From a6e5630927267bea8a382e181ff752aa79d43247 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Fri, 10 Nov 2023 19:48:06 +0100 Subject: [PATCH] feat: convert to flake-parts Thanks @b12f --- .gitignore | 2 +- flake.lock | 309 +- flake.nix | 216 +- hosts/default.nix | 103 + hosts/dumpyourvms/default.nix | 13 +- hosts/dumpyourvms/dumpyourvms.nix | 349 +- hosts/dumpyourvms/networking.nix | 204 +- hosts/iso/default.nix | 10 + hosts/ryzensun/default.nix | 13 +- hosts/ryzensun/networking.nix | 158 +- hosts/ryzensun/ryzensun.nix | 42 +- lib/add-local-hostname.nix | 5 + lib/default.nix | 28 +- lib/deploy.nix | 62 + lib/recursive-merge.nix | 16 + modules/adb/default.nix | 15 + modules/arduino/default.nix | 22 +- modules/audio/default.nix | 129 +- modules/audio/mopidy.nix | 18 - modules/bluetooth/default.nix | 35 + modules/ci-runner/default.nix | 45 - modules/core/boot.nix | 15 +- modules/core/default.nix | 40 +- modules/core/fonts.nix | 14 - modules/core/networking.nix | 100 +- modules/core/packages.nix | 81 +- modules/core/services.nix | 18 - modules/crypto/default.nix | 46 +- modules/ddclient/default.nix | 245 + modules/default.nix | 42 + modules/desktop-extended/default.nix | 48 + modules/devops/default.nix | 34 - modules/docker-ci-runner/default.nix | 114 - modules/docker/default.nix | 23 +- modules/email/default.nix | 61 +- modules/gaming/default.nix | 28 +- .../graphical}/.config/libinput-gestures.conf | 0 .../graphical}/.config/mako/config | 0 .../graphical}/.config/swaync/config.json | 0 .../graphical}/.config/swaync/style.css | 0 .../graphical}/.config/user-dirs.dirs | 0 .../graphical}/.config/user-dirs.locale | 0 .../graphical}/.config/waybar/colorscheme.css | 0 .../graphical}/.config/waybar/config | 0 .../graphical}/.config/waybar/style.css | 0 .../graphical}/.config/xmodmap | 0 .../.config/xsettingsd/xsettingsd.conf | 0 .../base-user => modules/graphical}/.xinitrc | 0 modules/graphical/alacritty.nix | 12 +- .../graphical}/assets/pub-solar.jpg | Bin .../graphical}/assets/wallpaper.jpg | Bin modules/graphical/default.nix | 186 +- .../sway/config/config.d/applications.conf | 1 + .../sway/config/config.d/colorscheme.conf | 0 .../config/config.d/custom-keybindings.conf | 10 +- .../sway/config/config.d/gaps.conf | 0 .../sway/config/config.d/mode_system.conf.nix | 29 +- .../sway/config/config.d/systemd.conf | 0 .../sway/config/config.d/theme.conf | 0 .../{ => graphical}/sway/config/config.nix | 2 +- .../graphical/sway/config/wayvnc/config.nix | 11 + modules/graphical/sway/default.nix | 100 + .../sway/gammastep.service.nix | 0 .../sway/libinput-gestures.service.nix | 0 modules/graphical/sway/mako.service.nix | 18 + .../sway/sway-session.target.nix | 0 modules/{ => graphical}/sway/sway.service.nix | 0 modules/graphical/sway/swayidle.service.nix | 27 + .../sway/swaynotificationcenter.service.nix | 0 .../{ => graphical}/sway/waybar.service.nix | 2 +- .../sway/xsettingsd.service.nix | 0 .../{ => graphical}/sway/ydotool.service.nix | 0 modules/invoiceplane/default.nix | 362 ++ modules/nextcloud/default.nix | 12 +- modules/nix-path.nix | 11 - modules/{core/nix.nix => nix/default.nix} | 32 +- modules/office/default.nix | 30 +- modules/paranoia/default.nix | 53 - modules/printing/default.nix | 60 +- modules/social/default.nix | 27 - modules/sway/default.nix | 111 - modules/sway/swayidle.service.nix | 35 - .../terminal-life}/.config/git/config.nix | 0 .../terminal-life}/.config/git/gitmessage.nix | 0 .../.config/git/global_gitignore.nix | 0 .../share/nvim/json-schemas/caddy_schema.json | 4554 ++++------------- .../.local/share/scripts/base16.sh | 0 modules/terminal-life/bash/default.nix | 7 +- modules/terminal-life/default.nix | 137 +- modules/terminal-life/direnv/default.nix | 7 + modules/terminal-life/fzf/default.nix | 5 +- modules/terminal-life/git/default.nix | 41 + modules/terminal-life/nvim/default.nix | 212 +- modules/terminal-life/nvim/lsp.vim | 10 +- modules/uhk/default.nix | 31 - .../user}/.config/dircolors | 0 .../user}/.config/mimeapps.list | 0 modules/user/default.nix | 62 +- modules/user/home.nix | 50 + .../base-user => modules/user}/mimeapps.nix | 2 +- .../user}/session-variables.nix | 7 +- modules/virtualisation/default.nix | 98 +- modules/wireguard-client/default.nix | 54 + overlays/default.nix | 50 + overlays/element-desktop.nix | 4 +- overlays/mdbook-multilang.nix | 4 +- overlays/overrides.nix | 47 - overlays/python-wik.nix | 25 - pkgs/default.nix | 5 +- pkgs/wcwd.nix | 4 +- profiles/audio/default.nix | 11 - profiles/base-user/.config/mutt/base16.muttrc | 132 - profiles/base-user/.config/mutt/mailcap | 1 - profiles/base-user/.config/mutt/muttrc | 104 - .../.config/offlineimap/functions.py | 9 - profiles/base-user/default.nix | 41 - profiles/base-user/home.nix | 103 - profiles/full-install/default.nix | 18 - profiles/graphical/default.nix | 12 - profiles/pub-solar-iso/default.nix | 15 - profiles/social/default.nix | 11 - users/default.nix | 10 + users/nixos/default.nix | 36 + users/profiles/direnv/default.nix | 8 - users/profiles/git/default.nix | 42 - users/pub-solar/default.nix | 8 +- users/root/default.nix | 3 +- users/teutat3s/concepts-and-training.nix | 6 +- users/teutat3s/default.nix | 23 +- users/teutat3s/home.nix | 40 +- users/teutat3s/mnx.nix | 4 +- 131 files changed, 3659 insertions(+), 6228 deletions(-) create mode 100644 hosts/default.nix create mode 100644 hosts/iso/default.nix create mode 100644 lib/add-local-hostname.nix create mode 100644 lib/deploy.nix create mode 100644 lib/recursive-merge.nix create mode 100644 modules/adb/default.nix delete mode 100644 modules/audio/mopidy.nix create mode 100644 modules/bluetooth/default.nix delete mode 100644 modules/ci-runner/default.nix delete mode 100644 modules/core/fonts.nix delete mode 100644 modules/core/services.nix create mode 100644 modules/ddclient/default.nix create mode 100644 modules/default.nix create mode 100644 modules/desktop-extended/default.nix delete mode 100644 modules/devops/default.nix delete mode 100644 modules/docker-ci-runner/default.nix rename {profiles/base-user => modules/graphical}/.config/libinput-gestures.conf (100%) rename {profiles/base-user => modules/graphical}/.config/mako/config (100%) rename {profiles/base-user => modules/graphical}/.config/swaync/config.json (100%) rename {profiles/base-user => modules/graphical}/.config/swaync/style.css (100%) rename {profiles/base-user => modules/graphical}/.config/user-dirs.dirs (100%) rename {profiles/base-user => modules/graphical}/.config/user-dirs.locale (100%) rename {profiles/base-user => modules/graphical}/.config/waybar/colorscheme.css (100%) rename {profiles/base-user => modules/graphical}/.config/waybar/config (100%) rename {profiles/base-user => modules/graphical}/.config/waybar/style.css (100%) rename {profiles/base-user => modules/graphical}/.config/xmodmap (100%) rename {profiles/base-user => modules/graphical}/.config/xsettingsd/xsettingsd.conf (100%) rename {profiles/base-user => modules/graphical}/.xinitrc (100%) rename {profiles/base-user => modules/graphical}/assets/pub-solar.jpg (100%) rename {profiles/base-user => modules/graphical}/assets/wallpaper.jpg (100%) rename modules/{ => graphical}/sway/config/config.d/applications.conf (98%) rename modules/{ => graphical}/sway/config/config.d/colorscheme.conf (100%) rename modules/{ => graphical}/sway/config/config.d/custom-keybindings.conf (77%) rename modules/{ => graphical}/sway/config/config.d/gaps.conf (100%) rename modules/{ => graphical}/sway/config/config.d/mode_system.conf.nix (53%) rename modules/{ => graphical}/sway/config/config.d/systemd.conf (100%) rename modules/{ => graphical}/sway/config/config.d/theme.conf (100%) rename modules/{ => graphical}/sway/config/config.nix (99%) create mode 100644 modules/graphical/sway/config/wayvnc/config.nix create mode 100644 modules/graphical/sway/default.nix rename modules/{ => graphical}/sway/gammastep.service.nix (100%) rename modules/{ => graphical}/sway/libinput-gestures.service.nix (100%) create mode 100644 modules/graphical/sway/mako.service.nix rename modules/{ => graphical}/sway/sway-session.target.nix (100%) rename modules/{ => graphical}/sway/sway.service.nix (100%) create mode 100644 modules/graphical/sway/swayidle.service.nix rename modules/{ => graphical}/sway/swaynotificationcenter.service.nix (100%) rename modules/{ => graphical}/sway/waybar.service.nix (94%) rename modules/{ => graphical}/sway/xsettingsd.service.nix (100%) rename modules/{ => graphical}/sway/ydotool.service.nix (100%) create mode 100644 modules/invoiceplane/default.nix delete mode 100644 modules/nix-path.nix rename modules/{core/nix.nix => nix/default.nix} (51%) delete mode 100644 modules/paranoia/default.nix delete mode 100644 modules/social/default.nix delete mode 100644 modules/sway/default.nix delete mode 100644 modules/sway/swayidle.service.nix rename {profiles/base-user => modules/terminal-life}/.config/git/config.nix (100%) rename {profiles/base-user => modules/terminal-life}/.config/git/gitmessage.nix (100%) rename {profiles/base-user => modules/terminal-life}/.config/git/global_gitignore.nix (100%) rename {profiles/base-user => modules/terminal-life}/.local/share/nvim/json-schemas/caddy_schema.json (76%) rename {profiles/base-user => modules/terminal-life}/.local/share/scripts/base16.sh (100%) create mode 100644 modules/terminal-life/direnv/default.nix create mode 100644 modules/terminal-life/git/default.nix delete mode 100644 modules/uhk/default.nix rename {profiles/base-user => modules/user}/.config/dircolors (100%) rename {profiles/base-user => modules/user}/.config/mimeapps.list (100%) create mode 100644 modules/user/home.nix rename {profiles/base-user => modules/user}/mimeapps.nix (94%) rename {profiles/base-user => modules/user}/session-variables.nix (94%) create mode 100644 modules/wireguard-client/default.nix create mode 100644 overlays/default.nix delete mode 100644 overlays/overrides.nix delete mode 100644 overlays/python-wik.nix delete mode 100644 profiles/audio/default.nix delete mode 100644 profiles/base-user/.config/mutt/base16.muttrc delete mode 100644 profiles/base-user/.config/mutt/mailcap delete mode 100644 profiles/base-user/.config/mutt/muttrc delete mode 100644 profiles/base-user/.config/offlineimap/functions.py delete mode 100644 profiles/base-user/default.nix delete mode 100644 profiles/base-user/home.nix delete mode 100644 profiles/full-install/default.nix delete mode 100644 profiles/graphical/default.nix delete mode 100644 profiles/pub-solar-iso/default.nix delete mode 100644 profiles/social/default.nix create mode 100644 users/default.nix create mode 100644 users/nixos/default.nix delete mode 100644 users/profiles/direnv/default.nix delete mode 100644 users/profiles/git/default.nix diff --git a/.gitignore b/.gitignore index 37acdb01..e1fe8abb 100644 --- a/.gitignore +++ b/.gitignore @@ -4,7 +4,7 @@ doc/index.html # Result of bud commands vm -iso +/iso doi pkgs/_sources/.shake* diff --git a/flake.lock b/flake.lock index 0b389128..dac08356 100644 --- a/flake.lock +++ b/flake.lock @@ -3,10 +3,10 @@ "agenix": { "inputs": { "darwin": [ - "darwin" + "nix-darwin" ], "nixpkgs": [ - "nixos" + "nixpkgs" ] }, "locked": { @@ -23,42 +23,22 @@ "type": "github" } }, - "darwin": { - "inputs": { - "nixpkgs": [ - "nixos" - ] - }, - "locked": { - "lastModified": 1692248770, - "narHash": "sha256-tZeFpETKQGbgnaSIO1AGWD27IyTcBm4D+A9d7ulQ4NM=", - "owner": "LnL7", - "repo": "nix-darwin", - "rev": "511177ffe8226c78c9cf6a92a7b5f2df3684956b", - "type": "github" - }, - "original": { - "owner": "LnL7", - "repo": "nix-darwin", - "type": "github" - } - }, - "deploy": { + "deploy-rs": { "inputs": { "flake-compat": [ "flake-compat" ], "nixpkgs": [ - "nixos" + "nixpkgs" ], "utils": "utils" }, "locked": { - "lastModified": 1686747123, - "narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=", + "lastModified": 1695052866, + "narHash": "sha256-agn7F9Oww4oU6nPiw+YiYI9Xb4vOOE73w8PAoBRP4AA=", "owner": "serokell", "repo": "deploy-rs", - "rev": "724463b5a94daa810abfc64a4f87faef4e00f984", + "rev": "e3f41832680801d0ee9e2ed33eb63af398b090e9", "type": "github" }, "original": { @@ -69,29 +49,7 @@ }, "devshell": { "inputs": { - "flake-utils": "flake-utils", - "nixpkgs": [ - "digga", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1671489820, - "narHash": "sha256-qoei5HDJ8psd1YUPD7DhbHdhLIT9L2nadscp4Qk37uk=", - "owner": "numtide", - "repo": "devshell", - "rev": "5aa3a8039c68b4bf869327446590f4cdf90bb634", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "devshell", - "type": "github" - } - }, - "devshell_2": { - "inputs": { - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "systems": "systems" }, "locked": { @@ -108,46 +66,6 @@ "type": "github" } }, - "digga": { - "inputs": { - "darwin": [ - "darwin" - ], - "deploy": [ - "deploy" - ], - "devshell": "devshell", - "flake-compat": [ - "flake-compat" - ], - "flake-utils": "flake-utils_2", - "flake-utils-plus": "flake-utils-plus", - "home-manager": [ - "home" - ], - "nixlib": [ - "nixos" - ], - "nixpkgs": [ - "nixos" - ], - "nixpkgs-unstable": "nixpkgs-unstable" - }, - "locked": { - "lastModified": 1674947971, - "narHash": "sha256-6gKqegJHs72jnfFP9g2sihl4fIZgtKgKuqU2rCkIdGY=", - "owner": "pub-solar", - "repo": "digga", - "rev": "2da608bd8afb48afef82c6b1b6d852a36094a497", - "type": "github" - }, - "original": { - "owner": "pub-solar", - "ref": "fix/bootstrap-iso", - "repo": "digga", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -164,59 +82,25 @@ "type": "github" } }, - "flake-utils": { - "locked": { - "lastModified": 1642700792, - "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "846b2ae0fc4cc943637d3d1def4454213e203cba", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils-plus": { + "flake-parts": { "inputs": { - "flake-utils": [ - "digga", - "flake-utils" - ] + "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1654029967, - "narHash": "sha256-my3GQ3mQIw/1f6GPV1IhUZrcYQSWh0YJAMPNBjhXJDw=", - "owner": "gytis-ivaskevicius", - "repo": "flake-utils-plus", - "rev": "6271cf3842ff9c8a9af9e3508c547f86bc77d199", + "lastModified": 1698579227, + "narHash": "sha256-KVWjFZky+gRuWennKsbo6cWyo7c/z/VgCte5pR9pEKg=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "f76e870d64779109e41370848074ac4eaa1606ec", "type": "github" }, "original": { - "owner": "gytis-ivaskevicius", - "ref": "refs/pull/120/head", - "repo": "flake-utils-plus", + "owner": "hercules-ci", + "repo": "flake-parts", "type": "github" } }, - "flake-utils_2": { - "locked": { - "lastModified": 1667395993, - "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { + "flake-utils": { "locked": { "lastModified": 1653893745, "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", @@ -231,7 +115,7 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_2": { "inputs": { "systems": "systems_2" }, @@ -265,18 +149,18 @@ "type": "github" } }, - "home": { + "home-manager": { "inputs": { "nixpkgs": [ - "nixos" + "nixpkgs" ] }, "locked": { - "lastModified": 1693208669, - "narHash": "sha256-hHFaaUsZ860wvppPeiu7nJn/nXZjJfnqAQEu9SPFE9I=", + "lastModified": 1695108154, + "narHash": "sha256-gSg7UTVtls2yO9lKtP0yb66XBHT1Fx5qZSZbGMpSn2c=", "owner": "nix-community", "repo": "home-manager", - "rev": "5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c", + "rev": "07682fff75d41f18327a871088d20af2710d4744", "type": "github" }, "original": { @@ -286,22 +170,6 @@ "type": "github" } }, - "latest": { - "locked": { - "lastModified": 1698134075, - "narHash": "sha256-foCD+nuKzfh49bIoiCBur4+Fx1nozo+4C/6k8BYk4sg=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "8efd5d1e283604f75a808a20e6cde0ef313d07d4", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "master": { "locked": { "lastModified": 1686841982, @@ -318,19 +186,24 @@ "type": "github" } }, - "nixos": { + "nix-darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, "locked": { - "lastModified": 1698288402, - "narHash": "sha256-jIIjApPdm+4yt8PglX8pUOexAdEiAax/DXW3S/Mb21E=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "60b9db998f71ea49e1a9c41824d09aa274be1344", + "lastModified": 1698429334, + "narHash": "sha256-Gq3+QabboczSu7RMpcy79RSLMSqnySO3wsnHQk4DfbE=", + "owner": "lnl7", + "repo": "nix-darwin", + "rev": "afe83cbc2e673b1f08d32dd0f70df599678ff1e7", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-23.05", - "repo": "nixpkgs", + "owner": "lnl7", + "ref": "master", + "repo": "nix-darwin", "type": "github" } }, @@ -350,6 +223,21 @@ "type": "github" } }, + "nixos-flake": { + "locked": { + "lastModified": 1698598244, + "narHash": "sha256-YbvPFt+9CbCiqnuS0dTx+P+W1YRCqzhLXen94sef3Kk=", + "owner": "srid", + "repo": "nixos-flake", + "rev": "f6b7757ad88483afca306c9f3bf387887fba7284", + "type": "github" + }, + "original": { + "owner": "srid", + "repo": "nixos-flake", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1693718952, @@ -366,6 +254,40 @@ } }, "nixpkgs": { + "locked": { + "lastModified": 1699291058, + "narHash": "sha256-5ggduoaAMPHUy4riL+OrlAZE14Kh7JWX4oLEs22ZqfU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "41de143fda10e33be0f47eab2bfe08a50f234267", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1696019113, + "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_2": { "locked": { "lastModified": 1677383253, "narHash": "sha256-UfpzWfSxkfXHnb4boXZNaKsAcUrZT9Hw+tao1oZxd08=", @@ -381,38 +303,23 @@ "type": "github" } }, - "nixpkgs-unstable": { - "locked": { - "lastModified": 1672791794, - "narHash": "sha256-mqGPpGmwap0Wfsf3o2b6qHJW1w2kk/I6cGCGIU+3t6o=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "9813adc7f7c0edd738c6bdd8431439688bb0cb3d", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", - "darwin": "darwin", - "deploy": "deploy", - "digga": "digga", + "deploy-rs": "deploy-rs", "flake-compat": "flake-compat", + "flake-parts": "flake-parts", "fork": "fork", - "home": "home", - "latest": "latest", + "home-manager": "home-manager", "master": "master", - "nixos": "nixos", + "nix-darwin": "nix-darwin", "nixos-22-05": "nixos-22-05", + "nixos-flake": "nixos-flake", "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs", "triton-vmtools": "triton-vmtools", - "tritonshell": "tritonshell" + "tritonshell": "tritonshell", + "unstable": "unstable" } }, "systems": { @@ -447,9 +354,9 @@ }, "triton-vmtools": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils", "nixpkgs": [ - "latest" + "unstable" ] }, "locked": { @@ -471,10 +378,10 @@ }, "tritonshell": { "inputs": { - "devshell": "devshell_2", - "flake-utils": "flake-utils_4", + "devshell": "devshell", + "flake-utils": "flake-utils_2", "nixpkgs": [ - "latest" + "unstable" ] }, "locked": { @@ -492,6 +399,22 @@ "url": "https://git.greenbaum.cloud/dev/tritonshell" } }, + "unstable": { + "locked": { + "lastModified": 1699099776, + "narHash": "sha256-X09iKJ27mGsGambGfkKzqvw5esP1L/Rf8H3u3fCqIiU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "85f1ba3e51676fa8cc604a3d863d729026a6b8eb", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "utils": { "locked": { "lastModified": 1667395993, diff --git a/flake.nix b/flake.nix index 236c76f5..2770bc42 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,13 @@ { - description = "A highly structured configuration database."; + description = "teutat3s hosts in nix"; nixConfig.extra-experimental-features = "nix-command flakes"; inputs = { # Track channels with commits tested and built by hydra nixos-22-05.url = "github:nixos/nixpkgs/nixos-22.05"; - nixos.url = "github:nixos/nixpkgs/nixos-23.05"; - latest.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; + unstable.url = "github:nixos/nixpkgs/nixos-unstable"; master.url = "github:nixos/nixpkgs/master"; fork.url = "github:teutat3s/nixpkgs/nvfetcher-fix"; @@ -15,177 +15,84 @@ flake-compat.url = "github:edolstra/flake-compat"; flake-compat.flake = false; - digga.url = "github:pub-solar/digga/fix/bootstrap-iso"; - digga.inputs.nixpkgs.follows = "nixos"; - digga.inputs.nixlib.follows = "nixos"; - digga.inputs.home-manager.follows = "home"; - digga.inputs.deploy.follows = "deploy"; - digga.inputs.darwin.follows = "darwin"; - digga.inputs.flake-compat.follows = "flake-compat"; + nix-darwin.url = "github:lnl7/nix-darwin/master"; + nix-darwin.inputs.nixpkgs.follows = "nixpkgs"; - home.url = "github:nix-community/home-manager/release-23.05"; - home.inputs.nixpkgs.follows = "nixos"; + home-manager.url = "github:nix-community/home-manager/release-23.05"; + home-manager.inputs.nixpkgs.follows = "nixpkgs"; - darwin.url = "github:LnL7/nix-darwin"; - darwin.inputs.nixpkgs.follows = "nixos"; + flake-parts.url = "github:hercules-ci/flake-parts"; + nixos-flake.url = "github:srid/nixos-flake"; - deploy.url = "github:serokell/deploy-rs"; - deploy.inputs.nixpkgs.follows = "nixos"; - deploy.inputs.flake-compat.follows = "flake-compat"; + deploy-rs.url = "github:serokell/deploy-rs"; + deploy-rs.inputs.nixpkgs.follows = "nixpkgs"; + deploy-rs.inputs.flake-compat.follows = "flake-compat"; agenix.url = "github:ryantm/agenix"; - agenix.inputs.nixpkgs.follows = "nixos"; - agenix.inputs.darwin.follows = "darwin"; + agenix.inputs.nixpkgs.follows = "nixpkgs"; + agenix.inputs.darwin.follows = "nix-darwin"; nixos-hardware.url = "github:nixos/nixos-hardware"; # PubSolarOS additions triton-vmtools.url = "git+https://git.pub.solar/pub-solar/infra-vintage?ref=main&dir=vmtools"; - triton-vmtools.inputs.nixpkgs.follows = "latest"; + triton-vmtools.inputs.nixpkgs.follows = "unstable"; tritonshell.url = "git+https://git.greenbaum.cloud/dev/tritonshell?ref=main"; - tritonshell.inputs.nixpkgs.follows = "latest"; + tritonshell.inputs.nixpkgs.follows = "unstable"; }; - outputs = { - self, - digga, - nixos, - home, - nixos-hardware, - agenix, - deploy, - tritonshell, - ... - } @ inputs: - digga.lib.mkFlake - { - inherit self inputs; - - channelsConfig = { - allowUnfree = true; - }; - - supportedSystems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin"]; - - channels = { - nixos = { - imports = [(digga.lib.importOverlays ./overlays)]; - overlays = [ - (self: super: { - deploy-rs = { - inherit (inputs.nixos.legacyPackages.x86_64-linux) deploy-rs; - lib = inputs.deploy.lib.x86_64-linux; - }; - }) - ]; - }; - nixos-22-05 = {}; - latest = {}; - master = {}; - fork = {}; - }; - - lib = import ./lib {lib = digga.lib // nixos.lib;}; - - sharedOverlays = [ - (final: prev: { - __dontExport = true; - lib = prev.lib.extend (lfinal: lprev: { - our = self.lib; - }); - }) - agenix.overlays.default - - (import ./pkgs) + outputs = inputs@{ self, ...}: + inputs.flake-parts.lib.mkFlake { inherit inputs; } { + systems = [ + "x86_64-linux" + "aarch64-linux" + "x86_64-darwin" + "aarch64-darwin" ]; - nixos = { - hostDefaults = { - system = "x86_64-linux"; - channelName = "nixos"; - imports = [(digga.lib.importExportableModules ./modules)]; - modules = [ - {lib.our = self.lib;} - # FIXME: upstream module causes a huge number of unnecessary - # dependencies to be pulled in for all systems -- many of them are - # graphical. should only be imported as needed. - # digga.nixosModules.bootstrapIso - digga.nixosModules.nixConfig - home.nixosModules.home-manager - agenix.nixosModules.age + imports = [ + inputs.nixos-flake.flakeModule + ./lib + ./modules + ./hosts + ./users + ./overlays + ]; + + perSystem = args@{ system, pkgs, config, ... }: { + _module.args = { + inherit inputs; + pkgs = import inputs.nixpkgs { + inherit system; + overlays = [ + inputs.agenix.overlays.default + ]; + }; + unstable = import inputs.unstable { inherit system; }; + master = import inputs.master { inherit system; }; + }; + + devShells.default = pkgs.mkShell { + buildInputs = with pkgs; [ + deploy-rs + nixpkgs-fmt + agenix + cachix + editorconfig-checker + nix + nodePackages.prettier + nvfetcher + shellcheck + shfmt + treefmt + nixos-generators ]; }; - - imports = [(digga.lib.importHosts ./hosts)]; - hosts = { - # Set host-specific properties here - bootstrap = { - modules = [ - digga.nixosModules.bootstrapIso - ]; - }; - PubSolarOS = { - tests = [ - #(import ./tests/first-test.nix { - # pkgs = nixos.legacyPackages.x86_64-linux; - # lib = nixos.lib; - #}) - ]; - }; - fae = { - system = "aarch64-linux"; - }; - powder = { - system = "x86_64-linux"; - }; - }; - importables = rec { - profiles = - digga.lib.rakeLeaves ./profiles - // { - users = digga.lib.rakeLeaves ./users; - }; - suites = with profiles; rec { - base = [users.pub-solar users.root]; - iso = base ++ [base-user graphical pub-solar-iso]; - pubsolaros = [full-install base-user users.root]; - anonymous = [pubsolaros users.pub-solar]; - teutat3s = pubsolaros ++ [users.teutat3s]; - dumpyourvms = teutat3s ++ [graphical]; - ryzensun = teutat3s ++ [graphical]; - }; - }; }; - home = { - imports = [(digga.lib.importExportableModules ./users/modules)]; - modules = []; - importables = rec { - profiles = digga.lib.rakeLeaves ./users/profiles; - suites = with profiles; rec { - base = [direnv]; - }; - }; - users = { - pub-solar = {suites, ...}: { - imports = suites.base; - - home.stateVersion = "21.03"; - }; - teutat3s = {suites, ...}: { - imports = suites.base; - - home.stateVersion = "21.03"; - }; - }; # digga.lib.importers.rakeLeaves ./users/hm; - }; - - devshell = ./shell; - - homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations; - - deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations { + flake = { + deploy.nodes = self.b12f-os.lib.deploy.mkDeployNodes self.nixosConfigurations { #example = { # hostname = "example.com:22"; # sshUser = "bartender"; @@ -217,4 +124,5 @@ }; }; }; + }; } diff --git a/hosts/default.nix b/hosts/default.nix new file mode 100644 index 00000000..b1dc63cd --- /dev/null +++ b/hosts/default.nix @@ -0,0 +1,103 @@ +{ withSystem, self, inputs, ...}: +{ + flake = { + nixosConfigurations = { + dumpyourvms = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "x86_64-linux"; + imports = [ + self.nixosModules.base + ./dumpyourvms + self.nixosModules.teutat3s + self.nixosModules.audio + self.nixosModules.bluetooth + self.nixosModules.desktop-extended + self.nixosModules.docker + #self.nixosModules.email + self.nixosModules.graphical + self.nixosModules.nextcloud + self.nixosModules.office + self.nixosModules.printing + #self.nixosModules.wireguard-client + ]; + }; + + ryzensun = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "x86_64-linux"; + imports = [ + self.nixosModules.base + ./ryzensun + self.nixosModules.teutat3s + self.nixosModules.audio + self.nixosModules.desktop-extended + self.nixosModules.docker + #self.nixosModules.email + #self.nixosModules.gaming + self.nixosModules.graphical + self.nixosModules.nextcloud + self.nixosModules.office + self.nixosModules.printing + self.nixosModules.virtualisation + #self.nixosModules.wireguard-client + ]; + }; + + #fae = self.nixos-flake.lib.mkLinuxSystem { + # nixpkgs.hostPlatform = "x86_64-linux"; + # imports = [ + # self.nixosModules.base + # ./fae + # self.nixosModules.teutat3s + # self.nixosModules.wireguard-client + # ]; + #}; + + #powder = self.nixos-flake.lib.mkLinuxSystem { + # nixpkgs.hostPlatform = "aarch64-linux"; + # imports = [ + # self.nixosModules.base + # inputs.nixos-hardware.nixosModules.raspberry-pi-4 + # ./powder + # self.nixosModules.teutat3s + # self.nixosModules.docker + # self.nixosModules.wireguard-client + # self.nixosModules.invoiceplane + # ]; + #}; + + iso = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "x86_64-linux"; + imports = [ + "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" + self.nixosModules.base + ./iso + self.nixosModules.nixos + ]; + }; + + iso-arm = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "aarch64-linux"; + nixpkgs.buildPlatform = "x86_64-linux"; + imports = [ + "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" + self.nixosModules.base + ./iso + self.nixosModules.nixos + ]; + }; + + iso-graphical = self.nixos-flake.lib.mkLinuxSystem { + nixpkgs.hostPlatform = "x86_64-linux"; + imports = [ + "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" + self.nixosModules.base + ./iso + self.nixosModules.nixos + self.nixosModules.graphical + self.nixosModules.audio + self.nixosModules.bluetooth + ({ ... }: { pub-solar.graphical.wayland.software-renderer.enable = true; }) + ]; + }; + }; + }; +} diff --git a/hosts/dumpyourvms/default.nix b/hosts/dumpyourvms/default.nix index 8f337332..9d4cb903 100644 --- a/hosts/dumpyourvms/default.nix +++ b/hosts/dumpyourvms/default.nix @@ -1,7 +1,8 @@ -{suites, ...}: { - imports = - [ - ./dumpyourvms.nix - ] - ++ suites.dumpyourvms; +{ ... }: { + imports = [ + ./dumpyourvms.nix + ./hardware-configuration.nix + + ./networking.nix + ]; } diff --git a/hosts/dumpyourvms/dumpyourvms.nix b/hosts/dumpyourvms/dumpyourvms.nix index 4b8d9ae2..301a6503 100644 --- a/hosts/dumpyourvms/dumpyourvms.nix +++ b/hosts/dumpyourvms/dumpyourvms.nix @@ -1,197 +1,178 @@ { config, - pkgs, lib, - self, + pkgs, ... }: with lib; let psCfg = config.pub-solar; xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { - imports = [ - ./hardware-configuration.nix - ]; - - config = { - age.secrets.environment-secrets = { - file = "${self}/secrets/environment-secrets.age"; - mode = "700"; - owner = "teutat3s"; - }; - - age.secrets.github-api-token = { - file = "${self}/secrets/github-api-token.age"; - mode = "600"; - owner = "teutat3s"; - path = "/home/${psCfg.user.name}/.local/share/github/api-token"; - }; - - pub-solar = { - audio.mopidy.enable = lib.mkForce false; - core.hibernation = { - enable = true; - resumeDevice = "/dev/mapper/cryptroot"; - resumeOffset = 47366144; - }; - virtualisation.enable = true; - }; - - # Fix backlight for keyboard and brightness, adjust function key binding, - # intel_pstate for cpu schedutil - # For now, the radeon driver seems to work better than amdgpu with Radeon R9 M370X - # Explicitly set amdgpu support in place of radeon - # Source: https://github.com/NixOS/nixos-hardware/blob/master/common/gpu/amd/southern-islands/default.nix - # Try again after https://lists.freedesktop.org/archives/amd-gfx/2023-March/090096.html lands - boot.kernelParams = ["acpi_backlight=video" "hid_apple.fnmode=2" "intel_pstate=passive" "radeon.si_support=0" "amdgpu.si_support=1"]; - boot.loader.efi.canTouchEfiVariables = true; - - # Fix for Error switching console mode to 1: unsupported on startup - boot.loader.systemd-boot.consoleMode = mkForce "0"; - - boot.binfmt.emulatedSystems = ["aarch64-linux"]; - - systemd.sleep.extraConfig = '' - HibernateMode=shutdown - ''; - - hardware = { - cpu.intel.updateMicrocode = true; - facetimehd.enable = true; - opengl = { - extraPackages = with pkgs; [intel-media-driver]; - }; - }; - - services.resolved = { + pub-solar = { + terminal-life.full = true; + core.hibernation = { enable = true; - # DNSSEC=false because of random SERVFAIL responses with Greenbaum DNS - # when using allow-downgrade, see https://github.com/systemd/systemd/issues/10579 - extraConfig = '' - DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 5.9.164.112#dns3.digitalcourage.de 89.233.43.71#unicast.censurfridns.dk 185.49.141.37#getdnsapi.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net 2a01:4f8:251:554::2#dns3.digitalcourage.de 2a01:3a0:53:53::0#unicast.censurfridns.dk 2a04:b900:0:100::38#getdnsapi.net - FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net - Domains=~. - DNSOverTLS=yes - DNSSEC=false - ''; + resumeDevice = "/dev/mapper/cryptroot"; + resumeOffset = 47366144; }; - networking = import ./networking.nix; - services.tailscale.enable = true; - - security.pki.certificateFiles = [./consul-agent-ca.pem]; - - # Power off dedicated GPU, use only integrated Intel GPU to save battery - # https://github.com/NixOS/nixpkgs/pull/33915 - # https://ubuntuforums.org/showthread.php?t=2409856 - systemd.services."amd-hybrid-graphics-power-save" = { - path = [pkgs.bash]; - description = "Power Off dedicated AMD Card to reduce power usage"; - requires = ["sys-kernel-debug.mount"]; - enable = true; - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = "${pkgs.bash}/bin/sh -c 'sleep 7 && if grep --quiet 'IGD:+' /sys/kernel/debug/vgaswitcheroo/switch; then echo -e \"IGD\\nOFF\" > /sys/kernel/debug/vgaswitcheroo/switch; fi'"; - ExecStop = "${pkgs.bash}/bin/sh -c 'echo ON >/sys/kernel/debug/vgaswitcheroo/switch'"; - }; - wantedBy = ["multi-user.target"]; - }; - - # Increase console font size for HiDPI display - console = { - earlySetup = true; - font = lib.mkForce "ter-i32b"; - packages = [pkgs.terminus_font]; - }; - - # Thunderbolt tools - services.hardware.bolt.enable = true; - - # Enable udev rules for gnupg smart cards - hardware.gpgSmartcards.enable = true; - - powerManagement = { - # Use new schedutil govenor - # https://github.com/NixOS/nixpkgs/pull/42330 - # https://www.kernel.org/doc/html/v5.10/admin-guide/pm/cpufreq.html#schedutil - cpuFreqGovernor = lib.mkDefault "schedutil"; - - # brcmfmac being loaded during hibernation would inhibit a successful resume - # https://bugzilla.kernel.org/show_bug.cgi?id=101681#c116. - # Also brcmfmac could randomly crash on resume from sleep. - # To hibernate successfully using the amdgpu driver, the dedicated GPU needs - # to be powered on. - powerUpCommands = lib.mkBefore ( - "${pkgs.kmod}/bin/modprobe brcmfmac" - + lib.optionalString - (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") " brcmfmac_wcc" - ); - powerDownCommands = lib.mkBefore ( - lib.optionalString - (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") - "${pkgs.kmod}/bin/rmmod brcmfmac_wcc\n" - + '' - ${pkgs.kmod}/bin/rmmod brcmfmac - ${pkgs.systemd}/bin/systemctl stop amd-hybrid-graphics-power-save.service - '' - ); - resumeCommands = - if config.systemd.services."amd-hybrid-graphics-power-save".enable == true - then '' - ${pkgs.systemd}/bin/systemctl start amd-hybrid-graphics-power-save.service - '' - else ""; - }; - - # Change lid switch behaviour - services.logind.lidSwitch = "hibernate"; - - # TLP for power management - services.tlp = { - enable = true; - settings = { - CPU_SCALING_GOVERNOR_ON_AC = "performance"; - CPU_SCALING_GOVERNOR_ON_BAT = "schedutil"; - CPU_BOOST_ON_AC = 1; - CPU_BOOST_ON_BAT = 0; - }; - }; - - services.udev.extraRules = - # Disable XHC1 wakeup signal to avoid resume getting triggered some time - # after suspend. Reboot required for this to take effect. - lib.optionalString - (lib.versionAtLeast config.boot.kernelPackages.kernel.version "3.13") - ''SUBSYSTEM=="pci", KERNEL=="0000:00:14.0", ATTR{power/wakeup}="disabled"''; - - services.printing.enable = true; - - home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - # Custom device sway configs - xdg.configFile = mkIf psCfg.sway.enable { - "sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf; - "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf; - "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; - "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; - "sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf; - }; - }; - - # WLAN frequency compliance (e.g. check for radar with DFS) - hardware.firmware = with pkgs; [wireless-regdb]; - boot.extraModprobeConfig = '' - options cfg80211 ieee80211_regdom="DE" - - # Enable the integrated GPU (iGPU) Intel i915 by default if present - options apple-gmux force_igd=y - ''; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.05"; # Did you read the comment? }; + boot.kernelPackages = pkgs.linuxPackages_6_6; + + # Fix backlight for keyboard and brightness, adjust function key binding, + # intel_pstate for cpu schedutil + # For now, the radeon driver seems to work better than amdgpu with Radeon R9 M370X + # Explicitly set amdgpu support in place of radeon + # Source: https://github.com/NixOS/nixos-hardware/blob/master/common/gpu/amd/southern-islands/default.nix + # Try again after https://lists.freedesktop.org/archives/amd-gfx/2023-March/090096.html lands + boot.kernelParams = ["acpi_backlight=video" "hid_apple.fnmode=2" "intel_pstate=passive" "radeon.si_support=0" "amdgpu.si_support=1"]; + boot.loader.efi.canTouchEfiVariables = true; + + # Fix for Error switching console mode to 1: unsupported on startup + boot.loader.systemd-boot.consoleMode = mkForce "0"; + + boot.binfmt.emulatedSystems = ["aarch64-linux"]; + + systemd.sleep.extraConfig = '' + HibernateMode=shutdown + ''; + + hardware = { + cpu.intel.updateMicrocode = true; + facetimehd.enable = true; + opengl = { + extraPackages = with pkgs; [intel-media-driver]; + }; + }; + + networking.hostName = "dumpyourvms"; + + services.resolved = { + enable = true; + # DNSSEC=false because of random SERVFAIL responses with Greenbaum DNS + # when using allow-downgrade, see https://github.com/systemd/systemd/issues/10579 + extraConfig = '' + DNS=5.1.66.255#dot.ffmuc.net 185.150.99.255#dot.ffmuc.net 5.9.164.112#dns3.digitalcourage.de 89.233.43.71#unicast.censurfridns.dk 185.49.141.37#getdnsapi.net 2001:678:e68:f000::#dot.ffmuc.net 2001:678:ed0:f000::#dot.ffmuc.net 2a01:4f8:251:554::2#dns3.digitalcourage.de 2a01:3a0:53:53::0#unicast.censurfridns.dk 2a04:b900:0:100::38#getdnsapi.net + FallbackDNS=9.9.9.9#dns.quad9.net 149.112.112.112#dns.quad9.net 2620:fe::fe#dns.quad9.net 2620:fe::9#dns.quad9.net + Domains=~. + DNSOverTLS=yes + DNSSEC=false + ''; + }; + services.tailscale.enable = true; + + security.pki.certificateFiles = [./consul-agent-ca.pem]; + + # Power off dedicated GPU, use only integrated Intel GPU to save battery + # https://github.com/NixOS/nixpkgs/pull/33915 + # https://ubuntuforums.org/showthread.php?t=2409856 + systemd.services."amd-hybrid-graphics-power-save" = { + path = [pkgs.bash]; + description = "Power Off dedicated AMD Card to reduce power usage"; + requires = ["sys-kernel-debug.mount"]; + enable = true; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + ExecStart = "${pkgs.bash}/bin/sh -c 'sleep 7 && if grep --quiet 'IGD:+' /sys/kernel/debug/vgaswitcheroo/switch; then echo -e \"IGD\\nOFF\" > /sys/kernel/debug/vgaswitcheroo/switch; fi'"; + ExecStop = "${pkgs.bash}/bin/sh -c 'echo ON >/sys/kernel/debug/vgaswitcheroo/switch'"; + }; + wantedBy = ["multi-user.target"]; + }; + + # Increase console font size for HiDPI display + console = { + earlySetup = true; + font = lib.mkForce "ter-i32b"; + packages = [pkgs.terminus_font]; + }; + + # Thunderbolt tools + services.hardware.bolt.enable = true; + + # Enable udev rules for gnupg smart cards + hardware.gpgSmartcards.enable = true; + + powerManagement = { + # Use new schedutil govenor + # https://github.com/NixOS/nixpkgs/pull/42330 + # https://www.kernel.org/doc/html/v5.10/admin-guide/pm/cpufreq.html#schedutil + cpuFreqGovernor = lib.mkDefault "schedutil"; + + # brcmfmac being loaded during hibernation would inhibit a successful resume + # https://bugzilla.kernel.org/show_bug.cgi?id=101681#c116. + # Also brcmfmac could randomly crash on resume from sleep. + # To hibernate successfully using the amdgpu driver, the dedicated GPU needs + # to be powered on. + powerUpCommands = lib.mkBefore ( + "${pkgs.kmod}/bin/modprobe brcmfmac" + + lib.optionalString + (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") " brcmfmac_wcc" + ); + powerDownCommands = lib.mkBefore ( + lib.optionalString + (lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.2") + "${pkgs.kmod}/bin/rmmod brcmfmac_wcc\n" + + '' + ${pkgs.kmod}/bin/rmmod brcmfmac + ${pkgs.systemd}/bin/systemctl stop amd-hybrid-graphics-power-save.service + '' + ); + resumeCommands = + if config.systemd.services."amd-hybrid-graphics-power-save".enable == true + then '' + ${pkgs.systemd}/bin/systemctl start amd-hybrid-graphics-power-save.service + '' + else ""; + }; + + # Change lid switch behaviour + services.logind.lidSwitch = "hibernate"; + + # TLP for power management + services.tlp = { + enable = true; + settings = { + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "schedutil"; + CPU_BOOST_ON_AC = 1; + CPU_BOOST_ON_BAT = 0; + }; + }; + + services.udev.extraRules = + # Disable XHC1 wakeup signal to avoid resume getting triggered some time + # after suspend. Reboot required for this to take effect. + lib.optionalString + (lib.versionAtLeast config.boot.kernelPackages.kernel.version "3.13") + ''SUBSYSTEM=="pci", KERNEL=="0000:00:14.0", ATTR{power/wakeup}="disabled"''; + + services.printing.enable = true; + + home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { + # Custom device sway configs + xdg.configFile = { + "sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf; + "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf; + "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; + "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; + "sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf; + }; + }; + + # WLAN frequency compliance (e.g. check for radar with DFS) + hardware.firmware = with pkgs; [wireless-regdb]; + boot.extraModprobeConfig = '' + options cfg80211 ieee80211_regdom="DE" + + # Enable the integrated GPU (iGPU) Intel i915 by default if present + options apple-gmux force_igd=y + ''; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? } diff --git a/hosts/dumpyourvms/networking.nix b/hosts/dumpyourvms/networking.nix index 1bceaf14..39da36f3 100644 --- a/hosts/dumpyourvms/networking.nix +++ b/hosts/dumpyourvms/networking.nix @@ -1,112 +1,114 @@ { - networkmanager.dns = "systemd-resolved"; + networking = { + networkmanager.dns = "systemd-resolved"; - # https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111 - # https://github.com/NixOS/nixpkgs/commit/68e514ed1cf55451901e8d0edd3e8ee5102d3565 - #firewall.checkReversePath = "loose"; + # https://github.com/tailscale/tailscale/issues/4432#issuecomment-1112819111 + # https://github.com/NixOS/nixpkgs/commit/68e514ed1cf55451901e8d0edd3e8ee5102d3565 + #firewall.checkReversePath = "loose"; - hosts = { - "10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"]; - "10.0.0.66" = ["consul.service.cgn-1.consul"]; - "10.0.1.9" = ["consul.service.lev-1.consul"]; - "10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"]; - "10.0.0.200" = ["headnode.cgn-1"]; - "10.0.0.201" = ["cn01.cgn-1"]; - "10.0.0.202" = ["cn02.cgn-1"]; - "10.0.0.205" = ["cn05.cgn-1"]; - "10.0.0.206" = ["cn06.cgn-1"]; - "10.0.0.207" = ["cn07.cgn-1"]; - "10.0.0.208" = ["cn08.cgn-1"]; - "10.0.1.200" = ["headnode.lev-1"]; - "10.0.1.201" = ["cn01.lev-1"]; - "10.0.1.202" = ["cn02.lev-1"]; - "10.0.1.203" = ["cn03.lev-1"]; - "10.0.1.204" = ["cn04.lev-1"]; - "10.0.1.205" = ["cn05.lev-1"]; - "10.0.1.206" = ["cn00.lev-1"]; - "10.0.1.207" = ["cn06.lev-1"]; - "10.0.1.208" = ["cn07.lev-1"]; - "10.101.64.10" = ["wifi.bahn.de"]; - }; - - wireguard.enable = true; - wg-quick.interfaces = { - wg0 = { - address = ["10.8.8.6/32"]; - privateKeyFile = "/etc/wireguard/wg0.privatekey"; - - peers = [ - { - publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU="; - allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"]; - endpoint = "85.88.23.16:51820"; - persistentKeepalive = 25; - } - ]; + hosts = { + "10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"]; + "10.0.0.66" = ["consul.service.cgn-1.consul"]; + "10.0.1.9" = ["consul.service.lev-1.consul"]; + "10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"]; + "10.0.0.200" = ["headnode.cgn-1"]; + "10.0.0.201" = ["cn01.cgn-1"]; + "10.0.0.202" = ["cn02.cgn-1"]; + "10.0.0.205" = ["cn05.cgn-1"]; + "10.0.0.206" = ["cn06.cgn-1"]; + "10.0.0.207" = ["cn07.cgn-1"]; + "10.0.0.208" = ["cn08.cgn-1"]; + "10.0.1.200" = ["headnode.lev-1"]; + "10.0.1.201" = ["cn01.lev-1"]; + "10.0.1.202" = ["cn02.lev-1"]; + "10.0.1.203" = ["cn03.lev-1"]; + "10.0.1.204" = ["cn04.lev-1"]; + "10.0.1.205" = ["cn05.lev-1"]; + "10.0.1.206" = ["cn00.lev-1"]; + "10.0.1.207" = ["cn06.lev-1"]; + "10.0.1.208" = ["cn07.lev-1"]; + "10.101.64.10" = ["wifi.bahn.de"]; }; - wg1 = { - address = ["192.168.188.203/24"]; - privateKeyFile = "/etc/wireguard/wg1.privatekey"; - peers = [ - { - publicKey = "iZkgeA/mFxBRclCa5SJYdqffClly/uho5krebcUloCY="; - allowedIPs = ["192.168.188.0/24"]; - presharedKeyFile = "/etc/wireguard/wg1.presharedkey"; - #endpoint = "85.214.70.91:50163"; - #endpoint = "7gwzft61sc8txc4r.myfritz.net:50163"; - endpoint = "[2a00:6020:1000:47::2ded]:50163"; - persistentKeepalive = 25; - } - ]; - }; - wg2 = { - address = ["10.6.6.4/32"]; - privateKeyFile = "/etc/wireguard/wg2.privatekey"; + wireguard.enable = true; + wg-quick.interfaces = { + wg0 = { + address = ["10.8.8.6/32"]; + privateKeyFile = "/etc/wireguard/wg0.privatekey"; - peers = [ - { - publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw="; - presharedKeyFile = "/etc/wireguard/wg2.presharedkey"; - allowedIPs = ["10.6.6.1/32" "10.1.1.0/24"]; - endpoint = "85.88.23.127:51820"; - persistentKeepalive = 16; - } - ]; - }; - wg3 = { - address = ["10.11.11.2/32"]; - privateKeyFile = "/etc/wireguard/wg3.privatekey"; - mtu = 1300; + peers = [ + { + publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU="; + allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"]; + endpoint = "85.88.23.16:51820"; + persistentKeepalive = 25; + } + ]; + }; + wg1 = { + address = ["192.168.188.203/24"]; + privateKeyFile = "/etc/wireguard/wg1.privatekey"; - peers = [ - { - publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928="; - presharedKeyFile = "/etc/wireguard/wg3.presharedkey"; - allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"]; - endpoint = "80.71.153.1:51820"; - persistentKeepalive = 16; - } - ]; - }; - wg4 = { - address = ["fdaa:1:3234:a7b:16a9:0:a:202/120"]; - privateKeyFile = "/etc/wireguard/wg4.privatekey"; - postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal"; - preDown = "resolvectl revert wg4"; - #dns = [ - # "fdaa:1:3234::3, internal" - #]; + peers = [ + { + publicKey = "iZkgeA/mFxBRclCa5SJYdqffClly/uho5krebcUloCY="; + allowedIPs = ["192.168.188.0/24"]; + presharedKeyFile = "/etc/wireguard/wg1.presharedkey"; + #endpoint = "85.214.70.91:50163"; + #endpoint = "7gwzft61sc8txc4r.myfritz.net:50163"; + endpoint = "[2a00:6020:1000:47::2ded]:50163"; + persistentKeepalive = 25; + } + ]; + }; + wg2 = { + address = ["10.6.6.4/32"]; + privateKeyFile = "/etc/wireguard/wg2.privatekey"; - peers = [ - { - publicKey = "yUyg63j5+17YeJ7gRhxoQuF6rvdX0JF59M6skytJFTQ="; - allowedIPs = ["fdaa:1:3234::/48"]; - #endpoint = "ams1.gateway.6pn.dev:51820"; - endpoint = "176.58.93.206:51820"; - persistentKeepalive = 15; - } - ]; + peers = [ + { + publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw="; + presharedKeyFile = "/etc/wireguard/wg2.presharedkey"; + allowedIPs = ["10.6.6.1/32" "10.1.1.0/24"]; + endpoint = "85.88.23.127:51820"; + persistentKeepalive = 16; + } + ]; + }; + wg3 = { + address = ["10.11.11.2/32"]; + privateKeyFile = "/etc/wireguard/wg3.privatekey"; + mtu = 1300; + + peers = [ + { + publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928="; + presharedKeyFile = "/etc/wireguard/wg3.presharedkey"; + allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"]; + endpoint = "80.71.153.1:51820"; + persistentKeepalive = 16; + } + ]; + }; + wg4 = { + address = ["fdaa:1:3234:a7b:16a9:0:a:202/120"]; + privateKeyFile = "/etc/wireguard/wg4.privatekey"; + postUp = "resolvectl dns wg4 fdaa:1:3234::3; resolvectl domain wg4 ~internal"; + preDown = "resolvectl revert wg4"; + #dns = [ + # "fdaa:1:3234::3, internal" + #]; + + peers = [ + { + publicKey = "yUyg63j5+17YeJ7gRhxoQuF6rvdX0JF59M6skytJFTQ="; + allowedIPs = ["fdaa:1:3234::/48"]; + #endpoint = "ams1.gateway.6pn.dev:51820"; + endpoint = "176.58.93.206:51820"; + persistentKeepalive = 15; + } + ]; + }; }; }; } diff --git a/hosts/iso/default.nix b/hosts/iso/default.nix new file mode 100644 index 00000000..6ccfabc7 --- /dev/null +++ b/hosts/iso/default.nix @@ -0,0 +1,10 @@ +{ + pkgs, + lib, + ... +}: { + pub-solar.core.disk-encryption-active = false; + isoImage.squashfsCompression = "gzip -Xcompression-level 1"; + systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; + networking.networkmanager.enable = false; +} diff --git a/hosts/ryzensun/default.nix b/hosts/ryzensun/default.nix index 054a99ad..dbcb87cb 100644 --- a/hosts/ryzensun/default.nix +++ b/hosts/ryzensun/default.nix @@ -1,7 +1,8 @@ -{suites, ...}: { - imports = - [ - ./ryzensun.nix - ] - ++ suites.ryzensun; +{ ... }: { + imports = [ + ./ryzensun.nix + ./hardware-configuration.nix + + ./networking.nix + ]; } diff --git a/hosts/ryzensun/networking.nix b/hosts/ryzensun/networking.nix index 3e7ea31b..7bd9a7dd 100644 --- a/hosts/ryzensun/networking.nix +++ b/hosts/ryzensun/networking.nix @@ -1,84 +1,86 @@ { - hosts = { - "10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"]; - "10.0.0.66" = ["consul.service.cgn-1.consul"]; - "10.0.1.9" = ["consul.service.lev-1.consul"]; - "10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"]; - "10.0.0.200" = ["headnode.cgn-1"]; - "10.0.0.201" = ["cn01.cgn-1"]; - "10.0.0.202" = ["cn02.cgn-1"]; - "10.0.0.205" = ["cn05.cgn-1"]; - "10.0.0.206" = ["cn06.cgn-1"]; - "10.0.0.207" = ["cn07.cgn-1"]; - "10.0.0.208" = ["cn08.cgn-1"]; - "10.0.1.200" = ["headnode.lev-1"]; - "10.0.1.201" = ["cn01.lev-1"]; - "10.0.1.202" = ["cn02.lev-1"]; - "10.0.1.203" = ["cn03.lev-1"]; - "10.0.1.204" = ["cn04.lev-1"]; - "10.0.1.205" = ["cn05.lev-1"]; - "10.0.1.206" = ["cn00.lev-1"]; - "10.0.1.207" = ["cn06.lev-1"]; - "10.0.1.208" = ["cn07.lev-1"]; - }; - - wireguard.enable = true; - wg-quick.interfaces = { - wg0 = { - address = ["10.8.8.7/32"]; - privateKeyFile = "/etc/wireguard/wg0.privatekey"; - - peers = [ - { - publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU="; - allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"]; - endpoint = "85.88.23.16:51820"; - persistentKeepalive = 25; - } - ]; + networking = { + hosts = { + "10.0.0.42" = ["nomad.service.consul" "nomad.service.cgn-1.consul"]; + "10.0.0.66" = ["consul.service.cgn-1.consul"]; + "10.0.1.9" = ["consul.service.lev-1.consul"]; + "10.0.0.70" = ["vault.service.consul" "vault.service.cgn-1.consul"]; + "10.0.0.200" = ["headnode.cgn-1"]; + "10.0.0.201" = ["cn01.cgn-1"]; + "10.0.0.202" = ["cn02.cgn-1"]; + "10.0.0.205" = ["cn05.cgn-1"]; + "10.0.0.206" = ["cn06.cgn-1"]; + "10.0.0.207" = ["cn07.cgn-1"]; + "10.0.0.208" = ["cn08.cgn-1"]; + "10.0.1.200" = ["headnode.lev-1"]; + "10.0.1.201" = ["cn01.lev-1"]; + "10.0.1.202" = ["cn02.lev-1"]; + "10.0.1.203" = ["cn03.lev-1"]; + "10.0.1.204" = ["cn04.lev-1"]; + "10.0.1.205" = ["cn05.lev-1"]; + "10.0.1.206" = ["cn00.lev-1"]; + "10.0.1.207" = ["cn06.lev-1"]; + "10.0.1.208" = ["cn07.lev-1"]; }; - wg1 = { - address = ["10.11.11.6/32"]; - privateKeyFile = "/etc/wireguard/wg1.privatekey"; - mtu = 1300; - peers = [ - { - publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928="; - presharedKeyFile = "/etc/wireguard/wg1.presharedkey"; - allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"]; - endpoint = "80.71.153.1:51820"; - #persistentKeepalive = 16; - } - ]; + wireguard.enable = true; + wg-quick.interfaces = { + wg0 = { + address = ["10.8.8.7/32"]; + privateKeyFile = "/etc/wireguard/wg0.privatekey"; + + peers = [ + { + publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU="; + allowedIPs = ["10.8.8.16/32" "10.0.0.0/24" "10.88.88.0/24"]; + endpoint = "85.88.23.16:51820"; + persistentKeepalive = 25; + } + ]; + }; + wg1 = { + address = ["10.11.11.6/32"]; + privateKeyFile = "/etc/wireguard/wg1.privatekey"; + mtu = 1300; + + peers = [ + { + publicKey = "7RRgfZSneqAtAHBeI6+aaYLqz9e1jikg/lIK8mhW928="; + presharedKeyFile = "/etc/wireguard/wg1.presharedkey"; + allowedIPs = ["10.11.11.0/24" "192.168.1.0/24" "10.0.1.0/24"]; + endpoint = "80.71.153.1:51820"; + #persistentKeepalive = 16; + } + ]; + }; + #wg1 = { + # address = [ "10.13.0.1/32" ]; + # privateKeyFile = "/etc/wireguard/wg1.privatekey"; + # mtu = 1412; + + # peers = [ + # { + # publicKey = "XS3TTIMU7Jp3JJANBpE14RsVDJk6/VUvZgjQgQP8kAs="; + # allowedIPs = [ "10.13.0.100/32" "192.168.188.0/24" ]; + # endpoint = "[2a00:6020:48ad:dd00:dea6:32ff:fe85:3306]:51820"; + # persistentKeepalive = 25; + # } + # ]; + #}; + #wg2 = { + # address = [ "10.6.6.4/32" ]; + # privateKeyFile = "/etc/wireguard/wg2.privatekey"; + + # peers = [ + # { + # publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw="; + # presharedKeyFile = "/etc/wireguard/wg2.presharedkey"; + # allowedIPs = [ "10.6.6.1/32" "10.1.1.0/24" ]; + # endpoint = "85.88.23.127:51820"; + # persistentKeepalive = 16; + # } + # ]; + #}; }; - #wg1 = { - # address = [ "10.13.0.1/32" ]; - # privateKeyFile = "/etc/wireguard/wg1.privatekey"; - # mtu = 1412; - - # peers = [ - # { - # publicKey = "XS3TTIMU7Jp3JJANBpE14RsVDJk6/VUvZgjQgQP8kAs="; - # allowedIPs = [ "10.13.0.100/32" "192.168.188.0/24" ]; - # endpoint = "[2a00:6020:48ad:dd00:dea6:32ff:fe85:3306]:51820"; - # persistentKeepalive = 25; - # } - # ]; - #}; - #wg2 = { - # address = [ "10.6.6.4/32" ]; - # privateKeyFile = "/etc/wireguard/wg2.privatekey"; - - # peers = [ - # { - # publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw="; - # presharedKeyFile = "/etc/wireguard/wg2.presharedkey"; - # allowedIPs = [ "10.6.6.1/32" "10.1.1.0/24" ]; - # endpoint = "85.88.23.127:51820"; - # persistentKeepalive = 16; - # } - # ]; - #}; }; } diff --git a/hosts/ryzensun/ryzensun.nix b/hosts/ryzensun/ryzensun.nix index 881209b0..1e160754 100644 --- a/hosts/ryzensun/ryzensun.nix +++ b/hosts/ryzensun/ryzensun.nix @@ -2,44 +2,34 @@ config, pkgs, lib, - self, + flake, ... }: with lib; let psCfg = config.pub-solar; xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { - imports = [ - ./hardware-configuration.nix - ]; - config = { age.secrets.environment-secrets = { - file = "${self}/secrets/environment-secrets.age"; - mode = "700"; + file = "${flake.self}/secrets/environment-secrets.age"; + mode = "600"; owner = "teutat3s"; }; age.secrets.docker-ci-runner-secrets = { - file = "${self}/secrets/docker-ci-runner-secrets.age"; - mode = "700"; + file = "${flake.self}/secrets/docker-ci-runner-secrets.age"; + mode = "600"; owner = "999"; }; - pub-solar.nextcloud.enable = mkForce false; - pub-solar.docker.enable = true; - pub-solar.virtualisation.enable = true; - pub-solar.docker-ci-runner = { - enable = false; - runnerEnvironment = { - DRONE_RUNNER_CAPACITY = "1"; - DRONE_RUNNER_LABELS = "hosttype:baremetal"; - }; - runnerVarsFile = config.age.secrets.docker-ci-runner-secrets.path; - }; - - pub-solar.audio.mopidy.enable = mkForce false; - - networking = import ./networking.nix; + pub-solar.terminal-life.full = true; + #pub-solar.docker-ci-runner = { + # enable = false; + # runnerEnvironment = { + # DRONE_RUNNER_CAPACITY = "1"; + # DRONE_RUNNER_LABELS = "hosttype:baremetal"; + # }; + # runnerVarsFile = config.age.secrets.docker-ci-runner-secrets.path; + #}; # Increase console font size for HiDPI display console = { @@ -48,7 +38,9 @@ in { packages = [pkgs.terminus_font]; }; - home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable { + networking.hostName = "ryzensun"; + + home-manager.users."${psCfg.user.name}".xdg.configFile = { "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf; "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; diff --git a/lib/add-local-hostname.nix b/lib/add-local-hostname.nix new file mode 100644 index 00000000..6940fa84 --- /dev/null +++ b/lib/add-local-hostname.nix @@ -0,0 +1,5 @@ +{ lib }: +hostnames: { + "127.0.0.1" = hostnames; + "::1" = hostnames; +} diff --git a/lib/default.nix b/lib/default.nix index ac167511..d1234dfe 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,10 +1,18 @@ -{lib}: -lib.makeExtensible (self: let - callLibs = file: import file {lib = self;}; -in rec { - ## Define your own library functions here! - #id = x: x; - ## Or in files, containing functions that take {lib} - #foo = callLibs ./foo.nix; - ## In configs, they can be used under "lib.our" -}) +{ lib, inputs, ... }: { + # Configuration common to all Linux systems + flake = { + lib = let + callLibs = file: import file {inherit lib;}; + in rec { + ## Define your own library functions here! + #id = x: x; + ## Or in files, containing functions that take {lib} + #foo = callLibs ./foo.nix; + ## In configs, they can be used under "lib.our" + + deploy = import ./deploy.nix { inherit inputs lib; }; + addLocalHostname = callLibs ./add-local-hostname.nix; + recursiveMerge = callLibs ./recursive-merge.nix; + }; + }; +} diff --git a/lib/deploy.nix b/lib/deploy.nix new file mode 100644 index 00000000..5e9f6418 --- /dev/null +++ b/lib/deploy.nix @@ -0,0 +1,62 @@ +/* + * The contents of this file are adapted from digga + * https://github.com/divnix/digga + * + * Licensed under the MIT license + */ + +{ lib, inputs }: let + getFqdn = c: let + net = c.config.networking; + fqdn = + if (net ? domain) && (net.domain != null) + then "${net.hostName}.${net.domain}" + else net.hostName; + in + fqdn; +in { + mkDeployNodes = systemConfigurations: extraConfig: + /* + * + Synopsis: mkNodes _systemConfigurations_ _extraConfig_ + + Generate the `nodes` attribute expected by deploy-rs + where _systemConfigurations_ are `nodes`. + + _systemConfigurations_ should take the form of a flake's + _nixosConfigurations_. Note that deploy-rs does not currently support + deploying to darwin hosts. + + _extraConfig_, if specified, will be merged into each of the + nodes' configurations. + + Example _systemConfigurations_ input: + + ``` + { + hostname-1 = { + fastConnection = true; + sshOpts = [ "-p" "25" ]; + }; + hostname-2 = { + sshOpts = [ "-p" "19999" ]; + sshUser = "root"; + }; + } + ``` + * + */ + lib.recursiveUpdate + (lib.mapAttrs + ( + _: c: { + hostname = getFqdn c; + profiles.system = { + user = "root"; + path = inputs.deploy-rs.lib.${c.pkgs.stdenv.hostPlatform.system}.activate.nixos c; + }; + } + ) + systemConfigurations) + extraConfig; +} diff --git a/lib/recursive-merge.nix b/lib/recursive-merge.nix new file mode 100644 index 00000000..1b2c37e0 --- /dev/null +++ b/lib/recursive-merge.nix @@ -0,0 +1,16 @@ +{ lib }: +attrList: +let + f = attrPath: + zipAttrsWith ( + n: values: + if tail values == [] + then head values + else if all isList values + then unique (concatLists values) + else if all isAttrs values + then f (attrPath ++ [n]) values + else last values + ); +in + f [] attrList; diff --git a/modules/adb/default.nix b/modules/adb/default.nix new file mode 100644 index 00000000..7a0a83d0 --- /dev/null +++ b/modules/adb/default.nix @@ -0,0 +1,15 @@ +{ + lib, + config, + pkgs, + ... +}: +with lib; let + psCfg = config.pub-solar; +in { + programs.adb.enable = true; + + users.users."${psCfg.user.name}" = { + extraGroups = ["adbusers"]; + }; +} diff --git a/modules/arduino/default.nix b/modules/arduino/default.nix index 4011735f..8b0e51d4 100644 --- a/modules/arduino/default.nix +++ b/modules/arduino/default.nix @@ -6,22 +6,12 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.devops; in { - options.pub-solar.arduino = { - enable = mkEnableOption "Life with home automation"; - }; - config = mkIf cfg.enable { - users.users = pkgs.lib.setAttrByPath [psCfg.user.name] { - extraGroups = ["dialout"]; - }; - - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = [ - arduino - arduino-cli - ]; - }; + users.users."${psCfg.user.name}" = { + extraGroups = ["dialout"]; + packages = with pkgs; [ + arduino + arduino-cli + ]; }; } diff --git a/modules/audio/default.nix b/modules/audio/default.nix index 8ff6f2e6..f3ce232a 100644 --- a/modules/audio/default.nix +++ b/modules/audio/default.nix @@ -6,115 +6,34 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.audio; xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { - options.pub-solar.audio = { - enable = mkEnableOption "Life in highs and lows"; - mopidy.enable = mkEnableOption "Life with mopidy"; - spotify.enable = mkEnableOption "Life in DRM"; - spotify.username = mkOption { - description = "Spotify login username or email"; - type = types.str; - example = "yourname@example.com"; - default = ""; - }; - bluetooth.enable = mkEnableOption "Life with bluetooth"; + users.users."${psCfg.user.name}" = { + extraGroups = ["audio"]; + packages = with pkgs; [ + # easyeffects, e.g. for microphone noise filtering + easyeffects + mu + pavucontrol + pa_applet + playerctl + # Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?) + pulseaudio + vimpc + ]; }; - config = mkIf cfg.enable { - users.users = pkgs.lib.setAttrByPath [psCfg.user.name] { - extraGroups = ["audio"]; - }; + home-manager.users."${psCfg.user.name}" = { + xdg.configFile."vimpc/vimpcrc".source = ./.config/vimpc/vimpcrc; + systemd.user.services.easyeffects = import ./easyeffects.service.nix pkgs; + }; - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = - [ - # easyeffects, e.g. for microphone noise filtering - easyeffects - mu - pavucontrol - pa_applet - playerctl - # Needed for pactl cmd, until pw-cli is more mature (vol up/down hotkeys?) - pulseaudio - vimpc - ] - ++ ( - if cfg.spotify.enable - then [pkgs.spotify-tui] - else [] - ); - xdg.configFile."vimpc/vimpcrc".source = ./.config/vimpc/vimpcrc; - systemd.user.services.easyeffects = import ./easyeffects.service.nix pkgs; - - services.spotifyd = mkIf cfg.spotify.enable { - enable = true; - settings = { - global = { - username = cfg.spotify.username; - password_cmd = "DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1001/bus ${pkgs.libsecret}/bin/secret-tool lookup spotify password"; - bitrate = 320; - volume_normalisation = true; - no_audio_cache = false; - max_cache_size = 1000000000; - }; - }; - }; - }; - - # rtkit is optional but recommended - security.rtkit.enable = true; - # Enable sound using pipewire-pulse, default config: - # https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/src/daemon/pipewire.conf.in - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - }; - - # Make pulseaudio listen on port 4713 for mopidy, extending the default - # config: https://gitlab.freedesktop.org/pipewire/pipewire/-/blob/master/src/daemon/pipewire-pulse.conf.in - environment.etc = mkIf cfg.mopidy.enable { - "pipewire/pipewire-pulse.conf.d/99-custom.conf".text = '' - { - "context.modules": [ - { - "name": "libpipewire-module-protocol-pulse", - "args": { - "server.address": ["unix:native", "tcp:4713"], - "vm.overrides": { - "pulse.min.quantum": "1024/48000" - } - } - } - ] - } - ''; - }; - - # Enable bluetooth - hardware.bluetooth = mkIf cfg.bluetooth.enable { - enable = true; - # Disable bluetooth on startup to save battery - powerOnBoot = false; - # Disable useless SIM Access Profile plugin - disabledPlugins = [ - "sap" - ]; - settings = { - General = { - # Enables experimental features and interfaces. - # Makes BlueZ Battery Provider available - Experimental = true; - }; - }; - }; - services.blueman.enable = mkIf cfg.bluetooth.enable true; - - # Enable audio server & client - services.mopidy = mkIf cfg.mopidy.enable ((import ./mopidy.nix) pkgs); + # rtkit is optional but recommended + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; }; } diff --git a/modules/audio/mopidy.nix b/modules/audio/mopidy.nix deleted file mode 100644 index 9d37eaba..00000000 --- a/modules/audio/mopidy.nix +++ /dev/null @@ -1,18 +0,0 @@ -pkgs: { - enable = true; - extensionPackages = with pkgs; [ - mopidy-mpd - mopidy-soundcloud - mopidy-youtube - mopidy-local - mopidy-jellyfin - ]; - - configuration = '' - [mpd] - hostname = :: - - [audio] - output = pulsesink server=127.0.0.1:4713 - ''; -} diff --git a/modules/bluetooth/default.nix b/modules/bluetooth/default.nix new file mode 100644 index 00000000..4ce05b12 --- /dev/null +++ b/modules/bluetooth/default.nix @@ -0,0 +1,35 @@ +{ + lib, + config, + pkgs, + ... +}: { + hardware.bluetooth = { + enable = true; + # Disable bluetooth on startup to save battery + powerOnBoot = false; + # Disable useless SIM Access Profile plugin + disabledPlugins = [ + "sap" + ]; + settings = { + General = { + # Enables experimental features and interfaces. + # Makes BlueZ Battery Provider available + Experimental = true; + }; + }; + }; + + services.blueman.enable = true; + environment.etc."wireplumber/bluetooth.lua.d/51-bluez-config.lua" = { + text = '' + bluez_monitor.properties = { + ["bluez5.enable-sbc-xq"] = true, + ["bluez5.enable-msbc"] = true, + ["bluez5.enable-hw-volume"] = true, + ["bluez5.headset-roles"] = "[ hsp_hs hsp_ag hfp_hf hfp_ag ]" + } + ''; + }; +} diff --git a/modules/ci-runner/default.nix b/modules/ci-runner/default.nix deleted file mode 100644 index 95c58970..00000000 --- a/modules/ci-runner/default.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - lib, - config, - pkgs, - self, - ... -}: -with lib; let - psCfg = config.pub-solar; - cfg = config.pub-solar.ci-runner; -in { - options.pub-solar.ci-runner = { - enable = mkEnableOption "Enables a systemd service that runs drone-ci-runner"; - }; - - config = mkIf cfg.enable { - systemd.user.services.ci-runner = { - enable = true; - - description = "CI runner for the PubSolarOS repository that can run test VM instances with KVM."; - - serviceConfig = { - Type = "simple"; - Restart = "always"; - }; - - path = [ - pkgs.git - pkgs.nix - pkgs.libvirt - ]; - - wantedBy = ["multi-user.target"]; - after = ["network.target" "libvirtd.service"]; - - script = ''${pkgs.drone-runner-exec}/bin/drone-runner-exec daemon /run/agenix/drone-runner-exec-config''; - }; - - age.secrets."drone-runner-exec-config" = { - file = "${self}/secrets/drone-runner-exec-config"; - mode = "700"; - owner = psCfg.user.name; - }; - }; -} diff --git a/modules/core/boot.nix b/modules/core/boot.nix index 38b6a03a..23d3f316 100644 --- a/modules/core/boot.nix +++ b/modules/core/boot.nix @@ -7,12 +7,6 @@ with lib; let cfg = config.pub-solar.core; in { - options.pub-solar.core.iso-options.enable = mkOption { - type = types.bool; - default = false; - description = "Feature flag for iso builds"; - }; - options.pub-solar.core.disk-encryption-active = mkOption { type = types.bool; default = true; @@ -21,13 +15,10 @@ in { config = { boot = { - # Enable plymouth for better experience of booting - plymouth.enable = mkIf (!cfg.lite) (lib.mkDefault true); - # Mount / luks device in initrd # Allow fstrim to work on it. # The ! makes this enabled by default - initrd = mkIf (!cfg.iso-options.enable && cfg.disk-encryption-active) { + initrd = mkIf cfg.disk-encryption-active { luks.devices."cryptroot" = { allowDiscards = true; }; @@ -35,8 +26,8 @@ in { loader.systemd-boot.enable = lib.mkDefault true; - # Use latest linux kernel by default - kernelPackages = lib.mkDefault pkgs.linuxPackages_6_5; + # Use latest LTS linux kernel by default + kernelPackages = lib.mkDefault pkgs.linuxPackages_6_1; # Support ntfs drives supportedFilesystems = ["ntfs"]; diff --git a/modules/core/default.nix b/modules/core/default.nix index 5f6161de..3e388c78 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -5,38 +5,34 @@ }: with lib; let cfg = config.pub-solar.core; + psCfg = config.pub-solar; in { imports = [ ./boot.nix ./hibernation.nix - ./fonts.nix ./i18n.nix ./networking.nix - ./nix.nix ./packages.nix - ./services.nix ]; - options.pub-solar.core = { - lite = mkOption { - description = '' - Enable a lite edition of core with less default modules and a reduced package set. - ''; - default = false; - type = types.bool; - }; + # Service that makes Out of Memory Killer more effective + services.earlyoom.enable = true; + + services.logind.lidSwitch = "hibernate"; + + services.tor.settings = { + UseBridges = true; }; - config = { - pub-solar = { - audio.enable = mkIf (!cfg.lite) (mkDefault true); - crypto.enable = mkIf (!cfg.lite) (mkDefault true); - devops.enable = mkIf (!cfg.lite) (mkDefault true); + # The options below are directly taken from or inspired by + # https://xeiaso.net/blog/paranoid-nixos-2021-07-18 - terminal-life = { - enable = mkDefault true; - lite = cfg.lite; - }; - }; - }; + # Limit the use of sudo to the group wheel + security.sudo.execWheelOnly = true; + + # Remove the complete default environment of packages like + # nano, perl and rsync + environment.defaultPackages = lib.mkForce []; + + # fileSystems."/".options = [ "noexec" ]; } diff --git a/modules/core/fonts.nix b/modules/core/fonts.nix deleted file mode 100644 index 29734489..00000000 --- a/modules/core/fonts.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - fonts = { - fonts = with pkgs; [powerline-fonts dejavu_fonts]; - fontconfig.defaultFonts = { - monospace = ["DejaVu Sans Mono for Powerline"]; - sansSerif = ["DejaVu Sans"]; - }; - }; -} diff --git a/modules/core/networking.nix b/modules/core/networking.nix index e9f585d7..4539c16a 100644 --- a/modules/core/networking.nix +++ b/modules/core/networking.nix @@ -1,89 +1,39 @@ { + flake, config, pkgs, lib, ... -}: -with lib; let - cfg = config.pub-solar.core; -in { - options.pub-solar.core = { - enableCaddy = mkOption { - type = types.bool; - default = !cfg.lite; - }; - enableHelp = mkOption { - type = types.bool; - default = !cfg.lite; - }; +}: { + # disable NetworkManager and systemd-networkd -wait-online by default + systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false; + systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false; - binaryCaches = mkOption { - type = types.listOf types.str; - default = []; - description = "Binary caches to use."; - }; - publicKeys = mkOption { - type = types.listOf types.str; - default = []; - description = "Public keys of binary caches."; - }; + networking.networkmanager = { + # Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff. + enable = lib.mkDefault true; + # not as stable as wpa_supplicant yet, also more trouble with 5 GHz networks + #wifi.backend = "iwd"; }; - config = { - # disable NetworkManager and systemd-networkd -wait-online by default - systemd.services.NetworkManager-wait-online.enable = lib.mkDefault false; - systemd.services.systemd-networkd-wait-online.enable = lib.mkDefault false; - networking.networkmanager = { - # Enable networkmanager. REMEMBER to add yourself to group in order to use nm related stuff. - enable = true; - # not as stable as wpa_supplicant yet, also more trouble with 5 GHz networks - #wifi.backend = "iwd"; - }; + networking.firewall.enable = true; - networking.firewall.enable = true; + # For rage encryption, all hosts need a ssh key pair + services.openssh = { + enable = true; + allowSFTP = lib.mkDefault false; - # Customized binary caches list (with fallback to official binary cache) - nix.settings.substituters = cfg.binaryCaches; - nix.settings.trusted-public-keys = cfg.publicKeys; + openFirewall = lib.mkDefault false; - # These entries get added to /etc/hosts - networking.hosts = { - "127.0.0.1" = - [] - ++ lib.optionals cfg.enableCaddy ["caddy.local"] - ++ lib.optionals config.pub-solar.printing.enable ["cups.local"] - ++ lib.optionals cfg.enableHelp ["help.local"]; - }; + settings.PasswordAuthentication = lib.mkDefault false; + settings.KbdInteractiveAuthentication = false; - # Caddy reverse proxy for local services like cups - services.caddy = { - enable = lib.mkForce cfg.enableCaddy; - globalConfig = lib.mkForce '' - default_bind 127.0.0.1 - auto_https off - ''; - extraConfig = lib.mkForce (concatStringsSep "\n" [ - (lib.optionalString - config.pub-solar.printing.enable - '' - cups.local:80 { - request_header Host localhost:631 - reverse_proxy unix//run/cups/cups.sock - } - '') - - (lib.optionalString - cfg.enableHelp - '' - help.local:80 { - root * ${pkgs.psos-docs}/lib/html - # Caddy builds the etag with only the file size & latest modified - # date, which is always 1970-01-01 in the Nix store - header -ETag - file_server - } - '') - ]); - }; + extraConfig = '' + AllowTcpForwarding yes + X11Forwarding no + AllowAgentForwarding no + AllowStreamLocalForwarding no + AuthenticationMethods publickey + ''; }; } diff --git a/modules/core/packages.nix b/modules/core/packages.nix index 807b282c..3dcf7d06 100644 --- a/modules/core/packages.nix +++ b/modules/core/packages.nix @@ -8,72 +8,21 @@ with lib; let psCfg = config.pub-solar; cfg = config.pub-solar.core; in { - environment = { - systemPackages = with pkgs; - [ - # Core unix utility packages - coreutils-full - dnsutils - inetutils - progress - pciutils - usbutils + environment.systemPackages = with pkgs; [ + # Core unix utility packages + coreutils-full + dnsutils + inetutils + progress + pciutils + usbutils + diffutils + findutils + exfat - wget - openssl - openssh - curl - htop - btop - lsof - psmisc - file + gitMinimal - # zippit - zip - unzip - - # Modern modern utilities - p7zip - croc - jq - ] - ++ lib.optionals (!cfg.lite) [ - mtr - - gitFull - git-lfs - git-bug - - xdg-utils - sysfsutils - renameutils - nfs-utils - moreutils - mailutils - keyutils - input-utils - elfutils - binutils - dateutils - diffutils - findutils - exfat - - # Nix specific utilities - alejandra - niv - manix - nix-index - nix-tree - nixpkgs-review - # Build broken, python2.7-PyJWT-2.0.1.drv' failed - #nixops - psos - nvd - - # Fun - neofetch - ]; - }; + btop + mtr + ]; } diff --git a/modules/core/services.nix b/modules/core/services.nix deleted file mode 100644 index 475945e6..00000000 --- a/modules/core/services.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: { - # For rage encryption, all hosts need a ssh key pair - services.openssh = { - enable = true; - # If you don't want the host to have SSH actually opened up to the net, - # set `services.openssh.openFirewall` to false in your config. - openFirewall = lib.mkDefault true; - settings.PasswordAuthentication = lib.mkDefault false; - }; - - # Service that makes Out of Memory Killer more effective - services.earlyoom.enable = true; -} diff --git a/modules/crypto/default.nix b/modules/crypto/default.nix index 8dad1d70..e959010d 100644 --- a/modules/crypto/default.nix +++ b/modules/crypto/default.nix @@ -6,40 +6,28 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.crypto; in { - options.pub-solar.crypto = { - enable = mkEnableOption "Life in private"; - }; + services.udev.packages = [pkgs.yubikey-personalization]; + services.dbus.packages = [pkgs.gcr]; + services.pcscd.enable = true; - config = mkIf cfg.enable { - services.udev.packages = [pkgs.yubikey-personalization]; - services.dbus.packages = [pkgs.gcr]; - services.pcscd.enable = true; + services.gnome.gnome-keyring.enable = true; - services.gnome.gnome-keyring.enable = true; + users.users."${psCfg.user.name}".packages = with pkgs; [ + libsecret + ]; - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs; + home-manager.users."${psCfg.user.name}" = { + systemd.user.services.polkit-gnome-authentication-agent = import ./polkit-gnome-authentication-agent.service.nix pkgs; - services.gpg-agent = { - enable = true; - pinentryFlavor = "gnome3"; - verbose = true; - }; + services.gpg-agent = { + enable = true; + pinentryFlavor = "gnome3"; + verbose = true; + }; - programs.gpg = { - enable = true; - }; - - home.packages = [ - gnome.seahorse - keepassxc - libsecret - qMasterPassword - restic - ]; - }; + programs.gpg = { + enable = true; + }; }; } diff --git a/modules/ddclient/default.nix b/modules/ddclient/default.nix new file mode 100644 index 00000000..e3ee366d --- /dev/null +++ b/modules/ddclient/default.nix @@ -0,0 +1,245 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.services.ddclient; + boolToStr = bool: if bool then "yes" else "no"; + dataDir = "/var/lib/ddclient"; + StateDirectory = builtins.baseNameOf dataDir; + RuntimeDirectory = StateDirectory; + + usev4 = if cfg.usev4 != "" then "usev4=${cfg.usev4}" else ""; + usev6 = if cfg.usev6 != "" then "usev6=${cfg.usev6}" else ""; + + configFile' = pkgs.writeText "ddclient.conf" '' + # This file can be used as a template for configFile or is automatically generated by Nix options. + use=no + ${usev4} + ${usev6} + cache=${dataDir}/ddclient.cache + foreground=yes + login=${cfg.username} + password=${if cfg.protocol == "nsupdate" then "/run/${RuntimeDirectory}/ddclient.key" else "@password_placeholder@"} + protocol=${cfg.protocol} + ${lib.optionalString (cfg.script != "") "script=${cfg.script}"} + ${lib.optionalString (cfg.server != "") "server=${cfg.server}"} + ${lib.optionalString (cfg.zone != "") "zone=${cfg.zone}"} + ssl=${boolToStr cfg.ssl} + wildcard=yes + quiet=${boolToStr cfg.quiet} + verbose=${boolToStr cfg.verbose} + ${cfg.extraConfig} + ${lib.concatStringsSep "," cfg.domains} + ''; + configFile = if (cfg.configFile != null) then cfg.configFile else configFile'; + + preStart = '' + install --mode=600 --owner=$USER ${configFile} /run/${RuntimeDirectory}/ddclient.conf + ${lib.optionalString (cfg.configFile == null) (if (cfg.protocol == "nsupdate") then '' + install --mode=600 --owner=$USER ${cfg.passwordFile} /run/${RuntimeDirectory}/ddclient.key + '' else if (cfg.passwordFile != null) then '' + "${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "${cfg.passwordFile}" "/run/${RuntimeDirectory}/ddclient.conf" + '' else '' + sed -i '/^password=@password_placeholder@$/d' /run/${RuntimeDirectory}/ddclient.conf + '')} + ''; +in with lib; { + disabledModules = [ + "services/networking/ddclient.nix" + ]; + + imports = [ + (mkChangedOptionModule [ "services" "ddclient" "domain" ] [ "services" "ddclient" "domains" ] + (config: + let value = getAttrFromPath [ "services" "ddclient" "domain" ] config; + in if value != "" then [ value ] else [])) + (mkRemovedOptionModule [ "services" "ddclient" "homeDir" ] "") + (mkRemovedOptionModule [ "services" "ddclient" "password" ] "Use services.ddclient.passwordFile instead.") + ]; + + ###### interface + + options = { + services.ddclient = with lib.types; { + enable = mkOption { + default = false; + type = bool; + description = lib.mdDoc '' + Whether to synchronise your machine's IP address with a dynamic DNS provider (e.g. dyndns.org). + ''; + }; + + package = mkOption { + type = package; + default = pkgs.ddclient; + defaultText = lib.literalExpression "pkgs.ddclient"; + description = lib.mdDoc '' + The ddclient executable package run by the service. + ''; + }; + + domains = mkOption { + default = [ "" ]; + type = listOf str; + description = lib.mdDoc '' + Domain name(s) to synchronize. + ''; + }; + + username = mkOption { + # For `nsupdate` username contains the path to the nsupdate executable + default = lib.optionalString (config.services.ddclient.protocol == "nsupdate") "${pkgs.bind.dnsutils}/bin/nsupdate"; + defaultText = ""; + type = str; + description = lib.mdDoc '' + User name. + ''; + }; + + passwordFile = mkOption { + default = null; + type = nullOr str; + description = lib.mdDoc '' + A file containing the password or a TSIG key in named format when using the nsupdate protocol. + ''; + }; + + interval = mkOption { + default = "10min"; + type = str; + description = lib.mdDoc '' + The interval at which to run the check and update. + See {command}`man 7 systemd.time` for the format. + ''; + }; + + configFile = mkOption { + default = null; + type = nullOr path; + description = lib.mdDoc '' + Path to configuration file. + When set this overrides the generated configuration from module options. + ''; + example = "/root/nixos/secrets/ddclient.conf"; + }; + + protocol = mkOption { + default = "dyndns2"; + type = str; + description = lib.mdDoc '' + Protocol to use with dynamic DNS provider (see https://sourceforge.net/p/ddclient/wiki/protocols). + ''; + }; + + server = mkOption { + default = ""; + type = str; + description = lib.mdDoc '' + Server address. + ''; + }; + + ssl = mkOption { + default = true; + type = bool; + description = lib.mdDoc '' + Whether to use SSL/TLS to connect to dynamic DNS provider. + ''; + }; + + quiet = mkOption { + default = false; + type = bool; + description = lib.mdDoc '' + Print no messages for unnecessary updates. + ''; + }; + + script = mkOption { + default = ""; + type = str; + description = lib.mdDoc '' + script as required by some providers. + ''; + }; + + usev4 = mkOption { + default = "webv4, webv4=checkip.dyndns.com/, webv4-skip='Current IP Address: '"; + type = str; + description = lib.mdDoc '' + Method to determine the IP address to send to the dynamic DNS provider. + ''; + }; + + usev6 = mkOption { + default = ""; + type = str; + description = lib.mdDoc '' + Method to determine the IP address to send to the dynamic DNS provider. + ''; + }; + + verbose = mkOption { + default = false; + type = bool; + description = lib.mdDoc '' + Print verbose information. + ''; + }; + + zone = mkOption { + default = ""; + type = str; + description = lib.mdDoc '' + zone as required by some providers. + ''; + }; + + extraConfig = mkOption { + default = ""; + type = lines; + description = lib.mdDoc '' + Extra configuration. Contents will be added verbatim to the configuration file. + + ::: {.note} + `daemon` should not be added here because it does not work great with the systemd-timer approach the service uses. + ::: + ''; + }; + }; + }; + + + ###### implementation + + config = mkIf config.services.ddclient.enable { + systemd.services.ddclient = { + description = "Dynamic DNS Client"; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + restartTriggers = optional (cfg.configFile != null) cfg.configFile; + + serviceConfig = { + DynamicUser = true; + RuntimeDirectoryMode = "0700"; + inherit RuntimeDirectory; + inherit StateDirectory; + Type = "oneshot"; + ExecStartPre = "!${pkgs.writeShellScript "ddclient-prestart" preStart}"; + ExecStart = "${lib.getBin cfg.package}/bin/ddclient -file /run/${RuntimeDirectory}/ddclient.conf"; + }; + }; + + systemd.timers.ddclient = { + description = "Run ddclient"; + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = cfg.interval; + OnUnitInactiveSec = cfg.interval; + }; + }; + }; +} diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 00000000..58ed2c0c --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,42 @@ +{ + self, + inputs, + ... +}: { + flake = { + nixosModules = rec { + audio = import ./audio; + bluetooth = import ./bluetooth; + core = import ./core; + crypto = import ./crypto; + desktop-extended = import ./desktop-extended; + docker = import ./docker; + #email = import ./email; + #gaming = import ./gaming; + graphical = import ./graphical; + #invoiceplane = import ./invoiceplane; + nix = import ./nix; + nextcloud = import ./nextcloud; + office = import ./office; + printing = import ./printing; + terminal-life = import ./terminal-life; + user = import ./user; + virtualisation = import ./virtualisation; + #wireguard-client = import ./wireguard-client; + + base.imports = [ + self.nixosModules.home-manager + inputs.agenix.nixosModules.default + + self.nixosModules.overlays + self.nixosModules.core + self.nixosModules.crypto + self.nixosModules.nix + self.nixosModules.terminal-life + + self.nixosModules.root + self.nixosModules.user + ]; + }; + }; +} diff --git a/modules/desktop-extended/default.nix b/modules/desktop-extended/default.nix new file mode 100644 index 00000000..2c008dcc --- /dev/null +++ b/modules/desktop-extended/default.nix @@ -0,0 +1,48 @@ +{ + lib, + config, + pkgs, + ... +}: +with lib; let + psCfg = config.pub-solar; +in { + users.users."${psCfg.user.name}".packages = with pkgs; [ + ungoogled-chromium + wine + + gimp + inkscape + tigervnc + nodejs + + signal-desktop + tdesktop + element-desktop + + # Nix specific utilities + alejandra + manix + nix-index + nix-output-monitor + nix-tree + nvd + ]; + + fonts = { + fonts = with pkgs; [ + dejavu_fonts + fira-code + fira-code-symbols + google-fonts + lato + montserrat + nerdfonts + noto-fonts + noto-fonts-cjk + open-sans + powerline-fonts + source-sans-pro + ]; + }; +} diff --git a/modules/devops/default.nix b/modules/devops/default.nix deleted file mode 100644 index 0f966ddd..00000000 --- a/modules/devops/default.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -with lib; let - psCfg = config.pub-solar; - cfg = config.pub-solar.devops; -in { - options.pub-solar.devops = { - enable = mkEnableOption "Life automated"; - }; - - config = mkIf cfg.enable { - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = [ - fwknop - croc - drone-cli - nmap - pgcli - ansible - ansible-lint - restic - shellcheck - terraform - flyctl - tea - ]; - }; - }; -} diff --git a/modules/docker-ci-runner/default.nix b/modules/docker-ci-runner/default.nix deleted file mode 100644 index 6a15f928..00000000 --- a/modules/docker-ci-runner/default.nix +++ /dev/null @@ -1,114 +0,0 @@ -{ - lib, - config, - pkgs, - self, - ... -}: -with lib; let - bootstrap = pkgs.writeScript "bootstrap.sh" '' - #!/usr/bin/env bash - - set -e - - apt update - apt install --yes curl git sudo xz-utils - - adduser --system --uid 999 build - chown build /nix - - sudo -u build curl -L https://nixos.org/nix/install > install - sudo -u build sh install - - echo "export PATH=/nix/var/nix/profiles/per-user/build/profile/bin:''$PATH" >> /etc/profile - - mkdir /etc/nix - echo 'experimental-features = nix-command flakes' >> /etc/nix/nix.conf - - export nix_user_config_file="/home/build/.local/share/nix/trusted-settings.json" - mkdir -p $(dirname \\$nix_user_config_file) - echo '{"extra-experimental-features":{"nix-command flakes":true}}' > \\$nix_user_config_file - chown -R build /home/build/ - - curl -L https://github.com/drone-runners/drone-runner-exec/releases/latest/download/drone_runner_exec_linux_amd64.tar.gz | tar xz - sudo install -t /usr/local/bin drone-runner-exec - - if [ ! -f /run/vars ]; then - exit 1 - fi - - cp -a /run/vars /run/runtime-vars - env | grep "DRONE" >> /run/runtime-vars - - su - -s /bin/bash build sh -c "/usr/local/bin/drone-runner-exec daemon /run/runtime-vars" - ''; - psCfg = config.pub-solar; - cfg = config.pub-solar.docker-ci-runner; -in { - options.pub-solar.docker-ci-runner = { - enable = lib.mkEnableOption "Enables a docker container running a drone exec runner as unprivileged user."; - - enableKvm = lib.mkOption { - description = '' - Enable kvm support. - ''; - default = true; - type = types.bool; - }; - - nixCacheLocation = lib.mkOption { - description = '' - Location of nix cache that is shared between builds - ''; - default = "/var/lib/docker-ci-runner"; - type = types.path; - }; - - runnerEnvironment = lib.mkOption { - description = '' - Additional environment vars added to the vars file on container runtime - ''; - default = {}; - }; - - runnerVarsFile = lib.mkOption { - description = '' - Location of vars file passed to drone runner - ''; - type = types.path; - }; - }; - - config = lib.mkIf cfg.enable { - virtualisation = { - docker = { - enable = true; # sadly podman is not supported rightnow - }; - - oci-containers = { - backend = "docker"; - containers."drone-exec-runner" = { - image = "debian"; - autoStart = true; - entrypoint = "bash"; - cmd = ["/bootstrap.sh"]; - - volumes = [ - "${cfg.runnerVarsFile}:/run/vars" - "${cfg.nixCacheLocation}:/nix" - "${bootstrap}:/bootstrap.sh" - ]; - - environment = cfg.runnerEnvironment; - - extraOptions = lib.mkIf cfg.enableKvm ["--device=/dev/kvm"]; - }; - }; - }; - # Fix container not stopping correctly and holding the system 120s upon - # shutdown / reboot - systemd.services.docker-drone-exec-runner.preStop = '' - docker stop drone-exec-runner - ''; - }; -} diff --git a/modules/docker/default.nix b/modules/docker/default.nix index e4558255..b7aa344b 100644 --- a/modules/docker/default.nix +++ b/modules/docker/default.nix @@ -6,22 +6,15 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.docker; in { - options.pub-solar.docker = { - enable = mkEnableOption "Life in metal boxes"; + virtualisation.docker.enable = true; + virtualisation.docker.package = pkgs.docker_24; + + users.users."${psCfg.user.name}" = { + extraGroups = ["docker"]; }; - config = mkIf cfg.enable { - virtualisation.docker.enable = true; - virtualisation.docker.package = pkgs.docker_24; - users.users = with pkgs; - pkgs.lib.setAttrByPath [psCfg.user.name] { - extraGroups = ["docker"]; - }; - - environment.systemPackages = with pkgs; [ - docker-compose - ]; - }; + environment.systemPackages = with pkgs; [ + docker-compose + ]; } diff --git a/modules/email/default.nix b/modules/email/default.nix index db41c6fe..d9530d82 100644 --- a/modules/email/default.nix +++ b/modules/email/default.nix @@ -6,28 +6,49 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.email; in { - options.pub-solar.email = { - enable = mkEnableOption "Life in headers"; - }; + users.users."${psCfg.user.name}".packages = with pkgs; [ + w3m + urlscan + neomutt + offlineimap + msmtp + mailto-mutt + ]; - config = mkIf cfg.enable { - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = [ - w3m - urlscan - neomutt - offlineimap - msmtp - mailto-mutt - ]; + home-manager.users."${psCfg.user.name}" = { + programs.offlineimap = { + enable = true; + pythonFile = builtins.readFile ./offlineimap.py; + }; - programs.offlineimap = { - enable = true; - pythonFile = builtins.readFile ./offlineimap.py; - }; - }; + xdg.configFile."mutt/muttrc".source = ./.config/mutt/muttrc; + xdg.configFile."mutt/base16.muttrc".source = ./.config/mutt/base16.muttrc; + xdg.configFile."mutt/mailcap".source = ./.config/mutt/mailcap; + xdg.configFile."offlineimap/functions.py".source = ./.config/offlineimap/functions.py; + + xdg.configFile."mutt/accounts.muttrc".text = '' + source ./hello@benjaminbaedorf.eu.muttrc + + macro index 'source $XDG_CONFIG_HOME/mutt/hello@benjaminbaedorf.eu.muttrc!' + macro index 'source $XDG_CONFIG_HOME/mutt/benjamin.baedorf@rwth-aachen.de.muttrc!' + macro index 'source $XDG_CONFIG_HOME/mutt/byb@miom.space.muttrc!' + macro index 'source $XDG_CONFIG_HOME/mutt/mail@b12f.io.muttrc!' + macro index 'source $XDG_CONFIG_HOME/mutt/admins@pub.solar.muttrc!' + macro index 'source $XDG_CONFIG_HOME/mutt/crew@pub.solar.muttrc!' + ''; + xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc"; + xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source = ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc"; + xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.signature"; + xdg.configFile."mutt/byb@miom.space.muttrc".source = ./.config/mutt + "/byb@miom.space.muttrc"; + xdg.configFile."mutt/byb@miom.space.signature".source = ./.config/mutt + "/byb@miom.space.signature"; + xdg.configFile."mutt/mail@b12f.io.muttrc".source = ./.config/mutt + "/mail@b12f.io.muttrc"; + xdg.configFile."mutt/mail@b12f.io.signature".source = ./.config/mutt + "/mail@b12f.io.signature"; + xdg.configFile."mutt/admins@pub.solar.muttrc".source = ./.config/mutt + "/admins@pub.solar.muttrc"; + xdg.configFile."mutt/admins@pub.solar.signature".source = ./.config/mutt + "/admins@pub.solar.signature"; + xdg.configFile."mutt/crew@pub.solar.muttrc".source = ./.config/mutt + "/crew@pub.solar.muttrc"; + xdg.configFile."mutt/crew@pub.solar.signature".source = ./.config/mutt + "/crew@pub.solar.signature"; + xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config; + xdg.configFile."msmtp/config".source = ./.config/msmtp/config; }; } diff --git a/modules/gaming/default.nix b/modules/gaming/default.nix index 0992c51c..ba654d1e 100644 --- a/modules/gaming/default.nix +++ b/modules/gaming/default.nix @@ -6,26 +6,16 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.gaming; in { - options.pub-solar.gaming = { - enable = mkEnableOption "Life in shooters"; + programs.steam.enable = true; + nixpkgs.config.packageOverrides = pkgs: { + steam = pkgs.steam.override {}; }; - config = mkIf cfg.enable { - programs.steam.enable = true; - nixpkgs.config.packageOverrides = pkgs: { - steam = pkgs.steam.override {}; - }; - - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = [ - playonlinux - godot - obs-studio - obs-studio-plugins.wlrobs - ]; - }; - }; + users.users."${psCfg.user.name}".packages = with pkgs; [ + playonlinux + godot + obs-studio + obs-studio-plugins.wlrobs + ]; } diff --git a/profiles/base-user/.config/libinput-gestures.conf b/modules/graphical/.config/libinput-gestures.conf similarity index 100% rename from profiles/base-user/.config/libinput-gestures.conf rename to modules/graphical/.config/libinput-gestures.conf diff --git a/profiles/base-user/.config/mako/config b/modules/graphical/.config/mako/config similarity index 100% rename from profiles/base-user/.config/mako/config rename to modules/graphical/.config/mako/config diff --git a/profiles/base-user/.config/swaync/config.json b/modules/graphical/.config/swaync/config.json similarity index 100% rename from profiles/base-user/.config/swaync/config.json rename to modules/graphical/.config/swaync/config.json diff --git a/profiles/base-user/.config/swaync/style.css b/modules/graphical/.config/swaync/style.css similarity index 100% rename from profiles/base-user/.config/swaync/style.css rename to modules/graphical/.config/swaync/style.css diff --git a/profiles/base-user/.config/user-dirs.dirs b/modules/graphical/.config/user-dirs.dirs similarity index 100% rename from profiles/base-user/.config/user-dirs.dirs rename to modules/graphical/.config/user-dirs.dirs diff --git a/profiles/base-user/.config/user-dirs.locale b/modules/graphical/.config/user-dirs.locale similarity index 100% rename from profiles/base-user/.config/user-dirs.locale rename to modules/graphical/.config/user-dirs.locale diff --git a/profiles/base-user/.config/waybar/colorscheme.css b/modules/graphical/.config/waybar/colorscheme.css similarity index 100% rename from profiles/base-user/.config/waybar/colorscheme.css rename to modules/graphical/.config/waybar/colorscheme.css diff --git a/profiles/base-user/.config/waybar/config b/modules/graphical/.config/waybar/config similarity index 100% rename from profiles/base-user/.config/waybar/config rename to modules/graphical/.config/waybar/config diff --git a/profiles/base-user/.config/waybar/style.css b/modules/graphical/.config/waybar/style.css similarity index 100% rename from profiles/base-user/.config/waybar/style.css rename to modules/graphical/.config/waybar/style.css diff --git a/profiles/base-user/.config/xmodmap b/modules/graphical/.config/xmodmap similarity index 100% rename from profiles/base-user/.config/xmodmap rename to modules/graphical/.config/xmodmap diff --git a/profiles/base-user/.config/xsettingsd/xsettingsd.conf b/modules/graphical/.config/xsettingsd/xsettingsd.conf similarity index 100% rename from profiles/base-user/.config/xsettingsd/xsettingsd.conf rename to modules/graphical/.config/xsettingsd/xsettingsd.conf diff --git a/profiles/base-user/.xinitrc b/modules/graphical/.xinitrc similarity index 100% rename from profiles/base-user/.xinitrc rename to modules/graphical/.xinitrc diff --git a/modules/graphical/alacritty.nix b/modules/graphical/alacritty.nix index d52a6cad..fe5dd816 100644 --- a/modules/graphical/alacritty.nix +++ b/modules/graphical/alacritty.nix @@ -55,7 +55,7 @@ style = "Italic"; }; - size = 16.0; + size = 12.0; offset = { x = 0; @@ -69,6 +69,16 @@ }; key_bindings = [ + { + key = "V"; + mods = "Control|Super"; + action = "Paste"; + } + { + key = "C"; + mods = "Control|Super"; + action = "Copy"; + } { key = "V"; mods = "Control|Alt"; diff --git a/profiles/base-user/assets/pub-solar.jpg b/modules/graphical/assets/pub-solar.jpg similarity index 100% rename from profiles/base-user/assets/pub-solar.jpg rename to modules/graphical/assets/pub-solar.jpg diff --git a/profiles/base-user/assets/wallpaper.jpg b/modules/graphical/assets/wallpaper.jpg similarity index 100% rename from profiles/base-user/assets/wallpaper.jpg rename to modules/graphical/assets/wallpaper.jpg diff --git a/modules/graphical/default.nix b/modules/graphical/default.nix index 137932e9..95183e4b 100644 --- a/modules/graphical/default.nix +++ b/modules/graphical/default.nix @@ -6,36 +6,22 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.graphical; yamlFormat = pkgs.formats.yaml {}; - recursiveMerge = attrList: let - f = attrPath: - zipAttrsWith ( - n: values: - if tail values == [] - then head values - else if all isList values - then unique (concatLists values) - else if all isAttrs values - then f (attrPath ++ [n]) values - else last values - ); - in - f [] attrList; + sessionVariables = { + WLR_RENDERER = + if psCfg.graphical.wayland.software-renderer.enable + then "pixman" + else "gles2"; + # Fix KeepassXC rendering issue + # https://github.com/void-linux/void-packages/issues/23517 + QT_AUTO_SCREEN_SCALE_FACTOR = "0"; + }; in { + imports = [ + ./sway + ]; + options.pub-solar.graphical = { - enable = mkEnableOption "Life in color"; - alacritty = { - settings = mkOption { - type = yamlFormat.type; - default = {}; - }; - }; - autologin.enable = mkOption { - type = types.bool; - default = true; - description = "Feature flag enabling autologin after boot."; - }; wayland.software-renderer.enable = mkOption { type = types.bool; default = false; @@ -43,8 +29,9 @@ in { }; }; - config = mkIf cfg.enable { + config = { hardware.opengl.enable = true; + environment = { systemPackages = with pkgs; [ gtk-engine-murrine @@ -55,16 +42,20 @@ in { papirus-maia-icon-theme glib + xdg-utils ]; + etc = { "xdg/PubSolar.conf".text = '' [Qt] style=GTK+ ''; }; + + variables = sessionVariables; }; - services.getty.autologinUser = mkIf cfg.autologin.enable (mkForce "${psCfg.user.name}"); + services.getty.autologinUser = psCfg.user.name; qt = { enable = true; @@ -72,8 +63,6 @@ in { style = "gtk2"; }; - gtk.iconCache.enable = true; - # Required for running Gnome apps outside the Gnome DE, see https://nixos.wiki/wiki/GNOME#Running_GNOME_programs_outside_of_GNOME programs.dconf.enable = true; services.udev.packages = with pkgs; [gnome3.gnome-settings-daemon]; @@ -81,81 +70,80 @@ in { services.gnome.sushi.enable = true; # Enable GVfs, a userspace virtual filesystem services.gvfs.enable = true; + services.yubikey-agent.enable = true; - fonts.enableDefaultFonts = true; - fonts.fonts = with pkgs; [ - fira-code - fira-code-symbols - google-fonts - lato - montserrat - nerdfonts - noto-fonts - noto-fonts-cjk - open-sans - powerline-fonts - source-sans-pro + fonts = { + fonts = with pkgs; [ + dejavu_fonts + powerline-fonts + ]; + enableDefaultFonts = true; + fontconfig.enable = true; + fontconfig.defaultFonts = { + monospace = ["DejaVu Sans Mono for Powerline"]; + sansSerif = ["DejaVu Sans"]; + }; + }; + + users.users."${psCfg.user.name}".packages = with pkgs; [ + alacritty + firefox-wayland + flameshot + gnome.adwaita-icon-theme + gnome.eog + gnome.nautilus + gnome.seahorse + gnome.yelp + hicolor-icon-theme + keepassxc + qMasterPassword + libnotify + vlc ]; - home-manager = with pkgs; - setAttrByPath ["users" psCfg.user.name] { - home.packages = [ - alacritty - foot - ungoogled-chromium - firefox-wayland + home-manager.users."${psCfg.user.name}" = { + home.file."xinitrc".source = ./.xinitrc; + xdg.configFile."alacritty/alacritty.yml".source = yamlFormat.generate "alacritty.yml" (import ./alacritty.nix); + xdg.configFile."xmodmap".source = ./.config/xmodmap; + xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs; + xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale; + xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf; + xdg.configFile."mako/config".source = ./.config/mako/config; + xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf; + xdg.configFile."swaync/config.json".source = ./.config/swaync/config.json; + xdg.configFile."swaync/style.css".source = ./.config/swaync/style.css; + xdg.configFile."waybar/config".source = ./.config/waybar/config; + xdg.configFile."waybar/style.css".source = ./.config/waybar/style.css; + xdg.configFile."waybar/colorscheme.css".source = ./.config/waybar/colorscheme.css; + xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg; - flameshot - libnotify - gnome.adwaita-icon-theme - gnome.eog - gnome.nautilus - gnome.yelp - hicolor-icon-theme - - wine - - toggle-kbd-layout - - wcwd - - vlc - - gimp - ]; - - xdg.configFile."alacritty/alacritty.yml" = { - source = yamlFormat.generate "alacritty.yml" (recursiveMerge [(import ./alacritty.nix) cfg.alacritty.settings]); + gtk = { + enable = true; + font.name = "Lato"; + iconTheme = { + package = pkgs.papirus-icon-theme; + name = "Papirus-Adapta-Nokto-Maia"; + }; + theme = { + package = pkgs.matcha-gtk-theme; + name = "Matcha-dark-aliz"; }; - gtk = { - enable = true; - font.name = "Lato"; - iconTheme = { - package = pkgs.papirus-icon-theme; - name = "Papirus-Adapta-Nokto-Maia"; - }; - theme = { - package = pkgs.matcha-gtk-theme; - name = "Matcha-dark-aliz"; - }; - - gtk3.extraConfig = { - gtk-xft-antialias = "1"; - gtk-xft-hinting = "1"; - gtk-xft-hintstyle = "hintfull"; - gtk-xft-rgba = "rgb"; - gtk-application-prefer-dark-theme = "true"; - }; + gtk3.extraConfig = { + gtk-xft-antialias = "1"; + gtk-xft-hinting = "1"; + gtk-xft-hintstyle = "hintfull"; + gtk-xft-rgba = "rgb"; + gtk-application-prefer-dark-theme = "true"; }; - - # Fix KeepassXC rendering issue - # https://github.com/void-linux/void-packages/issues/23517 - systemd.user.sessionVariables.QT_AUTO_SCREEN_SCALE_FACTOR = "0"; - - xresources.extraConfig = builtins.readFile ./.Xdefaults; - - systemd.user.services.network-manager-applet = import ./network-manager-applet.service.nix pkgs; }; + + xresources.extraConfig = builtins.readFile ./.Xdefaults; + + systemd.user.services.network-manager-applet = import ./network-manager-applet.service.nix pkgs; + + home.sessionVariables = sessionVariables; + systemd.user.sessionVariables = sessionVariables; + }; }; } diff --git a/modules/sway/config/config.d/applications.conf b/modules/graphical/sway/config/config.d/applications.conf similarity index 98% rename from modules/sway/config/config.d/applications.conf rename to modules/graphical/sway/config/config.d/applications.conf index 00eecef3..b3346809 100644 --- a/modules/sway/config/config.d/applications.conf +++ b/modules/graphical/sway/config/config.d/applications.conf @@ -49,6 +49,7 @@ for_window [class="(?i)virtualbox"] floating enable border normal for_window [class="Xfburn"] floating enable for_window [class="^VirtualBox Machine$" title="Running"] floating disable for_window [class="^rdesktop" title="rdesktop"] floating disable +for_window [app_id="signal"] floating enabled # firefox floating menus for_window [window_role="pop-up"] floating enable diff --git a/modules/sway/config/config.d/colorscheme.conf b/modules/graphical/sway/config/config.d/colorscheme.conf similarity index 100% rename from modules/sway/config/config.d/colorscheme.conf rename to modules/graphical/sway/config/config.d/colorscheme.conf diff --git a/modules/sway/config/config.d/custom-keybindings.conf b/modules/graphical/sway/config/config.d/custom-keybindings.conf similarity index 77% rename from modules/sway/config/config.d/custom-keybindings.conf rename to modules/graphical/sway/config/config.d/custom-keybindings.conf index da5a884e..9f3b5050 100644 --- a/modules/sway/config/config.d/custom-keybindings.conf +++ b/modules/graphical/sway/config/config.d/custom-keybindings.conf @@ -19,7 +19,7 @@ bindsym $mod+Shift+h exec psos help bindsym $mod+F2 exec firefox bindsym $mod+F4 exec nautilus -w -bindsym $mod+Shift+F4 exec signal-desktop --use-tray-icon +bindsym $mod+Shift+F4 exec signal-desktop --use-tray-icon --enable-features=WebRTCPipeWireCapturer # Notifications with swaynotificationcenter # Toggle control center @@ -37,3 +37,11 @@ bindsym $mod+Ctrl+r exec record-screen # Launcher set $menu exec alacritty --class launcher -e env TERMINAL_COMMAND="alacritty -e" sway-launcher bindsym $mod+Space exec $menu + +set $mode_vncclient In VNCClient mode. Press $mod+Num_Lock or $mod+Shift+Escape to return. +bindsym $mod+Num_Lock mode "$mode_vncclient" +bindsym $mod+Shift+Escape mode "$mode_vncclient" +mode "$mode_vncclient" { + bindsym $mod+Num_Lock mode "default" + bindsym $mod+Shift+Escape mode "default" +} diff --git a/modules/sway/config/config.d/gaps.conf b/modules/graphical/sway/config/config.d/gaps.conf similarity index 100% rename from modules/sway/config/config.d/gaps.conf rename to modules/graphical/sway/config/config.d/gaps.conf diff --git a/modules/sway/config/config.d/mode_system.conf.nix b/modules/graphical/sway/config/config.d/mode_system.conf.nix similarity index 53% rename from modules/sway/config/config.d/mode_system.conf.nix rename to modules/graphical/sway/config/config.d/mode_system.conf.nix index 5545c3f6..6c6ca5c5 100644 --- a/modules/sway/config/config.d/mode_system.conf.nix +++ b/modules/graphical/sway/config/config.d/mode_system.conf.nix @@ -7,22 +7,19 @@ # Set shut down, restart and locking features '' + ( - if psCfg.core.hibernation.enable && !psCfg.paranoia.enable + if psCfg.core.hibernation.enable then '' set $mode_system (e)xit, (h)ibernate, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown '' - else if psCfg.paranoia.enable - then '' - set $mode_system (e)xit, (h)ibernate, (r)eboot, (Shift+s)hutdown - '' else '' set $mode_system (e)xit, (l)ock, (s)uspend, (r)eboot, (Shift+s)hutdown '' ) + '' bindsym $mod+0 mode "$mode_system" + mode "$mode_system" { - bindsym e exec swaymsg exit, mode "default" + bindsym e exec swaymsg exit, mode "default" '' + ( if psCfg.core.hibernation.enable @@ -31,20 +28,14 @@ '' else "" ) -+ ( - if !psCfg.paranoia.enable - then '' ++ '' bindsym l exec ${pkgs.swaylock-bg}/bin/swaylock-bg, mode "default" bindsym s exec systemctl suspend, mode "default" - '' - else "" -) -+ '' - bindsym r exec systemctl reboot, mode "default" - bindsym Shift+s exec systemctl poweroff, mode "default" + bindsym r exec systemctl reboot, mode "default" + bindsym Shift+s exec systemctl poweroff, mode "default" - # exit system mode: "Enter" or "Escape" - bindsym Return mode "default" - bindsym Escape mode "default" - } + # exit system mode: "Enter" or "Escape" + bindsym Return mode "default" + bindsym Escape mode "default" +} '' diff --git a/modules/sway/config/config.d/systemd.conf b/modules/graphical/sway/config/config.d/systemd.conf similarity index 100% rename from modules/sway/config/config.d/systemd.conf rename to modules/graphical/sway/config/config.d/systemd.conf diff --git a/modules/sway/config/config.d/theme.conf b/modules/graphical/sway/config/config.d/theme.conf similarity index 100% rename from modules/sway/config/config.d/theme.conf rename to modules/graphical/sway/config/config.d/theme.conf diff --git a/modules/sway/config/config.nix b/modules/graphical/sway/config/config.nix similarity index 99% rename from modules/sway/config/config.nix rename to modules/graphical/sway/config/config.nix index db660d77..b811c302 100644 --- a/modules/sway/config/config.nix +++ b/modules/graphical/sway/config/config.nix @@ -19,7 +19,7 @@ set $up i set $right l # Your preferred terminal emulator - set $term ${config.pub-solar.sway.terminal} + set $term ${pkgs.alacritty}/bin/alacritty # Your preferred application launcher # Note: pass the final command to swaymsg so that the resulting window can be opened # on the original workspace that the command was run on. diff --git a/modules/graphical/sway/config/wayvnc/config.nix b/modules/graphical/sway/config/wayvnc/config.nix new file mode 100644 index 00000000..23a885d4 --- /dev/null +++ b/modules/graphical/sway/config/wayvnc/config.nix @@ -0,0 +1,11 @@ +{ + psCfg, + pkgs, +}: " +address=0.0.0.0 +enable_auth=true +username=${psCfg.user.name} +password=testtest +private_key_file=/run/agenix/vnc-key.pem +certificate_file=/run/agenix/vnc-cert.pem +" diff --git a/modules/graphical/sway/default.nix b/modules/graphical/sway/default.nix new file mode 100644 index 00000000..063e85e0 --- /dev/null +++ b/modules/graphical/sway/default.nix @@ -0,0 +1,100 @@ +{ + lib, + config, + pkgs, + ... +}: +with lib; let + psCfg = config.pub-solar; +in { + options.pub-solar.graphical = { + v4l2loopback.enable = mkOption { + type = types.bool; + default = false; + description = "WebCam streaming tool"; + }; + }; + + config = { + boot = mkIf psCfg.graphical.v4l2loopback.enable { + extraModulePackages = with config.boot.kernelPackages; [v4l2loopback]; + kernelModules = ["v4l2loopback"]; + extraModprobeConfig = '' + options v4l2loopback exclusive_caps=1 devices=3 + ''; + }; + + environment.systemPackages = with pkgs; mkIf psCfg.graphical.v4l2loopback.enable [ + linuxPackages.v4l2loopback + ]; + + programs.sway.enable = true; + + xdg.portal = { + enable = true; + wlr = { + enable = true; + settings = { + screencast = { + max_fps = 30; + chooser_type = "simple"; + chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or"; + }; + }; + }; + extraPortals = with pkgs; [xdg-desktop-portal-gtk]; + }; + + services.pipewire.enable = true; + + users.users."${psCfg.user.name}".packages = with pkgs; [ + sway + grim + kanshi + slurp + swaybg + swayidle + swaynotificationcenter + xwayland + + libappindicator-gtk3 + + wl-clipboard + wf-recorder + brightnessctl + gammastep + geoclue2 + xsettingsd + ydotool + + sway-launcher + record-screen + import-gtk-settings + # Unused on teutat3s hosts, see custom-keybindings.conf + #toggle-kbd-layout + s + wcwd + ]; + + home-manager.users."${psCfg.user.name}" = { + programs.waybar.enable = true; + #programs.waybar.systemd.enable = true; + + systemd.user.services.swaynotificationcenter = import ./swaynotificationcenter.service.nix pkgs; + systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;}; + systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;}; + systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;}; + systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;}; + systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;}; + + xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;}; + xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf; + xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; + xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; + xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; + xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;}; + xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; + xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; + }; + }; +} diff --git a/modules/sway/gammastep.service.nix b/modules/graphical/sway/gammastep.service.nix similarity index 100% rename from modules/sway/gammastep.service.nix rename to modules/graphical/sway/gammastep.service.nix diff --git a/modules/sway/libinput-gestures.service.nix b/modules/graphical/sway/libinput-gestures.service.nix similarity index 100% rename from modules/sway/libinput-gestures.service.nix rename to modules/graphical/sway/libinput-gestures.service.nix diff --git a/modules/graphical/sway/mako.service.nix b/modules/graphical/sway/mako.service.nix new file mode 100644 index 00000000..22524d32 --- /dev/null +++ b/modules/graphical/sway/mako.service.nix @@ -0,0 +1,18 @@ +{pkgs, ...}: { + Unit = { + Description = "Lightweight Wayland notification daemon"; + Documentation = ["man:mako(1)"]; + BindsTo = ["sway-session.target"]; + After = ["sway-session.target"]; + ConditionEnvironment = ["WAYLAND_DISPLAY"]; + }; + Service = { + Type = "dbus"; + BusName = "org.freedesktop.Notifications"; + ExecStart = "${pkgs.mako}/bin/mako"; + ExecReload = "${pkgs.mako}/bin/makoctl reload"; + }; + Install = { + WantedBy = ["sway-session.target"]; + }; +} diff --git a/modules/sway/sway-session.target.nix b/modules/graphical/sway/sway-session.target.nix similarity index 100% rename from modules/sway/sway-session.target.nix rename to modules/graphical/sway/sway-session.target.nix diff --git a/modules/sway/sway.service.nix b/modules/graphical/sway/sway.service.nix similarity index 100% rename from modules/sway/sway.service.nix rename to modules/graphical/sway/sway.service.nix diff --git a/modules/graphical/sway/swayidle.service.nix b/modules/graphical/sway/swayidle.service.nix new file mode 100644 index 00000000..88052a9a --- /dev/null +++ b/modules/graphical/sway/swayidle.service.nix @@ -0,0 +1,27 @@ +{ + pkgs, + psCfg, + ... +}: { + Unit = { + Description = "Idle manager for Wayland"; + Documentation = ["man:swayidle(1)"]; + BindsTo = ["graphical-session.target"]; + Wants = ["graphical-session-pre.target"]; + After = ["graphical-session-pre.target"]; + }; + Service = { + Type = "simple"; + Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock-bg}/bin:${pkgs.swayidle}/bin"; + ExecStart = '' + swayidle -w \ + after-resume 'swaymsg "output * dpms on"' \ + before-sleep 'swaylock-bg' \ + timeout 300 'swaylock-bg' \ + timeout 600 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' + ''; + }; + Install = { + WantedBy = ["sway-session.target"]; + }; +} diff --git a/modules/sway/swaynotificationcenter.service.nix b/modules/graphical/sway/swaynotificationcenter.service.nix similarity index 100% rename from modules/sway/swaynotificationcenter.service.nix rename to modules/graphical/sway/swaynotificationcenter.service.nix diff --git a/modules/sway/waybar.service.nix b/modules/graphical/sway/waybar.service.nix similarity index 94% rename from modules/sway/waybar.service.nix rename to modules/graphical/sway/waybar.service.nix index 260a9ad7..4715fe81 100644 --- a/modules/sway/waybar.service.nix +++ b/modules/graphical/sway/waybar.service.nix @@ -10,7 +10,7 @@ Service = { Type = "dbus"; - Environment = "PATH=${pkgs.bash}/bin:${pkgs.pavucontrol}/bin:${pkgs.swaynotificationcenter}/bin"; + Environment = "PATH=${pkgs.bash}/bin:${pkgs.pavucontrol}/bin"; BusName = "fr.arouillard.waybar"; ExecStart = "${pkgs.waybar}/bin/waybar"; }; diff --git a/modules/sway/xsettingsd.service.nix b/modules/graphical/sway/xsettingsd.service.nix similarity index 100% rename from modules/sway/xsettingsd.service.nix rename to modules/graphical/sway/xsettingsd.service.nix diff --git a/modules/sway/ydotool.service.nix b/modules/graphical/sway/ydotool.service.nix similarity index 100% rename from modules/sway/ydotool.service.nix rename to modules/graphical/sway/ydotool.service.nix diff --git a/modules/invoiceplane/default.nix b/modules/invoiceplane/default.nix new file mode 100644 index 00000000..a29a5ca8 --- /dev/null +++ b/modules/invoiceplane/default.nix @@ -0,0 +1,362 @@ +{ config, pkgs, lib, ... }: + +with lib; + +let + cfg = config.services.invoiceplane; + eachSite = cfg.sites; + user = "invoiceplane"; + webserver = config.services.${cfg.webserver}; + + invoiceplane-config = hostName: cfg: pkgs.writeText "ipconfig.php" '' + IP_URL=http://${hostName} + ENABLE_DEBUG=false + DISABLE_SETUP=false + REMOVE_INDEXPHP=false + DB_HOSTNAME=${cfg.database.host} + DB_USERNAME=${cfg.database.user} + # NOTE: file_get_contents adds newline at the end of returned string + DB_PASSWORD=${if cfg.database.passwordFile == null then "" else "trim(file_get_contents('${cfg.database.passwordFile}'),\"\\r\\n\")"} + DB_DATABASE=${cfg.database.name} + DB_PORT=${toString cfg.database.port} + SESS_EXPIRATION=864000 + ENABLE_INVOICE_DELETION=false + DISABLE_READ_ONLY=false + ENCRYPTION_KEY= + ENCRYPTION_CIPHER=AES-256 + SETUP_COMPLETED=false + REMOVE_INDEXPHP=true + ''; + + extraConfig = hostName: cfg: pkgs.writeText "extraConfig.php" '' + ${toString cfg.extraConfig} + ''; + + pkg = hostName: cfg: pkgs.stdenv.mkDerivation rec { + pname = "invoiceplane-${hostName}"; + version = src.version; + src = pkgs.invoiceplane; + + postPhase = '' + # Patch index.php file to load additional config file + substituteInPlace index.php \ + --replace "require('vendor/autoload.php');" "require('vendor/autoload.php'); \$dotenv = Dotenv\Dotenv::createImmutable(__DIR__, 'extraConfig.php'); \$dotenv->load();"; + ''; + + installPhase = '' + mkdir -p $out + cp -r * $out/ + + # symlink uploads and log directories + rm -r $out/uploads $out/application/logs $out/vendor/mpdf/mpdf/tmp + ln -sf ${cfg.stateDir}/uploads $out/ + ln -sf ${cfg.stateDir}/logs $out/application/ + ln -sf ${cfg.stateDir}/tmp $out/vendor/mpdf/mpdf/ + + # symlink the InvoicePlane config + ln -s ${cfg.stateDir}/ipconfig.php $out/ipconfig.php + + # symlink the extraConfig file + ln -s ${extraConfig hostName cfg} $out/extraConfig.php + + # symlink additional templates + ${concatMapStringsSep "\n" (template: "cp -r ${template}/. $out/application/views/invoice_templates/pdf/") cfg.invoiceTemplates} + ''; + }; + + siteOpts = { lib, name, ... }: + { + options = { + + enable = mkEnableOption (lib.mdDoc "InvoicePlane web application"); + + stateDir = mkOption { + type = types.path; + default = "/var/lib/invoiceplane/${name}"; + description = lib.mdDoc '' + This directory is used for uploads of attachments and cache. + The directory passed here is automatically created and permissions + adjusted as required. + ''; + }; + + database = { + host = mkOption { + type = types.str; + default = "localhost"; + description = lib.mdDoc "Database host address."; + }; + + port = mkOption { + type = types.port; + default = 3306; + description = lib.mdDoc "Database host port."; + }; + + name = mkOption { + type = types.str; + default = "invoiceplane"; + description = lib.mdDoc "Database name."; + }; + + user = mkOption { + type = types.str; + default = "invoiceplane"; + description = lib.mdDoc "Database user."; + }; + + passwordFile = mkOption { + type = types.nullOr types.path; + default = null; + example = "/run/keys/invoiceplane-dbpassword"; + description = lib.mdDoc '' + A file containing the password corresponding to + {option}`database.user`. + ''; + }; + + createLocally = mkOption { + type = types.bool; + default = true; + description = lib.mdDoc "Create the database and database user locally."; + }; + }; + + invoiceTemplates = mkOption { + type = types.listOf types.path; + default = []; + description = lib.mdDoc '' + List of path(s) to respective template(s) which are copied from the 'invoice_templates/pdf' directory. + + ::: {.note} + These templates need to be packaged before use, see example. + ::: + ''; + example = literalExpression '' + let + # Let's package an example template + template-vtdirektmarketing = pkgs.stdenv.mkDerivation { + name = "vtdirektmarketing"; + # Download the template from a public repository + src = pkgs.fetchgit { + url = "https://git.project-insanity.org/onny/invoiceplane-vtdirektmarketing.git"; + sha256 = "1hh0q7wzsh8v8x03i82p6qrgbxr4v5fb05xylyrpp975l8axyg2z"; + }; + sourceRoot = "."; + # Installing simply means copying template php file to the output directory + installPhase = "" + mkdir -p $out + cp invoiceplane-vtdirektmarketing/vtdirektmarketing.php $out/ + ""; + }; + # And then pass this package to the template list like this: + in [ template-vtdirektmarketing ] + ''; + }; + + poolConfig = mkOption { + type = with types; attrsOf (oneOf [ str int bool ]); + default = { + "pm" = "dynamic"; + "pm.max_children" = 32; + "pm.start_servers" = 2; + "pm.min_spare_servers" = 2; + "pm.max_spare_servers" = 4; + "pm.max_requests" = 500; + }; + description = lib.mdDoc '' + Options for the InvoicePlane PHP pool. See the documentation on `php-fpm.conf` + for details on configuration directives. + ''; + }; + + extraConfig = mkOption { + type = types.nullOr types.lines; + default = null; + example = '' + SETUP_COMPLETED=true + DISABLE_SETUP=true + IP_URL=https://invoice.example.com + ''; + description = lib.mdDoc '' + InvoicePlane configuration. Refer to + + for details on supported values. + ''; + }; + + cron = { + + enable = mkOption { + type = types.bool; + default = false; + description = lib.mdDoc '' + Enable cron service which periodically runs Invoiceplane tasks. + Requires key taken from the administration page. Refer to + + on how to configure it. + ''; + }; + + key = mkOption { + type = types.str; + description = lib.mdDoc "Cron key taken from the administration page."; + }; + + }; + + }; + + }; +in +{ + disabledModules = [ + "services/web-apps/invoiceplane.nix" + ]; + + # interface + options = { + services.invoiceplane = mkOption { + type = types.submodule { + + options.sites = mkOption { + type = types.attrsOf (types.submodule siteOpts); + default = {}; + description = lib.mdDoc "Specification of one or more WordPress sites to serve"; + }; + + options.webserver = mkOption { + type = types.enum [ "caddy" ]; + default = "caddy"; + description = lib.mdDoc '' + Which webserver to use for virtual host management. Currently only + caddy is supported. + ''; + }; + }; + default = {}; + description = lib.mdDoc "InvoicePlane configuration."; + }; + + }; + + # implementation + config = mkIf (eachSite != {}) (mkMerge [{ + + assertions = flatten (mapAttrsToList (hostName: cfg: + [{ assertion = cfg.database.createLocally -> cfg.database.user == user; + message = ''services.invoiceplane.sites."${hostName}".database.user must be ${user} if the database is to be automatically provisioned''; + } + { assertion = cfg.database.createLocally -> cfg.database.passwordFile == null; + message = ''services.invoiceplane.sites."${hostName}".database.passwordFile cannot be specified if services.invoiceplane.sites."${hostName}".database.createLocally is set to true.''; + } + { assertion = cfg.cron.enable -> cfg.cron.key != null; + message = ''services.invoiceplane.sites."${hostName}".cron.key must be set in order to use cron service.''; + } + ]) eachSite); + + services.mysql = mkIf (any (v: v.database.createLocally) (attrValues eachSite)) { + enable = true; + package = mkDefault pkgs.mariadb; + ensureDatabases = mapAttrsToList (hostName: cfg: cfg.database.name) eachSite; + ensureUsers = mapAttrsToList (hostName: cfg: + { name = cfg.database.user; + ensurePermissions = { "${cfg.database.name}.*" = "ALL PRIVILEGES"; }; + } + ) eachSite; + }; + + services.phpfpm = { + phpPackage = pkgs.php81; + pools = mapAttrs' (hostName: cfg: ( + nameValuePair "invoiceplane-${hostName}" { + inherit user; + group = webserver.group; + settings = { + "listen.owner" = webserver.user; + "listen.group" = webserver.group; + } // cfg.poolConfig; + } + )) eachSite; + }; + + } + + { + + systemd.tmpfiles.rules = flatten (mapAttrsToList (hostName: cfg: [ + "d ${cfg.stateDir} 0750 ${user} ${webserver.group} - -" + "f ${cfg.stateDir}/ipconfig.php 0750 ${user} ${webserver.group} - -" + "d ${cfg.stateDir}/logs 0750 ${user} ${webserver.group} - -" + "d ${cfg.stateDir}/uploads 0750 ${user} ${webserver.group} - -" + "d ${cfg.stateDir}/uploads/archive 0750 ${user} ${webserver.group} - -" + "d ${cfg.stateDir}/uploads/customer_files 0750 ${user} ${webserver.group} - -" + "d ${cfg.stateDir}/uploads/temp 0750 ${user} ${webserver.group} - -" + "d ${cfg.stateDir}/uploads/temp/mpdf 0750 ${user} ${webserver.group} - -" + "d ${cfg.stateDir}/tmp 0750 ${user} ${webserver.group} - -" + ]) eachSite); + + systemd.services.invoiceplane-config = { + serviceConfig.Type = "oneshot"; + script = concatStrings (mapAttrsToList (hostName: cfg: + '' + mkdir -p ${cfg.stateDir}/logs \ + ${cfg.stateDir}/uploads + if ! grep -q IP_URL "${cfg.stateDir}/ipconfig.php"; then + cp "${invoiceplane-config hostName cfg}" "${cfg.stateDir}/ipconfig.php" + fi + '') eachSite); + wantedBy = [ "multi-user.target" ]; + }; + + users.users.${user} = { + group = webserver.group; + isSystemUser = true; + }; + + } + { + + # Cron service implementation + + systemd.timers = mapAttrs' (hostName: cfg: ( + nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnBootSec = "5m"; + OnUnitActiveSec = "5m"; + Unit = "invoiceplane-cron-${hostName}.service"; + }; + }) + )) eachSite; + + systemd.services = + mapAttrs' (hostName: cfg: ( + nameValuePair "invoiceplane-cron-${hostName}" (mkIf cfg.cron.enable { + serviceConfig = { + Type = "oneshot"; + User = user; + ExecStart = "${pkgs.curl}/bin/curl --header 'Host: ${hostName}' http://localhost/invoices/cron/recur/${cfg.cron.key}"; + }; + }) + )) eachSite; + + } + + (mkIf (cfg.webserver == "caddy") { + services.caddy = { + enable = true; + virtualHosts = mapAttrs' (hostName: cfg: ( + nameValuePair "http://${hostName}" { + extraConfig = '' + root * ${pkg hostName cfg} + file_server + php_fastcgi unix/${config.services.phpfpm.pools."invoiceplane-${hostName}".socket} + ''; + } + )) eachSite; + }; + }) + + ]); +} diff --git a/modules/nextcloud/default.nix b/modules/nextcloud/default.nix index 915a9065..09fb8401 100644 --- a/modules/nextcloud/default.nix +++ b/modules/nextcloud/default.nix @@ -6,16 +6,8 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.nextcloud; in { - options.pub-solar.nextcloud = { - enable = mkEnableOption "Life in sync"; - }; - - config = mkIf cfg.enable { - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - systemd.user.services.nextcloud-client = import ./nextcloud.service.nix pkgs; - }; + home-manager.users."${psCfg.user.name}" = { + systemd.user.services.nextcloud-client = import ./nextcloud.service.nix pkgs; }; } diff --git a/modules/nix-path.nix b/modules/nix-path.nix deleted file mode 100644 index 5967fd2e..00000000 --- a/modules/nix-path.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - channel, - inputs, - ... -}: { - nix.nixPath = [ - "nixpkgs=${channel.input}" - "nixos-config=${../lib/compat/nixos}" - "home-manager=${inputs.home}" - ]; -} diff --git a/modules/core/nix.nix b/modules/nix/default.nix similarity index 51% rename from modules/core/nix.nix rename to modules/nix/default.nix index 1551ffcb..25b89e68 100644 --- a/modules/core/nix.nix +++ b/modules/nix/default.nix @@ -2,14 +2,29 @@ config, pkgs, lib, - inputs, + flake, ... }: { + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "cups-brother-hl3140cw" + "facetimehd-firmware" + "veracrypt" + "zoom" + ]; + nix = { # Use default version alias for nix package package = pkgs.nix; gc.automatic = true; optimise.automatic = true; + + registry = { + nixpkgs.flake = flake.inputs.nixpkgs; + unstable.flake = flake.inputs.unstable; + master.flake = flake.inputs.master; + system.flake = flake.self; + }; + settings = { # Improve nix store disk usage auto-optimise-store = true; @@ -19,7 +34,16 @@ trusted-users = ["root" "@wheel"]; # Allow only group wheel to connect to the nix daemon allowed-users = ["@wheel"]; + + substituters = [ + "https://pub-solar.cachix.org/" + ]; + + trusted-public-keys = [ + "pub-solar.cachix.org-1:ZicXIxKgdxMtgSJECWR8iihZxHRvu8ObL4n2cuBmtos=" + ]; }; + # Generally useful nix option defaults extraOptions = lib.mkForce '' experimental-features = flakes nix-command @@ -28,5 +52,11 @@ keep-derivations = true fallback = true ''; + + nixPath = [ + "nixpkgs=${flake.inputs.nixpkgs}" + "nixos-config=${../../lib/compat/nixos}" + "home-manager=${flake.inputs.home-manager}" + ]; }; } diff --git a/modules/office/default.nix b/modules/office/default.nix index dcfb688a..483e33fc 100644 --- a/modules/office/default.nix +++ b/modules/office/default.nix @@ -6,27 +6,15 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.office; in { - options.pub-solar.office = { - enable = mkEnableOption "Install office programs, also enables printing server"; - }; + programs.evince.enable = true; - config = mkIf cfg.enable { - pub-solar.printing.enable = true; - - # Gnome PDF viewer - programs.evince.enable = true; - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = [ - libreoffice-fresh - gnome.simple-scan - # Tools like pdfunite - poppler_utils - # tool for annotating PDFs - xournalpp - ]; - }; - }; + users.users."${psCfg.user.name}".packages = with pkgs; [ + libreoffice-fresh + gnome.simple-scan + # Tools like pdfunite + poppler_utils + # tool for annotating PDFs + xournalpp + ]; } diff --git a/modules/paranoia/default.nix b/modules/paranoia/default.nix deleted file mode 100644 index 5e8c7a70..00000000 --- a/modules/paranoia/default.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - psCfg = config.pub-solar; - cfg = config.pub-solar.paranoia; -in { - options.pub-solar.paranoia = { - enable = mkOption { - description = '' - Only offer hibernation instead of screen locking and sleeping. This only makes sense - if your hard drive is encrypted, and ensures that the contents of your drive are - encrypted if you are not actively using the device. - ''; - default = false; - type = types.bool; - }; - }; - - config = mkIf cfg.enable { - pub-solar.core.hibernation.enable = true; - services.logind.lidSwitch = "hibernate"; - - # The options below are directly taken from or inspired by - # https://xeiaso.net/blog/paranoid-nixos-2021-07-18 - - # Don't set this if you need sftp - services.openssh.allowSFTP = false; - services.openssh.openFirewall = false; # Lock yourself out - - # Limit the use of sudo to the group wheel - security.sudo.execWheelOnly = true; - - # Remove the complete default environment of packages like - # nano, perl and rsync - environment.defaultPackages = lib.mkForce []; - - # fileSystems."/".options = [ "noexec" ]; - - services.openssh = { - kbdInteractiveAuthentication = false; - extraConfig = '' - AllowTcpForwarding yes - X11Forwarding no - AllowAgentForwarding no - AllowStreamLocalForwarding no - AuthenticationMethods publickey - ''; - }; - }; -} diff --git a/modules/printing/default.nix b/modules/printing/default.nix index 7cc88f4b..9706aaf8 100644 --- a/modules/printing/default.nix +++ b/modules/printing/default.nix @@ -1,38 +1,36 @@ { - lib, + flake, config, pkgs, + lib, ... -}: -with lib; let - psCfg = config.pub-solar; - cfg = config.pub-solar.printing; -in { - options.pub-solar.printing = { - enable = mkEnableOption "CUPSSSss"; - }; +}: { + services.avahi.enable = true; + services.avahi.ipv6 = true; + services.avahi.nssmdns = true; + services.avahi.publish.enable = true; + services.avahi.publish.userServices = true; - config = mkIf cfg.enable { - services.avahi.enable = true; - services.avahi.nssmdns = true; - services.avahi.publish.enable = true; - services.avahi.publish.userServices = true; - services.printing.enable = true; - services.printing.browsing = true; - services.printing.listenAddresses = ["localhost:631"]; - services.printing.allowFrom = ["all"]; - services.printing.defaultShared = false; - services.printing.drivers = with pkgs; [ - gutenprint - brgenml1lpr - brgenml1cupswrapper - brlaser - cnijfilter2 - cups-brother-hl3140cw - ]; - hardware.sane = { - enable = true; - brscan4.enable = true; - }; + services.printing.enable = true; + services.printing.browsing = true; + services.printing.listenAddresses = ["localhost:631"]; + services.printing.defaultShared = lib.mkDefault false; + + services.printing.drivers = [ + pkgs.gutenprint + ] ++ (if (pkgs.system == "x86_64-linux") + then [ pkgs.cups-brother-hl3140cw ] + else []); + + networking.hosts = flake.self.lib.addLocalHostname ["cups.local"]; + + services.caddy = { + enable = true; + extraConfig = '' + cups.local { + request_header Host localhost:631 + reverse_proxy unix//run/cups/cups.sock + } + ''; }; } diff --git a/modules/social/default.nix b/modules/social/default.nix deleted file mode 100644 index 02d1491c..00000000 --- a/modules/social/default.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -with lib; let - psCfg = config.pub-solar; - cfg = config.pub-solar.social; -in { - options.pub-solar.social = { - enable = mkEnableOption "Life with others"; - }; - - config = mkIf cfg.enable { - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = [ - gurk-rs - signal-desktop - tdesktop - element-desktop - irssi - ]; - }; - }; -} diff --git a/modules/sway/default.nix b/modules/sway/default.nix deleted file mode 100644 index 08baa40f..00000000 --- a/modules/sway/default.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ - lib, - config, - pkgs, - ... -}: -with lib; let - psCfg = config.pub-solar; -in { - options.pub-solar.sway = { - enable = mkEnableOption "Life in boxes"; - - terminal = mkOption { - type = types.nullOr types.str; - default = "alacritty"; - description = "Choose sway's default terminal"; - }; - - v4l2loopback.enable = mkOption { - type = types.bool; - default = true; - description = "WebCam streaming tool"; - }; - }; - - config = mkIf psCfg.sway.enable (mkMerge [ - (mkIf (psCfg.sway.v4l2loopback.enable) { - boot.extraModulePackages = with config.boot.kernelPackages; [v4l2loopback]; - boot.kernelModules = ["v4l2loopback"]; - boot.extraModprobeConfig = '' - options v4l2loopback exclusive_caps=1 devices=3 - ''; - }) - - { - environment.systemPackages = with pkgs; [ - linuxPackages.v4l2loopback - ]; - - programs.sway.enable = true; - - xdg.portal = { - enable = true; - wlr = { - enable = true; - settings = { - screencast = { - max_fps = 30; - chooser_type = "simple"; - chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or"; - }; - }; - }; - extraPortals = with pkgs; [xdg-desktop-portal-gtk]; - }; - - services.pipewire.enable = true; - - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = with pkgs; [ - sway - grim - kanshi - mako - slurp - swaynotificationcenter - swayidle - swaylock - swaybg - xwayland - - libappindicator-gtk3 - - wl-clipboard - wf-recorder - brightnessctl - gammastep - geoclue2 - xsettingsd - ydotool - - sway-launcher - record-screen - import-gtk-settings - s - wcwd - ]; - - programs.waybar.enable = true; - #programs.waybar.systemd.enable = true; - - systemd.user.services.swaynotificationcenter = import ./swaynotificationcenter.service.nix pkgs; - systemd.user.services.sway = import ./sway.service.nix {inherit pkgs psCfg;}; - systemd.user.services.swayidle = import ./swayidle.service.nix {inherit pkgs psCfg;}; - systemd.user.services.xsettingsd = import ./xsettingsd.service.nix {inherit pkgs psCfg;}; - systemd.user.services.waybar = import ./waybar.service.nix {inherit pkgs psCfg;}; - systemd.user.targets.sway-session = import ./sway-session.target.nix {inherit pkgs psCfg;}; - - xdg.configFile."sway/config".text = import ./config/config.nix {inherit config pkgs;}; - xdg.configFile."sway/config.d/colorscheme.conf".source = ./config/config.d/colorscheme.conf; - xdg.configFile."sway/config.d/theme.conf".source = ./config/config.d/theme.conf; - xdg.configFile."sway/config.d/gaps.conf".source = ./config/config.d/gaps.conf; - xdg.configFile."sway/config.d/custom-keybindings.conf".source = ./config/config.d/custom-keybindings.conf; - xdg.configFile."sway/config.d/mode_system.conf".text = import ./config/config.d/mode_system.conf.nix {inherit pkgs psCfg;}; - xdg.configFile."sway/config.d/applications.conf".source = ./config/config.d/applications.conf; - xdg.configFile."sway/config.d/systemd.conf".source = ./config/config.d/systemd.conf; - }; - } - ]); -} diff --git a/modules/sway/swayidle.service.nix b/modules/sway/swayidle.service.nix deleted file mode 100644 index 9fd8cc25..00000000 --- a/modules/sway/swayidle.service.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - pkgs, - psCfg, - ... -}: { - Unit = { - Description = "Idle manager for Wayland"; - Documentation = ["man:swayidle(1)"]; - BindsTo = ["graphical-session.target"]; - Wants = ["graphical-session-pre.target"]; - After = ["graphical-session-pre.target"]; - }; - Service = { - Type = "simple"; - Environment = "PATH=/run/current-system/sw/bin:${pkgs.sway}/bin:${pkgs.swaylock-bg}/bin:${pkgs.swayidle}/bin"; - ExecStart = - '' ${pkgs.swayidle}/bin/swayidle -w \ - after-resume 'swaymsg "output * dpms on"' \ - before-sleep 'swaylock-bg' '' - + ( - if psCfg.paranoia.enable - then '' \ - timeout 120 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' \ - timeout 150 'systemctl hibernate' - '' - else '' \ - timeout 600 'swaylock-bg' \ - timeout 900 'swaymsg "output * dpms off"' resume 'swaymsg "output * dpms on"' - '' - ); - }; - Install = { - WantedBy = ["sway-session.target"]; - }; -} diff --git a/profiles/base-user/.config/git/config.nix b/modules/terminal-life/.config/git/config.nix similarity index 100% rename from profiles/base-user/.config/git/config.nix rename to modules/terminal-life/.config/git/config.nix diff --git a/profiles/base-user/.config/git/gitmessage.nix b/modules/terminal-life/.config/git/gitmessage.nix similarity index 100% rename from profiles/base-user/.config/git/gitmessage.nix rename to modules/terminal-life/.config/git/gitmessage.nix diff --git a/profiles/base-user/.config/git/global_gitignore.nix b/modules/terminal-life/.config/git/global_gitignore.nix similarity index 100% rename from profiles/base-user/.config/git/global_gitignore.nix rename to modules/terminal-life/.config/git/global_gitignore.nix diff --git a/profiles/base-user/.local/share/nvim/json-schemas/caddy_schema.json b/modules/terminal-life/.local/share/nvim/json-schemas/caddy_schema.json similarity index 76% rename from profiles/base-user/.local/share/nvim/json-schemas/caddy_schema.json rename to modules/terminal-life/.local/share/nvim/json-schemas/caddy_schema.json index 3f1acb9a..71873a05 100644 --- a/profiles/base-user/.local/share/nvim/json-schemas/caddy_schema.json +++ b/modules/terminal-life/.local/share/nvim/json-schemas/caddy_schema.json @@ -24,409 +24,6 @@ "markdownDescription": "reverse_proxy: `object` \nModule: `admin.api.reverse_proxy`", "type": "object" }, - "cache": { - "description": "cache: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "cache: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object", - "properties": { - "allowed_http_verbs": { - "description": "allowed_http_verbs: array\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "allowed_http_verbs: `array` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "array", - "items": { - "type": "string" - } - }, - "api": { - "description": "api: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "api: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object", - "properties": { - "basepath": { - "description": "basepath: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "basepath: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "prometheus": { - "description": "prometheus: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "prometheus: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object", - "properties": { - "basepath": { - "description": "basepath: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "basepath: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "enable": { - "description": "enable: boolean\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "enable: `boolean` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "boolean" - }, - "security": { - "description": "security: boolean\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "security: `boolean` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "boolean" - } - } - }, - "security": { - "description": "security: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "security: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object", - "properties": { - "basepath": { - "description": "basepath: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "basepath: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "enable": { - "description": "enable: boolean\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "enable: `boolean` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "boolean" - }, - "secret": { - "description": "secret: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "secret: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "users": { - "description": "users: array\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "users: `array` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "array", - "items": { - "type": "object", - "properties": { - "password": { - "description": "password: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "password: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "username": { - "description": "username: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "username: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - } - } - } - } - } - }, - "souin": { - "description": "souin: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "souin: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object", - "properties": { - "basepath": { - "description": "basepath: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "basepath: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "enable": { - "description": "enable: boolean\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "enable: `boolean` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "boolean" - }, - "security": { - "description": "security: boolean\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "security: `boolean` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "boolean" - } - } - } - } - }, - "badger": { - "description": "badger: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "badger: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object", - "properties": { - "configuration": { - "type": [ - "string", - "null" - ], - "description": "configuration: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "configuration: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)" - }, - "path": { - "description": "path: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "path: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "url": { - "description": "url: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "url: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - } - } - }, - "cache_keys": { - "description": "cache_keys: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "cache_keys: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object", - "additionalProperties": { - "properties": { - "disable_body": { - "description": "disable_body: boolean\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "disable_body: `boolean` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "boolean" - }, - "disable_host": { - "description": "disable_host: boolean\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "disable_host: `boolean` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "boolean" - }, - "disable_method": { - "description": "disable_method: boolean\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "disable_method: `boolean` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "boolean" - } - } - } - }, - "cache_name": { - "description": "cache_name: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "cache_name: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "cdn": { - "description": "cdn: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "cdn: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object", - "properties": { - "api_key": { - "description": "api_key: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "api_key: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "dynamic": { - "description": "dynamic: boolean\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "dynamic: `boolean` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "boolean" - }, - "email": { - "description": "email: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "email: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "hostname": { - "description": "hostname: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "hostname: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "network": { - "description": "network: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "network: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "provider": { - "description": "provider: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "provider: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "service_id": { - "description": "service_id: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "service_id: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "strategy": { - "description": "strategy: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "strategy: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "zone_id": { - "description": "zone_id: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "zone_id: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - } - } - }, - "default_cache_control": { - "description": "default_cache_control: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "default_cache_control: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "distributed": { - "description": "distributed: boolean\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "distributed: `boolean` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "boolean" - }, - "etcd": { - "description": "etcd: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "etcd: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object", - "properties": { - "configuration": { - "type": [ - "string", - "null" - ], - "description": "configuration: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "configuration: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)" - }, - "path": { - "description": "path: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "path: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "url": { - "description": "url: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "url: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - } - } - }, - "headers": { - "description": "headers: array\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "headers: `array` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "array", - "items": { - "type": "string" - } - }, - "key": { - "description": "key: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "key: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object", - "properties": { - "disable_body": { - "description": "disable_body: boolean\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "disable_body: `boolean` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "boolean" - }, - "disable_host": { - "description": "disable_host: boolean\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "disable_host: `boolean` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "boolean" - }, - "disable_method": { - "description": "disable_method: boolean\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "disable_method: `boolean` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "boolean" - } - } - }, - "log_level": { - "description": "log_level: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "log_level: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "nuts": { - "description": "nuts: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "nuts: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object", - "properties": { - "configuration": { - "type": [ - "string", - "null" - ], - "description": "configuration: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "configuration: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)" - }, - "path": { - "description": "path: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "path: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "url": { - "description": "url: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "url: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - } - } - }, - "olric": { - "description": "olric: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "olric: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object", - "properties": { - "configuration": { - "type": [ - "string", - "null" - ], - "description": "configuration: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "configuration: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)" - }, - "path": { - "description": "path: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "path: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "url": { - "description": "url: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "url: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - } - } - }, - "redis": { - "description": "redis: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "redis: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object", - "properties": { - "configuration": { - "type": [ - "string", - "null" - ], - "description": "configuration: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "configuration: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)" - }, - "path": { - "description": "path: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "path: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - }, - "url": { - "description": "url: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "url: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - } - } - }, - "regex": { - "description": "regex: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "regex: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object", - "properties": { - "exclude": { - "description": "exclude: string\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "exclude: `string` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "string" - } - } - }, - "stale": { - "description": "stale: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "stale: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object" - }, - "timeout": { - "description": "timeout: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "timeout: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object", - "properties": { - "backend": { - "description": "backend: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "backend: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object" - }, - "cache": { - "description": "cache: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "cache: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object" - } - } - }, - "ttl": { - "description": "ttl: object\nModule: cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp", - "markdownDescription": "ttl: `object` \nModule: `cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinApp)", - "type": "object" - } - } - }, "caddy.adapters.caddyfile": { "description": "caddyfile: object\nModule: caddy.adapters.caddyfile", "markdownDescription": "caddyfile: `object` \nModule: `caddy.adapters.caddyfile`", @@ -578,18 +175,6 @@ "filter" ], "allOf": [ - { - "if": { - "properties": { - "filter": { - "const": "regexp" - } - } - }, - "then": { - "$ref": "#/definitions/caddy.logging.encoders.filter.regexp" - } - }, { "if": { "properties": { @@ -674,6 +259,18 @@ "$ref": "#/definitions/caddy.logging.encoders.filter.query" } }, + { + "if": { + "properties": { + "filter": { + "const": "regexp" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.filter.regexp" + } + }, { "properties": { "filter": { @@ -681,14 +278,14 @@ "markdownDescription": "key to identify `fields` module. \nfilter: `string` \nModule: `caddy.logging.encoders.filter`", "type": "string", "enum": [ - "regexp", "rename", "replace", "cookie", "delete", "hash", "ip_mask", - "query" + "query", + "regexp" ] } } @@ -704,6 +301,18 @@ "format" ], "allOf": [ + { + "if": { + "properties": { + "format": { + "const": "json" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.encoders.json" + } + }, { "if": { "properties": { @@ -728,18 +337,6 @@ "$ref": "#/definitions/caddy.logging.encoders.filter" } }, - { - "if": { - "properties": { - "format": { - "const": "json" - } - } - }, - "then": { - "$ref": "#/definitions/caddy.logging.encoders.json" - } - }, { "properties": { "format": { @@ -747,9 +344,9 @@ "markdownDescription": "key to identify `wrap` module. \nformat: `string` \nModule: `caddy.logging.encoders`", "type": "string", "enum": [ + "json", "console", - "filter", - "json" + "filter" ] } } @@ -1083,57 +680,14 @@ } } }, - "events": { - "description": "events: object\nModule: events\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyevents#App\nApp implements a global eventing system within Caddy.\nModules can emit and subscribe to events, providing\nhooks into deep parts of the code base that aren't\notherwise accessible. Events provide information about\nwhat and when things are happening, and this facility\nallows handlers to take action when events occur,\nadd information to the event's metadata, and even\ncontrol program flow in some cases.\n\nEvents are propagated in a DOM-like fashion. An event\nemitted from module `a.b.c` (the \"origin\") will first\ninvoke handlers listening to `a.b.c`, then `a.b`,\nthen `a`, then those listening regardless of origin.\nIf a handler returns the special error Aborted, then\npropagation immediately stops and the event is marked\nas aborted. Emitters may optionally choose to adjust\nprogram flow based on an abort.\n\nModules can subscribe to events by origin and/or name.\nA handler is invoked only if it is subscribed to the\nevent by name and origin. Subscriptions should be\nregistered during the provisioning phase, before apps\nare started.\n\nEvent handlers are fired synchronously as part of the\nregular flow of the program. This allows event handlers\nto control the flow of the program if the origin permits\nit and also allows handlers to convey new information\nback into the origin module before it continues.\nIn essence, event handlers are similar to HTTP\nmiddleware handlers.\n\nEvent bindings/subscribers are unordered; i.e.\nevent handlers are invoked in an arbitrary order.\nEvent handlers should not rely on the logic of other\nhandlers to succeed.\n\nThe entirety of this app module is EXPERIMENTAL and\nsubject to change. Pay attention to release notes.\n\n", - "markdownDescription": "events: `object` \nModule: `events` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyevents#App) \nApp implements a global eventing system within Caddy.\nModules can emit and subscribe to events, providing\nhooks into deep parts of the code base that aren't\notherwise accessible. Events provide information about\nwhat and when things are happening, and this facility\nallows handlers to take action when events occur,\nadd information to the event's metadata, and even\ncontrol program flow in some cases.\n\nEvents are propagated in a DOM-like fashion. An event\nemitted from module `a.b.c` (the \"origin\") will first\ninvoke handlers listening to `a.b.c`, then `a.b`,\nthen `a`, then those listening regardless of origin.\nIf a handler returns the special error Aborted, then\npropagation immediately stops and the event is marked\nas aborted. Emitters may optionally choose to adjust\nprogram flow based on an abort.\n\nModules can subscribe to events by origin and/or name.\nA handler is invoked only if it is subscribed to the\nevent by name and origin. Subscriptions should be\nregistered during the provisioning phase, before apps\nare started.\n\nEvent handlers are fired synchronously as part of the\nregular flow of the program. This allows event handlers\nto control the flow of the program if the origin permits\nit and also allows handlers to convey new information\nback into the origin module before it continues.\nIn essence, event handlers are similar to HTTP\nmiddleware handlers.\n\nEvent bindings/subscribers are unordered; i.e.\nevent handlers are invoked in an arbitrary order.\nEvent handlers should not rely on the logic of other\nhandlers to succeed.\n\nThe entirety of this app module is EXPERIMENTAL and\nsubject to change. Pay attention to release notes.\n \n", - "type": "object", - "properties": { - "subscriptions": { - "description": "subscriptions: array\nModule: events\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyevents#Subscription\nSubscriptions bind handlers to one or more events\neither globally or scoped to specific modules or module\nnamespaces.\n\n\nSubscription represents binding of one or more handlers to\none or more events.\n", - "markdownDescription": "subscriptions: `array` \nModule: `events` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyevents#Subscription) \nSubscriptions bind handlers to one or more events\neither globally or scoped to specific modules or module\nnamespaces.\n\n\nSubscription represents binding of one or more handlers to\none or more events. \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyevents#Subscription\nSubscriptions bind handlers to one or more events\neither globally or scoped to specific modules or module\nnamespaces.\n\n\nSubscription represents binding of one or more handlers to\none or more events.\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyevents#Subscription) \nSubscriptions bind handlers to one or more events\neither globally or scoped to specific modules or module\nnamespaces.\n\n\nSubscription represents binding of one or more handlers to\none or more events. \n", - "type": "object", - "properties": { - "events": { - "description": "events: array\nModule: events\nThe name(s) of the event(s) to bind to. Default: all events.\n", - "markdownDescription": "events: `array` \nModule: `events` \nThe name(s) of the event(s) to bind to. Default: all events. \n", - "type": "array", - "items": { - "description": "The name(s) of the event(s) to bind to. Default: all events.\n", - "markdownDescription": "The name(s) of the event(s) to bind to. Default: all events. \n", - "type": "string" - } - }, - "handlers": { - "description": "handlers: any\nModule: events.handlers\nThe event handler modules. These implement the actual\nbehavior to invoke when an event occurs. At least one\nhandler is required.\n", - "markdownDescription": "handlers: `any` \nModule: `events.handlers` \nThe event handler modules. These implement the actual\nbehavior to invoke when an event occurs. At least one\nhandler is required. \n" - }, - "modules": { - "description": "modules: array\nModule: events\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleID\nThe ID or namespace of the module(s) from which events\noriginate to listen to for events. Default: all modules.\n\nEvents propagate up, so events emitted by module \"a.b.c\"\nwill also trigger the event for \"a.b\" and \"a\". Thus, to\nreceive all events from \"a.b.c\" and \"a.b.d\", for example,\none can subscribe to either \"a.b\" or all of \"a\" entirely.\n\n\nModuleID is a string that uniquely identifies a Caddy module. A\nmodule ID is lightly structured. It consists of dot-separated\nlabels which form a simple hierarchy from left to right. The last\nlabel is the module name, and the labels before that constitute\nthe namespace (or scope).\n\nThus, a module ID has the form: \u003cnamespace\u003e.\u003cname\u003e\n\nAn ID with no dot has the empty namespace, which is appropriate\nfor app modules (these are \"top-level\" modules that Caddy core\nloads and runs).\n\nModule IDs should be lowercase and use underscores (_) instead of\nspaces.\n\nExamples of valid IDs:\n- http\n- http.handlers.file_server\n- caddy.logging.encoders.json\n", - "markdownDescription": "modules: `array` \nModule: `events` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleID) \nThe ID or namespace of the module(s) from which events\noriginate to listen to for events. Default: all modules.\n\nEvents propagate up, so events emitted by module \"a.b.c\"\nwill also trigger the event for \"a.b\" and \"a\". Thus, to\nreceive all events from \"a.b.c\" and \"a.b.d\", for example,\none can subscribe to either \"a.b\" or all of \"a\" entirely.\n\n\nModuleID is a string that uniquely identifies a Caddy module. A\nmodule ID is lightly structured. It consists of dot-separated\nlabels which form a simple hierarchy from left to right. The last\nlabel is the module name, and the labels before that constitute\nthe namespace (or scope).\n\nThus, a module ID has the form: \u003cnamespace\u003e.\u003cname\u003e\n\nAn ID with no dot has the empty namespace, which is appropriate\nfor app modules (these are \"top-level\" modules that Caddy core\nloads and runs).\n\nModule IDs should be lowercase and use underscores (_) instead of\nspaces.\n\nExamples of valid IDs:\n- http\n- http.handlers.file_server\n- caddy.logging.encoders.json \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleID\nThe ID or namespace of the module(s) from which events\noriginate to listen to for events. Default: all modules.\n\nEvents propagate up, so events emitted by module \"a.b.c\"\nwill also trigger the event for \"a.b\" and \"a\". Thus, to\nreceive all events from \"a.b.c\" and \"a.b.d\", for example,\none can subscribe to either \"a.b\" or all of \"a\" entirely.\n\n\nModuleID is a string that uniquely identifies a Caddy module. A\nmodule ID is lightly structured. It consists of dot-separated\nlabels which form a simple hierarchy from left to right. The last\nlabel is the module name, and the labels before that constitute\nthe namespace (or scope).\n\nThus, a module ID has the form: \u003cnamespace\u003e.\u003cname\u003e\n\nAn ID with no dot has the empty namespace, which is appropriate\nfor app modules (these are \"top-level\" modules that Caddy core\nloads and runs).\n\nModule IDs should be lowercase and use underscores (_) instead of\nspaces.\n\nExamples of valid IDs:\n- http\n- http.handlers.file_server\n- caddy.logging.encoders.json\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleID) \nThe ID or namespace of the module(s) from which events\noriginate to listen to for events. Default: all modules.\n\nEvents propagate up, so events emitted by module \"a.b.c\"\nwill also trigger the event for \"a.b\" and \"a\". Thus, to\nreceive all events from \"a.b.c\" and \"a.b.d\", for example,\none can subscribe to either \"a.b\" or all of \"a\" entirely.\n\n\nModuleID is a string that uniquely identifies a Caddy module. A\nmodule ID is lightly structured. It consists of dot-separated\nlabels which form a simple hierarchy from left to right. The last\nlabel is the module name, and the labels before that constitute\nthe namespace (or scope).\n\nThus, a module ID has the form: \u003cnamespace\u003e.\u003cname\u003e\n\nAn ID with no dot has the empty namespace, which is appropriate\nfor app modules (these are \"top-level\" modules that Caddy core\nloads and runs).\n\nModule IDs should be lowercase and use underscores (_) instead of\nspaces.\n\nExamples of valid IDs:\n- http\n- http.handlers.file_server\n- caddy.logging.encoders.json \n", - "type": "string" - } - } - } - } - } - } - }, "http": { - "description": "http: object\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#App\nApp is a robust, production-ready HTTP server.\n\nHTTPS is enabled by default if host matchers with qualifying names are used\nin any of routes; certificates are automatically provisioned and renewed.\nAdditionally, automatic HTTPS will also enable HTTPS for servers that listen\nonly on the HTTPS port but which do not have any TLS connection policies\ndefined by adding a good, default TLS connection policy.\n\nIn HTTP routes, additional placeholders are available (replace any `*`):\n\nPlaceholder | Description\n------------|---------------\n`{http.request.body}` | The request body (⚠️ inefficient; use only for debugging)\n`{http.request.cookie.*}` | HTTP request cookie\n`{http.request.duration}` | Time up to now spent handling the request (after decoding headers from client)\n`{http.request.duration_ms}` | Same as 'duration', but in milliseconds.\n`{http.request.uuid}` | The request unique identifier\n`{http.request.header.*}` | Specific request header field\n`{http.request.host.labels.*}` | Request host labels (0-based from right); e.g. for foo.example.com: 0=com, 1=example, 2=foo\n`{http.request.host}` | The host part of the request's Host header\n`{http.request.hostport}` | The host and port from the request's Host header\n`{http.request.method}` | The request method\n`{http.request.orig_method}` | The request's original method\n`{http.request.orig_uri.path.dir}` | The request's original directory\n`{http.request.orig_uri.path.file}` | The request's original filename\n`{http.request.orig_uri.path}` | The request's original path\n`{http.request.orig_uri.query}` | The request's original query string (without `?`)\n`{http.request.orig_uri}` | The request's original URI\n`{http.request.port}` | The port part of the request's Host header\n`{http.request.proto}` | The protocol of the request\n`{http.request.remote.host}` | The host part of the remote client's address\n`{http.request.remote.port}` | The port part of the remote client's address\n`{http.request.remote}` | The address of the remote client\n`{http.request.scheme}` | The request scheme\n`{http.request.tls.version}` | The TLS version name\n`{http.request.tls.cipher_suite}` | The TLS cipher suite\n`{http.request.tls.resumed}` | The TLS connection resumed a previous connection\n`{http.request.tls.proto}` | The negotiated next protocol\n`{http.request.tls.proto_mutual}` | The negotiated next protocol was advertised by the server\n`{http.request.tls.server_name}` | The server name requested by the client, if any\n`{http.request.tls.client.fingerprint}` | The SHA256 checksum of the client certificate\n`{http.request.tls.client.public_key}` | The public key of the client certificate.\n`{http.request.tls.client.public_key_sha256}` | The SHA256 checksum of the client's public key.\n`{http.request.tls.client.certificate_pem}` | The PEM-encoded value of the certificate.\n`{http.request.tls.client.certificate_der_base64}` | The base64-encoded value of the certificate.\n`{http.request.tls.client.issuer}` | The issuer DN of the client certificate\n`{http.request.tls.client.serial}` | The serial number of the client certificate\n`{http.request.tls.client.subject}` | The subject DN of the client certificate\n`{http.request.tls.client.san.dns_names.*}` | SAN DNS names(index optional)\n`{http.request.tls.client.san.emails.*}` | SAN email addresses (index optional)\n`{http.request.tls.client.san.ips.*}` | SAN IP addresses (index optional)\n`{http.request.tls.client.san.uris.*}` | SAN URIs (index optional)\n`{http.request.uri.path.*}` | Parts of the path, split by `/` (0-based from left)\n`{http.request.uri.path.dir}` | The directory, excluding leaf filename\n`{http.request.uri.path.file}` | The filename of the path, excluding directory\n`{http.request.uri.path}` | The path component of the request URI\n`{http.request.uri.query.*}` | Individual query string value\n`{http.request.uri.query}` | The query string (without `?`)\n`{http.request.uri}` | The full request URI\n`{http.response.header.*}` | Specific response header field\n`{http.vars.*}` | Custom variables in the HTTP handler chain\n`{http.shutting_down}` | True if the HTTP app is shutting down\n`{http.time_until_shutdown}` | Time until HTTP server shutdown, if scheduled\n\n", - "markdownDescription": "http: `object` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#App) \nApp is a robust, production-ready HTTP server.\n\nHTTPS is enabled by default if host matchers with qualifying names are used\nin any of routes; certificates are automatically provisioned and renewed.\nAdditionally, automatic HTTPS will also enable HTTPS for servers that listen\nonly on the HTTPS port but which do not have any TLS connection policies\ndefined by adding a good, default TLS connection policy.\n\nIn HTTP routes, additional placeholders are available (replace any `*`):\n\nPlaceholder | Description\n------------|---------------\n`{http.request.body}` | The request body (⚠️ inefficient; use only for debugging)\n`{http.request.cookie.*}` | HTTP request cookie\n`{http.request.duration}` | Time up to now spent handling the request (after decoding headers from client)\n`{http.request.duration_ms}` | Same as 'duration', but in milliseconds.\n`{http.request.uuid}` | The request unique identifier\n`{http.request.header.*}` | Specific request header field\n`{http.request.host.labels.*}` | Request host labels (0-based from right); e.g. for foo.example.com: 0=com, 1=example, 2=foo\n`{http.request.host}` | The host part of the request's Host header\n`{http.request.hostport}` | The host and port from the request's Host header\n`{http.request.method}` | The request method\n`{http.request.orig_method}` | The request's original method\n`{http.request.orig_uri.path.dir}` | The request's original directory\n`{http.request.orig_uri.path.file}` | The request's original filename\n`{http.request.orig_uri.path}` | The request's original path\n`{http.request.orig_uri.query}` | The request's original query string (without `?`)\n`{http.request.orig_uri}` | The request's original URI\n`{http.request.port}` | The port part of the request's Host header\n`{http.request.proto}` | The protocol of the request\n`{http.request.remote.host}` | The host part of the remote client's address\n`{http.request.remote.port}` | The port part of the remote client's address\n`{http.request.remote}` | The address of the remote client\n`{http.request.scheme}` | The request scheme\n`{http.request.tls.version}` | The TLS version name\n`{http.request.tls.cipher_suite}` | The TLS cipher suite\n`{http.request.tls.resumed}` | The TLS connection resumed a previous connection\n`{http.request.tls.proto}` | The negotiated next protocol\n`{http.request.tls.proto_mutual}` | The negotiated next protocol was advertised by the server\n`{http.request.tls.server_name}` | The server name requested by the client, if any\n`{http.request.tls.client.fingerprint}` | The SHA256 checksum of the client certificate\n`{http.request.tls.client.public_key}` | The public key of the client certificate.\n`{http.request.tls.client.public_key_sha256}` | The SHA256 checksum of the client's public key.\n`{http.request.tls.client.certificate_pem}` | The PEM-encoded value of the certificate.\n`{http.request.tls.client.certificate_der_base64}` | The base64-encoded value of the certificate.\n`{http.request.tls.client.issuer}` | The issuer DN of the client certificate\n`{http.request.tls.client.serial}` | The serial number of the client certificate\n`{http.request.tls.client.subject}` | The subject DN of the client certificate\n`{http.request.tls.client.san.dns_names.*}` | SAN DNS names(index optional)\n`{http.request.tls.client.san.emails.*}` | SAN email addresses (index optional)\n`{http.request.tls.client.san.ips.*}` | SAN IP addresses (index optional)\n`{http.request.tls.client.san.uris.*}` | SAN URIs (index optional)\n`{http.request.uri.path.*}` | Parts of the path, split by `/` (0-based from left)\n`{http.request.uri.path.dir}` | The directory, excluding leaf filename\n`{http.request.uri.path.file}` | The filename of the path, excluding directory\n`{http.request.uri.path}` | The path component of the request URI\n`{http.request.uri.query.*}` | Individual query string value\n`{http.request.uri.query}` | The query string (without `?`)\n`{http.request.uri}` | The full request URI\n`{http.response.header.*}` | Specific response header field\n`{http.vars.*}` | Custom variables in the HTTP handler chain\n`{http.shutting_down}` | True if the HTTP app is shutting down\n`{http.time_until_shutdown}` | Time until HTTP server shutdown, if scheduled\n \n", + "description": "http: object\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#App\nApp is a robust, production-ready HTTP server.\n\nHTTPS is enabled by default if host matchers with qualifying names are used\nin any of routes; certificates are automatically provisioned and renewed.\nAdditionally, automatic HTTPS will also enable HTTPS for servers that listen\nonly on the HTTPS port but which do not have any TLS connection policies\ndefined by adding a good, default TLS connection policy.\n\nIn HTTP routes, additional placeholders are available (replace any `*`):\n\nPlaceholder | Description\n------------|---------------\n`{http.request.body}` | The request body (⚠️ inefficient; use only for debugging)\n`{http.request.cookie.*}` | HTTP request cookie\n`{http.request.duration}` | Time up to now spent handling the request (after decoding headers from client)\n`{http.request.duration_ms}` | Same as 'duration', but in milliseconds.\n`{http.request.uuid}` | The request unique identifier\n`{http.request.header.*}` | Specific request header field\n`{http.request.host.labels.*}` | Request host labels (0-based from right); e.g. for foo.example.com: 0=com, 1=example, 2=foo\n`{http.request.host}` | The host part of the request's Host header\n`{http.request.hostport}` | The host and port from the request's Host header\n`{http.request.method}` | The request method\n`{http.request.orig_method}` | The request's original method\n`{http.request.orig_uri.path.dir}` | The request's original directory\n`{http.request.orig_uri.path.file}` | The request's original filename\n`{http.request.orig_uri.path}` | The request's original path\n`{http.request.orig_uri.query}` | The request's original query string (without `?`)\n`{http.request.orig_uri}` | The request's original URI\n`{http.request.port}` | The port part of the request's Host header\n`{http.request.proto}` | The protocol of the request\n`{http.request.remote.host}` | The host part of the remote client's address\n`{http.request.remote.port}` | The port part of the remote client's address\n`{http.request.remote}` | The address of the remote client\n`{http.request.scheme}` | The request scheme\n`{http.request.tls.version}` | The TLS version name\n`{http.request.tls.cipher_suite}` | The TLS cipher suite\n`{http.request.tls.resumed}` | The TLS connection resumed a previous connection\n`{http.request.tls.proto}` | The negotiated next protocol\n`{http.request.tls.proto_mutual}` | The negotiated next protocol was advertised by the server\n`{http.request.tls.server_name}` | The server name requested by the client, if any\n`{http.request.tls.client.fingerprint}` | The SHA256 checksum of the client certificate\n`{http.request.tls.client.public_key}` | The public key of the client certificate.\n`{http.request.tls.client.public_key_sha256}` | The SHA256 checksum of the client's public key.\n`{http.request.tls.client.certificate_pem}` | The PEM-encoded value of the certificate.\n`{http.request.tls.client.certificate_der_base64}` | The base64-encoded value of the certificate.\n`{http.request.tls.client.issuer}` | The issuer DN of the client certificate\n`{http.request.tls.client.serial}` | The serial number of the client certificate\n`{http.request.tls.client.subject}` | The subject DN of the client certificate\n`{http.request.tls.client.san.dns_names.*}` | SAN DNS names(index optional)\n`{http.request.tls.client.san.emails.*}` | SAN email addresses (index optional)\n`{http.request.tls.client.san.ips.*}` | SAN IP addresses (index optional)\n`{http.request.tls.client.san.uris.*}` | SAN URIs (index optional)\n`{http.request.uri.path.*}` | Parts of the path, split by `/` (0-based from left)\n`{http.request.uri.path.dir}` | The directory, excluding leaf filename\n`{http.request.uri.path.file}` | The filename of the path, excluding directory\n`{http.request.uri.path}` | The path component of the request URI\n`{http.request.uri.query.*}` | Individual query string value\n`{http.request.uri.query}` | The query string (without `?`)\n`{http.request.uri}` | The full request URI\n`{http.response.header.*}` | Specific response header field\n`{http.vars.*}` | Custom variables in the HTTP handler chain\n\n", + "markdownDescription": "http: `object` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#App) \nApp is a robust, production-ready HTTP server.\n\nHTTPS is enabled by default if host matchers with qualifying names are used\nin any of routes; certificates are automatically provisioned and renewed.\nAdditionally, automatic HTTPS will also enable HTTPS for servers that listen\nonly on the HTTPS port but which do not have any TLS connection policies\ndefined by adding a good, default TLS connection policy.\n\nIn HTTP routes, additional placeholders are available (replace any `*`):\n\nPlaceholder | Description\n------------|---------------\n`{http.request.body}` | The request body (⚠️ inefficient; use only for debugging)\n`{http.request.cookie.*}` | HTTP request cookie\n`{http.request.duration}` | Time up to now spent handling the request (after decoding headers from client)\n`{http.request.duration_ms}` | Same as 'duration', but in milliseconds.\n`{http.request.uuid}` | The request unique identifier\n`{http.request.header.*}` | Specific request header field\n`{http.request.host.labels.*}` | Request host labels (0-based from right); e.g. for foo.example.com: 0=com, 1=example, 2=foo\n`{http.request.host}` | The host part of the request's Host header\n`{http.request.hostport}` | The host and port from the request's Host header\n`{http.request.method}` | The request method\n`{http.request.orig_method}` | The request's original method\n`{http.request.orig_uri.path.dir}` | The request's original directory\n`{http.request.orig_uri.path.file}` | The request's original filename\n`{http.request.orig_uri.path}` | The request's original path\n`{http.request.orig_uri.query}` | The request's original query string (without `?`)\n`{http.request.orig_uri}` | The request's original URI\n`{http.request.port}` | The port part of the request's Host header\n`{http.request.proto}` | The protocol of the request\n`{http.request.remote.host}` | The host part of the remote client's address\n`{http.request.remote.port}` | The port part of the remote client's address\n`{http.request.remote}` | The address of the remote client\n`{http.request.scheme}` | The request scheme\n`{http.request.tls.version}` | The TLS version name\n`{http.request.tls.cipher_suite}` | The TLS cipher suite\n`{http.request.tls.resumed}` | The TLS connection resumed a previous connection\n`{http.request.tls.proto}` | The negotiated next protocol\n`{http.request.tls.proto_mutual}` | The negotiated next protocol was advertised by the server\n`{http.request.tls.server_name}` | The server name requested by the client, if any\n`{http.request.tls.client.fingerprint}` | The SHA256 checksum of the client certificate\n`{http.request.tls.client.public_key}` | The public key of the client certificate.\n`{http.request.tls.client.public_key_sha256}` | The SHA256 checksum of the client's public key.\n`{http.request.tls.client.certificate_pem}` | The PEM-encoded value of the certificate.\n`{http.request.tls.client.certificate_der_base64}` | The base64-encoded value of the certificate.\n`{http.request.tls.client.issuer}` | The issuer DN of the client certificate\n`{http.request.tls.client.serial}` | The serial number of the client certificate\n`{http.request.tls.client.subject}` | The subject DN of the client certificate\n`{http.request.tls.client.san.dns_names.*}` | SAN DNS names(index optional)\n`{http.request.tls.client.san.emails.*}` | SAN email addresses (index optional)\n`{http.request.tls.client.san.ips.*}` | SAN IP addresses (index optional)\n`{http.request.tls.client.san.uris.*}` | SAN URIs (index optional)\n`{http.request.uri.path.*}` | Parts of the path, split by `/` (0-based from left)\n`{http.request.uri.path.dir}` | The directory, excluding leaf filename\n`{http.request.uri.path.file}` | The filename of the path, excluding directory\n`{http.request.uri.path}` | The path component of the request URI\n`{http.request.uri.query.*}` | Individual query string value\n`{http.request.uri.query}` | The query string (without `?`)\n`{http.request.uri}` | The full request URI\n`{http.response.header.*}` | Specific response header field\n`{http.vars.*}` | Custom variables in the HTTP handler chain\n \n", "type": "object", "properties": { "grace_period": { - "description": "grace_period: number\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nGracePeriod is how long to wait for active connections when shutting\ndown the servers. During the grace period, no new connections are\naccepted, idle connections are closed, and active connections will\nbe given the full length of time to become idle and close.\nOnce the grace period is over, connections will be forcefully closed.\nIf zero, the grace period is eternal. Default: 0.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", - "markdownDescription": "grace_period: `number` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nGracePeriod is how long to wait for active connections when shutting\ndown the servers. During the grace period, no new connections are\naccepted, idle connections are closed, and active connections will\nbe given the full length of time to become idle and close.\nOnce the grace period is over, connections will be forcefully closed.\nIf zero, the grace period is eternal. Default: 0.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "description": "grace_period: number\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nGracePeriod is how long to wait for active connections when shutting\ndown the server. Once the grace period is over, connections will\nbe forcefully closed.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "grace_period: `number` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nGracePeriod is how long to wait for active connections when shutting\ndown the server. Once the grace period is over, connections will\nbe forcefully closed.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", "type": "number" }, "http_port": { @@ -1154,6 +708,11 @@ "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Server\nServers is the list of servers, keyed by arbitrary names chosen\nat your discretion for your own convenience; the keys do not\naffect functionality.\n\n\nServer describes an HTTP server.\n", "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Server) \nServers is the list of servers, keyed by arbitrary names chosen\nat your discretion for your own convenience; the keys do not\naffect functionality.\n\n\nServer describes an HTTP server. \n", "properties": { + "allow_h2c": { + "description": "allow_h2c: boolean\nModule: http\nEnables H2C (\"Cleartext HTTP/2\" or \"H2 over TCP\") support,\nwhich will serve HTTP/2 over plaintext TCP connections if\nthe client supports it. Because this is not implemented by the\nGo standard library, using H2C is incompatible with most\nof the other options for this server. Do not enable this\nonly to achieve maximum client compatibility. In practice,\nvery few clients implement H2C, and even fewer require it.\nThis setting applies only to unencrypted HTTP listeners.\n⚠️ Experimental feature; subject to change or removal.\n", + "markdownDescription": "allow_h2c: `boolean` \nModule: `http` \nEnables H2C (\"Cleartext HTTP/2\" or \"H2 over TCP\") support,\nwhich will serve HTTP/2 over plaintext TCP connections if\nthe client supports it. Because this is not implemented by the\nGo standard library, using H2C is incompatible with most\nof the other options for this server. Do not enable this\nonly to achieve maximum client compatibility. In practice,\nvery few clients implement H2C, and even fewer require it.\nThis setting applies only to unencrypted HTTP listeners.\n⚠️ Experimental feature; subject to change or removal. \n", + "type": "boolean" + }, "automatic_https": { "description": "automatic_https: object\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#AutoHTTPSConfig\nAutoHTTPS configures or disables automatic HTTPS within this server.\nHTTPS is enabled automatically and by default when qualifying names\nare present in a Host matcher and/or when the server is listening\nonly on the HTTPS port.\n\n\nAutoHTTPSConfig is used to disable automatic HTTPS\nor certain aspects of it for a specific server.\nHTTPS is enabled automatically and by default when\nqualifying hostnames are available from the config.\n", "markdownDescription": "automatic_https: `object` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#AutoHTTPSConfig) \nAutoHTTPS configures or disables automatic HTTPS within this server.\nHTTPS is enabled automatically and by default when qualifying names\nare present in a Host matcher and/or when the server is listening\nonly on the HTTPS port.\n\n\nAutoHTTPSConfig is used to disable automatic HTTPS\nor certain aspects of it for a specific server.\nHTTPS is enabled automatically and by default when\nqualifying hostnames are available from the config. \n", @@ -1231,90 +790,6 @@ "handler" ], "allOf": [ - { - "if": { - "properties": { - "handler": { - "const": "reverse_proxy" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.reverse_proxy" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "subroute" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.subroute" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "templates" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.templates" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "tracing" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.tracing" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "authentication" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.authentication" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "copy_response_headers" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.copy_response_headers" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "file_server" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.file_server" - } - }, { "if": { "properties": { @@ -1343,36 +818,12 @@ "if": { "properties": { "handler": { - "const": "rate_limit" + "const": "request_body" } } }, "then": { - "$ref": "#/definitions/http.handlers.rate_limit" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "map" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.map" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "push" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.push" + "$ref": "#/definitions/http.handlers.request_body" } }, { @@ -1391,24 +842,24 @@ "if": { "properties": { "handler": { - "const": "cache" + "const": "subroute" } } }, "then": { - "$ref": "#/definitions/http.handlers.cache" + "$ref": "#/definitions/http.handlers.subroute" } }, { "if": { "properties": { "handler": { - "const": "copy_response" + "const": "tracing" } } }, "then": { - "$ref": "#/definitions/http.handlers.copy_response" + "$ref": "#/definitions/http.handlers.tracing" } }, { @@ -1423,6 +874,54 @@ "$ref": "#/definitions/http.handlers.encode" } }, + { + "if": { + "properties": { + "handler": { + "const": "static_response" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.static_response" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "authentication" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.authentication" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response_headers" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response_headers" + } + }, { "if": { "properties": { @@ -1439,12 +938,48 @@ "if": { "properties": { "handler": { - "const": "vars" + "const": "file_server" } } }, "then": { - "$ref": "#/definitions/http.handlers.vars" + "$ref": "#/definitions/http.handlers.file_server" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "map" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.map" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "reverse_proxy" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.reverse_proxy" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "templates" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.templates" } }, { @@ -1463,36 +998,24 @@ "if": { "properties": { "handler": { - "const": "authenticator" + "const": "vars" } } }, "then": { - "$ref": "#/definitions/http.handlers.authenticator" + "$ref": "#/definitions/http.handlers.vars" } }, { "if": { "properties": { "handler": { - "const": "request_body" + "const": "push" } } }, "then": { - "$ref": "#/definitions/http.handlers.request_body" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "static_response" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.static_response" + "$ref": "#/definitions/http.handlers.push" } }, { @@ -1502,28 +1025,25 @@ "markdownDescription": "key to identify `handle` module. \nhandler: `string` \nModule: `http.handlers`", "type": "string", "enum": [ - "reverse_proxy", - "subroute", - "templates", - "tracing", - "authentication", - "copy_response_headers", - "file_server", "headers", "metrics", - "rate_limit", - "map", - "push", - "rewrite", - "cache", - "copy_response", - "encode", - "error", - "vars", - "acme_server", - "authenticator", "request_body", - "static_response" + "rewrite", + "subroute", + "tracing", + "encode", + "static_response", + "authentication", + "copy_response", + "copy_response_headers", + "error", + "file_server", + "map", + "reverse_proxy", + "templates", + "acme_server", + "vars", + "push" ] } } @@ -1594,16 +1114,16 @@ } } }, + "experimental_http3": { + "description": "experimental_http3: boolean\nModule: http\nEnable experimental HTTP/3 support. Note that HTTP/3 is not a\nfinished standard and has extremely limited client support.\nThis field is not subject to compatibility promises.\n", + "markdownDescription": "experimental_http3: `boolean` \nModule: `http` \nEnable experimental HTTP/3 support. Note that HTTP/3 is not a\nfinished standard and has extremely limited client support.\nThis field is not subject to compatibility promises. \n", + "type": "boolean" + }, "idle_timeout": { "description": "idle_timeout: number\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nIdleTimeout is the maximum time to wait for the next request\nwhen keep-alives are enabled. If zero, a default timeout of\n5m is applied to help avoid resource exhaustion.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", "markdownDescription": "idle_timeout: `number` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nIdleTimeout is the maximum time to wait for the next request\nwhen keep-alives are enabled. If zero, a default timeout of\n5m is applied to help avoid resource exhaustion.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", "type": "number" }, - "keepalive_interval": { - "description": "keepalive_interval: number\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nKeepAliveInterval is the interval at which TCP keepalive packets\nare sent to keep the connection alive at the TCP layer when no other\ndata is being transmitted. The default is 15s.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", - "markdownDescription": "keepalive_interval: `number` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nKeepAliveInterval is the interval at which TCP keepalive packets\nare sent to keep the connection alive at the TCP layer when no other\ndata is being transmitted. The default is 15s.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", - "type": "number" - }, "listen": { "description": "listen: array\nModule: http\nSocket addresses to which to bind listeners. Accepts\n[network addresses](/docs/conventions#network-addresses)\nthat may include port ranges. Listener addresses must\nbe unique; they cannot be repeated across all defined\nservers.\n", "markdownDescription": "listen: `array` \nModule: `http` \nSocket addresses to which to bind listeners. Accepts\n[network addresses](/docs/conventions#network-addresses)\nthat may include port ranges. Listener addresses must\nbe unique; they cannot be repeated across all defined\nservers. \n", @@ -1711,21 +1231,6 @@ "markdownDescription": "max_header_bytes: `number` \nModule: `http` \nMaxHeaderBytes is the maximum size to parse from a client's\nHTTP request headers. \n", "type": "number" }, - "metrics": { - "description": "metrics: object\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Metrics\nIf set, metrics observations will be enabled.\nThis setting is EXPERIMENTAL and subject to change.\n\n\nMetrics configures metrics observations.\nEXPERIMENTAL and subject to change or removal.\n", - "markdownDescription": "metrics: `object` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#Metrics) \nIf set, metrics observations will be enabled.\nThis setting is EXPERIMENTAL and subject to change.\n\n\nMetrics configures metrics observations.\nEXPERIMENTAL and subject to change or removal. \n", - "type": "object" - }, - "protocols": { - "description": "protocols: array\nModule: http\nProtocols specifies which HTTP protocols to enable.\nSupported values are:\n\n- `h1` (HTTP/1.1)\n- `h2` (HTTP/2)\n- `h2c` (cleartext HTTP/2)\n- `h3` (HTTP/3)\n\nIf enabling `h2` or `h2c`, `h1` must also be enabled;\nthis is due to current limitations in the Go standard\nlibrary.\n\nHTTP/2 operates only over TLS (HTTPS). HTTP/3 opens\na UDP socket to serve QUIC connections.\n\nH2C operates over plain TCP if the client supports it;\nhowever, because this is not implemented by the Go\nstandard library, other server options are not compatible\nand will not be applied to H2C requests. Do not enable this\nonly to achieve maximum client compatibility. In practice,\nvery few clients implement H2C, and even fewer require it.\nEnabling H2C can be useful for serving/proxying gRPC\nif encryption is not possible or desired.\n\nWe recommend for most users to simply let Caddy use the\ndefault settings.\n\nDefault: `[h1 h2 h3]`\n", - "markdownDescription": "protocols: `array` \nModule: `http` \nProtocols specifies which HTTP protocols to enable.\nSupported values are:\n\n- `h1` (HTTP/1.1)\n- `h2` (HTTP/2)\n- `h2c` (cleartext HTTP/2)\n- `h3` (HTTP/3)\n\nIf enabling `h2` or `h2c`, `h1` must also be enabled;\nthis is due to current limitations in the Go standard\nlibrary.\n\nHTTP/2 operates only over TLS (HTTPS). HTTP/3 opens\na UDP socket to serve QUIC connections.\n\nH2C operates over plain TCP if the client supports it;\nhowever, because this is not implemented by the Go\nstandard library, other server options are not compatible\nand will not be applied to H2C requests. Do not enable this\nonly to achieve maximum client compatibility. In practice,\nvery few clients implement H2C, and even fewer require it.\nEnabling H2C can be useful for serving/proxying gRPC\nif encryption is not possible or desired.\n\nWe recommend for most users to simply let Caddy use the\ndefault settings.\n\nDefault: `[h1 h2 h3]` \n", - "type": "array", - "items": { - "description": "Protocols specifies which HTTP protocols to enable.\nSupported values are:\n\n- `h1` (HTTP/1.1)\n- `h2` (HTTP/2)\n- `h2c` (cleartext HTTP/2)\n- `h3` (HTTP/3)\n\nIf enabling `h2` or `h2c`, `h1` must also be enabled;\nthis is due to current limitations in the Go standard\nlibrary.\n\nHTTP/2 operates only over TLS (HTTPS). HTTP/3 opens\na UDP socket to serve QUIC connections.\n\nH2C operates over plain TCP if the client supports it;\nhowever, because this is not implemented by the Go\nstandard library, other server options are not compatible\nand will not be applied to H2C requests. Do not enable this\nonly to achieve maximum client compatibility. In practice,\nvery few clients implement H2C, and even fewer require it.\nEnabling H2C can be useful for serving/proxying gRPC\nif encryption is not possible or desired.\n\nWe recommend for most users to simply let Caddy use the\ndefault settings.\n\nDefault: `[h1 h2 h3]`\n", - "markdownDescription": "Protocols specifies which HTTP protocols to enable.\nSupported values are:\n\n- `h1` (HTTP/1.1)\n- `h2` (HTTP/2)\n- `h2c` (cleartext HTTP/2)\n- `h3` (HTTP/3)\n\nIf enabling `h2` or `h2c`, `h1` must also be enabled;\nthis is due to current limitations in the Go standard\nlibrary.\n\nHTTP/2 operates only over TLS (HTTPS). HTTP/3 opens\na UDP socket to serve QUIC connections.\n\nH2C operates over plain TCP if the client supports it;\nhowever, because this is not implemented by the Go\nstandard library, other server options are not compatible\nand will not be applied to H2C requests. Do not enable this\nonly to achieve maximum client compatibility. In practice,\nvery few clients implement H2C, and even fewer require it.\nEnabling H2C can be useful for serving/proxying gRPC\nif encryption is not possible or desired.\n\nWe recommend for most users to simply let Caddy use the\ndefault settings.\n\nDefault: `[h1 h2 h3]` \n", - "type": "string" - } - }, "read_header_timeout": { "description": "read_header_timeout: number\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nReadHeaderTimeout is like ReadTimeout but for request headers.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", "markdownDescription": "read_header_timeout: `number` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nReadHeaderTimeout is like ReadTimeout but for request headers.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", @@ -1761,18 +1266,6 @@ "handler" ], "allOf": [ - { - "if": { - "properties": { - "handler": { - "const": "copy_response" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.copy_response" - } - }, { "if": { "properties": { @@ -1785,150 +1278,6 @@ "$ref": "#/definitions/http.handlers.encode" } }, - { - "if": { - "properties": { - "handler": { - "const": "error" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.error" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "map" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.map" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "push" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.push" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "rewrite" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.rewrite" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "cache" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.cache" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "authenticator" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.authenticator" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "request_body" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.request_body" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "static_response" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.static_response" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "vars" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.vars" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "acme_server" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.acme_server" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "copy_response_headers" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.copy_response_headers" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "file_server" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.file_server" - } - }, { "if": { "properties": { @@ -1945,12 +1294,36 @@ "if": { "properties": { "handler": { - "const": "reverse_proxy" + "const": "metrics" } } }, "then": { - "$ref": "#/definitions/http.handlers.reverse_proxy" + "$ref": "#/definitions/http.handlers.metrics" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "request_body" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.request_body" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "rewrite" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.rewrite" } }, { @@ -1965,18 +1338,6 @@ "$ref": "#/definitions/http.handlers.subroute" } }, - { - "if": { - "properties": { - "handler": { - "const": "templates" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.templates" - } - }, { "if": { "properties": { @@ -2005,24 +1366,132 @@ "if": { "properties": { "handler": { - "const": "rate_limit" + "const": "static_response" } } }, "then": { - "$ref": "#/definitions/http.handlers.rate_limit" + "$ref": "#/definitions/http.handlers.static_response" } }, { "if": { "properties": { "handler": { - "const": "metrics" + "const": "acme_server" } } }, "then": { - "$ref": "#/definitions/http.handlers.metrics" + "$ref": "#/definitions/http.handlers.acme_server" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response_headers" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response_headers" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "error" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.error" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "file_server" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.file_server" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "map" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.map" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "reverse_proxy" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.reverse_proxy" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "templates" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.templates" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "push" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.push" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "vars" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.vars" } }, { @@ -2032,28 +1501,25 @@ "markdownDescription": "key to identify `handle` module. \nhandler: `string` \nModule: `http.handlers`", "type": "string", "enum": [ - "copy_response", "encode", - "error", - "map", - "push", - "rewrite", - "cache", - "authenticator", - "request_body", - "static_response", - "vars", - "acme_server", - "copy_response_headers", - "file_server", "headers", - "reverse_proxy", + "metrics", + "request_body", + "rewrite", "subroute", - "templates", "tracing", "authentication", - "rate_limit", - "metrics" + "static_response", + "acme_server", + "copy_response", + "copy_response_headers", + "error", + "file_server", + "map", + "reverse_proxy", + "templates", + "push", + "vars" ] } } @@ -2239,22 +1705,20 @@ } }, "trusted_leaf_certs": { - "description": "trusted_leaf_certs: array\nModule: http\nDEPRECATED: This field is deprecated and will be removed in\na future version. Please use the `validators` field instead\nwith the tls.client_auth.leaf module instead.\n\nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected.\n", - "markdownDescription": "trusted_leaf_certs: `array` \nModule: `http` \nDEPRECATED: This field is deprecated and will be removed in\na future version. Please use the `validators` field instead\nwith the tls.client_auth.leaf module instead.\n\nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected. \n", + "description": "trusted_leaf_certs: array\nModule: http\nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected.\n", + "markdownDescription": "trusted_leaf_certs: `array` \nModule: `http` \nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected. \n", "type": "array", "items": { - "description": "DEPRECATED: This field is deprecated and will be removed in\na future version. Please use the `validators` field instead\nwith the tls.client_auth.leaf module instead.\n\nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected.\n", - "markdownDescription": "DEPRECATED: This field is deprecated and will be removed in\na future version. Please use the `validators` field instead\nwith the tls.client_auth.leaf module instead.\n\nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected. \n", + "description": "A list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected.\n", + "markdownDescription": "A list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected. \n", "type": "string" } }, "verifiers": { - "description": "verifiers: array\nModule: tls.client_auth\nClient certificate verification modules. These can perform\ncustom client authentication checks, such as ensuring the\ncertificate is not revoked.\n", - "markdownDescription": "verifiers: `array` \nModule: `tls.client_auth` \nClient certificate verification modules. These can perform\ncustom client authentication checks, such as ensuring the\ncertificate is not revoked. \n", + "description": "verifiers: array\nModule: tls.client_auth", + "markdownDescription": "verifiers: `array` \nModule: `tls.client_auth`", "type": "array", "items": { - "description": "Client certificate verification modules. These can perform\ncustom client authentication checks, such as ensuring the\ncertificate is not revoked.\n", - "markdownDescription": "Client certificate verification modules. These can perform\ncustom client authentication checks, such as ensuring the\ncertificate is not revoked. \n", "required": [ "verifier" ], @@ -2303,11 +1767,6 @@ "markdownDescription": "default_sni: `string` \nModule: `http` \nDefaultSNI becomes the ServerName in a ClientHello if there\nis no policy configured for the empty SNI value. \n", "type": "string" }, - "insecure_secrets_log": { - "description": "insecure_secrets_log: string\nModule: http\nAlso known as \"SSLKEYLOGFILE\", TLS secrets will be written to\nthis file in NSS key log format which can then be parsed by\nWireshark and other tools. This is INSECURE as it allows other\nprograms or tools to decrypt TLS connections. However, this\ncapability can be useful for debugging and troubleshooting.\n**ENABLING THIS LOG COMPROMISES SECURITY!**\n\nThis feature is EXPERIMENTAL and subject to change or removal.\n", - "markdownDescription": "insecure_secrets_log: `string` \nModule: `http` \nAlso known as \"SSLKEYLOGFILE\", TLS secrets will be written to\nthis file in NSS key log format which can then be parsed by\nWireshark and other tools. This is INSECURE as it allows other\nprograms or tools to decrypt TLS connections. However, this\ncapability can be useful for debugging and troubleshooting.\n**ENABLING THIS LOG COMPROMISES SECURITY!**\n\nThis feature is EXPERIMENTAL and subject to change or removal. \n", - "type": "string" - }, "match": { "description": "match: object\nModule: tls.handshake_match\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nHow to match this policy with a TLS ClientHello. If\nthis policy is the first to match, it will be used.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", "markdownDescription": "match: `object` \nModule: `tls.handshake_match` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nHow to match this policy with a TLS ClientHello. If\nthis policy is the first to match, it will be used.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", @@ -2344,11 +1803,6 @@ } } } - }, - "shutdown_delay": { - "description": "shutdown_delay: number\nModule: http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nShutdownDelay is how long to wait before initiating the grace\nperiod. When this app is stopping (e.g. during a config reload or\nprocess exit), all servers will be shut down. Normally this immediately\ninitiates the grace period. However, if this delay is configured, servers\nwill not be shut down until the delay is over. During this time, servers\ncontinue to function normally and allow new connections. At the end, the\ngrace period will begin. This can be useful to allow downstream load\nbalancers time to move this instance out of the rotation without hiccups.\n\nWhen shutdown has been scheduled, placeholders {http.shutting_down} (bool)\nand {http.time_until_shutdown} (duration) may be useful for health checks.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", - "markdownDescription": "shutdown_delay: `number` \nModule: `http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nShutdownDelay is how long to wait before initiating the grace\nperiod. When this app is stopping (e.g. during a config reload or\nprocess exit), all servers will be shut down. Normally this immediately\ninitiates the grace period. However, if this delay is configured, servers\nwill not be shut down until the delay is over. During this time, servers\ncontinue to function normally and allow new connections. At the end, the\ngrace period will begin. This can be useful to allow downstream load\nbalancers time to move this instance out of the rotation without hiccups.\n\nWhen shutdown has been scheduled, placeholders {http.shutting_down} (bool)\nand {http.time_until_shutdown} (duration) may be useful for health checks.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", - "type": "number" } } }, @@ -2384,23 +1838,6 @@ } } }, - "http.authentication.providers.authorizer": { - "description": "authorizer: object\nModule: http.authentication.providers.authorizer\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#AuthzMiddleware", - "markdownDescription": "authorizer: `object` \nModule: `http.authentication.providers.authorizer` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#AuthzMiddleware)", - "type": "object", - "properties": { - "gatekeeper_name": { - "description": "gatekeeper_name: string\nModule: http.authentication.providers.authorizer\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#AuthzMiddleware", - "markdownDescription": "gatekeeper_name: `string` \nModule: `http.authentication.providers.authorizer` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#AuthzMiddleware)", - "type": "string" - }, - "route_matcher": { - "description": "route_matcher: string\nModule: http.authentication.providers.authorizer\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#AuthzMiddleware", - "markdownDescription": "route_matcher: `string` \nModule: `http.authentication.providers.authorizer` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#AuthzMiddleware)", - "type": "string" - } - } - }, "http.authentication.providers.http_basic": { "description": "http_basic: object\nModule: http.authentication.providers.http_basic\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth", "markdownDescription": "http_basic: `object` \nModule: `http.authentication.providers.http_basic` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/caddyauth#HTTPBasicAuth)", @@ -2544,9 +1981,6 @@ "markdownDescription": "providers: `object` \nModule: `http.authentication.providers` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nA set of authentication providers. If none are specified,\nall requests will always be unauthenticated.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", "type": "object", "properties": { - "authorizer": { - "$ref": "#/definitions/http.authentication.providers.authorizer" - }, "http_basic": { "$ref": "#/definitions/http.authentication.providers.http_basic" } @@ -2554,259 +1988,6 @@ } } }, - "http.handlers.authenticator": { - "description": "authenticator: object\nModule: http.handlers.authenticator\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#AuthnMiddleware\nAuthnMiddleware implements Form-Based, Basic, Local, LDAP,\nOpenID Connect, OAuth 2.0, SAML Authentication.\n\n", - "markdownDescription": "authenticator: `object` \nModule: `http.handlers.authenticator` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#AuthnMiddleware) \nAuthnMiddleware implements Form-Based, Basic, Local, LDAP,\nOpenID Connect, OAuth 2.0, SAML Authentication.\n \n", - "type": "object", - "properties": { - "portal_name": { - "description": "portal_name: string\nModule: http.handlers.authenticator\n", - "markdownDescription": "portal_name: `string` \nModule: `http.handlers.authenticator` \n", - "type": "string" - }, - "route_matcher": { - "description": "route_matcher: string\nModule: http.handlers.authenticator\n", - "markdownDescription": "route_matcher: `string` \nModule: `http.handlers.authenticator` \n", - "type": "string" - } - } - }, - "http.handlers.cache": { - "description": "cache: object\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/caddyserver/cache-handler#SouinCaddyPlugin\nSouinCaddyPlugin declaration.\n\n", - "markdownDescription": "cache: `object` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/caddyserver/cache-handler#SouinCaddyPlugin) \nSouinCaddyPlugin declaration.\n \n", - "type": "object", - "properties": { - "allowed_http_verbs": { - "description": "allowed_http_verbs: array\nModule: http.handlers.cache\n", - "markdownDescription": "allowed_http_verbs: `array` \nModule: `http.handlers.cache` \n", - "type": "array", - "items": { - "type": "string" - } - }, - "badger": { - "description": "badger: object\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/configurationtypes#CacheProvider\nCacheProvider config\n\n", - "markdownDescription": "badger: `object` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/configurationtypes#CacheProvider) \nCacheProvider config\n \n", - "type": "object", - "properties": { - "configuration": { - "type": [ - "string", - "null" - ], - "description": "configuration: string\nModule: http.handlers.cache\n", - "markdownDescription": "configuration: `string` \nModule: `http.handlers.cache` \n" - }, - "path": { - "description": "path: string\nModule: http.handlers.cache\n", - "markdownDescription": "path: `string` \nModule: `http.handlers.cache` \n", - "type": "string" - }, - "url": { - "description": "url: string\nModule: http.handlers.cache\n", - "markdownDescription": "url: `string` \nModule: `http.handlers.cache` \n", - "type": "string" - } - } - }, - "cache_keys": { - "description": "cache_keys: object\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "cache_keys: `object` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "object", - "additionalProperties": { - "properties": { - "disable_body": { - "description": "disable_body: boolean\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "disable_body: `boolean` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "boolean" - }, - "disable_host": { - "description": "disable_host: boolean\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "disable_host: `boolean` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "boolean" - }, - "disable_method": { - "description": "disable_method: boolean\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "disable_method: `boolean` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "boolean" - } - } - } - }, - "cache_name": { - "description": "cache_name: string\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "cache_name: `string` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "string" - }, - "default_cache_control": { - "description": "default_cache_control: string\nModule: http.handlers.cache\n", - "markdownDescription": "default_cache_control: `string` \nModule: `http.handlers.cache` \n", - "type": "string" - }, - "etcd": { - "description": "etcd: object\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "etcd: `object` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "object", - "properties": { - "configuration": { - "type": [ - "string", - "null" - ], - "description": "configuration: string\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "configuration: `string` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)" - }, - "path": { - "description": "path: string\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "path: `string` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "string" - }, - "url": { - "description": "url: string\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "url: `string` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "string" - } - } - }, - "headers": { - "description": "headers: array\nModule: http.handlers.cache\n", - "markdownDescription": "headers: `array` \nModule: `http.handlers.cache` \n", - "type": "array", - "items": { - "type": "string" - } - }, - "key": { - "description": "key: object\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "key: `object` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "object", - "properties": { - "disable_body": { - "description": "disable_body: boolean\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "disable_body: `boolean` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "boolean" - }, - "disable_host": { - "description": "disable_host: boolean\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "disable_host: `boolean` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "boolean" - }, - "disable_method": { - "description": "disable_method: boolean\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "disable_method: `boolean` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "boolean" - } - } - }, - "log_level": { - "description": "log_level: string\nModule: http.handlers.cache\n", - "markdownDescription": "log_level: `string` \nModule: `http.handlers.cache` \n", - "type": "string" - }, - "nuts": { - "description": "nuts: object\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "nuts: `object` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "object", - "properties": { - "configuration": { - "type": [ - "string", - "null" - ], - "description": "configuration: string\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "configuration: `string` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)" - }, - "path": { - "description": "path: string\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "path: `string` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "string" - }, - "url": { - "description": "url: string\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "url: `string` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "string" - } - } - }, - "olric": { - "description": "olric: object\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/configurationtypes#CacheProvider\nCacheProvider config\n\n", - "markdownDescription": "olric: `object` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/configurationtypes#CacheProvider) \nCacheProvider config\n \n", - "type": "object", - "properties": { - "configuration": { - "type": [ - "string", - "null" - ], - "description": "configuration: string\nModule: http.handlers.cache\n", - "markdownDescription": "configuration: `string` \nModule: `http.handlers.cache` \n" - }, - "path": { - "description": "path: string\nModule: http.handlers.cache\n", - "markdownDescription": "path: `string` \nModule: `http.handlers.cache` \n", - "type": "string" - }, - "url": { - "description": "url: string\nModule: http.handlers.cache\n", - "markdownDescription": "url: `string` \nModule: `http.handlers.cache` \n", - "type": "string" - } - } - }, - "redis": { - "description": "redis: object\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "redis: `object` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "object", - "properties": { - "configuration": { - "type": [ - "string", - "null" - ], - "description": "configuration: string\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "configuration: `string` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)" - }, - "path": { - "description": "path: string\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "path: `string` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "string" - }, - "url": { - "description": "url: string\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "url: `string` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "string" - } - } - }, - "stale": { - "description": "stale: object\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "stale: `object` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "object" - }, - "timeout": { - "description": "timeout: object\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "timeout: `object` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "object", - "properties": { - "backend": { - "description": "backend: object\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "backend: `object` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "object" - }, - "cache": { - "description": "cache: object\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin", - "markdownDescription": "cache: `object` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/plugins/caddy#SouinCaddyPlugin)", - "type": "object" - } - } - }, - "ttl": { - "description": "ttl: object\nModule: http.handlers.cache\nhttps://pkg.go.dev/github.com/darkweak/souin/configurationtypes#Duration\nDuration is the super object to wrap the duration and be able to parse it from the configuration\n\n", - "markdownDescription": "ttl: `object` \nModule: `http.handlers.cache` \n[godoc](https://pkg.go.dev/github.com/darkweak/souin/configurationtypes#Duration) \nDuration is the super object to wrap the duration and be able to parse it from the configuration\n \n", - "type": "object" - } - } - }, "http.handlers.copy_response": { "description": "copy_response: object\nModule: http.handlers.copy_response\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#CopyResponseHandler\nCopyResponseHandler is a special HTTP handler which may\nonly be used within reverse_proxy's handle_response routes,\nto copy the proxy response. EXPERIMENTAL, subject to change.\n\n", "markdownDescription": "copy_response: `object` \nModule: `http.handlers.copy_response` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#CopyResponseHandler) \nCopyResponseHandler is a special HTTP handler which may\nonly be used within reverse_proxy's handle_response routes,\nto copy the proxy response. EXPERIMENTAL, subject to change.\n \n", @@ -2929,8 +2110,8 @@ } }, "http.handlers.file_server": { - "description": "file_server: object\nModule: http.handlers.file_server\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver#FileServer\nFileServer implements a handler that serves static files.\n\nThe path of the file to serve is constructed by joining the site root\nand the sanitized request path. Any and all files within the root and\nlinks with targets outside the site root may therefore be accessed.\nFor example, with a site root of `/www`, requests to `/foo/bar.txt`\nwill serve the file at `/www/foo/bar.txt`.\n\nThe request path is sanitized using the Go standard library's\npath.Clean() function (https://pkg.go.dev/path#Clean) before being\njoined to the root. Request paths must be valid and well-formed.\n\nFor requests that access directories instead of regular files,\nCaddy will attempt to serve an index file if present. For example,\na request to `/dir/` will attempt to serve `/dir/index.html` if\nit exists. The index file names to try are configurable. If a\nrequested directory does not have an index file, Caddy writes a\n404 response. Alternatively, file browsing can be enabled with\nthe \"browse\" parameter which shows a list of files when directories\nare requested if no index file is present.\n\nBy default, this handler will canonicalize URIs so that requests to\ndirectories end with a slash, but requests to regular files do not.\nThis is enforced with HTTP redirects automatically and can be disabled.\nCanonicalization redirects are not issued, however, if a URI rewrite\nmodified the last component of the path (the filename).\n\nThis handler sets the Etag and Last-Modified headers for static files.\nIt does not perform MIME sniffing to determine Content-Type based on\ncontents, but does use the extension (if known); see the Go docs for\ndetails: https://pkg.go.dev/mime#TypeByExtension\n\nThe file server properly handles requests with If-Match,\nIf-Unmodified-Since, If-Modified-Since, If-None-Match, Range, and\nIf-Range headers. It includes the file's modification time in the\nLast-Modified header of the response.\n\n", - "markdownDescription": "file_server: `object` \nModule: `http.handlers.file_server` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver#FileServer) \nFileServer implements a handler that serves static files.\n\nThe path of the file to serve is constructed by joining the site root\nand the sanitized request path. Any and all files within the root and\nlinks with targets outside the site root may therefore be accessed.\nFor example, with a site root of `/www`, requests to `/foo/bar.txt`\nwill serve the file at `/www/foo/bar.txt`.\n\nThe request path is sanitized using the Go standard library's\npath.Clean() function (https://pkg.go.dev/path#Clean) before being\njoined to the root. Request paths must be valid and well-formed.\n\nFor requests that access directories instead of regular files,\nCaddy will attempt to serve an index file if present. For example,\na request to `/dir/` will attempt to serve `/dir/index.html` if\nit exists. The index file names to try are configurable. If a\nrequested directory does not have an index file, Caddy writes a\n404 response. Alternatively, file browsing can be enabled with\nthe \"browse\" parameter which shows a list of files when directories\nare requested if no index file is present.\n\nBy default, this handler will canonicalize URIs so that requests to\ndirectories end with a slash, but requests to regular files do not.\nThis is enforced with HTTP redirects automatically and can be disabled.\nCanonicalization redirects are not issued, however, if a URI rewrite\nmodified the last component of the path (the filename).\n\nThis handler sets the Etag and Last-Modified headers for static files.\nIt does not perform MIME sniffing to determine Content-Type based on\ncontents, but does use the extension (if known); see the Go docs for\ndetails: https://pkg.go.dev/mime#TypeByExtension\n\nThe file server properly handles requests with If-Match,\nIf-Unmodified-Since, If-Modified-Since, If-None-Match, Range, and\nIf-Range headers. It includes the file's modification time in the\nLast-Modified header of the response.\n \n", + "description": "file_server: object\nModule: http.handlers.file_server\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver#FileServer\nFileServer implements a static file server responder for Caddy.\n\n", + "markdownDescription": "file_server: `object` \nModule: `http.handlers.file_server` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver#FileServer) \nFileServer implements a static file server responder for Caddy.\n \n", "type": "object", "properties": { "browse": { @@ -2950,10 +2131,6 @@ "markdownDescription": "canonical_uris: `boolean` \nModule: `http.handlers.file_server` \nUse redirects to enforce trailing slashes for directories, or to\nremove trailing slash from URIs for files. Default is true.\n\nCanonicalization will not happen if the last element of the request's\npath (the filename) is changed in an internal rewrite, to avoid\nclobbering the explicit rewrite with implicit behavior. \n", "type": "boolean" }, - "file_system": { - "description": "file_system: any\nModule: caddy.fs\nThe file system implementation to use. By default, Caddy uses the local\ndisk file system.\n\nFile system modules used here must adhere to the following requirements:\n- Implement fs.FS interface.\n- Support seeking on opened files; i.e.returned fs.File values must\n implement the io.Seeker interface. This is required for determining\n Content-Length and satisfying Range requests.\n- fs.File values that represent directories must implement the\n fs.ReadDirFile interface so that directory listings can be procured.\n", - "markdownDescription": "file_system: `any` \nModule: `caddy.fs` \nThe file system implementation to use. By default, Caddy uses the local\ndisk file system.\n\nFile system modules used here must adhere to the following requirements:\n- Implement fs.FS interface.\n- Support seeking on opened files; i.e.returned fs.File values must\n implement the io.Seeker interface. This is required for determining\n Content-Length and satisfying Range requests.\n- fs.File values that represent directories must implement the\n fs.ReadDirFile interface so that directory listings can be procured. \n" - }, "hide": { "description": "hide: array\nModule: http.handlers.file_server\nA list of files or folders to hide; the file server will pretend as if\nthey don't exist. Accepts globular patterns like `*.ext` or `/foo/*/bar`\nas well as placeholders. Because site roots can be dynamic, this list\nuses file system paths, not request paths. To clarify, the base of\nrelative paths is the current working directory, NOT the site root.\n\nEntries without a path separator (`/` or `\\` depending on OS) will match\nany file or directory of that name regardless of its path. To hide only a\nspecific file with a name that may not be unique, always use a path\nseparator. For example, to hide all files or folder trees named \"hidden\",\nput \"hidden\" in the list. To hide only ./hidden, put \"./hidden\" in the list.\n\nWhen possible, all paths are resolved to their absolute form before\ncomparisons are made. For maximum clarity and explictness, use complete,\nabsolute paths; or, for greater portability, use relative paths instead.\n", "markdownDescription": "hide: `array` \nModule: `http.handlers.file_server` \nA list of files or folders to hide; the file server will pretend as if\nthey don't exist. Accepts globular patterns like `*.ext` or `/foo/*/bar`\nas well as placeholders. Because site roots can be dynamic, this list\nuses file system paths, not request paths. To clarify, the base of\nrelative paths is the current working directory, NOT the site root.\n\nEntries without a path separator (`/` or `\\` depending on OS) will match\nany file or directory of that name regardless of its path. To hide only a\nspecific file with a name that may not be unique, always use a path\nseparator. For example, to hide all files or folder trees named \"hidden\",\nput \"hidden\" in the list. To hide only ./hidden, put \"./hidden\" in the list.\n\nWhen possible, all paths are resolved to their absolute form before\ncomparisons are made. For maximum clarity and explictness, use complete,\nabsolute paths; or, for greater portability, use relative paths instead. \n", @@ -2965,12 +2142,12 @@ } }, "index_names": { - "description": "index_names: array\nModule: http.handlers.file_server\nThe names of files to try as index files if a folder is requested.\nDefault: index.html, index.txt.\n", - "markdownDescription": "index_names: `array` \nModule: `http.handlers.file_server` \nThe names of files to try as index files if a folder is requested.\nDefault: index.html, index.txt. \n", + "description": "index_names: array\nModule: http.handlers.file_server\nThe names of files to try as index files if a folder is requested.\n", + "markdownDescription": "index_names: `array` \nModule: `http.handlers.file_server` \nThe names of files to try as index files if a folder is requested. \n", "type": "array", "items": { - "description": "The names of files to try as index files if a folder is requested.\nDefault: index.html, index.txt.\n", - "markdownDescription": "The names of files to try as index files if a folder is requested.\nDefault: index.html, index.txt. \n", + "description": "The names of files to try as index files if a folder is requested.\n", + "markdownDescription": "The names of files to try as index files if a folder is requested. \n", "type": "string" } }, @@ -3006,8 +2183,8 @@ } }, "root": { - "description": "root: string\nModule: http.handlers.file_server\nThe path to the root of the site. Default is `{http.vars.root}` if set,\nor current working directory otherwise. This should be a trusted value.\n\nNote that a site root is not a sandbox. Although the file server does\nsanitize the request URI to prevent directory traversal, files (including\nlinks) within the site root may be directly accessed based on the request\npath. Files and folders within the root should be secure and trustworthy.\n", - "markdownDescription": "root: `string` \nModule: `http.handlers.file_server` \nThe path to the root of the site. Default is `{http.vars.root}` if set,\nor current working directory otherwise. This should be a trusted value.\n\nNote that a site root is not a sandbox. Although the file server does\nsanitize the request URI to prevent directory traversal, files (including\nlinks) within the site root may be directly accessed based on the request\npath. Files and folders within the root should be secure and trustworthy. \n", + "description": "root: string\nModule: http.handlers.file_server\nThe path to the root of the site. Default is `{http.vars.root}` if set,\nor current working directory otherwise.\n", + "markdownDescription": "root: `string` \nModule: `http.handlers.file_server` \nThe path to the root of the site. Default is `{http.vars.root}` if set,\nor current working directory otherwise. \n", "type": "string" }, "status_code": { @@ -3041,18 +2218,18 @@ } }, "delete": { - "description": "delete: array\nModule: http.handlers.headers\nNames of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring.\n", - "markdownDescription": "delete: `array` \nModule: `http.handlers.headers` \nNames of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring. \n", + "description": "delete: array\nModule: http.handlers.headers\nNames of HTTP header fields to delete.\n", + "markdownDescription": "delete: `array` \nModule: `http.handlers.headers` \nNames of HTTP header fields to delete. \n", "type": "array", "items": { - "description": "Names of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring.\n", - "markdownDescription": "Names of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring. \n", + "description": "Names of HTTP header fields to delete.\n", + "markdownDescription": "Names of HTTP header fields to delete. \n", "type": "string" } }, "replace": { - "description": "replace: object\nModule: http.handlers.headers\nPerforms in-situ substring replacements of HTTP headers.\nKeys are the field names on which to perform the associated replacements.\nIf the field name is `*`, the replacements are performed on all header fields.\n", - "markdownDescription": "replace: `object` \nModule: `http.handlers.headers` \nPerforms in-situ substring replacements of HTTP headers.\nKeys are the field names on which to perform the associated replacements.\nIf the field name is `*`, the replacements are performed on all header fields. \n", + "description": "replace: object\nModule: http.handlers.headers\nPerforms substring replacements of HTTP headers in-situ.\n", + "markdownDescription": "replace: `object` \nModule: `http.handlers.headers` \nPerforms substring replacements of HTTP headers in-situ. \n", "type": "object", "additionalProperties": { "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement\nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n\n", @@ -3121,18 +2298,18 @@ "type": "boolean" }, "delete": { - "description": "delete: array\nModule: http.handlers.headers\nNames of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring.\n", - "markdownDescription": "delete: `array` \nModule: `http.handlers.headers` \nNames of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring. \n", + "description": "delete: array\nModule: http.handlers.headers\nNames of HTTP header fields to delete.\n", + "markdownDescription": "delete: `array` \nModule: `http.handlers.headers` \nNames of HTTP header fields to delete. \n", "type": "array", "items": { - "description": "Names of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring.\n", - "markdownDescription": "Names of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring. \n", + "description": "Names of HTTP header fields to delete.\n", + "markdownDescription": "Names of HTTP header fields to delete. \n", "type": "string" } }, "replace": { - "description": "replace: object\nModule: http.handlers.headers\nPerforms in-situ substring replacements of HTTP headers.\nKeys are the field names on which to perform the associated replacements.\nIf the field name is `*`, the replacements are performed on all header fields.\n", - "markdownDescription": "replace: `object` \nModule: `http.handlers.headers` \nPerforms in-situ substring replacements of HTTP headers.\nKeys are the field names on which to perform the associated replacements.\nIf the field name is `*`, the replacements are performed on all header fields. \n", + "description": "replace: object\nModule: http.handlers.headers\nPerforms substring replacements of HTTP headers in-situ.\n", + "markdownDescription": "replace: `object` \nModule: `http.handlers.headers` \nPerforms substring replacements of HTTP headers in-situ. \n", "type": "object", "additionalProperties": { "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement\nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n\n", @@ -3289,13 +2466,13 @@ } }, "http.handlers.push": { - "description": "push: object\nModule: http.handlers.push\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Handler\nHandler is a middleware for HTTP/2 server push. Note that\nHTTP/2 server push has been deprecated by some clients and\nits use is discouraged unless you can accurately predict\nwhich resources actually need to be pushed to the client;\nit can be difficult to know what the client already has\ncached. Pushing unnecessary resources results in worse\nperformance. Consider using HTTP 103 Early Hints instead.\n\nThis handler supports pushing from Link headers; in other\nwords, if the eventual response has Link headers, this\nhandler will push the resources indicated by those headers,\neven without specifying any resources in its config.\n\n", - "markdownDescription": "push: `object` \nModule: `http.handlers.push` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Handler) \nHandler is a middleware for HTTP/2 server push. Note that\nHTTP/2 server push has been deprecated by some clients and\nits use is discouraged unless you can accurately predict\nwhich resources actually need to be pushed to the client;\nit can be difficult to know what the client already has\ncached. Pushing unnecessary resources results in worse\nperformance. Consider using HTTP 103 Early Hints instead.\n\nThis handler supports pushing from Link headers; in other\nwords, if the eventual response has Link headers, this\nhandler will push the resources indicated by those headers,\neven without specifying any resources in its config.\n \n", + "description": "push: object\nModule: http.handlers.push\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Handler\nHandler is a middleware for manipulating the request body.\n\n", + "markdownDescription": "push: `object` \nModule: `http.handlers.push` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Handler) \nHandler is a middleware for manipulating the request body.\n \n", "type": "object", "properties": { "headers": { - "description": "headers: object\nModule: http.handlers.push\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#HeaderConfig\nHeaders to modify for the push requests.\n\n\nHeaderConfig configures headers for synthetic push requests.\n", - "markdownDescription": "headers: `object` \nModule: `http.handlers.push` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#HeaderConfig) \nHeaders to modify for the push requests.\n\n\nHeaderConfig configures headers for synthetic push requests. \n", + "description": "headers: object\nModule: http.handlers.push\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#HeaderConfig\nHeaderConfig configures headers for synthetic push requests.\n\n", + "markdownDescription": "headers: `object` \nModule: `http.handlers.push` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#HeaderConfig) \nHeaderConfig configures headers for synthetic push requests.\n \n", "type": "object", "properties": { "add": { @@ -3312,18 +2489,18 @@ } }, "delete": { - "description": "delete: array\nModule: http.handlers.push\nNames of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring.\n", - "markdownDescription": "delete: `array` \nModule: `http.handlers.push` \nNames of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring. \n", + "description": "delete: array\nModule: http.handlers.push\nNames of HTTP header fields to delete.\n", + "markdownDescription": "delete: `array` \nModule: `http.handlers.push` \nNames of HTTP header fields to delete. \n", "type": "array", "items": { - "description": "Names of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring.\n", - "markdownDescription": "Names of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring. \n", + "description": "Names of HTTP header fields to delete.\n", + "markdownDescription": "Names of HTTP header fields to delete. \n", "type": "string" } }, "replace": { - "description": "replace: object\nModule: http.handlers.push\nPerforms in-situ substring replacements of HTTP headers.\nKeys are the field names on which to perform the associated replacements.\nIf the field name is `*`, the replacements are performed on all header fields.\n", - "markdownDescription": "replace: `object` \nModule: `http.handlers.push` \nPerforms in-situ substring replacements of HTTP headers.\nKeys are the field names on which to perform the associated replacements.\nIf the field name is `*`, the replacements are performed on all header fields. \n", + "description": "replace: object\nModule: http.handlers.push\nPerforms substring replacements of HTTP headers in-situ.\n", + "markdownDescription": "replace: `object` \nModule: `http.handlers.push` \nPerforms substring replacements of HTTP headers in-situ. \n", "type": "object", "additionalProperties": { "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement\nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n\n", @@ -3369,12 +2546,12 @@ } }, "resources": { - "description": "resources: array\nModule: http.handlers.push\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Resource\nThe resources to push.\n\n\nResource represents a request for a resource to push.\n", - "markdownDescription": "resources: `array` \nModule: `http.handlers.push` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Resource) \nThe resources to push.\n\n\nResource represents a request for a resource to push. \n", + "description": "resources: array\nModule: http.handlers.push\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Resource\nResource represents a request for a resource to push.\n\n", + "markdownDescription": "resources: `array` \nModule: `http.handlers.push` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Resource) \nResource represents a request for a resource to push.\n \n", "type": "array", "items": { - "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Resource\nThe resources to push.\n\n\nResource represents a request for a resource to push.\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Resource) \nThe resources to push.\n\n\nResource represents a request for a resource to push. \n", + "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Resource\nResource represents a request for a resource to push.\n\n", + "markdownDescription": "[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/push#Resource) \nResource represents a request for a resource to push.\n \n", "type": "object", "properties": { "method": { @@ -3392,162 +2569,6 @@ } } }, - "http.handlers.rate_limit": { - "description": "rate_limit: object\nModule: http.handlers.rate_limit\nhttps://pkg.go.dev/github.com/RussellLuo/caddy-ext/ratelimit#RateLimit\nRateLimit implements a handler for rate-limiting.\n\nIf a client exceeds the rate limit, an HTTP error with status `\u003creject_status\u003e` will\nbe returned. This error can be handled using the conventional error handlers.\nSee [handle_errors](https://caddyserver.com/docs/caddyfile/directives/handle_errors)\nfor how to set up error handlers.\n\n", - "markdownDescription": "rate_limit: `object` \nModule: `http.handlers.rate_limit` \n[godoc](https://pkg.go.dev/github.com/RussellLuo/caddy-ext/ratelimit#RateLimit) \nRateLimit implements a handler for rate-limiting.\n\nIf a client exceeds the rate limit, an HTTP error with status `\u003creject_status\u003e` will\nbe returned. This error can be handled using the conventional error handlers.\nSee [handle_errors](https://caddyserver.com/docs/caddyfile/directives/handle_errors)\nfor how to set up error handlers.\n \n", - "type": "object", - "properties": { - "distributed": { - "description": "distributed: object\nModule: http.handlers.rate_limit\nhttps://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler", - "markdownDescription": "distributed: `object` \nModule: `http.handlers.rate_limit` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler)", - "type": "object", - "properties": { - "read_interval": { - "description": "read_interval: number\nModule: http.handlers.rate_limit\nhttps://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler", - "markdownDescription": "read_interval: `number` \nModule: `http.handlers.rate_limit` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler)", - "type": "number" - }, - "write_interval": { - "description": "write_interval: number\nModule: http.handlers.rate_limit\nhttps://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler", - "markdownDescription": "write_interval: `number` \nModule: `http.handlers.rate_limit` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler)", - "type": "number" - } - } - }, - "jitter": { - "description": "jitter: object\nModule: http.handlers.rate_limit\nhttps://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler", - "markdownDescription": "jitter: `object` \nModule: `http.handlers.rate_limit` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler)", - "type": "object" - }, - "rate_limits": { - "description": "rate_limits: object\nModule: http.handlers.rate_limit\nhttps://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler", - "markdownDescription": "rate_limits: `object` \nModule: `http.handlers.rate_limit` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler)", - "type": "object", - "additionalProperties": { - "properties": { - "key": { - "description": "key: string\nModule: http.handlers.rate_limit\nhttps://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler", - "markdownDescription": "key: `string` \nModule: `http.handlers.rate_limit` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler)", - "type": "string" - }, - "match": { - "description": "match: array\nModule: http.matchers", - "markdownDescription": "match: `array` \nModule: `http.matchers`", - "type": "array", - "items": { - "properties": { - "expression": { - "$ref": "#/definitions/http.matchers.expression" - }, - "file": { - "$ref": "#/definitions/http.matchers.file" - }, - "header": { - "$ref": "#/definitions/http.matchers.header" - }, - "header_regexp": { - "$ref": "#/definitions/http.matchers.header_regexp" - }, - "host": { - "$ref": "#/definitions/http.matchers.host" - }, - "method": { - "$ref": "#/definitions/http.matchers.method" - }, - "not": { - "$ref": "#/definitions/http.matchers.not" - }, - "path": { - "$ref": "#/definitions/http.matchers.path" - }, - "path_regexp": { - "$ref": "#/definitions/http.matchers.path_regexp" - }, - "protocol": { - "$ref": "#/definitions/http.matchers.protocol" - }, - "query": { - "$ref": "#/definitions/http.matchers.query" - }, - "remote_ip": { - "$ref": "#/definitions/http.matchers.remote_ip" - }, - "vars": { - "$ref": "#/definitions/http.matchers.vars" - }, - "vars_regexp": { - "$ref": "#/definitions/http.matchers.vars_regexp" - } - } - } - }, - "max_events": { - "description": "max_events: number\nModule: http.handlers.rate_limit\nhttps://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler", - "markdownDescription": "max_events: `number` \nModule: `http.handlers.rate_limit` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler)", - "type": "number" - }, - "window": { - "description": "window: number\nModule: http.handlers.rate_limit\nhttps://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler", - "markdownDescription": "window: `number` \nModule: `http.handlers.rate_limit` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler)", - "type": "number" - } - } - } - }, - "storage": { - "description": "storage: object\nModule: caddy.storage", - "markdownDescription": "storage: `object` \nModule: `caddy.storage`", - "type": "object", - "required": [ - "module" - ], - "allOf": [ - { - "if": { - "properties": { - "module": { - "const": "consul" - } - } - }, - "then": { - "$ref": "#/definitions/caddy.storage.consul" - } - }, - { - "if": { - "properties": { - "module": { - "const": "file_system" - } - } - }, - "then": { - "$ref": "#/definitions/caddy.storage.file_system" - } - }, - { - "properties": { - "module": { - "description": "key to identify storage module.\nmodule: string\nModule: caddy.storage", - "markdownDescription": "key to identify `storage` module. \nmodule: `string` \nModule: `caddy.storage`", - "type": "string", - "enum": [ - "consul", - "file_system" - ] - } - } - } - ] - }, - "sweep_interval": { - "description": "sweep_interval: number\nModule: http.handlers.rate_limit\nhttps://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler", - "markdownDescription": "sweep_interval: `number` \nModule: `http.handlers.rate_limit` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-ratelimit#Handler)", - "type": "number" - } - } - }, "http.handlers.request_body": { "description": "request_body: object\nModule: http.handlers.request_body\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/requestbody#RequestBody\nRequestBody is a middleware for manipulating the request body.\n\n", "markdownDescription": "request_body: `object` \nModule: `http.handlers.request_body` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/requestbody#RequestBody) \nRequestBody is a middleware for manipulating the request body.\n \n", @@ -3591,12 +2612,12 @@ "if": { "properties": { "source": { - "const": "multi" + "const": "a" } } }, "then": { - "$ref": "#/definitions/http.reverse_proxy.upstreams.multi" + "$ref": "#/definitions/http.reverse_proxy.upstreams.a" } }, { @@ -3611,18 +2632,6 @@ "$ref": "#/definitions/http.reverse_proxy.upstreams.srv" } }, - { - "if": { - "properties": { - "source": { - "const": "a" - } - } - }, - "then": { - "$ref": "#/definitions/http.reverse_proxy.upstreams.a" - } - }, { "properties": { "source": { @@ -3630,9 +2639,8 @@ "markdownDescription": "key to identify `dynamic_upstreams` module. \nsource: `string` \nModule: `http.reverse_proxy.upstreams`", "type": "string", "enum": [ - "multi", - "srv", - "a" + "a", + "srv" ] } } @@ -3640,8 +2648,8 @@ ] }, "flush_interval": { - "description": "flush_interval: number\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nAdjusts how often to flush the response buffer. By default,\nno periodic flushing is done. A negative value disables\nresponse buffering, and flushes immediately after each\nwrite to the client. This option is ignored when the upstream's\nresponse is recognized as a streaming response, or if its\ncontent length is -1; for such responses, writes are flushed\nto the client immediately.\n\nNormally, a request will be canceled if the client disconnects\nbefore the response is received from the backend. If explicitly\nset to -1, client disconnection will be ignored and the request\nwill be completed to help facilitate low-latency streaming.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", - "markdownDescription": "flush_interval: `number` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nAdjusts how often to flush the response buffer. By default,\nno periodic flushing is done. A negative value disables\nresponse buffering, and flushes immediately after each\nwrite to the client. This option is ignored when the upstream's\nresponse is recognized as a streaming response, or if its\ncontent length is -1; for such responses, writes are flushed\nto the client immediately.\n\nNormally, a request will be canceled if the client disconnects\nbefore the response is received from the backend. If explicitly\nset to -1, client disconnection will be ignored and the request\nwill be completed to help facilitate low-latency streaming.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "description": "flush_interval: number\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nAdjusts how often to flush the response buffer. By default,\nno periodic flushing is done. A negative value disables\nresponse buffering, and flushes immediately after each\nwrite to the client. This option is ignored when the upstream's\nresponse is recognized as a streaming response, or if its\ncontent length is -1; for such responses, writes are flushed\nto the client immediately.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "flush_interval: `number` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nAdjusts how often to flush the response buffer. By default,\nno periodic flushing is done. A negative value disables\nresponse buffering, and flushes immediately after each\nwrite to the client. This option is ignored when the upstream's\nresponse is recognized as a streaming response, or if its\ncontent length is -1; for such responses, writes are flushed\nto the client immediately.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", "type": "number" }, "handle_response": { @@ -3708,138 +2716,6 @@ "handler" ], "allOf": [ - { - "if": { - "properties": { - "handler": { - "const": "map" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.map" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "push" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.push" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "rewrite" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.rewrite" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "cache" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.cache" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "copy_response" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.copy_response" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "encode" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.encode" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "error" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.error" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "vars" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.vars" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "acme_server" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.acme_server" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "authenticator" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.authenticator" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "request_body" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.request_body" - } - }, { "if": { "properties": { @@ -3852,54 +2728,6 @@ "$ref": "#/definitions/http.handlers.static_response" } }, - { - "if": { - "properties": { - "handler": { - "const": "reverse_proxy" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.reverse_proxy" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "subroute" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.subroute" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "templates" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.templates" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "tracing" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.tracing" - } - }, { "if": { "properties": { @@ -3912,6 +2740,18 @@ "$ref": "#/definitions/http.handlers.authentication" } }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response" + } + }, { "if": { "properties": { @@ -3924,6 +2764,18 @@ "$ref": "#/definitions/http.handlers.copy_response_headers" } }, + { + "if": { + "properties": { + "handler": { + "const": "error" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.error" + } + }, { "if": { "properties": { @@ -3936,6 +2788,78 @@ "$ref": "#/definitions/http.handlers.file_server" } }, + { + "if": { + "properties": { + "handler": { + "const": "map" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.map" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "reverse_proxy" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.reverse_proxy" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "templates" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.templates" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "acme_server" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.acme_server" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "vars" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.vars" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "push" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.push" + } + }, { "if": { "properties": { @@ -3964,12 +2888,60 @@ "if": { "properties": { "handler": { - "const": "rate_limit" + "const": "request_body" } } }, "then": { - "$ref": "#/definitions/http.handlers.rate_limit" + "$ref": "#/definitions/http.handlers.request_body" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "rewrite" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.rewrite" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "subroute" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.subroute" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "tracing" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.tracing" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "encode" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.encode" } }, { @@ -3979,28 +2951,25 @@ "markdownDescription": "key to identify `handle` module. \nhandler: `string` \nModule: `http.handlers`", "type": "string", "enum": [ - "map", - "push", - "rewrite", - "cache", - "copy_response", - "encode", - "error", - "vars", - "acme_server", - "authenticator", - "request_body", "static_response", - "reverse_proxy", - "subroute", - "templates", - "tracing", "authentication", + "copy_response", "copy_response_headers", + "error", "file_server", + "map", + "reverse_proxy", + "templates", + "acme_server", + "vars", + "push", "headers", "metrics", - "rate_limit" + "request_body", + "rewrite", + "subroute", + "tracing", + "encode" ] } } @@ -4101,18 +3070,18 @@ } }, "delete": { - "description": "delete: array\nModule: http.handlers.reverse_proxy\nNames of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring.\n", - "markdownDescription": "delete: `array` \nModule: `http.handlers.reverse_proxy` \nNames of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring. \n", + "description": "delete: array\nModule: http.handlers.reverse_proxy\nNames of HTTP header fields to delete.\n", + "markdownDescription": "delete: `array` \nModule: `http.handlers.reverse_proxy` \nNames of HTTP header fields to delete. \n", "type": "array", "items": { - "description": "Names of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring.\n", - "markdownDescription": "Names of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring. \n", + "description": "Names of HTTP header fields to delete.\n", + "markdownDescription": "Names of HTTP header fields to delete. \n", "type": "string" } }, "replace": { - "description": "replace: object\nModule: http.handlers.reverse_proxy\nPerforms in-situ substring replacements of HTTP headers.\nKeys are the field names on which to perform the associated replacements.\nIf the field name is `*`, the replacements are performed on all header fields.\n", - "markdownDescription": "replace: `object` \nModule: `http.handlers.reverse_proxy` \nPerforms in-situ substring replacements of HTTP headers.\nKeys are the field names on which to perform the associated replacements.\nIf the field name is `*`, the replacements are performed on all header fields. \n", + "description": "replace: object\nModule: http.handlers.reverse_proxy\nPerforms substring replacements of HTTP headers in-situ.\n", + "markdownDescription": "replace: `object` \nModule: `http.handlers.reverse_proxy` \nPerforms substring replacements of HTTP headers in-situ. \n", "type": "object", "additionalProperties": { "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement\nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n\n", @@ -4181,18 +3150,18 @@ "type": "boolean" }, "delete": { - "description": "delete: array\nModule: http.handlers.reverse_proxy\nNames of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring.\n", - "markdownDescription": "delete: `array` \nModule: `http.handlers.reverse_proxy` \nNames of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring. \n", + "description": "delete: array\nModule: http.handlers.reverse_proxy\nNames of HTTP header fields to delete.\n", + "markdownDescription": "delete: `array` \nModule: `http.handlers.reverse_proxy` \nNames of HTTP header fields to delete. \n", "type": "array", "items": { - "description": "Names of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring.\n", - "markdownDescription": "Names of HTTP header fields to delete. Basic wildcards are supported:\n\n- Start with `*` for all field names with the given suffix;\n- End with `*` for all field names with the given prefix;\n- Start and end with `*` for all field names containing a substring. \n", + "description": "Names of HTTP header fields to delete.\n", + "markdownDescription": "Names of HTTP header fields to delete. \n", "type": "string" } }, "replace": { - "description": "replace: object\nModule: http.handlers.reverse_proxy\nPerforms in-situ substring replacements of HTTP headers.\nKeys are the field names on which to perform the associated replacements.\nIf the field name is `*`, the replacements are performed on all header fields.\n", - "markdownDescription": "replace: `object` \nModule: `http.handlers.reverse_proxy` \nPerforms in-situ substring replacements of HTTP headers.\nKeys are the field names on which to perform the associated replacements.\nIf the field name is `*`, the replacements are performed on all header fields. \n", + "description": "replace: object\nModule: http.handlers.reverse_proxy\nPerforms substring replacements of HTTP headers in-situ.\n", + "markdownDescription": "replace: `object` \nModule: `http.handlers.reverse_proxy` \nPerforms substring replacements of HTTP headers in-situ. \n", "type": "object", "additionalProperties": { "description": "https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/headers#Replacement\nReplacement describes a string replacement,\neither a simple and fast substring search\nor a slower but more powerful regex search.\n\n", @@ -4378,11 +3347,6 @@ "markdownDescription": "load_balancing: `object` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#LoadBalancing) \nLoad balancing distributes load/requests between backends.\n\n\nLoadBalancing has parameters related to load balancing. \n", "type": "object", "properties": { - "retries": { - "description": "retries: number\nModule: http.handlers.reverse_proxy\nHow many times to retry selecting available backends for each\nrequest if the next available host is down. If try_duration is\nalso configured, then retries may stop early if the duration\nis reached. By default, retries are disabled (zero).\n", - "markdownDescription": "retries: `number` \nModule: `http.handlers.reverse_proxy` \nHow many times to retry selecting available backends for each\nrequest if the next available host is down. If try_duration is\nalso configured, then retries may stop early if the duration\nis reached. By default, retries are disabled (zero). \n", - "type": "number" - }, "retry_match": { "description": "retry_match: array\nModule: http.matchers\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nA list of matcher sets that restricts with which requests retries are\nallowed. A request must match any of the given matcher sets in order\nto be retried if the connection to the upstream succeeded but the\nsubsequent round-trip failed. If the connection to the upstream failed,\na retry is always allowed. If unspecified, only GET requests will be\nallowed to be retried. Note that a retry is done with the next available\nhost according to the load balancing policy.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", "markdownDescription": "retry_match: `array` \nModule: `http.matchers` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nA list of matcher sets that restricts with which requests retries are\nallowed. A request must match any of the given matcher sets in order\nto be retried if the connection to the upstream succeeded but the\nsubsequent round-trip failed. If the connection to the upstream failed,\na retry is always allowed. If unspecified, only GET requests will be\nallowed to be retried. Note that a retry is done with the next available\nhost according to the load balancing policy.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", @@ -4448,12 +3412,12 @@ "if": { "properties": { "policy": { - "const": "cookie" + "const": "first" } } }, "then": { - "$ref": "#/definitions/http.reverse_proxy.selection_policies.cookie" + "$ref": "#/definitions/http.reverse_proxy.selection_policies.first" } }, { @@ -4468,30 +3432,6 @@ "$ref": "#/definitions/http.reverse_proxy.selection_policies.ip_hash" } }, - { - "if": { - "properties": { - "policy": { - "const": "random" - } - } - }, - "then": { - "$ref": "#/definitions/http.reverse_proxy.selection_policies.random" - } - }, - { - "if": { - "properties": { - "policy": { - "const": "random_choose" - } - } - }, - "then": { - "$ref": "#/definitions/http.reverse_proxy.selection_policies.random_choose" - } - }, { "if": { "properties": { @@ -4508,12 +3448,12 @@ "if": { "properties": { "policy": { - "const": "first" + "const": "cookie" } } }, "then": { - "$ref": "#/definitions/http.reverse_proxy.selection_policies.first" + "$ref": "#/definitions/http.reverse_proxy.selection_policies.cookie" } }, { @@ -4540,6 +3480,30 @@ "$ref": "#/definitions/http.reverse_proxy.selection_policies.least_conn" } }, + { + "if": { + "properties": { + "policy": { + "const": "random" + } + } + }, + "then": { + "$ref": "#/definitions/http.reverse_proxy.selection_policies.random" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "random_choose" + } + } + }, + "then": { + "$ref": "#/definitions/http.reverse_proxy.selection_policies.random_choose" + } + }, { "if": { "properties": { @@ -4559,14 +3523,14 @@ "markdownDescription": "key to identify `selection_policy` module. \npolicy: `string` \nModule: `http.reverse_proxy.selection_policies`", "type": "string", "enum": [ - "cookie", - "ip_hash", - "random", - "random_choose", - "uri_hash", "first", + "ip_hash", + "uri_hash", + "cookie", "header", "least_conn", + "random", + "random_choose", "round_robin" ] } @@ -4575,13 +3539,13 @@ ] }, "try_duration": { - "description": "try_duration: number\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to try selecting available backends for each request\nif the next available host is down. Clients will wait for up\nto this long while the load balancer tries to find an available\nupstream host. If retries is also configured, tries may stop\nearly if the maximum retries is reached. By default, retries\nare disabled (zero duration).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", - "markdownDescription": "try_duration: `number` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to try selecting available backends for each request\nif the next available host is down. Clients will wait for up\nto this long while the load balancer tries to find an available\nupstream host. If retries is also configured, tries may stop\nearly if the maximum retries is reached. By default, retries\nare disabled (zero duration).\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "description": "try_duration: number\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to try selecting available backends for each request\nif the next available host is down. By default, this retry is\ndisabled. Clients will wait for up to this long while the load\nbalancer tries to find an available upstream host.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "try_duration: `number` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to try selecting available backends for each request\nif the next available host is down. By default, this retry is\ndisabled. Clients will wait for up to this long while the load\nbalancer tries to find an available upstream host.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", "type": "number" }, "try_interval": { - "description": "try_interval: number\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to wait between selecting the next host from the pool.\nDefault is 250ms if try_duration is enabled, otherwise zero. Only\nrelevant when a request to an upstream host fails. Be aware that\nsetting this to 0 with a non-zero try_duration can cause the CPU\nto spin if all backends are down and latency is very low.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", - "markdownDescription": "try_interval: `number` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to wait between selecting the next host from the pool.\nDefault is 250ms if try_duration is enabled, otherwise zero. Only\nrelevant when a request to an upstream host fails. Be aware that\nsetting this to 0 with a non-zero try_duration can cause the CPU\nto spin if all backends are down and latency is very low.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", + "description": "try_interval: number\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration\nHow long to wait between selecting the next host from the pool. Default\nis 250ms. Only relevant when a request to an upstream host fails. Be\naware that setting this to 0 with a non-zero try_duration can cause the\nCPU to spin if all backends are down and latency is very low.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`.\n", + "markdownDescription": "try_interval: `number` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#Duration) \nHow long to wait between selecting the next host from the pool. Default\nis 250ms. Only relevant when a request to an upstream host fails. Be\naware that setting this to 0 with a non-zero try_duration can cause the\nCPU to spin if all backends are down and latency is very low.\n\n\nDuration can be an integer or a string. An integer is\ninterpreted as nanoseconds. If a string, it is a Go\ntime.Duration value such as `300ms`, `1.5h`, or `2h45m`;\nvalid units are `ns`, `us`/`µs`, `ms`, `s`, `m`, `h`, and `d`. \n", "type": "number" } } @@ -4592,8 +3556,8 @@ "type": "number" }, "rewrite": { - "description": "rewrite: object\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#Rewrite\nIf configured, rewrites the copy of the upstream request.\nAllows changing the request method and URI (path and query).\nSince the rewrite is applied to the copy, it does not persist\npast the reverse proxy handler.\nIf the method is changed to `GET` or `HEAD`, the request body\nwill not be copied to the backend. This allows a later request\nhandler -- either in a `handle_response` route, or after -- to\nread the body.\nBy default, no rewrite is performed, and the method and URI\nfrom the incoming request is used as-is for proxying.\n\n\nRewrite is a middleware which can rewrite/mutate HTTP requests.\n\nThe Method and URI properties are \"setters\" (the request URI\nwill be overwritten with the given values). Other properties are\n\"modifiers\" (they modify existing values in a differentiable\nway). It is atypical to combine the use of setters and\nmodifiers in a single rewrite.\n\nTo ensure consistent behavior, prefix and suffix stripping is\nperformed in the URL-decoded (unescaped, normalized) space by\ndefault except for the specific bytes where an escape sequence\nis used in the prefix or suffix pattern.\n\nFor all modifiers, paths are cleaned before being modified so that\nmultiple, consecutive slashes are collapsed into a single slash,\nand dot elements are resolved and removed. In the special case\nof a prefix, suffix, or substring containing \"//\" (repeated slashes),\nslashes will not be merged while cleaning the path so that\nthe rewrite can be interpreted literally.\n", - "markdownDescription": "rewrite: `object` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#Rewrite) \nIf configured, rewrites the copy of the upstream request.\nAllows changing the request method and URI (path and query).\nSince the rewrite is applied to the copy, it does not persist\npast the reverse proxy handler.\nIf the method is changed to `GET` or `HEAD`, the request body\nwill not be copied to the backend. This allows a later request\nhandler -- either in a `handle_response` route, or after -- to\nread the body.\nBy default, no rewrite is performed, and the method and URI\nfrom the incoming request is used as-is for proxying.\n\n\nRewrite is a middleware which can rewrite/mutate HTTP requests.\n\nThe Method and URI properties are \"setters\" (the request URI\nwill be overwritten with the given values). Other properties are\n\"modifiers\" (they modify existing values in a differentiable\nway). It is atypical to combine the use of setters and\nmodifiers in a single rewrite.\n\nTo ensure consistent behavior, prefix and suffix stripping is\nperformed in the URL-decoded (unescaped, normalized) space by\ndefault except for the specific bytes where an escape sequence\nis used in the prefix or suffix pattern.\n\nFor all modifiers, paths are cleaned before being modified so that\nmultiple, consecutive slashes are collapsed into a single slash,\nand dot elements are resolved and removed. In the special case\nof a prefix, suffix, or substring containing \"//\" (repeated slashes),\nslashes will not be merged while cleaning the path so that\nthe rewrite can be interpreted literally. \n", + "description": "rewrite: object\nModule: http.handlers.reverse_proxy\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#Rewrite\nIf configured, rewrites the copy of the upstream request.\nAllows changing the request method and URI (path and query).\nSince the rewrite is applied to the copy, it does not persist\npast the reverse proxy handler.\nIf the method is changed to `GET` or `HEAD`, the request body\nwill not be copied to the backend. This allows a later request\nhandler -- either in a `handle_response` route, or after -- to\nread the body.\nBy default, no rewrite is performed, and the method and URI\nfrom the incoming request is used as-is for proxying.\n\n\nRewrite is a middleware which can rewrite HTTP requests.\n\nThe Method and URI properties are \"setters\": the request URI\nwill be set to the given values. Other properties are \"modifiers\":\nthey modify existing files but do not explicitly specify what the\nresult will be. It is atypical to combine the use of setters and\nmodifiers in a single rewrite.\n", + "markdownDescription": "rewrite: `object` \nModule: `http.handlers.reverse_proxy` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#Rewrite) \nIf configured, rewrites the copy of the upstream request.\nAllows changing the request method and URI (path and query).\nSince the rewrite is applied to the copy, it does not persist\npast the reverse proxy handler.\nIf the method is changed to `GET` or `HEAD`, the request body\nwill not be copied to the backend. This allows a later request\nhandler -- either in a `handle_response` route, or after -- to\nread the body.\nBy default, no rewrite is performed, and the method and URI\nfrom the incoming request is used as-is for proxying.\n\n\nRewrite is a middleware which can rewrite HTTP requests.\n\nThe Method and URI properties are \"setters\": the request URI\nwill be set to the given values. Other properties are \"modifiers\":\nthey modify existing files but do not explicitly specify what the\nresult will be. It is atypical to combine the use of setters and\nmodifiers in a single rewrite. \n", "type": "object", "properties": { "method": { @@ -4624,13 +3588,13 @@ } }, "strip_path_prefix": { - "description": "strip_path_prefix: string\nModule: http.handlers.reverse_proxy\nStrips the given prefix from the beginning of the URI path.\nThe prefix should be written in normalized (unescaped) form,\nbut if an escaping (`%xx`) is used, the path will be required\nto have that same escape at that position in order to match.\n", - "markdownDescription": "strip_path_prefix: `string` \nModule: `http.handlers.reverse_proxy` \nStrips the given prefix from the beginning of the URI path.\nThe prefix should be written in normalized (unescaped) form,\nbut if an escaping (`%xx`) is used, the path will be required\nto have that same escape at that position in order to match. \n", + "description": "strip_path_prefix: string\nModule: http.handlers.reverse_proxy\nStrips the given prefix from the beginning of the URI path.\n", + "markdownDescription": "strip_path_prefix: `string` \nModule: `http.handlers.reverse_proxy` \nStrips the given prefix from the beginning of the URI path. \n", "type": "string" }, "strip_path_suffix": { - "description": "strip_path_suffix: string\nModule: http.handlers.reverse_proxy\nStrips the given suffix from the end of the URI path.\nThe suffix should be written in normalized (unescaped) form,\nbut if an escaping (`%xx`) is used, the path will be required\nto have that same escape at that position in order to match.\n", - "markdownDescription": "strip_path_suffix: `string` \nModule: `http.handlers.reverse_proxy` \nStrips the given suffix from the end of the URI path.\nThe suffix should be written in normalized (unescaped) form,\nbut if an escaping (`%xx`) is used, the path will be required\nto have that same escape at that position in order to match. \n", + "description": "strip_path_suffix: string\nModule: http.handlers.reverse_proxy\nStrips the given suffix from the end of the URI path.\n", + "markdownDescription": "strip_path_suffix: `string` \nModule: `http.handlers.reverse_proxy` \nStrips the given suffix from the end of the URI path. \n", "type": "string" }, "uri": { @@ -4754,8 +3718,8 @@ } }, "http.handlers.rewrite": { - "description": "rewrite: object\nModule: http.handlers.rewrite\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#Rewrite\nRewrite is a middleware which can rewrite/mutate HTTP requests.\n\nThe Method and URI properties are \"setters\" (the request URI\nwill be overwritten with the given values). Other properties are\n\"modifiers\" (they modify existing values in a differentiable\nway). It is atypical to combine the use of setters and\nmodifiers in a single rewrite.\n\nTo ensure consistent behavior, prefix and suffix stripping is\nperformed in the URL-decoded (unescaped, normalized) space by\ndefault except for the specific bytes where an escape sequence\nis used in the prefix or suffix pattern.\n\nFor all modifiers, paths are cleaned before being modified so that\nmultiple, consecutive slashes are collapsed into a single slash,\nand dot elements are resolved and removed. In the special case\nof a prefix, suffix, or substring containing \"//\" (repeated slashes),\nslashes will not be merged while cleaning the path so that\nthe rewrite can be interpreted literally.\n\n", - "markdownDescription": "rewrite: `object` \nModule: `http.handlers.rewrite` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#Rewrite) \nRewrite is a middleware which can rewrite/mutate HTTP requests.\n\nThe Method and URI properties are \"setters\" (the request URI\nwill be overwritten with the given values). Other properties are\n\"modifiers\" (they modify existing values in a differentiable\nway). It is atypical to combine the use of setters and\nmodifiers in a single rewrite.\n\nTo ensure consistent behavior, prefix and suffix stripping is\nperformed in the URL-decoded (unescaped, normalized) space by\ndefault except for the specific bytes where an escape sequence\nis used in the prefix or suffix pattern.\n\nFor all modifiers, paths are cleaned before being modified so that\nmultiple, consecutive slashes are collapsed into a single slash,\nand dot elements are resolved and removed. In the special case\nof a prefix, suffix, or substring containing \"//\" (repeated slashes),\nslashes will not be merged while cleaning the path so that\nthe rewrite can be interpreted literally.\n \n", + "description": "rewrite: object\nModule: http.handlers.rewrite\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#Rewrite\nRewrite is a middleware which can rewrite HTTP requests.\n\nThe Method and URI properties are \"setters\": the request URI\nwill be set to the given values. Other properties are \"modifiers\":\nthey modify existing files but do not explicitly specify what the\nresult will be. It is atypical to combine the use of setters and\nmodifiers in a single rewrite.\n\n", + "markdownDescription": "rewrite: `object` \nModule: `http.handlers.rewrite` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/rewrite#Rewrite) \nRewrite is a middleware which can rewrite HTTP requests.\n\nThe Method and URI properties are \"setters\": the request URI\nwill be set to the given values. Other properties are \"modifiers\":\nthey modify existing files but do not explicitly specify what the\nresult will be. It is atypical to combine the use of setters and\nmodifiers in a single rewrite.\n \n", "type": "object", "properties": { "method": { @@ -4786,13 +3750,13 @@ } }, "strip_path_prefix": { - "description": "strip_path_prefix: string\nModule: http.handlers.rewrite\nStrips the given prefix from the beginning of the URI path.\nThe prefix should be written in normalized (unescaped) form,\nbut if an escaping (`%xx`) is used, the path will be required\nto have that same escape at that position in order to match.\n", - "markdownDescription": "strip_path_prefix: `string` \nModule: `http.handlers.rewrite` \nStrips the given prefix from the beginning of the URI path.\nThe prefix should be written in normalized (unescaped) form,\nbut if an escaping (`%xx`) is used, the path will be required\nto have that same escape at that position in order to match. \n", + "description": "strip_path_prefix: string\nModule: http.handlers.rewrite\nStrips the given prefix from the beginning of the URI path.\n", + "markdownDescription": "strip_path_prefix: `string` \nModule: `http.handlers.rewrite` \nStrips the given prefix from the beginning of the URI path. \n", "type": "string" }, "strip_path_suffix": { - "description": "strip_path_suffix: string\nModule: http.handlers.rewrite\nStrips the given suffix from the end of the URI path.\nThe suffix should be written in normalized (unescaped) form,\nbut if an escaping (`%xx`) is used, the path will be required\nto have that same escape at that position in order to match.\n", - "markdownDescription": "strip_path_suffix: `string` \nModule: `http.handlers.rewrite` \nStrips the given suffix from the end of the URI path.\nThe suffix should be written in normalized (unescaped) form,\nbut if an escaping (`%xx`) is used, the path will be required\nto have that same escape at that position in order to match. \n", + "description": "strip_path_suffix: string\nModule: http.handlers.rewrite\nStrips the given suffix from the end of the URI path.\n", + "markdownDescription": "strip_path_suffix: `string` \nModule: `http.handlers.rewrite` \nStrips the given suffix from the end of the URI path. \n", "type": "string" }, "uri": { @@ -4840,8 +3804,8 @@ "type": "boolean" }, "body": { - "description": "body: string\nModule: http.handlers.static_response\nThe response body. If non-empty, the Content-Type header may\nbe added automatically if it is not explicitly configured nor\nalready set on the response; the default value is\n\"text/plain; charset=utf-8\" unless the body is a valid JSON object\nor array, in which case the value will be \"application/json\".\nOther than those common special cases the Content-Type header\nshould be set explicitly if it is desired because MIME sniffing\nis disabled for safety.\n", - "markdownDescription": "body: `string` \nModule: `http.handlers.static_response` \nThe response body. If non-empty, the Content-Type header may\nbe added automatically if it is not explicitly configured nor\nalready set on the response; the default value is\n\"text/plain; charset=utf-8\" unless the body is a valid JSON object\nor array, in which case the value will be \"application/json\".\nOther than those common special cases the Content-Type header\nshould be set explicitly if it is desired because MIME sniffing\nis disabled for safety. \n", + "description": "body: string\nModule: http.handlers.static_response\nThe response body.\n", + "markdownDescription": "body: `string` \nModule: `http.handlers.static_response` \nThe response body. \n", "type": "string" }, "close": { @@ -4850,12 +3814,12 @@ "type": "boolean" }, "headers": { - "description": "headers: object\nModule: http.handlers.static_response\nHeader fields to set on the response; overwrites any existing\nheader fields of the same names after normalization.\n", - "markdownDescription": "headers: `object` \nModule: `http.handlers.static_response` \nHeader fields to set on the response; overwrites any existing\nheader fields of the same names after normalization. \n", + "description": "headers: object\nModule: http.handlers.static_response\nHeader fields to set on the response.\n", + "markdownDescription": "headers: `object` \nModule: `http.handlers.static_response` \nHeader fields to set on the response. \n", "type": "object", "additionalProperties": { - "description": "Header fields to set on the response; overwrites any existing\nheader fields of the same names after normalization.\n", - "markdownDescription": "Header fields to set on the response; overwrites any existing\nheader fields of the same names after normalization. \n", + "description": "Header fields to set on the response.\n", + "markdownDescription": "Header fields to set on the response. \n", "type": "array", "items": { "type": "string" @@ -4863,8 +3827,8 @@ } }, "status_code": { - "description": "status_code: string\nModule: http.handlers.static_response\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#WeakString\nThe HTTP status code to respond with. Can be an integer or,\nif needing to use a placeholder, a string.\n\nIf the status code is 103 (Early Hints), the response headers\nwill be written to the client immediately, the body will be\nignored, and the next handler will be invoked. This behavior\nis EXPERIMENTAL while RFC 8297 is a draft, and may be changed\nor removed.\n\n\nWeakString is a type that unmarshals any JSON value\nas a string literal, with the following exceptions:\n\n1. actual string values are decoded as strings; and\n2. null is decoded as empty string;\n\nand provides methods for getting the value as various\nprimitive types. However, using this type removes any\ntype safety as far as deserializing JSON is concerned.\n", - "markdownDescription": "status_code: `string` \nModule: `http.handlers.static_response` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#WeakString) \nThe HTTP status code to respond with. Can be an integer or,\nif needing to use a placeholder, a string.\n\nIf the status code is 103 (Early Hints), the response headers\nwill be written to the client immediately, the body will be\nignored, and the next handler will be invoked. This behavior\nis EXPERIMENTAL while RFC 8297 is a draft, and may be changed\nor removed.\n\n\nWeakString is a type that unmarshals any JSON value\nas a string literal, with the following exceptions:\n\n1. actual string values are decoded as strings; and\n2. null is decoded as empty string;\n\nand provides methods for getting the value as various\nprimitive types. However, using this type removes any\ntype safety as far as deserializing JSON is concerned. \n", + "description": "status_code: string\nModule: http.handlers.static_response\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#WeakString\nThe HTTP status code to respond with. Can be an integer or,\nif needing to use a placeholder, a string.\n\n\nWeakString is a type that unmarshals any JSON value\nas a string literal, with the following exceptions:\n\n1. actual string values are decoded as strings; and\n2. null is decoded as empty string;\n\nand provides methods for getting the value as various\nprimitive types. However, using this type removes any\ntype safety as far as deserializing JSON is concerned.\n", + "markdownDescription": "status_code: `string` \nModule: `http.handlers.static_response` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#WeakString) \nThe HTTP status code to respond with. Can be an integer or,\nif needing to use a placeholder, a string.\n\n\nWeakString is a type that unmarshals any JSON value\nas a string literal, with the following exceptions:\n\n1. actual string values are decoded as strings; and\n2. null is decoded as empty string;\n\nand provides methods for getting the value as various\nprimitive types. However, using this type removes any\ntype safety as far as deserializing JSON is concerned. \n", "type": "string" } } @@ -4908,120 +3872,12 @@ "if": { "properties": { "handler": { - "const": "metrics" + "const": "authentication" } } }, "then": { - "$ref": "#/definitions/http.handlers.metrics" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "rate_limit" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.rate_limit" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "encode" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.encode" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "error" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.error" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "map" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.map" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "push" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.push" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "rewrite" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.rewrite" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "cache" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.cache" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "copy_response" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.copy_response" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "request_body" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.request_body" + "$ref": "#/definitions/http.handlers.authentication" } }, { @@ -5036,42 +3892,6 @@ "$ref": "#/definitions/http.handlers.static_response" } }, - { - "if": { - "properties": { - "handler": { - "const": "vars" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.vars" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "acme_server" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.acme_server" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "authenticator" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.authenticator" - } - }, { "if": { "properties": { @@ -5088,12 +3908,12 @@ "if": { "properties": { "handler": { - "const": "headers" + "const": "map" } } }, "then": { - "$ref": "#/definitions/http.handlers.headers" + "$ref": "#/definitions/http.handlers.map" } }, { @@ -5108,18 +3928,6 @@ "$ref": "#/definitions/http.handlers.reverse_proxy" } }, - { - "if": { - "properties": { - "handler": { - "const": "subroute" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.subroute" - } - }, { "if": { "properties": { @@ -5132,6 +3940,102 @@ "$ref": "#/definitions/http.handlers.templates" } }, + { + "if": { + "properties": { + "handler": { + "const": "acme_server" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.acme_server" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "copy_response_headers" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.copy_response_headers" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "error" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.error" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "push" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.push" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "vars" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.vars" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "rewrite" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.rewrite" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "subroute" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.subroute" + } + }, { "if": { "properties": { @@ -5148,24 +4052,48 @@ "if": { "properties": { "handler": { - "const": "authentication" + "const": "encode" } } }, "then": { - "$ref": "#/definitions/http.handlers.authentication" + "$ref": "#/definitions/http.handlers.encode" } }, { "if": { "properties": { "handler": { - "const": "copy_response_headers" + "const": "headers" } } }, "then": { - "$ref": "#/definitions/http.handlers.copy_response_headers" + "$ref": "#/definitions/http.handlers.headers" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "metrics" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.metrics" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "request_body" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.request_body" } }, { @@ -5175,28 +4103,25 @@ "markdownDescription": "key to identify `handle` module. \nhandler: `string` \nModule: `http.handlers`", "type": "string", "enum": [ - "metrics", - "rate_limit", - "encode", - "error", - "map", - "push", - "rewrite", - "cache", - "copy_response", - "request_body", - "static_response", - "vars", - "acme_server", - "authenticator", - "file_server", - "headers", - "reverse_proxy", - "subroute", - "templates", - "tracing", "authentication", - "copy_response_headers" + "static_response", + "file_server", + "map", + "reverse_proxy", + "templates", + "acme_server", + "copy_response", + "copy_response_headers", + "error", + "push", + "vars", + "rewrite", + "subroute", + "tracing", + "encode", + "headers", + "metrics", + "request_body" ] } } @@ -5292,54 +4217,6 @@ "handler" ], "allOf": [ - { - "if": { - "properties": { - "handler": { - "const": "authentication" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.authentication" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "copy_response_headers" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.copy_response_headers" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "file_server" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.file_server" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "headers" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.headers" - } - }, { "if": { "properties": { @@ -5352,18 +4229,6 @@ "$ref": "#/definitions/http.handlers.reverse_proxy" } }, - { - "if": { - "properties": { - "handler": { - "const": "subroute" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.subroute" - } - }, { "if": { "properties": { @@ -5380,48 +4245,12 @@ "if": { "properties": { "handler": { - "const": "tracing" + "const": "acme_server" } } }, "then": { - "$ref": "#/definitions/http.handlers.tracing" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "metrics" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.metrics" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "rate_limit" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.rate_limit" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "cache" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.cache" + "$ref": "#/definitions/http.handlers.acme_server" } }, { @@ -5440,12 +4269,12 @@ "if": { "properties": { "handler": { - "const": "encode" + "const": "copy_response_headers" } } }, "then": { - "$ref": "#/definitions/http.handlers.encode" + "$ref": "#/definitions/http.handlers.copy_response_headers" } }, { @@ -5460,6 +4289,18 @@ "$ref": "#/definitions/http.handlers.error" } }, + { + "if": { + "properties": { + "handler": { + "const": "file_server" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.file_server" + } + }, { "if": { "properties": { @@ -5488,36 +4329,60 @@ "if": { "properties": { "handler": { - "const": "rewrite" + "const": "vars" } } }, "then": { - "$ref": "#/definitions/http.handlers.rewrite" + "$ref": "#/definitions/http.handlers.vars" } }, { "if": { "properties": { "handler": { - "const": "acme_server" + "const": "tracing" } } }, "then": { - "$ref": "#/definitions/http.handlers.acme_server" + "$ref": "#/definitions/http.handlers.tracing" } }, { "if": { "properties": { "handler": { - "const": "authenticator" + "const": "encode" } } }, "then": { - "$ref": "#/definitions/http.handlers.authenticator" + "$ref": "#/definitions/http.handlers.encode" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "headers" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.headers" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "metrics" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.metrics" } }, { @@ -5532,6 +4397,42 @@ "$ref": "#/definitions/http.handlers.request_body" } }, + { + "if": { + "properties": { + "handler": { + "const": "rewrite" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.rewrite" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "subroute" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.subroute" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "authentication" + } + } + }, + "then": { + "$ref": "#/definitions/http.handlers.authentication" + } + }, { "if": { "properties": { @@ -5544,18 +4445,6 @@ "$ref": "#/definitions/http.handlers.static_response" } }, - { - "if": { - "properties": { - "handler": { - "const": "vars" - } - } - }, - "then": { - "$ref": "#/definitions/http.handlers.vars" - } - }, { "properties": { "handler": { @@ -5563,28 +4452,25 @@ "markdownDescription": "key to identify `handle` module. \nhandler: `string` \nModule: `http.handlers`", "type": "string", "enum": [ - "authentication", - "copy_response_headers", - "file_server", - "headers", "reverse_proxy", - "subroute", "templates", - "tracing", - "metrics", - "rate_limit", - "cache", + "acme_server", "copy_response", - "encode", + "copy_response_headers", "error", + "file_server", "map", "push", - "rewrite", - "acme_server", - "authenticator", + "vars", + "tracing", + "encode", + "headers", + "metrics", "request_body", - "static_response", - "vars" + "rewrite", + "subroute", + "authentication", + "static_response" ] } } @@ -5656,8 +4542,8 @@ } }, "http.handlers.templates": { - "description": "templates: object\nModule: http.handlers.templates\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/templates#Templates", - "markdownDescription": "templates: `object` \nModule: `http.handlers.templates` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/templates#Templates)", + "description": "templates: object\nModule: http.handlers.templates\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/templates#Templates\nTemplates is a middleware which executes response bodies as Go templates.\nThe syntax is documented in the Go standard library's\n[text/template package](https://golang.org/pkg/text/template/).\n\n⚠️ Template functions/actions are still experimental, so they are subject to change.\n\nCustom template functions can be registered by creating a plugin module under the `http.handlers.templates.functions.*` namespace that implements the `CustomFunctions` interface.\n\n[All Sprig functions](https://masterminds.github.io/sprig/) are supported.\n\nIn addition to the standard functions and the Sprig library, Caddy adds\nextra functions and data that are available to a template:\n\n##### `.Args`\n\nA slice of arguments passed to this page/context, for example as the result of a `include`.\n\n```\n{{index .Args 0}} // first argument\n```\n\n##### `.Cookie`\n\nGets the value of a cookie by name.\n\n```\n{{.Cookie \"cookiename\"}}\n```\n\n##### `env`\n\nGets an environment variable.\n\n```\n{{env \"VAR_NAME\"}}\n```\n\n##### `placeholder`\n\nGets an [placeholder variable](/docs/conventions#placeholders).\nThe braces (`{}`) have to be omitted.\n\n```\n{{placeholder \"http.request.uri.path\"}}\n{{placeholder \"http.error.status_code\"}}\n```\n\n##### `.Host`\n\nReturns the hostname portion (no port) of the Host header of the HTTP request.\n\n```\n{{.Host}}\n```\n\n##### `httpInclude`\n\nIncludes the contents of another file by making a virtual HTTP request (also known as a sub-request). The URI path must exist on the same virtual server because the request does not use sockets; instead, the request is crafted in memory and the handler is invoked directly for increased efficiency.\n\n```\n{{httpInclude \"/foo/bar?q=val\"}}\n```\n\n##### `import`\n\nImports the contents of another file and adds any template definitions to the template stack. If there are no defitions, the filepath will be the defition name. Any {{ define }} blocks will be accessible by {{ template }} or {{ block }}. Imports must happen before the template or block action is called\n\n**filename.html**\n```\n{{ define \"main\" }}\ncontent\n{{ end }}\n```\n\n**index.html**\n```\n{{ import \"/path/to/file.html\" }}\n{{ template \"main\" }}\n```\n\n##### `include`\n\nIncludes the contents of another file and renders in-place. Optionally can pass key-value pairs as arguments to be accessed by the included file.\n\n```\n{{include \"path/to/file.html\"}} // no arguments\n{{include \"path/to/file.html\" \"arg1\" 2 \"value 3\"}} // with arguments\n```\n\n##### `listFiles`\n\nReturns a list of the files in the given directory, which is relative to the template context's file root.\n\n```\n{{listFiles \"/mydir\"}}\n```\n\n##### `markdown`\n\nRenders the given Markdown text as HTML. This uses the\n[Goldmark](https://github.com/yuin/goldmark) library,\nwhich is CommonMark compliant. It also has these plugins\nenabled: Github Flavored Markdown, Footnote and syntax\nhighlighting provided by [Chroma](https://github.com/alecthomas/chroma).\n\n```\n{{markdown \"My _markdown_ text\"}}\n```\n\n##### `.RemoteIP`\n\nReturns the client's IP address.\n\n```\n{{.RemoteIP}}\n```\n\n##### `.Req`\n\nAccesses the current HTTP request, which has various fields, including:\n\n - `.Method` - the method\n - `.URL` - the URL, which in turn has component fields (Scheme, Host, Path, etc.)\n - `.Header` - the header fields\n - `.Host` - the Host or :authority header of the request\n\n```\n{{.Req.Header.Get \"User-Agent\"}}\n```\n\n##### `.OriginalReq`\n\nLike .Req, except it accesses the original HTTP request before rewrites or other internal modifications.\n\n##### `.RespHeader.Add`\n\nAdds a header field to the HTTP response.\n\n```\n{{.RespHeader.Add \"Field-Name\" \"val\"}}\n```\n\n##### `.RespHeader.Del`\n\nDeletes a header field on the HTTP response.\n\n```\n{{.RespHeader.Del \"Field-Name\"}}\n```\n\n##### `.RespHeader.Set`\n\nSets a header field on the HTTP response, replacing any existing value.\n\n```\n{{.RespHeader.Set \"Field-Name\" \"val\"}}\n```\n\n##### `splitFrontMatter`\n\nSplits front matter out from the body. Front matter is metadata that appears at the very beginning of a file or string. Front matter can be in YAML, TOML, or JSON formats:\n\n**TOML** front matter starts and ends with `+++`:\n\n```\n+++\ntemplate = \"blog\"\ntitle = \"Blog Homepage\"\nsitename = \"A Caddy site\"\n+++\n```\n\n**YAML** is surrounded by `---`:\n\n```\n---\ntemplate: blog\ntitle: Blog Homepage\nsitename: A Caddy site\n---\n```\n\n**JSON** is simply `{` and `}`:\n\n```\n{\n\t\"template\": \"blog\",\n\t\"title\": \"Blog Homepage\",\n\t\"sitename\": \"A Caddy site\"\n}\n```\n\nThe resulting front matter will be made available like so:\n\n- `.Meta` to access the metadata fields, for example: `{{$parsed.Meta.title}}`\n- `.Body` to access the body after the front matter, for example: `{{markdown $parsed.Body}}`\n\n##### `stripHTML`\n\nRemoves HTML from a string.\n\n```\n{{stripHTML \"Shows \u003cb\u003eonly\u003c/b\u003e text content\"}}\n```\n\n", + "markdownDescription": "templates: `object` \nModule: `http.handlers.templates` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/templates#Templates) \nTemplates is a middleware which executes response bodies as Go templates.\nThe syntax is documented in the Go standard library's\n[text/template package](https://golang.org/pkg/text/template/).\n\n⚠️ Template functions/actions are still experimental, so they are subject to change.\n\nCustom template functions can be registered by creating a plugin module under the `http.handlers.templates.functions.*` namespace that implements the `CustomFunctions` interface.\n\n[All Sprig functions](https://masterminds.github.io/sprig/) are supported.\n\nIn addition to the standard functions and the Sprig library, Caddy adds\nextra functions and data that are available to a template:\n\n##### `.Args`\n\nA slice of arguments passed to this page/context, for example as the result of a `include`.\n\n```\n{{index .Args 0}} // first argument\n```\n\n##### `.Cookie`\n\nGets the value of a cookie by name.\n\n```\n{{.Cookie \"cookiename\"}}\n```\n\n##### `env`\n\nGets an environment variable.\n\n```\n{{env \"VAR_NAME\"}}\n```\n\n##### `placeholder`\n\nGets an [placeholder variable](/docs/conventions#placeholders).\nThe braces (`{}`) have to be omitted.\n\n```\n{{placeholder \"http.request.uri.path\"}}\n{{placeholder \"http.error.status_code\"}}\n```\n\n##### `.Host`\n\nReturns the hostname portion (no port) of the Host header of the HTTP request.\n\n```\n{{.Host}}\n```\n\n##### `httpInclude`\n\nIncludes the contents of another file by making a virtual HTTP request (also known as a sub-request). The URI path must exist on the same virtual server because the request does not use sockets; instead, the request is crafted in memory and the handler is invoked directly for increased efficiency.\n\n```\n{{httpInclude \"/foo/bar?q=val\"}}\n```\n\n##### `import`\n\nImports the contents of another file and adds any template definitions to the template stack. If there are no defitions, the filepath will be the defition name. Any {{ define }} blocks will be accessible by {{ template }} or {{ block }}. Imports must happen before the template or block action is called\n\n**filename.html**\n```\n{{ define \"main\" }}\ncontent\n{{ end }}\n```\n\n**index.html**\n```\n{{ import \"/path/to/file.html\" }}\n{{ template \"main\" }}\n```\n\n##### `include`\n\nIncludes the contents of another file and renders in-place. Optionally can pass key-value pairs as arguments to be accessed by the included file.\n\n```\n{{include \"path/to/file.html\"}} // no arguments\n{{include \"path/to/file.html\" \"arg1\" 2 \"value 3\"}} // with arguments\n```\n\n##### `listFiles`\n\nReturns a list of the files in the given directory, which is relative to the template context's file root.\n\n```\n{{listFiles \"/mydir\"}}\n```\n\n##### `markdown`\n\nRenders the given Markdown text as HTML. This uses the\n[Goldmark](https://github.com/yuin/goldmark) library,\nwhich is CommonMark compliant. It also has these plugins\nenabled: Github Flavored Markdown, Footnote and syntax\nhighlighting provided by [Chroma](https://github.com/alecthomas/chroma).\n\n```\n{{markdown \"My _markdown_ text\"}}\n```\n\n##### `.RemoteIP`\n\nReturns the client's IP address.\n\n```\n{{.RemoteIP}}\n```\n\n##### `.Req`\n\nAccesses the current HTTP request, which has various fields, including:\n\n - `.Method` - the method\n - `.URL` - the URL, which in turn has component fields (Scheme, Host, Path, etc.)\n - `.Header` - the header fields\n - `.Host` - the Host or :authority header of the request\n\n```\n{{.Req.Header.Get \"User-Agent\"}}\n```\n\n##### `.OriginalReq`\n\nLike .Req, except it accesses the original HTTP request before rewrites or other internal modifications.\n\n##### `.RespHeader.Add`\n\nAdds a header field to the HTTP response.\n\n```\n{{.RespHeader.Add \"Field-Name\" \"val\"}}\n```\n\n##### `.RespHeader.Del`\n\nDeletes a header field on the HTTP response.\n\n```\n{{.RespHeader.Del \"Field-Name\"}}\n```\n\n##### `.RespHeader.Set`\n\nSets a header field on the HTTP response, replacing any existing value.\n\n```\n{{.RespHeader.Set \"Field-Name\" \"val\"}}\n```\n\n##### `splitFrontMatter`\n\nSplits front matter out from the body. Front matter is metadata that appears at the very beginning of a file or string. Front matter can be in YAML, TOML, or JSON formats:\n\n**TOML** front matter starts and ends with `+++`:\n\n```\n+++\ntemplate = \"blog\"\ntitle = \"Blog Homepage\"\nsitename = \"A Caddy site\"\n+++\n```\n\n**YAML** is surrounded by `---`:\n\n```\n---\ntemplate: blog\ntitle: Blog Homepage\nsitename: A Caddy site\n---\n```\n\n**JSON** is simply `{` and `}`:\n\n```\n{\n\t\"template\": \"blog\",\n\t\"title\": \"Blog Homepage\",\n\t\"sitename\": \"A Caddy site\"\n}\n```\n\nThe resulting front matter will be made available like so:\n\n- `.Meta` to access the metadata fields, for example: `{{$parsed.Meta.title}}`\n- `.Body` to access the body after the front matter, for example: `{{markdown $parsed.Body}}`\n\n##### `stripHTML`\n\nRemoves HTML from a string.\n\n```\n{{stripHTML \"Shows \u003cb\u003eonly\u003c/b\u003e text content\"}}\n```\n \n", "type": "object", "properties": { "delimiters": { @@ -5711,14 +4597,10 @@ "type": "string" }, "http.matchers.file": { - "description": "file: object\nModule: http.matchers.file\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver#MatchFile\nMatchFile is an HTTP request matcher that can match\nrequests based upon file existence.\n\nUpon matching, three new placeholders will be made\navailable:\n\n- `{http.matchers.file.relative}` The root-relative\npath of the file. This is often useful when rewriting\nrequests.\n- `{http.matchers.file.absolute}` The absolute path\nof the matched file.\n- `{http.matchers.file.type}` Set to \"directory\" if\nthe matched file is a directory, \"file\" otherwise.\n- `{http.matchers.file.remainder}` Set to the remainder\nof the path if the path was split by `split_path`.\n\nEven though file matching may depend on the OS path\nseparator, the placeholder values always use /.\n\n", - "markdownDescription": "file: `object` \nModule: `http.matchers.file` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver#MatchFile) \nMatchFile is an HTTP request matcher that can match\nrequests based upon file existence.\n\nUpon matching, three new placeholders will be made\navailable:\n\n- `{http.matchers.file.relative}` The root-relative\npath of the file. This is often useful when rewriting\nrequests.\n- `{http.matchers.file.absolute}` The absolute path\nof the matched file.\n- `{http.matchers.file.type}` Set to \"directory\" if\nthe matched file is a directory, \"file\" otherwise.\n- `{http.matchers.file.remainder}` Set to the remainder\nof the path if the path was split by `split_path`.\n\nEven though file matching may depend on the OS path\nseparator, the placeholder values always use /.\n \n", + "description": "file: object\nModule: http.matchers.file\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver#MatchFile\nMatchFile is an HTTP request matcher that can match\nrequests based upon file existence.\n\nUpon matching, three new placeholders will be made\navailable:\n\n- `{http.matchers.file.relative}` The root-relative\npath of the file. This is often useful when rewriting\nrequests.\n- `{http.matchers.file.absolute}` The absolute path\nof the matched file.\n- `{http.matchers.file.type}` Set to \"directory\" if\nthe matched file is a directory, \"file\" otherwise.\n- `{http.matchers.file.remainder}` Set to the remainder\nof the path if the path was split by `split_path`.\n\n", + "markdownDescription": "file: `object` \nModule: `http.matchers.file` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/fileserver#MatchFile) \nMatchFile is an HTTP request matcher that can match\nrequests based upon file existence.\n\nUpon matching, three new placeholders will be made\navailable:\n\n- `{http.matchers.file.relative}` The root-relative\npath of the file. This is often useful when rewriting\nrequests.\n- `{http.matchers.file.absolute}` The absolute path\nof the matched file.\n- `{http.matchers.file.type}` Set to \"directory\" if\nthe matched file is a directory, \"file\" otherwise.\n- `{http.matchers.file.remainder}` Set to the remainder\nof the path if the path was split by `split_path`.\n \n", "type": "object", "properties": { - "file_system": { - "description": "file_system: any\nModule: caddy.fs\nThe file system implementation to use. By default, the\nlocal disk file system will be used.\n", - "markdownDescription": "file_system: `any` \nModule: `caddy.fs` \nThe file system implementation to use. By default, the\nlocal disk file system will be used. \n" - }, "root": { "description": "root: string\nModule: http.matchers.file\nThe root directory, used for creating absolute\nfile paths, and required when working with\nrelative paths; if not specified, `{http.vars.root}`\nwill be used, if set; otherwise, the current\ndirectory is assumed. Accepts placeholders.\n", "markdownDescription": "root: `string` \nModule: `http.matchers.file` \nThe root directory, used for creating absolute\nfile paths, and required when working with\nrelative paths; if not specified, `{http.vars.root}`\nwill be used, if set; otherwise, the current\ndirectory is assumed. Accepts placeholders. \n", @@ -5851,16 +4733,16 @@ } }, "http.matchers.path": { - "description": "path: array\nModule: http.matchers.path\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchPath\nMatchPath case-insensitively matches requests by the URI's path. Path\nmatching is exact, not prefix-based, giving you more control and clarity\nover matching. Wildcards (`*`) may be used:\n\n- At the end only, for a prefix match (`/prefix/*`)\n- At the beginning only, for a suffix match (`*.suffix`)\n- On both sides only, for a substring match (`*/contains/*`)\n- In the middle, for a globular match (`/accounts/*/info`)\n\nSlashes are significant; i.e. `/foo*` matches `/foo`, `/foo/`, `/foo/bar`,\nand `/foobar`; but `/foo/*` does not match `/foo` or `/foobar`. Valid\npaths start with a slash `/`.\n\nBecause there are, in general, multiple possible escaped forms of any\npath, path matchers operate in unescaped space; that is, path matchers\nshould be written in their unescaped form to prevent ambiguities and\npossible security issues, as all request paths will be normalized to\ntheir unescaped forms before matcher evaluation.\n\nHowever, escape sequences in a match pattern are supported; they are\ncompared with the request's raw/escaped path for those bytes only.\nIn other words, a matcher of `/foo%2Fbar` will match a request path\nof precisely `/foo%2Fbar`, but not `/foo/bar`. It follows that matching\nthe literal percent sign (%) in normalized space can be done using the\nescaped form, `%25`.\n\nEven though wildcards (`*`) operate in the normalized space, the special\nescaped wildcard (`%*`), which is not a valid escape sequence, may be\nused in place of a span that should NOT be decoded; that is, `/bands/%*`\nwill match `/bands/AC%2fDC` whereas `/bands/*` will not.\n\nEven though path matching is done in normalized space, the special\nwildcard `%*` may be used in place of a span that should NOT be decoded;\nthat is, `/bands/%*/` will match `/bands/AC%2fDC/` whereas `/bands/*/`\nwill not.\n\nThis matcher is fast, so it does not support regular expressions or\ncapture groups. For slower but more powerful matching, use the\npath_regexp matcher. (Note that due to the special treatment of\nescape sequences in matcher patterns, they may perform slightly slower\nin high-traffic environments.)\n\n", - "markdownDescription": "path: `array` \nModule: `http.matchers.path` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchPath) \nMatchPath case-insensitively matches requests by the URI's path. Path\nmatching is exact, not prefix-based, giving you more control and clarity\nover matching. Wildcards (`*`) may be used:\n\n- At the end only, for a prefix match (`/prefix/*`)\n- At the beginning only, for a suffix match (`*.suffix`)\n- On both sides only, for a substring match (`*/contains/*`)\n- In the middle, for a globular match (`/accounts/*/info`)\n\nSlashes are significant; i.e. `/foo*` matches `/foo`, `/foo/`, `/foo/bar`,\nand `/foobar`; but `/foo/*` does not match `/foo` or `/foobar`. Valid\npaths start with a slash `/`.\n\nBecause there are, in general, multiple possible escaped forms of any\npath, path matchers operate in unescaped space; that is, path matchers\nshould be written in their unescaped form to prevent ambiguities and\npossible security issues, as all request paths will be normalized to\ntheir unescaped forms before matcher evaluation.\n\nHowever, escape sequences in a match pattern are supported; they are\ncompared with the request's raw/escaped path for those bytes only.\nIn other words, a matcher of `/foo%2Fbar` will match a request path\nof precisely `/foo%2Fbar`, but not `/foo/bar`. It follows that matching\nthe literal percent sign (%) in normalized space can be done using the\nescaped form, `%25`.\n\nEven though wildcards (`*`) operate in the normalized space, the special\nescaped wildcard (`%*`), which is not a valid escape sequence, may be\nused in place of a span that should NOT be decoded; that is, `/bands/%*`\nwill match `/bands/AC%2fDC` whereas `/bands/*` will not.\n\nEven though path matching is done in normalized space, the special\nwildcard `%*` may be used in place of a span that should NOT be decoded;\nthat is, `/bands/%*/` will match `/bands/AC%2fDC/` whereas `/bands/*/`\nwill not.\n\nThis matcher is fast, so it does not support regular expressions or\ncapture groups. For slower but more powerful matching, use the\npath_regexp matcher. (Note that due to the special treatment of\nescape sequences in matcher patterns, they may perform slightly slower\nin high-traffic environments.)\n \n", + "description": "path: array\nModule: http.matchers.path\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchPath\nMatchPath matches requests by the URI's path (case-insensitive). Path\nmatches are exact, but wildcards may be used:\n\n- At the end, for a prefix match (`/prefix/*`)\n- At the beginning, for a suffix match (`*.suffix`)\n- On both sides, for a substring match (`*/contains/*`)\n- In the middle, for a globular match (`/accounts/*/info`)\n\nThis matcher is fast, so it does not support regular expressions or\ncapture groups. For slower but more powerful matching, use the\npath_regexp matcher.\n\n", + "markdownDescription": "path: `array` \nModule: `http.matchers.path` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchPath) \nMatchPath matches requests by the URI's path (case-insensitive). Path\nmatches are exact, but wildcards may be used:\n\n- At the end, for a prefix match (`/prefix/*`)\n- At the beginning, for a suffix match (`*.suffix`)\n- On both sides, for a substring match (`*/contains/*`)\n- In the middle, for a globular match (`/accounts/*/info`)\n\nThis matcher is fast, so it does not support regular expressions or\ncapture groups. For slower but more powerful matching, use the\npath_regexp matcher.\n \n", "type": "array", "items": { "type": "string" } }, "http.matchers.path_regexp": { - "description": "path_regexp: object\nModule: http.matchers.path_regexp\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchPathRE\nMatchPathRE matches requests by a regular expression on the URI's path.\nPath matching is performed in the unescaped (decoded) form of the path.\n\nUpon a match, it adds placeholders to the request: `{http.regexp.name.capture_group}`\nwhere `name` is the regular expression's name, and `capture_group` is either\nthe named or positional capture group from the expression itself. If no name\nis given, then the placeholder omits the name: `{http.regexp.capture_group}`\n(potentially leading to collisions).\n\n", - "markdownDescription": "path_regexp: `object` \nModule: `http.matchers.path_regexp` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchPathRE) \nMatchPathRE matches requests by a regular expression on the URI's path.\nPath matching is performed in the unescaped (decoded) form of the path.\n\nUpon a match, it adds placeholders to the request: `{http.regexp.name.capture_group}`\nwhere `name` is the regular expression's name, and `capture_group` is either\nthe named or positional capture group from the expression itself. If no name\nis given, then the placeholder omits the name: `{http.regexp.capture_group}`\n(potentially leading to collisions).\n \n", + "description": "path_regexp: object\nModule: http.matchers.path_regexp\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchPathRE\nMatchPathRE matches requests by a regular expression on the URI's path.\n\nUpon a match, it adds placeholders to the request: `{http.regexp.name.capture_group}`\nwhere `name` is the regular expression's name, and `capture_group` is either\nthe named or positional capture group from the expression itself. If no name\nis given, then the placeholder omits the name: `{http.regexp.capture_group}`\n(potentially leading to collisions).\n\n", + "markdownDescription": "path_regexp: `object` \nModule: `http.matchers.path_regexp` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchPathRE) \nMatchPathRE matches requests by a regular expression on the URI's path.\n\nUpon a match, it adds placeholders to the request: `{http.regexp.name.capture_group}`\nwhere `name` is the regular expression's name, and `capture_group` is either\nthe named or positional capture group from the expression itself. If no name\nis given, then the placeholder omits the name: `{http.regexp.capture_group}`\n(potentially leading to collisions).\n \n", "type": "object", "properties": { "name": { @@ -5881,8 +4763,8 @@ "type": "string" }, "http.matchers.query": { - "description": "query: object\nModule: http.matchers.query\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchQuery\nMatchQuery matches requests by the URI's query string. It takes a JSON object\nkeyed by the query keys, with an array of string values to match for that key.\nQuery key matches are exact, but wildcards may be used for value matches. Both\nkeys and values may be placeholders.\nAn example of the structure to match `?key=value\u0026topic=api\u0026query=something` is:\n\n```json\n{\n\t\"key\": [\"value\"],\n\t\"topic\": [\"api\"],\n\t\"query\": [\"*\"]\n}\n```\n\nInvalid query strings, including those with bad escapings or illegal characters\nlike semicolons, will fail to parse and thus fail to match.\n\n", - "markdownDescription": "query: `object` \nModule: `http.matchers.query` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchQuery) \nMatchQuery matches requests by the URI's query string. It takes a JSON object\nkeyed by the query keys, with an array of string values to match for that key.\nQuery key matches are exact, but wildcards may be used for value matches. Both\nkeys and values may be placeholders.\nAn example of the structure to match `?key=value\u0026topic=api\u0026query=something` is:\n\n```json\n{\n\t\"key\": [\"value\"],\n\t\"topic\": [\"api\"],\n\t\"query\": [\"*\"]\n}\n```\n\nInvalid query strings, including those with bad escapings or illegal characters\nlike semicolons, will fail to parse and thus fail to match.\n \n", + "description": "query: object\nModule: http.matchers.query\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchQuery\nMatchQuery matches requests by the URI's query string. It takes a JSON object\nkeyed by the query keys, with an array of string values to match for that key.\nQuery key matches are exact, but wildcards may be used for value matches. Both\nkeys and values may be placeholders.\nAn example of the structure to match `?key=value\u0026topic=api\u0026query=something` is:\n\n```json\n{\n\t\"key\": [\"value\"],\n\t\"topic\": [\"api\"],\n\t\"query\": [\"*\"]\n}\n```\n\n", + "markdownDescription": "query: `object` \nModule: `http.matchers.query` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#MatchQuery) \nMatchQuery matches requests by the URI's query string. It takes a JSON object\nkeyed by the query keys, with an array of string values to match for that key.\nQuery key matches are exact, but wildcards may be used for value matches. Both\nkeys and values may be placeholders.\nAn example of the structure to match `?key=value\u0026topic=api\u0026query=something` is:\n\n```json\n{\n\t\"key\": [\"value\"],\n\t\"topic\": [\"api\"],\n\t\"query\": [\"*\"]\n}\n```\n \n", "type": "object", "additionalProperties": { "type": "array", @@ -5914,8 +4796,8 @@ } }, "http.matchers.vars": { - "description": "vars: object\nModule: http.matchers.vars\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#VarsMatcher\nVarsMatcher is an HTTP request matcher which can match\nrequests based on variables in the context or placeholder\nvalues. The key is the placeholder or name of the variable,\nand the values are possible values the variable can be in\norder to match (logical OR'ed).\n\nIf the key is surrounded by `{ }` it is assumed to be a\nplaceholder. Otherwise, it will be considered a variable\nname.\n\nPlaceholders in the keys are not expanded, but\nplaceholders in the values are.\n\n", - "markdownDescription": "vars: `object` \nModule: `http.matchers.vars` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#VarsMatcher) \nVarsMatcher is an HTTP request matcher which can match\nrequests based on variables in the context or placeholder\nvalues. The key is the placeholder or name of the variable,\nand the values are possible values the variable can be in\norder to match (logical OR'ed).\n\nIf the key is surrounded by `{ }` it is assumed to be a\nplaceholder. Otherwise, it will be considered a variable\nname.\n\nPlaceholders in the keys are not expanded, but\nplaceholders in the values are.\n \n", + "description": "vars: object\nModule: http.matchers.vars\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#VarsMatcher\nVarsMatcher is an HTTP request matcher which can match\nrequests based on variables in the context. The key is\nthe name of the variable, and the values are possible\nvalues the variable can be in order to match (OR'ed).\n\nAs a special case, this matcher can also match on\nplaceholders generally. If the key is not an HTTP chain\nvariable, it will be checked to see if it is a\nplaceholder name, and if so, will compare its value.\n\n", + "markdownDescription": "vars: `object` \nModule: `http.matchers.vars` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp#VarsMatcher) \nVarsMatcher is an HTTP request matcher which can match\nrequests based on variables in the context. The key is\nthe name of the variable, and the values are possible\nvalues the variable can be in order to match (OR'ed).\n\nAs a special case, this matcher can also match on\nplaceholders generally. If the key is not an HTTP chain\nvariable, it will be checked to see if it is a\nplaceholder name, and if so, will compare its value.\n \n", "type": "object", "additionalProperties": { "type": "array", @@ -6043,11 +4925,6 @@ "markdownDescription": "fastcgi: `object` \nModule: `http.reverse_proxy.transport.fastcgi` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport)", "type": "object", "properties": { - "capture_stderr": { - "description": "capture_stderr: boolean\nModule: http.reverse_proxy.transport.fastcgi\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport", - "markdownDescription": "capture_stderr: `boolean` \nModule: `http.reverse_proxy.transport.fastcgi` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport)", - "type": "boolean" - }, "dial_timeout": { "description": "dial_timeout: number\nModule: http.reverse_proxy.transport.fastcgi\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport", "markdownDescription": "dial_timeout: `number` \nModule: `http.reverse_proxy.transport.fastcgi` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy/fastcgi#Transport)", @@ -6161,11 +5038,6 @@ "markdownDescription": "read_buffer_size: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", "type": "number" }, - "read_timeout": { - "description": "read_timeout: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", - "markdownDescription": "read_timeout: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", - "type": "number" - }, "resolver": { "description": "resolver: object\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", "markdownDescription": "resolver: `object` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", @@ -6264,11 +5136,6 @@ "description": "write_buffer_size: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", "markdownDescription": "write_buffer_size: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", "type": "number" - }, - "write_timeout": { - "description": "write_timeout: number\nModule: http.reverse_proxy.transport.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport", - "markdownDescription": "write_timeout: `number` \nModule: `http.reverse_proxy.transport.http` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#HTTPTransport)", - "type": "number" } } }, @@ -6319,75 +5186,6 @@ } } }, - "http.reverse_proxy.upstreams.multi": { - "description": "multi: object\nModule: http.reverse_proxy.upstreams.multi\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#MultiUpstreams", - "markdownDescription": "multi: `object` \nModule: `http.reverse_proxy.upstreams.multi` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#MultiUpstreams)", - "type": "object", - "properties": { - "sources": { - "description": "sources: array\nModule: http.reverse_proxy.upstreams", - "markdownDescription": "sources: `array` \nModule: `http.reverse_proxy.upstreams`", - "type": "array", - "items": { - "required": [ - "source" - ], - "allOf": [ - { - "if": { - "properties": { - "source": { - "const": "a" - } - } - }, - "then": { - "$ref": "#/definitions/http.reverse_proxy.upstreams.a" - } - }, - { - "if": { - "properties": { - "source": { - "const": "multi" - } - } - }, - "then": { - "$ref": "#/definitions/http.reverse_proxy.upstreams.multi" - } - }, - { - "if": { - "properties": { - "source": { - "const": "srv" - } - } - }, - "then": { - "$ref": "#/definitions/http.reverse_proxy.upstreams.srv" - } - }, - { - "properties": { - "source": { - "description": "key to identify sources module.\nsource: string\nModule: http.reverse_proxy.upstreams", - "markdownDescription": "key to identify `sources` module. \nsource: `string` \nModule: `http.reverse_proxy.upstreams`", - "type": "string", - "enum": [ - "a", - "multi", - "srv" - ] - } - } - } - ] - } - } - } - }, "http.reverse_proxy.upstreams.srv": { "description": "srv: object\nModule: http.reverse_proxy.upstreams.srv\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams", "markdownDescription": "srv: `object` \nModule: `http.reverse_proxy.upstreams.srv` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddyhttp/reverseproxy#SRVUpstreams)", @@ -6479,6 +5277,18 @@ "handler" ], "allOf": [ + { + "if": { + "properties": { + "handler": { + "const": "throttle" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.throttle" + } + }, { "if": { "properties": { @@ -6551,18 +5361,6 @@ "$ref": "#/definitions/layer4.handlers.tee" } }, - { - "if": { - "properties": { - "handler": { - "const": "throttle" - } - } - }, - "then": { - "$ref": "#/definitions/layer4.handlers.throttle" - } - }, { "properties": { "handler": { @@ -6570,13 +5368,13 @@ "markdownDescription": "key to identify `handle` module. \nhandler: `string` \nModule: `layer4.handlers`", "type": "string", "enum": [ + "throttle", "tls", "echo", "proxy", "proxy_protocol", "subroute", - "tee", - "throttle" + "tee" ] } } @@ -6695,42 +5493,6 @@ "policy" ], "allOf": [ - { - "if": { - "properties": { - "policy": { - "const": "first" - } - } - }, - "then": { - "$ref": "#/definitions/layer4.proxy.selection_policies.first" - } - }, - { - "if": { - "properties": { - "policy": { - "const": "ip_hash" - } - } - }, - "then": { - "$ref": "#/definitions/layer4.proxy.selection_policies.ip_hash" - } - }, - { - "if": { - "properties": { - "policy": { - "const": "least_conn" - } - } - }, - "then": { - "$ref": "#/definitions/layer4.proxy.selection_policies.least_conn" - } - }, { "if": { "properties": { @@ -6767,6 +5529,42 @@ "$ref": "#/definitions/layer4.proxy.selection_policies.round_robin" } }, + { + "if": { + "properties": { + "policy": { + "const": "first" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.proxy.selection_policies.first" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "ip_hash" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.proxy.selection_policies.ip_hash" + } + }, + { + "if": { + "properties": { + "policy": { + "const": "least_conn" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.proxy.selection_policies.least_conn" + } + }, { "properties": { "policy": { @@ -6774,12 +5572,12 @@ "markdownDescription": "key to identify `selection` module. \npolicy: `string` \nModule: `layer4.proxy.selection_policies`", "type": "string", "enum": [ - "first", - "ip_hash", - "least_conn", "random", "random_choose", - "round_robin" + "round_robin", + "first", + "ip_hash", + "least_conn" ] } } @@ -6848,12 +5646,10 @@ "type": "string" }, "except_ports": { - "description": "except_ports: array\nModule: layer4.handlers.proxy\nSkip TLS ports specifies a list of upstream ports on which TLS should not be\nattempted even if it is configured. Handy when using dynamic upstreams that\nreturn HTTP and HTTPS endpoints too.\nWhen specified, TLS will automatically be configured on the transport.\nThe value can be a list of any valid tcp port numbers, default empty.\n", - "markdownDescription": "except_ports: `array` \nModule: `layer4.handlers.proxy` \nSkip TLS ports specifies a list of upstream ports on which TLS should not be\nattempted even if it is configured. Handy when using dynamic upstreams that\nreturn HTTP and HTTPS endpoints too.\nWhen specified, TLS will automatically be configured on the transport.\nThe value can be a list of any valid tcp port numbers, default empty. \n", + "description": "except_ports: array\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#Handler", + "markdownDescription": "except_ports: `array` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#Handler)", "type": "array", "items": { - "description": "Skip TLS ports specifies a list of upstream ports on which TLS should not be\nattempted even if it is configured. Handy when using dynamic upstreams that\nreturn HTTP and HTTPS endpoints too.\nWhen specified, TLS will automatically be configured on the transport.\nThe value can be a list of any valid tcp port numbers, default empty.\n", - "markdownDescription": "Skip TLS ports specifies a list of upstream ports on which TLS should not be\nattempted even if it is configured. Handy when using dynamic upstreams that\nreturn HTTP and HTTPS endpoints too.\nWhen specified, TLS will automatically be configured on the transport.\nThe value can be a list of any valid tcp port numbers, default empty. \n", "type": "string" } }, @@ -6868,8 +5664,8 @@ "type": "boolean" }, "renegotiation": { - "description": "renegotiation: string\nModule: layer4.handlers.proxy\nTLS renegotiation level. TLS renegotiation is the act of performing\nsubsequent handshakes on a connection after the first.\nThe level can be:\n - \"never\": (the default) disables renegotiation.\n - \"once\": allows a remote server to request renegotiation once per connection.\n - \"freely\": allows a remote server to repeatedly request renegotiation.\n", - "markdownDescription": "renegotiation: `string` \nModule: `layer4.handlers.proxy` \nTLS renegotiation level. TLS renegotiation is the act of performing\nsubsequent handshakes on a connection after the first.\nThe level can be:\n - \"never\": (the default) disables renegotiation.\n - \"once\": allows a remote server to request renegotiation once per connection.\n - \"freely\": allows a remote server to repeatedly request renegotiation. \n", + "description": "renegotiation: string\nModule: layer4.handlers.proxy\nhttps://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#Handler", + "markdownDescription": "renegotiation: `string` \nModule: `layer4.handlers.proxy` \n[godoc](https://pkg.go.dev/github.com/mholt/caddy-l4/modules/l4proxy#Handler)", "type": "string" }, "root_ca_pem_files": { @@ -6893,8 +5689,8 @@ } }, "server_name": { - "description": "server_name: string\nModule: layer4.handlers.proxy\nThe server name used when verifying the certificate received in the TLS\nhandshake. By default, this will use the upstream address' host part.\nYou only need to override this if your upstream address does not match the\ncertificate the upstream is likely to use. For example if the upstream\naddress is an IP address, then you would need to configure this to the\nhostname being served by the upstream server. Currently, this does not\nsupport placeholders because the TLS config is not provisioned on each\nconnection, so a static value must be used.\n", - "markdownDescription": "server_name: `string` \nModule: `layer4.handlers.proxy` \nThe server name used when verifying the certificate received in the TLS\nhandshake. By default, this will use the upstream address' host part.\nYou only need to override this if your upstream address does not match the\ncertificate the upstream is likely to use. For example if the upstream\naddress is an IP address, then you would need to configure this to the\nhostname being served by the upstream server. Currently, this does not\nsupport placeholders because the TLS config is not provisioned on each\nconnection, so a static value must be used. \n", + "description": "server_name: string\nModule: layer4.handlers.proxy\nThe server name (SNI) to use in TLS handshakes.\n", + "markdownDescription": "server_name: `string` \nModule: `layer4.handlers.proxy` \nThe server name (SNI) to use in TLS handshakes. \n", "type": "string" } } @@ -6947,6 +5743,30 @@ "handler" ], "allOf": [ + { + "if": { + "properties": { + "handler": { + "const": "echo" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.echo" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "proxy" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.proxy" + } + }, { "if": { "properties": { @@ -7007,30 +5827,6 @@ "$ref": "#/definitions/layer4.handlers.tls" } }, - { - "if": { - "properties": { - "handler": { - "const": "echo" - } - } - }, - "then": { - "$ref": "#/definitions/layer4.handlers.echo" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "proxy" - } - } - }, - "then": { - "$ref": "#/definitions/layer4.handlers.proxy" - } - }, { "properties": { "handler": { @@ -7038,13 +5834,13 @@ "markdownDescription": "key to identify `handle` module. \nhandler: `string` \nModule: `layer4.handlers`", "type": "string", "enum": [ + "echo", + "proxy", "proxy_protocol", "subroute", "tee", "throttle", - "tls", - "echo", - "proxy" + "tls" ] } } @@ -7100,42 +5896,6 @@ "handler" ], "allOf": [ - { - "if": { - "properties": { - "handler": { - "const": "echo" - } - } - }, - "then": { - "$ref": "#/definitions/layer4.handlers.echo" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "proxy" - } - } - }, - "then": { - "$ref": "#/definitions/layer4.handlers.proxy" - } - }, - { - "if": { - "properties": { - "handler": { - "const": "proxy_protocol" - } - } - }, - "then": { - "$ref": "#/definitions/layer4.handlers.proxy_protocol" - } - }, { "if": { "properties": { @@ -7184,6 +5944,42 @@ "$ref": "#/definitions/layer4.handlers.tls" } }, + { + "if": { + "properties": { + "handler": { + "const": "echo" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.echo" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "proxy" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.proxy" + } + }, + { + "if": { + "properties": { + "handler": { + "const": "proxy_protocol" + } + } + }, + "then": { + "$ref": "#/definitions/layer4.handlers.proxy_protocol" + } + }, { "properties": { "handler": { @@ -7191,13 +5987,13 @@ "markdownDescription": "key to identify `branch` module. \nhandler: `string` \nModule: `layer4.handlers`", "type": "string", "enum": [ - "echo", - "proxy", - "proxy_protocol", "subroute", "tee", "throttle", - "tls" + "tls", + "echo", + "proxy", + "proxy_protocol" ] } } @@ -7356,22 +6152,20 @@ } }, "trusted_leaf_certs": { - "description": "trusted_leaf_certs: array\nModule: layer4.handlers.tls\nDEPRECATED: This field is deprecated and will be removed in\na future version. Please use the `validators` field instead\nwith the tls.client_auth.leaf module instead.\n\nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected.\n", - "markdownDescription": "trusted_leaf_certs: `array` \nModule: `layer4.handlers.tls` \nDEPRECATED: This field is deprecated and will be removed in\na future version. Please use the `validators` field instead\nwith the tls.client_auth.leaf module instead.\n\nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected. \n", + "description": "trusted_leaf_certs: array\nModule: layer4.handlers.tls\nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected.\n", + "markdownDescription": "trusted_leaf_certs: `array` \nModule: `layer4.handlers.tls` \nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected. \n", "type": "array", "items": { - "description": "DEPRECATED: This field is deprecated and will be removed in\na future version. Please use the `validators` field instead\nwith the tls.client_auth.leaf module instead.\n\nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected.\n", - "markdownDescription": "DEPRECATED: This field is deprecated and will be removed in\na future version. Please use the `validators` field instead\nwith the tls.client_auth.leaf module instead.\n\nA list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected. \n", + "description": "A list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected.\n", + "markdownDescription": "A list of base64 DER-encoded client leaf certs\nto accept. If this list is not empty, client certs\nwhich are not in this list will be rejected. \n", "type": "string" } }, "verifiers": { - "description": "verifiers: array\nModule: tls.client_auth\nClient certificate verification modules. These can perform\ncustom client authentication checks, such as ensuring the\ncertificate is not revoked.\n", - "markdownDescription": "verifiers: `array` \nModule: `tls.client_auth` \nClient certificate verification modules. These can perform\ncustom client authentication checks, such as ensuring the\ncertificate is not revoked. \n", + "description": "verifiers: array\nModule: tls.client_auth", + "markdownDescription": "verifiers: `array` \nModule: `tls.client_auth`", "type": "array", "items": { - "description": "Client certificate verification modules. These can perform\ncustom client authentication checks, such as ensuring the\ncertificate is not revoked.\n", - "markdownDescription": "Client certificate verification modules. These can perform\ncustom client authentication checks, such as ensuring the\ncertificate is not revoked. \n", "required": [ "verifier" ], @@ -7420,11 +6214,6 @@ "markdownDescription": "default_sni: `string` \nModule: `layer4.handlers.tls` \nDefaultSNI becomes the ServerName in a ClientHello if there\nis no policy configured for the empty SNI value. \n", "type": "string" }, - "insecure_secrets_log": { - "description": "insecure_secrets_log: string\nModule: layer4.handlers.tls\nAlso known as \"SSLKEYLOGFILE\", TLS secrets will be written to\nthis file in NSS key log format which can then be parsed by\nWireshark and other tools. This is INSECURE as it allows other\nprograms or tools to decrypt TLS connections. However, this\ncapability can be useful for debugging and troubleshooting.\n**ENABLING THIS LOG COMPROMISES SECURITY!**\n\nThis feature is EXPERIMENTAL and subject to change or removal.\n", - "markdownDescription": "insecure_secrets_log: `string` \nModule: `layer4.handlers.tls` \nAlso known as \"SSLKEYLOGFILE\", TLS secrets will be written to\nthis file in NSS key log format which can then be parsed by\nWireshark and other tools. This is INSECURE as it allows other\nprograms or tools to decrypt TLS connections. However, this\ncapability can be useful for debugging and troubleshooting.\n**ENABLING THIS LOG COMPROMISES SECURITY!**\n\nThis feature is EXPERIMENTAL and subject to change or removal. \n", - "type": "string" - }, "match": { "description": "match: object\nModule: tls.handshake_match\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap\nHow to match this policy with a TLS ClientHello. If\nthis policy is the first to match, it will be used.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage.\n", "markdownDescription": "match: `object` \nModule: `tls.handshake_match` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nHow to match this policy with a TLS ClientHello. If\nthis policy is the first to match, it will be used.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", @@ -7660,1288 +6449,6 @@ } } }, - "security": { - "description": "security: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App\nApp implements security manager.\n\n", - "markdownDescription": "security: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App) \nApp implements security manager.\n \n", - "type": "object", - "properties": { - "config": { - "description": "config: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch#Config\nConfig is a configuration of Server.\n\n", - "markdownDescription": "config: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch#Config) \nConfig is a configuration of Server.\n \n", - "type": "object", - "properties": { - "authentication_portals": { - "description": "authentication_portals: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn#PortalConfig\nPortalConfig represents Portal configuration.\n\n", - "markdownDescription": "authentication_portals: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn#PortalConfig) \nPortalConfig represents Portal configuration.\n \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn#PortalConfig\nPortalConfig represents Portal configuration.\n\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn#PortalConfig) \nPortalConfig represents Portal configuration.\n \n", - "type": "object", - "properties": { - "access_list_configs": { - "description": "access_list_configs: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/acl#RuleConfiguration\nAccessListConfigs hold the configurations for the ACL of the token validator.\n\n\nRuleConfiguration consists of a list of conditions and and actions\n", - "markdownDescription": "access_list_configs: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/acl#RuleConfiguration) \nAccessListConfigs hold the configurations for the ACL of the token validator.\n\n\nRuleConfiguration consists of a list of conditions and and actions \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/acl#RuleConfiguration\nAccessListConfigs hold the configurations for the ACL of the token validator.\n\n\nRuleConfiguration consists of a list of conditions and and actions\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/acl#RuleConfiguration) \nAccessListConfigs hold the configurations for the ACL of the token validator.\n\n\nRuleConfiguration consists of a list of conditions and and actions \n", - "type": "object", - "properties": { - "action": { - "description": "action: string\nModule: security\n", - "markdownDescription": "action: `string` \nModule: `security` \n", - "type": "string" - }, - "comment": { - "description": "comment: string\nModule: security\n", - "markdownDescription": "comment: `string` \nModule: `security` \n", - "type": "string" - }, - "conditions": { - "description": "conditions: array\nModule: security\n", - "markdownDescription": "conditions: `array` \nModule: `security` \n", - "type": "array", - "items": { - "type": "string" - } - } - } - } - }, - "api": { - "description": "api: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn#APIConfig\nAPI holds the configuration for API endpoints.\n\n\nAPIConfig holds the configuration for API endpoints.\n", - "markdownDescription": "api: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn#APIConfig) \nAPI holds the configuration for API endpoints.\n\n\nAPIConfig holds the configuration for API endpoints. \n", - "type": "object", - "properties": { - "enabled": { - "description": "enabled: boolean\nModule: security\n", - "markdownDescription": "enabled: `boolean` \nModule: `security` \n", - "type": "boolean" - } - } - }, - "cookie_config": { - "description": "cookie_config: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/cookie#Config\nCookieConfig holds the configuration for the cookies issues by Authenticator.\n\n\nConfig represents a common set of configuration settings\napplicable to the cookies issued by authn.Authenticator.\n", - "markdownDescription": "cookie_config: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/cookie#Config) \nCookieConfig holds the configuration for the cookies issues by Authenticator.\n\n\nConfig represents a common set of configuration settings\napplicable to the cookies issued by authn.Authenticator. \n", - "type": "object", - "properties": { - "domains": { - "description": "domains: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/cookie#DomainConfig\nDomainConfig represents a common set of configuration settings\napplicable to the cookies issued by authn.Authenticator.\n\n", - "markdownDescription": "domains: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/cookie#DomainConfig) \nDomainConfig represents a common set of configuration settings\napplicable to the cookies issued by authn.Authenticator.\n \n", - "type": "object", - "additionalProperties": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/cookie#DomainConfig\nDomainConfig represents a common set of configuration settings\napplicable to the cookies issued by authn.Authenticator.\n\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/cookie#DomainConfig) \nDomainConfig represents a common set of configuration settings\napplicable to the cookies issued by authn.Authenticator.\n \n", - "properties": { - "domain": { - "description": "domain: string\nModule: security\n", - "markdownDescription": "domain: `string` \nModule: `security` \n", - "type": "string" - }, - "insecure": { - "description": "insecure: boolean\nModule: security\n", - "markdownDescription": "insecure: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "lifetime": { - "description": "lifetime: number\nModule: security\n", - "markdownDescription": "lifetime: `number` \nModule: `security` \n", - "type": "number" - }, - "path": { - "description": "path: string\nModule: security\n", - "markdownDescription": "path: `string` \nModule: `security` \n", - "type": "string" - }, - "same_site": { - "description": "same_site: string\nModule: security\n", - "markdownDescription": "same_site: `string` \nModule: `security` \n", - "type": "string" - }, - "seq": { - "description": "seq: number\nModule: security\n", - "markdownDescription": "seq: `number` \nModule: `security` \n", - "type": "number" - }, - "strip_domain_enabled": { - "description": "strip_domain_enabled: boolean\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "strip_domain_enabled: `boolean` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "boolean" - } - } - } - }, - "insecure": { - "description": "insecure: boolean\nModule: security\n", - "markdownDescription": "insecure: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "lifetime": { - "description": "lifetime: number\nModule: security\n", - "markdownDescription": "lifetime: `number` \nModule: `security` \n", - "type": "number" - }, - "path": { - "description": "path: string\nModule: security\n", - "markdownDescription": "path: `string` \nModule: `security` \n", - "type": "string" - }, - "same_site": { - "description": "same_site: string\nModule: security\n", - "markdownDescription": "same_site: `string` \nModule: `security` \n", - "type": "string" - }, - "strip_domain_enabled": { - "description": "strip_domain_enabled: boolean\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "strip_domain_enabled: `boolean` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "boolean" - } - } - }, - "crypto_key_configs": { - "description": "crypto_key_configs: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/kms#CryptoKeyConfig\nCryptoKeyConfigs hold the configurations for the keys used to issue and validate user tokens.\n\n\nCryptoKeyConfig is common token-related configuration settings.\n", - "markdownDescription": "crypto_key_configs: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/kms#CryptoKeyConfig) \nCryptoKeyConfigs hold the configurations for the keys used to issue and validate user tokens.\n\n\nCryptoKeyConfig is common token-related configuration settings. \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/kms#CryptoKeyConfig\nCryptoKeyConfigs hold the configurations for the keys used to issue and validate user tokens.\n\n\nCryptoKeyConfig is common token-related configuration settings.\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/kms#CryptoKeyConfig) \nCryptoKeyConfigs hold the configurations for the keys used to issue and validate user tokens.\n\n\nCryptoKeyConfig is common token-related configuration settings. \n", - "type": "object", - "properties": { - "algorithm": { - "description": "algorithm: string\nModule: security\nAlgorithm is either hmac, rsa, or ecdsa.\n", - "markdownDescription": "algorithm: `string` \nModule: `security` \nAlgorithm is either hmac, rsa, or ecdsa. \n", - "type": "string" - }, - "dir_path": { - "description": "dir_path: string\nModule: security\nDirPath is the path to a directory containing crypto keys.\n", - "markdownDescription": "dir_path: `string` \nModule: `security` \nDirPath is the path to a directory containing crypto keys. \n", - "type": "string" - }, - "env_var_name": { - "description": "env_var_name: string\nModule: security\nEnvVarName is the name of environment variables holding either the value of\na key or the path a directory or file containing a key.\n", - "markdownDescription": "env_var_name: `string` \nModule: `security` \nEnvVarName is the name of environment variables holding either the value of\na key or the path a directory or file containing a key. \n", - "type": "string" - }, - "env_var_type": { - "description": "env_var_type: string\nModule: security\nEnvVarType indicates how to interpret the value found in the EnvVarName. If\nit is blank, then the assumption is the environment variable value\ncontains either public or private key.\n", - "markdownDescription": "env_var_type: `string` \nModule: `security` \nEnvVarType indicates how to interpret the value found in the EnvVarName. If\nit is blank, then the assumption is the environment variable value\ncontains either public or private key. \n", - "type": "string" - }, - "env_var_value": { - "description": "env_var_value: string\nModule: security\nEnvVarValue is the value associated with the environment variable set by EnvVarName.\n", - "markdownDescription": "env_var_value: `string` \nModule: `security` \nEnvVarValue is the value associated with the environment variable set by EnvVarName. \n", - "type": "string" - }, - "file_path": { - "description": "file_path: string\nModule: security\nFilePath is the path of a file containing either private or public key.\n", - "markdownDescription": "file_path: `string` \nModule: `security` \nFilePath is the path of a file containing either private or public key. \n", - "type": "string" - }, - "id": { - "description": "id: string\nModule: security\nID is the key ID, aka kid.\n", - "markdownDescription": "id: `string` \nModule: `security` \nID is the key ID, aka kid. \n", - "type": "string" - }, - "seq": { - "description": "seq: number\nModule: security\nSeq is the order in which a key would be processed.\n", - "markdownDescription": "seq: `number` \nModule: `security` \nSeq is the order in which a key would be processed. \n", - "type": "number" - }, - "source": { - "description": "source: string\nModule: security\nSource is either config or env.\n", - "markdownDescription": "source: `string` \nModule: `security` \nSource is either config or env. \n", - "type": "string" - }, - "token_eval_expr": { - "description": "token_eval_expr: array\nModule: security\nEvalExpr is a list of expressions evaluated whether a specific key\nshould be used for signing and verification.\n", - "markdownDescription": "token_eval_expr: `array` \nModule: `security` \nEvalExpr is a list of expressions evaluated whether a specific key\nshould be used for signing and verification. \n", - "type": "array", - "items": { - "description": "EvalExpr is a list of expressions evaluated whether a specific key\nshould be used for signing and verification.\n", - "markdownDescription": "EvalExpr is a list of expressions evaluated whether a specific key\nshould be used for signing and verification. \n", - "type": "string" - } - }, - "token_lifetime": { - "description": "token_lifetime: number\nModule: security\nTokenLifetime is the expected token grant lifetime in seconds.\n", - "markdownDescription": "token_lifetime: `number` \nModule: `security` \nTokenLifetime is the expected token grant lifetime in seconds. \n", - "type": "number" - }, - "token_name": { - "description": "token_name: string\nModule: security\nTokenName is the token name associated with the key.\n", - "markdownDescription": "token_name: `string` \nModule: `security` \nTokenName is the token name associated with the key. \n", - "type": "string" - }, - "token_secret": { - "description": "token_secret: string\nModule: security\nSecret is the shared key used with HMAC algorithm.\n", - "markdownDescription": "token_secret: `string` \nModule: `security` \nSecret is the shared key used with HMAC algorithm. \n", - "type": "string" - }, - "token_sign_method": { - "description": "token_sign_method: string\nModule: security\nPreferredSignMethod is the preferred method to sign tokens, e.g.\nall HMAC keys could use HS256, HS384, and HS512 methods. By default,\nthe preferred method is HS512. However, one may prefer using HS256.\n", - "markdownDescription": "token_sign_method: `string` \nModule: `security` \nPreferredSignMethod is the preferred method to sign tokens, e.g.\nall HMAC keys could use HS256, HS384, and HS512 methods. By default,\nthe preferred method is HS512. However, one may prefer using HS256. \n", - "type": "string" - }, - "usage": { - "description": "usage: string\nModule: security\nUsage is the intended key usage. The values are: sign, verify, both,\nor auto.\n", - "markdownDescription": "usage: `string` \nModule: `security` \nUsage is the intended key usage. The values are: sign, verify, both,\nor auto. \n", - "type": "string" - } - } - } - }, - "crypto_key_store_config": { - "description": "crypto_key_store_config: object\nModule: security\nCryptoKeyStoreConfig hold the default configuration for the keys, e.g. token name and lifetime.\n", - "markdownDescription": "crypto_key_store_config: `object` \nModule: `security` \nCryptoKeyStoreConfig hold the default configuration for the keys, e.g. token name and lifetime. \n", - "type": "object", - "additionalProperties": { - "description": "CryptoKeyStoreConfig hold the default configuration for the keys, e.g. token name and lifetime.\n", - "markdownDescription": "CryptoKeyStoreConfig hold the default configuration for the keys, e.g. token name and lifetime. \n" - } - }, - "identity_providers": { - "description": "identity_providers: array\nModule: security\nThe names of identity providers.\n", - "markdownDescription": "identity_providers: `array` \nModule: `security` \nThe names of identity providers. \n", - "type": "array", - "items": { - "description": "The names of identity providers.\n", - "markdownDescription": "The names of identity providers. \n", - "type": "string" - } - }, - "identity_stores": { - "description": "identity_stores: array\nModule: security\nThe names of identity stores.\n", - "markdownDescription": "identity_stores: `array` \nModule: `security` \nThe names of identity stores. \n", - "type": "array", - "items": { - "description": "The names of identity stores.\n", - "markdownDescription": "The names of identity stores. \n", - "type": "string" - } - }, - "name": { - "description": "name: string\nModule: security\n", - "markdownDescription": "name: `string` \nModule: `security` \n", - "type": "string" - }, - "sso_providers": { - "description": "sso_providers: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "sso_providers: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "array", - "items": { - "type": "string" - } - }, - "token_grantor_options": { - "description": "token_grantor_options: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz/options#TokenGrantorOptions\nTokenGrantorOptions holds the configuration for the tokens issues by Authenticator.\n\n\nTokenGrantorOptions provides options for TokenGrantor.\n", - "markdownDescription": "token_grantor_options: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz/options#TokenGrantorOptions) \nTokenGrantorOptions holds the configuration for the tokens issues by Authenticator.\n\n\nTokenGrantorOptions provides options for TokenGrantor. \n", - "type": "object", - "properties": { - "enable_source_address": { - "description": "enable_source_address: boolean\nModule: security\n", - "markdownDescription": "enable_source_address: `boolean` \nModule: `security` \n", - "type": "boolean" - } - } - }, - "token_validator_options": { - "description": "token_validator_options: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz/options#TokenValidatorOptions\nTokenValidatorOptions holds the configuration for the token validator.\n\n\nTokenValidatorOptions provides options for TokenValidator.\n", - "markdownDescription": "token_validator_options: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz/options#TokenValidatorOptions) \nTokenValidatorOptions holds the configuration for the token validator.\n\n\nTokenValidatorOptions provides options for TokenValidator. \n", - "type": "object", - "properties": { - "validate_access_list_path_claim": { - "description": "validate_access_list_path_claim: boolean\nModule: security\n", - "markdownDescription": "validate_access_list_path_claim: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "validate_bearer_header": { - "description": "validate_bearer_header: boolean\nModule: security\n", - "markdownDescription": "validate_bearer_header: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "validate_method_path": { - "description": "validate_method_path: boolean\nModule: security\n", - "markdownDescription": "validate_method_path: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "validate_source_address": { - "description": "validate_source_address: boolean\nModule: security\n", - "markdownDescription": "validate_source_address: `boolean` \nModule: `security` \n", - "type": "boolean" - } - } - }, - "ui": { - "description": "ui: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/ui#Parameters\nUI holds the configuration for the user interface.\n\n\nParameters represent a common set of configuration settings\nfor HTML UI.\n", - "markdownDescription": "ui: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/ui#Parameters) \nUI holds the configuration for the user interface.\n\n\nParameters represent a common set of configuration settings\nfor HTML UI. \n", - "type": "object", - "properties": { - "allow_role_selection": { - "description": "allow_role_selection: boolean\nModule: security\n", - "markdownDescription": "allow_role_selection: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "auto_redirect_url": { - "description": "auto_redirect_url: string\nModule: security\n", - "markdownDescription": "auto_redirect_url: `string` \nModule: `security` \n", - "type": "string" - }, - "custom_css_path": { - "description": "custom_css_path: string\nModule: security\n", - "markdownDescription": "custom_css_path: `string` \nModule: `security` \n", - "type": "string" - }, - "custom_js_path": { - "description": "custom_js_path: string\nModule: security\n", - "markdownDescription": "custom_js_path: `string` \nModule: `security` \n", - "type": "string" - }, - "disabled_pages": { - "description": "disabled_pages: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "disabled_pages: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "object", - "additionalProperties": {} - }, - "language": { - "description": "language: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "language: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "logo_description": { - "description": "logo_description: string\nModule: security\n", - "markdownDescription": "logo_description: `string` \nModule: `security` \n", - "type": "string" - }, - "logo_url": { - "description": "logo_url: string\nModule: security\n", - "markdownDescription": "logo_url: `string` \nModule: `security` \n", - "type": "string" - }, - "meta_author": { - "description": "meta_author: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "meta_author: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "meta_description": { - "description": "meta_description: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "meta_description: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "meta_title": { - "description": "meta_title: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "meta_title: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "password_recovery_enabled": { - "description": "password_recovery_enabled: boolean\nModule: security\n", - "markdownDescription": "password_recovery_enabled: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "private_links": { - "description": "private_links: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/ui#Link\nLink represents a single HTML link.\n\n", - "markdownDescription": "private_links: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/ui#Link) \nLink represents a single HTML link.\n \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/ui#Link\nLink represents a single HTML link.\n\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/ui#Link) \nLink represents a single HTML link.\n \n", - "type": "object", - "properties": { - "icon_enabled": { - "description": "icon_enabled: boolean\nModule: security\n", - "markdownDescription": "icon_enabled: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "icon_name": { - "description": "icon_name: string\nModule: security\n", - "markdownDescription": "icon_name: `string` \nModule: `security` \n", - "type": "string" - }, - "link": { - "description": "link: string\nModule: security\n", - "markdownDescription": "link: `string` \nModule: `security` \n", - "type": "string" - }, - "open_new_window": { - "description": "open_new_window: boolean\nModule: security\n", - "markdownDescription": "open_new_window: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "style": { - "description": "style: string\nModule: security\n", - "markdownDescription": "style: `string` \nModule: `security` \n", - "type": "string" - }, - "target": { - "description": "target: string\nModule: security\n", - "markdownDescription": "target: `string` \nModule: `security` \n", - "type": "string" - }, - "target_enabled": { - "description": "target_enabled: boolean\nModule: security\n", - "markdownDescription": "target_enabled: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "title": { - "description": "title: string\nModule: security\n", - "markdownDescription": "title: `string` \nModule: `security` \n", - "type": "string" - } - } - } - }, - "realms": { - "description": "realms: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/ui#UserRealm\nUserRealm represents a single authentication realm/domain.\n\n", - "markdownDescription": "realms: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/ui#UserRealm) \nUserRealm represents a single authentication realm/domain.\n \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/ui#UserRealm\nUserRealm represents a single authentication realm/domain.\n\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/ui#UserRealm) \nUserRealm represents a single authentication realm/domain.\n \n", - "type": "object", - "properties": { - "label": { - "description": "label: string\nModule: security\n", - "markdownDescription": "label: `string` \nModule: `security` \n", - "type": "string" - }, - "name": { - "description": "name: string\nModule: security\n", - "markdownDescription": "name: `string` \nModule: `security` \n", - "type": "string" - } - } - } - }, - "templates": { - "description": "templates: object\nModule: security\n", - "markdownDescription": "templates: `object` \nModule: `security` \n", - "type": "object", - "additionalProperties": {} - }, - "theme": { - "description": "theme: string\nModule: security\n", - "markdownDescription": "theme: `string` \nModule: `security` \n", - "type": "string" - }, - "title": { - "description": "title: string\nModule: security\n", - "markdownDescription": "title: `string` \nModule: `security` \n", - "type": "string" - } - } - }, - "user_registries": { - "description": "user_registries: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "user_registries: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "array", - "items": { - "type": "string" - } - }, - "user_transformer_configs": { - "description": "user_transformer_configs: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/transformer#Config\nUserTransformerConfig holds the configuration for the user transformer.\n\n\nConfig represents a common set of configuration settings\napplicable to the cookies issued by authn.Authenticator.\n", - "markdownDescription": "user_transformer_configs: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/transformer#Config) \nUserTransformerConfig holds the configuration for the user transformer.\n\n\nConfig represents a common set of configuration settings\napplicable to the cookies issued by authn.Authenticator. \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/transformer#Config\nUserTransformerConfig holds the configuration for the user transformer.\n\n\nConfig represents a common set of configuration settings\napplicable to the cookies issued by authn.Authenticator.\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authn/transformer#Config) \nUserTransformerConfig holds the configuration for the user transformer.\n\n\nConfig represents a common set of configuration settings\napplicable to the cookies issued by authn.Authenticator. \n", - "type": "object", - "properties": { - "actions": { - "description": "actions: array\nModule: security\n", - "markdownDescription": "actions: `array` \nModule: `security` \n", - "type": "array", - "items": { - "type": "string" - } - }, - "matchers": { - "description": "matchers: array\nModule: security\n", - "markdownDescription": "matchers: `array` \nModule: `security` \n", - "type": "array", - "items": { - "type": "string" - } - } - } - } - } - } - } - }, - "authorization_policies": { - "description": "authorization_policies: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz#PolicyConfig\nPolicyConfig is Gatekeeper configuration.\n\n", - "markdownDescription": "authorization_policies: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz#PolicyConfig) \nPolicyConfig is Gatekeeper configuration.\n \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz#PolicyConfig\nPolicyConfig is Gatekeeper configuration.\n\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz#PolicyConfig) \nPolicyConfig is Gatekeeper configuration.\n \n", - "type": "object", - "properties": { - "access_list_rules": { - "description": "access_list_rules: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/acl#RuleConfiguration\nRuleConfiguration consists of a list of conditions and and actions\n\n", - "markdownDescription": "access_list_rules: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/acl#RuleConfiguration) \nRuleConfiguration consists of a list of conditions and and actions\n \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/acl#RuleConfiguration\nRuleConfiguration consists of a list of conditions and and actions\n\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/acl#RuleConfiguration) \nRuleConfiguration consists of a list of conditions and and actions\n \n", - "type": "object", - "properties": { - "action": { - "description": "action: string\nModule: security\n", - "markdownDescription": "action: `string` \nModule: `security` \n", - "type": "string" - }, - "comment": { - "description": "comment: string\nModule: security\n", - "markdownDescription": "comment: `string` \nModule: `security` \n", - "type": "string" - }, - "conditions": { - "description": "conditions: array\nModule: security\n", - "markdownDescription": "conditions: `array` \nModule: `security` \n", - "type": "array", - "items": { - "type": "string" - } - } - } - } - }, - "additional_scopes": { - "description": "additional_scopes: boolean\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "additional_scopes: `boolean` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "boolean" - }, - "allowed_token_sources": { - "description": "allowed_token_sources: array\nModule: security\n", - "markdownDescription": "allowed_token_sources: `array` \nModule: `security` \n", - "type": "array", - "items": { - "type": "string" - } - }, - "auth_proxy_config": { - "description": "auth_proxy_config: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authproxy#Config\nConfig is a config for an identity provider.\n\n", - "markdownDescription": "auth_proxy_config: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authproxy#Config) \nConfig is a config for an identity provider.\n \n", - "type": "object", - "properties": { - "api_key_auth": { - "description": "api_key_auth: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authproxy#APIKeyAuthConfig\nAPIKeyAuthConfig is a config for API key-based authentication.\n\n", - "markdownDescription": "api_key_auth: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authproxy#APIKeyAuthConfig) \nAPIKeyAuthConfig is a config for API key-based authentication.\n \n", - "type": "object", - "properties": { - "enabled": { - "description": "enabled: boolean\nModule: security\n", - "markdownDescription": "enabled: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "realms": { - "description": "realms: object\nModule: security\n", - "markdownDescription": "realms: `object` \nModule: `security` \n", - "type": "object", - "additionalProperties": {} - } - } - }, - "basic_auth": { - "description": "basic_auth: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authproxy#BasicAuthConfig\nBasicAuthConfig is a config for basic authentication.\n\n", - "markdownDescription": "basic_auth: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authproxy#BasicAuthConfig) \nBasicAuthConfig is a config for basic authentication.\n \n", - "type": "object", - "properties": { - "enabled": { - "description": "enabled: boolean\nModule: security\n", - "markdownDescription": "enabled: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "realms": { - "description": "realms: object\nModule: security\n", - "markdownDescription": "realms: `object` \nModule: `security` \n", - "type": "object", - "additionalProperties": {} - } - } - }, - "portal_name": { - "description": "portal_name: string\nModule: security\n", - "markdownDescription": "portal_name: `string` \nModule: `security` \n", - "type": "string" - } - } - }, - "auth_redirect_query_param": { - "description": "auth_redirect_query_param: string\nModule: security\n", - "markdownDescription": "auth_redirect_query_param: `string` \nModule: `security` \n", - "type": "string" - }, - "auth_redirect_status_code": { - "description": "auth_redirect_status_code: number\nModule: security\nThe status code for the HTTP redirect for non-authorized users.\n", - "markdownDescription": "auth_redirect_status_code: `number` \nModule: `security` \nThe status code for the HTTP redirect for non-authorized users. \n", - "type": "number" - }, - "auth_url_path": { - "description": "auth_url_path: string\nModule: security\n", - "markdownDescription": "auth_url_path: `string` \nModule: `security` \n", - "type": "string" - }, - "bypass_configs": { - "description": "bypass_configs: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz/bypass#Config\nThe list of URI prefixes which bypass authorization.\n\n\nConfig contains the entry for the authorization bypass.\n", - "markdownDescription": "bypass_configs: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz/bypass#Config) \nThe list of URI prefixes which bypass authorization.\n\n\nConfig contains the entry for the authorization bypass. \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz/bypass#Config\nThe list of URI prefixes which bypass authorization.\n\n\nConfig contains the entry for the authorization bypass.\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz/bypass#Config) \nThe list of URI prefixes which bypass authorization.\n\n\nConfig contains the entry for the authorization bypass. \n", - "type": "object", - "properties": { - "match_type": { - "description": "match_type: string\nModule: security\n", - "markdownDescription": "match_type: `string` \nModule: `security` \n", - "type": "string" - }, - "uri": { - "description": "uri: string\nModule: security\n", - "markdownDescription": "uri: `string` \nModule: `security` \n", - "type": "string" - } - } - } - }, - "crypto_key_configs": { - "description": "crypto_key_configs: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/kms#CryptoKeyConfig\nCryptoKeyConfig is common token-related configuration settings.\n\n", - "markdownDescription": "crypto_key_configs: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/kms#CryptoKeyConfig) \nCryptoKeyConfig is common token-related configuration settings.\n \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/kms#CryptoKeyConfig\nCryptoKeyConfig is common token-related configuration settings.\n\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/kms#CryptoKeyConfig) \nCryptoKeyConfig is common token-related configuration settings.\n \n", - "type": "object", - "properties": { - "algorithm": { - "description": "algorithm: string\nModule: security\nAlgorithm is either hmac, rsa, or ecdsa.\n", - "markdownDescription": "algorithm: `string` \nModule: `security` \nAlgorithm is either hmac, rsa, or ecdsa. \n", - "type": "string" - }, - "dir_path": { - "description": "dir_path: string\nModule: security\nDirPath is the path to a directory containing crypto keys.\n", - "markdownDescription": "dir_path: `string` \nModule: `security` \nDirPath is the path to a directory containing crypto keys. \n", - "type": "string" - }, - "env_var_name": { - "description": "env_var_name: string\nModule: security\nEnvVarName is the name of environment variables holding either the value of\na key or the path a directory or file containing a key.\n", - "markdownDescription": "env_var_name: `string` \nModule: `security` \nEnvVarName is the name of environment variables holding either the value of\na key or the path a directory or file containing a key. \n", - "type": "string" - }, - "env_var_type": { - "description": "env_var_type: string\nModule: security\nEnvVarType indicates how to interpret the value found in the EnvVarName. If\nit is blank, then the assumption is the environment variable value\ncontains either public or private key.\n", - "markdownDescription": "env_var_type: `string` \nModule: `security` \nEnvVarType indicates how to interpret the value found in the EnvVarName. If\nit is blank, then the assumption is the environment variable value\ncontains either public or private key. \n", - "type": "string" - }, - "env_var_value": { - "description": "env_var_value: string\nModule: security\nEnvVarValue is the value associated with the environment variable set by EnvVarName.\n", - "markdownDescription": "env_var_value: `string` \nModule: `security` \nEnvVarValue is the value associated with the environment variable set by EnvVarName. \n", - "type": "string" - }, - "file_path": { - "description": "file_path: string\nModule: security\nFilePath is the path of a file containing either private or public key.\n", - "markdownDescription": "file_path: `string` \nModule: `security` \nFilePath is the path of a file containing either private or public key. \n", - "type": "string" - }, - "id": { - "description": "id: string\nModule: security\nID is the key ID, aka kid.\n", - "markdownDescription": "id: `string` \nModule: `security` \nID is the key ID, aka kid. \n", - "type": "string" - }, - "seq": { - "description": "seq: number\nModule: security\nSeq is the order in which a key would be processed.\n", - "markdownDescription": "seq: `number` \nModule: `security` \nSeq is the order in which a key would be processed. \n", - "type": "number" - }, - "source": { - "description": "source: string\nModule: security\nSource is either config or env.\n", - "markdownDescription": "source: `string` \nModule: `security` \nSource is either config or env. \n", - "type": "string" - }, - "token_eval_expr": { - "description": "token_eval_expr: array\nModule: security\nEvalExpr is a list of expressions evaluated whether a specific key\nshould be used for signing and verification.\n", - "markdownDescription": "token_eval_expr: `array` \nModule: `security` \nEvalExpr is a list of expressions evaluated whether a specific key\nshould be used for signing and verification. \n", - "type": "array", - "items": { - "description": "EvalExpr is a list of expressions evaluated whether a specific key\nshould be used for signing and verification.\n", - "markdownDescription": "EvalExpr is a list of expressions evaluated whether a specific key\nshould be used for signing and verification. \n", - "type": "string" - } - }, - "token_lifetime": { - "description": "token_lifetime: number\nModule: security\nTokenLifetime is the expected token grant lifetime in seconds.\n", - "markdownDescription": "token_lifetime: `number` \nModule: `security` \nTokenLifetime is the expected token grant lifetime in seconds. \n", - "type": "number" - }, - "token_name": { - "description": "token_name: string\nModule: security\nTokenName is the token name associated with the key.\n", - "markdownDescription": "token_name: `string` \nModule: `security` \nTokenName is the token name associated with the key. \n", - "type": "string" - }, - "token_secret": { - "description": "token_secret: string\nModule: security\nSecret is the shared key used with HMAC algorithm.\n", - "markdownDescription": "token_secret: `string` \nModule: `security` \nSecret is the shared key used with HMAC algorithm. \n", - "type": "string" - }, - "token_sign_method": { - "description": "token_sign_method: string\nModule: security\nPreferredSignMethod is the preferred method to sign tokens, e.g.\nall HMAC keys could use HS256, HS384, and HS512 methods. By default,\nthe preferred method is HS512. However, one may prefer using HS256.\n", - "markdownDescription": "token_sign_method: `string` \nModule: `security` \nPreferredSignMethod is the preferred method to sign tokens, e.g.\nall HMAC keys could use HS256, HS384, and HS512 methods. By default,\nthe preferred method is HS512. However, one may prefer using HS256. \n", - "type": "string" - }, - "usage": { - "description": "usage: string\nModule: security\nUsage is the intended key usage. The values are: sign, verify, both,\nor auto.\n", - "markdownDescription": "usage: `string` \nModule: `security` \nUsage is the intended key usage. The values are: sign, verify, both,\nor auto. \n", - "type": "string" - } - } - } - }, - "crypto_key_store_config": { - "description": "crypto_key_store_config: object\nModule: security\nCryptoKeyStoreConfig hold the default configuration for the keys, e.g. token name and lifetime.\n", - "markdownDescription": "crypto_key_store_config: `object` \nModule: `security` \nCryptoKeyStoreConfig hold the default configuration for the keys, e.g. token name and lifetime. \n", - "type": "object", - "additionalProperties": { - "description": "CryptoKeyStoreConfig hold the default configuration for the keys, e.g. token name and lifetime.\n", - "markdownDescription": "CryptoKeyStoreConfig hold the default configuration for the keys, e.g. token name and lifetime. \n" - } - }, - "disable_auth_redirect": { - "description": "disable_auth_redirect: boolean\nModule: security\n", - "markdownDescription": "disable_auth_redirect: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "disable_auth_redirect_query": { - "description": "disable_auth_redirect_query: boolean\nModule: security\n", - "markdownDescription": "disable_auth_redirect_query: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "forbidden_url": { - "description": "forbidden_url: string\nModule: security\n", - "markdownDescription": "forbidden_url: `string` \nModule: `security` \n", - "type": "string" - }, - "header_injection_configs": { - "description": "header_injection_configs: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz/injector#Config\nThe list of mappings between header names and field names.\n\n\nConfig contains the entry for the HTTP header injection.\n", - "markdownDescription": "header_injection_configs: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz/injector#Config) \nThe list of mappings between header names and field names.\n\n\nConfig contains the entry for the HTTP header injection. \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz/injector#Config\nThe list of mappings between header names and field names.\n\n\nConfig contains the entry for the HTTP header injection.\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/authz/injector#Config) \nThe list of mappings between header names and field names.\n\n\nConfig contains the entry for the HTTP header injection. \n", - "type": "object", - "properties": { - "field": { - "description": "field: string\nModule: security\n", - "markdownDescription": "field: `string` \nModule: `security` \n", - "type": "string" - }, - "header": { - "description": "header: string\nModule: security\n", - "markdownDescription": "header: `string` \nModule: `security` \n", - "type": "string" - } - } - } - }, - "login_hint_validators": { - "description": "login_hint_validators: array\nModule: security\nValidate the login hint which can be passed to the auth provider\n", - "markdownDescription": "login_hint_validators: `array` \nModule: `security` \nValidate the login hint which can be passed to the auth provider \n", - "type": "array", - "items": { - "description": "Validate the login hint which can be passed to the auth provider\n", - "markdownDescription": "Validate the login hint which can be passed to the auth provider \n", - "type": "string" - } - }, - "name": { - "description": "name: string\nModule: security\n", - "markdownDescription": "name: `string` \nModule: `security` \n", - "type": "string" - }, - "pass_claims_with_headers": { - "description": "pass_claims_with_headers: boolean\nModule: security\nPass claims from JWT token via HTTP X- headers.\n", - "markdownDescription": "pass_claims_with_headers: `boolean` \nModule: `security` \nPass claims from JWT token via HTTP X- headers. \n", - "type": "boolean" - }, - "redirect_with_javascript": { - "description": "redirect_with_javascript: boolean\nModule: security\nEnable the redirect with Javascript, as opposed to HTTP redirect.\n", - "markdownDescription": "redirect_with_javascript: `boolean` \nModule: `security` \nEnable the redirect with Javascript, as opposed to HTTP redirect. \n", - "type": "boolean" - }, - "strip_token_enabled": { - "description": "strip_token_enabled: boolean\nModule: security\n", - "markdownDescription": "strip_token_enabled: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "user_identity_field": { - "description": "user_identity_field: string\nModule: security\n", - "markdownDescription": "user_identity_field: `string` \nModule: `security` \n", - "type": "string" - }, - "validate_access_list_path_claim": { - "description": "validate_access_list_path_claim: boolean\nModule: security\nValidate HTTP path derived from JWT token.\n", - "markdownDescription": "validate_access_list_path_claim: `boolean` \nModule: `security` \nValidate HTTP path derived from JWT token. \n", - "type": "boolean" - }, - "validate_bearer_header": { - "description": "validate_bearer_header: boolean\nModule: security\nValidate HTTP Authorization header.\n", - "markdownDescription": "validate_bearer_header: `boolean` \nModule: `security` \nValidate HTTP Authorization header. \n", - "type": "boolean" - }, - "validate_method_path": { - "description": "validate_method_path: boolean\nModule: security\nValidate HTTP method and path.\n", - "markdownDescription": "validate_method_path: `boolean` \nModule: `security` \nValidate HTTP method and path. \n", - "type": "boolean" - }, - "validate_source_address": { - "description": "validate_source_address: boolean\nModule: security\nValidate source address matches between HTTP request and JWT token.\n", - "markdownDescription": "validate_source_address: `boolean` \nModule: `security` \nValidate source address matches between HTTP request and JWT token. \n", - "type": "boolean" - } - } - } - }, - "credentials": { - "description": "credentials: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/credentials#Config\nConfig represents a collection of various credentials.\n\n", - "markdownDescription": "credentials: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/credentials#Config) \nConfig represents a collection of various credentials.\n \n", - "type": "object", - "properties": { - "generic": { - "description": "generic: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/credentials#Generic\nGeneric represents username and password credentials, with optional\ndomain name field.\n\n", - "markdownDescription": "generic: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/credentials#Generic) \nGeneric represents username and password credentials, with optional\ndomain name field.\n \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/credentials#Generic\nGeneric represents username and password credentials, with optional\ndomain name field.\n\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/credentials#Generic) \nGeneric represents username and password credentials, with optional\ndomain name field.\n \n", - "type": "object", - "properties": { - "domain": { - "description": "domain: string\nModule: security\n", - "markdownDescription": "domain: `string` \nModule: `security` \n", - "type": "string" - }, - "name": { - "description": "name: string\nModule: security\n", - "markdownDescription": "name: `string` \nModule: `security` \n", - "type": "string" - }, - "password": { - "description": "password: string\nModule: security\n", - "markdownDescription": "password: `string` \nModule: `security` \n", - "type": "string" - }, - "username": { - "description": "username: string\nModule: security\n", - "markdownDescription": "username: `string` \nModule: `security` \n", - "type": "string" - } - } - } - } - } - }, - "identity_providers": { - "description": "identity_providers: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/idp#IdentityProviderConfig\nIdentityProviderConfig represents an identity provider configuration.\n\n", - "markdownDescription": "identity_providers: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/idp#IdentityProviderConfig) \nIdentityProviderConfig represents an identity provider configuration.\n \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/idp#IdentityProviderConfig\nIdentityProviderConfig represents an identity provider configuration.\n\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/idp#IdentityProviderConfig) \nIdentityProviderConfig represents an identity provider configuration.\n \n", - "type": "object", - "properties": { - "kind": { - "description": "kind: string\nModule: security\n", - "markdownDescription": "kind: `string` \nModule: `security` \n", - "type": "string" - }, - "name": { - "description": "name: string\nModule: security\n", - "markdownDescription": "name: `string` \nModule: `security` \n", - "type": "string" - }, - "params": { - "description": "params: object\nModule: security\n", - "markdownDescription": "params: `object` \nModule: `security` \n", - "type": "object", - "additionalProperties": {} - } - } - } - }, - "identity_stores": { - "description": "identity_stores: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/ids#IdentityStoreConfig\nIdentityStoreConfig represents an identity store configuration.\n\n", - "markdownDescription": "identity_stores: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/ids#IdentityStoreConfig) \nIdentityStoreConfig represents an identity store configuration.\n \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/ids#IdentityStoreConfig\nIdentityStoreConfig represents an identity store configuration.\n\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/ids#IdentityStoreConfig) \nIdentityStoreConfig represents an identity store configuration.\n \n", - "type": "object", - "properties": { - "kind": { - "description": "kind: string\nModule: security\n", - "markdownDescription": "kind: `string` \nModule: `security` \n", - "type": "string" - }, - "name": { - "description": "name: string\nModule: security\n", - "markdownDescription": "name: `string` \nModule: `security` \n", - "type": "string" - }, - "params": { - "description": "params: object\nModule: security\n", - "markdownDescription": "params: `object` \nModule: `security` \n", - "type": "object", - "additionalProperties": {} - } - } - } - }, - "messaging": { - "description": "messaging: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/messaging#Config\nConfig represents a collection of various messaging providers.\n\n", - "markdownDescription": "messaging: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/messaging#Config) \nConfig represents a collection of various messaging providers.\n \n", - "type": "object", - "properties": { - "email_providers": { - "description": "email_providers: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/messaging#EmailProvider\nEmailProvider represents email messaging provider.\n\n", - "markdownDescription": "email_providers: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/messaging#EmailProvider) \nEmailProvider represents email messaging provider.\n \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/messaging#EmailProvider\nEmailProvider represents email messaging provider.\n\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/messaging#EmailProvider) \nEmailProvider represents email messaging provider.\n \n", - "type": "object", - "properties": { - "address": { - "description": "address: string\nModule: security\n", - "markdownDescription": "address: `string` \nModule: `security` \n", - "type": "string" - }, - "blind_carbon_copy": { - "description": "blind_carbon_copy: array\nModule: security\n", - "markdownDescription": "blind_carbon_copy: `array` \nModule: `security` \n", - "type": "array", - "items": { - "type": "string" - } - }, - "credentials": { - "description": "credentials: string\nModule: security\n", - "markdownDescription": "credentials: `string` \nModule: `security` \n", - "type": "string" - }, - "name": { - "description": "name: string\nModule: security\n", - "markdownDescription": "name: `string` \nModule: `security` \n", - "type": "string" - }, - "passwordless": { - "description": "passwordless: boolean\nModule: security\n", - "markdownDescription": "passwordless: `boolean` \nModule: `security` \n", - "type": "boolean" - }, - "protocol": { - "description": "protocol: string\nModule: security\n", - "markdownDescription": "protocol: `string` \nModule: `security` \n", - "type": "string" - }, - "sender_email": { - "description": "sender_email: string\nModule: security\n", - "markdownDescription": "sender_email: `string` \nModule: `security` \n", - "type": "string" - }, - "sender_name": { - "description": "sender_name: string\nModule: security\n", - "markdownDescription": "sender_name: `string` \nModule: `security` \n", - "type": "string" - }, - "templates": { - "description": "templates: object\nModule: security\n", - "markdownDescription": "templates: `object` \nModule: `security` \n", - "type": "object", - "additionalProperties": {} - } - } - } - }, - "file_providers": { - "description": "file_providers: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/messaging#FileProvider\nFileProvider represents file messaging provider which writes messages\nto a local file system,\n\n", - "markdownDescription": "file_providers: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/messaging#FileProvider) \nFileProvider represents file messaging provider which writes messages\nto a local file system,\n \n", - "type": "array", - "items": { - "description": "https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/messaging#FileProvider\nFileProvider represents file messaging provider which writes messages\nto a local file system,\n\n", - "markdownDescription": "[godoc](https://pkg.go.dev/github.com/greenpau/go-authcrunch/pkg/messaging#FileProvider) \nFileProvider represents file messaging provider which writes messages\nto a local file system,\n \n", - "type": "object", - "properties": { - "name": { - "description": "name: string\nModule: security\n", - "markdownDescription": "name: `string` \nModule: `security` \n", - "type": "string" - }, - "root_dir": { - "description": "root_dir: string\nModule: security\n", - "markdownDescription": "root_dir: `string` \nModule: `security` \n", - "type": "string" - }, - "templates": { - "description": "templates: object\nModule: security\n", - "markdownDescription": "templates: `object` \nModule: `security` \n", - "type": "object", - "additionalProperties": {} - } - } - } - } - } - }, - "sso_providers": { - "description": "sso_providers: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "sso_providers: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "array", - "items": { - "type": "object", - "properties": { - "cert_path": { - "description": "cert_path: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "cert_path: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "driver": { - "description": "driver: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "driver: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "entity_id": { - "description": "entity_id: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "entity_id: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "locations": { - "description": "locations: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "locations: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "array", - "items": { - "type": "string" - } - }, - "name": { - "description": "name: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "name: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "private_key_path": { - "description": "private_key_path: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "private_key_path: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - } - } - } - }, - "user_registries": { - "description": "user_registries: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "user_registries: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "array", - "items": { - "type": "object", - "properties": { - "admin_emails": { - "description": "admin_emails: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "admin_emails: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "array", - "items": { - "type": "string" - } - }, - "code": { - "description": "code: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "code: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "credentials": { - "description": "credentials: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "credentials: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "object", - "properties": { - "generic": { - "description": "generic: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "generic: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "array", - "items": { - "type": "object", - "properties": { - "domain": { - "description": "domain: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "domain: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "name": { - "description": "name: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "name: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "password": { - "description": "password: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "password: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "username": { - "description": "username: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "username: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - } - } - } - } - } - }, - "disabled": { - "description": "disabled: boolean\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "disabled: `boolean` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "boolean" - }, - "dropbox": { - "description": "dropbox: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "dropbox: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "email_provider": { - "description": "email_provider: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "email_provider: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "identity_store": { - "description": "identity_store: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "identity_store: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "messaging": { - "description": "messaging: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "messaging: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "object", - "properties": { - "email_providers": { - "description": "email_providers: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "email_providers: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "array", - "items": { - "type": "object", - "properties": { - "address": { - "description": "address: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "address: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "blind_carbon_copy": { - "description": "blind_carbon_copy: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "blind_carbon_copy: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "array", - "items": { - "type": "string" - } - }, - "credentials": { - "description": "credentials: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "credentials: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "name": { - "description": "name: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "name: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "passwordless": { - "description": "passwordless: boolean\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "passwordless: `boolean` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "boolean" - }, - "protocol": { - "description": "protocol: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "protocol: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "sender_email": { - "description": "sender_email: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "sender_email: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "sender_name": { - "description": "sender_name: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "sender_name: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "templates": { - "description": "templates: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "templates: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "object", - "additionalProperties": {} - } - } - } - }, - "file_providers": { - "description": "file_providers: array\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "file_providers: `array` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "array", - "items": { - "type": "object", - "properties": { - "name": { - "description": "name: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "name: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "root_dir": { - "description": "root_dir: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "root_dir: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "templates": { - "description": "templates: object\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "templates: `object` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "object", - "additionalProperties": {} - } - } - } - } - } - }, - "name": { - "description": "name: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "name: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "privacy_policy_link": { - "description": "privacy_policy_link: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "privacy_policy_link: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "require_accept_terms": { - "description": "require_accept_terms: boolean\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "require_accept_terms: `boolean` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "boolean" - }, - "require_domain_mx": { - "description": "require_domain_mx: boolean\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "require_domain_mx: `boolean` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "boolean" - }, - "terms_conditions_link": { - "description": "terms_conditions_link: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "terms_conditions_link: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - }, - "title": { - "description": "title: string\nModule: security\nhttps://pkg.go.dev/github.com/greenpau/caddy-security#App", - "markdownDescription": "title: `string` \nModule: `security` \n[godoc](https://pkg.go.dev/github.com/greenpau/caddy-security#App)", - "type": "string" - } - } - } - } - } - } - } - }, "tls": { "description": "tls: object\nModule: tls\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#TLS\nTLS provides TLS facilities including certificate\nloading and management, client auth, and more.\n\n", "markdownDescription": "tls: `object` \nModule: `tls` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#TLS) \nTLS provides TLS facilities including certificate\nloading and management, client auth, and more.\n \n", @@ -9062,6 +6569,18 @@ "module" ], "allOf": [ + { + "if": { + "properties": { + "module": { + "const": "zerossl" + } + } + }, + "then": { + "$ref": "#/definitions/tls.issuance.zerossl" + } + }, { "if": { "properties": { @@ -9086,18 +6605,6 @@ "$ref": "#/definitions/tls.issuance.internal" } }, - { - "if": { - "properties": { - "module": { - "const": "zerossl" - } - } - }, - "then": { - "$ref": "#/definitions/tls.issuance.zerossl" - } - }, { "properties": { "module": { @@ -9105,9 +6612,9 @@ "markdownDescription": "key to identify `issuers` module. \nmodule: `string` \nModule: `tls.issuance`", "type": "string", "enum": [ + "zerossl", "acme", - "internal", - "zerossl" + "internal" ] } } @@ -9152,18 +6659,6 @@ "module" ], "allOf": [ - { - "if": { - "properties": { - "module": { - "const": "file_system" - } - } - }, - "then": { - "$ref": "#/definitions/caddy.storage.file_system" - } - }, { "if": { "properties": { @@ -9176,6 +6671,18 @@ "$ref": "#/definitions/caddy.storage.consul" } }, + { + "if": { + "properties": { + "module": { + "const": "file_system" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.storage.file_system" + } + }, { "properties": { "module": { @@ -9183,8 +6690,8 @@ "markdownDescription": "key to identify `storage` module. \nmodule: `string` \nModule: `caddy.storage`", "type": "string", "enum": [ - "file_system", - "consul" + "consul", + "file_system" ] } } @@ -9461,8 +6968,8 @@ } }, "tls.client_auth.leaf": { - "description": "leaf: any\nModule: tls.client_auth.leaf\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#LeafCertClientAuth\nLeafCertClientAuth verifies the client's leaf certificate.\n\n", - "markdownDescription": "leaf: `any` \nModule: `tls.client_auth.leaf` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#LeafCertClientAuth) \nLeafCertClientAuth verifies the client's leaf certificate.\n \n" + "description": "leaf: any\nModule: tls.client_auth.leaf\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#LeafCertClientAuth", + "markdownDescription": "leaf: `any` \nModule: `tls.client_auth.leaf` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#LeafCertClientAuth)" }, "tls.get_certificate.http": { "description": "http: object\nModule: tls.get_certificate.http\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#HTTPCertGetter\nHTTPCertGetter can get a certificate via HTTP(S) request.\n\n", @@ -9732,8 +7239,8 @@ } }, "tls.issuance.zerossl": { - "description": "zerossl: object\nModule: tls.issuance.zerossl\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ZeroSSLIssuer\nZeroSSLIssuer makes an ACME issuer for getting certificates\nfrom ZeroSSL by automatically generating EAB credentials.\nPlease be sure to set a valid email address in your config\nso you can access/manage your domains in your ZeroSSL account.\n\nThis issuer is only needed for automatic generation of EAB\ncredentials. If manually configuring/reusing EAB credentials,\nthe standard ACMEIssuer may be used if desired.\n\n", - "markdownDescription": "zerossl: `object` \nModule: `tls.issuance.zerossl` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ZeroSSLIssuer) \nZeroSSLIssuer makes an ACME issuer for getting certificates\nfrom ZeroSSL by automatically generating EAB credentials.\nPlease be sure to set a valid email address in your config\nso you can access/manage your domains in your ZeroSSL account.\n\nThis issuer is only needed for automatic generation of EAB\ncredentials. If manually configuring/reusing EAB credentials,\nthe standard ACMEIssuer may be used if desired.\n \n", + "description": "zerossl: object\nModule: tls.issuance.zerossl\nhttps://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ZeroSSLIssuer\nZeroSSLIssuer makes an ACME manager\nfor managing certificates using ACME.\n\n", + "markdownDescription": "zerossl: `object` \nModule: `tls.issuance.zerossl` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2/modules/caddytls#ZeroSSLIssuer) \nZeroSSLIssuer makes an ACME manager\nfor managing certificates using ACME.\n \n", "type": "object", "properties": { "account_key": { @@ -9747,8 +7254,8 @@ "type": "number" }, "api_key": { - "description": "api_key: string\nModule: tls.issuance.zerossl\nThe API key (or \"access key\") for using the ZeroSSL API.\nThis is optional, but can be used if you have an API key\nalready and don't want to supply your email address.\n", - "markdownDescription": "api_key: `string` \nModule: `tls.issuance.zerossl` \nThe API key (or \"access key\") for using the ZeroSSL API.\nThis is optional, but can be used if you have an API key\nalready and don't want to supply your email address. \n", + "description": "api_key: string\nModule: tls.issuance.zerossl\nThe API key (or \"access key\") for using the ZeroSSL API.\n", + "markdownDescription": "api_key: `string` \nModule: `tls.issuance.zerossl` \nThe API key (or \"access key\") for using the ZeroSSL API. \n", "type": "string" }, "ca": { @@ -10210,12 +7717,6 @@ "markdownDescription": "apps: `object` \n[godoc](https://pkg.go.dev/github.com/caddyserver/caddy/v2#ModuleMap) \nAppsRaw are the apps that Caddy will load and run. The\napp module name is the key, and the app's config is the\nassociated value.\n\n\nModuleMap is a map that can contain multiple modules,\nwhere the map key is the module's name. (The namespace\nis usually read from an associated field's struct tag.)\nBecause the module's name is given as the key in a\nmodule map, the name does not have to be given in the\njson.RawMessage. \n", "type": "object", "properties": { - "cache": { - "$ref": "#/definitions/cache" - }, - "events": { - "$ref": "#/definitions/events" - }, "http": { "$ref": "#/definitions/http" }, @@ -10225,9 +7726,6 @@ "pki": { "$ref": "#/definitions/pki" }, - "security": { - "$ref": "#/definitions/security" - }, "tls": { "$ref": "#/definitions/tls" } @@ -10455,30 +7953,6 @@ "output" ], "allOf": [ - { - "if": { - "properties": { - "output": { - "const": "discard" - } - } - }, - "then": { - "$ref": "#/definitions/caddy.logging.writers.discard" - } - }, - { - "if": { - "properties": { - "output": { - "const": "file" - } - } - }, - "then": { - "$ref": "#/definitions/caddy.logging.writers.file" - } - }, { "if": { "properties": { @@ -10515,6 +7989,30 @@ "$ref": "#/definitions/caddy.logging.writers.stdout" } }, + { + "if": { + "properties": { + "output": { + "const": "discard" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.writers.discard" + } + }, + { + "if": { + "properties": { + "output": { + "const": "file" + } + } + }, + "then": { + "$ref": "#/definitions/caddy.logging.writers.file" + } + }, { "properties": { "output": { @@ -10522,11 +8020,11 @@ "markdownDescription": "key to identify `writer` module. \noutput: `string` \nModule: `caddy.logging.writers`", "type": "string", "enum": [ - "discard", - "file", "net", "stderr", - "stdout" + "stdout", + "discard", + "file" ] } } diff --git a/profiles/base-user/.local/share/scripts/base16.sh b/modules/terminal-life/.local/share/scripts/base16.sh similarity index 100% rename from profiles/base-user/.local/share/scripts/base16.sh rename to modules/terminal-life/.local/share/scripts/base16.sh diff --git a/modules/terminal-life/bash/default.nix b/modules/terminal-life/bash/default.nix index 678585ad..92a61cc3 100644 --- a/modules/terminal-life/bash/default.nix +++ b/modules/terminal-life/bash/default.nix @@ -1,7 +1,7 @@ { config, + flake, pkgs, - self, ... }: let psCfg = config.pub-solar; @@ -18,6 +18,8 @@ in { # Run when initializing an interactive shell initExtra = '' + # Use fzf's CTRL-R history widget + source ${pkgs.fzf}/share/fzf/key-bindings.bash # Show current directory at the top in Alacritty PROMPT_COMMAND='echo -e -n "\e]2;$(basename "$PWD" | sed "s/${psCfg.user.name}/~/")\e\\"' @@ -85,7 +87,6 @@ in { fi # end of .bashrc - # Somehow we need to ensure starship starts later than ble.sh # (possible packaging issue?) # https://github.com/akinomyoga/ble.sh/issues/333 @@ -106,7 +107,7 @@ in { drone = "DRONE_TOKEN=$(secret-tool lookup drone token) drone"; no = "manix \"\" | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview=\"manix '{}'\" | xargs manix"; # fix nixos-option - nixos-option = "nixos-option -I nixpkgs=${self}/lib/compat"; + nixos-option = "nixos-option -I nixpkgs=${flake.self}/lib/compat"; myip = "dig +short myip.opendns.com @208.67.222.222 2>&1"; nnn = "nnn -d -e -H -r"; }; diff --git a/modules/terminal-life/default.nix b/modules/terminal-life/default.nix index 4d22a633..c4e6a1d8 100644 --- a/modules/terminal-life/default.nix +++ b/modules/terminal-life/default.nix @@ -2,7 +2,7 @@ lib, config, pkgs, - self, + flake, ... }: with lib; let @@ -10,73 +10,100 @@ with lib; let cfg = config.pub-solar.terminal-life; in { options.pub-solar.terminal-life = { - enable = mkEnableOption "Life in black and white"; - - lite = mkOption { + full = mkOption { description = '' - Enable a lite edition of terminal-life with less modules and a reduced package set. + Enable a full version, which includes more nvim plugins and lsps. ''; default = false; type = types.bool; }; }; - config = mkIf cfg.enable { + config = { programs.command-not-found.enable = false; - environment.systemPackages = with pkgs; [ + users.users."${psCfg.user.name}".packages = with pkgs; [ + ack + asciinema + bat + blesh + exa + fd + jump + (nnn.overrideAttrs (o: { + patches = + (o.patches or []) + ++ [ + ./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch + ]; + })) + powerline screen + silver-searcher + watson ]; - # Starship is a fast and featureful shell prompt - # starship.toml has sane defaults that can be changed there - programs.starship = { - enable = true; - settings = import ./starship.toml.nix; - }; + home-manager.users."${psCfg.user.name}" = { + xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh; - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - home.packages = [ - ack - asciinema - bat - blesh - exa - fd - gh - glow - jump - mdbook-multilang - (nnn.overrideAttrs (o: { - patches = - (o.patches or []) - ++ [ - ./nnn/0001-feat-use-wasd-keybindings-for-jkli.patch - ]; - })) - notes - powerline - python-wiki-fetch - silver-searcher - watson - tree - ]; - - programs.bash = import ./bash { - inherit config; - inherit pkgs; - inherit self; - }; - programs.fzf = import ./fzf { - inherit config; - inherit pkgs; - }; - programs.neovim = import ./nvim { - inherit config; - inherit pkgs; - inherit lib; - }; + programs.less = { + enable = true; + keys = '' + k forw-line + i back-line + K forw-scroll + I back-scroll + ''; }; + + # Starship is a fast and featureful shell prompt + # starship.toml has sane defaults that can be changed there + programs.starship = { + enable = true; + settings = import ./starship.toml.nix; + }; + + programs.bash = import ./bash { + inherit config; + inherit pkgs; + inherit lib; + inherit flake; + }; + + programs.fzf = import ./fzf { + inherit config; + inherit pkgs; + }; + + programs.neovim = import ./nvim { + inherit config; + inherit pkgs; + inherit lib; + }; + # Ensure nvim backup directory gets created + # Workaround for E510: Can't make backup file (add ! to override) + xdg.dataFile."nvim/backup/.keep".text = ""; + xdg.dataFile."nvim/json-schemas/.keep".text = ""; + # Generated with: + # docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json + xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json; + xdg.dataFile."nvim/templates/.keep".text = ""; + + programs.git = import ./git {}; + xdg.configFile."git/config".text = import ./.config/git/config.nix { + inherit config; + inherit pkgs; + }; + xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix { + inherit config; + inherit pkgs; + }; + xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix { + inherit config; + inherit pkgs; + }; + + programs.direnv = import ./direnv {}; + }; }; } diff --git a/modules/terminal-life/direnv/default.nix b/modules/terminal-life/direnv/default.nix new file mode 100644 index 00000000..0143c839 --- /dev/null +++ b/modules/terminal-life/direnv/default.nix @@ -0,0 +1,7 @@ +{ ... }: +{ + enable = true; + nix-direnv = { + enable = true; + }; +} diff --git a/modules/terminal-life/fzf/default.nix b/modules/terminal-life/fzf/default.nix index 372e768d..88e60592 100644 --- a/modules/terminal-life/fzf/default.nix +++ b/modules/terminal-life/fzf/default.nix @@ -10,5 +10,8 @@ "--color=fg:#d3d1d4,header:#7accd7,info:#e5c463,pointer:#ef9062" "--color=marker:#ef9062,fg+:#303030,prompt:#e5c463,hl+:#7accd7" ]; - enableBashIntegration = true; + # Use ble.sh for completions, see + # modules/terminal-life/bash/default.nix -> bleopt complete_menu_style=desc + # and https://github.com/akinomyoga/ble.sh/wiki/Manual-%C2%A77-Completion + enableBashIntegration = false; } diff --git a/modules/terminal-life/git/default.nix b/modules/terminal-life/git/default.nix new file mode 100644 index 00000000..6533d04a --- /dev/null +++ b/modules/terminal-life/git/default.nix @@ -0,0 +1,41 @@ +{ ... }: +{ + enable = true; + + extraConfig = { + pull.rebase = false; + }; + + aliases = { + a = "add -p"; + co = "checkout"; + cob = "checkout -b"; + f = "fetch -p"; + c = "commit"; + p = "push"; + ba = "branch -a"; + bd = "branch -d"; + bD = "branch -D"; + d = "diff"; + dc = "diff --cached"; + ds = "diff --staged"; + r = "restore"; + rs = "restore --staged"; + st = "status -sb"; + + # reset + soft = "reset --soft"; + hard = "reset --hard"; + s1ft = "soft HEAD~1"; + h1rd = "hard HEAD~1"; + + # logging + lg = "log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit"; + plog = "log --graph --pretty='format:%C(red)%d%C(reset) %C(yellow)%h%C(reset) %ar %C(green)%aN%C(reset) %s'"; + tlog = "log --stat --since='1 Day Ago' --graph --pretty=oneline --abbrev-commit --date=relative"; + rank = "shortlog -sn --no-merges"; + + # delete merged branches + bdm = "!git branch --merged | grep -v '*' | xargs -n 1 git branch -d"; + }; +} diff --git a/modules/terminal-life/nvim/default.nix b/modules/terminal-life/nvim/default.nix index 08cb959e..a0128c01 100644 --- a/modules/terminal-life/nvim/default.nix +++ b/modules/terminal-life/nvim/default.nix @@ -21,7 +21,7 @@ in { withPython3 = true; extraPackages = with pkgs; - lib.mkIf (!cfg.lite) [ + lib.mkIf (cfg.full) [ ansible-language-server ccls gopls @@ -44,137 +44,135 @@ in { universal-ctags ]; - plugins = with pkgs.vimPlugins; - [] - ++ lib.optionals (!cfg.lite) [ - (pkgs.vimPlugins.nvim-treesitter.withPlugins (p: [ - p.ini - p.json - p.json5 - p.markdown - p.nix - p.toml - p.yaml + plugins = with pkgs.vimPlugins; lib.mkIf cfg.full [ + (pkgs.vimPlugins.nvim-treesitter.withPlugins (p: [ + p.ini + p.json + p.json5 + p.markdown + p.nix + p.toml + p.yaml - p.css - p.graphql - p.html - p.javascript - p.scss - p.tsx - p.typescript - p.vue + p.css + p.graphql + p.html + p.javascript + p.scss + p.tsx + p.typescript + p.vue - p.c - p.cpp - p.go - p.gomod - p.gosum - p.haskell - p.lua - p.php - p.python - p.ruby - p.rust + p.c + p.cpp + p.go + p.gomod + p.gosum + p.haskell + p.lua + p.php + p.python + p.ruby + p.rust - p.vim - p.vimdoc + p.vim + p.vimdoc - p.passwd - p.sql + p.passwd + p.sql - p.diff - p.gitcommit - p.gitignore - p.git_config - p.gitattributes - p.git_rebase + p.diff + p.gitcommit + p.gitignore + p.git_config + p.gitattributes + p.git_rebase - p.bash - p.dockerfile - p.make - p.ninja - p.terraform - ])) + p.bash + p.dockerfile + p.make + p.ninja + p.terraform + ])) - # Dependencies for nvim-lspconfig - nvim-cmp - cmp-nvim-lsp - cmp_luasnip - luasnip + # Dependencies for nvim-lspconfig + nvim-cmp + cmp-nvim-lsp + cmp_luasnip + luasnip - # Quickstart configs for neovim LSP - lsp_extensions-nvim - nvim-lspconfig + # Quickstart configs for neovim LSP + lsp_extensions-nvim + nvim-lspconfig - # Collaborative editing in Neovim using built-in capabilities - instant-nvim-nvfetcher + # Collaborative editing in Neovim using built-in capabilities + instant-nvim-nvfetcher - # Search functionality behind :Ack - ack-vim + # Search functionality behind :Ack + ack-vim - # The status bar in the bottom of the screen with the mode indication and file location - vim-airline + # The status bar in the bottom of the screen with the mode indication and file location + vim-airline - # Automatically load editorconfig files in repos to configure nvim settings - editorconfig-vim + # Automatically load editorconfig files in repos to configure nvim settings + editorconfig-vim - # File browser. Use n to access - nnn-vim + # File browser. Use n to access + nnn-vim - # Highlight characters when using f, F, t, and T - quick-scope + # Highlight characters when using f, F, t, and T + quick-scope - # Get sudo in vim; :SudaWrite - suda-vim + # Get sudo in vim; :SudaWrite + suda-vim - # Undo history etc. per project - vim-workspace-nvfetcher + # Undo history etc. per project + vim-workspace-nvfetcher - # JSON schemas - SchemaStore-nvim + # JSON schemas + SchemaStore-nvim - # Work with tags files - vim-gutentags + # Work with tags files + vim-gutentags - # Neovim colorschemes / themes - sonokai - vim-hybrid-material - vim-airline-themes - vim-apprentice-nvfetcher + # Neovim colorschemes / themes + sonokai + vim-hybrid-material + vim-airline-themes + vim-apprentice-nvfetcher - # Git integrations - # A Git wrapper so awesome, it should be illegal - fugitive - # Shows git diff markers in the sign column - vim-gitgutter - # GitHub extension for fugitive - vim-rhubarb - # Ease your git workflow within Vim - vimagit-nvfetcher + # Git integrations + # A Git wrapper so awesome, it should be illegal + fugitive + # Shows git diff markers in the sign column + vim-gitgutter + # GitHub extension for fugitive + vim-rhubarb + # Ease your git workflow within Vim + vimagit-nvfetcher - # FZF fuzzy finder - fzf-vim - fzfWrapper - # Make the yanked region apparent - vim-highlightedyank + # FZF fuzzy finder + fzf-vim + fzfWrapper + # Make the yanked region apparent + vim-highlightedyank - # :Beautify Code beautifier - vim-beautify-nvfetcher + # :Beautify Code beautifier + vim-beautify-nvfetcher - # Unload, delete or wipe a buffer without closing the window - vim-bufkill - # Defaults everyone can agree on - vim-sensible + # Unload, delete or wipe a buffer without closing the window + vim-bufkill + # Defaults everyone can agree on + vim-sensible - # emmet for vim: http://emmet.io/ - emmet-vim - # Caddyfile syntax support for Vim - vim-caddyfile-nvfetcher + # emmet for vim: http://emmet.io/ + emmet-vim + # Caddyfile syntax support for Vim + vim-caddyfile-nvfetcher - # Fix TOFU hashes when writing nix derivations without leaving neovim - vim-nixhash - ]; + # Fix TOFU hashes when writing nix derivations without leaving neovim + vim-nixhash + ]; extraConfig = builtins.concatStringsSep "\n" [ '' diff --git a/modules/terminal-life/nvim/lsp.vim b/modules/terminal-life/nvim/lsp.vim index 39f9cd0e..f0ffcdb9 100644 --- a/modules/terminal-life/nvim/lsp.vim +++ b/modules/terminal-life/nvim/lsp.vim @@ -74,6 +74,8 @@ lua < {} }: + with nixpkgs; mkShell { + buildInputs = [ + ]; + } + ''; + target = "nvim/templates/shell.nix.tmpl"; + }; + + # Allow unfree packages only on a user basis, not on a system-wide basis + xdg.configFile."nixpkgs/config.nix".text = " { allowUnfree = true; } "; + }; +} diff --git a/profiles/base-user/mimeapps.nix b/modules/user/mimeapps.nix similarity index 94% rename from profiles/base-user/mimeapps.nix rename to modules/user/mimeapps.nix index 6509466c..ab3fd495 100644 --- a/profiles/base-user/mimeapps.nix +++ b/modules/user/mimeapps.nix @@ -22,6 +22,6 @@ "x-scheme-handler/https" = ["firefox.desktop"]; "x-scheme-handler/mailto" = ["userapp-Thunderbird.desktop"]; "x-scheme-handler/msteams" = ["teams.desktop"]; - "x-scheme-handler/tg" = ["userapp-Telegram Desktop-1RE3J1.desktop"]; + "x-scheme-handler/tg" = ["userapp-Telegram Desktop-JBKFU0.desktop"]; }; } diff --git a/profiles/base-user/session-variables.nix b/modules/user/session-variables.nix similarity index 94% rename from profiles/base-user/session-variables.nix rename to modules/user/session-variables.nix index 9219c7da..ae96e81a 100644 --- a/profiles/base-user/session-variables.nix +++ b/modules/user/session-variables.nix @@ -5,7 +5,6 @@ ... }: let psCfg = config.pub-solar; - wlroots = psCfg.graphical.wayland; xdg = config.home-manager.users."${psCfg.user.name}".xdg; variables = { XDG_CONFIG_HOME = xdg.configHome; @@ -20,10 +19,6 @@ ECORE_EVAS_ENGINE = "wayland_egl"; ELM_ENGINE = "wayland_egl"; SDL_VIDEODRIVER = "wayland"; - WLR_RENDERER = - if wlroots.software-renderer.enable - then "pixman" - else "gles2"; EDITOR = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim"; VISUAL = "/etc/profiles/per-user/${psCfg.user.name}/bin/nvim"; @@ -115,7 +110,7 @@ {IMPORT_ENVIRONMENT_ENV_LIST = lib.lists.foldl (a: b: a + " " + b) "IMPORT_ENVIRONMENT_ENV_LIST" envListNames;} ]; in { - home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { + home-manager.users."${psCfg.user.name}" = { home.sessionVariables = variablesWithMeta; systemd.user.sessionVariables = variablesWithMeta; }; diff --git a/modules/virtualisation/default.nix b/modules/virtualisation/default.nix index da53b24e..892667b4 100644 --- a/modules/virtualisation/default.nix +++ b/modules/virtualisation/default.nix @@ -6,66 +6,50 @@ }: with lib; let psCfg = config.pub-solar; - cfg = config.pub-solar.virtualisation; - doesGaming = config.pub-solar.gaming.enable; - extraObsPlugins = - if doesGaming - then [pkgs.obs-studio-plugins.looking-glass-obs] - else []; in { - options.pub-solar.virtualisation = { - enable = mkEnableOption "Life in libvirt"; + boot.kernelParams = [ + "amd_iommu=on" + "intel_iommu=on" + "iommu=pt" + ]; + + virtualisation.libvirtd = { + enable = true; + qemu.ovmf.enable = true; + }; + users.users."${psCfg.user.name}" = { + extraGroups = ["libvirtd"]; }; - config = mkIf cfg.enable { - boot.kernelParams = [ - "amd_iommu=on" - "intel_iommu=on" - "iommu=pt" - ]; + environment.systemPackages = with pkgs; [ + libvirt + libvirt-glib + qemu + virt-manager + python3Packages.libvirt + gvfs + edk2 + OVMF + win-virtio + looking-glass-client + lgcl + ]; - virtualisation.libvirtd = { - enable = true; - qemu.ovmf.enable = true; - }; - users.users = pkgs.lib.setAttrByPath [psCfg.user.name] { - extraGroups = ["libvirtd"]; - }; - - environment.systemPackages = with pkgs; [ - coreutils-full - usbutils - libvirt - libvirt-glib - qemu - vagrant - virt-manager - python3Packages.libvirt - gvfs - edk2 - OVMF - win-virtio - looking-glass-client - lgcl - ]; - - home-manager = with pkgs; - pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - xdg.dataFile."libvirt/.keep".text = "# this file is here to generate the directory"; - home.packages = extraObsPlugins; - }; - - systemd.tmpfiles.rules = [ - "f /dev/shm/looking-glass 0660 ${psCfg.user.name} kvm" - ]; - #networking.bridges.virbr1.interfaces = []; - #networking.interfaces.virbr1 = { - # ipv4.addresses = [ - # { - # address = "192.168.123.1"; - # prefixLength = 24; - # } - # ]; - #}; + home-manager.users."${psCfg.user.name}" = { + xdg.dataFile."libvirt/.keep".text = "# this file is here to generate the directory"; + home.packages = [pkgs.obs-studio-plugins.looking-glass-obs]; }; + + systemd.tmpfiles.rules = [ + "f /dev/shm/looking-glass 0660 ${psCfg.user.name} kvm" + ]; + #networking.bridges.virbr1.interfaces = []; + #networking.interfaces.virbr1 = { + # ipv4.addresses = [ + # { + # address = "192.168.123.1"; + # prefixLength = 24; + # } + # ]; + #}; } diff --git a/modules/wireguard-client/default.nix b/modules/wireguard-client/default.nix new file mode 100644 index 00000000..b9198289 --- /dev/null +++ b/modules/wireguard-client/default.nix @@ -0,0 +1,54 @@ +{ + lib, + config, + pkgs, + ... +}: +with lib; let + psCfg = config.pub-solar; + cfg = config.pub-solar.wireguard-client; +in { + options.pub-solar.wireguard-client = { + ownIPs = mkOption { + description = '' + Internal ips in wireguard used for cluster control-plane communication. + ''; + type = types.listOf types.str; + }; + + wireguardPrivateKeyFile = mkOption { + description = '' + Location of private key file + ''; + type = types.path; + }; + }; + + config = { + networking.firewall.allowedUDPPorts = [51899]; + + networking.wg-quick.interfaces = { + wg0 = { + listenPort = 51899; + address = cfg.ownIPs; + dns = [ + "10.0.1.2" + "fd00:b12f:acab:1312:acab:2::" + ]; + privateKeyFile = cfg.wireguardPrivateKeyFile; + peers = [ + { + # frikandel + publicKey = "p6YKNYBlySKfhTN+wbSsKdoNjzko/XSAiTAlCJzP1jA="; + allowedIPs = [ + "10.0.1.0/24" + "fd00:b12f:acab:1312::/64" + ]; + endpoint = "[2a01:4f8:c2c:b60::]:51899"; + persistentKeepalive = 25; + } + ]; + }; + }; + }; +} diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 00000000..44ef5014 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,50 @@ +{ + self, + lib, + inputs, + ... +}: { + flake = { + nixosModules = rec { + overlays = ({ ... }: { + nixpkgs.overlays = [ + + (final: prev: + let + unstable = import inputs.unstable { + system = prev.system; + config.allowUnfreePredicate = pkg: builtins.elem (prev.lib.getName pkg) [ + "1password-cli" + "1password" + "slack" + ]; + }; + in + { + nixd = unstable.nixd; + + _1password = unstable._1password; + _1password-gui = unstable._1password-gui; + + thunderbird = unstable.thunderbird; + + docker_24 = unstable.docker_24; + + flyctl = unstable.flyctl; + + slack = unstable.slack; + vimPlugins = prev.vimPlugins // {inherit (unstable.vimPlugins) nvim-lspconfig;}; + }) + (import ../pkgs) + (import ./blesh.nix) + (import ./manix.nix) + (import ./mdbook-multilang.nix inputs) + (import ./prr.nix) + (import ./rnix-lsp.nix) + (import ./neovim-plugins.nix) + (import ./signal-desktop.nix) + ]; + }); + }; + }; +} diff --git a/overlays/element-desktop.nix b/overlays/element-desktop.nix index ca369b95..e9ac45d6 100644 --- a/overlays/element-desktop.nix +++ b/overlays/element-desktop.nix @@ -1,5 +1,3 @@ final: prev: { - element-desktop = prev.element-desktop.override { - electron = prev.electron_26; - }; + element-desktop = prev.element-desktop.override { electron = prev.electron_24; }; } diff --git a/overlays/mdbook-multilang.nix b/overlays/mdbook-multilang.nix index 16df88bd..56e3b3b4 100644 --- a/overlays/mdbook-multilang.nix +++ b/overlays/mdbook-multilang.nix @@ -1,5 +1,5 @@ -channels: final: prev: { - mdbook-multilang = channels.nixos-22-05.mdbook.overrideAttrs (oldAttrs: rec { +inputs: final: prev: { + mdbook-multilang = inputs.nixos-22-05.mdbook.overrideAttrs (oldAttrs: rec { pname = "mdbook"; version = "pr1306"; diff --git a/overlays/overrides.nix b/overlays/overrides.nix deleted file mode 100644 index 3bc3aacd..00000000 --- a/overlays/overrides.nix +++ /dev/null @@ -1,47 +0,0 @@ -channels: final: prev: { - __dontExport = true; # overrides clutter up actual creations - - inherit - (channels.latest) - _1password - _1password-gui - nixd - thunderbird - docker_24 - flyctl - slack - ; - - inherit - (channels.fork) - nvfetcher - ; - - inherit - (channels.master) - ; - - inherit - (channels.nixos-22-05) - terraform - ; - - haskellPackages = - prev.haskellPackages.override - (old: { - overrides = prev.lib.composeExtensions (old.overrides or (_: _: {})) (hfinal: hprev: let - version = prev.lib.replaceChars ["."] [""] prev.ghc.version; - in { - # same for haskell packages, matching ghc versions - inherit - (channels.latest.haskell.packages."ghc${version}") - haskell-language-server - ; - }); - }); - - vimPlugins = prev.vimPlugins // {inherit (channels.latest.vimPlugins) nvim-lspconfig;}; - - # Example to override node package - # nodePackages = prev.nodePackages // { inherit (channels.latest.nodePackages) manta; }; -} diff --git a/overlays/python-wik.nix b/overlays/python-wik.nix deleted file mode 100644 index 64997158..00000000 --- a/overlays/python-wik.nix +++ /dev/null @@ -1,25 +0,0 @@ -final: prev: -with prev.python3Packages; { - python-wiki-fetch = buildPythonPackage rec { - inherit (prev.sources.wik) pname version src; - - checkPhase = '' - cd test - ${python.interpreter} test.py - ''; - - format = "flit"; - - propagatedBuildInputs = [ - beautifulsoup4 - requests - ]; - - meta = with prev.lib; { - description = "wik is a tool to view wikipedia pages from your terminal"; - homepage = "https://github.com/yashsinghcodes/wik"; - license = licenses.mit; - maintainers = with maintainers; [teutat3s]; - }; - }; -} diff --git a/pkgs/default.nix b/pkgs/default.nix index de65b068..6fe43d42 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,7 +1,7 @@ final: prev: -with final; { +with prev; { # keep sources this first - sources = prev.callPackage (import ./_sources/generated.nix) {}; + sources = callPackage (import ./_sources/generated.nix) {}; # then, call packages with `final.callPackage` gpu-switch = writeShellScriptBin "gpu-switch" (import ./gpu-switch.nix final); import-gtk-settings = writeShellScriptBin "import-gtk-settings" (import ./import-gtk-settings.nix final); @@ -17,7 +17,6 @@ with final; { sway-service = writeShellScriptBin "sway-service" (import ./sway-service.nix final); swaylock-bg = writeShellScriptBin "swaylock-bg" (import ./swaylock-bg.nix final); toggle-kbd-layout = writeShellScriptBin "toggle-kbd-layout" (import ./toggle-kbd-layout.nix final); - uhk-agent = import ./uhk-agent.nix final; wcwd = writeShellScriptBin "wcwd" (import ./wcwd.nix final); drone-docker-runner = writeShellScriptBin "drone-docker-runner" (import ./drone-docker-runner.nix final); record-screen = writeShellScriptBin "record-screen" (import ./record-screen.nix final); diff --git a/pkgs/wcwd.nix b/pkgs/wcwd.nix index 3f5e676d..7e6737a5 100644 --- a/pkgs/wcwd.nix +++ b/pkgs/wcwd.nix @@ -1,6 +1,6 @@ self: with self; '' - pid=$(${sway}/bin/swaymsg -t get_tree | jq '.. | select(.type?) | select(.type=="con") | select(.focused==true).pid') - ppid=$(pgrep --newest --parent ''${pid}) + pid=$(${sway}/bin/swaymsg -t get_tree | ${jq}/bin/jq '.. | select(.type?) | select(.type=="con") | select(.focused==true).pid') + ppid=$(${procps}/bin/pgrep --newest --parent ''${pid}) readlink /proc/''${ppid}/cwd || echo $HOME '' diff --git a/profiles/audio/default.nix b/profiles/audio/default.nix deleted file mode 100644 index 10e186d6..00000000 --- a/profiles/audio/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.audio.enable = true; -} diff --git a/profiles/base-user/.config/mutt/base16.muttrc b/profiles/base-user/.config/mutt/base16.muttrc deleted file mode 100644 index ff30a476..00000000 --- a/profiles/base-user/.config/mutt/base16.muttrc +++ /dev/null @@ -1,132 +0,0 @@ -# base16-mutt: base16-shell support for mutt -# -# These depend on mutt compiled with s-lang, not ncurses. Check by running `mutt -v` -# Details this configuration may be found in the mutt manual: -# §3 Patterns -# §9 Using color and mono video attributes - -# https://www.neomutt.org/guide/configuration.html#color -# base00 : color00 - Default Background -# base01 : color18 - Lighter Background (Used for status bars) -# base02 : color19 - Selection Background -# base03 : color08 - Comments, Invisibles, Line Highlighting - -# base04 : color20 - Dark Foreground (Used for status bars) -# base05 : color07 - Default Foreground, Caret, Delimiters, Operators -# base06 : color21 - Light Foreground (Not often used) -# base07 : color15 - Light Background (Not often used) - -# base08 : color01 - Index Item: Deleted. -# base09 : color16 - Message: URL. -# base0A : color03 - Search Text Background. Message: Bold. -# base0B : color02 - Message: Code. Index Item: Tagged. -# base0C : color06 - Message: Subject, Quotes. Index Item: Trusted. -# base0D : color04 - Message: Headings. -# base0E : color05 - Message: Italic, Underline. Index Item: Flagged. -# base0F : color17 - Deprecated, Opening/Closing Embedded Language Tags e.g. - -## Base -color normal color07 color00 # softer, bold - -## Weak -color tilde color08 color00 # `~` padding at the end of pager -color attachment color08 color00 -color tree color08 color00 # arrow in threads -color signature color08 color00 -color markers color08 color00 # `+` wrap indicator in pager - -## Strong -color bold color21 color00 -color underline color21 color00 - -## Highlight -color error color01 color00 -color message color02 color00 # informational messages -color search color00 color01 -color status color01 color18 -color indicator color03 color19 # inverse, brighter - - -# Message Index ---------------------------------------------------------------- - -## Weak -color index color08 color00 "~R" # read messages -color index color08 color00 "~d >45d" # older than 45 days -color index color08 color00 "~v~(!~N)" # collapsed thread with no unread -color index color08 color00 "~Q" # messages that have been replied to - -## Strong -color index color01 color00 "(~U|~N|~O)" # unread, new, old messages -color index color01 color00 "~v~(~U|~N|~O)" # collapsed thread with unread - -## Highlight -### Trusted -color index color06 color00 "~g" # PGP signed messages -color index color06 color00 "~G" # PGP encrypted messages -### Odd -color index color01 color00 "~E" # past Expires: header date -color index color01 color00 "~=" # duplicated -color index color01 color00 "~S" # marked by Supersedes: header -### Flagged -color index color05 color00 "~F" # flagged messages -color index color02 color00 "~v~(~F)" # collapsed thread with flagged inside - -# Selection -color index color02 color18 "~T" # tagged messages -color index color01 color18 "~D" # deleted messages - -### Message Headers ---------------------------------------------------- - -# Base -color hdrdefault color07 color00 -color header color07 color00 "^" -# Strong -color header color21 color00 "^(From)" -# Highlight -color header color04 color00 "^(Subject)" - -### Message Body ------------------------------------------------------- -# When possible, these regular expressions attempt to match http://spec.commonmark.org/ -## Weak -# ~~~ Horizontal rules ~~~ -color body color08 color00 "([[:space:]]*[-+=#*~_]){3,}[[:space:]]*" -## Strong -# *Bold* span -color body color03 color00 "(^|[[:space:][:punct:]])\\*[^*]+\\*([[:space:][:punct:]]|$)" -# _Underline_ span -color body color05 color00 "(^|[[:space:][:punct:]])_[^_]+_([[:space:][:punct:]]|$)" -# /Italic/ span (Sometimes gets directory names) -color body color05 color00 "(^|[[:space:][:punct:]])/[^/]+/([[:space:][:punct:]]|$)" -# ATX headers -color body color04 color00 "^[[:space:]]{0,3}#+[[:space:]].*$" -## Highlight -# `Code` span -color body color02 color00 "(^|[[:space:][:punct:]])\`[^\`]+\`([[:space:][:punct:]]|$)" -# Indented code block -color body color02 color00 "^[[:space:]]{4,}.*$" -# URLs -color body color16 color00 "([a-z][a-z0-9+-]*://(((([a-z0-9_.!~*'();:&=+$,-]|%[0-9a-f][0-9a-f])*@)?((([a-z0-9]([a-z0-9-]*[a-z0-9])?)\\.)*([a-z]([a-z0-9-]*[a-z0-9])?)\\.?|[0-9]+\\.[0-9]+\\.[0-9]+\\.[0-9]+)(:[0-9]+)?)|([a-z0-9_.!~*'()$,;:@&=+-]|%[0-9a-f][0-9a-f])+)(/([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*(;([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*)*(/([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*(;([a-z0-9_.!~*'():@&=+$,-]|%[0-9a-f][0-9a-f])*)*)*)?(\\?([a-z0-9_.!~*'();/?:@&=+$,-]|%[0-9a-f][0-9a-f])*)?(#([a-z0-9_.!~*'();/?:@&=+$,-]|%[0-9a-f][0-9a-f])*)?|(www|ftp)\\.(([a-z0-9]([a-z0-9-]*[a-z0-9])?)\\.)*([a-z]([a-z0-9-]*[a-z0-9])?)\\.?(:[0-9]+)?(/([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*(;([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*)*(/([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*(;([-a-z0-9_.!~*'():@&=+$,]|%[0-9a-f][0-9a-f])*)*)*)?(\\?([-a-z0-9_.!~*'();/?:@&=+$,]|%[0-9a-f][0-9a-f])*)?(#([-a-z0-9_.!~*'();/?:@&=+$,]|%[0-9a-f][0-9a-f])*)?)[^].,:;!)? \t\r\n<>\"]" -# Email addresses -color body color16 color00 "((@(([0-9a-z-]+\\.)*[0-9a-z-]+\\.?|#[0-9]+|\\[[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\]),)*@(([0-9a-z-]+\\.)*[0-9a-z-]+\\.?|#[0-9]+|\\[[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\.[0-9]?[0-9]?[0-9]\\]):)?[0-9a-z_.+%$-]+@(([0-9a-z-]+\\.)*[0-9a-z-]+\\.?|#[0-9]+|\\[[0-2]?[0-9]?[0-9]\\.[0-2]?[0-9]?[0-9]\\.[0-2]?[0-9]?[0-9]\\.[0-2]?[0-9]?[0-9]\\])" -# Emoticons ;-P -color body black yellow "[;:][-o]?[})>{(<|P]" - -# PGP -color body color21 color01 "(BAD signature)" -color body color21 color01 "^gpg: BAD signature from.*" -color body color21 color04 "(Good signature)" -color body color21 color04 "^gpg: Good signature .*" -color body color04 color00 "^gpg: " - - -## Quotation blocks -color quoted color06 color00 -color quoted1 color02 color00 -color quoted2 color03 color00 -color quoted3 color16 color00 -color quoted4 color01 color00 -color quoted5 color17 color00 -color quoted6 color05 color00 -color quoted7 color04 color00 - -# vi: ft=muttrc diff --git a/profiles/base-user/.config/mutt/mailcap b/profiles/base-user/.config/mutt/mailcap deleted file mode 100644 index 86035375..00000000 --- a/profiles/base-user/.config/mutt/mailcap +++ /dev/null @@ -1 +0,0 @@ -text/html; w3m -I %{charset} -T text/html; copiousoutput; diff --git a/profiles/base-user/.config/mutt/muttrc b/profiles/base-user/.config/mutt/muttrc deleted file mode 100644 index 37a78c70..00000000 --- a/profiles/base-user/.config/mutt/muttrc +++ /dev/null @@ -1,104 +0,0 @@ -# vim: filetype=muttrc - -source $XDG_CONFIG_HOME/mutt/base16.muttrc -source $XDG_CONFIG_HOME/mutt/accounts.muttrc - -set editor = `echo \$EDITOR` - -set sidebar_visible = yes -set sidebar_width = 50 -set sidebar_format = "%B%?F? [%F]?%* %?N?%N/?%S" - -set sendmail_wait = 0 - -set mail_check_stats - -set crypt_use_gpgme=yes -set crypt_autosign=yes -set crypt_verify_sig=yes -set crypt_replysign=yes -set crypt_replyencrypt=yes -set crypt_replysignencrypted=yes -set crypt_autoencrypt=yes - -set pgp_check_gpg_decrypt_status_fd -set pgp_use_gpg_agent=yes -set pgp_self_encrypt=yes - -# Store message headers locally to speed things up. -# If hcache is a folder, Mutt will create sub cache folders for each account which may speeds things up even more. -set header_cache = $XDG_CACHE_HOME/mutt - -# Store messages locally to speed things up, like searching message bodies. -# Can be the same folder as header_cache. -# This will cost important disk usage according to your e-mail amount. -set message_cachedir = $XDG_CACHE_HOME/mutt -set imap_check_subscribed - -# Allow Mutt to open a new IMAP connection automatically. -unset imap_passive - -# Keep the IMAP connection alive by polling intermittently (time in seconds). -set imap_keepalive = 300 - -# How often to check for new mail (time in seconds). -set mail_check = 120 - -set askcc -set askbcc - -set date_format="!%d.%m.%Y %H:%M" -set index_format="%4C %Z %D %4c %20.20L %s" - -#------------------------------------------------------------ -# Vi Key Bindings -#------------------------------------------------------------ - -# Moving around -bind generic g noop -bind generic gg first-entry -bind generic,index G last-entry -bind generic,index i previous-entry -bind generic,index k next-entry - -bind pager,index d noop -bind pager,index dd delete-message - -bind pager i previous-line -bind pager k next-line -bind pager I previous-entry -bind pager K next-entry - -bind pager r noop -bind pager rr reply -bind pager ra group-reply -bind pager rn group-chat-reply -bind pager rl list-reply - -# Threads -bind browser,pager,index N search-opposite -bind pager,index dT delete-thread -bind pager,index dt delete-subthread -bind pager,index g noop -bind pager,index gt next-thread -bind pager,index gT previous-thread -bind index za collapse-thread -bind index zA collapse-all # Missing :folddisable/foldenable - -# Enable URL opening -macro index,pager \cb " urlscan" "call urlscan to extract URLs out of a message" -macro attach,compose \cb " urlscan" "call urlscan to extract URLs out of a message" - -# Translate markdown to html -macro compose \e5 "F pandoc -s -f markdown -t html \ny^T^Utext/html; charset=utf-8\n" -set wait_key=no - -# Save to ~/Downloads by default -macro attach D "~/Downloads/" "Save to Downloads" - -set mailcap_path = $XDG_CONFIG_HOME/mutt/mailcap - -# HTML emails -auto_view text/html # view html automatically -alternative_order text/plain text/enriched text/html # save html for last - diff --git a/profiles/base-user/.config/offlineimap/functions.py b/profiles/base-user/.config/offlineimap/functions.py deleted file mode 100644 index 110b9e4b..00000000 --- a/profiles/base-user/.config/offlineimap/functions.py +++ /dev/null @@ -1,9 +0,0 @@ -#! /usr/bin/env python2 -import os -import subprocess - -def get_env(key): - return os.getenv(key) - -def get_secret(*attributes): - return subprocess.check_output(["secret-tool", "lookup"] + list(attributes)) diff --git a/profiles/base-user/default.nix b/profiles/base-user/default.nix deleted file mode 100644 index bd8815b0..00000000 --- a/profiles/base-user/default.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: let - psCfg = config.pub-solar; -in { - imports = [ - ./home.nix - ]; - - users = { - mutableUsers = false; - - users = with pkgs; - pkgs.lib.setAttrByPath [psCfg.user.name] { - # Indicates whether this is an account for a “real” user. - # This automatically sets group to users, createHome to true, - # home to /home/username, useDefaultShell to true, and isSystemUser to false. - isNormalUser = true; - description = psCfg.user.description; - extraGroups = [ - "input" - "lp" - "networkmanager" - "scanner" - "video" - "wheel" - ]; - initialHashedPassword = - if psCfg.user.password != null - then psCfg.user.password - else ""; - openssh.authorizedKeys.keys = - if psCfg.user.publicKeys != null - then psCfg.user.publicKeys - else []; - }; - }; -} diff --git a/profiles/base-user/home.nix b/profiles/base-user/home.nix deleted file mode 100644 index 3ec5ee6f..00000000 --- a/profiles/base-user/home.nix +++ /dev/null @@ -1,103 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: -with lib; let - psCfg = config.pub-solar; - xdg = config.home-manager.users."${psCfg.user.name}".xdg; -in { - imports = [ - ./session-variables.nix - ]; - - home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { - # Let Home Manager install and manage itself. - programs.home-manager.enable = true; - - # Home Manager needs a bit of information about you and the - # paths it should manage. - home.username = psCfg.user.name; - home.homeDirectory = "/home/${psCfg.user.name}"; - - home.packages = with pkgs; []; - - fonts.fontconfig.enable = mkForce true; - - programs.dircolors.enable = true; - - programs.less = { - enable = true; - keys = '' - k forw-line - i back-line - K forw-scroll - I back-scroll - ''; - }; - - home.file."xinitrc".source = ./.xinitrc; - - xdg.enable = true; - xdg.mime.enable = true; - xdg.mimeApps = import ./mimeapps.nix; - - xdg.configFile."git/config".text = import ./.config/git/config.nix { - inherit config; - inherit pkgs; - }; - xdg.configFile."git/gitmessage".text = import ./.config/git/gitmessage.nix { - inherit config; - inherit pkgs; - }; - xdg.configFile."git/global_gitignore".text = import ./.config/git/global_gitignore.nix { - inherit config; - inherit pkgs; - }; - xdg.configFile."dircolors".source = ./.config/dircolors; - xdg.configFile."xmodmap".source = ./.config/xmodmap; - xdg.configFile."user-dirs.dirs".source = ./.config/user-dirs.dirs; - xdg.configFile."user-dirs.locale".source = ./.config/user-dirs.locale; - xdg.configFile."xsettingsd/xsettingsd.conf".source = ./.config/xsettingsd/xsettingsd.conf; - xdg.configFile."mako/config".source = ./.config/mako/config; - xdg.configFile."libinput-gestures.conf".source = ./.config/libinput-gestures.conf; - xdg.configFile."swaync/config.json".source = ./.config/swaync/config.json; - xdg.configFile."swaync/style.css".source = ./.config/swaync/style.css; - xdg.configFile."waybar/config".source = ./.config/waybar/config; - xdg.configFile."waybar/style.css".source = ./.config/waybar/style.css; - xdg.configFile."waybar/colorscheme.css".source = ./.config/waybar/colorscheme.css; - xdg.configFile."mutt/muttrc".source = ./.config/mutt/muttrc; - xdg.configFile."mutt/base16.muttrc".source = ./.config/mutt/base16.muttrc; - xdg.configFile."mutt/mailcap".source = ./.config/mutt/mailcap; - xdg.configFile."offlineimap/functions.py".source = ./.config/offlineimap/functions.py; - xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg; - - # Ensure nvim backup directory gets created - # Workaround for E510: Can't make backup file (add ! to override) - xdg.dataFile."nvim/backup/.keep".text = ""; - xdg.dataFile."nvim/json-schemas/.keep".text = ""; - # Generated with: - # docker run -it --name caddy-json-schema registry.greenbaum.cloud/gc/caddy-l4:2.5.2 caddy json-schema -output /srv/caddy_schema.json - xdg.dataFile."nvim/json-schemas/caddy_schema.json".source = .local/share/nvim/json-schemas/caddy_schema.json; - xdg.dataFile."nvim/templates/.keep".text = ""; - xdg.dataFile."scripts/.keep".text = ""; - xdg.dataFile."scripts/base16.sh".source = .local/share/scripts/base16.sh; - xdg.dataFile."shell.nix.tmpl" = { - text = '' - let - unstable = import (fetchTarball https://github.com/nixos/nixpkgs/archive/nixos-unstable.tar.gz) { }; - in - { nixpkgs ? import {} }: - with nixpkgs; mkShell { - buildInputs = [ - ]; - } - ''; - target = "nvim/templates/shell.nix.tmpl"; - }; - - # Allow unfree packages only on a user basis, not on a system-wide basis - xdg.configFile."nixpkgs/config.nix".text = " { allowUnfree = true; } "; - }; -} diff --git a/profiles/full-install/default.nix b/profiles/full-install/default.nix deleted file mode 100644 index d9b07733..00000000 --- a/profiles/full-install/default.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - config = { - pub-solar.audio.mopidy.enable = true; - pub-solar.audio.bluetooth.enable = true; - pub-solar.docker.enable = true; - pub-solar.nextcloud.enable = true; - pub-solar.office.enable = true; - # pub-solar.printing.enable = true; # this is enabled automatically if office is enabled - }; -} diff --git a/profiles/graphical/default.nix b/profiles/graphical/default.nix deleted file mode 100644 index c4937b38..00000000 --- a/profiles/graphical/default.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.graphical.enable = true; - pub-solar.sway.enable = true; -} diff --git a/profiles/pub-solar-iso/default.nix b/profiles/pub-solar-iso/default.nix deleted file mode 100644 index fa973283..00000000 --- a/profiles/pub-solar-iso/default.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - config = { - pub-solar.graphical.wayland.software-renderer.enable = true; - pub-solar.sway.terminal = "foot"; - pub-solar.core.iso-options.enable = true; - }; -} diff --git a/profiles/social/default.nix b/profiles/social/default.nix deleted file mode 100644 index fb04d9e6..00000000 --- a/profiles/social/default.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - self, - config, - lib, - pkgs, - ... -}: let - inherit (lib) fileContents; -in { - pub-solar.social.enable = true; -} diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 00000000..236519c2 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,10 @@ +{ self, ... }: +{ + flake = { + nixosModules = rec { + root = import ./root; + teutat3s = import ./teutat3s; + nixos = import ./nixos; + }; + }; +} diff --git a/users/nixos/default.nix b/users/nixos/default.nix new file mode 100644 index 00000000..e0bf4b37 --- /dev/null +++ b/users/nixos/default.nix @@ -0,0 +1,36 @@ +{ + config, + pkgs, + lib, + ... +}: let + psCfg = config.pub-solar; +in { + config = { + pub-solar = { + # These are your personal settings + # The only required settings are `name` and `password`, + # The rest is used for programs like git + user = { + name = "nixos"; + description = "nixos"; + password = ""; + fullName = "nixos user"; + email = "nixos-iso@test-iso"; + publicKeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmiF8ndGhnx2YAWbPDq14fftAwcJ0xnjJIVTotI12OO4SPX/SwH5Yp8C8Kf002qN9FbFmaONzq3s8TYpej13JubhfsQywNuFKZuZvJeHzmOwxsANW86RVrWT0WZmYx9a/a1TF9rPQpibDVt60wX8yLdExaJc5F1SvIIuyz1kxYpz36wItfR6hcwoLGh1emFCmfCpebJmp3hsrMDTTtTW/YNhyeSZW74ckyvZyjCYtRCJ8uF0ZmOSKRdillv4Ztg8MsUubGn+vaMl6V6x/QuDuehEPoM/3wBx9o22nf+QVbk7S1PC8EdT/K5vskn4/pfR7mDCyQOq1hB4w4Oyn0dsfX pi@ssrtc" + + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHx4A8rLYmFgTOp1fDGbbONN8SOT0l5wWrUSYFUcVzMPTyfdT23ZVIdVD5yZCySgi/7PSh5mVmyLIZVIXlNrZJg= @b12f Yubi Main" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= @b12f Yubi Backup" + + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135 @hensoko" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work" + + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIKa5elEXgBc2luVBOHVWZisJgt0epFQOercPi0tZzPU root@cloud.pub.solar" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCelYBqrnyU1AI2p9urIrbVxRwnH81qDWF16BXU8sqMY47htvGji8FAnCBxCnd/9r5aOsOem4lKNoPQmzGFkZQZFn7xdxVO9uzcgIEFDWKK8dQ9MzmuB2W7JXMNjCs0zktkVu5hWpYiFGhN3QEMkqKoB+fJPBQ7d6J1488Yu3Zd3odyt8x1UMWfU7ObZIOCIzJIR0F23jACkh5Q1xWJXI7rUcycCZen4aWE6uYVTE7w94ARpTHHs6NlsQwUz3+aXKaWIoFLoXHumNO3mgrs/XzMgc96pS5HrbiauwL0GS5SRkskxMPbGr93mWeTEVsDd7Q6pszTzNeVM+0O9V/iVUfwyQ6L2OVUa+fYcGiCIjSJ7DzpPW7dx/bWDTtEyPb0amf1hvof9Q0R1LLHuYUPlxSy9ySp4aHM3++u4B10PKQnebvafkXAn98lgQolFiiuAn5dekGcHiFj1vQu2NP+E+LnQFDhPa61YQD2GVvAzR5Uh/2tZLIvXEoqDMZvKY9n02SsTGBeSweGd8kgT9WVkhQ3c2zAkfkGqPiJwYpaFVd8s/z+vLp+ViCgPY401sNNPQ81AoERY7BrcIRFG1Ed29jMVuzySDKpRGOYo/9H/RiHigIqAyUs2D0VOTYPbmCUZa17iZuPHhc6VLX/ar9optIBbV5EsXfDWhoy+fIXlQ+pw== root@nougat" + ]; + }; + }; + }; +} diff --git a/users/profiles/direnv/default.nix b/users/profiles/direnv/default.nix deleted file mode 100644 index 67ff2113..00000000 --- a/users/profiles/direnv/default.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ - programs.direnv = { - enable = true; - nix-direnv = { - enable = true; - }; - }; -} diff --git a/users/profiles/git/default.nix b/users/profiles/git/default.nix deleted file mode 100644 index f827f5b3..00000000 --- a/users/profiles/git/default.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ - programs.git = { - enable = true; - - extraConfig = { - pull.rebase = false; - }; - - aliases = { - a = "add -p"; - co = "checkout"; - cob = "checkout -b"; - f = "fetch -p"; - c = "commit"; - p = "push"; - ba = "branch -a"; - bd = "branch -d"; - bD = "branch -D"; - d = "diff"; - dc = "diff --cached"; - ds = "diff --staged"; - r = "restore"; - rs = "restore --staged"; - st = "status -sb"; - - # reset - soft = "reset --soft"; - hard = "reset --hard"; - s1ft = "soft HEAD~1"; - h1rd = "hard HEAD~1"; - - # logging - lg = "log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit"; - plog = "log --graph --pretty='format:%C(red)%d%C(reset) %C(yellow)%h%C(reset) %ar %C(green)%aN%C(reset) %s'"; - tlog = "log --stat --since='1 Day Ago' --graph --pretty=oneline --abbrev-commit --date=relative"; - rank = "shortlog -sn --no-merges"; - - # delete merged branches - bdm = "!git branch --merged | grep -v '*' | xargs -n 1 git branch -d"; - }; - }; -} diff --git a/users/pub-solar/default.nix b/users/pub-solar/default.nix index 73524afc..93138fcb 100644 --- a/users/pub-solar/default.nix +++ b/users/pub-solar/default.nix @@ -1,6 +1,4 @@ -{hmUsers, ...}: { - home-manager.users = {inherit (hmUsers) pub-solar;}; - +{config, ...}: { pub-solar = { # These are your personal settings # The only required settings are `name` and `password`, @@ -12,9 +10,7 @@ password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr."; fullName = "Pub Solar"; email = "iso@pub.solar"; - publicKeys = [ - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a" - ]; + publicKeys = []; }; }; } diff --git a/users/root/default.nix b/users/root/default.nix index c9f1ef71..745a0843 100644 --- a/users/root/default.nix +++ b/users/root/default.nix @@ -1,5 +1,4 @@ {...}: -# recommend using `hashedPassword` { - users.users.root.password = ""; + users.users.root.hashedPassword = ""; } diff --git a/users/teutat3s/concepts-and-training.nix b/users/teutat3s/concepts-and-training.nix index a12d355b..73c16747 100644 --- a/users/teutat3s/concepts-and-training.nix +++ b/users/teutat3s/concepts-and-training.nix @@ -2,7 +2,7 @@ config, pkgs, lib, - self, + flake, ... }: with lib; let @@ -10,13 +10,13 @@ with lib; let xdg = config.home-manager.users."${psCfg.user.name}".xdg; in { age.secrets."cat-testenv.ovpn" = { - file = "${self}/secrets/cat-testenv.ovpn.age"; + file = "${flake.self}/secrets/cat-testenv.ovpn.age"; mode = "600"; owner = psCfg.user.name; }; age.secrets."fwknoprc" = { - file = "${self}/secrets/fwknoprc.age"; + file = "${flake.self}/secrets/fwknoprc.age"; path = "${config.users.users."${psCfg.user.name}".home}/.fwknoprc"; mode = "600"; owner = psCfg.user.name; diff --git a/users/teutat3s/default.nix b/users/teutat3s/default.nix index 64630b6a..fdaac67e 100644 --- a/users/teutat3s/default.nix +++ b/users/teutat3s/default.nix @@ -1,23 +1,32 @@ { config, - hmUsers, - lib, pkgs, + lib, + flake, ... }: let psCfg = config.pub-solar; + xdg = config.home-manager.users.${psCfg.user.name}.xdg; in { imports = [ ./home.nix ]; config = { - home-manager.users = {inherit (hmUsers) teutat3s;}; + age.secrets.environment-secrets = { + file = "${flake.self}/secrets/environment-secrets.age"; + mode = "400"; + owner = psCfg.user.name; + }; + + age.secrets.github-api-token = { + file = "${flake.self}/secrets/github-api-token.age"; + mode = "400"; + owner = psCfg.user.name; + path = "/home/${psCfg.user.name}/.local/share/github/api-token"; + }; pub-solar = { - # These are your personal settings - # The only required settings are `name` and `password`, - # The rest is used for programs like git user = { name = "teutat3s"; fullName = "teutat3s"; @@ -28,8 +37,6 @@ in { "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a" ]; }; - - sway.v4l2loopback.enable = false; }; }; } diff --git a/users/teutat3s/home.nix b/users/teutat3s/home.nix index 32f28a17..89eff3ef 100644 --- a/users/teutat3s/home.nix +++ b/users/teutat3s/home.nix @@ -1,7 +1,7 @@ { config, home-manager, - inputs, + flake, lib, pkgs, ... @@ -9,7 +9,7 @@ with lib; let psCfg = config.pub-solar; xdg = config.home-manager.users."${psCfg.user.name}".xdg; - tritonshell = inputs.tritonshell; + tritonshell = flake.inputs.tritonshell; in { imports = [ ./session-variables.nix @@ -18,25 +18,24 @@ in { ]; config = { - pub-solar.social.enable = true; - - pub-solar.graphical.alacritty.settings.font.size = 12; - pub-solar.graphical.alacritty.settings.key_bindings = [ - { - key = "V"; - mods = "Control|Super"; - action = "Paste"; - } - { - key = "C"; - mods = "Control|Super"; - action = "Copy"; - } - ]; + # TODO change in alacritty config directly + #pub-solar.graphical.alacritty.settings.font.size = 12; + #pub-solar.graphical.alacritty.settings.key_bindings = [ + # { + # key = "V"; + # mods = "Control|Super"; + # action = "Paste"; + # } + # { + # key = "C"; + # mods = "Control|Super"; + # action = "Copy"; + # } + #]; #services.kbfs.enable = true; #services.keybase.enable = true; - services.yubikey-agent.enable = true; - home-manager = pkgs.lib.setAttrByPath ["users" psCfg.user.name] { + + home-manager.users.${psCfg.user.name} = { xdg.configFile."git/config".text = import ./.config/git/config.nix { inherit config; inherit pkgs; @@ -71,14 +70,13 @@ in { vault veracrypt waypoint - yubikey-agent age-plugin-yubikey cockroach-bin obs-studio ]; programs.bash.initExtra = '' source ${config.age.secrets.environment-secrets.path} - source ${inputs.tritonshell.packages.${pkgs.system}.triton-utils}/bin/ttp.sh + source ${flake.inputs.tritonshell.packages.${pkgs.system}.triton-utils}/bin/ttp.sh complete -C ${pkgs.consul}/bin/consul consul complete -C ${pkgs.nomad_1_4}/bin/nomad nomad diff --git a/users/teutat3s/mnx.nix b/users/teutat3s/mnx.nix index 739a4254..5ede8404 100644 --- a/users/teutat3s/mnx.nix +++ b/users/teutat3s/mnx.nix @@ -2,7 +2,7 @@ config, pkgs, lib, - self, + flake, ... }: with lib; let @@ -11,7 +11,7 @@ with lib; let in { config = { age.secrets."mnx-bonanza-pf1.ovpn" = { - file = "${self}/secrets/mnx-bonanza-pf1.ovpn.age"; + file = "${flake.self}/secrets/mnx-bonanza-pf1.ovpn.age"; mode = "600"; owner = psCfg.user.name; };