Lots of changes

home/modules/weechat/default.nix

@@ -10,7 +10,8 @@ in {
       default = "";
     };
     user = mkOption { type = types.str; };
-    pw = mkOption { type = types.str; };
+    hackint_pw = mkOption { type = types.str; };
+    freenode_pw = mkOption { type = types.str; };
   };
 
   config = mkIf config.m-0.weechat.enable {
@@ -23,14 +24,14 @@ in {
         target = ".weechat/perl";
         source = ./plugins/perl;
       };
-      plugins = {
-        target = ".weechat/plugins.conf";
-        text = ''
-          [var]
-          python.buffer_autohide.hide_inactive = on
-          python.buffer_autohide.hide_private = on
-        '';
-      };
+      #      plugins = {
+      #        target = ".weechat/plugins.conf";
+      #        text = ''
+      #          [var]
+      #          python.buffer_autohide.hide_inactive = off
+      #          python.buffer_autohide.hide_private = off
+      #        '';
+      #      };
       weechat = {
         target = ".weechat/weechat.conf";
         text = ''
@@ -67,7 +68,7 @@ in {
           freenode.ssl = on
           freenode.sasl_mechanism = plain
           freenode.sasl_username = "${config.m-0.weechat.user}"
-          freenode.sasl_password = "${config.m-0.weechat.pw}"
+          freenode.sasl_password = "${config.m-0.weechat.freenode_pw}"
           freenode.autoconnect = on
           freenode.username = "${config.m-0.weechat.user}"
           freenode.autojoin = "#nixos,#matrix,#haskell"
@@ -77,7 +78,7 @@ in {
           hackint.ssl = on
           hackint.sasl_mechanism = plain
           hackint.sasl_username = "${config.m-0.weechat.user}"
-          hackint.sasl_password = "${config.m-0.weechat.pw}"
+          hackint.sasl_password = "${config.m-0.weechat.hackint_pw}"
           hackint.autoconnect = on
           hackint.username = "${config.m-0.weechat.user}"
           hackint.autojoin = "${config.m-0.weechat.channels}"

home/modules/weechat/plugins/python/autoload/buffer_autohide.py

@@ -1 +0,0 @@
-../buffer_autohide.py

hosts/hera/home.nix

@@ -13,9 +13,7 @@
     };
     weechat = {
       enable = true;
-      user = config.m-0.private.hackint.user;
-      pw = config.m-0.private.hackint.hackint_pw;
-      channels = config.m-0.private.hackint.channels;
+      inherit (config.m-0.private.hackint) user hackint_pw freenode_pw channels;
     };
   };
 

hosts/hera/web.nix

@@ -51,6 +51,7 @@ in {
   };
   containers.web = {
     bindMounts = {
+      "/var/www" = { hostPath = "/var/www"; };
       "${certPath}" = {
         hostPath = certPath;
         isReadOnly = false;
@@ -60,7 +61,7 @@ in {
     privateNetwork = true;
     hostBridge = "bridge";
     config = { pkgs, lib, ... }: {
-      imports = [ ../../system ];
+      imports = [ ../../system ../../system/blog.nix ];
       networking = {
         interfaces.eth0 = {
           ipv6.addresses = [{
@@ -76,7 +77,6 @@ in {
         firewall.allowedTCPPorts = [ 80 443 ];
       };
       m-0 = {
-        blog.enable = true;
         mathechor-de = {
           enable = true;
           password = config.m-0.private.mathechor-pw;

lib/test.nix

@@ -12,7 +12,7 @@ in rec {
     main = do
       (configDir:hostname:args) <- getArgs
       paths <- concat <$> mapM (getNivAssign configDir) ["nixpkgs", "unstable", "home-manager"]
-      putStrLn [i|Trying to build ${name} config for #{hostname}]
+      putStrLn [i|Trying to build ${name} config for #{hostname}|]
       ${commandline}
   '';
   bins = [ get-niv-path pkgs.nix ];

pkgs/default.nix

@@ -18,8 +18,8 @@ in rec {
   core-system-pkgs = {
     inherit neovim;
     inherit (pkgs)
-      gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
-      liboping psmisc unzip rename whois lsof;
+    gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
+    liboping psmisc unzip rename whois lsof;
   };
 
   extra-system-pkgs = {
@@ -28,8 +28,8 @@ in rec {
     inherit (pkgs.rxvt_unicode) terminfo;
     inherit (pkgs.pythonPackages) qrcode;
     inherit (pkgs)
-      git-crypt htop tree pwgen borgbackup inotifyTools direnv socat nmap
-      tcpdump tmux tig exa fzf ag fd bat ripgrep ranger pass sshuttle;
+    git-crypt htop tree pwgen borgbackup inotifyTools direnv socat nmap
+    tcpdump tmux tig exa fzf ag fd bat ripgrep ranger pass sshuttle;
   };
   gw2wrapper = writeHaskellScript {
     name = "gw2wrapper";
@@ -37,37 +37,37 @@ in rec {
     imports =
       [ "System.Directory (withCurrentDirectory)" "Control.Monad (when)" ];
 
-  } ''
-    waitForExit = do
-    sleep "5s"
-    processes <- readTrim $ ps "aux"
-    when
+    } ''
+      waitForExit = do
+      sleep "5s"
+      processes <- readTrim $ ps "aux"
+      when
       (BSC.isInfixOf (BSC.pack "GW2.exe") (LBSC.toStrict processes))
       waitForExit
-    main = do
-    withCurrentDirectory "/home/maralorn/GW2" $ exe "./play.sh"
-    waitForExit
-  '';
+      main = do
+      withCurrentDirectory "/home/maralorn/GW2" $ exe "./play.sh"
+      waitForExit
+    '';
 
-  laptop-home-pkgs = {
-    maintenance = pkgs.writeShellScriptBin "maintenance" ''
-      git -C ~/git/nixos/config pull
-      update-home
-      sudo -A update-system
-      sudo -A nix-collect-garbage --delete-older-than ${
-        toString gcRetentionDays
-      }d
-      sudo -A nix optimise-store
-    '';
-    rewlan = pkgs.writeShellScriptBin "rewlan" ''
-      nmcli r wifi off;
-      sleep 0.1s;
-      nmcli r wifi on;
-    '';
-    gw2 = pkgs.buildFHSUserEnv {
-      name = "gw2";
-      targetPkgs = pkgs: (with pkgs; [ sambaFull ]);
-      multiPkgs = pkgs:
+    laptop-home-pkgs = {
+      maintenance = pkgs.writeShellScriptBin "maintenance" ''
+        git -C ~/git/nixos/config pull
+        update-home
+        sudo -A update-system
+        sudo -A nix-collect-garbage --delete-older-than ${
+          toString gcRetentionDays
+        }d
+        sudo -A nix optimise-store
+      '';
+      rewlan = pkgs.writeShellScriptBin "rewlan" ''
+        nmcli r wifi off;
+        sleep 0.1s;
+        nmcli r wifi on;
+      '';
+      gw2 = pkgs.buildFHSUserEnv {
+        name = "gw2";
+        targetPkgs = pkgs: (with pkgs; [ sambaFull ]);
+        multiPkgs = pkgs:
         (with pkgs;
         with xorg; [
           file
@@ -95,15 +95,14 @@ in rec {
           gnutls
           krb5Full
         ]);
-      runScript = "${gw2wrapper}/bin/gw2wrapper";
-    };
-    cachix = import sources.cachix { };
-    nixfmt = import sources.nixfmt { };
-    inherit (pkgs.gnome3) nautilus;
-    inherit (pkgs.xorg) xev xbacklight;
-    inherit (pkgs)
+        runScript = "${gw2wrapper}/bin/gw2wrapper";
+      };
+      cachix = import sources.cachix { };
+      inherit (pkgs.gnome3) nautilus;
+      inherit (pkgs.xorg) xev xbacklight;
+      inherit (pkgs)
     # web
-      chromium
+    chromium
 
       # communication
       signal-desktop tdesktop acpi dino mumble
@@ -126,47 +125,48 @@ in rec {
 
       # games
       minetest;
-  };
+    };
 
-  my-home-pkgs = {
-    print215 = pkgs.writeShellScriptBin "print215" ''
-      scp "$@" ag-forward:
-      ssh ag-forward lpr -Zduplex -r "$@"
-    '';
-    print215single = pkgs.writeShellScriptBin "print215single" ''
-      scp "$@" ag-forward:
-      ssh ag-forward lpr -r "$@"
-    '';
-  };
-  urxvt = pkgs.rxvt_unicode-with-plugins;
-  terminal = pkgs.writeShellScriptBin "terminal" ''
-    ${urxvt}/bin/urxvtc "$@"
-    if [ $? -eq 2 ]; then
+    my-home-pkgs = {
+      print215 = pkgs.writeShellScriptBin "print215" ''
+        scp "$@" ag-forward:
+        ssh ag-forward lpr -Zduplex -r "$@"
+      '';
+      print215single = pkgs.writeShellScriptBin "print215single" ''
+        scp "$@" ag-forward:
+        ssh ag-forward lpr -r "$@"
+      '';
+    };
+    urxvt = pkgs.rxvt_unicode-with-plugins;
+    terminal = pkgs.writeShellScriptBin "terminal" ''
+      ${urxvt}/bin/urxvtc "$@"
+      if [ $? -eq 2 ]; then
      ${urxvt}/bin/urxvtd -q -o -f
      ${urxvt}/bin/urxvtc "$@"
-    fi
-  '';
-  desktop-pkgs = {
-    inherit urxvt tasktree terminal;
-    inherit (pkgs) xautolock;
-    inherit (pkgs.gnome3) dconf;
-  };
-  home-pkgs = {
-    inherit (pkgs.pythonPackages) yapf jsbeautifier;
-    inherit (pkgs) ncmpcpp shfmt htmlTidy astyle;
-    inherit (my-lib) ghc;
-    inherit home-neovim;
-  };
-  accounting-pkgs = {
-    jali = pkgs.callPackage ./jali { };
-    inherit (pkgs.haskellPackages) hledger hledger-ui;
-    inherit (pkgs) ledger;
-  };
-  system-pkgs = core-system-pkgs // extra-system-pkgs // {
-    inherit (import ../lib/test.nix)
+      fi
+    '';
+    desktop-pkgs = {
+      inherit urxvt tasktree terminal;
+      inherit (pkgs) xautolock;
+      inherit (pkgs.gnome3) dconf;
+    };
+    home-pkgs = {
+      nixfmt = import sources.nixfmt { };
+      inherit (pkgs.pythonPackages) yapf jsbeautifier;
+      inherit (pkgs) ncmpcpp shfmt htmlTidy astyle;
+      inherit (my-lib) ghc;
+      inherit home-neovim;
+    };
+    accounting-pkgs = {
+      jali = pkgs.callPackage ./jali { };
+      inherit (pkgs.haskellPackages) hledger hledger-ui;
+      inherit (pkgs) ledger;
+    };
+    system-pkgs = core-system-pkgs // extra-system-pkgs // {
+      inherit (import ../lib/test.nix)
       test-system-config test-home-config test-config;
-    inherit (my-lib) home-manager;
-  };
-  foreign-home-pkgs = extra-system-pkgs;
-  eventd = pkgs.callPackage ./eventd { };
-}
+      inherit (my-lib) home-manager;
+    };
+    foreign-home-pkgs = extra-system-pkgs;
+    eventd = pkgs.callPackage ./eventd { };
+  }

system/blog.nix

@@ -0,0 +1,20 @@
+{ config, pkgs, lib, ... }: {
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  services = {
+    nginx = {
+      enable = true;
+      virtualHosts."blog.maralorn.de" = {
+        forceSSL = true;
+        enableACME = true;
+        locations = {
+          "/" = {
+            root = "/var/www/blog";
+            index = "index.html";
+          };
+        };
+      };
+    };
+  };
+
+}

system/default.nix

@@ -8,7 +8,6 @@ in {
     ../common
     ./modules/laptop.nix
     ./modules/mathechor.de.nix
-    ./modules/blog.nix
     ./modules/riot.nix
     ./modules/loginctl-linger.nix
   ];
@@ -40,11 +39,8 @@ in {
   };
 
   nix = {
-    binaryCaches = [
-      "https://cache.nixos.org/"
-      "https://nixcache.reflex-frp.org"
-      "ssh://nix-ssh@hera.m-0.eu"
-    ];
+    binaryCaches =
+      [ "https://cache.nixos.org/" "https://nixcache.reflex-frp.org" ];
     binaryCachePublicKeys =
       [ "ryantrinkle.com-1:JJiAKaRv9mWgpVAz8dwewnZe0AzzEAzPkagE9SP5NWI=" ];
     nixPath = [ "/etc/nix-path" ];

system/git.nix

@@ -11,8 +11,19 @@ let
   post-update = writeHaskellScript {
     name = "post-update";
     bins = [ pkgs.git pkgs.nix ];
-    imports = [ "System.Environment (lookupEnv)" "Data.Foldable (for_)" ];
+    imports = [
+      "System.Environment (lookupEnv)"
+      "Data.Foldable (for_)"
+      "Control.Monad (ap)"
+      "Control.Exception (bracket)"
+      "System.Directory (withCurrentDirectory)"
+    ];
+
   } ''
+    checkout :: String -> IO FilePath
+    checkout pwd = (mktemp "-d" |> captureTrim)
+      >>= ((ap (<$) $ git "clone" pwd) . LBSC.unpack)
+
     main = do
       mirror <- lookupEnv "GL_OPTION_MIRROR"
       for_ mirror $ \mirror -> do
@@ -20,8 +31,9 @@ let
         git "push" "--all" mirror
       deploy <- lookupEnv "GL_OPTION_WEB_DEPLOY"
       for_ deploy $ \deploy -> do
+        path <- readTrim pwd
         echo ([i|Deploying build to /var/www/#{deploy}|] :: String)
-        nix "build" "-o" ([i|/var/www/#{deploy}|] :: String)
+        bracket (checkout $ LBSC.unpack path)(rm "-rf") $ \dir -> withCurrentDirectory dir $ nix "build" "-o" ([i|/var/www/#{deploy}|] :: String)
         echo "Done"
       test <- lookupEnv "GL_OPTION_TEST"
       for_ test $ \_ -> do

system/modules/blog.nix

@@ -1,53 +0,0 @@
-{ config, pkgs, lib, ... }:
-with lib;
-
-let
-
-  page = pkgs.stdenv.mkDerivation {
-    name = "blog.maralorn.de";
-    src = builtins.fetchGit "git@hera:blog";
-    buildInputs =
-      [ (pkgs.python3.withPackages (ps: [ ps.pelican ps.markdown ])) ];
-    LC_ALL = "en_US.UTF-8";
-    LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
-    buildPhase = ''
-      make html
-    '';
-    installPhase = ''
-      mkdir $out
-      cp -r output/* $out
-    '';
-  };
-
-in {
-
-  options = {
-    m-0.blog = {
-      enable = mkOption {
-        type = types.bool;
-        default = false;
-      };
-    };
-  };
-
-  config = mkIf config.m-0.blog.enable {
-    networking.firewall.allowedTCPPorts = [ 80 443 ];
-
-    services = {
-      nginx = {
-        enable = true;
-        virtualHosts."blog.maralorn.de" = {
-          forceSSL = true;
-          enableACME = true;
-          locations = {
-            "/" = {
-              root = "${page}";
-              index = "index.html";
-            };
-          };
-        };
-      };
-    };
-  };
-
-}

system/modules/mathechor.de.nix

@@ -4,18 +4,6 @@ with lib;
 let
 
   me = config.m-0.private.me;
-  page = pkgs.stdenv.mkDerivation {
-    name = "mathechor.de";
-    src = builtins.fetchGit "git@hera:mathechor.de";
-    buildInputs = [ pkgs.pandoc pkgs.python3 ];
-    LC_ALL = "en_US.UTF-8";
-    LOCALE_ARCHIVE = "${pkgs.glibcLocales}/lib/locale/locale-archive";
-    installPhase = ''
-      mkdir $out
-      cp -r intern/output $out/intern
-      cp -r public/output $out/public
-    '';
-  };
 
 in {
 
@@ -41,7 +29,7 @@ in {
           enableACME = true;
           locations = {
             "/" = {
-              root = "${page}/public";
+              root = "/var/www/mathechor/public";
               index = "index.html";
               extraConfig =
                 "location ~* .(otf)$ {add_header Access-Control-Allow-Origin *;}";
@@ -54,7 +42,7 @@ in {
           basicAuth.mathechor = config.m-0.mathechor-de.password;
           locations = {
             "/" = {
-              root = "${page}/intern";
+              root = "/var/www/mathechor/intern";
               index = "index.html";
             };
             "/mathechor.ics" = {