From 1a8a2fa394ea4018b157fea67d14246ff53ec07c Mon Sep 17 00:00:00 2001 From: Alice Huston Date: Sun, 3 Mar 2024 18:06:28 -0500 Subject: [PATCH] Feature/rfc 0166 fmt (#113) * change formatter to nixfmt-rfc-style Signed-off-by: ahuston-0 * Add rfc-style fmt'ing Signed-off-by: ahuston-0 --------- Signed-off-by: ahuston-0 --- flake.lock | 81 ++--- flake.nix | 391 ++++++++++++++++-------- modules/boot.nix | 18 +- modules/fail2ban.nix | 13 +- modules/flake-update-service.nix | 22 +- modules/hydra.nix | 24 +- modules/security.nix | 3 +- systems/configuration.nix | 37 ++- systems/jeeves-jr/configuration.nix | 13 +- systems/jeeves-jr/default.nix | 8 +- systems/jeeves-jr/hardware.nix | 24 +- systems/palatine-hill/configuration.nix | 49 +-- systems/palatine-hill/default.nix | 8 +- systems/palatine-hill/hardware.nix | 13 +- systems/programs.nix | 3 +- users/alice/default.nix | 15 +- users/alice/home.nix | 10 +- users/default.nix | 9 +- users/richie/default.nix | 15 +- 19 files changed, 492 insertions(+), 264 deletions(-) diff --git a/flake.lock b/flake.lock index b2fc0eb..5107cb9 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1708150887, - "narHash": "sha256-lyEaeShLZqQtFO+ULLfxF9fYaYpTal0Ck1B+iKYBOMs=", + "lastModified": 1709446916, + "narHash": "sha256-MX3eR3ao971besQvKt9aKu4tN8tZht7Do3G/eNylNY8=", "owner": "nix-community", "repo": "fenix", - "rev": "761431323e30846bae160e15682cfa687c200606", + "rev": "4b07da0f91ea99f263f47165a11a48678c9e0dc3", "type": "github" }, "original": { @@ -44,11 +44,11 @@ ] }, "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "lastModified": 1709126324, + "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "rev": "d465f4819400de7c8d874d50b982301f28a84605", "type": "github" }, "original": { @@ -64,11 +64,11 @@ ] }, "locked": { - "lastModified": 1708031129, - "narHash": "sha256-EH20hJfNnc1/ODdDVat9B7aKm0B95L3YtkIRwKLvQG8=", + "lastModified": 1709445365, + "narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=", "owner": "nix-community", "repo": "home-manager", - "rev": "3d6791b3897b526c82920a2ab5f61d71985b3cf8", + "rev": "4de84265d7ec7634a69ba75028696d74de9a44a7", "type": "github" }, "original": { @@ -103,11 +103,11 @@ "nixpkgs-regression": "nixpkgs-regression" }, "locked": { - "lastModified": 1706631035, - "narHash": "sha256-tLO1Y08d+1K1Tm8UpLdnx7bi3vR5dhfuZho5S/RPQ0s=", + "lastModified": 1709085635, + "narHash": "sha256-Sv5VFPF5BAXkMWgekh0iH1SeqTF8VcCiW5nR6/AATrI=", "owner": "NixOS", "repo": "nix", - "rev": "a4a4ef9b53fa13a4a9db52cb536b96a8e54a4ac3", + "rev": "edcb3430ef39a225aada06ef898c907d8277fbe8", "type": "github" }, "original": { @@ -124,11 +124,11 @@ ] }, "locked": { - "lastModified": 1707620986, - "narHash": "sha256-XE0tCSkSVBeJDWhjFwusNInwAhrnp+TloUNUpvnTiLw=", + "lastModified": 1709435391, + "narHash": "sha256-s4itTkIVxn5lYeTzwkbAgl99atnjdZv1idI1118vdzA=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "0cb4345704123492e6d1f1068629069413c80de0", + "rev": "93554c04c2f1c02f4a383538e8848d511c3129e9", "type": "github" }, "original": { @@ -170,11 +170,11 @@ ] }, "locked": { - "lastModified": 1708134366, - "narHash": "sha256-MtjbG+lQHrmxbBdIOlRQ9RBULsszGhqCpVD23y3KMEw=", + "lastModified": 1709281475, + "narHash": "sha256-usg85sNHuh3OVrUgI40ZqAq5hfT/3rBs2QJeFxv0POU=", "owner": "SuperSandro2000", "repo": "nixos-modules", - "rev": "4e41d2a44dde45e234a7795e5a502d21ad484d52", + "rev": "529db3a982d4939e8b4656472945c73181520a67", "type": "github" }, "original": { @@ -185,11 +185,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1708118438, - "narHash": "sha256-kk9/0nuVgA220FcqH/D2xaN6uGyHp/zoxPNUmPCMmEE=", + "lastModified": 1709237383, + "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5863c27340ba4de8f83e7e3c023b9599c3cb3c80", + "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8", "type": "github" }, "original": { @@ -199,32 +199,6 @@ "type": "github" } }, - "nixpkgs-fmt": { - "inputs": { - "fenix": [ - "fenix" - ], - "flake-utils": [ - "flake-utils" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1706847205, - "narHash": "sha256-lkrvtZj4YhRLi6cmIP1dqZmULy3ujTN2hvZKKIYqZLU=", - "owner": "rad-development", - "repo": "nixpkgs-fmt", - "rev": "d83302adb7f6b40a5ed6f91e83af94a6bf83436f", - "type": "github" - }, - "original": { - "owner": "rad-development", - "repo": "nixpkgs-fmt", - "type": "github" - } - }, "nixpkgs-regression": { "locked": { "lastModified": 1643052045, @@ -251,7 +225,6 @@ "nix-pre-commit": "nix-pre-commit", "nixos-modules": "nixos-modules", "nixpkgs": "nixpkgs", - "nixpkgs-fmt": "nixpkgs-fmt", "sops-nix": "sops-nix", "systems": "systems" } @@ -259,11 +232,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1708018577, - "narHash": "sha256-B75VUqKvQeIqAUnYw4bGjY3xxrCqzRBJHLbmD0MAWEw=", + "lastModified": 1709373076, + "narHash": "sha256-vRBRyCVMhH+giewRQgOgNO+p7VlGeJNgCqrZBnvfWQc=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "b9b0d29b8e69b02457cfabe20c4c69cdb45f3cc5", + "rev": "4ef6a49b44e8aa380da7522442234bfd7a52c55e", "type": "github" }, "original": { @@ -283,11 +256,11 @@ ] }, "locked": { - "lastModified": 1707842202, - "narHash": "sha256-3dTBbCzHJBinwhsisGJHW1HLBsLbj91+a5ZDXt7ttW0=", + "lastModified": 1709434911, + "narHash": "sha256-UN47hQPM9ijwoz7cYq10xl19hvlSP/232+M5vZDOMs4=", "owner": "Mic92", "repo": "sops-nix", - "rev": "48afd3264ec52bee85231a7122612e2c5202fa74", + "rev": "075df9d85ee70cfb53e598058045e1738f05e273", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 10a1d3d..fe46612 100644 --- a/flake.nix +++ b/flake.nix @@ -45,15 +45,6 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixpkgs-fmt = { - url = "github:rad-development/nixpkgs-fmt"; - inputs = { - nixpkgs.follows = "nixpkgs"; - flake-utils.follows = "flake-utils"; - fenix.follows = "fenix"; - }; - }; - nixos-modules = { url = "github:SuperSandro2000/nixos-modules"; inputs = { @@ -84,7 +75,17 @@ }; }; - outputs = { self, nixpkgs-fmt, nix, home-manager, nix-pre-commit, nixos-modules, nixpkgs, sops-nix, ... }@inputs: + outputs = + { + self, + nix, + home-manager, + nix-pre-commit, + nixos-modules, + nixpkgs, + sops-nix, + ... + }@inputs: let inherit (nixpkgs) lib; systems = [ @@ -95,25 +96,43 @@ ]; forEachSystem = lib.genAttrs systems; - overlayList = [ self.overlays.default nix.overlays.default ]; - pkgsBySystem = forEachSystem (system: import nixpkgs { - inherit system; - overlays = overlayList; - config = { - allowUnfree = true; - isHydra = true; - }; - }); + overlayList = [ + self.overlays.default + nix.overlays.default + ]; + pkgsBySystem = forEachSystem ( + system: + import nixpkgs { + inherit system; + overlays = overlayList; + config = { + allowUnfree = true; + isHydra = true; + }; + } + ); - src = builtins.filterSource (path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path)) ./.; + src = + builtins.filterSource (path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path)) + ./.; ls = dir: lib.attrNames (builtins.readDir (src + "/${dir}")); - lsdir = dir: if (builtins.pathExists (src + "/${dir}")) then (lib.attrNames (lib.filterAttrs (path: type: type == "directory") (builtins.readDir (src + "/${dir}")))) else [ ]; + lsdir = + dir: + if (builtins.pathExists (src + "/${dir}")) then + (lib.attrNames ( + lib.filterAttrs (path: type: type == "directory") (builtins.readDir (src + "/${dir}")) + )) + else + [ ]; fileList = dir: map (file: ./. + "/${dir}/${file}") (ls dir); - recursiveMerge = attrList: + recursiveMerge = + attrList: let - f = attrPath: - builtins.zipAttrsWith (n: values: + f = + attrPath: + builtins.zipAttrsWith ( + n: values: if builtins.tail values == [ ] then builtins.head values else if builtins.all builtins.isList values then @@ -121,7 +140,8 @@ else if builtins.all builtins.isAttrs values then f (attrPath ++ [ n ]) values else - lib.last values); + lib.last values + ); in f [ ] attrList; @@ -130,17 +150,19 @@ { repo = "https://gitlab.com/vojko.pribudic/pre-commit-update"; rev = "bbd69145df8741f4f470b8f1cf2867121be52121"; - hooks = [{ - id = "pre-commit-update"; - args = [ "--dry-run" ]; - }]; + hooks = [ + { + id = "pre-commit-update"; + args = [ "--dry-run" ]; + } + ]; } { repo = "local"; hooks = [ # { # id = "nixfmt check"; - # entry = "${nixpkgs-fmt.legacyPackages.x86_64-linux.nixpkgs-fmt}/bin/nixpkgs-fmt"; + # entry = "${nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style}/bin/nixfmt"; # args = [ "--check" ]; # language = "system"; # files = "\\.nix"; @@ -158,119 +180,215 @@ }; in { - formatter = forEachSystem (system: nixpkgs-fmt.legacyPackages.${system}.nixpkgs-fmt); + formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); overlays.default = final: prev: { - nixpkgs-fmt = forEachSystem (system: nixpkgs-fmt.legacyPackages.${system}.nixpkgs.fmt); + nixpkgs-fmt = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style); }; nixosConfigurations = let - constructSystem = { hostname, users, home ? true, iso ? [ ], modules ? [ ], server ? true, sops ? true, system ? "x86_64-linux", owner ? null }: + constructSystem = + { + hostname, + users, + home ? true, + iso ? [ ], + modules ? [ ], + server ? true, + sops ? true, + system ? "x86_64-linux", + owner ? null, + }: lib.nixosSystem { system = "x86_64-linux"; # pkgs = lib.mkIf (system != "x86_64-linux") (import inputs.patch-aarch64 { inherit (nixpkgs) config; inherit system; }).legacyPackages.${system}; - modules = [ - nixos-modules.nixosModule - sops-nix.nixosModules.sops - { config.networking.hostName = "${hostname}"; } - { - nixpkgs.overlays = [ - (_self: super: { - libgit2 = super.libgit2.overrideAttrs { doCheck = false; }; - }) - ]; - } - ] ++ (if server then [ - ./systems/programs.nix - ./systems/configuration.nix - ./systems/${hostname}/hardware.nix - ./systems/${hostname}/configuration.nix - ] else [ - ./users/${builtins.head users}/systems/${hostname}/configuration.nix - ./users/${builtins.head users}/systems/${hostname}/hardware.nix - ]) ++ fileList "modules" - ++ modules - ++ lib.optional home home-manager.nixosModules.home-manager - ++ lib.optional (builtins.elem "minimal" iso) "${toString nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" - ++ lib.optional (builtins.elem "sd" iso) "${toString nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" - ++ (if home then (map (user: { - home-manager.users.${user} = import ./users/${user}/home.nix; - home-manager.users.root = lib.mkIf (owner == user) (import ./users/${user}/home.nix); - }) users) else [ ]) - ++ lib.optional (system != "x86_64-linux") { - config.nixpkgs = { - config.allowUnsupportedSystem = true; - buildPlatform = "x86_64-linux"; - }; - } ++ map (user: { config, lib, pkgs, ... }@args: { - users.users.${user} = import ./users/${user} (args // { name = "${user}"; }); - boot.initrd.network.ssh.authorizedKeys = lib.mkIf server config.users.users.${user}.openssh.authorizedKeys.keys; - sops = lib.mkIf sops { - secrets."${user}/user-password" = { - sopsFile = ./users/${user}/secrets.yaml; - neededForUsers = true; + modules = + [ + nixos-modules.nixosModule + sops-nix.nixosModules.sops + { config.networking.hostName = "${hostname}"; } + { + nixpkgs.overlays = [ + (_self: super: { libgit2 = super.libgit2.overrideAttrs { doCheck = false; }; }) + ]; + } + ] + ++ ( + if server then + [ + ./systems/programs.nix + ./systems/configuration.nix + ./systems/${hostname}/hardware.nix + ./systems/${hostname}/configuration.nix + ] + else + [ + ./users/${builtins.head users}/systems/${hostname}/configuration.nix + ./users/${builtins.head users}/systems/${hostname}/hardware.nix + ] + ) + ++ fileList "modules" + ++ modules + ++ lib.optional home home-manager.nixosModules.home-manager + ++ + lib.optional (builtins.elem "minimal" iso) + "${toString nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" + ++ + lib.optional (builtins.elem "sd" iso) + "${toString nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" + ++ ( + if home then + (map + (user: { + home-manager.users.${user} = import ./users/${user}/home.nix; + home-manager.users.root = lib.mkIf (owner == user) (import ./users/${user}/home.nix); + }) + users + ) + else + [ ] + ) + ++ lib.optional (system != "x86_64-linux") { + config.nixpkgs = { + config.allowUnsupportedSystem = true; + buildPlatform = "x86_64-linux"; }; - }; - }) users; + } + ++ + map + ( + user: + { + config, + lib, + pkgs, + ... + }@args: + { + users.users.${user} = import ./users/${user} (args // { name = "${user}"; }); + boot.initrd.network.ssh.authorizedKeys = + lib.mkIf server + config.users.users.${user}.openssh.authorizedKeys.keys; + sops = lib.mkIf sops { + secrets."${user}/user-password" = { + sopsFile = ./users/${user}/secrets.yaml; + neededForUsers = true; + }; + }; + } + ) + users; }; in - (builtins.listToAttrs (map - (system: { - name = system; - value = constructSystem ({ hostname = system; } // builtins.removeAttrs (import ./systems/${system} { inherit inputs; }) [ "hostname" "server" "home" ]); - }) - (lsdir "systems"))) // (builtins.listToAttrs (builtins.concatMap - (user: map + (builtins.listToAttrs ( + map (system: { - name = "${user}.${system}"; - value = constructSystem ({ - hostname = system; - server = false; - users = [ user ]; - owner = user; - } // builtins.removeAttrs (import ./users/${user}/systems/${system} { inherit inputs; }) [ "hostname" "server" "users" "owner" ]); + name = system; + value = constructSystem ( + { + hostname = system; + } + // builtins.removeAttrs (import ./systems/${system} { inherit inputs; }) [ + "hostname" + "server" + "home" + ] + ); }) - (lsdir "users/${user}/systems")) - (lsdir "users"))); + (lsdir "systems") + )) + // (builtins.listToAttrs ( + builtins.concatMap + ( + user: + map + (system: { + name = "${user}.${system}"; + value = constructSystem ( + { + hostname = system; + server = false; + users = [ user ]; + owner = user; + } + // builtins.removeAttrs (import ./users/${user}/systems/${system} { inherit inputs; }) [ + "hostname" + "server" + "users" + "owner" + ] + ); + }) + (lsdir "users/${user}/systems") + ) + (lsdir "users") + )); - devShell = lib.mapAttrs - (system: sopsPkgs: - with nixpkgs.legacyPackages.${system}; - mkShell { - sopsPGPKeyDirs = [ "./keys" ]; - nativeBuildInputs = [ apacheHttpd sopsPkgs.sops-import-keys-hook ]; - packages = [ - self.formatter.${system} - nixpkgs.legacyPackages.${system}.deadnix - ]; - shellHook = (nix-pre-commit.lib.${system}.mkConfig { inherit pkgs config; }).shellHook; - }) - sops-nix.packages; - - hydraJobs = { - build = (recursiveMerge + devShell = + lib.mapAttrs ( - (map - (machine: { - ${machine.pkgs.system} = (builtins.listToAttrs (builtins.filter (v: v != { }) (map - (pkg: (if (builtins.hasAttr pkg.name pkgsBySystem.${machine.pkgs.system}) then { - name = pkg.name; - value = pkgsBySystem.${machine.pkgs.system}.${pkg.name}; - } else { })) - machine.config.environment.systemPackages))); - }) - (builtins.attrValues self.nixosConfigurations)) ++ [ - (forEachSystem (system: { - ${nixpkgs-fmt.legacyPackages.${system}.nixpkgs-fmt.name} = pkgsBySystem.${system}.${nixpkgs-fmt.legacyPackages.${system}.nixpkgs-fmt.name}; - })) - ] - )); - } // lib.mapAttrs (__: lib.mapAttrs (_: lib.hydraJob)) - ( + system: sopsPkgs: + with nixpkgs.legacyPackages.${system}; + mkShell { + sopsPGPKeyDirs = [ "./keys" ]; + nativeBuildInputs = [ + apacheHttpd + sopsPkgs.sops-import-keys-hook + ]; + packages = [ + self.formatter.${system} + nixpkgs.legacyPackages.${system}.deadnix + ]; + shellHook = (nix-pre-commit.lib.${system}.mkConfig { inherit pkgs config; }).shellHook; + } + ) + sops-nix.packages; + + hydraJobs = + { + build = ( + recursiveMerge ( + (map + (machine: { + ${machine.pkgs.system} = ( + builtins.listToAttrs ( + builtins.filter (v: v != { }) ( + map + ( + pkg: + ( + if (builtins.hasAttr pkg.name pkgsBySystem.${machine.pkgs.system}) then + { + name = pkg.name; + value = pkgsBySystem.${machine.pkgs.system}.${pkg.name}; + } + else + { } + ) + ) + machine.config.environment.systemPackages + ) + ) + ); + }) + (builtins.attrValues self.nixosConfigurations) + ) + ++ [ + # not fully sure what this is for but it breaks with nixfmt + # (forEachSystem (system: { + # ${nixpkgs.legacyPackages.${system}.nixfmt-rfc-style.name} = pkgsBySystem.${system}.${nixpkgs.legacyPackages.${system}.nixfmt-rfc-style.name}; + # })) + ] + ) + ); + } + // lib.mapAttrs (__: lib.mapAttrs (_: lib.hydraJob)) ( let - mkBuild = type: + mkBuild = + type: let - getBuildEntryPoint = (name: nixosSystem: + getBuildEntryPoint = ( + name: nixosSystem: if builtins.hasAttr type nixosSystem.config.system.build then let cfg = nixosSystem.config.system.build.${type}; @@ -279,15 +397,24 @@ lib.recursiveUpdate cfg { meta.timeout = 24 * 60 * 60; } else cfg - else { }); + else + { } + ); in lib.filterAttrs (n: v: v != { }) (builtins.mapAttrs getBuildEntryPoint self.nixosConfigurations); in - builtins.listToAttrs (map - (type: { - name = type; - value = mkBuild type; - }) [ "toplevel" "isoImage" "sdImage" ]) + builtins.listToAttrs ( + map + (type: { + name = type; + value = mkBuild type; + }) + [ + "toplevel" + "isoImage" + "sdImage" + ] + ) ); }; } diff --git a/modules/boot.nix b/modules/boot.nix index cf1b715..d3b1d28 100644 --- a/modules/boot.nix +++ b/modules/boot.nix @@ -1,7 +1,14 @@ -{ config, lib, libS, ... }: +{ + config, + lib, + libS, + ... +}: -let cfg = config.boot; -in { +let + cfg = config.boot; +in +{ options = { boot = { default = libS.mkOpinionatedOption "enable the boot builder"; @@ -28,7 +35,10 @@ in { supportedFilesystems = [ cfg.filesystem ]; tmp.useTmpfs = true; kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; - kernelParams = [ "nordrand" ] ++ lib.optional (cfg.cpuType == "amd") "kvm-amd" ++ lib.optional cfg.fullDiskEncryption "ip=:::"; + kernelParams = + [ "nordrand" ] + ++ lib.optional (cfg.cpuType == "amd") "kvm-amd" + ++ lib.optional cfg.fullDiskEncryption "ip=:::"; initrd = { kernelModules = lib.mkIf cfg.amdGPU [ "amdgpu" ]; network = lib.mkIf cfg.fullDiskEncryption { diff --git a/modules/fail2ban.nix b/modules/fail2ban.nix index 1f03681..8476cd7 100644 --- a/modules/fail2ban.nix +++ b/modules/fail2ban.nix @@ -1,7 +1,14 @@ -{ config, lib, libS, ... }: +{ + config, + lib, + libS, + ... +}: -let cfg = config.services.fail2ban; -in { +let + cfg = config.services.fail2ban; +in +{ options.services.fail2ban.recommendedDefaults = libS.mkOpinionatedOption "use fail2ban with recommended defaults"; config.services.fail2ban = lib.mkIf cfg.recommendedDefaults { diff --git a/modules/flake-update-service.nix b/modules/flake-update-service.nix index a47c101..92b9c95 100644 --- a/modules/flake-update-service.nix +++ b/modules/flake-update-service.nix @@ -1,7 +1,14 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: -let cfg = config.services.autopull; -in { +let + cfg = config.services.autopull; +in +{ options = { services.autopull = { enable = lib.mkEnableOption "autopull"; @@ -38,12 +45,17 @@ in { }; config = lib.mkIf (cfg.enable && !(builtins.isNull cfg.path)) { - environment.systemPackages = [ pkgs.openssh pkgs.git ]; + environment.systemPackages = [ + pkgs.openssh + pkgs.git + ]; systemd.services."autopull@${cfg.name}" = { after = [ "multi-user.target" ]; requires = [ "multi-user.target" ]; description = "Pull the latest data for ${cfg.name}"; - environment = lib.mkIf (cfg.ssh-key != "") { GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i ${cfg.ssh-key} -o IdentitiesOnly=yes";}; + environment = lib.mkIf (cfg.ssh-key != "") { + GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.ssh-key} -o IdentitiesOnly=yes"; + }; serviceConfig = { Type = "oneshot"; User = "root"; diff --git a/modules/hydra.nix b/modules/hydra.nix index 9af1f49..535108d 100644 --- a/modules/hydra.nix +++ b/modules/hydra.nix @@ -1,15 +1,19 @@ { config, lib, ... }: -let cfg = config.services.hydra; -in { +let + cfg = config.services.hydra; +in +{ config = { - services.hydra.extraConfig = lib.mkDefault (lib.concatLines [ - cfg.extraConfig - '' - - timeout = 3600 - - '' - ]); + services.hydra.extraConfig = lib.mkDefault ( + lib.concatLines [ + cfg.extraConfig + '' + + timeout = 3600 + + '' + ] + ); }; } diff --git a/modules/security.nix b/modules/security.nix index 6fd0dc0..cf092dc 100644 --- a/modules/security.nix +++ b/modules/security.nix @@ -1,5 +1,6 @@ # BIASED -{ config, lib, ... }: { +{ config, lib, ... }: +{ config = { services = { openssh = lib.mkIf config.services.gitea.enable { diff --git a/systems/configuration.nix b/systems/configuration.nix index 71e4d61..316db0a 100644 --- a/systems/configuration.nix +++ b/systems/configuration.nix @@ -1,4 +1,10 @@ -{ lib, pkgs, config, ... }: { +{ + lib, + pkgs, + config, + ... +}: +{ security.auditd.enable = true; nixpkgs.config.allowUnfree = true; i18n = { @@ -8,7 +14,9 @@ boot = { default = true; - kernel.sysctl = { "net.ipv6.conf.ens3.accept_ra" = 1; }; + kernel.sysctl = { + "net.ipv6.conf.ens3.accept_ra" = 1; + }; }; home-manager = { @@ -146,14 +154,35 @@ nix-ld = { enable = true; - libraries = with pkgs; [ acl attr bzip2 curl glib libglvnd libmysqlclient libsodium libssh libxml2 openssl stdenv.cc.cc systemd util-linux xz zlib zstd ]; + libraries = with pkgs; [ + acl + attr + bzip2 + curl + glib + libglvnd + libmysqlclient + libsodium + libssh + libxml2 + openssl + stdenv.cc.cc + systemd + util-linux + xz + zlib + zstd + ]; }; }; nix = { diffSystem = true; settings = { - experimental-features = [ "nix-command" "flakes" ]; + experimental-features = [ + "nix-command" + "flakes" + ]; keep-outputs = true; builders-use-substitutes = true; connect-timeout = 20; diff --git a/systems/jeeves-jr/configuration.nix b/systems/jeeves-jr/configuration.nix index e145892..7116d82 100644 --- a/systems/jeeves-jr/configuration.nix +++ b/systems/jeeves-jr/configuration.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ time.timeZone = "America/New_York"; console.keyMap = "us"; networking = { @@ -7,7 +8,7 @@ }; boot = { - zfs.extraPools = ["Main"]; + zfs.extraPools = [ "Main" ]; filesystem = "zfs"; useSystemdBoot = true; }; @@ -21,7 +22,7 @@ daemon."settings" = { experimental = true; data-root = "/var/lib/docker"; - exec-opts = ["native.cgroupdriver=systemd"]; + exec-opts = [ "native.cgroupdriver=systemd" ]; log-opts = { max-size = "10m"; max-file = "5"; @@ -36,7 +37,7 @@ }; environment = { - systemPackages = with pkgs; [docker-compose]; + systemPackages = with pkgs; [ docker-compose ]; etc = { # Creates /etc/lynis/custom.prf "lynis/custom.prf" = { @@ -60,7 +61,7 @@ services = { nfs.server.enable = true; - openssh.ports = [352]; + openssh.ports = [ 352 ]; smartd.enable = true; @@ -80,7 +81,7 @@ zerotierone = { enable = true; - joinNetworks = ["e4da7455b2ae64ca"]; + joinNetworks = [ "e4da7455b2ae64ca" ]; }; }; diff --git a/systems/jeeves-jr/default.nix b/systems/jeeves-jr/default.nix index b17698e..01f0304 100644 --- a/systems/jeeves-jr/default.nix +++ b/systems/jeeves-jr/default.nix @@ -1 +1,7 @@ -{...}: {users = ["alice" "richie"];} +{ ... }: +{ + users = [ + "alice" + "richie" + ]; +} diff --git a/systems/jeeves-jr/hardware.nix b/systems/jeeves-jr/hardware.nix index a9ea4f5..47b857c 100644 --- a/systems/jeeves-jr/hardware.nix +++ b/systems/jeeves-jr/hardware.nix @@ -3,21 +3,27 @@ lib, modulesPath, ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; +}: +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; networking.useDHCP = lib.mkDefault true; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - swapDevices = [{device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed";}]; + swapDevices = [ { device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; } ]; boot = { - kernelModules = ["kvm-amd"]; - extraModulePackages = []; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; initrd = { - kernelModules = []; - availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; + kernelModules = [ ]; + availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; }; }; diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix index 1430d3d..687232f 100644 --- a/systems/palatine-hill/configuration.nix +++ b/systems/palatine-hill/configuration.nix @@ -1,7 +1,9 @@ -{ config, pkgs, ... }: { +{ config, pkgs, ... }: +{ time.timeZone = "America/New_York"; console.keyMap = "us"; - systemd.services.hydra-notify.serviceConfig.EnvironmentFile = config.sops.secrets."hydra/environment".path; + systemd.services.hydra-notify.serviceConfig.EnvironmentFile = + config.sops.secrets."hydra/environment".path; programs.git.lfs.enable = false; networking = { hostId = "dc2f9781"; @@ -9,9 +11,7 @@ }; nixpkgs.config.packageOverrides = pkgs: { - vaapiIntel = pkgs.vaapiIntel.override { - enableHybridCodec = true; - }; + vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; }; boot = { @@ -19,7 +19,10 @@ loader.grub.device = "/dev/sda"; filesystem = "zfs"; useSystemdBoot = true; - kernelParams = [ "i915.force_probe=56a5" "i915.enable_guc=2" ]; + kernelParams = [ + "i915.force_probe=56a5" + "i915.enable_guc=2" + ]; kernel.sysctl = { "vm.overcommit_memory" = 1; "vm.swappiness" = 10; @@ -33,23 +36,25 @@ builders-use-substitutes = true ''; - buildMachines = [{ - hostName = "localhost"; - maxJobs = 2; - protocol = "ssh-ng"; - speedFactor = 2; - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; + buildMachines = [ + { + hostName = "localhost"; + maxJobs = 2; + protocol = "ssh-ng"; + speedFactor = 2; + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; - supportedFeatures = [ - "kvm" - "nixos-test" - "big-parallel" - "benchmark" - ]; - }]; + supportedFeatures = [ + "kvm" + "nixos-test" + "big-parallel" + "benchmark" + ]; + } + ]; }; hardware = { diff --git a/systems/palatine-hill/default.nix b/systems/palatine-hill/default.nix index dc75568..01f0304 100644 --- a/systems/palatine-hill/default.nix +++ b/systems/palatine-hill/default.nix @@ -1 +1,7 @@ -{ ... }: { users = [ "alice" "richie" ]; } +{ ... }: +{ + users = [ + "alice" + "richie" + ]; +} diff --git a/systems/palatine-hill/hardware.nix b/systems/palatine-hill/hardware.nix index 4bee813..4cc92ef 100644 --- a/systems/palatine-hill/hardware.nix +++ b/systems/palatine-hill/hardware.nix @@ -1,13 +1,16 @@ -{ config, lib, modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + config, + lib, + modulesPath, + ... +}: +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; networking.useDHCP = lib.mkDefault true; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - swapDevices = [{ device = "/dev/disk/by-uuid/2b01e592-2297-4eb1-854b-17a63f1d4cf6"; }]; + swapDevices = [ { device = "/dev/disk/by-uuid/2b01e592-2297-4eb1-854b-17a63f1d4cf6"; } ]; boot = { kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; diff --git a/systems/programs.nix b/systems/programs.nix index 2cdf7b6..51e4322 100644 --- a/systems/programs.nix +++ b/systems/programs.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ environment.systemPackages = with pkgs; [ bat btop diff --git a/users/alice/default.nix b/users/alice/default.nix index 8cced34..867d153 100644 --- a/users/alice/default.nix +++ b/users/alice/default.nix @@ -1,6 +1,17 @@ -{ pkgs, lib, config, name, ... }: +{ + pkgs, + lib, + config, + name, + ... +}: import ../default.nix { - inherit pkgs lib config name; + inherit + pkgs + lib + config + name + ; publicKeys = [ # photon "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOGcqhLaKsjwAnb6plDavAhEyQHNvFS9Uh5lMTuwMhGF alice@parthenon-7588" diff --git a/users/alice/home.nix b/users/alice/home.nix index 5a21605..35def59 100644 --- a/users/alice/home.nix +++ b/users/alice/home.nix @@ -61,7 +61,15 @@ topgrade = { enable = true; - settings = { misc = { disable = [ "system" "nix" "shell" ]; }; }; + settings = { + misc = { + disable = [ + "system" + "nix" + "shell" + ]; + }; + }; }; }; diff --git a/users/default.nix b/users/default.nix index 54fa520..2783785 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,4 +1,11 @@ -{ lib, config, pkgs, name, publicKeys ? [ ], defaultShell ? "zsh", }: +{ + lib, + config, + pkgs, + name, + publicKeys ? [ ], + defaultShell ? "zsh", +}: { inherit name; diff --git a/users/richie/default.nix b/users/richie/default.nix index aaac176..3f37546 100644 --- a/users/richie/default.nix +++ b/users/richie/default.nix @@ -1,6 +1,17 @@ -{ pkgs, lib, config, name, ... }: +{ + pkgs, + lib, + config, + name, + ... +}: import ../default.nix { - inherit pkgs lib config name; + inherit + pkgs + lib + config + name + ; publicKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtRuAqeERMet9sFh1NEkG+pHLq/JRAAGDtv29flXF59 Richie@tmmworkshop.com Desktop" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJSlv8ujrMpr8qjpX2V+UBXSP5FGhM1l+/5aGnfb2MV Richie@tmmworkshop.com Laptop"