add more comments and utilities

reduce unnecessary caddy matches
replace nginx with caddy for nextcloud
2024-10-18 21:59:02 +00:00 · 2023-07-29 23:56:44 -04:00 · 2023-07-30 03:56:17 +00:00 · 2023-07-30 03:51:01 +00:00
9 changed files with 164 additions and 25 deletions
--- a/modules/common/applications/kitty.nix
+++ b/modules/common/applications/kitty.nix
@ -40,7 +40,10 @@
        extraConfig = "";
        font.size = 14;
        keybindings = {
+          # Use shift+enter to complete text suggestions in fish
          "shift+enter" = "send_text all \\x1F";
+
+          # Easy fullscreen toggle (for macOS)
          "super+f" = "toggle_fullscreen";
        };
        settings = {
@ -98,7 +101,7 @@
          tab_bar_edge = "top";
          tab_bar_style = "slant";

-          # Audio
+          # Disable audio
          enable_audio_bell = false;
        };
      };
--- a/modules/common/applications/media.nix
+++ b/modules/common/applications/media.nix
@ -22,8 +22,8 @@
        enable = true;
        bindings = { };
        config = {
-          image-display-duration = 2;
-          hwdec = "auto-safe";
+          image-display-duration = 2; # For cycling through images
+          hwdec = "auto-safe"; # Attempt to use GPU decoding for video
        };
        scripts = [

@ -49,7 +49,7 @@
        ];
      };

-      # Set default for opening PDFs
+      # Set default programs for opening PDFs and other media
      xdg.mimeApps = {
        associations.added = {
          "application/pdf" = [ "pwmt.zathura-cb.desktop" ];
--- a/modules/common/mail/default.nix
+++ b/modules/common/mail/default.nix
@ -27,19 +27,31 @@

    home-manager.users.${config.user} = {
      programs.mbsync = { enable = true; };
+
+      # Automatically check for mail and keep files synced locally
      services.mbsync = lib.mkIf pkgs.stdenv.isLinux {
        enable = true;
        frequency = "*:0/5";
        postExec = "${pkgs.notmuch}/bin/notmuch new";
      };
+
+      # Used to watch for new mail and trigger sync
      services.imapnotify.enable = pkgs.stdenv.isLinux;
+
+      # Allows sending email from CLI/sendmail
      programs.msmtp.enable = true;
+
+      # Better local mail search
      programs.notmuch = {
        enable = true;
        new.ignore = [ ".mbsyncstate.lock" ".mbsyncstate.journal" ];
      };
+
      accounts.email = {
+
+        # Where email files are stored
        maildirBasePath = "${config.homePath}/mail";
+
        accounts = {
          home = let address = "${config.mail.user}@${config.mail.server}";
          in {
@ -52,13 +64,17 @@
              "hey"
              "admin"
            ];
+
+            # Options for contact completion
            alot = { };
-            flavor = "plain";
+
            imap = {
              host = config.mail.imapHost;
              port = 993;
              tls.enable = true;
            };
+
+            # Watch for mail and run notifications or sync
            imapnotify = {
              enable = true;
              boxes = [ "Inbox" ];
@ -67,7 +83,11 @@
                config.home-manager.users.${config.user}.services.dunst.enable
                "${pkgs.libnotify}/bin/notify-send 'New mail arrived'";
            };
+
+            # Name of the directory in maildir for this account
            maildir = { path = "main"; };
+
+            # Bi-directional syncing options for local files
            mbsync = {
              enable = true;
              create = "both";
@ -78,12 +98,17 @@
                CopyArrivalDate = "yes"; # Sync time of original message
              };
            };
+
+            # Enable indexing
            notmuch.enable = true;
+
+            # Used to login and send and receive emails
            passwordCommand =
              "${pkgs.age}/bin/age --decrypt --identity ${config.identityFile} ${
                pkgs.writeText "mailpass.age"
                (builtins.readFile ../../../private/mailpass.age)
              }";
+
            smtp = {
              host = config.mail.smtpHost;
              port = 465;
--- a/modules/common/neovim/config/align.nix
+++ b/modules/common/neovim/config/align.nix
@ -1,4 +1,7 @@
 { pkgs, ... }: {
+
+  # Plugin for aligning text programmatically
+
  plugins = [ pkgs.vimPlugins.tabular ];
  lua = ''
    -- Align
--- a/modules/common/neovim/config/bufferline.nix
+++ b/modules/common/neovim/config/bufferline.nix
@ -1,4 +1,7 @@
 { pkgs, ... }: {
+
+  # Shows buffers in a VSCode-style tab layout
+
  plugins = [
    pkgs.vimPlugins.bufferline-nvim
    pkgs.vimPlugins.vim-bbye # Better closing of buffers
--- a/modules/common/neovim/config/colors.nix
+++ b/modules/common/neovim/config/colors.nix
@ -1,5 +1,7 @@
 { pkgs, lib, config, ... }: {

+  # Sets Neovim colors based on Nix colorscheme
+
  options.colors = lib.mkOption {
    type = lib.types.attrsOf lib.types.str;
    description = "Attrset of base16 colorscheme key value pairs.";
--- a/modules/common/neovim/config/completion.nix
+++ b/modules/common/neovim/config/completion.nix
@ -24,12 +24,14 @@
      end
    '';

+    # Enable Luasnip snippet completion
    snippet.expand = dsl.rawLua ''
      function(args)
          require("luasnip").lsp_expand(args.body)
      end
    '';

+    # Basic completion keybinds
    mapping = {
      "['<C-n>']" = dsl.rawLua
        "require('cmp').mapping.select_next_item({ behavior = require('cmp').SelectBehavior.Insert })";
@ -64,24 +66,26 @@
      '';
    };

+    # These are where the completion engine gets its suggestions
    sources = [
-      { name = "nvim_lua"; }
-      { name = "nvim_lsp"; }
-      { name = "luasnip"; }
-      { name = "path"; }
+      { name = "nvim_lua"; } # Fills in common Neovim lua functions
+      { name = "nvim_lsp"; } # LSP results
+      { name = "luasnip"; } # Snippets
+      { name = "path"; } # Shell completion from current PATH
      {
-        name = "buffer";
+        name = "buffer"; # Grep for text from the current text buffer
        keyword_length = 3;
        max_item_count = 10;
      }
      {
-        name = "rg";
+        name = "rg"; # Grep for text from the current directory
        keyword_length = 6;
        max_item_count = 10;
        option = { additional_arguments = "--ignore-case"; };
      }
    ];

+    # Styling of the completion menu
    formatting = {
      fields = [ "kind" "abbr" "menu" ];
      format = dsl.rawLua ''
--- a/modules/common/shell/utilities.nix
+++ b/modules/common/shell/utilities.nix
@ -35,6 +35,9 @@ in {
        tree # View directory hierarchy
        vimv-rs # Batch rename files
        unzip # Extract zips
+        dua # File sizes (du)
+        du-dust # Disk usage tree (ncdu)
+        duf # Basic disk information (df)
      ];

      programs.zoxide.enable = true; # Shortcut jump command
--- a/modules/nixos/services/nextcloud.nix
+++ b/modules/nixos/services/nextcloud.nix
@ -1,10 +1,4 @@
-{ config, pkgs, lib, ... }:
-
-let
-
-  port = 8080;
-
-in {
+{ config, pkgs, lib, ... }: {

  config = lib.mkIf config.services.nextcloud.enable {

@ -22,18 +16,119 @@ in {
    };

    # Don't let Nginx use main ports (using Caddy instead)
-    services.nginx.virtualHosts."localhost".listen = [{
-      addr = "127.0.0.1";
-      port = port;
-    }];
+    services.nginx.enable = false;
+
+    services.phpfpm.pools.nextcloud.settings = {
+      "listen.owner" = config.services.caddy.user;
+      "listen.group" = config.services.caddy.group;
+    };
+    users.users.caddy.extraGroups = [ "nextcloud" ];

    # Point Caddy to Nginx
    caddy.routes = [{
      match = [{ host = [ config.hostnames.content ]; }];
      handle = [{
-        handler = "reverse_proxy";
-        upstreams = [{ dial = "localhost:${builtins.toString port}"; }];
+        handler = "subroute";
+        routes = [
+          # Sets variables and headers
+          {
+            handle = [
+              {
+                handler = "vars";
+                root = config.services.nextcloud.package;
+              }
+              {
+                handler = "headers";
+                response.set.Strict-Transport-Security =
+                  [ "max-age=31536000;" ];
+              }
+            ];
+          }
+          {
+            match = [{ path = [ "/nix-apps*" "/store-apps*" ]; }];
+            handle = [{
+              handler = "vars";
+              root = config.services.nextcloud.home;
+            }];
+          }
+          # Reroute carddav and caldav traffic
+          {
+            match =
+              [{ path = [ "/.well-known/carddav" "/.well-known/caldav" ]; }];
+            handle = [{
+              handler = "static_response";
+              headers = { Location = [ "/remote.php/dav" ]; };
+              status_code = 301;
+            }];
+          }
+          # Block traffic to sensitive files
+          {
+            match = [{
+              path = [
+                "/.htaccess"
+                "/data/*"
+                "/config/*"
+                "/db_structure"
+                "/.xml"
+                "/README"
+                "/3rdparty/*"
+                "/lib/*"
+                "/templates/*"
+                "/occ"
+                "/console.php"
+              ];
+            }];
+            handle = [{
+              handler = "static_response";
+              status_code = 404;
+            }];
+          }
+          # Redirect index.php to the homepage
+          {
+            match = [{
+              file = { try_files = [ "{http.request.uri.path}/index.php" ]; };
+              not = [{ path = [ "*/" ]; }];
+            }];
+            handle = [{
+              handler = "static_response";
+              headers = { Location = [ "{http.request.orig_uri.path}/" ]; };
+              status_code = 308;
+            }];
+          }
+          # Rewrite paths to be relative
+          {
+            match = [{
+              file = {
+                split_path = [ ".php" ];
+                try_files = [
+                  "{http.request.uri.path}"
+                  "{http.request.uri.path}/index.php"
+                  "index.php"
+                ];
+              };
+            }];
+            handle = [{
+              handler = "rewrite";
+              uri = "{http.matchers.file.relative}";
+            }];
+          }
+          # Send all PHP traffic to Nextcloud PHP service
+          {
+            match = [{ path = [ "*.php" ]; }];
+            handle = [{
+              handler = "reverse_proxy";
+              transport = {
+                protocol = "fastcgi";
+                split_path = [ ".php" ];
+              };
+              upstreams = [{ dial = "unix//run/phpfpm/nextcloud.sock"; }];
+            }];
+          }
+          # Finally, send the rest to the file server
+          { handle = [{ handler = "file_server"; }]; }
+        ];
      }];
+      terminal = true;
    }];

    # Create credentials file for nextcloud
@ -82,10 +177,11 @@ in {
    };

    # Log metrics to prometheus
+    networking.hosts."127.0.0.1" = [ config.hostnames.content ];
    services.prometheus.exporters.nextcloud = {
      enable = config.prometheus.exporters.enable;
      username = config.services.nextcloud.config.adminuser;
-      url = "http://localhost:${builtins.toString port}";
+      url = "https://${config.hostnames.content}";
      passwordFile = config.services.nextcloud.config.adminpassFile;
    };
    prometheus.scrapeTargets = [
Author	SHA1	Message	Date
Noah Masur	0ed3633404	add more comments and utilities	2023-07-29 23:56:44 -04:00
Noah Masur	95e04de763	reduce unnecessary caddy matches	2023-07-30 03:56:17 +00:00
Noah Masur	b1ebca57d2	replace nginx with caddy for nextcloud	2023-07-30 03:51:01 +00:00