = true; - extraPackages = with pkgs; [ + extraPackages = with pkgs; lib.mkIf (!cfg.lite) [ ccls gopls nodejs -- 2.44.2 From ca4262b84f341b97cd4a179bde3740d42bc61052 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 17:20:09 +0200 Subject: [PATCH 270/320] Fix hibernation enabling in paranoia mode --- modules/paranoia/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix index 19c470ad..bb319767 100644 --- a/modules/paranoia/default.nix +++ b/modules/paranoia/default.nix @@ -19,6 +19,6 @@ in }; config = mkIf cfg.enable { - pub-solar.core.hibernate.enable = true; + pub-solar.core.hibernation.enable = true; }; } -- 2.44.2 From 043178172b96ad23ef9c62bd406c43652b342bad Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 18:03:32 +0200 Subject: [PATCH 271/320] Improve help and screen recording keybindings in sway This commit shuffles around some sway keybindings and improves the screen recording experience by adding a small wrapper around `slurp` and `wf-recorder` conveniently called `record-screen`. * `$mod+F5` now reload the sway configuration, * `$mod+Ctrl+r` starts a screen recording (to stop it, go to workspace 7 and kill the process), * `record-screen` and the firefox sharing indicator are both on workspace 7 now, making it the "trash" workspace, * `$mod+F1` and `$mod+Shift+h` now open Firefox with the docs of our repository availabe under `help.local`. * To not infuriate `qMasterPassword` users, that is now available under `$mod+Shift+m` instead of `$mod+F1`. --- doc/book.toml | 2 +- modules/core/networking.nix | 16 ++++++++---- .../sway/config/config.d/applications.conf | 11 +++++--- .../config/config.d/custom-keybindings.conf | 15 +++++++---- modules/sway/config/config.nix | 2 +- modules/sway/default.nix | 1 + pkgs/default.nix | 2 ++ pkgs/psos-docs.nix | 26 +++++++++++++++++++ pkgs/psos.nix | 4 +++ pkgs/record-screen.nix | 10 +++++++ 10 files changed, 74 insertions(+), 15 deletions(-) create mode 100644 pkgs/psos-docs.nix create mode 100644 pkgs/record-screen.nix diff --git a/doc/book.toml b/doc/book.toml index 373d26fd..f9dca6a3 100644 --- a/doc/book.toml +++ b/doc/book.toml @@ -3,4 +3,4 @@ authors = ["Timothy DeHerrera"] language = "en" multilingual = false src = "." -title = "devos docs" +title = "PubSolarOS documentation" diff --git a/modules/core/networking.nix b/modules/core/networking.nix index ce3248d8..95db64e3 100644 --- a/modules/core/networking.nix +++ b/modules/core/networking.nix @@ -34,20 +34,26 @@ in # These entries get added to /etc/hosts networking.hosts = { - "127.0.0.1" = [ "cups.local" ]; + "127.0.0.1" = [ "cups.local" "help.local" "caddy.local" ]; }; # Caddy reverse proxy for local services like cups services.caddy = { enable = true; globalConfig = '' + default_bind 127.0.0.1 auto_https off ''; extraConfig = '' - cups.local:80 - bind 127.0.0.1 - request_header Host localhost:631 - reverse_proxy unix//run/cups/cups.sock + cups.local:80 { + request_header Host localhost:631 + reverse_proxy unix//run/cups/cups.sock + } + + help.local:80 { + root * ${pkgs.psos-docs}/lib/html + file_server + } ''; }; }; diff --git a/modules/sway/config/config.d/applications.conf b/modules/sway/config/config.d/applications.conf index 3bab265d..00eecef3 100644 --- a/modules/sway/config/config.d/applications.conf +++ b/modules/sway/config/config.d/applications.conf @@ -14,8 +14,9 @@ assign [app_id="telegramdesktop"] $ws4 # Launcher for_window [app_id="launcher" title="Alacritty"] floating enable, border pixel 10, sticky enable +for_window [app_id="pavucontrol"] floating enable, border pixel 10, sticky enable + # Floating menus -for_window [app_id="pavucontrol"] floating enable for_window [app_id="blueman-manager"] floating enable # Open specific applications in floating mode @@ -60,10 +61,14 @@ for_window [window_type="dialog"] floating enable for_window [window_type="menu"] floating enable for_window [title="About Mozilla Firefox"] floating enable for_window [title="Password Required - Mozilla Firefox"] floating enable -for_window [title="Firefox — Sharing Indicator"] move to workspace $ws7, floating enable -no_focus [title="Firefox — Sharing Indicator"] for_window [title="Extension: (Open in Browser)*"] floating enable +# Technical media stuff happens on ws7 +for_window [app_id="screen-recorder" title="Alacritty"] move to workspace $ws7, floating disable +no_focus [app_id="screen-recorder"] +for_window [title="Firefox — Sharing Indicator"] move to workspace $ws7, floating disable +no_focus [title="Firefox — Sharing Indicator"] + # qMasterPassword floating menu for_window [title="qMasterPassword"] focus for_window [title="qMasterPassword"] floating enable diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/sway/config/config.d/custom-keybindings.conf index bb452ddc..39a0353e 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/sway/config/config.d/custom-keybindings.conf @@ -13,21 +13,26 @@ bindsym $mod+Ctrl+m exec pavucontrol ################################################################################################ # Quickstart application shortcuts -bindsym $mod+F1 exec qMasterPassword +bindsym $mod+F1 exec psos help +bindsym $mod+Shift+h exec psos help + bindsym $mod+F2 exec firefox + bindsym $mod+F3 exec $term -e vifm bindsym $mod+Shift+F3 exec gksu $term -e vifm + bindsym $mod+F4 exec nautilus -w bindsym $mod+Shift+F4 exec signal-desktop --use-tray-icon -bindsym $mod+F5 exec $term -e 'mocp -C $XDG_CONFIG_DIR/mocp/config' -bindsym $mod+Shift+m exec mu -bindsym $mod+Shift+h exec xdg-open /usr/share/doc/manjaro/i3_help.pdf -# Screenshofts +bindsym $mod+Shift+m exec qMasterPassword + +# Screenshots and screen recordings bindsym $mod+Ctrl+p exec grim -g "$(slurp -d -b \#ffffff11)" ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png bindsym $mod+Shift+p exec grim ~/Pictures/Screenshots/$(date +%Y%m%d_%Hh%Mm%Ss)_grim.png bindsym $mod+Ctrl+f exec "( pkill flameshot || true && flameshot & ) && ( sleep 0.5s && flameshot gui )" +bindsym $mod+Ctrl+r exec record-screen + # Launcher set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher bindsym $mod+Space exec $menu diff --git a/modules/sway/config/config.nix b/modules/sway/config/config.nix index 8e21ec02..2375d616 100644 --- a/modules/sway/config/config.nix +++ b/modules/sway/config/config.nix @@ -50,7 +50,7 @@ floating_modifier $mod normal # Reload the configuration file - bindsym $mod+Ctrl+r reload + bindsym $mod+F5 reload # # Moving around: diff --git a/modules/sway/default.nix b/modules/sway/default.nix index 35013dd2..b8abb402 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -77,6 +77,7 @@ in swaylock-bg sway-launcher + record-screen import-gtk-settings s wcwd diff --git a/pkgs/default.nix b/pkgs/default.nix index ecac30a3..6d392772 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -9,6 +9,7 @@ with final; { mopidy-jellyfin = import ./mopidy-jellyfin.nix final; mu = writeShellScriptBin "mu" (import ./mu.nix final); psos = writeShellScriptBin "psos" (import ./psos.nix final); + psos-docs = import ./psos-docs.nix final; s = writeShellScriptBin "s" (import ./s.nix final); sway-launcher = writeScriptBin "sway-launcher" (import ./sway-launcher.nix final); sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final); @@ -17,6 +18,7 @@ with final; { uhk-agent = import ./uhk-agent.nix final; wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final); + record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final); # ps-fixes } diff --git a/pkgs/psos-docs.nix b/pkgs/psos-docs.nix new file mode 100644 index 00000000..112e39bc --- /dev/null +++ b/pkgs/psos-docs.nix @@ -0,0 +1,26 @@ +self: with self; +stdenv.mkDerivation rec { + pname = "psos-docs"; + version = "0.0.1"; + buildInputs = [ + mdbook + mdbook-pdf + ]; + + src = ../docs/..; # wut + + phases = [ "buildPhase" "installPhase" ]; + + buildPhase = '' + cp -r $src/doc ./doc + cp $src/README.md ./README.md + chmod ug+w -R . + ls -la . + mdbook build doc + ''; + + installPhase = '' + mkdir -p $out/lib/ + cp -r doc/book $out/lib/html + ''; +} diff --git a/pkgs/psos.nix b/pkgs/psos.nix index a60bad6d..eb050bfb 100644 --- a/pkgs/psos.nix +++ b/pkgs/psos.nix @@ -14,6 +14,10 @@ self: with self; '' shift; exec nixos-option -I nixpkgs=/etc/nixos/lib/compat $@ ;; + help) + shift; + exec xdg-open http://help.local/ + ;; *) if [[ "$@" != "" ]]; then echo "Unknown command: psos $@" diff --git a/pkgs/record-screen.nix b/pkgs/record-screen.nix new file mode 100644 index 00000000..d8d7f4a3 --- /dev/null +++ b/pkgs/record-screen.nix @@ -0,0 +1,10 @@ +self: with self; '' + mkdir -p "$HOME/Videos/Screenrecordings" + GEOMETRY="$(slurp -d -b \#ffffff11)" + RESOLUTION="$(echo $GEOMETRY | awk '{print $2}')" + FILE_LOCATION="$HOME/Videos/Screenrecordings/$(${coreutils}/bin/date +%Y%m%d_%Hh%Mm%Ss)_$RESOLUTION.mp4" + echo "Recording $GEOMETRY into $FILE_LOCATION" + ${alacritty}/bin/alacritty \ + --class screen-recorder \ + -e ${wf-recorder}/bin/wf-recorder -g "$GEOMETRY" -f "$FILE_LOCATION" +'' -- 2.44.2 From aabe96a3357e35056f7f5a68f023d10ec820ecfa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 18:11:25 +0200 Subject: [PATCH 272/320] Fix hibernation config --- modules/core/boot.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 6f93fabf..1512289c 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -38,7 +38,7 @@ in }; }; - resumeDevice = mkIf cfg.core.hibernation.enable "/swapfile"; + resumeDevice = mkIf cfg.hibernation.enable "/swapfile"; loader.systemd-boot.enable = true; -- 2.44.2 From ba6dfdcf533c690333b4fc31e76a41d722b0ff8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 19:48:45 +0200 Subject: [PATCH 273/320] Fix sway mode_system config import --- modules/sway/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/sway/default.nix b/modules/sway/default.nix index 469e5cfb..dd0e6055 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -98,7 +98,7 @@ in xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; - xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.config.nix { inherit psCfg; }; + xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit psCfg; }; xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; }; -- 2.44.2 From 46992c46d6521dd74c81a937ad1c1465578cbe30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 19:59:01 +0200 Subject: [PATCH 274/320] Add parameter for swapfile offset --- modules/core/boot.nix | 21 +++++++++++- .../sway/config/config.d/mode_system.conf.nix | 32 +++++++++---------- 2 files changed, 36 insertions(+), 17 deletions(-) diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 1512289c..9df859e2 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -22,6 +22,18 @@ in default = false; description = "Whether the device can hibernate. This creates a swapfile at /swapfile."; }; + + resumeDevice = mkOption { + type = types.str; + default = "/swapfile"; + description = "The location of the hibernation resume swap file."; + }; + + resumeOffset = mkOption { + type = types.nullOr types.number; + default = null; + description = "The swap file offset. Can be found by running `filefrag -v $swap_file_location`. See https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file"; + }; }; config = { @@ -38,7 +50,14 @@ in }; }; - resumeDevice = mkIf cfg.hibernation.enable "/swapfile"; + + resumeDevice = mkIf cfg.hibernation.enable cfg.hibernation.resumeDevice; + kernelParams = mkIf cfg.hibernation.enable [ + "resume=${cfg.hibernation.resumeDevice}" + ] ++ ( + if (cfg.hibernation.resumeOffset == null) then builtins.abort "config.pub-solar.hibernation.resumeOffset has to be set if config.pub-solar.hibernation.enable is true." + else [ "resume_offset=${cfg.hibernation.resumeOffset}" ] + ); loader.systemd-boot.enable = true; diff --git a/modules/sway/config/config.d/mode_system.conf.nix b/modules/sway/config/config.d/mode_system.conf.nix index ef11a461..c505a9f5 100644 --- a/modules/sway/config/config.d/mode_system.conf.nix +++ b/modules/sway/config/config.d/mode_system.conf.nix @@ -1,21 +1,21 @@ { psCfg, ... }: '' -# Set shut down, restart and locking features -set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown -bindsym $mod+0 mode "$mode_system" -mode "$mode_system" { - bindsym e exec swaymsg exit, mode "default" -'' + (if !psCfg.core.allow-hibernation then '' - bindsym h exec systemctl hibernate, mode "default" + # Set shut down, restart and locking features + set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown + bindsym $mod+0 mode "$mode_system" + mode "$mode_system" { + bindsym e exec swaymsg exit, mode "default" +'' + (if !psCfg.core.hibernation.enable then '' + bindsym h exec systemctl hibernate, mode "default" '' else "") - + (if !psCfg.paranoia.enable then '' - bindsym l exec swaylock-bg, mode "default" - bindsym s exec systemctl suspend, mode "default" ++ (if !psCfg.paranoia.enable then '' + bindsym l exec swaylock-bg, mode "default" + bindsym s exec systemctl suspend, mode "default" '' else "") + '' - bindsym r exec systemctl reboot, mode "default" - bindsym Shift+s exec systemctl poweroff, mode "default" + bindsym r exec systemctl reboot, mode "default" + bindsym Shift+s exec systemctl poweroff, mode "default" - # exit system mode: "Enter" or "Escape" - bindsym Return mode "default" - bindsym Escape mode "default" -} + # exit system mode: "Enter" or "Escape" + bindsym Return mode "default" + bindsym Escape mode "default" + } '' -- 2.44.2 From f9b7c9e3c9181debb9ad6fe944a4bf94a4d0e0cf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 20:09:38 +0200 Subject: [PATCH 275/320] Fix build --- modules/core/boot.nix | 29 --------------------------- modules/core/default.nix | 1 + modules/core/hibernation.nix | 38 ++++++++++++++++++++++++++++++++++++ 3 files changed, 39 insertions(+), 29 deletions(-) create mode 100644 modules/core/hibernation.nix diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 9df859e2..10f67dc4 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -16,26 +16,6 @@ in description = "Whether it should be assumed that there is a cryptroot device"; }; - options.pub-solar.core.hibernation = { - enable = mkOption { - type = types.bool; - default = false; - description = "Whether the device can hibernate. This creates a swapfile at /swapfile."; - }; - - resumeDevice = mkOption { - type = types.str; - default = "/swapfile"; - description = "The location of the hibernation resume swap file."; - }; - - resumeOffset = mkOption { - type = types.nullOr types.number; - default = null; - description = "The swap file offset. Can be found by running `filefrag -v $swap_file_location`. See https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file"; - }; - }; - config = { boot = { # Enable plymouth for better experience of booting @@ -50,15 +30,6 @@ in }; }; - - resumeDevice = mkIf cfg.hibernation.enable cfg.hibernation.resumeDevice; - kernelParams = mkIf cfg.hibernation.enable [ - "resume=${cfg.hibernation.resumeDevice}" - ] ++ ( - if (cfg.hibernation.resumeOffset == null) then builtins.abort "config.pub-solar.hibernation.resumeOffset has to be set if config.pub-solar.hibernation.enable is true." - else [ "resume_offset=${cfg.hibernation.resumeOffset}" ] - ); - loader.systemd-boot.enable = true; # Use latest LTS linux kernel by default diff --git a/modules/core/default.nix b/modules/core/default.nix index 7b168268..80ca4926 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -8,6 +8,7 @@ in { imports = [ ./boot.nix + ./hibernation.nix ./fonts.nix ./i18n.nix ./networking.nix diff --git a/modules/core/hibernation.nix b/modules/core/hibernation.nix new file mode 100644 index 00000000..c0e912f1 --- /dev/null +++ b/modules/core/hibernation.nix @@ -0,0 +1,38 @@ +{ config, pkgs, lib, ... }: +with lib; +let + cfg = config.pub-solar.core.hibernation; +in +{ + options.pub-solar.core.hibernation = { + enable = mkOption { + type = types.bool; + default = false; + description = "Whether the device can hibernate. This creates a swapfile at /swapfile."; + }; + + resumeDevice = mkOption { + type = types.str; + default = "/swapfile"; + description = "The location of the hibernation resume swap file."; + }; + + resumeOffset = mkOption { + type = types.nullOr types.int; + default = null; + description = "The swap file offset. Can be found by running `filefrag -v $swap_file_location`. See https://wiki.archlinux.org/title/Power_management/Suspend_and_hibernate#Hibernation_into_swap_file"; + }; + }; + + config = { + boot = mkIf cfg.enable { + resumeDevice = cfg.resumeDevice; + kernelParams = [ + "resume=${cfg.resumeDevice}" + ] ++ ( + if (cfg.resumeOffset == null && cfg.enable) then builtins.abort "config.pub-solar.resumeOffset has to be set if config.pub-solar.enable is true." + else [ "resume_offset=${cfg.resumeOffset}" ] + ); + }; + }; +} -- 2.44.2 From c5362c045313d983bd571ef4dd6fd5d48d53f31c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 20:24:50 +0200 Subject: [PATCH 276/320] Fix path in drone runner exec --- modules/ci-runner/default.nix | 6 +++++- pkgs/drone-docker-runner.nix | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/ci-runner/default.nix b/modules/ci-runner/default.nix index 4db42286..1460ab16 100644 --- a/modules/ci-runner/default.nix +++ b/modules/ci-runner/default.nix @@ -20,7 +20,11 @@ in Restart = "always"; }; - path = "${pkgs.git}/bin:${pkgs.nix}/bin:${pkgs.libvirt}/bin"; + path = [ + pkgs.git + pkgs.nix + pkgs.libvirt + ]; wantedBy = [ "multi-user.target" ]; after = [ "network.target" "libvirtd.service" ]; diff --git a/pkgs/drone-docker-runner.nix b/pkgs/drone-docker-runner.nix index 7d098536..e1773d5a 100644 --- a/pkgs/drone-docker-runner.nix +++ b/pkgs/drone-docker-runner.nix @@ -6,7 +6,7 @@ self: with self; '' --env=DRONE_RPC_PROTO=$DRONE_RPC_PROTO \ --env=DRONE_RPC_HOST=$DRONE_RPC_HOST \ --env=DRONE_RPC_SECRET=$(${self.libsecret}/bin/secret-tool lookup drone rpc-secret) \ - --env=DRONE_RUNNER_CAPACITY=4 \ + --env=DRONE_RUNNER_CAPACITY=8 \ --env=DRONE_RUNNER_NAME=$(${self.inetutils}/bin/hostname) \ --publish=3000:3000 \ --restart=always \ -- 2.44.2 From 14ba7010615ddd723474bb5844ff686f42bfaabb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Sun, 14 Aug 2022 20:28:18 +0200 Subject: [PATCH 277/320] Don't use libvirt in ci-runner --- modules/ci-runner/default.nix | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/modules/ci-runner/default.nix b/modules/ci-runner/default.nix index 1460ab16..0e78e55e 100644 --- a/modules/ci-runner/default.nix +++ b/modules/ci-runner/default.nix @@ -23,11 +23,10 @@ in path = [ pkgs.git pkgs.nix - pkgs.libvirt ]; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "libvirtd.service" ]; + after = [ "network.target" ]; script = ''${pkgs.drone-runner-exec}/bin/drone-runner-exec daemon /run/agenix/drone-runner-exec-config''; }; -- 2.44.2 From c63c3da345aff2bc1239687abc6729b2bf293b75 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 24 Aug 2022 00:53:38 +0200 Subject: [PATCH 278/320] nix: set nix.package to force overlays/ overrides.nix to apply use nix as default version alias in devshell as well --- modules/core/nix.nix | 2 ++ shell/devos.nix | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/core/nix.nix b/modules/core/nix.nix index 38b70cfc..f7ff5fa4 100644 --- a/modules/core/nix.nix +++ b/modules/core/nix.nix @@ -2,6 +2,8 @@ { nix = { + # Use default version alias for nix package + package = pkgs.nix; # Improve nix store disk usage autoOptimiseStore = true; gc.automatic = true; diff --git a/shell/devos.nix b/shell/devos.nix index bd3399a1..9aefcc6f 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -6,7 +6,7 @@ let cachix editorconfig-checker mdbook - nixUnstable + nix nixpkgs-fmt nvfetcher ; -- 2.44.2 From dc8257f31fa2fcbadf8baa679cf9141c3ee60c80 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Wed, 24 Aug 2022 18:43:11 +0200 Subject: [PATCH 279/320] Fix hibernation The resumeDevice and kernel `resume` parameter were being used wrong. Only `boot.resumeDevice` is necessary, and it should point at the _block device_ that holds the swapfile. If you are running on encrypted volumes, this means you will need to use the name of the *decrypted block device* on which the swapfile sits. --- modules/core/hibernation.nix | 9 +++------ modules/sway/config/config.d/mode_system.conf.nix | 2 +- 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/modules/core/hibernation.nix b/modules/core/hibernation.nix index c0e912f1..0454d82b 100644 --- a/modules/core/hibernation.nix +++ b/modules/core/hibernation.nix @@ -13,7 +13,7 @@ in resumeDevice = mkOption { type = types.str; - default = "/swapfile"; + default = "/dev/sda1"; description = "The location of the hibernation resume swap file."; }; @@ -27,12 +27,9 @@ in config = { boot = mkIf cfg.enable { resumeDevice = cfg.resumeDevice; - kernelParams = [ - "resume=${cfg.resumeDevice}" - ] ++ ( + kernelParams = if (cfg.resumeOffset == null && cfg.enable) then builtins.abort "config.pub-solar.resumeOffset has to be set if config.pub-solar.enable is true." - else [ "resume_offset=${cfg.resumeOffset}" ] - ); + else [ "resume_offset=${builtins.toString cfg.resumeOffset}" ]; }; }; } diff --git a/modules/sway/config/config.d/mode_system.conf.nix b/modules/sway/config/config.d/mode_system.conf.nix index c505a9f5..f34ecc57 100644 --- a/modules/sway/config/config.d/mode_system.conf.nix +++ b/modules/sway/config/config.d/mode_system.conf.nix @@ -4,7 +4,7 @@ bindsym $mod+0 mode "$mode_system" mode "$mode_system" { bindsym e exec swaymsg exit, mode "default" -'' + (if !psCfg.core.hibernation.enable then '' +'' + (if psCfg.core.hibernation.enable then '' bindsym h exec systemctl hibernate, mode "default" '' else "") + (if !psCfg.paranoia.enable then '' -- 2.44.2 From 57f608ecde64e26e40f5c6a3f58d6b1028348fc4 Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Wed, 24 Aug 2022 18:19:03 +0200 Subject: [PATCH 280/320] Disable NetworkManager-wait-online system service This service is presumably useful for devices that need to ensure there is an active internet connection before starting other systemd units. This is neither the case for end-user devices as the an active internet connection is only needed after login nor the case for server-like systems as they normally have a static / dhcp-based network configuration which does not require switchable network configuration profiles. --- modules/core/networking.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/modules/core/networking.nix b/modules/core/networking.nix index 95db64e3..ab6f7e3d 100644 --- a/modules/core/networking.nix +++ b/modules/core/networking.nix @@ -23,6 +23,9 @@ in }; }; config = { + # disable NetworkManager-wait-online by default + systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false; + networking.networkmanager = { # Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff. enable = true; -- 2.44.2 From 8efc4c2f9e6786c1bf92fbe73f7335412a9c130c Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Wed, 18 May 2022 00:30:24 +0200 Subject: [PATCH 281/320] Use iwd as wifi backend iwd is a lightweight wireless connection backend that was initiated by developers of intel. It is supposed to be faster. --- modules/core/networking.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/core/networking.nix b/modules/core/networking.nix index 95db64e3..60dcfe74 100644 --- a/modules/core/networking.nix +++ b/modules/core/networking.nix @@ -26,6 +26,7 @@ in networking.networkmanager = { # Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff. enable = true; + wifi.backend = "iwd"; }; # Customized binary caches list (with fallback to official binary cache) -- 2.44.2 From f7eda8ca1c40214c4361d14ce96174d62ce6233e Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 5 Jun 2022 03:07:50 +0200 Subject: [PATCH 282/320] zsh: bundle plugins within our config --- modules/terminal-life/zsh/default.nix | 57 ++++++++++++++++++++------- 1 file changed, 42 insertions(+), 15 deletions(-) diff --git a/modules/terminal-life/zsh/default.nix b/modules/terminal-life/zsh/default.nix index 2db8bc41..63da73ca 100644 --- a/modules/terminal-life/zsh/default.nix +++ b/modules/terminal-life/zsh/default.nix @@ -39,21 +39,48 @@ in nixos-option = "nixos-option -I nixpkgs=${self}/lib/compat"; myip = "dig +short myip.opendns.com @208.67.222.222 2>&1"; }; - zplug = { - enable = true; - plugins = [ - { - name = "plugins/z"; - tags = [ "from:oh-my-zsh" ]; - } - { - name = "romkatv/powerlevel10k"; - tags = [ "as:theme" "depth:1" ]; - } - { name = "zdharma/fast-syntax-highlighting"; } - { name = "chisui/zsh-nix-shell"; } - ]; - }; + plugins = [ + { + # will source ohmyzsh/plugins/z/ + name = "zsh-plugins-z"; + file = "plugins/z/z.sh"; + src = pkgs.fetchFromGitHub { + owner = "ohmyzsh"; + repo = "ohmyzsh"; + rev = "master"; + sha256 = "sha256-NAVotL5RxpS/zKnO+ngMIjv787lqc1dj/c4blQrQcvU="; + }; + } + { + name = "zsh-powerlevel10k"; + file = "powerlevel10k.zsh-theme"; + src = pkgs.fetchFromGitHub { + owner = "romkatv"; + repo = "powerlevel10k"; + rev = "master"; + sha256 = "sha256-0pzkKPdzyQXTe8usaSaM1Iivi2UHQrSJrh5V2pRdiGg="; + }; + } + { + name = "zsh-fast-syntax-highlighting"; + src = pkgs.fetchFromGitHub { + owner = "zdharma"; + repo = "fast-syntax-highlighting"; + rev = "master"; + sha256 = "sha256-uoLrXfq31GvfHO6GTrg7Hus8da2B4SCM1Frc+mRFbFc="; + }; + } + { + name = "zsh-nix-shell"; + file = "nix-shell.plugin.zsh"; + src = pkgs.fetchFromGitHub { + owner = "chisui"; + repo = "zsh-nix-shell"; + rev = "master"; + sha256 = "sha256-BjgMhILEL/qdgfno4LR64LSB8n9pC9R+gG7IQWwgyfQ="; + }; + } + ]; initExtra = '' bindkey -v -- 2.44.2 From de03f0f42fbd61968dedf26e761f9f618d20617f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 17 Jul 2022 16:37:09 +0200 Subject: [PATCH 283/320] zsh: correctly pin plugins to commits instead of branch names, to prevent errors like: error: hash mismatch in fixed-output derivation '/nix/store/n7w9jd46zx4rzy9a24abxv3lcx1ikn1j-source.drv': specified: sha256-0pzkKPdzyQXTe8usaSaM1Iivi2UHQrSJrh5V2pRd0Gg= got: sha256-9vc4cMBCNOmPOyzGwnPeMrXXyQUq4pC9Du3AWl9+Rys= --- modules/terminal-life/zsh/default.nix | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/modules/terminal-life/zsh/default.nix b/modules/terminal-life/zsh/default.nix index 63da73ca..b68a4270 100644 --- a/modules/terminal-life/zsh/default.nix +++ b/modules/terminal-life/zsh/default.nix @@ -47,7 +47,7 @@ in src = pkgs.fetchFromGitHub { owner = "ohmyzsh"; repo = "ohmyzsh"; - rev = "master"; + rev = "249c708ed3a4a7a63d16a6e911a46b6fb9623cbd"; sha256 = "sha256-NAVotL5RxpS/zKnO+ngMIjv787lqc1dj/c4blQrQcvU="; }; } @@ -57,17 +57,18 @@ in src = pkgs.fetchFromGitHub { owner = "romkatv"; repo = "powerlevel10k"; - rev = "master"; - sha256 = "sha256-0pzkKPdzyQXTe8usaSaM1Iivi2UHQrSJrh5V2pRdiGg="; + rev = "2dd6a29e4d7a33bfef10973d6550e087be37ddee"; + sha256 = "sha256-9vc4cMBCNOmPOyzGwnPeMrXXyQUq4pC9Du3AWl9+Rys="; }; } { name = "zsh-fast-syntax-highlighting"; + file = "F-Sy-H.plugin.zsh"; src = pkgs.fetchFromGitHub { - owner = "zdharma"; - repo = "fast-syntax-highlighting"; - rev = "master"; - sha256 = "sha256-uoLrXfq31GvfHO6GTrg7Hus8da2B4SCM1Frc+mRFbFc="; + owner = "z-shell"; + repo = "F-Sy-H"; + rev = "c4bdc485b67b58351a24f21fcac92c9e0232b939"; + sha256 = "sha256-uXBGIdJwubuueNhQRdGxPUi0eJN17cflYAuHTjeQ8FQ="; }; } { @@ -76,7 +77,7 @@ in src = pkgs.fetchFromGitHub { owner = "chisui"; repo = "zsh-nix-shell"; - rev = "master"; + rev = "af6f8a266ea1875b9a3e86e14796cadbe1cfbf08"; sha256 = "sha256-BjgMhILEL/qdgfno4LR64LSB8n9pC9R+gG7IQWwgyfQ="; }; } -- 2.44.2 From 6d1d683b231a13e94bed8fd215cd311fb99b0be5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Thu, 25 Aug 2022 00:13:23 +0200 Subject: [PATCH 284/320] Fix swayidle command, add hibernation on lid close, fix env The swayidle command in the service was straight up broken, this commit fixes that. Environment Variables set in the `session-variables` file are now correctly imported across the system. This fixes `EDITOR` defaulting to `nano`. --- modules/paranoia/default.nix | 1 + modules/sway/config/config.d/systemd.conf | 2 +- modules/sway/mako.service.nix | 1 - modules/sway/swayidle.service.nix | 20 +++++++++----------- modules/sway/waybar.service.nix | 3 ++- pkgs/sway-service.nix | 2 +- profiles/base-user/session-variables.nix | 18 +++++++++++++++--- 7 files changed, 29 insertions(+), 18 deletions(-) diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix index bb319767..699ab13e 100644 --- a/modules/paranoia/default.nix +++ b/modules/paranoia/default.nix @@ -20,5 +20,6 @@ in config = mkIf cfg.enable { pub-solar.core.hibernation.enable = true; + services.logind.lidSwitch = "hibernate"; }; } diff --git a/modules/sway/config/config.d/systemd.conf b/modules/sway/config/config.d/systemd.conf index d6380d41..66759c4f 100644 --- a/modules/sway/config/config.d/systemd.conf +++ b/modules/sway/config/config.d/systemd.conf @@ -5,4 +5,4 @@ # https://github.com/swaywm/sway/wiki/Systemd-integration # Also, import the most important environment variables into the D-Bus and systemd # user environments (e.g. required for screen sharing and Pinentry prompts): -exec "systemctl --user import-environment DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP; systemctl --user start sway-session.target; exec dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP; systemd-cat --identifier=sway sway" +exec "systemctl --user import-environment; systemctl --user start sway-session.target; exec dbus-update-activation-environment --systemd $IMPORT_ENVIRONMENT_ENV_LIST DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP; systemd-cat --identifier=sway sway" diff --git a/modules/sway/mako.service.nix b/modules/sway/mako.service.nix index b155e148..1f210c74 100644 --- a/modules/sway/mako.service.nix +++ b/modules/sway/mako.service.nix @@ -5,7 +5,6 @@ Documentation = [ "man:mako(1)" ]; BindsTo = [ "sway-session.target" ]; After = [ "sway-session.target" ]; - # ConditionEnvironment requires systemd v247 to work correctly ConditionEnvironment = [ "WAYLAND_DISPLAY" ]; }; Service = { diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index 3b87c610..f10675fb 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -10,17 +10,15 @@ Service = { Type = "simple"; Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin"; - ExecStart = if psCfg.paranoia.enable then '' - ${pkgs.swayidle}/bin/swayidle -w \ - timeout 120 'swaymsg "output * dpms off"' \ - timeout 150 'systemctl hibernate' \ - '' else '' - ${pkgs.swayidle}/bin/swayidle -w \ - timeout 600 'swaylock-bg' \ - timeout 900 'swaymsg "output * dpms off"' \ - resume 'swaymsg "output * dpms on"' \ - before-sleep 'swaylock-bg' - ''; + ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ + after-resume 'swaymsg "output * dpms on"' \ + before-sleep 'swaylock-bg' '' + (if psCfg.paranoia.enable then '' \ + timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \ + timeout 150 'systemctl hibernate' + '' else '' \ + timeout 600 'swaylock-bg' + timeout 900 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' + ''); }; Install = { WantedBy = [ "sway-session.target" ]; diff --git a/modules/sway/waybar.service.nix b/modules/sway/waybar.service.nix index 98b8ed35..0237612f 100644 --- a/modules/sway/waybar.service.nix +++ b/modules/sway/waybar.service.nix @@ -4,8 +4,9 @@ Description = "Highly customizable Wayland bar for Sway and Wlroots based compositors."; Documentation = "https://github.com/Alexays/Waybar/wiki/"; BindsTo = [ "sway-session.target" ]; - After = [ "graphical-session-pre.target" "network-online.target" ]; + After = [ "sway-session.target" "network-online.target" ]; Wants = [ "graphical-session-pre.target" "network-online.target" "blueman-applet.service" ]; + ConditionEnvironment = [ "WAYLAND_DISPLAY" ]; }; Service = { diff --git a/pkgs/sway-service.nix b/pkgs/sway-service.nix index f0b97ee7..15781a1a 100644 --- a/pkgs/sway-service.nix +++ b/pkgs/sway-service.nix @@ -1,6 +1,6 @@ self: with self; '' # first import environment variables from the login manager - systemctl --user import-environment + systemctl --user import-environment $IMPORT_ENVIRONMENT_ENV_LIST DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP PATH; # then start the service exec systemctl --wait --user start sway.service '' diff --git a/profiles/base-user/session-variables.nix b/profiles/base-user/session-variables.nix index 5bbfa8ee..e922781b 100644 --- a/profiles/base-user/session-variables.nix +++ b/profiles/base-user/session-variables.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: let psCfg = config.pub-solar; wlroots = psCfg.graphical.wayland; @@ -77,10 +77,22 @@ let # TELEMETRY BS VUEDX_TELEMETRY = "off"; }; + + envListNames = lib.attrsets.mapAttrsToList (name: value: name) variables; + + # Here we merge an extra variable into the attrset called FULL_ENV_LIST. + # It's a list of the variable names defined above. + # We can use this to tell `systemctl import-environment` to import the full list above. + variablesWithMeta = lib.attrsets.zipAttrsWith (name: values: builtins.head values) [ + variables + { IMPORT_ENVIRONMENT_ENV_LIST = lib.lists.foldl (a: b: a + " " + b) "IMPORT_ENVIRONMENT_ENV_LIST" envListNames; } + ]; in { home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { - home.sessionVariables = variables; - systemd.user.sessionVariables = variables; + home.sessionVariables = variablesWithMeta; + systemd.user.sessionVariables = variablesWithMeta; }; + + environment.variables = variablesWithMeta; } -- 2.44.2 From dbee2f03e7fb444dde5e7bcbabcf6fbeb5c45cfc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Thu, 25 Aug 2022 15:17:17 +0200 Subject: [PATCH 285/320] Import the full environment again --- pkgs/sway-service.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/sway-service.nix b/pkgs/sway-service.nix index 15781a1a..2ab84c62 100644 --- a/pkgs/sway-service.nix +++ b/pkgs/sway-service.nix @@ -1,6 +1,6 @@ self: with self; '' # first import environment variables from the login manager - systemctl --user import-environment $IMPORT_ENVIRONMENT_ENV_LIST DISPLAY WAYLAND_DISPLAY SWAYSOCK XDG_CURRENT_DESKTOP PATH; + systemctl --user import-environment; # then start the service exec systemctl --wait --user start sway.service '' -- 2.44.2 From 8fc8ac2d586735b6a697c950b6536746ac1e73e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Thu, 25 Aug 2022 15:25:34 +0200 Subject: [PATCH 286/320] Fix service startup for ci-runner --- modules/ci-runner/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/ci-runner/default.nix b/modules/ci-runner/default.nix index 0e78e55e..1460ab16 100644 --- a/modules/ci-runner/default.nix +++ b/modules/ci-runner/default.nix @@ -23,10 +23,11 @@ in path = [ pkgs.git pkgs.nix + pkgs.libvirt ]; wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; + after = [ "network.target" "libvirtd.service" ]; script = ''${pkgs.drone-runner-exec}/bin/drone-runner-exec daemon /run/agenix/drone-runner-exec-config''; }; -- 2.44.2 From 8be1bd53d3c471b641d3e8ef24811f5305760860 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 4 Jun 2022 23:45:06 +0200 Subject: [PATCH 287/320] wip: first PubSolarOS iso test using the NixOS test suite: https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests --- .drone.yml | 21 ++++++++++- flake.nix | 6 ++- tests/first-test.nix | 87 +++++++++++++++++++++++++++++++++++++++++++ tests/second-test.nix | 14 +++++++ 4 files changed, 126 insertions(+), 2 deletions(-) create mode 100644 tests/first-test.nix create mode 100644 tests/second-test.nix diff --git a/.drone.yml b/.drone.yml index f54bd8f9..57a0aa1c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -103,10 +103,29 @@ steps: NIX_FLAGS: "--print-build-logs --verbose" commands: - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' - - nix $$NIX_FLAGS flake check - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix $$NIX_FLAGS develop --command echo OK +--- +kind: pipeline +type: exec +name: Tests + +steps: + - name: "Tests" + when: + event: + - pull_request + - tag + environment: + NIX_FLAGS: "--print-build-logs --verbose" + commands: + - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' + - nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest" + #- nix $$NIX_FLAGS flake check + #- nix $$NIX_FLAGS develop --command echo OK + #- nix $$NIX_FLAGS develop --command bud --help + --- kind: pipeline type: docker diff --git a/flake.nix b/flake.nix index bf050b2e..b4335a8d 100644 --- a/flake.nix +++ b/flake.nix @@ -102,7 +102,11 @@ imports = [ (digga.lib.importHosts ./hosts) ]; hosts = { /* set host specific properties here */ - PubSolarOS = { }; + PubSolarOS = { + tests = [ + (import ./tests/first-test.nix { pkgs = nixos.legacyPackages.x86_64-linux; lib = nixos.lib; }) + ]; + }; }; importables = rec { profiles = digga.lib.rakeLeaves ./profiles // { diff --git a/tests/first-test.nix b/tests/first-test.nix new file mode 100644 index 00000000..251779a1 --- /dev/null +++ b/tests/first-test.nix @@ -0,0 +1,87 @@ +{ pkgs, lib, ... }: +{ + name = "firstTest"; + + nodes.test-machine = { suites ? null, ... }: { + imports = suites.iso; + + home-manager.users.pub-solar.programs.zsh.shellAliases = { + test-x11 = "glinfo | tee /tmp/test-x11.out && touch /tmp/test-x11-exit-ok"; + test-wayland = "wayland-info | tee /tmp/test-wayland.out && touch /tmp/test-wayland-exit-ok"; + }; + + # source: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/tests/sway.nix + environment = { + # For glinfo and wayland-info: + systemPackages = with pkgs; [ mesa-demos wayland-utils alacritty ]; + # Use a fixed SWAYSOCK path (for swaymsg): + variables = { + "SWAYSOCK" = "/tmp/sway-ipc.sock"; + # TODO: Investigate if we can get hardware acceleration to work (via + # virtio-gpu and Virgil). We currently have to use the Pixman software + # renderer since the GLES2 renderer doesn't work inside the VM (even + # with WLR_RENDERER_ALLOW_SOFTWARE): + # "WLR_RENDERER_ALLOW_SOFTWARE" = "1"; + "WLR_RENDERER" = "pixman"; + }; + + # To help with OCR: + etc."xdg/foot/foot.ini".text = lib.generators.toINI { } { + main = { + font = "inconsolata:size=14"; + }; + colors = rec { + foreground = "000000"; + background = "ffffff"; + regular2 = foreground; + }; + }; + }; + + fonts.fonts = [ pkgs.inconsolata ]; + + # Need to switch to a different GPU driver than the default one (-vga std) so that Sway can launch: + virtualisation.qemu.options = [ "-vga none -device virtio-gpu-pci" ]; + virtualisation.cores = 4; + virtualisation.memorySize = 2048; + }; + + enableOCR = true; + + testScript = '' + import shlex + def swaymsg(command: str, succeed=True): + with machine.nested(f"sending swaymsg {command!r}" + " (allowed to fail)" * (not succeed)): + (machine.succeed if succeed else machine.execute)( + f"su - pub-solar -c {shlex.quote('swaymsg -- ' + command)}" + ) + + + machine.wait_for_unit("multi-user.target") + + # To check the version: + print(machine.succeed("sway --version")) + + # Wait for Sway to complete startup: + machine.wait_for_file("/run/user/1000/wayland-1") + machine.wait_for_file("/tmp/sway-ipc.sock") + + # Start a terminal (foot) on workspace 3: + machine.wait_for_text("1") + machine.send_key("meta_l-3") + machine.sleep(3) + machine.send_key("meta_l-ret") + machine.sleep(10) + machine.send_chars("whoami\n") + machine.sleep(3) + machine.wait_for_text("pub-solar") + machine.send_chars("test-wayland\n") + machine.wait_for_file("/tmp/test-wayland-exit-ok") + print(machine.succeed("cat /tmp/test-wayland.out")) + machine.copy_from_vm("/tmp/test-wayland.out") + machine.sleep(3) + machine.screenshot("foot_wayland_info") + machine.send_key("meta_l-shift-q") + machine.wait_until_fails("pgrep foot") + ''; +} diff --git a/tests/second-test.nix b/tests/second-test.nix new file mode 100644 index 00000000..d6409820 --- /dev/null +++ b/tests/second-test.nix @@ -0,0 +1,14 @@ +{ }: +{ + name = "secondTest"; + + nodes.test-machine2 = { suites ? null, ... }: { + imports = [ + suites.iso + ]; + }; + + testScript = '' + machines[0].systemctl("is-system-running --wait") + ''; +} -- 2.44.2 From 472560e1c1507a664e3b8ef479f28228712464ef Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 14 Aug 2022 20:51:56 +0200 Subject: [PATCH 288/320] Restructure CI: build ISO on each push to main branch tags with v* and t* names trigger a test VM pull requests trigger a basic check building host PubSolarOS --- .drone.yml | 119 ++++++++--------------------------------------------- 1 file changed, 17 insertions(+), 102 deletions(-) diff --git a/.drone.yml b/.drone.yml index 57a0aa1c..986eee5c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,92 +1,3 @@ ---- -kind: pipeline -type: docker -name: Upstreaming - -steps: - - name: "Sync 'devos' branch with upstream" - image: alpine/git - when: - event: - - cron - cron: - - sync-main-with-upstream - environment: - GITEA_SSH_KEY: - from_secret: gitea_ssh_key - commands: - - ./.drone/setup_ssh.sh - - git remote add devos git@git.b12f.io:pub-solar/devos - - git remote set-url origin git@git.b12f.io:pub-solar/os - - git fetch --all - - git checkout -b devos --track origin/devos - - git merge -X theirs devos/main - - git push origin devos - - git remote set-url origin https://git.b12f.io/pub-solar/os.git - - - name: "Sync $BRANCH with upstream" - image: alpine/git - when: - event: - - cron - cron: - - sync-main-with-upstream - - sync-b12f-with-main - - sync-teutat3s-with-main - environment: - GITEA_SSH_KEY: - from_secret: gitea_ssh_key - commands: - - git fetch origin - - git checkout origin/main - - ./.drone/setup_ssh.sh - - git remote set-url origin git@git.b12f.io:pub-solar/os - - git fetch --all - - ./.drone/upstream-branch.sh - - - name: "Open pull request for failed merge" - image: nixery.dev/shell/tea - when: - status: - - failure - event: - - cron - cron: - - sync-main-with-upstream - - sync-b12f-with-main - - sync-teutat3s-with-main - environment: - TEA_CONFIG: - from_secret: tea_config - commands: - - mkdir -p ~/.config/tea - - echo "$$TEA_CONFIG" > ~/.config/tea/config.yml - - tea pulls create --base main --head devos - - - name: "Notify matrix" - image: plugins/matrix - when: - status: - - failure - event: - - cron - cron: - - sync-main-with-upstream - - sync-b12f-with-main - - sync-teutat3s-with-main - settings: - homeserver: https://matrix.pub.solar - roomid: dfQBqwkhIzrFjMSsxy:pub.solar - username: - from_secret: matrix_username - password: - from_secret: matrix_password - template: "Upstreaming {{ build.status }} [{{ build.branch }}#{{ truncate build.commit 8 }}]({{ build.link }}) by {{ build.author }}. [Pull requests](https://git.b12f.io/pub-solar/os/pulls)" - -trigger: - event: - - cron - --- kind: pipeline type: docker @@ -98,11 +9,11 @@ steps: when: event: - pull_request - - tag environment: NIX_FLAGS: "--print-build-logs --verbose" commands: - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' + - nix $$NIX_FLAGS flake show - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix $$NIX_FLAGS develop --command echo OK @@ -113,18 +24,19 @@ name: Tests steps: - name: "Tests" - when: - event: - - pull_request - - tag environment: NIX_FLAGS: "--print-build-logs --verbose" commands: - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' - nix $$NIX_FLAGS build ".#checks.x86_64-linux.customTestFor-PubSolarOS-firstTest" - #- nix $$NIX_FLAGS flake check - #- nix $$NIX_FLAGS develop --command echo OK - #- nix $$NIX_FLAGS develop --command bud --help + - nix-store --read-log result + - nix $$NIX_FLAGS flake check + - nix $$NIX_FLAGS develop --command echo OK + +trigger: + ref: + - refs/tags/v* + - refs/tags/t* --- kind: pipeline @@ -134,14 +46,15 @@ name: Publish ISO steps: - name: "Build ISO" image: docker.nix-community.org/nixpkgs/nix-flakes:latest + environment: + NIX_FLAGS: "--print-build-logs --verbose" volumes: - name: file-exchange path: /var/nix/iso-cache commands: - | - nix --print-build-logs --verbose \ - build \ - '.#nixosConfigurations.bootstrap.config.system.build.bootstrapIso' + nix $$NIX_FLAGS build \ + '.#nixosConfigurations.bootstrap.config.system.build.bootstrapIso' - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -167,8 +80,10 @@ depends_on: - Check trigger: + branch: + - main event: - - tag + - push volumes: - name: file-exchange @@ -176,6 +91,6 @@ volumes: --- kind: signature -hmac: da951ba8ede88996728acfb47846e01880eb0e3b91f66e47848d6c1cc727c5d9 +hmac: f78042286446a0649b61bdd28240caf7650cf995804acb714b92d145fa028bdf ... -- 2.44.2 From 553e23baf9e25a77323b1c06f5e75e37713a4fc0 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 14 Aug 2022 21:40:29 +0200 Subject: [PATCH 289/320] ci: add upload artifacts step --- .drone.yml | 29 ++++++++++++++++++++++++++--- 1 file changed, 26 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index 986eee5c..84ef47c9 100644 --- a/.drone.yml +++ b/.drone.yml @@ -13,9 +13,8 @@ steps: NIX_FLAGS: "--print-build-logs --verbose" commands: - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' - - nix $$NIX_FLAGS flake show + - nix $$NIX_FLAGS develop --command nix flake show - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - - nix $$NIX_FLAGS develop --command echo OK --- kind: pipeline @@ -33,6 +32,25 @@ steps: - nix $$NIX_FLAGS flake check - nix $$NIX_FLAGS develop --command echo OK + - name: "Upload artifacts" + environment: + TRITON_DONT_SOURCE_PROFILE: 1 + PRIVATE_SSH_KEY: + from_secret: private_ssh_key + MANTA_USER: pub_solar + MANTA_URL: https://eu-central.manta.greenbaum.cloud + MANTA_KEY_ID: "02:ae:79:2b:8f:7f:51:ba:c6:3c:ea:6f:f7:bb:d1:6a" + commands: + - export TARGET_DIR="$${DRONE_REPO}/$${DRONE_BUILD_NUMBER}" + - echo env var TARGET_DIR is set to $$TARGET_DIR + - "mkdir ~/.ssh && chmod 700 ~/.ssh" + - echo "$$PRIVATE_SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519 + - nix flake new --template "git+https://git.greenbaum.cloud/dev/tritonshell?ref=main" ./tritonshell + - git add tritonshell + - cd tritonshell + - nix develop --command mput -p -f ../result/foot_wayland_info.png ~~/public/$${TARGET_DIR} + - nix develop --command mput -p -f ../result/test-wayland.out ~~/public/$${TARGET_DIR} + trigger: ref: - refs/tags/v* @@ -89,8 +107,13 @@ volumes: - name: file-exchange temp: {} +--- +kind: secret +name: private_ssh_key +data: cSWd6rIg8Z51hD+KMenYPX669qb6PWdh9V80Z1YpED68Ffoy73tWEoBjEs2pKUJpcL8qGxMjj5Ot2TAK6iUs5Qnv+ZKmjvvttgVCfKdHE6ULT+aOPdl3PvvKV6VY5iapE7aXmPF5NWuMe4G6OJiA/IP5U4P4hspAUV4/MlAjiLYDNtfJSXpA/5Hv5PvjuTM2RartUdXLdFe5qXfMFlmFKeU6J9jxf0BFY9lwhniOsxTGo6YQmf0fEqRd6i2AeKN58Oevir3H5rKQvDhCAUmPxT8rEHYoG7sgkt4ow+0gWyLuoimetZHHT/0IKbSWpQV9rfgxMa7L9TvN9pe573dKjFcGpJpbUsaL8O7R/Av6APzcNBWwNArMcD7/nSuj/33bppCJfC3IA5KLrRqi2Tt5nVw7Wm5eYX4iloftCBFsuI2Zj3B9eW4wrKy4k/CvP7klinaoyfGrt48Z3K3JCOUnwaZH/4xTE8+V0UeYEfDjU10etVa27I//sxK/yBRNrX3pRXnwQS997/zW8KHhzh7C4BUNkKj9k2qjxFPRKJp3knbfHlEsirfFcPXoDSRlBHpvDqKzNkxtAA== + --- kind: signature -hmac: f78042286446a0649b61bdd28240caf7650cf995804acb714b92d145fa028bdf +hmac: 82e3f3690bafae2ff1962ebc24504275dba0dbca707e14b2a389b31a9f7b57c0 ... -- 2.44.2 From 8feaa494cbafcbd426873fa43b1089cb0354b5ae Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 24 Aug 2022 22:36:53 +0200 Subject: [PATCH 290/320] ci: add matrix notify step, fix ssh key id --- .drone.yml | 34 +++++++++++++++++++++++++++------- 1 file changed, 27 insertions(+), 7 deletions(-) diff --git a/.drone.yml b/.drone.yml index 84ef47c9..0f6e6f7a 100644 --- a/.drone.yml +++ b/.drone.yml @@ -39,7 +39,7 @@ steps: from_secret: private_ssh_key MANTA_USER: pub_solar MANTA_URL: https://eu-central.manta.greenbaum.cloud - MANTA_KEY_ID: "02:ae:79:2b:8f:7f:51:ba:c6:3c:ea:6f:f7:bb:d1:6a" + MANTA_KEY_ID: "5d:5f:3d:22:8d:37:1f:e6:d6:ab:06:18:d9:a2:04:67" commands: - export TARGET_DIR="$${DRONE_REPO}/$${DRONE_BUILD_NUMBER}" - echo env var TARGET_DIR is set to $$TARGET_DIR @@ -56,6 +56,31 @@ trigger: - refs/tags/v* - refs/tags/t* +--- +kind: pipeline +type: docker +name: Notification + +steps: + - name: "Notify matrix" + image: plugins/matrix + settings: + homeserver: https://matrix.pub.solar + roomid: dfQBqwkhIzrFjMSsxy:pub.solar + username: + from_secret: matrix_username + password: + from_secret: matrix_password + template: "Test run status: {{ build.status }}, artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}" + +depends_on: + - Tests + +trigger: + ref: + - refs/tags/v* + - refs/tags/t* + --- kind: pipeline type: docker @@ -107,13 +132,8 @@ volumes: - name: file-exchange temp: {} ---- -kind: secret -name: private_ssh_key -data: cSWd6rIg8Z51hD+KMenYPX669qb6PWdh9V80Z1YpED68Ffoy73tWEoBjEs2pKUJpcL8qGxMjj5Ot2TAK6iUs5Qnv+ZKmjvvttgVCfKdHE6ULT+aOPdl3PvvKV6VY5iapE7aXmPF5NWuMe4G6OJiA/IP5U4P4hspAUV4/MlAjiLYDNtfJSXpA/5Hv5PvjuTM2RartUdXLdFe5qXfMFlmFKeU6J9jxf0BFY9lwhniOsxTGo6YQmf0fEqRd6i2AeKN58Oevir3H5rKQvDhCAUmPxT8rEHYoG7sgkt4ow+0gWyLuoimetZHHT/0IKbSWpQV9rfgxMa7L9TvN9pe573dKjFcGpJpbUsaL8O7R/Av6APzcNBWwNArMcD7/nSuj/33bppCJfC3IA5KLrRqi2Tt5nVw7Wm5eYX4iloftCBFsuI2Zj3B9eW4wrKy4k/CvP7klinaoyfGrt48Z3K3JCOUnwaZH/4xTE8+V0UeYEfDjU10etVa27I//sxK/yBRNrX3pRXnwQS997/zW8KHhzh7C4BUNkKj9k2qjxFPRKJp3knbfHlEsirfFcPXoDSRlBHpvDqKzNkxtAA== - --- kind: signature -hmac: 82e3f3690bafae2ff1962ebc24504275dba0dbca707e14b2a389b31a9f7b57c0 +hmac: b38ea67f7458383c2f7650d86a619efd065b59888d738d4471c83b0a0ad12e3d ... -- 2.44.2 From c2e5d8df3c6f01c58ec07f2bf7ce74c16f2f62f5 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 25 Aug 2022 15:42:33 +0200 Subject: [PATCH 291/320] ci: better matrix notify template message, prefix manta path with ci/ and set target filename for mput --- .drone.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.drone.yml b/.drone.yml index 0f6e6f7a..0bebe210 100644 --- a/.drone.yml +++ b/.drone.yml @@ -41,15 +41,15 @@ steps: MANTA_URL: https://eu-central.manta.greenbaum.cloud MANTA_KEY_ID: "5d:5f:3d:22:8d:37:1f:e6:d6:ab:06:18:d9:a2:04:67" commands: - - export TARGET_DIR="$${DRONE_REPO}/$${DRONE_BUILD_NUMBER}" + - export TARGET_DIR="ci/$${DRONE_REPO}/$${DRONE_BUILD_NUMBER}" - echo env var TARGET_DIR is set to $$TARGET_DIR - "mkdir ~/.ssh && chmod 700 ~/.ssh" - echo "$$PRIVATE_SSH_KEY" > ~/.ssh/id_ed25519 && chmod 600 ~/.ssh/id_ed25519 - nix flake new --template "git+https://git.greenbaum.cloud/dev/tritonshell?ref=main" ./tritonshell - git add tritonshell - cd tritonshell - - nix develop --command mput -p -f ../result/foot_wayland_info.png ~~/public/$${TARGET_DIR} - - nix develop --command mput -p -f ../result/test-wayland.out ~~/public/$${TARGET_DIR} + - nix develop --command mput -p -f ../result/foot_wayland_info.png ~~/public/$${TARGET_DIR}/foot_wayland_info.png + - nix develop --command mput -p -f ../result/test-wayland.out ~~/public/$${TARGET_DIR}/test-wayland.out trigger: ref: @@ -71,7 +71,7 @@ steps: from_secret: matrix_username password: from_secret: matrix_password - template: "Test run status: {{ build.status }}, artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}" + template: "Test run triggered by tag: {{ build.tag }}. Test run exit status: {{ build.status }}. Artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/ci/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}/foot_wayland_info.png" depends_on: - Tests @@ -134,6 +134,6 @@ volumes: --- kind: signature -hmac: b38ea67f7458383c2f7650d86a619efd065b59888d738d4471c83b0a0ad12e3d +hmac: c6845bbec339e7ccfdb34889bfd56d25dc2c423eac255eb30f19b8d9e7bf9f1f ... -- 2.44.2 From 61220214356b9d719b0cbddc6e878586c3775e1c Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 27 Aug 2022 13:48:32 +0200 Subject: [PATCH 292/320] Bump flake.lock --- flake.lock | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/flake.lock b/flake.lock index 857bb989..29228dcd 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ ] }, "locked": { - "lastModified": 1657835815, - "narHash": "sha256-CnZszAYpNKydh6N7+xg+eRtWNVoAAGqc6bg+Lpgq1xc=", + "lastModified": 1661329936, + "narHash": "sha256-dafFjAcJPo0SdegK3E+SnTI8CNMgV/bBm/6CeDf82f8=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "54a24f042f93c79f5679f133faddedec61955cf2", + "rev": "ef0e7f41cdf8fae1d2390c4df246c90a364ed8d9", "type": "github" }, "original": { @@ -307,11 +307,11 @@ }, "latest_2": { "locked": { - "lastModified": 1660305968, - "narHash": "sha256-r0X1pZCSEA6mzt5OuTA7nHuLmvnbkwgpFAh1iLIx4GU=", + "lastModified": 1661361016, + "narHash": "sha256-Bjf6ZDnDc6glTwIIItvwfcaeJ5zWFM6GYfPajSArdUY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "c4a0efdd5a728e20791b8d8d2f26f90ac228ee8d", + "rev": "b784c5ae63dd288375af1b4d37b8a27dd8061887", "type": "github" }, "original": { @@ -358,11 +358,11 @@ }, "nixos": { "locked": { - "lastModified": 1660318005, - "narHash": "sha256-g9WCa9lVUmOV6dYRbEPjv/TLOR5hamjeCcKExVGS3OQ=", + "lastModified": 1661427965, + "narHash": "sha256-LJeSDbiebN0/eRt9vyOm+Bxljdsq5ZdalmmTk9Xpp30=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5c211b47aeadcc178c5320afd4e74c7eed5c389f", + "rev": "058de3818577db19d1965c21e2479916a3eaaf95", "type": "github" }, "original": { @@ -378,11 +378,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1657748715, - "narHash": "sha256-WecDwDY/hEcDQYzFnccCNa+5Umht0lfjx/d1qGDy/rQ=", + "lastModified": 1660727616, + "narHash": "sha256-zYTIvdPMYMx/EYqXODAwIIU30RiEHqNHdgarIHuEYZc=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "3323b944d99b026aebfd8de439e001409dde067d", + "rev": "adccd191a0e83039d537e021f19495b7bad546a1", "type": "github" }, "original": { -- 2.44.2 From 242de215d6801d6858fe935d2ef1170651909d49 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 27 Aug 2022 13:49:55 +0200 Subject: [PATCH 293/320] Switch to our digga fork, include upstream PR divnix/digga#455 to fix bootstrap iso builds --- flake.lock | 11 ++++++----- flake.nix | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 29228dcd..794fd6d0 100644 --- a/flake.lock +++ b/flake.lock @@ -143,15 +143,16 @@ "nixpkgs-unstable": "nixpkgs-unstable" }, "locked": { - "lastModified": 1659622306, - "narHash": "sha256-Kpfm2PNs+kZU0W7qcugoPATLG8I2P7FJFGTgsf1LJiU=", - "owner": "divnix", + "lastModified": 1661600857, + "narHash": "sha256-KfQCcTtfvU0PXV4fD9XKIMcKx9lUUR0xWJoBgc12fKE=", + "owner": "pub-solar", "repo": "digga", - "rev": "d1193743a535d7fbbc7f3eda4e51295b10bd4d2c", + "rev": "c902b3ef0aa45cb4f336c390f647bb182c38a221", "type": "github" }, "original": { - "owner": "divnix", + "owner": "pub-solar", + "ref": "fix/bootstrap-iso", "repo": "digga", "type": "github" } diff --git a/flake.nix b/flake.nix index b4335a8d..466d1077 100644 --- a/flake.nix +++ b/flake.nix @@ -11,7 +11,7 @@ nixos.url = "github:nixos/nixpkgs/nixos-22.05"; latest.url = "github:nixos/nixpkgs/nixos-unstable"; - digga.url = "github:divnix/digga"; + digga.url = "github:pub-solar/digga/fix/bootstrap-iso"; digga.inputs.nixpkgs.follows = "nixos"; digga.inputs.nixlib.follows = "nixos"; digga.inputs.home-manager.follows = "home"; -- 2.44.2 From 209eed069c066b1ae504ae7e43adc4f4f90bcceb Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 29 Aug 2022 11:53:55 +0200 Subject: [PATCH 294/320] Add comment how to build isoImage --- hosts/bootstrap.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index ba509911..7772b0f1 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -1,9 +1,6 @@ { profiles, ... }: { - # build with: `nix build '.#nixosConfigurations.bootstrap.config.system.build.bootstrapIso'` - # reachable on the local link via ssh root@fe80::47%eno1 - # where 'eno1' is replaced by your own machine's network - # interface that has the local link to the target machine + # build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"` imports = [ # profiles.networking profiles.users.root # make sure to configure ssh keys -- 2.44.2 From c1b672fe703a46a50dda2bcbca9f021606d41c0f Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 29 Aug 2022 11:55:20 +0200 Subject: [PATCH 295/320] Fix conflicting definition values, force use of our defined value. error: The option 'services.getty.autologinUser' has conflicting definition values: - In '/nix/store/zyh8f18z0m1r9jppvdcdivfvfxg0j3fv-source/nixos/modules/profiles/installation-device.nix': "nixos" - In '/nix/store/w82qigr5jqv9c6jhdrpdwixydk3rmbzw-source/modules/graphical': "pub-solar" --- modules/graphical/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index a506c2ef..ede262b3 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -61,7 +61,7 @@ in }; }; - services.getty.autologinUser = mkIf cfg.autologin.enable "${psCfg.user.name}"; + services.getty.autologinUser = mkIf cfg.autologin.enable (mkForce "${psCfg.user.name}"); qt5 = { enable = true; -- 2.44.2 From 7b5696435a8ec65b4788647c8a3a42f92da58348 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 29 Aug 2022 15:19:07 +0200 Subject: [PATCH 296/320] Fix Build ISO ci step, use '.#nixosConfigurations.bootstrap.config.system.build.isoImage' --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index 0bebe210..a170d5a2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -97,7 +97,7 @@ steps: commands: - | nix $$NIX_FLAGS build \ - '.#nixosConfigurations.bootstrap.config.system.build.bootstrapIso' + '.#nixosConfigurations.bootstrap.config.system.build.isoImage' - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ - name: "Publish ISO" @@ -134,6 +134,6 @@ volumes: --- kind: signature -hmac: c6845bbec339e7ccfdb34889bfd56d25dc2c423eac255eb30f19b8d9e7bf9f1f +hmac: 5d7c0ef5519ffe68189271b18d9084db55c9e14831f95234655f5387f9426db0 ... -- 2.44.2 From 2fa84ab4aae51a50218344e177e9009bb9cbeba1 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 29 Aug 2022 16:47:31 +0200 Subject: [PATCH 297/320] Use more descriptive drone secret names --- .drone.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.drone.yml b/.drone.yml index a170d5a2..7da733c4 100644 --- a/.drone.yml +++ b/.drone.yml @@ -107,13 +107,13 @@ steps: path: /var/nix/iso-cache settings: host: - from_secret: ssh_host + from_secret: iso_web_ssh_host user: - from_secret: ssh_user + from_secret: iso_web_ssh_user port: - from_secret: ssh_port + from_secret: iso_web_ssh_port key: - from_secret: ssh_key + from_secret: iso_web_ssh_key target: /srv/os source: - /var/nix/iso-cache/*.iso @@ -134,6 +134,6 @@ volumes: --- kind: signature -hmac: 5d7c0ef5519ffe68189271b18d9084db55c9e14831f95234655f5387f9426db0 +hmac: 2b930bb5fe02006203b7c2fae8af75814749e8cec5f976ec0d6e64eae1b0c5db ... -- 2.44.2 From b7ba1b7ba9b87c7a60e3f2fe4772d8579b0ed711 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 1 Sep 2022 14:34:57 +0200 Subject: [PATCH 298/320] Fix hosts rebuilding with ISO config after #125 See: https://github.com/divnix/digga/pull/455#issuecomment-1231789444 Upstream fix found in https://github.com/montchr/dotfield/blob/e1b09712fef297ee6173f7010787cd5b2b574a17/nixos/default.nix#L85-L88 --- flake.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 466d1077..41cd4ff2 100644 --- a/flake.nix +++ b/flake.nix @@ -92,7 +92,10 @@ imports = [ (digga.lib.importExportableModules ./modules) ]; modules = [ { lib.our = self.lib; } - digga.nixosModules.bootstrapIso + # FIXME: upstream module causes a huge number of unnecessary + # dependencies to be pulled in for all systems -- many of them are + # graphical. should only be imported as needed. + # digga.nixosModules.bootstrapIso digga.nixosModules.nixConfig home.nixosModules.home-manager agenix.nixosModules.age -- 2.44.2 From d563b1d469a0a8bd2e170f450e8c6e790ee4efb9 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 1 Sep 2022 14:37:14 +0200 Subject: [PATCH 299/320] Fix swaylock-bg, now a bash script - reference jq from pkgs - shellcheck fixes --- pkgs/swaylock-bg.nix | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/pkgs/swaylock-bg.nix b/pkgs/swaylock-bg.nix index b55c32ae..75bcd7de 100644 --- a/pkgs/swaylock-bg.nix +++ b/pkgs/swaylock-bg.nix @@ -3,18 +3,17 @@ self: with self; '' # swaylock # Make sure we aren't running twice - RUNNING=$(ps -A | grep swaylock | wc -l) - if [ $RUNNING -ne 0 ]; then + RUNNING=$(${procps}/bin/pgrep -c ${swaylock}/bin/swaylock) + if [ "$RUNNING" -ne 0 ]; then exit 0 fi - IMAGE=$XDG_CONFIG_HOME/wallpaper.jpg + IMAGE="$XDG_CONFIG_HOME/wallpaper.jpg" LOCKARGS="" - for OUTPUT in `${sway}/bin/swaymsg -t get_outputs | jq -r '.[].name'` + for OUTPUT in $(${sway}/bin/swaymsg -t get_outputs | ${jq}/bin/jq -r '.[].name') do LOCKARGS="''${LOCKARGS} --image ''${OUTPUT}:''${IMAGE}" - IMAGES="''${IMAGES} ''${IMAGE}" done exec ${swaylock}/bin/swaylock $LOCKARGS '' -- 2.44.2 From 1767dcb0763cbfeed673200602b20e11c465da35 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 1 Sep 2022 14:38:10 +0200 Subject: [PATCH 300/320] Fix swayidle service - add missing \ - reference swaylock-bg script from pkgs --- modules/sway/swayidle.service.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index f10675fb..685d0f1d 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -12,11 +12,11 @@ Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin"; ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ after-resume 'swaymsg "output * dpms on"' \ - before-sleep 'swaylock-bg' '' + (if psCfg.paranoia.enable then '' \ + before-sleep '${pkgs.swaylock-bg}/bin/swaylock-bg' '' + (if psCfg.paranoia.enable then '' \ timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \ timeout 150 'systemctl hibernate' '' else '' \ - timeout 600 'swaylock-bg' + timeout 600 '${pkgs.swaylock-bg}/bin/swaylock-bg' \ timeout 900 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' ''); }; -- 2.44.2 From 0fbabc23b921fa8ac8ac5647d1ff6b5a360b70c4 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 1 Sep 2022 15:35:04 +0200 Subject: [PATCH 301/320] bootstap: host needs digga's bootstrapIso module --- flake.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/flake.nix b/flake.nix index 41cd4ff2..4ac60e8a 100644 --- a/flake.nix +++ b/flake.nix @@ -105,6 +105,11 @@ imports = [ (digga.lib.importHosts ./hosts) ]; hosts = { /* set host specific properties here */ + bootstrap = { + modules = [ + digga.nixosModules.bootstrapIso + ]; + }; PubSolarOS = { tests = [ (import ./tests/first-test.nix { pkgs = nixos.legacyPackages.x86_64-linux; lib = nixos.lib; }) -- 2.44.2 From 612e5e35c0cab9ed9f836d1dc861a815d3921bbe Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 1 Oct 2022 23:12:48 +0200 Subject: [PATCH 302/320] Fix swayidle, lock, waybar menu --- modules/sway/config/config.d/mode_system.conf.nix | 15 +++++++++++---- modules/sway/default.nix | 2 +- modules/sway/swayidle.service.nix | 8 ++++---- 3 files changed, 16 insertions(+), 9 deletions(-) diff --git a/modules/sway/config/config.d/mode_system.conf.nix b/modules/sway/config/config.d/mode_system.conf.nix index f34ecc57..f01921c4 100644 --- a/modules/sway/config/config.d/mode_system.conf.nix +++ b/modules/sway/config/config.d/mode_system.conf.nix @@ -1,15 +1,22 @@ -{ psCfg, ... }: '' +{ pkgs, psCfg, ... }: '' # Set shut down, restart and locking features +'' + (if psCfg.core.hibernation.enable && !psCfg.paranoia.enable then '' + set $mode_system (e)xit, (h)ibernate, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown +'' else if psCfg.paranoia.enable then '' set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown +'' else '' + set $mode_system (e)xit, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown +'') ++ '' bindsym $mod+0 mode "$mode_system" mode "$mode_system" { bindsym e exec swaymsg exit, mode "default" '' + (if psCfg.core.hibernation.enable then '' - bindsym h exec systemctl hibernate, mode "default" + bindsym h exec systemctl hibernate, mode "default" '' else "") + (if !psCfg.paranoia.enable then '' - bindsym l exec swaylock-bg, mode "default" - bindsym s exec systemctl suspend, mode "default" + bindsym l exec ${pkgs.swaylock-bg}/bin/swaylock-bg, mode "default" + bindsym s exec systemctl suspend, mode "default" '' else "") + '' bindsym r exec systemctl reboot, mode "default" bindsym Shift+s exec systemctl poweroff, mode "default" diff --git a/modules/sway/default.nix b/modules/sway/default.nix index dd0e6055..c173e9ce 100644 --- a/modules/sway/default.nix +++ b/modules/sway/default.nix @@ -98,7 +98,7 @@ in xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; - xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit psCfg; }; + xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix { inherit pkgs psCfg; }; xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; }; diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix index 685d0f1d..80a04518 100644 --- a/modules/sway/swayidle.service.nix +++ b/modules/sway/swayidle.service.nix @@ -9,14 +9,14 @@ }; Service = { Type = "simple"; - Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin"; - ExecStart = ''${pkgs.swayidle}/bin/swayidle -w \ + Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock-bg}/bin:${pkgs.swayidle}/bin"; + ExecStart = ''swayidle -w \ after-resume 'swaymsg "output * dpms on"' \ - before-sleep '${pkgs.swaylock-bg}/bin/swaylock-bg' '' + (if psCfg.paranoia.enable then '' \ + before-sleep 'swaylock-bg' '' + (if psCfg.paranoia.enable then '' \ timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \ timeout 150 'systemctl hibernate' '' else '' \ - timeout 600 '${pkgs.swaylock-bg}/bin/swaylock-bg' \ + timeout 600 'swaylock-bg' \ timeout 900 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' ''); }; -- 2.44.2 From 1181cd6feafb4b7a3778fc8dc2a7434bfe2b4b54 Mon Sep 17 00:00:00 2001 From: hensoko Date: Sun, 2 Oct 2022 01:17:34 +0000 Subject: [PATCH 303/320] Improve core module (#132) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Reviewed-on: https://git.b12f.io/pub-solar/os/pulls/132 Reviewed-by: Benjamin Bädorf --- modules/core/boot.nix | 2 +- modules/core/default.nix | 8 +++--- modules/core/networking.nix | 49 ++++++++++++++++++++++++------------- 3 files changed, 37 insertions(+), 22 deletions(-) diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 10f67dc4..cb16865d 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -19,7 +19,7 @@ in config = { boot = { # Enable plymouth for better experience of booting - plymouth.enable = true; + plymouth.enable = mkIf (!cfg.lite) (lib.mkDefault true); # Mount / luks device in initrd # Allow fstrim to work on it. diff --git a/modules/core/default.nix b/modules/core/default.nix index 80ca4926..9a3ea0fe 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -29,12 +29,12 @@ in config = { pub-solar = { - audio.enable = lib.mkIf (!cfg.lite) true; - crypto.enable = lib.mkIf (!cfg.lite) true; - devops.enable = lib.mkIf (!cfg.lite) true; + audio.enable = lib.mkIf (!cfg.lite) (lib.mkDefault true); + crypto.enable = lib.mkIf (!cfg.lite) (lib.mkDefault true); + devops.enable = lib.mkIf (!cfg.lite) (lib.mkDefault true); terminal-life = { - enable = true; + enable = lib.mkDefault true; lite = cfg.lite; }; }; diff --git a/modules/core/networking.nix b/modules/core/networking.nix index 5774f7eb..edfef42d 100644 --- a/modules/core/networking.nix +++ b/modules/core/networking.nix @@ -6,6 +6,15 @@ let cfg = config.pub-solar.core; in { options.pub-solar.core = { + enableCaddy = mkOption { + type = types.bool; + default = !cfg.lite; + }; + enableHelp = mkOption { + type = types.bool; + default = !cfg.lite; + }; + binaryCaches = mkOption { type = types.listOf types.str; default = [ ]; @@ -16,11 +25,6 @@ in default = [ ]; description = "Public keys of binary caches."; }; - iwdConfig = mkOption { - type = with types; nullOr (attrsOf (attrsOf (oneOf [ bool int str ]))); - default = null; - description = "Configuratoin of iNet Wireless Daemon."; - }; }; config = { # disable NetworkManager-wait-online by default @@ -38,27 +42,38 @@ in # These entries get added to /etc/hosts networking.hosts = { - "127.0.0.1" = [ "cups.local" "help.local" "caddy.local" ]; + "127.0.0.1" = [ ] + ++ lib.optionals cfg.enableCaddy [ "caddy.local" ] + ++ lib.optionals config.pub-solar.printing.enable [ "cups.local" ] + ++ lib.optionals cfg.enableHelp [ "help.local" ]; }; # Caddy reverse proxy for local services like cups services.caddy = { - enable = true; + enable = cfg.enableCaddy; globalConfig = '' default_bind 127.0.0.1 auto_https off ''; - extraConfig = '' - cups.local:80 { - request_header Host localhost:631 - reverse_proxy unix//run/cups/cups.sock - } + extraConfig = concatStringsSep "\n" [ + (lib.optionalString + config.pub-solar.printing.enable + '' + cups.local:80 { + request_header Host localhost:631 + reverse_proxy unix//run/cups/cups.sock + } + '') - help.local:80 { - root * ${pkgs.psos-docs}/lib/html - file_server - } - ''; + (lib.optionalString + cfg.enableHelp + '' + help.local:80 { + root * ${pkgs.psos-docs}/lib/html + file_server + } + '') + ]; }; }; } -- 2.44.2 From e80195849422055e52d3e447cb92428cc88fca19 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 2 Oct 2022 04:10:50 +0200 Subject: [PATCH 304/320] Update inputs in flake.lock --- flake.lock | 54 +++++++++++++++++++++++++++--------------------------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/flake.lock b/flake.lock index 794fd6d0..4e02f07a 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1652712410, - "narHash": "sha256-hMJ2TqLt0DleEnQFGUHK9sV2aAzJPU8pZeiZoqRozbE=", + "lastModified": 1664140963, + "narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=", "owner": "ryantm", "repo": "agenix", - "rev": "7e5e58b98c3dcbf497543ff6f22591552ebfe65b", + "rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0", "type": "github" }, "original": { @@ -42,11 +42,11 @@ ] }, "locked": { - "lastModified": 1661329936, - "narHash": "sha256-dafFjAcJPo0SdegK3E+SnTI8CNMgV/bBm/6CeDf82f8=", + "lastModified": 1664210064, + "narHash": "sha256-df6nKVZe/yAhmJ9csirTPahc0dldwm3HBhCVNA6qWr0=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "ef0e7f41cdf8fae1d2390c4df246c90a364ed8d9", + "rev": "02d2551c927b7d65ded1b3c7cd13da5cc7ae3fcf", "type": "github" }, "original": { @@ -192,11 +192,11 @@ "flake-compat_3": { "flake": false, "locked": { - "lastModified": 1648199409, - "narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=", + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", "owner": "edolstra", "repo": "flake-compat", - "rev": "64a525ee38886ab9028e6f61790de0832aa3ef03", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", "type": "github" }, "original": { @@ -256,11 +256,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1649676176, - "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -308,11 +308,11 @@ }, "latest_2": { "locked": { - "lastModified": 1661361016, - "narHash": "sha256-Bjf6ZDnDc6glTwIIItvwfcaeJ5zWFM6GYfPajSArdUY=", + "lastModified": 1664538465, + "narHash": "sha256-EnlC7dDKX7X1wlnXkB1gmn9rBZQ0J9+biVTZHw//8us=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b784c5ae63dd288375af1b4d37b8a27dd8061887", + "rev": "10ecda252ce1b3b1d6403caeadbcc8f30d5ab796", "type": "github" }, "original": { @@ -329,11 +329,11 @@ ] }, "locked": { - "lastModified": 1659610603, - "narHash": "sha256-LYgASYSPYo7O71WfeUOaEUzYfzuXm8c8eavJcel+pfI=", + "lastModified": 1662220400, + "narHash": "sha256-9o2OGQqu4xyLZP9K6kNe1pTHnyPz0Wr3raGYnr9AIgY=", "owner": "nmattia", "repo": "naersk", - "rev": "c6a45e4277fa58abd524681466d3450f896dc094", + "rev": "6944160c19cb591eb85bbf9b2f2768a935623ed3", "type": "github" }, "original": { @@ -359,11 +359,11 @@ }, "nixos": { "locked": { - "lastModified": 1661427965, - "narHash": "sha256-LJeSDbiebN0/eRt9vyOm+Bxljdsq5ZdalmmTk9Xpp30=", + "lastModified": 1664594436, + "narHash": "sha256-YHowMADGzdi7fKnGlg47qe0PIljq+11VqLarmXDuKxQ=", "owner": "nixos", "repo": "nixpkgs", - "rev": "058de3818577db19d1965c21e2479916a3eaaf95", + "rev": "9cac45850280978a21a3eb67b15a18f34cbffa2d", "type": "github" }, "original": { @@ -394,11 +394,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1660407119, - "narHash": "sha256-04lWO0pDbhAXFdL4v2VzzwgxrZ5IefKn+TmZPiPeKxg=", + "lastModified": 1664628729, + "narHash": "sha256-A1J0ZPhBfZZiWI6ipjKJ8+RpMllzOMu/An/8Tk3t4oo=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "12620020f76b1b5d2b0e6fbbda831ed4f5fe56e1", + "rev": "3024c67a2e9a35450558426c42e7419ab37efd95", "type": "github" }, "original": { @@ -460,11 +460,11 @@ ] }, "locked": { - "lastModified": 1654975372, - "narHash": "sha256-wkNZ16akgKViuZzE/IM+bux4uaJ04KIwUeexH8gBjgw=", + "lastModified": 1664550666, + "narHash": "sha256-eXfMRd9uItEp3PsYI31FSVGPG9dVC6yF++65ZrGwW8A=", "owner": "berberman", "repo": "nvfetcher", - "rev": "d4b237c10f14f72f8266b0f658faad822e491e55", + "rev": "9763ad40d59a044e90726653d9253efaeeb053b2", "type": "github" }, "original": { -- 2.44.2 From 986680cc26e75217b9365935f379581b84b26007 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 2 Oct 2022 23:59:08 +0200 Subject: [PATCH 305/320] bootstrap iso: add PubSolarOS naming, drone pipeline adjustments to include a symlink to the latest iso built --- .drone.yml | 13 +++++++++-- hosts/bootstrap.nix | 48 +++++++++++++++++++++++++++++++--------- modules/core/default.nix | 9 ++++---- 3 files changed, 52 insertions(+), 18 deletions(-) diff --git a/.drone.yml b/.drone.yml index 7da733c4..b9718b8c 100644 --- a/.drone.yml +++ b/.drone.yml @@ -98,7 +98,14 @@ steps: - | nix $$NIX_FLAGS build \ '.#nixosConfigurations.bootstrap.config.system.build.isoImage' - - cp $(readlink -f result)/iso/*.iso /var/nix/iso-cache/ + - cp $(readlink -f result)/iso/PubSolarOS*.iso /var/nix/iso-cache/ + - nix shell nixpkgs#findutils + - cd /var/nix/iso-cache/ + - export ISO_NAME=$(find . -name '*.iso' -printf "%f\n") + - sha256sum $ISO_NAME > $ISO_NAME.sha256 + - ln -s $ISO_NAME PubSolarOS-latest.iso + - cp $ISO_NAME.sha256 PubSolarOS-latest.iso.sha256 + - nix run nixpkgs#gnused -- --in-place "s/$ISO_NAME/PubSolarOS-latest.iso/" PubSolarOS-latest.iso.sha256 - name: "Publish ISO" image: appleboy/drone-scp @@ -117,6 +124,8 @@ steps: target: /srv/os source: - /var/nix/iso-cache/*.iso + - /var/nix/iso-cache/*.iso.sha256 + overwrite: true strip_components: 3 depends_on: @@ -134,6 +143,6 @@ volumes: --- kind: signature -hmac: 2b930bb5fe02006203b7c2fae8af75814749e8cec5f976ec0d6e64eae1b0c5db +hmac: 7b0b56a97294cd563eee2bde56abeea6dd0928e01729980a25f8c165a3f6e0f6 ... diff --git a/hosts/bootstrap.nix b/hosts/bootstrap.nix index 7772b0f1..49422675 100644 --- a/hosts/bootstrap.nix +++ b/hosts/bootstrap.nix @@ -1,4 +1,18 @@ -{ profiles, ... }: +{ config, lib, pkgs, profiles, ... }: +with lib; +let + # Gets hostname of host to be bundled inside iso + # Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11 + getFqdn = config: + let + net = config.networking; + fqdn = + if (net ? domain) && (net.domain != null) + then "${net.hostName}.${net.domain}" + else net.hostName; + in + fqdn; +in { # build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"` imports = [ @@ -10,16 +24,28 @@ profiles.pub-solar-iso ]; - boot.loader.systemd-boot.enable = true; + config = { + boot.loader.systemd-boot.enable = true; - # will be overridden by the bootstrapIso instrumentation - fileSystems."/" = { device = "/dev/disk/by-label/nixos"; }; + # will be overridden by the bootstrapIso instrumentation + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; }; - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.05"; # Did you read the comment? + system.nixos.label = "PubSolarOS-" + config.system.nixos.version; + + # mkForce because a similar transformation gets double applied otherwise + # https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L17 + # https://github.com/NixOS/nixpkgs/blob/aecd4d8349b94f9bd5718c74a5b789f233f67326/nixos/modules/installer/cd-dvd/installation-cd-base.nix#L21-L22 + isoImage = { + isoBaseName = mkForce (getFqdn config); + isoName = mkForce "${config.system.nixos.label}-${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso"; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? + }; } diff --git a/modules/core/default.nix b/modules/core/default.nix index 9a3ea0fe..4f74b46d 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -2,7 +2,6 @@ with lib; let - psCfg = config.pub-solar; cfg = config.pub-solar.core; in { @@ -29,12 +28,12 @@ in config = { pub-solar = { - audio.enable = lib.mkIf (!cfg.lite) (lib.mkDefault true); - crypto.enable = lib.mkIf (!cfg.lite) (lib.mkDefault true); - devops.enable = lib.mkIf (!cfg.lite) (lib.mkDefault true); + audio.enable = mkIf (!cfg.lite) (mkDefault true); + crypto.enable = mkIf (!cfg.lite) (mkDefault true); + devops.enable = mkIf (!cfg.lite) (mkDefault true); terminal-life = { - enable = lib.mkDefault true; + enable = mkDefault true; lite = cfg.lite; }; }; -- 2.44.2 From f2ecc2d8b9ee6b5c0cbda2f3e8b5342e714e58b6 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 3 Oct 2022 02:30:08 +0200 Subject: [PATCH 306/320] ci: fix upload target path --- .drone.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.drone.yml b/.drone.yml index b9718b8c..5e20924e 100644 --- a/.drone.yml +++ b/.drone.yml @@ -121,7 +121,7 @@ steps: from_secret: iso_web_ssh_port key: from_secret: iso_web_ssh_key - target: /srv/os + target: /srv/os/download source: - /var/nix/iso-cache/*.iso - /var/nix/iso-cache/*.iso.sha256 @@ -143,6 +143,6 @@ volumes: --- kind: signature -hmac: 7b0b56a97294cd563eee2bde56abeea6dd0928e01729980a25f8c165a3f6e0f6 +hmac: 8823c7103f6a075bb291a497c7ab5d5db47a91f9bc7d8ef95329b5620c9cf91d ... -- 2.44.2 From 8529a15177466a14be333e0fdc83e39f3eb4ee07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 3 Oct 2022 03:57:34 +0200 Subject: [PATCH 307/320] Be more paranoid The paranoia mode now also enables the firewall and closes down a couple of small openSSH holes. `noexec` on the whole FS is left out as it will make every existing PubSolarOS installation panic. --- modules/core/networking.nix | 2 ++ modules/paranoia/default.nix | 30 ++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/modules/core/networking.nix b/modules/core/networking.nix index edfef42d..c5ec9cbe 100644 --- a/modules/core/networking.nix +++ b/modules/core/networking.nix @@ -36,6 +36,8 @@ in wifi.backend = "iwd"; }; + networking.firewall.enable = true; + # Customized binary caches list (with fallback to official binary cache) nix.binaryCaches = cfg.binaryCaches; nix.binaryCachePublicKeys = cfg.publicKeys; diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix index 699ab13e..f5ceaeaf 100644 --- a/modules/paranoia/default.nix +++ b/modules/paranoia/default.nix @@ -21,5 +21,35 @@ in config = mkIf cfg.enable { pub-solar.core.hibernation.enable = true; services.logind.lidSwitch = "hibernate"; + + # The options below are directly taken from or inspired by + # https://xeiaso.net/blog/paranoid-nixos-2021-07-18 + + # Don't set this if you need sftp + services.openssh.allowSFTP = false; + services.openssh.openFirewall = false; # Lock yourself out + + # Limit the use of sudo to the group wheel + security.sudo.execWheelOnly = true; + + # Remove the complete default environment of packages like + # nano, perl and rsync + environment.defaultPackages = lib.mkForce [ ]; + + # fileSystems."/".options = [ "noexec" ]; + + services.openssh = { + enable = true; + openFirewall = false; + passwordAuthentication = false; + kbdInteractiveAuthentication = false; + extraConfig = '' + AllowTcpForwarding yes + X11Forwarding no + AllowAgentForwarding no + AllowStreamLocalForwarding no + AuthenticationMethods publickey + ''; + }; }; } -- 2.44.2 From 6f3885d0caff8d36508080e4db60b4c62616c3f9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 3 Oct 2022 04:07:48 +0200 Subject: [PATCH 308/320] Remove doubled openssh configs in paranoia module --- modules/paranoia/default.nix | 2 -- 1 file changed, 2 deletions(-) diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix index f5ceaeaf..75275a11 100644 --- a/modules/paranoia/default.nix +++ b/modules/paranoia/default.nix @@ -39,8 +39,6 @@ in # fileSystems."/".options = [ "noexec" ]; services.openssh = { - enable = true; - openFirewall = false; passwordAuthentication = false; kbdInteractiveAuthentication = false; extraConfig = '' -- 2.44.2 From b23e1e16a42465ff3905905e43f3265ef8b62846 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 3 Oct 2022 04:11:16 +0200 Subject: [PATCH 309/320] alacritty: improve selection and cursor colors --- modules/graphical/alacritty.nix | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/modules/graphical/alacritty.nix b/modules/graphical/alacritty.nix index e4e2f6ad..b389343c 100644 --- a/modules/graphical/alacritty.nix +++ b/modules/graphical/alacritty.nix @@ -100,10 +100,15 @@ foreground = "0xe3e1e4"; }; - # Colors the cursor will use if `custom_cursor_colors` is true + # Cursor colors + # + # Colors which should be used to draw the terminal cursor. + # + # Allowed values are CellForeground/CellBackground, which reference the + # affected cell, or hexadecimal colors like #ff00ff. cursor = { - text = "0x1a181a"; - cursor = "0xe3e1e4"; + text = "CellBackground"; + cursor = "CellForeground"; }; # Colors used for the search bar and match highlighting. @@ -115,14 +120,25 @@ background = "0x1a181a"; }; focused_match = { - foreground = "0xe5c463"; - background = "0xe3e1e4"; + foreground = "CellBackground"; + background = "CellForeground"; }; #bar = # background = "#c5c8c6"; # foreground = "#1d1f21"; }; + # Selection colors + # + # Colors which should be used to draw the selection area. + # + # Allowed values are CellForeground/CellBackground, which reference the + # affected cell, or hexadecimal colors like #ff00ff. + selection = { + text = "0x1a181a"; + background = "0xf85e84"; + }; + # Normal colors normal = { black = "0x1a181a"; -- 2.44.2 From 5da560ef56cb081b4dd3bae67a3a2e67421487cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 3 Oct 2022 04:55:14 +0200 Subject: [PATCH 310/320] Open up SSH by default --- modules/core/services.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/core/services.nix b/modules/core/services.nix index 61ba6ea0..41aa45e5 100644 --- a/modules/core/services.nix +++ b/modules/core/services.nix @@ -4,7 +4,9 @@ # For rage encryption, all hosts need a ssh key pair services.openssh = { enable = true; - openFirewall = lib.mkDefault false; + # If you don't want the host to have SSH actually opened up to the net, + # set `services.openssh.openFirewall` to false in your config. + openFirewall = lib.mkDefault true; }; # Service that makes Out of Memory Killer more effective -- 2.44.2 From f28d05e24eee55396773f165b40d374be795f414 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Oct 2022 11:57:51 +0200 Subject: [PATCH 311/320] Change user.publicKeys to a SSH keys string list --- modules/user/default.nix | 2 +- profiles/base-user/default.nix | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/user/default.nix b/modules/user/default.nix index 2fd5958e..7c869380 100644 --- a/modules/user/default.nix +++ b/modules/user/default.nix @@ -23,7 +23,7 @@ in }; publicKeys = mkOption { description = "User SSH public keys"; - type = types.listOf types.path; + type = types.listOf types.str; default = [ ]; }; fullName = mkOption { diff --git a/profiles/base-user/default.nix b/profiles/base-user/default.nix index 9ff21c8e..374dca40 100644 --- a/profiles/base-user/default.nix +++ b/profiles/base-user/default.nix @@ -25,7 +25,7 @@ in ]; initialHashedPassword = if psCfg.user.password != null then psCfg.user.password else ""; shell = pkgs.zsh; - openssh.authorizedKeys.keyFiles = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else [ ]; + openssh.authorizedKeys.keys = if psCfg.user.publicKeys != null then psCfg.user.publicKeys else [ ]; }; }; } -- 2.44.2 From d43bd8058058f7d3231b4422997e9a11eb03385b Mon Sep 17 00:00:00 2001 From: teutat3s Date: Wed, 5 Oct 2022 11:58:26 +0200 Subject: [PATCH 312/320] core: disable SSH passwordAuthentication by default --- modules/core/services.nix | 1 + modules/paranoia/default.nix | 1 - 2 files changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/core/services.nix b/modules/core/services.nix index 41aa45e5..6ce74472 100644 --- a/modules/core/services.nix +++ b/modules/core/services.nix @@ -7,6 +7,7 @@ # If you don't want the host to have SSH actually opened up to the net, # set `services.openssh.openFirewall` to false in your config. openFirewall = lib.mkDefault true; + passwordAuthentication = false; }; # Service that makes Out of Memory Killer more effective diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix index 75275a11..2dc439cf 100644 --- a/modules/paranoia/default.nix +++ b/modules/paranoia/default.nix @@ -39,7 +39,6 @@ in # fileSystems."/".options = [ "noexec" ]; services.openssh = { - passwordAuthentication = false; kbdInteractiveAuthentication = false; extraConfig = '' AllowTcpForwarding yes -- 2.44.2 From 4520dece5f0a96e762c032e7d98d9080481f33a4 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 18 Oct 2022 16:24:43 +0200 Subject: [PATCH 313/320] neovim: use nvfetcher for custom plugins --- modules/terminal-life/nvim/default.nix | 72 ++------------------- overlays/neovim-plugins.nix | 22 +++++++ overlays/rnix-lsp.nix | 9 +-- pkgs/_sources/generated.nix | 90 ++++++++++++++++++++++++-- pkgs/sources.toml | 28 ++++++++ 5 files changed, 140 insertions(+), 81 deletions(-) create mode 100644 overlays/neovim-plugins.nix diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index bc06943b..4df1892a 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -5,66 +5,6 @@ let xdg = config.home-manager.users."${psCfg.user.name}".xdg; preview-file = pkgs.writeShellScriptBin "preview-file" (import ./preview-file.nix pkgs); - - vimagit-master = pkgs.vimUtils.buildVimPlugin { - name = "vimagit-master"; - src = pkgs.fetchFromGitHub { - owner = "jreybert"; - repo = "vimagit"; - rev = "308650ddc1e9a94e49fae0ea04bbc1c45f23d4c4"; - sha256 = "sha256-fhazQQqyFaO0fdoeNI9nBshwTDhKNHH262H/QThtuO0="; - }; - }; - - instant-nvim = pkgs.vimUtils.buildVimPlugin { - name = "instant"; - src = pkgs.fetchFromGitHub { - owner = "jbyuki"; - repo = "instant.nvim"; - rev = "c02d72267b12130609b7ad39b76cf7f4a3bc9554"; - sha256 = "sha256-7Pr2Au/oGKp5kMXuLsQY4BK5Wny9L1EBdXtyS5EaZPI="; - }; - }; - - vim-caddyfile = pkgs.vimUtils.buildVimPlugin { - name = "vim-caddyfile"; - src = pkgs.fetchFromGitHub { - owner = "isobit"; - repo = "vim-caddyfile"; - rev = "24fe0720551883e407cb70ae1d7c03f162d1d5a0"; - sha256 = "sha256-rRYv3vnt31g7hNTxttTD6BWdv5JJ+ko3rPNyDUEOZ9o="; - }; - }; - - workspace = pkgs.vimUtils.buildVimPlugin { - name = "vim-workspace"; - src = pkgs.fetchFromGitHub { - owner = "thaerkh"; - repo = "vim-workspace"; - rev = "c26b473f9b073f24bacecd38477f44c5cd1f5a62"; - sha256 = "sha256-XV7opLyfkHIDO0+JJaO/x0za0gsHuklrzapTGdLHJmI="; - }; - }; - - beautify = pkgs.vimUtils.buildVimPlugin { - name = "vim-beautify"; - src = pkgs.fetchFromGitHub { - owner = "zeekay"; - repo = "vim-beautify"; - rev = "e0691483927dc5a0c051433602397419f9628623"; - sha256 = "QPTCl6KaGcAjTS5yVDov9yxmv0fDaFoPLMsrtVIG6GQ="; - }; - }; - - apprentice = pkgs.vimUtils.buildVimPlugin { - name = "vim-apprentice"; - src = pkgs.fetchFromGitHub { - owner = "romainl"; - repo = "Apprentice"; - rev = "ecd41698037f15a58125b349be76dbd2595bfb6d"; - sha256 = "sha256-9s7Yzn3IEJBjcyUq9NBIQ9wb45Xr7jOkEIoWf0lAYYg="; - }; - }; in { enable = true; @@ -108,7 +48,7 @@ in lsp_extensions-nvim nvim-lspconfig - instant-nvim + instant-nvim-nvfetcher ack-vim vim-airline @@ -119,23 +59,23 @@ in syntastic vim-gutentags vim-vinegar - workspace + vim-workspace-nvfetcher sonokai vim-hybrid-material vim-airline-themes - apprentice + vim-apprentice-nvfetcher fugitive vim-gitgutter vim-rhubarb - vimagit-master + vimagit-nvfetcher fzf-vim fzfWrapper vim-highlightedyank - beautify + vim-beautify-nvfetcher vim-surround vim-bufkill @@ -144,7 +84,7 @@ in ansible-vim emmet-vim rust-vim - vim-caddyfile + vim-caddyfile-nvfetcher vim-go vim-javascript vim-json diff --git a/overlays/neovim-plugins.nix b/overlays/neovim-plugins.nix new file mode 100644 index 00000000..b022049c --- /dev/null +++ b/overlays/neovim-plugins.nix @@ -0,0 +1,22 @@ +final: prev: { + vimPlugins = prev.vimPlugins // { + instant-nvim-nvfetcher = prev.vimUtils.buildVimPluginFrom2Nix { + inherit (prev.sources.instant-nvim-nvfetcher) pname version src; + }; + vimagit-nvfetcher = prev.vimUtils.buildVimPluginFrom2Nix { + inherit (prev.sources.vimagit-nvfetcher) pname version src; + }; + vim-caddyfile-nvfetcher = prev.vimUtils.buildVimPluginFrom2Nix { + inherit (prev.sources.vim-caddyfile-nvfetcher) pname version src; + }; + vim-workspace-nvfetcher = prev.vimUtils.buildVimPluginFrom2Nix { + inherit (prev.sources.vim-workspace-nvfetcher) pname version src; + }; + vim-beautify-nvfetcher = prev.vimUtils.buildVimPluginFrom2Nix { + inherit (prev.sources.vim-beautify-nvfetcher) pname version src; + }; + vim-apprentice-nvfetcher = prev.vimUtils.buildVimPluginFrom2Nix { + inherit (prev.sources.vim-apprentice-nvfetcher) pname version src; + }; + }; +} diff --git a/overlays/rnix-lsp.nix b/overlays/rnix-lsp.nix index 62c0f2b0..f755d110 100644 --- a/overlays/rnix-lsp.nix +++ b/overlays/rnix-lsp.nix @@ -1,13 +1,6 @@ final: prev: { rnix-lsp = prev.rnix-lsp.overrideAttrs (oldAttrs: rec { - version = "unstable-2022-07-28"; - - src = prev.fetchFromGitHub { - owner = "nix-community"; - repo = "rnix-lsp"; - rev = "ff18e04551a39ccdab0ff9c83926db3807b23478"; - sha256 = "sha256-4OIpATLdPQvryyhRQPELeqNYC0n6PCyjD6LCPdwOztc="; - }; + inherit (prev.sources.rnix-lsp-nvfetcher) pname version src; cargoDeps = oldAttrs.cargoDeps.overrideAttrs (prev.lib.const { name = "rnix-lsp-vendor.tar.gz"; diff --git a/pkgs/_sources/generated.nix b/pkgs/_sources/generated.nix index 71be3965..f8bdd149 100644 --- a/pkgs/_sources/generated.nix +++ b/pkgs/_sources/generated.nix @@ -1,16 +1,92 @@ # This file was generated by nvfetcher, please do not modify it manually. -{ fetchgit, fetchurl }: +{ fetchgit, fetchurl, fetchFromGitHub }: { + instant-nvim-nvfetcher = { + pname = "instant-nvim-nvfetcher"; + version = "294b6d08143b3db8f9db7f606829270149e1a786"; + src = fetchFromGitHub ({ + owner = "jbyuki"; + repo = "instant.nvim"; + rev = "294b6d08143b3db8f9db7f606829270149e1a786"; + fetchSubmodules = false; + sha256 = "sha256-DXJWji/NR8ZCxe014rD51v3EHJHMhRQeOoI3SsY8mR4="; + }); + }; manix = { pname = "manix"; version = "d08e7ca185445b929f097f8bfb1243a8ef3e10e4"; - src = fetchgit { - url = "https://github.com/mlvzk/manix"; + src = fetchFromGitHub ({ + owner = "mlvzk"; + repo = "manix"; rev = "d08e7ca185445b929f097f8bfb1243a8ef3e10e4"; fetchSubmodules = false; - deepClone = false; - leaveDotGit = false; - sha256 = "1b7xi8c2drbwzfz70czddc4j33s7g1alirv12dwl91hbqxifx8qs"; - }; + sha256 = "sha256-GqPuYscLhkR5E2HnSFV4R48hCWvtM3C++3zlJhiK/aw="; + }); + }; + rnix-lsp-nvfetcher = { + pname = "rnix-lsp-nvfetcher"; + version = "6925256babec4307479a4080b44f2be38056f210"; + src = fetchFromGitHub ({ + owner = "nix-community"; + repo = "rnix-lsp"; + rev = "6925256babec4307479a4080b44f2be38056f210"; + fetchSubmodules = false; + sha256 = "sha256-OKLyIXIXhUnRB3Xw+7zI3u6XkwF7Mrbfz1XaasV6i7Q="; + }); + }; + vim-apprentice-nvfetcher = { + pname = "vim-apprentice-nvfetcher"; + version = "9942d0bb0a5d82f7a24450b00051c1f2cc008659"; + src = fetchFromGitHub ({ + owner = "romainl"; + repo = "Apprentice"; + rev = "9942d0bb0a5d82f7a24450b00051c1f2cc008659"; + fetchSubmodules = false; + sha256 = "sha256-Xs+vTdnihNbBFPOKsW+NB40pqN9eaadqzc0DIeNoOFo="; + }); + }; + vim-beautify-nvfetcher = { + pname = "vim-beautify-nvfetcher"; + version = "e0691483927dc5a0c051433602397419f9628623"; + src = fetchFromGitHub ({ + owner = "zeekay"; + repo = "vim-beautify"; + rev = "e0691483927dc5a0c051433602397419f9628623"; + fetchSubmodules = false; + sha256 = "sha256-QPTCl6KaGcAjTS5yVDov9yxmv0fDaFoPLMsrtVIG6GQ="; + }); + }; + vim-caddyfile-nvfetcher = { + pname = "vim-caddyfile-nvfetcher"; + version = "24fe0720551883e407cb70ae1d7c03f162d1d5a0"; + src = fetchFromGitHub ({ + owner = "isobit"; + repo = "vim-caddyfile"; + rev = "24fe0720551883e407cb70ae1d7c03f162d1d5a0"; + fetchSubmodules = false; + sha256 = "sha256-rRYv3vnt31g7hNTxttTD6BWdv5JJ+ko3rPNyDUEOZ9o="; + }); + }; + vim-workspace-nvfetcher = { + pname = "vim-workspace-nvfetcher"; + version = "c26b473f9b073f24bacecd38477f44c5cd1f5a62"; + src = fetchFromGitHub ({ + owner = "thaerkh"; + repo = "vim-workspace"; + rev = "c26b473f9b073f24bacecd38477f44c5cd1f5a62"; + fetchSubmodules = false; + sha256 = "sha256-XV7opLyfkHIDO0+JJaO/x0za0gsHuklrzapTGdLHJmI="; + }); + }; + vimagit-nvfetcher = { + pname = "vimagit-nvfetcher"; + version = "308650ddc1e9a94e49fae0ea04bbc1c45f23d4c4"; + src = fetchFromGitHub ({ + owner = "jreybert"; + repo = "vimagit"; + rev = "308650ddc1e9a94e49fae0ea04bbc1c45f23d4c4"; + fetchSubmodules = false; + sha256 = "sha256-fhazQQqyFaO0fdoeNI9nBshwTDhKNHH262H/QThtuO0="; + }); }; } diff --git a/pkgs/sources.toml b/pkgs/sources.toml index f7af168e..b3535048 100644 --- a/pkgs/sources.toml +++ b/pkgs/sources.toml @@ -2,3 +2,31 @@ [manix] src.git = "https://github.com/mlvzk/manix" fetch.github = "mlvzk/manix" + +[rnix-lsp-nvfetcher] +src.git = "https://github.com/nix-community/rnix-lsp" +fetch.github = "nix-community/rnix-lsp" + +[vimagit-nvfetcher] +src.git = "https://github.com/jreybert/vimagit" +fetch.github = "jreybert/vimagit" + +[instant-nvim-nvfetcher] +src.git = "https://github.com/jbyuki/instant.nvim" +fetch.github = "jbyuki/instant.nvim" + +[vim-caddyfile-nvfetcher] +src.git = "https://github.com/isobit/vim-caddyfile" +fetch.github = "isobit/vim-caddyfile" + +[vim-workspace-nvfetcher] +src.git = "https://github.com/thaerkh/vim-workspace" +fetch.github = "thaerkh/vim-workspace" + +[vim-beautify-nvfetcher] +src.git = "https://github.com/zeekay/vim-beautify" +fetch.github = "zeekay/vim-beautify" + +[vim-apprentice-nvfetcher] +src.git = "https://github.com/romainl/Apprentice" +fetch.github = "romainl/Apprentice" -- 2.44.2 From e69c8fe9c74e9e27d0897b338aa97a55067278de Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 18 Oct 2022 17:02:23 +0200 Subject: [PATCH 314/320] Bump flake.lock --- flake.lock | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/flake.lock b/flake.lock index 4e02f07a..ebcef0ac 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1664140963, - "narHash": "sha256-pFxDtOLduRFlol0Y4ShE+soRQX4kbhaCNBtDOvx7ykw=", + "lastModified": 1665870395, + "narHash": "sha256-Tsbqb27LDNxOoPLh0gw2hIb6L/6Ow/6lIBvqcHzEKBI=", "owner": "ryantm", "repo": "agenix", - "rev": "6acb1fe5f8597d5ce63fc82bc7fcac7774b1cdf0", + "rev": "a630400067c6d03c9b3e0455347dc8559db14288", "type": "github" }, "original": { @@ -42,11 +42,11 @@ ] }, "locked": { - "lastModified": 1664210064, - "narHash": "sha256-df6nKVZe/yAhmJ9csirTPahc0dldwm3HBhCVNA6qWr0=", + "lastModified": 1665392861, + "narHash": "sha256-bCd8fYJMAb0LzabsiXl4nxECDoz483bJOCa2hjox7N0=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "02d2551c927b7d65ded1b3c7cd13da5cc7ae3fcf", + "rev": "ef56fd8979b5f4e800c4716f62076e00600b1172", "type": "github" }, "original": { @@ -276,11 +276,11 @@ ] }, "locked": { - "lastModified": 1656169755, - "narHash": "sha256-Nlnm4jeQWEGjYrE6hxi/7HYHjBSZ/E0RtjCYifnNsWk=", + "lastModified": 1665996265, + "narHash": "sha256-/k9og6LDBQwT+f/tJ5ClcWiUl8kCX5m6ognhsAxOiCY=", "owner": "nix-community", "repo": "home-manager", - "rev": "4a3d01fb53f52ac83194081272795aa4612c2381", + "rev": "b81e128fc053ab3159d7b464d9b7dedc9d6a6891", "type": "github" }, "original": { @@ -308,11 +308,11 @@ }, "latest_2": { "locked": { - "lastModified": 1664538465, - "narHash": "sha256-EnlC7dDKX7X1wlnXkB1gmn9rBZQ0J9+biVTZHw//8us=", + "lastModified": 1665940183, + "narHash": "sha256-cPe3F7CtnxU9YbJpc3Adl4d9kX+turqTv5FxM98i8vg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "10ecda252ce1b3b1d6403caeadbcc8f30d5ab796", + "rev": "104e8082de1b20f9d0e1f05b1028795ed0e0e4bc", "type": "github" }, "original": { @@ -359,11 +359,11 @@ }, "nixos": { "locked": { - "lastModified": 1664594436, - "narHash": "sha256-YHowMADGzdi7fKnGlg47qe0PIljq+11VqLarmXDuKxQ=", + "lastModified": 1666014999, + "narHash": "sha256-gvKl8xlPJreezNG1NVTJv/HdGC69MSrM+IpCxS+eFvw=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9cac45850280978a21a3eb67b15a18f34cbffa2d", + "rev": "1935dd8fdab8e022a9d958419663162fd840014c", "type": "github" }, "original": { @@ -379,11 +379,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1660727616, - "narHash": "sha256-zYTIvdPMYMx/EYqXODAwIIU30RiEHqNHdgarIHuEYZc=", + "lastModified": 1666016402, + "narHash": "sha256-Cm/nrdUMXwXiFQforG1Mv8OA4o8yhuVx6E1eDFH4rew=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "adccd191a0e83039d537e021f19495b7bad546a1", + "rev": "688db42a1eb34853f050267ff65c975f664312f0", "type": "github" }, "original": { @@ -394,11 +394,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1664628729, - "narHash": "sha256-A1J0ZPhBfZZiWI6ipjKJ8+RpMllzOMu/An/8Tk3t4oo=", + "lastModified": 1665987993, + "narHash": "sha256-MvlaIYTRiqefG4dzI5p6vVCfl+9V8A1cPniUjcn6Ngc=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "3024c67a2e9a35450558426c42e7419ab37efd95", + "rev": "0e6593630071440eb89cd97a52921497482b22c6", "type": "github" }, "original": { -- 2.44.2 From e4418bfe0c9c7ca95aac590e4466fee293db9f48 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Thu, 20 Oct 2022 13:56:57 +0200 Subject: [PATCH 315/320] drone: use our custom drone-scp image --- .drone.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index 5e20924e..4cf4b3b2 100644 --- a/.drone.yml +++ b/.drone.yml @@ -108,7 +108,9 @@ steps: - nix run nixpkgs#gnused -- --in-place "s/$ISO_NAME/PubSolarOS-latest.iso/" PubSolarOS-latest.iso.sha256 - name: "Publish ISO" - image: appleboy/drone-scp + # custom drone-scp image, source: https://git.b12f.io/pub-solar/drone-scp/ + # docker build --tag registry.greenbaum.cloud/library/drone-scp:v1.6.5 --file ./docker/Dockerfile.linux.amd64 . + image: registry.greenbaum.cloud/library/drone-scp:v1.6.5 volumes: - name: file-exchange path: /var/nix/iso-cache @@ -125,7 +127,7 @@ steps: source: - /var/nix/iso-cache/*.iso - /var/nix/iso-cache/*.iso.sha256 - overwrite: true + unlink_first: true strip_components: 3 depends_on: @@ -143,6 +145,6 @@ volumes: --- kind: signature -hmac: 8823c7103f6a075bb291a497c7ab5d5db47a91f9bc7d8ef95329b5620c9cf91d +hmac: 3e6a89e903e214f21d488eba82863683b130ef6dbc2dc352377d4fd94ab3cd0c ... -- 2.44.2 From eece344083ec64ce0d5f9006d2751fe33c91eb0e Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Sun, 23 Oct 2022 18:33:11 +0200 Subject: [PATCH 316/320] Make resume_offset optional --- modules/core/hibernation.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/modules/core/hibernation.nix b/modules/core/hibernation.nix index 0454d82b..a71ffd37 100644 --- a/modules/core/hibernation.nix +++ b/modules/core/hibernation.nix @@ -27,9 +27,7 @@ in config = { boot = mkIf cfg.enable { resumeDevice = cfg.resumeDevice; - kernelParams = - if (cfg.resumeOffset == null && cfg.enable) then builtins.abort "config.pub-solar.resumeOffset has to be set if config.pub-solar.enable is true." - else [ "resume_offset=${builtins.toString cfg.resumeOffset}" ]; + kernelParams = mkIf (cfg.resumeOffset != null) [ "resume_offset=${builtins.toString cfg.resumeOffset}" ]; }; }; } -- 2.44.2 From ea6233f57e994286bd989c4527f4999c108713db Mon Sep 17 00:00:00 2001 From: teutat3s Date: Tue, 18 Oct 2022 16:44:00 +0200 Subject: [PATCH 317/320] zsh: fetch plugins using nvfetcher --- modules/terminal-life/zsh/default.nix | 31 ++++--------------- pkgs/_sources/generated.nix | 44 +++++++++++++++++++++++++++ pkgs/sources.toml | 16 ++++++++++ 3 files changed, 66 insertions(+), 25 deletions(-) diff --git a/modules/terminal-life/zsh/default.nix b/modules/terminal-life/zsh/default.nix index b68a4270..36ec41ad 100644 --- a/modules/terminal-life/zsh/default.nix +++ b/modules/terminal-life/zsh/default.nix @@ -40,46 +40,27 @@ in myip = "dig +short myip.opendns.com @208.67.222.222 2>&1"; }; plugins = [ + # src gets fetched by nvfetcher, see: ./pkgs/sources.toml { # will source ohmyzsh/plugins/z/ name = "zsh-plugins-z"; - file = "plugins/z/z.sh"; - src = pkgs.fetchFromGitHub { - owner = "ohmyzsh"; - repo = "ohmyzsh"; - rev = "249c708ed3a4a7a63d16a6e911a46b6fb9623cbd"; - sha256 = "sha256-NAVotL5RxpS/zKnO+ngMIjv787lqc1dj/c4blQrQcvU="; - }; + file = "plugins/z/z.plugin.zsh"; + src = pkgs.sources.ohmyzsh.src; } { name = "zsh-powerlevel10k"; file = "powerlevel10k.zsh-theme"; - src = pkgs.fetchFromGitHub { - owner = "romkatv"; - repo = "powerlevel10k"; - rev = "2dd6a29e4d7a33bfef10973d6550e087be37ddee"; - sha256 = "sha256-9vc4cMBCNOmPOyzGwnPeMrXXyQUq4pC9Du3AWl9+Rys="; - }; + src = pkgs.sources.powerlevel10k.src; } { name = "zsh-fast-syntax-highlighting"; file = "F-Sy-H.plugin.zsh"; - src = pkgs.fetchFromGitHub { - owner = "z-shell"; - repo = "F-Sy-H"; - rev = "c4bdc485b67b58351a24f21fcac92c9e0232b939"; - sha256 = "sha256-uXBGIdJwubuueNhQRdGxPUi0eJN17cflYAuHTjeQ8FQ="; - }; + src = pkgs.sources.F-Sy-H.src; } { name = "zsh-nix-shell"; file = "nix-shell.plugin.zsh"; - src = pkgs.fetchFromGitHub { - owner = "chisui"; - repo = "zsh-nix-shell"; - rev = "af6f8a266ea1875b9a3e86e14796cadbe1cfbf08"; - sha256 = "sha256-BjgMhILEL/qdgfno4LR64LSB8n9pC9R+gG7IQWwgyfQ="; - }; + src = pkgs.sources.zsh-nix-shell.src; } ]; diff --git a/pkgs/_sources/generated.nix b/pkgs/_sources/generated.nix index f8bdd149..30bcbdef 100644 --- a/pkgs/_sources/generated.nix +++ b/pkgs/_sources/generated.nix @@ -1,6 +1,17 @@ # This file was generated by nvfetcher, please do not modify it manually. { fetchgit, fetchurl, fetchFromGitHub }: { + F-Sy-H = { + pname = "F-Sy-H"; + version = "b935a87a75560f8173dd78deee6717c59d464e06"; + src = fetchFromGitHub ({ + owner = "z-shell"; + repo = "F-Sy-H"; + rev = "b935a87a75560f8173dd78deee6717c59d464e06"; + fetchSubmodules = false; + sha256 = "sha256-448OlDnrDkUjvaSLDhXsa9bkgYXzj1Ju8CTpJVjH8LM="; + }); + }; instant-nvim-nvfetcher = { pname = "instant-nvim-nvfetcher"; version = "294b6d08143b3db8f9db7f606829270149e1a786"; @@ -23,6 +34,28 @@ sha256 = "sha256-GqPuYscLhkR5E2HnSFV4R48hCWvtM3C++3zlJhiK/aw="; }); }; + ohmyzsh = { + pname = "ohmyzsh"; + version = "65a1e4edbe678cdac37ad96ca4bc4f6d77e27adf"; + src = fetchFromGitHub ({ + owner = "ohmyzsh"; + repo = "ohmyzsh"; + rev = "65a1e4edbe678cdac37ad96ca4bc4f6d77e27adf"; + fetchSubmodules = false; + sha256 = "sha256-qyI7CU0vKhhADZfQtD73GsyAbqdMPhDQ1uA03h4erpw="; + }); + }; + powerlevel10k = { + pname = "powerlevel10k"; + version = "8091c8a3a8a845c70046684235a01cd500075def"; + src = fetchFromGitHub ({ + owner = "romkatv"; + repo = "powerlevel10k"; + rev = "8091c8a3a8a845c70046684235a01cd500075def"; + fetchSubmodules = false; + sha256 = "sha256-I0/tktXCbZ3hMYTNvPoWfOEYWRgmHoXsar/jcUB6bpo="; + }); + }; rnix-lsp-nvfetcher = { pname = "rnix-lsp-nvfetcher"; version = "6925256babec4307479a4080b44f2be38056f210"; @@ -89,4 +122,15 @@ sha256 = "sha256-fhazQQqyFaO0fdoeNI9nBshwTDhKNHH262H/QThtuO0="; }); }; + zsh-nix-shell = { + pname = "zsh-nix-shell"; + version = "af6f8a266ea1875b9a3e86e14796cadbe1cfbf08"; + src = fetchFromGitHub ({ + owner = "chisui"; + repo = "zsh-nix-shell"; + rev = "af6f8a266ea1875b9a3e86e14796cadbe1cfbf08"; + fetchSubmodules = false; + sha256 = "sha256-BjgMhILEL/qdgfno4LR64LSB8n9pC9R+gG7IQWwgyfQ="; + }); + }; } diff --git a/pkgs/sources.toml b/pkgs/sources.toml index b3535048..5ec5e936 100644 --- a/pkgs/sources.toml +++ b/pkgs/sources.toml @@ -3,6 +3,22 @@ src.git = "https://github.com/mlvzk/manix" fetch.github = "mlvzk/manix" +[ohmyzsh] +src.git = "https://github.com/ohmyzsh/ohmyzsh" +fetch.github = "ohmyzsh/ohmyzsh" + +[powerlevel10k] +src.git = "https://github.com/romkatv/powerlevel10k" +fetch.github = "romkatv/powerlevel10k" + +[F-Sy-H] +src.git = "https://github.com/z-shell/F-Sy-H" +fetch.github = "z-shell/F-Sy-H" + +[zsh-nix-shell] +src.git = "https://github.com/chisui/zsh-nix-shell" +fetch.github = "chisui/zsh-nix-shell" + [rnix-lsp-nvfetcher] src.git = "https://github.com/nix-community/rnix-lsp" fetch.github = "nix-community/rnix-lsp" -- 2.44.2 From 630d0afc5e0b389c1ad956230b9ad96a381a157a Mon Sep 17 00:00:00 2001 From: Hendrik Sokolowski Date: Sat, 15 Oct 2022 01:58:36 +0200 Subject: [PATCH 318/320] Update drone-config --- .drone.yml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/.drone.yml b/.drone.yml index 4cf4b3b2..b4d4bb92 100644 --- a/.drone.yml +++ b/.drone.yml @@ -1,11 +1,12 @@ --- kind: pipeline -type: docker +type: exec name: Check +node: + hosttype: baremetal steps: - name: "Check" - image: docker.nix-community.org/nixpkgs/nix-flakes:latest when: event: - pull_request @@ -20,6 +21,8 @@ steps: kind: pipeline type: exec name: Tests +node: + hosttype: baremetal steps: - name: "Tests" @@ -145,6 +148,6 @@ volumes: --- kind: signature -hmac: 3e6a89e903e214f21d488eba82863683b130ef6dbc2dc352377d4fd94ab3cd0c +hmac: 291be33bbf2954d1f5e4bf569679e24a773e7d6f90db4765fb9dacb3686a825e ... -- 2.44.2 From 02c145697b3539077c7217ce4edc872c2a656408 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 7 Nov 2022 11:24:59 +0100 Subject: [PATCH 319/320] Pull in upstream commits from https://github.com/divnix/digga/pull/490 Improved flake-compat Get the rev from the flake.lock file. Shouldn't be an issue for first time users as the guide instructs users to generate a lock file. `builtins.file` was used in accordance with nix.dev reccommendations. https://nix.dev/anti-patterns/language#reproducibility-referencing-top-level-directory-with Rm tempfix --- flake.nix | 3 +++ lib/compat/default.nix | 8 ++++---- shell/devos.nix | 15 --------------- 3 files changed, 7 insertions(+), 19 deletions(-) diff --git a/flake.nix b/flake.nix index 4ac60e8a..cce3f8ee 100644 --- a/flake.nix +++ b/flake.nix @@ -11,6 +11,9 @@ nixos.url = "github:nixos/nixpkgs/nixos-22.05"; latest.url = "github:nixos/nixpkgs/nixos-unstable"; + flake-compat.url = "github:edolstra/flake-compat"; + flake-compat.flake = false; + digga.url = "github:pub-solar/digga/fix/bootstrap-iso"; digga.inputs.nixpkgs.follows = "nixos"; digga.inputs.nixlib.follows = "nixos"; diff --git a/lib/compat/default.nix b/lib/compat/default.nix index 9d0c2837..ae3b4426 100644 --- a/lib/compat/default.nix +++ b/lib/compat/default.nix @@ -1,14 +1,14 @@ let - rev = "e7e5d481a0e15dcd459396e55327749989e04ce0"; + lock = builtins.fromJSON (builtins.readFile builtins.path { path = ../../flake.lock; name = "lockPath"; }); flake = (import ( fetchTarball { - url = "https://github.com/edolstra/flake-compat/archive/${rev}.tar.gz"; - sha256 = "0zd3x46fswh5n6faq4x2kkpy6p3c6j593xbdlbsl40ppkclwc80x"; + url = "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; } ) { - src = ../../.; + src = builtins.path { path = ../../.; name = "projectRoot"; }; }); in flake diff --git a/shell/devos.nix b/shell/devos.nix index 9aefcc6f..382a6d34 100644 --- a/shell/devos.nix +++ b/shell/devos.nix @@ -28,21 +28,6 @@ in # override for our own welcome devshell.name = pkgs.lib.mkForce "PubSolarOS"; - # tempfix: remove when merged https://github.com/numtide/devshell/pull/123 - devshell.startup.load_profiles = pkgs.lib.mkForce (pkgs.lib.noDepEntry '' - # PATH is devshell's exorbitant privilige: - # fence against its pollution - _PATH=''${PATH} - # Load installed profiles - for file in "$DEVSHELL_DIR/etc/profile.d/"*.sh; do - # If that folder doesn't exist, bash loves to return the whole glob - [[ -f "$file" ]] && source "$file" - done - # Exert exorbitant privilige and leave no trace - export PATH=''${_PATH} - unset _PATH - ''); - commands = with pkgs; [ (devos nix) (devos agenix) -- 2.44.2 From 06ed2a78a9fdf8bee7b83b31f1ae823d02c0168e Mon Sep 17 00:00:00 2001 From: teutat3s Date: Mon, 7 Nov 2022 11:26:58 +0100 Subject: [PATCH 320/320] Bump flake.lock --- flake.lock | 67 ++++++++++++++++++++++++++++++++++-------------------- 1 file changed, 42 insertions(+), 25 deletions(-) diff --git a/flake.lock b/flake.lock index ebcef0ac..060a2aea 100644 --- a/flake.lock +++ b/flake.lock @@ -42,11 +42,11 @@ ] }, "locked": { - "lastModified": 1665392861, - "narHash": "sha256-bCd8fYJMAb0LzabsiXl4nxECDoz483bJOCa2hjox7N0=", + "lastModified": 1667419884, + "narHash": "sha256-oLNw87ZI5NxTMlNQBv1wG2N27CUzo9admaFlnmavpiY=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "ef56fd8979b5f4e800c4716f62076e00600b1172", + "rev": "cfc0125eafadc9569d3d6a16ee928375b77e3100", "type": "github" }, "original": { @@ -205,6 +205,22 @@ "type": "github" } }, + "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1650374568, + "narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "b4a34015c698c7793d592d66adbab377907a2be8", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1642700792, @@ -256,11 +272,11 @@ }, "flake-utils_3": { "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "lastModified": 1667077288, + "narHash": "sha256-bdC8sFNDpT0HK74u9fUkpbf1MEzVYJ+ka7NXCdgBoaA=", "owner": "numtide", "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "rev": "6ee9ebb6b1ee695d2cacc4faa053a7b9baa76817", "type": "github" }, "original": { @@ -276,11 +292,11 @@ ] }, "locked": { - "lastModified": 1665996265, - "narHash": "sha256-/k9og6LDBQwT+f/tJ5ClcWiUl8kCX5m6ognhsAxOiCY=", + "lastModified": 1667677389, + "narHash": "sha256-y9Zdq8vtsn0T5TO1iTvWA7JndYIAGjzCjbYVi/hOSmA=", "owner": "nix-community", "repo": "home-manager", - "rev": "b81e128fc053ab3159d7b464d9b7dedc9d6a6891", + "rev": "87d55517f6f36aa1afbd7a4a064869d5a1d405b8", "type": "github" }, "original": { @@ -308,11 +324,11 @@ }, "latest_2": { "locked": { - "lastModified": 1665940183, - "narHash": "sha256-cPe3F7CtnxU9YbJpc3Adl4d9kX+turqTv5FxM98i8vg=", + "lastModified": 1667629849, + "narHash": "sha256-P+v+nDOFWicM4wziFK9S/ajF2lc0N2Rg9p6Y35uMoZI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "104e8082de1b20f9d0e1f05b1028795ed0e0e4bc", + "rev": "3bacde6273b09a21a8ccfba15586fb165078fb62", "type": "github" }, "original": { @@ -359,11 +375,11 @@ }, "nixos": { "locked": { - "lastModified": 1666014999, - "narHash": "sha256-gvKl8xlPJreezNG1NVTJv/HdGC69MSrM+IpCxS+eFvw=", + "lastModified": 1667653703, + "narHash": "sha256-Xow4vx52/g5zkhlgZnMEm/TEXsj+13jTPCc2jIhW1xU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1935dd8fdab8e022a9d958419663162fd840014c", + "rev": "f09ad462c5a121d0239fde645aacb2221553a217", "type": "github" }, "original": { @@ -379,11 +395,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1666016402, - "narHash": "sha256-Cm/nrdUMXwXiFQforG1Mv8OA4o8yhuVx6E1eDFH4rew=", + "lastModified": 1666812839, + "narHash": "sha256-0nBDgjPU+iDsvz89W+cDEyhnFGSwCJmwDl/gMGqYiU0=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "688db42a1eb34853f050267ff65c975f664312f0", + "rev": "41f3518bc194389df22a3d198215eae75e6b5ab9", "type": "github" }, "original": { @@ -394,11 +410,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1665987993, - "narHash": "sha256-MvlaIYTRiqefG4dzI5p6vVCfl+9V8A1cPniUjcn6Ngc=", + "lastModified": 1667768008, + "narHash": "sha256-PGbX0s2hhXGnZDFVE6UIhPSOf5YegpWs5dUXpT/14F0=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "0e6593630071440eb89cd97a52921497482b22c6", + "rev": "f6483e0def85efb9c1e884efbaff45a5e7aabb34", "type": "github" }, "original": { @@ -453,18 +469,18 @@ }, "nvfetcher": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "flake-utils": "flake-utils_3", "nixpkgs": [ "nixos" ] }, "locked": { - "lastModified": 1664550666, - "narHash": "sha256-eXfMRd9uItEp3PsYI31FSVGPG9dVC6yF++65ZrGwW8A=", + "lastModified": 1667620329, + "narHash": "sha256-v1Zk7rtEbAGpevBGPZvZBKpwbmw4I+uVwxvd+pBlp3o=", "owner": "berberman", "repo": "nvfetcher", - "rev": "9763ad40d59a044e90726653d9253efaeeb053b2", + "rev": "294826951113dcd3aa9abbcacfb1aa5b95a19116", "type": "github" }, "original": { @@ -479,6 +495,7 @@ "darwin": "darwin", "deploy": "deploy", "digga": "digga", + "flake-compat": "flake-compat_3", "home": "home", "latest": "latest_2", "naersk": "naersk", -- 2.44.2