From 392519618028e087f8d3c09f3d7ffe76b8ffd602 Mon Sep 17 00:00:00 2001 From: Alexander Sieg Date: Wed, 19 Jun 2024 18:17:28 +0200 Subject: [PATCH] switch to nixfmt-rfc-style --- checks/darwinConfigurations.nix | 10 +- checks/devShells.nix | 8 +- checks/nixosConfigurations.nix | 10 +- checks/packages.nix | 8 +- darwin/default.nix | 6 +- darwin/ook/default.nix | 44 +++--- flake.nix | 38 +++-- home/default.nix | 3 +- home/desktop/default.nix | 12 +- home/desktop/wayland/default.nix | 3 +- home/desktop/wayland/kanshi.nix | 3 +- home/desktop/wayland/mako.nix | 12 +- home/desktop/wayland/sway/default.nix | 12 +- home/desktop/wayland/swaylock/default.nix | 3 +- home/desktop/wayland/tray-items.nix | 16 +- home/desktop/wayland/waybar/default.nix | 25 +++- home/develop/default.nix | 55 ++++--- home/develop/neovim/default.nix | 175 +++++++++++----------- home/profiles/default.nix | 8 +- home/profiles/ook/default.nix | 3 +- home/shell/default.nix | 3 +- home/shell/fish.nix | 94 ++++++------ home/shell/git.nix | 17 ++- hosts/carrot/authentik.nix | 7 +- hosts/carrot/default.nix | 85 ++++++----- hosts/carrot/grist.nix | 7 +- hosts/carrot/mail.nix | 84 +++++++---- hosts/carrot/matrix.nix | 70 +++++---- hosts/carrot/miniflux.nix | 3 +- hosts/carrot/outline.nix | 6 +- hosts/carrot/postgresql.nix | 3 +- hosts/carrot/website.nix | 3 +- hosts/default.nix | 36 ++--- hosts/gregtech/default.nix | 10 +- hosts/gregtech/hardware-configuration.nix | 16 +- hosts/gregtech/networking.nix | 36 +++-- hosts/hex/default.nix | 22 ++- hosts/hex/disko.nix | 6 +- hosts/hex/hardware-configuration.nix | 21 ++- hosts/valen/configuration.nix | 10 +- hosts/valen/grafana.nix | 7 +- hosts/valen/hardware-configuration.nix | 27 ++-- hosts/valen/loki.nix | 24 +-- hosts/valen/prometheus.nix | 25 ++-- hosts/vetinari/audio.nix | 3 +- hosts/vetinari/audiobookshelf.nix | 8 +- hosts/vetinari/default.nix | 17 ++- hosts/vetinari/disko.nix | 6 +- hosts/vetinari/hardware-configuration.nix | 21 ++- hosts/vetinari/hass.nix | 139 +++++++++-------- hosts/vetinari/incus.nix | 5 +- hosts/vetinari/jellyfin.nix | 2 +- hosts/vetinari/netatalk.nix | 3 +- hosts/vetinari/nextcloud.nix | 3 +- hosts/vetinari/paperless.nix | 14 +- hosts/vetinari/shairport.nix | 41 +++-- hosts/vger/borg.nix | 20 ++- hosts/vger/default.nix | 14 +- hosts/vger/hardware-configuration.nix | 26 ++-- lib/default.nix | 35 ++--- modules/authentik-proxy/default.nix | 4 +- modules/common/default.nix | 12 +- modules/common/nix.nix | 3 +- modules/common/users.nix | 11 +- modules/laptop/boot.nix | 3 +- modules/laptop/default.nix | 8 +- modules/laptop/desktop.nix | 14 +- modules/laptop/fonts.nix | 14 +- modules/laptop/programs.nix | 3 +- modules/laptop/services.nix | 3 +- modules/ntfy.nix | 11 +- modules/server/backup.nix | 10 +- modules/server/default.nix | 2 +- modules/server/nginx.nix | 12 +- modules/server/node_exporter.nix | 3 +- modules/server/promtail.nix | 6 +- modules/server/wireguard.nix | 14 +- modules/sops/default.nix | 19 +-- profiles/hetzner_vm/default.nix | 12 +- 79 files changed, 955 insertions(+), 642 deletions(-) diff --git a/checks/darwinConfigurations.nix b/checks/darwinConfigurations.nix index 635a16de..6d423c02 100644 --- a/checks/darwinConfigurations.nix +++ b/checks/darwinConfigurations.nix @@ -5,7 +5,11 @@ let filterSystem = system: lib.filterAttrs (_: darwin: darwin.pkgs.hostPlatform.system == system); in { - perSystem = { system, ... }: { - checks = lib.mapAttrs' (name: darwin: lib.nameValuePair "darwinConfigurations-${name}" darwin.config.system.build.toplevel) (filterSystem system self.darwinConfigurations); - }; + perSystem = + { system, ... }: + { + checks = lib.mapAttrs' ( + name: darwin: lib.nameValuePair "darwinConfigurations-${name}" darwin.config.system.build.toplevel + ) (filterSystem system self.darwinConfigurations); + }; } diff --git a/checks/devShells.nix b/checks/devShells.nix index 156ecd37..c24acbb7 100644 --- a/checks/devShells.nix +++ b/checks/devShells.nix @@ -3,7 +3,9 @@ let inherit (inputs.nixpkgs) lib; in { - perSystem = { self', ... }: { - checks = lib.mapAttrs' (name: value: lib.nameValuePair "devShell-${name}" value) self'.devShells; - }; + perSystem = + { self', ... }: + { + checks = lib.mapAttrs' (name: value: lib.nameValuePair "devShell-${name}" value) self'.devShells; + }; } diff --git a/checks/nixosConfigurations.nix b/checks/nixosConfigurations.nix index 90cfc585..428edecc 100644 --- a/checks/nixosConfigurations.nix +++ b/checks/nixosConfigurations.nix @@ -5,7 +5,11 @@ let filterSystem = system: lib.filterAttrs (_: nixos: nixos.pkgs.hostPlatform.system == system); in { - perSystem = { system, ... }: { - checks = lib.mapAttrs' (name: nixos: lib.nameValuePair "nixosConfigurations-${name}" nixos.config.system.build.toplevel) (filterSystem system self.nixosConfigurations); - }; + perSystem = + { system, ... }: + { + checks = lib.mapAttrs' ( + name: nixos: lib.nameValuePair "nixosConfigurations-${name}" nixos.config.system.build.toplevel + ) (filterSystem system self.nixosConfigurations); + }; } diff --git a/checks/packages.nix b/checks/packages.nix index 95588740..f0919828 100644 --- a/checks/packages.nix +++ b/checks/packages.nix @@ -3,7 +3,9 @@ let inherit (inputs.nixpkgs) lib; in { - perSystem = { self', ... }: { - checks = lib.mapAttrs' (name: value: lib.nameValuePair "package-${name}" value) self'.packages; - }; + perSystem = + { self', ... }: + { + checks = lib.mapAttrs' (name: value: lib.nameValuePair "package-${name}" value) self'.packages; + }; } diff --git a/darwin/default.nix b/darwin/default.nix index eaaff0fd..5626cb37 100644 --- a/darwin/default.nix +++ b/darwin/default.nix @@ -1,5 +1 @@ -{ - imports = [ - ./ook - ]; -} +{ imports = [ ./ook ]; } diff --git a/darwin/ook/default.nix b/darwin/ook/default.nix index d8464610..618322a7 100644 --- a/darwin/ook/default.nix +++ b/darwin/ook/default.nix @@ -1,4 +1,5 @@ -{ inputs, self, ... }: { +{ inputs, self, ... }: +{ flake.darwinConfigurations = { ook = let @@ -40,7 +41,9 @@ in darwinSystem { inherit system; - specialArgs = { inherit inputs; }; + specialArgs = { + inherit inputs; + }; modules = [ inputs.home-manager.darwinModules.home-manager { @@ -60,7 +63,10 @@ fallback = true; connect-timeout = 5; log-lines = 25; - trusted-users = [ "root" "xanderio" ]; + trusted-users = [ + "root" + "xanderio" + ]; builders-use-substitutes = true; substituters = [ @@ -73,19 +79,21 @@ ]; }; distributedBuilds = true; - buildMachines = [{ - sshUser = "builder"; - hostName = "linux-builder"; - systems = [ - linuxSystem - "x86_64-linux" - ]; - maxJobs = 4; - supportedFeatures = [ "big-parallel" ]; - sshKey = "/etc/nix/builder_ed25519"; - protocol = "ssh-ng"; - publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpCV2N4Yi9CbGFxdDFhdU90RStGOFFVV3JVb3RpQzVxQkorVXVFV2RWQ2Igcm9vdEBuaXhvcwo"; - }]; + buildMachines = [ + { + sshUser = "builder"; + hostName = "linux-builder"; + systems = [ + linuxSystem + "x86_64-linux" + ]; + maxJobs = 4; + supportedFeatures = [ "big-parallel" ]; + sshKey = "/etc/nix/builder_ed25519"; + protocol = "ssh-ng"; + publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUpCV2N4Yi9CbGFxdDFhdU90RStGOFFVV3JVb3RpQzVxQkorVXVFV2RWQ2Igcm9vdEBuaXhvcwo"; + } + ]; }; environment.shellAliases = { @@ -112,7 +120,9 @@ home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; - home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.extraSpecialArgs = { + inherit inputs; + }; home-manager.users.xanderio.imports = homeImports.ook; } ]; diff --git a/flake.nix b/flake.nix index 6000eb8d..7d9cee25 100644 --- a/flake.nix +++ b/flake.nix @@ -47,15 +47,20 @@ inputs."flake-parts".follows = "flake-parts"; }; nix-fast-build = { - url = "github:Mic92/nix-fast-build"; + url = "github:Mic92/nix-fast-build"; inputs."nixpkgs".follows = "nixpkgs"; inputs."flake-parts".follows = "flake-parts"; }; }; - outputs = inputs@{ flake-parts, self, ... }: + outputs = + inputs@{ flake-parts, self, ... }: flake-parts.lib.mkFlake { inherit inputs; } { - systems = [ "x86_64-linux" "aarch64-linux" "aarch64-darwin" ]; + systems = [ + "x86_64-linux" + "aarch64-linux" + "aarch64-darwin" + ]; imports = [ ./hosts ./darwin @@ -64,15 +69,24 @@ flake = { inherit (import ./home/profiles inputs) homeConfigurations; }; - perSystem = { pkgs, lib, inputs', self', system, ... }: { - formatter = pkgs.nixpkgs-fmt; - devShells.default = pkgs.mkShellNoCC { - buildInputs = [ - pkgs.colmena - pkgs.sops - inputs'.sops-to-age.packages.ssh-to-age - ]; + perSystem = + { + pkgs, + lib, + inputs', + self', + system, + ... + }: + { + formatter = pkgs.nixfmt-rfc-style; + devShells.default = pkgs.mkShellNoCC { + buildInputs = [ + pkgs.colmena + pkgs.sops + inputs'.sops-to-age.packages.ssh-to-age + ]; + }; }; - }; }; } diff --git a/home/default.nix b/home/default.nix index 2c63c085..ffcd4415 100644 --- a/home/default.nix +++ b/home/default.nix @@ -1,2 +1 @@ -{ -} +{ } diff --git a/home/desktop/default.nix b/home/desktop/default.nix index 2c7a74a7..e92ff5b2 100644 --- a/home/desktop/default.nix +++ b/home/desktop/default.nix @@ -1,7 +1,6 @@ -{ pkgs, ... }: { - imports = [ - ./wayland - ]; +{ pkgs, ... }: +{ + imports = [ ./wayland ]; home = { sessionVariables = { BROWSER = "firefox"; @@ -59,7 +58,10 @@ programs = { chromium = { enable = true; - commandLineArgs = [ "--enable-features=UseOzonePlatform" "--ozone-platform=wayland" ]; + commandLineArgs = [ + "--enable-features=UseOzonePlatform" + "--ozone-platform=wayland" + ]; }; firefox = { enable = true; diff --git a/home/desktop/wayland/default.nix b/home/desktop/wayland/default.nix index 74012347..345582c4 100644 --- a/home/desktop/wayland/default.nix +++ b/home/desktop/wayland/default.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ imports = [ ./kanshi.nix ./mako.nix diff --git a/home/desktop/wayland/kanshi.nix b/home/desktop/wayland/kanshi.nix index 41787656..b87f837d 100644 --- a/home/desktop/wayland/kanshi.nix +++ b/home/desktop/wayland/kanshi.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ services.kanshi = let swaymsg = "${pkgs.sway}/bin/swaymsg"; diff --git a/home/desktop/wayland/mako.nix b/home/desktop/wayland/mako.nix index 06255899..56cee195 100644 --- a/home/desktop/wayland/mako.nix +++ b/home/desktop/wayland/mako.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ services.mako = { enable = true; @@ -27,11 +28,16 @@ systemd.user.services.mako = { Unit = { Description = "Mako Notification daemon"; - After = [ "graphical-session-pre.target" "tray.target" ]; + After = [ + "graphical-session-pre.target" + "tray.target" + ]; PartOf = [ "graphical-session.target" ]; }; - Install = { WantedBy = [ "graphical-session.target" ]; }; + Install = { + WantedBy = [ "graphical-session.target" ]; + }; Service = { ExecStart = "${pkgs.mako}/bin/mako"; diff --git a/home/desktop/wayland/sway/default.nix b/home/desktop/wayland/sway/default.nix index 4b0f985a..200ee175 100644 --- a/home/desktop/wayland/sway/default.nix +++ b/home/desktop/wayland/sway/default.nix @@ -1,9 +1,11 @@ -{ pkgs -, lib -, config -, ... +{ + pkgs, + lib, + config, + ... }: -with lib; let +with lib; +let fuzzelOptions = lib.strings.concatStringsSep " " [ ''--font="JetBrains Mono"'' "--background-color=282a36ee" diff --git a/home/desktop/wayland/swaylock/default.nix b/home/desktop/wayland/swaylock/default.nix index 4ed91eb8..27dac7da 100644 --- a/home/desktop/wayland/swaylock/default.nix +++ b/home/desktop/wayland/swaylock/default.nix @@ -1,3 +1,4 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ xdg.configFile."swaylock/config".source = ./config; } diff --git a/home/desktop/wayland/tray-items.nix b/home/desktop/wayland/tray-items.nix index 038b03c8..4d4c91ec 100644 --- a/home/desktop/wayland/tray-items.nix +++ b/home/desktop/wayland/tray-items.nix @@ -1,15 +1,23 @@ -{ pkgs, nixosConfig, ... }: { +{ pkgs, nixosConfig, ... }: +{ services.blueman-applet.enable = true; systemd.user.services._1password = { Unit = { Description = "1Password"; Requires = [ "tray.target" ]; - After = [ "graphical-session-pre.target" "tray.target" ]; + After = [ + "graphical-session-pre.target" + "tray.target" + ]; PartOf = [ "graphical-session.target" ]; }; - Install = { WantedBy = [ "graphical-session.target" ]; }; + Install = { + WantedBy = [ "graphical-session.target" ]; + }; - Service = { ExecStart = "${nixosConfig.programs._1password-gui.package}/bin/1password --silent"; }; + Service = { + ExecStart = "${nixosConfig.programs._1password-gui.package}/bin/1password --silent"; + }; }; } diff --git a/home/desktop/wayland/waybar/default.nix b/home/desktop/wayland/waybar/default.nix index 6292d5ff..a7383967 100644 --- a/home/desktop/wayland/waybar/default.nix +++ b/home/desktop/wayland/waybar/default.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ programs.waybar = { enable = true; systemd.enable = true; @@ -9,9 +10,19 @@ position = "top"; height = 25; spacing = 0; - modules-left = [ "sway/workspaces" "sway/mode" ]; + modules-left = [ + "sway/workspaces" + "sway/mode" + ]; modules-center = [ "sway/window" ]; - modules-right = [ "network" "idle_inhibitor" "pulseaudio" "battery" "clock" "tray" ]; + modules-right = [ + "network" + "idle_inhibitor" + "pulseaudio" + "battery" + "clock" + "tray" + ]; "sway/workspaces" = { disable-scroll = true; disable-markup = false; @@ -55,7 +66,13 @@ critical = 15; }; format = "{icon} {capacity}%"; - format-icons = [ "" "" "" "" "" ]; + format-icons = [ + "" + "" + "" + "" + "" + ]; }; }; }; diff --git a/home/develop/default.nix b/home/develop/default.nix index cc01a9f3..52590cc5 100644 --- a/home/develop/default.nix +++ b/home/develop/default.nix @@ -1,24 +1,28 @@ -{ pkgs, lib, inputs, ... }: { - imports = [ - ./neovim - ]; +{ + pkgs, + lib, + inputs, + ... +}: +{ + imports = [ ./neovim ]; home = { - packages = (with pkgs; [ - # rust - bacon - cargo-watch + packages = + (with pkgs; [ + # rust + bacon + cargo-watch - nix-update - nix-init - nixpkgs-review - nix-universal-prefetch - nix-top - glab - gh - git-town - ]) ++ [ - inputs.nix-fast-build.packages.${pkgs.system}.nix-fast-build - ]; + nix-update + nix-init + nixpkgs-review + nix-universal-prefetch + nix-top + glab + gh + git-town + ]) + ++ [ inputs.nix-fast-build.packages.${pkgs.system}.nix-fast-build ]; sessionVariables = { DARCS_ALWAYS_COLOR = "1"; @@ -27,7 +31,6 @@ ERL_AFLAGS = "-kernel shell_history enabled"; }; - file.".cargo/config".text = let bintools-wrapper = "${pkgs.path}/pkgs/build-support/bintools-wrapper"; @@ -35,7 +38,17 @@ name = "mold"; paths = [ pkgs.mold ]; nativeBuildInputs = [ pkgs.makeWrapper ]; - suffixSalt = lib.replaceStrings [ "-" "." ] [ "_" "_" ] pkgs.stdenv.targetPlatform.config; + suffixSalt = + lib.replaceStrings + [ + "-" + "." + ] + [ + "_" + "_" + ] + pkgs.stdenv.targetPlatform.config; postBuild = '' for bin in ${pkgs.mold}/bin/*; do rm $out/bin/"$(basename "$bin")" diff --git a/home/develop/neovim/default.nix b/home/develop/neovim/default.nix index b8b17cbb..c614b377 100644 --- a/home/develop/neovim/default.nix +++ b/home/develop/neovim/default.nix @@ -1,4 +1,5 @@ -{ pkgs, lib, ... }: { +{ pkgs, lib, ... }: +{ home.activation.nvimCacheClear = lib.hm.dag.entryAfter [ "writeBoundary" ] '' # remove impatient.nvim cache rm -rf $HOME/.cache/nvim/luacache_* @@ -45,93 +46,97 @@ vim = "nvim"; }; - xdg.configFile = - { - "nvim" = { - recursive = true; - source = ./nvim; - }; + xdg.configFile = { + "nvim" = { + recursive = true; + source = ./nvim; }; + }; xdg.dataFile."nvim/site/pack/nix/start" = { recursive = true; - source = pkgs.linkFarmFromDrvs "neovim-plugins" ((with pkgs.vimPlugins; [ - impatient-nvim - - # LSP - nvim-lspconfig - none-ls-nvim - lsp_extensions-nvim - nvim-lsputils - nvim-lightbulb - FixCursorHold-nvim - trouble-nvim - nvim-code-action-menu - lspkind-nvim - lsp_signature-nvim - lsp-status-nvim - fidget-nvim - - elixir-tools-nvim - - ## rust - rust-tools-nvim - crates-nvim - - # DAP - nvim-dap - nvim-dap-ui - - # Treesitter - nvim-treesitter - nvim-navic - comment-nvim - - vim-table-mode - - # neotest - nvim-nio - neotest - neotest-rust - neotest-elixir - - # Autocompletion - luasnip - cmp_luasnip - - cmp-nvim-lua - cmp-nvim-lsp - cmp-vsnip - cmp-path - cmp-emoji - cmp-calc - cmp-buffer - cmp-nvim-lsp-signature-help - nvim-cmp - - # Utils - hydra-nvim - indent-blankline-nvim - nvim-notify - telescope-nvim - lualine-nvim - gitsigns-nvim - dracula-nvim - neogit - nvim-tree-lua - diffview-nvim - - vim-easy-align - vim-surround - vim-repeat - vim-floaterm - vim-fish - - # Dependencies - popfix # nvim-lsputils, telescope-nvim - plenary-nvim # crates-nvim, telescope-nvim, gitsigns-nvim, neogit - nvim-web-devicons - ]) - ++ (builtins.attrValues (pkgs.vimPlugins.nvim-treesitter.grammarPlugins // lib.mapAttrs (_: pkgs.neovimUtils.grammarToPlugin) { }))); + source = pkgs.linkFarmFromDrvs "neovim-plugins" ( + (with pkgs.vimPlugins; [ + impatient-nvim + + # LSP + nvim-lspconfig + none-ls-nvim + lsp_extensions-nvim + nvim-lsputils + nvim-lightbulb + FixCursorHold-nvim + trouble-nvim + nvim-code-action-menu + lspkind-nvim + lsp_signature-nvim + lsp-status-nvim + fidget-nvim + + elixir-tools-nvim + + ## rust + rust-tools-nvim + crates-nvim + + # DAP + nvim-dap + nvim-dap-ui + + # Treesitter + nvim-treesitter + nvim-navic + comment-nvim + + vim-table-mode + + # neotest + nvim-nio + neotest + neotest-rust + neotest-elixir + + # Autocompletion + luasnip + cmp_luasnip + + cmp-nvim-lua + cmp-nvim-lsp + cmp-vsnip + cmp-path + cmp-emoji + cmp-calc + cmp-buffer + cmp-nvim-lsp-signature-help + nvim-cmp + + # Utils + hydra-nvim + indent-blankline-nvim + nvim-notify + telescope-nvim + lualine-nvim + gitsigns-nvim + dracula-nvim + neogit + nvim-tree-lua + diffview-nvim + + vim-easy-align + vim-surround + vim-repeat + vim-floaterm + vim-fish + + # Dependencies + popfix # nvim-lsputils, telescope-nvim + plenary-nvim # crates-nvim, telescope-nvim, gitsigns-nvim, neogit + nvim-web-devicons + ]) + ++ (builtins.attrValues ( + pkgs.vimPlugins.nvim-treesitter.grammarPlugins + // lib.mapAttrs (_: pkgs.neovimUtils.grammarToPlugin) { } + )) + ); }; } diff --git a/home/profiles/default.nix b/home/profiles/default.nix index 9785a1c9..7af9c620 100644 --- a/home/profiles/default.nix +++ b/home/profiles/default.nix @@ -27,12 +27,8 @@ in "xanderio@hex" = mkHome { modules = homeImports."xanderio@hex"; }; server = mkHome { modules = homeImports.server; }; ook = inputs.home-manager.lib.homeManagerConfiguration { - pkgs = import inputs.nixpkgs { - system = "aarch64-darwin"; - }; - modules = sharedModules ++ [ - ./ook - ]; + pkgs = import inputs.nixpkgs { system = "aarch64-darwin"; }; + modules = sharedModules ++ [ ./ook ]; }; }; } diff --git a/home/profiles/ook/default.nix b/home/profiles/ook/default.nix index 1655f7c8..77bea6d4 100644 --- a/home/profiles/ook/default.nix +++ b/home/profiles/ook/default.nix @@ -1,4 +1,5 @@ -{ lib, ...}: { +{ lib, ... }: +{ imports = [ ../../shell ../../develop diff --git a/home/shell/default.nix b/home/shell/default.nix index 80154529..19bb7fd7 100644 --- a/home/shell/default.nix +++ b/home/shell/default.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ imports = [ ./fish.nix ./git.nix diff --git a/home/shell/fish.nix b/home/shell/fish.nix index 180b975d..e1f52a37 100644 --- a/home/shell/fish.nix +++ b/home/shell/fish.nix @@ -1,4 +1,5 @@ -{ lib, pkgs, ... }: { +{ lib, pkgs, ... }: +{ programs.fish = { enable = true; shellAliases = { @@ -75,52 +76,53 @@ ssh-add ''; - functions = { - fish_greeting.body = ""; - cat.body = "${pkgs.bat}/bin/bat $argv"; - sops = { - description = "sops wrapper to extract age key from 1password"; - body = '' - if string match -q -- "op://*" $SOPS_AGE_KEY - op run --no-masking -- sops $argv - else - command sops $argv - end - ''; - }; - fish_title = { - body = '' - if [ $_ = fish ] - echo (pwd) - else - echo (status current-command) - end''; - }; - woi_login = { - description = "Wifi@DB / WifiOnICE login script"; - body = " ${pkgs.curl}/bin/curl -vk 'https://10.101.64.10/en/' -H 'Host: wifi.bahn.de' -H 'Cookie: csrf=asdf' --data 'login=true&CSRFToken=asdf'"; - }; - multicd = { - description = "This expands .. to cd ../, ... to cd ../../ and .... to cd ../../../ and so on."; - body = "echo cd (string repeat -n (math (string length -- $argv[1]) - 1) ../)"; - }; - last_history_item = { - body = "echo $history[1]"; - }; - } // - (lib.optionalAttrs pkgs.stdenv.isLinux { - vcam = { - description = "gphoto2 based virtual webcam"; - body = - let - gphoto2 = "${pkgs.gphoto2}/bin/gphoto2"; - ffmpeg = "${pkgs.ffmpeg_6-full}/bin/ffmpeg"; - in - '' - ${gphoto2} --stdout --capture-movie | ${ffmpeg} -hwaccel vaapi -c:v mjpeg -i - -vcodec rawvideo -pix_fmt yuv420p -threads 2 -f v4l2 /dev/video0 + functions = + { + fish_greeting.body = ""; + cat.body = "${pkgs.bat}/bin/bat $argv"; + sops = { + description = "sops wrapper to extract age key from 1password"; + body = '' + if string match -q -- "op://*" $SOPS_AGE_KEY + op run --no-masking -- sops $argv + else + command sops $argv + end ''; - }; - }); + }; + fish_title = { + body = '' + if [ $_ = fish ] + echo (pwd) + else + echo (status current-command) + end''; + }; + woi_login = { + description = "Wifi@DB / WifiOnICE login script"; + body = " ${pkgs.curl}/bin/curl -vk 'https://10.101.64.10/en/' -H 'Host: wifi.bahn.de' -H 'Cookie: csrf=asdf' --data 'login=true&CSRFToken=asdf'"; + }; + multicd = { + description = "This expands .. to cd ../, ... to cd ../../ and .... to cd ../../../ and so on."; + body = "echo cd (string repeat -n (math (string length -- $argv[1]) - 1) ../)"; + }; + last_history_item = { + body = "echo $history[1]"; + }; + } + // (lib.optionalAttrs pkgs.stdenv.isLinux { + vcam = { + description = "gphoto2 based virtual webcam"; + body = + let + gphoto2 = "${pkgs.gphoto2}/bin/gphoto2"; + ffmpeg = "${pkgs.ffmpeg_6-full}/bin/ffmpeg"; + in + '' + ${gphoto2} --stdout --capture-movie | ${ffmpeg} -hwaccel vaapi -c:v mjpeg -i - -vcodec rawvideo -pix_fmt yuv420p -threads 2 -f v4l2 /dev/video0 + ''; + }; + }); plugins = [ { name = "fish-ssh-agent"; diff --git a/home/shell/git.nix b/home/shell/git.nix index 35820a6a..dcc7906a 100644 --- a/home/shell/git.nix +++ b/home/shell/git.nix @@ -1,9 +1,11 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: -with lib; let +with lib; +let cfg = config.xanderio.git; in { @@ -51,7 +53,10 @@ in cae = "commit --amend --no-edit"; }; - ignores = [ ".direnv" ".worktree" ]; + ignores = [ + ".direnv" + ".worktree" + ]; difftastic = { enable = true; diff --git a/hosts/carrot/authentik.nix b/hosts/carrot/authentik.nix index fb180191..a47bed16 100644 --- a/hosts/carrot/authentik.nix +++ b/hosts/carrot/authentik.nix @@ -1,7 +1,6 @@ -{ inputs, config, ... }: { - imports = [ - inputs.authentik.nixosModules.default - ]; +{ inputs, config, ... }: +{ + imports = [ inputs.authentik.nixosModules.default ]; config = { x.sops.secrets = { diff --git a/hosts/carrot/default.nix b/hosts/carrot/default.nix index 2229bc71..678720c3 100644 --- a/hosts/carrot/default.nix +++ b/hosts/carrot/default.nix @@ -1,4 +1,10 @@ -{ config, lib, pkgs, ... }: { +{ + config, + lib, + pkgs, + ... +}: +{ imports = [ ../../modules/server ../../profiles/hetzner_vm @@ -20,7 +26,10 @@ deployment.targetHost = "carrot.xanderio.de"; systemd.network.networks."10-uplink".networkConfig.Address = "2a01:4f9:c010:ef51::1/64"; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; services.journald.extraConfig = '' SystemMaxUse = 1G @@ -34,34 +43,19 @@ publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMS3185JdDy7ffnr0nLWqVy8FaAQeVh1QYUSiNpW5ESq"; }; }; - services.borgbackup.jobs = { - borgbase = { - paths = [ "/var/lib" "/home" "/root" ]; - exclude = [ "'**/.cache'" "/var/lib/postgresql/" ]; - repo = "ssh://j11x0ojk@j11x0ojk.repo.borgbase.com/./repo::root"; - encryption = { - mode = "repokey-blake2"; - passCommand = "cat ${config.sops.secrets."all/borg_backup/repo_key".path}"; - }; - environment = { - BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key"; - }; - compression = "auto,zstd,10"; - prune.keep = { - within = "1d"; # Keep all archives from the last day - daily = 7; - weekly = 4; - monthly = 1; - }; - extraCreateArgs = "--verbose --exclude-caches --stats --checkpoint-interval 600"; - startAt = "hourly"; - }; - } // (lib.listToAttrs (map - (name: - lib.nameValuePair "psql-${name}" { - dumpCommand = pkgs.writeShellScript "psql-backup-${name}" - "${pkgs.sudo}/bin/sudo -u postgres ${config.services.postgresql.package}/bin/pg_dump -Cc -d ${name}"; - repo = "ssh://j11x0ojk@j11x0ojk.repo.borgbase.com/./repo::psql"; + services.borgbackup.jobs = + { + borgbase = { + paths = [ + "/var/lib" + "/home" + "/root" + ]; + exclude = [ + "'**/.cache'" + "/var/lib/postgresql/" + ]; + repo = "ssh://j11x0ojk@j11x0ojk.repo.borgbase.com/./repo::root"; encryption = { mode = "repokey-blake2"; passCommand = "cat ${config.sops.secrets."all/borg_backup/repo_key".path}"; @@ -78,8 +72,31 @@ }; extraCreateArgs = "--verbose --exclude-caches --stats --checkpoint-interval 600"; startAt = "hourly"; - } - ) - (config.services.postgresql.ensureDatabases ++ [ "matrix-synapse" ]))) - ; + }; + } + // (lib.listToAttrs ( + map ( + name: + lib.nameValuePair "psql-${name}" { + dumpCommand = pkgs.writeShellScript "psql-backup-${name}" "${pkgs.sudo}/bin/sudo -u postgres ${config.services.postgresql.package}/bin/pg_dump -Cc -d ${name}"; + repo = "ssh://j11x0ojk@j11x0ojk.repo.borgbase.com/./repo::psql"; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat ${config.sops.secrets."all/borg_backup/repo_key".path}"; + }; + environment = { + BORG_RSH = "ssh -i /etc/ssh/ssh_host_ed25519_key"; + }; + compression = "auto,zstd,10"; + prune.keep = { + within = "1d"; # Keep all archives from the last day + daily = 7; + weekly = 4; + monthly = 1; + }; + extraCreateArgs = "--verbose --exclude-caches --stats --checkpoint-interval 600"; + startAt = "hourly"; + } + ) (config.services.postgresql.ensureDatabases ++ [ "matrix-synapse" ]) + )); } diff --git a/hosts/carrot/grist.nix b/hosts/carrot/grist.nix index 14bad831..4e830770 100644 --- a/hosts/carrot/grist.nix +++ b/hosts/carrot/grist.nix @@ -1,4 +1,5 @@ -{ config, ... }: { +{ config, ... }: +{ config = { x.sops.secrets."services/grist/env" = { group = "${config.virtualisation.oci-containers.backend}"; @@ -14,9 +15,7 @@ GRIST_OIDC_IDP_CLIENT_ID = "grist"; GRIST_FORCE_LOGIN = "1"; }; - environmentFiles = [ - config.sops.secrets."services/grist/env".path - ]; + environmentFiles = [ config.sops.secrets."services/grist/env".path ]; volumes = [ "/var/lib/grist:/persist" ]; ports = [ "8484:8484" ]; diff --git a/hosts/carrot/mail.nix b/hosts/carrot/mail.nix index ce87aa7b..b5b73f93 100644 --- a/hosts/carrot/mail.nix +++ b/hosts/carrot/mail.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let domain = "mail.xanderio.de"; credPath = "/run/credentials/stalwart-mail.service"; @@ -12,21 +17,26 @@ in config = { x.sops.secrets."services/stalwart/adminPwd" = { }; - security.acme.certs = { "${domain}" = { }; } - // lib.listToAttrs (map - (d: { - name = "mta-sts.${d}"; - value = { - extraDomainNames = [ "autoconfig.${d}" "autodiscovery.${d}" ]; - }; - }) - domains); + security.acme.certs = + { + "${domain}" = { }; + } + // lib.listToAttrs ( + map (d: { + name = "mta-sts.${d}"; + value = { + extraDomainNames = [ + "autoconfig.${d}" + "autodiscovery.${d}" + ]; + }; + }) domains + ); systemd.services.stalwart-mail = { wants = [ "acme-${domain}.service" ]; after = [ "acme-${domain}.service" ]; - preStart = lib.mkForce '' - ''; + preStart = lib.mkForce ''''; serviceConfig = { LogsDirectory = "stalwart-mail"; LoadCredential = [ @@ -46,30 +56,35 @@ in services.nginx = { enable = true; - virtualHosts = { - "${domain}" = { - forceSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://[::1]:8119"; - proxyWebsockets = true; - }; - }; - } // lib.listToAttrs (map - (d: { - name = "mta-sts.${d}"; - value = { - serverAliases = [ "autoconfig.${d}" "autodiscovery.${d}" ]; + virtualHosts = + { + "${domain}" = { forceSSL = true; enableACME = true; - locations = { - "= /mail/config-v1.1.xml".proxyPass = "http://[::1]:8119"; - "= /autodiscovery/autodiscovery.xml".proxyPass = "http://[::1]:8119"; - "= /.well-known/mta-sts.txt".proxyPass = "http://[::1]:8119"; + locations."/" = { + proxyPass = "http://[::1]:8119"; + proxyWebsockets = true; }; }; - }) - domains); + } + // lib.listToAttrs ( + map (d: { + name = "mta-sts.${d}"; + value = { + serverAliases = [ + "autoconfig.${d}" + "autodiscovery.${d}" + ]; + forceSSL = true; + enableACME = true; + locations = { + "= /mail/config-v1.1.xml".proxyPass = "http://[::1]:8119"; + "= /autodiscovery/autodiscovery.xml".proxyPass = "http://[::1]:8119"; + "= /.well-known/mta-sts.txt".proxyPass = "http://[::1]:8119"; + }; + }; + }) domains + ); }; services.stalwart-mail = { @@ -150,7 +165,10 @@ in services.roundcube = { enable = true; package = pkgs.roundcube.withPlugins (plugins: [ plugins.persistent_login ]); - dicts = with pkgs.aspellDicts; [ en de ]; + dicts = with pkgs.aspellDicts; [ + en + de + ]; hostName = "cube.xanderio.de"; plugins = [ "archive" diff --git a/hosts/carrot/matrix.nix b/hosts/carrot/matrix.nix index 1ca4be88..365c8aca 100644 --- a/hosts/carrot/matrix.nix +++ b/hosts/carrot/matrix.nix @@ -1,4 +1,9 @@ -{ lib, pkgs, config, ... }: +{ + lib, + pkgs, + config, + ... +}: let fqdn = "bitflip.jetzt"; turnRealm = "turn.${fqdn}"; @@ -42,9 +47,9 @@ in forceSSL = true; locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig; locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig; - locations."/".extraConfig = '' - return 404; - ''; + locations."/".extraConfig = '' + return 404; + ''; locations."/_matrix".proxyPass = "http://[::1]:8008"; locations."/_synapse/client".proxyPass = "http://[::1]:8008"; }; @@ -99,13 +104,14 @@ in config.services.coturn.listening-port config.services.coturn.tls-listening-port ]; - allowedUDPPortRanges = [{ - from = config.services.coturn.min-port; - to = config.services.coturn.max-port; - }]; + allowedUDPPortRanges = [ + { + from = config.services.coturn.min-port; + to = config.services.coturn.max-port; + } + ]; }; - x.sops.secrets = { "services/synapse/oidc_secret" = { }; }; @@ -121,7 +127,11 @@ in issuer = "https://sso.xanderio.de/application/o/synapse/"; client_id = "synapse"; client_secret = config.sops.placeholder."services/synapse/oidc_secret"; - scopes = [ "openid" "profile" "email" ]; + scopes = [ + "openid" + "profile" + "email" + ]; user_mapping_provider.config = { localpart_template = "{{ user.preferred_username }}"; display_name_template = "{{ user.preferred_username }}"; @@ -135,12 +145,8 @@ in services.matrix-synapse = { enable = true; withJemalloc = true; - extraConfigFiles = [ - config.sops.templates."synapse-oidc".path - ]; - extras = [ - "oidc" - ]; + extraConfigFiles = [ config.sops.templates."synapse-oidc".path ]; + extras = [ "oidc" ]; settings = { server_name = fqdn; public_baseurl = "https://${fqdn}"; @@ -153,24 +159,36 @@ in type = "http"; tls = false; x_forwarded = true; - resources = [{ - names = [ "client" "federation" ]; - compress = true; - }]; + resources = [ + { + names = [ + "client" + "federation" + ]; + compress = true; + } + ]; } { port = 8088; - bind_addresses = [ "::1" "100.73.157.55" "fd7a:115c:a1e0::d309:9d37" ]; + bind_addresses = [ + "::1" + "100.73.157.55" + "fd7a:115c:a1e0::d309:9d37" + ]; type = "http"; tls = false; x_forwarded = true; - resources = [{ - names = [ "metrics" ]; - compress = true; - }]; + resources = [ + { + names = [ "metrics" ]; + compress = true; + } + ]; } ]; - registration_shared_secret_path = config.sops.secrets."services/synapse/registration_shared_secret".path; + registration_shared_secret_path = + config.sops.secrets."services/synapse/registration_shared_secret".path; turn_uris = [ "turn:${turnRealm}:${toString config.services.coturn.listening-port}?transport=udp" "turn:${turnRealm}:${toString config.services.coturn.listening-port}?transport=tcp" diff --git a/hosts/carrot/miniflux.nix b/hosts/carrot/miniflux.nix index ba8fa18a..fee5b270 100644 --- a/hosts/carrot/miniflux.nix +++ b/hosts/carrot/miniflux.nix @@ -1,4 +1,5 @@ -{ config, lib, ... }: { +{ config, lib, ... }: +{ config = { x.sops.secrets."services/miniflux/env" = { }; diff --git a/hosts/carrot/outline.nix b/hosts/carrot/outline.nix index 5b6384f3..cc1ca85f 100644 --- a/hosts/carrot/outline.nix +++ b/hosts/carrot/outline.nix @@ -40,7 +40,11 @@ tokenUrl = "https://sso.xanderio.de/application/o/token/"; userinfoUrl = "https://sso.xanderio.de/application/o/userinfo/"; displayName = "xanderio SSO"; - scopes = [ "openid" "profile" "email" ]; + scopes = [ + "openid" + "profile" + "email" + ]; }; smtp = { diff --git a/hosts/carrot/postgresql.nix b/hosts/carrot/postgresql.nix index 65b26248..478e00af 100644 --- a/hosts/carrot/postgresql.nix +++ b/hosts/carrot/postgresql.nix @@ -1,4 +1,5 @@ -{ pkgs, lib, ... }: { +{ pkgs, lib, ... }: +{ services.postgresql = { enable = true; package = lib.mkForce pkgs.postgresql_15; diff --git a/hosts/carrot/website.nix b/hosts/carrot/website.nix index a461c311..c6346862 100644 --- a/hosts/carrot/website.nix +++ b/hosts/carrot/website.nix @@ -1,4 +1,5 @@ -{ inputs, pkgs, ... }: { +{ inputs, pkgs, ... }: +{ config = { services.nginx = { enable = true; diff --git a/hosts/default.nix b/hosts/default.nix index ef7c6486..9f6d89d1 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -7,35 +7,26 @@ isDir = _name: type: type == "directory"; - hostDirs = builtins.attrNames - (lib.filterAttrs isDir - (builtins.readDir ./.) - ); + hostDirs = builtins.attrNames (lib.filterAttrs isDir (builtins.readDir ./.)); hosts = lib.genAttrs hostDirs (name: { - imports = [ - (./. + "/${name}") - ]; + imports = [ (./. + "/${name}") ]; }); in { meta = { - nixpkgs = import inputs.nixos-small { - system = "x86_64-linux"; - }; + nixpkgs = import inputs.nixos-small { system = "x86_64-linux"; }; - nodeNixpkgs = { - "gregtech" = import inputs.nixos-small { - system = "aarch64-linux"; - }; - "carrot" = import inputs.nixos-small { - system = "aarch64-linux"; - }; - } // lib.genAttrs [ "hex" "vger" ] - (_: import inputs.nixpkgs { - system = "x86_64-linux"; - }); + nodeNixpkgs = + { + "gregtech" = import inputs.nixos-small { system = "aarch64-linux"; }; + "carrot" = import inputs.nixos-small { system = "aarch64-linux"; }; + } + // lib.genAttrs [ + "hex" + "vger" + ] (_: import inputs.nixpkgs { system = "x86_64-linux"; }); specialArgs = { inherit (import "${self}/home/profiles" inputs) homeImports; @@ -60,7 +51,8 @@ } ]; }; - } // hosts; + } + // hosts; diskoConfigurations = { hex = import ./hex/disko.nix; diff --git a/hosts/gregtech/default.nix b/hosts/gregtech/default.nix index d3a593ab..748c5b25 100644 --- a/hosts/gregtech/default.nix +++ b/hosts/gregtech/default.nix @@ -1,4 +1,11 @@ -{ inputs, lib, pkgs, config, ... }: { +{ + inputs, + lib, + pkgs, + config, + ... +}: +{ imports = [ inputs.mms.module ../../modules/server @@ -62,7 +69,6 @@ "-XX:MaxTenuringThreshold=1" ]; - serverConfig = { server-port = 25565; motd = "Welcome to Greg Tech New Horizons"; diff --git a/hosts/gregtech/hardware-configuration.nix b/hosts/gregtech/hardware-configuration.nix index 28bce5e7..70708179 100644 --- a/hosts/gregtech/hardware-configuration.nix +++ b/hosts/gregtech/hardware-configuration.nix @@ -6,9 +6,19 @@ efiInstallAsRemovable = true; device = "nodev"; }; - fileSystems."/boot" = { device = "/dev/disk/by-uuid/C827-5CA2"; fsType = "vfat"; }; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ]; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/C827-5CA2"; + fsType = "vfat"; + }; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + ]; boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; } diff --git a/hosts/gregtech/networking.nix b/hosts/gregtech/networking.nix index 7c5c115f..c0a0487a 100644 --- a/hosts/gregtech/networking.nix +++ b/hosts/gregtech/networking.nix @@ -1,10 +1,9 @@ -{ lib, ... }: { +{ lib, ... }: +{ # This file was populated at runtime with the networking # details gathered from the active system. networking = { - nameservers = [ - "8.8.8.8" - ]; + nameservers = [ "8.8.8.8" ]; defaultGateway = "172.31.1.1"; defaultGateway6 = { address = "fe80::1"; @@ -15,14 +14,33 @@ interfaces = { eth0 = { ipv4.addresses = [ - { address = "168.119.238.150"; prefixLength = 32; } + { + address = "168.119.238.150"; + prefixLength = 32; + } ]; ipv6.addresses = [ - { address = "2a01:4f8:1c1c:313::1"; prefixLength = 64; } - { address = "fe80::9400:2ff:febe:393a"; prefixLength = 64; } + { + address = "2a01:4f8:1c1c:313::1"; + prefixLength = 64; + } + { + address = "fe80::9400:2ff:febe:393a"; + prefixLength = 64; + } + ]; + ipv4.routes = [ + { + address = "172.31.1.1"; + prefixLength = 32; + } + ]; + ipv6.routes = [ + { + address = "fe80::1"; + prefixLength = 128; + } ]; - ipv4.routes = [{ address = "172.31.1.1"; prefixLength = 32; }]; - ipv6.routes = [{ address = "fe80::1"; prefixLength = 128; }]; }; }; diff --git a/hosts/hex/default.nix b/hosts/hex/default.nix index 60143639..50802cd6 100644 --- a/hosts/hex/default.nix +++ b/hosts/hex/default.nix @@ -1,4 +1,12 @@ -{ inputs, pkgs, config, nixos-hardware, homeImports, ... }: { +{ + inputs, + pkgs, + config, + nixos-hardware, + homeImports, + ... +}: +{ imports = [ ./hardware-configuration.nix ../../modules/laptop @@ -9,9 +17,7 @@ home-manager.users.xanderio.home.stateVersion = "22.11"; deployment.targetHost = null; - disko.devices = import ./disko.nix { - disks = [ "/dev/nvme0n1" ]; - }; + disko.devices = import ./disko.nix { disks = [ "/dev/nvme0n1" ]; }; networking.hostName = "hex"; boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; @@ -38,9 +44,7 @@ }; nix.settings = { - substituters = [ - "http://binary-cache-v2.vpn.cyberus-technology.de" - ]; + substituters = [ "http://binary-cache-v2.vpn.cyberus-technology.de" ]; trusted-public-keys = [ "cyberus-1:0jjMD2b+guloGW27ZToxDQApCoWj+4ONW9v8VH/Bv0Q=" # v2 cache ]; @@ -51,7 +55,9 @@ GLAB_PAGER = "cat"; }; - home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.extraSpecialArgs = { + inherit inputs; + }; home-manager.users.xanderio.xanderio = { git = { enable = true; diff --git a/hosts/hex/disko.nix b/hosts/hex/disko.nix index 3b0b390a..8005c212 100644 --- a/hosts/hex/disko.nix +++ b/hosts/hex/disko.nix @@ -1,4 +1,8 @@ -{ disks ? [ "/dev/vdb" ], ... }: { +{ + disks ? [ "/dev/vdb" ], + ... +}: +{ disk = { nvme0n1 = { device = builtins.elemAt disks 0; diff --git a/hosts/hex/hardware-configuration.nix b/hosts/hex/hardware-configuration.nix index bf71f495..4f0282c1 100644 --- a/hosts/hex/hardware-configuration.nix +++ b/hosts/hex/hardware-configuration.nix @@ -1,15 +1,24 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "usb_storage" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; diff --git a/hosts/valen/configuration.nix b/hosts/valen/configuration.nix index 785e77a3..f7843bdd 100644 --- a/hosts/valen/configuration.nix +++ b/hosts/valen/configuration.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ imports = [ ./hardware-configuration.nix ./grafana.nix @@ -22,6 +23,11 @@ address = "fe80::1"; interface = "ens3"; }; - nameservers = [ "2a01:4ff:ff00::add:1" "2a01:4ff:ff00::add:2" "185.12.64.1" "185.12.64.2" ]; + nameservers = [ + "2a01:4ff:ff00::add:1" + "2a01:4ff:ff00::add:2" + "185.12.64.1" + "185.12.64.2" + ]; }; } diff --git a/hosts/valen/grafana.nix b/hosts/valen/grafana.nix index 36835a95..3a4dffd8 100644 --- a/hosts/valen/grafana.nix +++ b/hosts/valen/grafana.nix @@ -1,4 +1,5 @@ -{ config, ... }: { +{ config, ... }: +{ x.sops.secrets."services/grafana/client_secret" = { owner = "grafana"; }; @@ -40,9 +41,7 @@ { job_name = "grafana"; static_configs = [ - { - targets = [ "localhost:${toString config.services.grafana.settings.server.http_port}" ]; - } + { targets = [ "localhost:${toString config.services.grafana.settings.server.http_port}" ]; } ]; } ]; diff --git a/hosts/valen/hardware-configuration.nix b/hosts/valen/hardware-configuration.nix index 290a6d32..e104fb3e 100644 --- a/hosts/valen/hardware-configuration.nix +++ b/hosts/valen/hardware-configuration.nix @@ -1,17 +1,24 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config -, lib -, pkgs -, modulesPath -, ... -}: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; +{ + config, + lib, + pkgs, + modulesPath, + ... +}: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "virtio_scsi" "xhci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "virtio_pci" + "virtio_scsi" + "xhci_pci" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; diff --git a/hosts/valen/loki.nix b/hosts/valen/loki.nix index 0d4dc7a2..d298b501 100644 --- a/hosts/valen/loki.nix +++ b/hosts/valen/loki.nix @@ -25,16 +25,17 @@ }; schema_config = { - configs = [{ - from = "2022-06-06"; - store = "boltdb-shipper"; - object_store = "filesystem"; - schema = "v11"; - index = { - prefix = "index_"; - period = "24h"; - }; - } + configs = [ + { + from = "2022-06-06"; + store = "boltdb-shipper"; + object_store = "filesystem"; + schema = "v11"; + index = { + prefix = "index_"; + period = "24h"; + }; + } { from = "2023-05-19"; store = "tsdb"; @@ -44,7 +45,8 @@ prefix = "index_"; period = "24h"; }; - }]; + } + ]; }; storage_config = { diff --git a/hosts/valen/prometheus.nix b/hosts/valen/prometheus.nix index 48fdbc08..7c46c385 100644 --- a/hosts/valen/prometheus.nix +++ b/hosts/valen/prometheus.nix @@ -1,7 +1,4 @@ -{ pkgs -, config -, ... -}: +{ pkgs, config, ... }: let synapseRules = pkgs.writeText "" '' groups: @@ -39,20 +36,12 @@ in scrapeConfigs = [ { job_name = "prometheus"; - static_configs = [ - { - targets = [ "localhost:${toString config.services.prometheus.port}" ]; - } - ]; + static_configs = [ { targets = [ "localhost:${toString config.services.prometheus.port}" ]; } ]; } { job_name = "synapse"; metrics_path = "/_synapse/metrics"; - static_configs = [ - { - targets = [ "delenn:8088" ]; - } - ]; + static_configs = [ { targets = [ "delenn:8088" ]; } ]; relabel_configs = [ { source_labels = [ "__address__" ]; @@ -70,7 +59,13 @@ in let makeTarget = name: "${name}:${toString config.services.prometheus.exporters.node.port}"; in - builtins.map makeTarget [ "valen" "delenn" "vetinari" "gregtech" "carrot" ]; + builtins.map makeTarget [ + "valen" + "delenn" + "vetinari" + "gregtech" + "carrot" + ]; } ]; relabel_configs = [ diff --git a/hosts/vetinari/audio.nix b/hosts/vetinari/audio.nix index c8f17725..0b63b0d0 100644 --- a/hosts/vetinari/audio.nix +++ b/hosts/vetinari/audio.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ services.pipewire = { enable = true; systemWide = true; diff --git a/hosts/vetinari/audiobookshelf.nix b/hosts/vetinari/audiobookshelf.nix index 71ac454a..b029c980 100644 --- a/hosts/vetinari/audiobookshelf.nix +++ b/hosts/vetinari/audiobookshelf.nix @@ -1,6 +1,10 @@ -{ config, ... }: { +{ config, ... }: +{ config = { - services.borgbackup.jobs.backup.exclude = [ "/var/lib/audiobookshelf/libary" "/var/lib/audiobookshelf/metadata/cache" ]; + services.borgbackup.jobs.backup.exclude = [ + "/var/lib/audiobookshelf/libary" + "/var/lib/audiobookshelf/metadata/cache" + ]; services.nginx = { enable = true; virtualHosts."audiobook.xanderio.de" = { diff --git a/hosts/vetinari/default.nix b/hosts/vetinari/default.nix index 2e95b9d3..0edf4fc7 100644 --- a/hosts/vetinari/default.nix +++ b/hosts/vetinari/default.nix @@ -1,4 +1,11 @@ -{ pkgs, config, lib, homeImports, ... }: { +{ + pkgs, + config, + lib, + homeImports, + ... +}: +{ imports = [ ./hardware-configuration.nix ./spotifyd.nix @@ -15,9 +22,8 @@ ../../modules/server { home-manager.users.xanderio.imports = homeImports."server"; } ]; - - networking.nftables.enable = true; + networking.nftables.enable = true; # remove once reinstalled. workaround for disko changes. fileSystems = { @@ -36,9 +42,7 @@ networking.hostName = "vetinari"; networking.hostId = "8419e344"; - disko.devices = import ./disko.nix { - disks = [ "/dev/sda" ]; - }; + disko.devices = import ./disko.nix { disks = [ "/dev/sda" ]; }; networking.useNetworkd = true; @@ -66,7 +70,6 @@ overrideFolders = false; }; - hardware.opengl.enable = true; hardware.opengl.extraPackages = with pkgs; [ intel-media-driver diff --git a/hosts/vetinari/disko.nix b/hosts/vetinari/disko.nix index 3102874c..12c4aa02 100644 --- a/hosts/vetinari/disko.nix +++ b/hosts/vetinari/disko.nix @@ -1,4 +1,8 @@ -{ disks ? [ "/dev/vdb" ], ... }: { +{ + disks ? [ "/dev/vdb" ], + ... +}: +{ disk = { main = { device = builtins.elemAt disks 0; diff --git a/hosts/vetinari/hardware-configuration.nix b/hosts/vetinari/hardware-configuration.nix index c072b16b..58231fa3 100644 --- a/hosts/vetinari/hardware-configuration.nix +++ b/hosts/vetinari/hardware-configuration.nix @@ -1,15 +1,24 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; diff --git a/hosts/vetinari/hass.nix b/hosts/vetinari/hass.nix index 0226e639..ceb6f606 100644 --- a/hosts/vetinari/hass.nix +++ b/hosts/vetinari/hass.nix @@ -1,9 +1,12 @@ -{ pkgs, inputs, ... }: { +{ pkgs, inputs, ... }: +{ config = { nixpkgs.config.packageOverrides = pkgs: { - python311Packages = pkgs.python311Packages.overrideScope (final: prev: { - gpiozero = inputs.nipxkgs-master.legacyPackages.x68_64-linux.python311Packages.gpiozero; - }); + python311Packages = pkgs.python311Packages.overrideScope ( + final: prev: { + gpiozero = inputs.nipxkgs-master.legacyPackages.x68_64-linux.python311Packages.gpiozero; + } + ); }; networking.firewall = { @@ -13,9 +16,7 @@ #mqtt 1883 ]; - allowedUDPPorts = [ - 5353 - ]; + allowedUDPPorts = [ 5353 ]; }; services.nginx = { @@ -33,53 +34,56 @@ services.mosquitto = { enable = true; settings = { - sys_interval = 10; + sys_interval = 10; }; listeners = [ { - acl = [ "pattern readwrite #" "pattern readwrite $SYS/#"]; + acl = [ + "pattern readwrite #" + "pattern readwrite $SYS/#" + ]; omitPasswordAuth = true; - - settings.allow_anonymous = true; - + + settings.allow_anonymous = true; + } ]; }; # remove after home-assistant-chip-core has upgrade to openssl 3 # https://github.com/project-chip/connectedhomeip/issues/25688 - nixpkgs.config.permittedInsecurePackages = [ - "openssl-1.1.1w" - ]; + nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1w" ]; services.home-assistant = { enable = true; - extraPackages = p: with p; [ - aiogithubapi - (p.buildPythonPackage rec { - pname = "aioairctrl"; - version = "0.2.4"; + extraPackages = + p: with p; [ + aiogithubapi + (p.buildPythonPackage rec { + pname = "aioairctrl"; + version = "0.2.4"; - src = p.fetchPypi { - inherit pname version; - hash = "sha256-BIJWwMQq3QQjhyO0TSw+C6muyr3Oyv6UHr/Y3iYqRUM="; - }; + src = p.fetchPypi { + inherit pname version; + hash = "sha256-BIJWwMQq3QQjhyO0TSw+C6muyr3Oyv6UHr/Y3iYqRUM="; + }; - buildInputs = [ setuptools ]; + buildInputs = [ setuptools ]; - propagatedBuildInputs = [ pycryptodomex aiocoap ]; + propagatedBuildInputs = [ + pycryptodomex + aiocoap + ]; - pythonImportsCheck = [ - "aioairctrl" - ]; - }) - pyatv - aiohomekit - python-otbr-api - pyunifiprotect - unifi-discovery - ]; + pythonImportsCheck = [ "aioairctrl" ]; + }) + pyatv + aiohomekit + python-otbr-api + pyunifiprotect + unifi-discovery + ]; extraComponents = [ "default_config" @@ -95,42 +99,47 @@ "wled" ]; - config = - { - default_config = { }; + config = { + default_config = { }; - group = "!include groups.yaml"; - automation = "!include automations.yaml"; - scene = "!include scenes.yaml"; - script = "!include scripts.yaml"; + group = "!include groups.yaml"; + automation = "!include automations.yaml"; + scene = "!include scenes.yaml"; + script = "!include scripts.yaml"; - http = { - use_x_forwarded_for = true; - trusted_proxies = [ "127.0.0.1" "::1" ]; - }; + http = { + use_x_forwarded_for = true; + trusted_proxies = [ + "127.0.0.1" + "::1" + ]; + }; - logger = { - default = "warning"; - }; + logger = { + default = "warning"; + }; - homekit = { - ip_address = "192.168.178.33"; - filter = { - include_domains = [ "light" "media_player" "climate" "switch" ]; - exclude_entity_globs = [ "switch.*_internet_access" ]; - }; + homekit = { + ip_address = "192.168.178.33"; + filter = { + include_domains = [ + "light" + "media_player" + "climate" + "switch" + ]; + exclude_entity_globs = [ "switch.*_internet_access" ]; }; + }; - zha.custom_quirks_path = - pkgs.fetchFromGitHub - { - owner = "jacekk015"; - repo = "zha_quirks"; - rev = "69c906bb16b43f1e2d9de6a610066f5b06063710"; - hash = "sha256-T9vbqH7fKcS2pqbpmMp0zgg15qD2gVojSAaQOjffFtA="; - }; - + zha.custom_quirks_path = pkgs.fetchFromGitHub { + owner = "jacekk015"; + repo = "zha_quirks"; + rev = "69c906bb16b43f1e2d9de6a610066f5b06063710"; + hash = "sha256-T9vbqH7fKcS2pqbpmMp0zgg15qD2gVojSAaQOjffFtA="; }; + + }; }; }; } diff --git a/hosts/vetinari/incus.nix b/hosts/vetinari/incus.nix index b7d1a7bf..cb308728 100644 --- a/hosts/vetinari/incus.nix +++ b/hosts/vetinari/incus.nix @@ -1,6 +1,7 @@ -{...}: { +{ ... }: +{ config = { - users.users.xanderio.extraGroups = ["incus-admin"]; + users.users.xanderio.extraGroups = [ "incus-admin" ]; virtualisation.incus = { enable = true; ui.enable = true; diff --git a/hosts/vetinari/jellyfin.nix b/hosts/vetinari/jellyfin.nix index 1f049432..23dcdbcd 100644 --- a/hosts/vetinari/jellyfin.nix +++ b/hosts/vetinari/jellyfin.nix @@ -14,7 +14,7 @@ ''; }; }; - + services.jellyfin.enable = true; }; } diff --git a/hosts/vetinari/netatalk.nix b/hosts/vetinari/netatalk.nix index 69127540..16996cc8 100644 --- a/hosts/vetinari/netatalk.nix +++ b/hosts/vetinari/netatalk.nix @@ -1,4 +1,5 @@ -{ config, ... }: { +{ config, ... }: +{ networking.firewall.allowedTCPPorts = [ config.services.netatalk.port ]; services.borgbackup.jobs.backup.exclude = [ "/var/lib/timemachine" ]; systemd.services.netatalk.serviceConfig = { diff --git a/hosts/vetinari/nextcloud.nix b/hosts/vetinari/nextcloud.nix index 63f636f4..b9b7680f 100644 --- a/hosts/vetinari/nextcloud.nix +++ b/hosts/vetinari/nextcloud.nix @@ -1,4 +1,5 @@ -{ pkgs, config, ... }: { +{ pkgs, config, ... }: +{ services = { postgresql = { enable = true; diff --git a/hosts/vetinari/paperless.nix b/hosts/vetinari/paperless.nix index 4c58e432..8e236f76 100644 --- a/hosts/vetinari/paperless.nix +++ b/hosts/vetinari/paperless.nix @@ -1,4 +1,10 @@ -{ pkgs, config, lib, ... }: { +{ + pkgs, + config, + lib, + ... +}: +{ services = { paperless = { enable = true; @@ -26,7 +32,7 @@ }; x.sops.secrets = { - "services/paperless/oidc_secret" = {}; + "services/paperless/oidc_secret" = { }; }; sops.templates."paperless-socialaccount-providers" = { @@ -68,7 +74,9 @@ ProtectControlGroups = lib.mkForce false; }; script = lib.mkBefore '' - export PAPERLESS_SOCIALACCOUNT_PROVIDERS=$(< ${config.sops.templates."paperless-socialaccount-providers".path}) + export PAPERLESS_SOCIALACCOUNT_PROVIDERS=$(< ${ + config.sops.templates."paperless-socialaccount-providers".path + }) ''; }; systemd.services.paperless-task-queue = { diff --git a/hosts/vetinari/shairport.nix b/hosts/vetinari/shairport.nix index 1f4a38a1..280b441b 100644 --- a/hosts/vetinari/shairport.nix +++ b/hosts/vetinari/shairport.nix @@ -16,14 +16,23 @@ ]; allowedTCPPortRanges = [ # AirPlay 2 - { from = 32768; to = 60999; } + { + from = 32768; + to = 60999; + } ]; allowedUDPPortRanges = [ # AirPlay 1 - { from = 6000; to = 6009; } + { + from = 6000; + to = 6009; + } # AirPlay 2 - { from = 32768; to = 60999; } + { + from = 32768; + to = 60999; + } ]; }; @@ -40,7 +49,6 @@ wantedBy = [ "multi-user.target" ]; }; - systemd.services.nqptp = { wantedBy = [ "aerosound.target" ]; serviceConfig = { @@ -53,8 +61,17 @@ systemd.services.shairport-sync = { wantedBy = [ "aerosound.target" ]; wants = [ "avahi-daemon.service" ]; - requires = [ "nqptp.service" "mosquitto.service" "pipewire.service" ]; - after = [ "network-online.target" "avahi-daemon.service" "nqptp.service" "pipewire.service" ]; + requires = [ + "nqptp.service" + "mosquitto.service" + "pipewire.service" + ]; + after = [ + "network-online.target" + "avahi-daemon.service" + "nqptp.service" + "pipewire.service" + ]; serviceConfig = let @@ -62,10 +79,14 @@ (pkgs.shairport-sync.override { enableMetadata = true; enableAirplay2 = true; - }).overrideAttrs (old: { - configureFlags = old.configureFlags ++ [ "--with-mqtt-client" ]; - buildInputs = old.buildInputs ++ [ pkgs.mosquitto.lib pkgs.mosquitto.dev ]; - }); + }).overrideAttrs + (old: { + configureFlags = old.configureFlags ++ [ "--with-mqtt-client" ]; + buildInputs = old.buildInputs ++ [ + pkgs.mosquitto.lib + pkgs.mosquitto.dev + ]; + }); shairportConfigFile = pkgs.writeText "shairport.conf" '' general = { diff --git a/hosts/vger/borg.nix b/hosts/vger/borg.nix index e39909aa..d8ef58e3 100644 --- a/hosts/vger/borg.nix +++ b/hosts/vger/borg.nix @@ -1,14 +1,26 @@ -{ ... }: { +{ ... }: +{ services.borgbackup.jobs = { backup = { - paths = [ "/etc" "/home" ]; - exclude = [ "/nix" "'**/.cache'" "**/target" "**/.cache" "/home/xanderio/Sources" ]; + paths = [ + "/etc" + "/home" + ]; + exclude = [ + "/nix" + "'**/.cache'" + "**/target" + "**/.cache" + "/home/xanderio/Sources" + ]; repo = "u289342@u289342.your-storagebox.de:backup/vger"; encryption = { mode = "repokey-blake2"; passCommand = "cat /var/borg/passphrase"; }; - environment = { BORG_RSH = "ssh -p 23 -i /var/borg/id_ed25519"; }; + environment = { + BORG_RSH = "ssh -p 23 -i /var/borg/id_ed25519"; + }; compression = "auto,zstd,10"; startAt = "*-*-* 17:00:00"; persistentTimer = true; diff --git a/hosts/vger/default.nix b/hosts/vger/default.nix index 067312c0..702d63bb 100644 --- a/hosts/vger/default.nix +++ b/hosts/vger/default.nix @@ -1,4 +1,12 @@ -{ inputs, pkgs, lib, nixos-hardware, homeImports, ... }: { +{ + inputs, + pkgs, + lib, + nixos-hardware, + homeImports, + ... +}: +{ imports = [ ./hardware-configuration.nix ../../modules/laptop @@ -31,7 +39,9 @@ systemd.services.lenovo_fix.wantedBy = lib.mkForce [ ]; - home-manager.extraSpecialArgs = { inherit inputs; }; + home-manager.extraSpecialArgs = { + inherit inputs; + }; home-manager.users.xanderio.xanderio = { git = { enable = true; diff --git a/hosts/vger/hardware-configuration.nix b/hosts/vger/hardware-configuration.nix index 30d00a52..0536c8a2 100644 --- a/hosts/vger/hardware-configuration.nix +++ b/hosts/vger/hardware-configuration.nix @@ -1,17 +1,23 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config -, lib -, pkgs -, modulesPath -, ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; +{ + config, + lib, + pkgs, + modulesPath, + ... +}: +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; diff --git a/lib/default.nix b/lib/default.nix index c42c1b2c..9944eac6 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,26 +1,21 @@ -{ nixpkgs -, home-manager -, pkgs -, overlays -, system -, inputs -, ... -}: { +{ + nixpkgs, + home-manager, + pkgs, + overlays, + system, + inputs, + ... +}: +{ mkHost = - { name - , modules - , - }: + { name, modules }: nixpkgs.lib.nixosSystem { inherit system pkgs; specialArgs = inputs; - modules = - [ - { - networking.hostName = name; - } - (../hosts + "/${name}") - ] - ++ modules; + modules = [ + { networking.hostName = name; } + (../hosts + "/${name}") + ] ++ modules; }; } diff --git a/modules/authentik-proxy/default.nix b/modules/authentik-proxy/default.nix index f31084fa..82c7377a 100644 --- a/modules/authentik-proxy/default.nix +++ b/modules/authentik-proxy/default.nix @@ -70,7 +70,5 @@ in description = "Domains with should be protected by authentik"; }; }; - config = lib.mkIf cfg.enable { - services.nginx.virtualHosts = genAttrs cfg.domains mkVirtualHosts; - }; + config = lib.mkIf cfg.enable { services.nginx.virtualHosts = genAttrs cfg.domains mkVirtualHosts; }; } diff --git a/modules/common/default.nix b/modules/common/default.nix index 58caf4b1..471232be 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -1,8 +1,10 @@ -{ config -, pkgs -, lib -, ... -}: { +{ + config, + pkgs, + lib, + ... +}: +{ imports = [ ./nix.nix ./users.nix diff --git a/modules/common/nix.nix b/modules/common/nix.nix index ea3adc40..5e85f5d6 100644 --- a/modules/common/nix.nix +++ b/modules/common/nix.nix @@ -1,4 +1,5 @@ -{ lib, inputs, ... }: { +{ lib, inputs, ... }: +{ nix = { nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; registry.nixpkgs.flake = inputs.nixpkgs; diff --git a/modules/common/users.nix b/modules/common/users.nix index b60bdb0b..d2f71ea8 100644 --- a/modules/common/users.nix +++ b/modules/common/users.nix @@ -1,8 +1,15 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ # Define a user account. Don't forget to set a password with ‘passwd’. users.users.xanderio = { isNormalUser = true; - extraGroups = [ "wheel" "audio" "docker" "podman" "dialout" ]; # Enable ‘sudo’ for the user. + extraGroups = [ + "wheel" + "audio" + "docker" + "podman" + "dialout" + ]; # Enable ‘sudo’ for the user. shell = pkgs.fish; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJDvsq3ecdR4xigCpOQVfmWZYY74KnNJIJ5Fo0FsZMGW" # vger diff --git a/modules/laptop/boot.nix b/modules/laptop/boot.nix index 434bc08e..0c752572 100644 --- a/modules/laptop/boot.nix +++ b/modules/laptop/boot.nix @@ -1,4 +1,5 @@ -{ config, ... }: { +{ config, ... }: +{ boot = { extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback.out ]; kernelModules = [ diff --git a/modules/laptop/default.nix b/modules/laptop/default.nix index 467d5eb3..72e6569e 100644 --- a/modules/laptop/default.nix +++ b/modules/laptop/default.nix @@ -1,4 +1,5 @@ -{ inputs, ... }: { +{ inputs, ... }: +{ imports = [ ../common ./boot.nix @@ -81,7 +82,10 @@ # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; - nix.settings.trusted-users = [ "root" "xanderio" ]; + nix.settings.trusted-users = [ + "root" + "xanderio" + ]; nix.daemonCPUSchedPolicy = "idle"; } diff --git a/modules/laptop/desktop.nix b/modules/laptop/desktop.nix index 2db792e3..1d295066 100644 --- a/modules/laptop/desktop.nix +++ b/modules/laptop/desktop.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ programs = { sway.enable = true; fish = { @@ -43,10 +44,12 @@ alsa.enable = true; alsa.support32Bit = true; extraConfig.pipewire = { - "context.modules" = [{ - name = "libpipewire-module-zeroconf-discover"; - args = { }; - }]; + "context.modules" = [ + { + name = "libpipewire-module-zeroconf-discover"; + args = { }; + } + ]; }; }; }; @@ -80,7 +83,6 @@ }; }; - # xdg-desktop-portal-wlr needs sh for exec_* to work systemd.user.services.xdg-desktop-portal-wlr.path = [ pkgs.bash ]; } diff --git a/modules/laptop/fonts.nix b/modules/laptop/fonts.nix index 96169f64..9779fd90 100644 --- a/modules/laptop/fonts.nix +++ b/modules/laptop/fonts.nix @@ -4,16 +4,12 @@ let url = "https://raw.githubusercontent.com/ryanoasis/nerd-fonts/5c5c51e7b18eb080f1fa24df9d164a4b6ff62a6c/10-nerd-font-symbols.conf"; sha256 = "0a9vazsv1yx01l4jrsvzmlfha76ak5rmcd7jiwls50wfd7h38iv3"; }; - nerdfontConfigPkg = - pkgs.runCommand "nerdfont-conf" - { - prefer-local-build = true; - } '' - dst=$out/etc/fonts/conf.d - mkdir -p $dst + nerdfontConfigPkg = pkgs.runCommand "nerdfont-conf" { prefer-local-build = true; } '' + dst=$out/etc/fonts/conf.d + mkdir -p $dst - ln -s ${nerdfontConfig} $dst/10-nerd-font-symbols.conf - ''; + ln -s ${nerdfontConfig} $dst/10-nerd-font-symbols.conf + ''; in { fonts = { diff --git a/modules/laptop/programs.nix b/modules/laptop/programs.nix index 5d0aea14..c0c2f9ad 100644 --- a/modules/laptop/programs.nix +++ b/modules/laptop/programs.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ environment.systemPackages = with pkgs; [ iwd gnome.gnome-boxes diff --git a/modules/laptop/services.nix b/modules/laptop/services.nix index 26756797..bb8a491f 100644 --- a/modules/laptop/services.nix +++ b/modules/laptop/services.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ # Enable CUPS to print documents. # services.printing.enable = true; diff --git a/modules/ntfy.nix b/modules/ntfy.nix index c57dd585..1219f280 100644 --- a/modules/ntfy.nix +++ b/modules/ntfy.nix @@ -1,4 +1,9 @@ -{ pkgs, config, lib, ... }: +{ + pkgs, + config, + lib, + ... +}: with lib; let cfg = config.services.ntfy; @@ -15,9 +20,7 @@ in default = pkgs.ntfy-sh; }; - domain = mkOption { - type = types.str; - }; + domain = mkOption { type = types.str; }; port = mkOption { type = types.port; diff --git a/modules/server/backup.nix b/modules/server/backup.nix index 8872e09e..d8cbc668 100644 --- a/modules/server/backup.nix +++ b/modules/server/backup.nix @@ -6,7 +6,11 @@ }; services.borgbackup.jobs = { backup = { - paths = [ "/var/lib" "/home" "/root" ]; + paths = [ + "/var/lib" + "/home" + "/root" + ]; exclude = [ "'**/.cache'" ]; repo = "u289342@u289342.your-storagebox.de:backup/${config.networking.hostName}"; encryption = { @@ -14,7 +18,9 @@ passCommand = "cat ${config.sops.secrets."all/borg_backup/repo_key".path}"; }; environment = { - BORG_RSH = "ssh -p 23 -o 'StrictHostKeyChecking=no' -i ${config.sops.secrets."all/borg_backup/ssh_key".path}"; + BORG_RSH = "ssh -p 23 -o 'StrictHostKeyChecking=no' -i ${ + config.sops.secrets."all/borg_backup/ssh_key".path + }"; }; compression = "auto,zstd,10"; prune.keep = { diff --git a/modules/server/default.nix b/modules/server/default.nix index 2b541eef..eba9bac4 100644 --- a/modules/server/default.nix +++ b/modules/server/default.nix @@ -13,7 +13,7 @@ domain = "xanderio.de"; }; - deployment.tags = ["server"]; + deployment.tags = [ "server" ]; documentation.nixos.enable = false; } diff --git a/modules/server/nginx.nix b/modules/server/nginx.nix index b736fb1a..13922e5d 100644 --- a/modules/server/nginx.nix +++ b/modules/server/nginx.nix @@ -1,11 +1,11 @@ -{ config -, lib -, ... -}: { +{ config, lib, ... }: +{ config = { - networking.firewall.allowedTCPPorts = - lib.mkIf config.services.nginx.enable [ 80 443 ]; + networking.firewall.allowedTCPPorts = lib.mkIf config.services.nginx.enable [ + 80 + 443 + ]; services = { nginx = { diff --git a/modules/server/node_exporter.nix b/modules/server/node_exporter.nix index 4a4e498f..1fdefedf 100644 --- a/modules/server/node_exporter.nix +++ b/modules/server/node_exporter.nix @@ -1,4 +1,5 @@ -{ ... }: { +{ ... }: +{ networking.firewall.interfaces.tailscale0.allowedTCPPorts = [ 9100 ]; services.prometheus = { exporters = { diff --git a/modules/server/promtail.nix b/modules/server/promtail.nix index 074be41d..69e00209 100644 --- a/modules/server/promtail.nix +++ b/modules/server/promtail.nix @@ -10,11 +10,7 @@ positions = { filename = "/tmp/positions.yaml"; }; - clients = [ - { - url = "http://valen:3030/loki/api/v1/push"; - } - ]; + clients = [ { url = "http://valen:3030/loki/api/v1/push"; } ]; scrape_configs = [ { job_name = "journal"; diff --git a/modules/server/wireguard.nix b/modules/server/wireguard.nix index f7b46161..9ce97ae8 100644 --- a/modules/server/wireguard.nix +++ b/modules/server/wireguard.nix @@ -1,10 +1,6 @@ -{ lib -, config -, ... -}: { - services.prometheus.exporters.wireguard = - lib.mkIf config.networking.wireguard.enable - { - enable = true; - }; +{ lib, config, ... }: +{ + services.prometheus.exporters.wireguard = lib.mkIf config.networking.wireguard.enable { + enable = true; + }; } diff --git a/modules/sops/default.nix b/modules/sops/default.nix index 3c2bf2ca..67f001c5 100644 --- a/modules/sops/default.nix +++ b/modules/sops/default.nix @@ -10,14 +10,15 @@ in }; }; config = { - sops.secrets = lib.mapAttrs - (name: value: - let - name_split = lib.splitString "/" name; - in - { - sopsFile = ../../secrets/${builtins.elemAt name_split 0}/${builtins.elemAt name_split 1}.yaml; - } // value) - cfg.secrets; + sops.secrets = lib.mapAttrs ( + name: value: + let + name_split = lib.splitString "/" name; + in + { + sopsFile = ../../secrets/${builtins.elemAt name_split 0}/${builtins.elemAt name_split 1}.yaml; + } + // value + ) cfg.secrets; }; } diff --git a/profiles/hetzner_vm/default.nix b/profiles/hetzner_vm/default.nix index 54d3784d..784e6155 100644 --- a/profiles/hetzner_vm/default.nix +++ b/profiles/hetzner_vm/default.nix @@ -1,4 +1,9 @@ -{ config, modulesPath, lib, ... }: +{ + config, + modulesPath, + lib, + ... +}: { imports = [ "${modulesPath}/installer/scan/not-detected.nix" @@ -23,7 +28,10 @@ configurationLimit = 10; }; - fileSystems."/" = lib.mkDefault { device = "/dev/sda1"; fsType = "ext4"; }; + fileSystems."/" = lib.mkDefault { + device = "/dev/sda1"; + fsType = "ext4"; + }; networking.useNetworkd = true; networking.useDHCP = false;