ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Feature/rfc 0166 fmt (#113)

Browse Source 
* change formatter to nixfmt-rfc-style

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* Add rfc-style fmt'ing

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

---------

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
This commit is contained in:
Alice Huston 2024-03-03 18:06:28 -05:00 committed by GitHub
parent e732499201
commit 1a8a2fa394
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
19 changed files with 492 additions and 264 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
flake.lock generated
View File

@ -8,11 +8,11 @@
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
"lastModified": 1708150887, "lastModified": 1709446916,
"narHash": "sha256-lyEaeShLZqQtFO+ULLfxF9fYaYpTal0Ck1B+iKYBOMs=", "narHash": "sha256-MX3eR3ao971besQvKt9aKu4tN8tZht7Do3G/eNylNY8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "761431323e30846bae160e15682cfa687c200606", "rev": "4b07da0f91ea99f263f47165a11a48678c9e0dc3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -44,11 +44,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1705309234, "lastModified": 1709126324,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", "narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", "rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -64,11 +64,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1708031129, "lastModified": 1709445365,
"narHash": "sha256-EH20hJfNnc1/ODdDVat9B7aKm0B95L3YtkIRwKLvQG8=", "narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "3d6791b3897b526c82920a2ab5f61d71985b3cf8", "rev": "4de84265d7ec7634a69ba75028696d74de9a44a7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -103,11 +103,11 @@
"nixpkgs-regression": "nixpkgs-regression" "nixpkgs-regression": "nixpkgs-regression"
}, },
"locked": { "locked": {
"lastModified": 1706631035, "lastModified": 1709085635,
"narHash": "sha256-tLO1Y08d+1K1Tm8UpLdnx7bi3vR5dhfuZho5S/RPQ0s=", "narHash": "sha256-Sv5VFPF5BAXkMWgekh0iH1SeqTF8VcCiW5nR6/AATrI=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nix", "repo": "nix",
"rev": "a4a4ef9b53fa13a4a9db52cb536b96a8e54a4ac3", "rev": "edcb3430ef39a225aada06ef898c907d8277fbe8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -124,11 +124,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1707620986, "lastModified": 1709435391,
"narHash": "sha256-XE0tCSkSVBeJDWhjFwusNInwAhrnp+TloUNUpvnTiLw=", "narHash": "sha256-s4itTkIVxn5lYeTzwkbAgl99atnjdZv1idI1118vdzA=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "0cb4345704123492e6d1f1068629069413c80de0", "rev": "93554c04c2f1c02f4a383538e8848d511c3129e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -170,11 +170,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1708134366, "lastModified": 1709281475,
"narHash": "sha256-MtjbG+lQHrmxbBdIOlRQ9RBULsszGhqCpVD23y3KMEw=", "narHash": "sha256-usg85sNHuh3OVrUgI40ZqAq5hfT/3rBs2QJeFxv0POU=",
"owner": "SuperSandro2000", "owner": "SuperSandro2000",
"repo": "nixos-modules", "repo": "nixos-modules",
"rev": "4e41d2a44dde45e234a7795e5a502d21ad484d52", "rev": "529db3a982d4939e8b4656472945c73181520a67",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -185,11 +185,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1708118438, "lastModified": 1709237383,
"narHash": "sha256-kk9/0nuVgA220FcqH/D2xaN6uGyHp/zoxPNUmPCMmEE=", "narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5863c27340ba4de8f83e7e3c023b9599c3cb3c80", "rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -199,32 +199,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-fmt": {
"inputs": {
"fenix": [
"fenix"
],
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1706847205,
"narHash": "sha256-lkrvtZj4YhRLi6cmIP1dqZmULy3ujTN2hvZKKIYqZLU=",
"owner": "rad-development",
"repo": "nixpkgs-fmt",
"rev": "d83302adb7f6b40a5ed6f91e83af94a6bf83436f",
"type": "github"
},
"original": {
"owner": "rad-development",
"repo": "nixpkgs-fmt",
"type": "github"
}
},
"nixpkgs-regression": { "nixpkgs-regression": {
"locked": { "locked": {
"lastModified": 1643052045, "lastModified": 1643052045,
@ -251,7 +225,6 @@
"nix-pre-commit": "nix-pre-commit", "nix-pre-commit": "nix-pre-commit",
"nixos-modules": "nixos-modules", "nixos-modules": "nixos-modules",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-fmt": "nixpkgs-fmt",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"systems": "systems" "systems": "systems"
} }
@ -259,11 +232,11 @@
"rust-analyzer-src": { "rust-analyzer-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1708018577, "lastModified": 1709373076,
"narHash": "sha256-B75VUqKvQeIqAUnYw4bGjY3xxrCqzRBJHLbmD0MAWEw=", "narHash": "sha256-vRBRyCVMhH+giewRQgOgNO+p7VlGeJNgCqrZBnvfWQc=",
"owner": "rust-lang", "owner": "rust-lang",
"repo": "rust-analyzer", "repo": "rust-analyzer",
"rev": "b9b0d29b8e69b02457cfabe20c4c69cdb45f3cc5", "rev": "4ef6a49b44e8aa380da7522442234bfd7a52c55e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -283,11 +256,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1707842202, "lastModified": 1709434911,
"narHash": "sha256-3dTBbCzHJBinwhsisGJHW1HLBsLbj91+a5ZDXt7ttW0=", "narHash": "sha256-UN47hQPM9ijwoz7cYq10xl19hvlSP/232+M5vZDOMs4=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "48afd3264ec52bee85231a7122612e2c5202fa74", "rev": "075df9d85ee70cfb53e598058045e1738f05e273",
"type": "github" "type": "github"
}, },
"original": { "original": {

391
flake.nix
View File

@ -45,15 +45,6 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixpkgs-fmt = {
url = "github:rad-development/nixpkgs-fmt";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
fenix.follows = "fenix";
};
};
nixos-modules = { nixos-modules = {
url = "github:SuperSandro2000/nixos-modules"; url = "github:SuperSandro2000/nixos-modules";
inputs = { inputs = {
@ -84,7 +75,17 @@
}; };
}; };
outputs = { self, nixpkgs-fmt, nix, home-manager, nix-pre-commit, nixos-modules, nixpkgs, sops-nix, ... }@inputs: outputs =
{
self,
nix,
home-manager,
nix-pre-commit,
nixos-modules,
nixpkgs,
sops-nix,
...
}@inputs:
let let
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
systems = [ systems = [
@ -95,25 +96,43 @@
]; ];
forEachSystem = lib.genAttrs systems; forEachSystem = lib.genAttrs systems;
overlayList = [ self.overlays.default nix.overlays.default ]; overlayList = [
pkgsBySystem = forEachSystem (system: import nixpkgs { self.overlays.default
inherit system; nix.overlays.default
overlays = overlayList; ];
config = { pkgsBySystem = forEachSystem (
allowUnfree = true; system:
isHydra = true; import nixpkgs {
}; inherit system;
}); overlays = overlayList;
config = {
allowUnfree = true;
isHydra = true;
};
}
);
src = builtins.filterSource (path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path)) ./.; src =
builtins.filterSource (path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path))
./.;
ls = dir: lib.attrNames (builtins.readDir (src + "/${dir}")); ls = dir: lib.attrNames (builtins.readDir (src + "/${dir}"));
lsdir = dir: if (builtins.pathExists (src + "/${dir}")) then (lib.attrNames (lib.filterAttrs (path: type: type == "directory") (builtins.readDir (src + "/${dir}")))) else [ ]; lsdir =
dir:
if (builtins.pathExists (src + "/${dir}")) then
(lib.attrNames (
lib.filterAttrs (path: type: type == "directory") (builtins.readDir (src + "/${dir}"))
))
else
[ ];
fileList = dir: map (file: ./. + "/${dir}/${file}") (ls dir); fileList = dir: map (file: ./. + "/${dir}/${file}") (ls dir);
recursiveMerge = attrList: recursiveMerge =
attrList:
let let
f = attrPath: f =
builtins.zipAttrsWith (n: values: attrPath:
builtins.zipAttrsWith (
n: values:
if builtins.tail values == [ ] then if builtins.tail values == [ ] then
builtins.head values builtins.head values
else if builtins.all builtins.isList values then else if builtins.all builtins.isList values then
@ -121,7 +140,8 @@
else if builtins.all builtins.isAttrs values then else if builtins.all builtins.isAttrs values then
f (attrPath ++ [ n ]) values f (attrPath ++ [ n ]) values
else else
lib.last values); lib.last values
);
in in
f [ ] attrList; f [ ] attrList;
@ -130,17 +150,19 @@
{ {
repo = "https://gitlab.com/vojko.pribudic/pre-commit-update"; repo = "https://gitlab.com/vojko.pribudic/pre-commit-update";
rev = "bbd69145df8741f4f470b8f1cf2867121be52121"; rev = "bbd69145df8741f4f470b8f1cf2867121be52121";
hooks = [{ hooks = [
id = "pre-commit-update"; {
args = [ "--dry-run" ]; id = "pre-commit-update";
}]; args = [ "--dry-run" ];
}
];
} }
{ {
repo = "local"; repo = "local";
hooks = [ hooks = [
# { # {
# id = "nixfmt check"; # id = "nixfmt check";
# entry = "${nixpkgs-fmt.legacyPackages.x86_64-linux.nixpkgs-fmt}/bin/nixpkgs-fmt"; # entry = "${nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style}/bin/nixfmt";
# args = [ "--check" ]; # args = [ "--check" ];
# language = "system"; # language = "system";
# files = "\\.nix"; # files = "\\.nix";
@ -158,119 +180,215 @@
}; };
in in
{ {
formatter = forEachSystem (system: nixpkgs-fmt.legacyPackages.${system}.nixpkgs-fmt); formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
overlays.default = final: prev: { overlays.default = final: prev: {
nixpkgs-fmt = forEachSystem (system: nixpkgs-fmt.legacyPackages.${system}.nixpkgs.fmt); nixpkgs-fmt = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
}; };
nixosConfigurations = nixosConfigurations =
let let
constructSystem = { hostname, users, home ? true, iso ? [ ], modules ? [ ], server ? true, sops ? true, system ? "x86_64-linux", owner ? null }: constructSystem =
{
hostname,
users,
home ? true,
iso ? [ ],
modules ? [ ],
server ? true,
sops ? true,
system ? "x86_64-linux",
owner ? null,
}:
lib.nixosSystem { lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
# pkgs = lib.mkIf (system != "x86_64-linux") (import inputs.patch-aarch64 { inherit (nixpkgs) config; inherit system; }).legacyPackages.${system}; # pkgs = lib.mkIf (system != "x86_64-linux") (import inputs.patch-aarch64 { inherit (nixpkgs) config; inherit system; }).legacyPackages.${system};
modules = [ modules =
nixos-modules.nixosModule [
sops-nix.nixosModules.sops nixos-modules.nixosModule
{ config.networking.hostName = "${hostname}"; } sops-nix.nixosModules.sops
{ { config.networking.hostName = "${hostname}"; }
nixpkgs.overlays = [ {
(_self: super: { nixpkgs.overlays = [
libgit2 = super.libgit2.overrideAttrs { doCheck = false; }; (_self: super: { libgit2 = super.libgit2.overrideAttrs { doCheck = false; }; })
}) ];
]; }
} ]
] ++ (if server then [ ++ (
./systems/programs.nix if server then
./systems/configuration.nix [
./systems/${hostname}/hardware.nix ./systems/programs.nix
./systems/${hostname}/configuration.nix ./systems/configuration.nix
] else [ ./systems/${hostname}/hardware.nix
./users/${builtins.head users}/systems/${hostname}/configuration.nix ./systems/${hostname}/configuration.nix
./users/${builtins.head users}/systems/${hostname}/hardware.nix ]
]) ++ fileList "modules" else
++ modules [
++ lib.optional home home-manager.nixosModules.home-manager ./users/${builtins.head users}/systems/${hostname}/configuration.nix
++ lib.optional (builtins.elem "minimal" iso) "${toString nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" ./users/${builtins.head users}/systems/${hostname}/hardware.nix
++ lib.optional (builtins.elem "sd" iso) "${toString nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" ]
++ (if home then (map (user: { )
home-manager.users.${user} = import ./users/${user}/home.nix; ++ fileList "modules"
home-manager.users.root = lib.mkIf (owner == user) (import ./users/${user}/home.nix); ++ modules
}) users) else [ ]) ++ lib.optional home home-manager.nixosModules.home-manager
++ lib.optional (system != "x86_64-linux") { ++
config.nixpkgs = { lib.optional (builtins.elem "minimal" iso)
config.allowUnsupportedSystem = true; "${toString nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
buildPlatform = "x86_64-linux"; ++
}; lib.optional (builtins.elem "sd" iso)
} ++ map (user: { config, lib, pkgs, ... }@args: { "${toString nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
users.users.${user} = import ./users/${user} (args // { name = "${user}"; }); ++ (
boot.initrd.network.ssh.authorizedKeys = lib.mkIf server config.users.users.${user}.openssh.authorizedKeys.keys; if home then
sops = lib.mkIf sops { (map
secrets."${user}/user-password" = { (user: {
sopsFile = ./users/${user}/secrets.yaml; home-manager.users.${user} = import ./users/${user}/home.nix;
neededForUsers = true; home-manager.users.root = lib.mkIf (owner == user) (import ./users/${user}/home.nix);
})
users
)
else
[ ]
)
++ lib.optional (system != "x86_64-linux") {
config.nixpkgs = {
config.allowUnsupportedSystem = true;
buildPlatform = "x86_64-linux";
}; };
}; }
}) users; ++
map
(
user:
{
config,
lib,
pkgs,
...
}@args:
{
users.users.${user} = import ./users/${user} (args // { name = "${user}"; });
boot.initrd.network.ssh.authorizedKeys =
lib.mkIf server
config.users.users.${user}.openssh.authorizedKeys.keys;
sops = lib.mkIf sops {
secrets."${user}/user-password" = {
sopsFile = ./users/${user}/secrets.yaml;
neededForUsers = true;
};
};
}
)
users;
}; };
in in
(builtins.listToAttrs (map (builtins.listToAttrs (
(system: { map
name = system;
value = constructSystem ({ hostname = system; } // builtins.removeAttrs (import ./systems/${system} { inherit inputs; }) [ "hostname" "server" "home" ]);
})
(lsdir "systems"))) // (builtins.listToAttrs (builtins.concatMap
(user: map
(system: { (system: {
name = "${user}.${system}"; name = system;
value = constructSystem ({ value = constructSystem (
hostname = system; {
server = false; hostname = system;
users = [ user ]; }
owner = user; // builtins.removeAttrs (import ./systems/${system} { inherit inputs; }) [
} // builtins.removeAttrs (import ./users/${user}/systems/${system} { inherit inputs; }) [ "hostname" "server" "users" "owner" ]); "hostname"
"server"
"home"
]
);
}) })
(lsdir "users/${user}/systems")) (lsdir "systems")
(lsdir "users"))); ))
// (builtins.listToAttrs (
builtins.concatMap
(
user:
map
(system: {
name = "${user}.${system}";
value = constructSystem (
{
hostname = system;
server = false;
users = [ user ];
owner = user;
}
// builtins.removeAttrs (import ./users/${user}/systems/${system} { inherit inputs; }) [
"hostname"
"server"
"users"
"owner"
]
);
})
(lsdir "users/${user}/systems")
)
(lsdir "users")
));
devShell = lib.mapAttrs devShell =
(system: sopsPkgs: lib.mapAttrs
with nixpkgs.legacyPackages.${system};
mkShell {
sopsPGPKeyDirs = [ "./keys" ];
nativeBuildInputs = [ apacheHttpd sopsPkgs.sops-import-keys-hook ];
packages = [
self.formatter.${system}
nixpkgs.legacyPackages.${system}.deadnix
];
shellHook = (nix-pre-commit.lib.${system}.mkConfig { inherit pkgs config; }).shellHook;
})
sops-nix.packages;
hydraJobs = {
build = (recursiveMerge
( (
(map system: sopsPkgs:
(machine: { with nixpkgs.legacyPackages.${system};
${machine.pkgs.system} = (builtins.listToAttrs (builtins.filter (v: v != { }) (map mkShell {
(pkg: (if (builtins.hasAttr pkg.name pkgsBySystem.${machine.pkgs.system}) then { sopsPGPKeyDirs = [ "./keys" ];
name = pkg.name; nativeBuildInputs = [
value = pkgsBySystem.${machine.pkgs.system}.${pkg.name}; apacheHttpd
} else { })) sopsPkgs.sops-import-keys-hook
machine.config.environment.systemPackages))); ];
}) packages = [
(builtins.attrValues self.nixosConfigurations)) ++ [ self.formatter.${system}
(forEachSystem (system: { nixpkgs.legacyPackages.${system}.deadnix
${nixpkgs-fmt.legacyPackages.${system}.nixpkgs-fmt.name} = pkgsBySystem.${system}.${nixpkgs-fmt.legacyPackages.${system}.nixpkgs-fmt.name}; ];
})) shellHook = (nix-pre-commit.lib.${system}.mkConfig { inherit pkgs config; }).shellHook;
] }
)); )
} // lib.mapAttrs (__: lib.mapAttrs (_: lib.hydraJob)) sops-nix.packages;
(
hydraJobs =
{
build = (
recursiveMerge (
(map
(machine: {
${machine.pkgs.system} = (
builtins.listToAttrs (
builtins.filter (v: v != { }) (
map
(
pkg:
(
if (builtins.hasAttr pkg.name pkgsBySystem.${machine.pkgs.system}) then
{
name = pkg.name;
value = pkgsBySystem.${machine.pkgs.system}.${pkg.name};
}
else
{ }
)
)
machine.config.environment.systemPackages
)
)
);
})
(builtins.attrValues self.nixosConfigurations)
)
++ [
# not fully sure what this is for but it breaks with nixfmt
# (forEachSystem (system: {
# ${nixpkgs.legacyPackages.${system}.nixfmt-rfc-style.name} = pkgsBySystem.${system}.${nixpkgs.legacyPackages.${system}.nixfmt-rfc-style.name};
# }))
]
)
);
}
// lib.mapAttrs (__: lib.mapAttrs (_: lib.hydraJob)) (
let let
mkBuild = type: mkBuild =
type:
let let
getBuildEntryPoint = (name: nixosSystem: getBuildEntryPoint = (
name: nixosSystem:
if builtins.hasAttr type nixosSystem.config.system.build then if builtins.hasAttr type nixosSystem.config.system.build then
let let
cfg = nixosSystem.config.system.build.${type}; cfg = nixosSystem.config.system.build.${type};
@ -279,15 +397,24 @@
lib.recursiveUpdate cfg { meta.timeout = 24 * 60 * 60; } lib.recursiveUpdate cfg { meta.timeout = 24 * 60 * 60; }
else else
cfg cfg
else { }); else
{ }
);
in in
lib.filterAttrs (n: v: v != { }) (builtins.mapAttrs getBuildEntryPoint self.nixosConfigurations); lib.filterAttrs (n: v: v != { }) (builtins.mapAttrs getBuildEntryPoint self.nixosConfigurations);
in in
builtins.listToAttrs (map builtins.listToAttrs (
(type: { map
name = type; (type: {
value = mkBuild type; name = type;
}) [ "toplevel" "isoImage" "sdImage" ]) value = mkBuild type;
})
[
"toplevel"
"isoImage"
"sdImage"
]
)
); );
}; };
} }

18
modules/boot.nix
View File

@ -1,7 +1,14 @@
{ config, lib, libS, ... }: {
config,
lib,
libS,
...
}:
let cfg = config.boot; let
in { cfg = config.boot;
in
{
options = { options = {
boot = { boot = {
default = libS.mkOpinionatedOption "enable the boot builder"; default = libS.mkOpinionatedOption "enable the boot builder";
@ -28,7 +35,10 @@ in {
supportedFilesystems = [ cfg.filesystem ]; supportedFilesystems = [ cfg.filesystem ];
tmp.useTmpfs = true; tmp.useTmpfs = true;
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
kernelParams = [ "nordrand" ] ++ lib.optional (cfg.cpuType == "amd") "kvm-amd" ++ lib.optional cfg.fullDiskEncryption "ip=<ip-addr>::<ip-gateway>:<netmask>"; kernelParams =
[ "nordrand" ]
++ lib.optional (cfg.cpuType == "amd") "kvm-amd"
++ lib.optional cfg.fullDiskEncryption "ip=<ip-addr>::<ip-gateway>:<netmask>";
initrd = { initrd = {
kernelModules = lib.mkIf cfg.amdGPU [ "amdgpu" ]; kernelModules = lib.mkIf cfg.amdGPU [ "amdgpu" ];
network = lib.mkIf cfg.fullDiskEncryption { network = lib.mkIf cfg.fullDiskEncryption {

13
modules/fail2ban.nix
View File

@ -1,7 +1,14 @@
{ config, lib, libS, ... }: {
config,
lib,
libS,
...
}:
let cfg = config.services.fail2ban; let
in { cfg = config.services.fail2ban;
in
{
options.services.fail2ban.recommendedDefaults = libS.mkOpinionatedOption "use fail2ban with recommended defaults"; options.services.fail2ban.recommendedDefaults = libS.mkOpinionatedOption "use fail2ban with recommended defaults";
config.services.fail2ban = lib.mkIf cfg.recommendedDefaults { config.services.fail2ban = lib.mkIf cfg.recommendedDefaults {

22
modules/flake-update-service.nix
View File

@ -1,7 +1,14 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let cfg = config.services.autopull; let
in { cfg = config.services.autopull;
in
{
options = { options = {
services.autopull = { services.autopull = {
enable = lib.mkEnableOption "autopull"; enable = lib.mkEnableOption "autopull";
@ -38,12 +45,17 @@ in {
}; };
config = lib.mkIf (cfg.enable && !(builtins.isNull cfg.path)) { config = lib.mkIf (cfg.enable && !(builtins.isNull cfg.path)) {
environment.systemPackages = [ pkgs.openssh pkgs.git ]; environment.systemPackages = [
pkgs.openssh
pkgs.git
];
systemd.services."autopull@${cfg.name}" = { systemd.services."autopull@${cfg.name}" = {
after = [ "multi-user.target" ]; after = [ "multi-user.target" ];
requires = [ "multi-user.target" ]; requires = [ "multi-user.target" ];
description = "Pull the latest data for ${cfg.name}"; description = "Pull the latest data for ${cfg.name}";
environment = lib.mkIf (cfg.ssh-key != "") { GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i ${cfg.ssh-key} -o IdentitiesOnly=yes";}; environment = lib.mkIf (cfg.ssh-key != "") {
GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.ssh-key} -o IdentitiesOnly=yes";
};
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
User = "root"; User = "root";

24
modules/hydra.nix
View File

@ -1,15 +1,19 @@
{ config, lib, ... }: { config, lib, ... }:
let cfg = config.services.hydra; let
in { cfg = config.services.hydra;
in
{
config = { config = {
services.hydra.extraConfig = lib.mkDefault (lib.concatLines [ services.hydra.extraConfig = lib.mkDefault (
cfg.extraConfig lib.concatLines [
'' cfg.extraConfig
<git-input> ''
timeout = 3600 <git-input>
</git-input> timeout = 3600
'' </git-input>
]); ''
]
);
}; };
} }

3
modules/security.nix
View File

@ -1,5 +1,6 @@
# BIASED # BIASED
{ config, lib, ... }: { { config, lib, ... }:
{
config = { config = {
services = { services = {
openssh = lib.mkIf config.services.gitea.enable { openssh = lib.mkIf config.services.gitea.enable {

37
systems/configuration.nix
View File

@ -1,4 +1,10 @@
{ lib, pkgs, config, ... }: { {
lib,
pkgs,
config,
...
}:
{
security.auditd.enable = true; security.auditd.enable = true;
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
i18n = { i18n = {
@ -8,7 +14,9 @@
boot = { boot = {
default = true; default = true;
kernel.sysctl = { "net.ipv6.conf.ens3.accept_ra" = 1; }; kernel.sysctl = {
"net.ipv6.conf.ens3.accept_ra" = 1;
};
}; };
home-manager = { home-manager = {
@ -146,14 +154,35 @@
nix-ld = { nix-ld = {
enable = true; enable = true;
libraries = with pkgs; [ acl attr bzip2 curl glib libglvnd libmysqlclient libsodium libssh libxml2 openssl stdenv.cc.cc systemd util-linux xz zlib zstd ]; libraries = with pkgs; [
acl
attr
bzip2
curl
glib
libglvnd
libmysqlclient
libsodium
libssh
libxml2
openssl
stdenv.cc.cc
systemd
util-linux
xz
zlib
zstd
];
}; };
}; };
nix = { nix = {
diffSystem = true; diffSystem = true;
settings = { settings = {
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [
"nix-command"
"flakes"
];
keep-outputs = true; keep-outputs = true;
builders-use-substitutes = true; builders-use-substitutes = true;
connect-timeout = 20; connect-timeout = 20;

13
systems/jeeves-jr/configuration.nix
View File

@ -1,4 +1,5 @@
{pkgs, ...}: { { pkgs, ... }:
{
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
console.keyMap = "us"; console.keyMap = "us";
networking = { networking = {
@ -7,7 +8,7 @@
}; };
boot = { boot = {
zfs.extraPools = ["Main"]; zfs.extraPools = [ "Main" ];
filesystem = "zfs"; filesystem = "zfs";
useSystemdBoot = true; useSystemdBoot = true;
}; };
@ -21,7 +22,7 @@
daemon."settings" = { daemon."settings" = {
experimental = true; experimental = true;
data-root = "/var/lib/docker"; data-root = "/var/lib/docker";
exec-opts = ["native.cgroupdriver=systemd"]; exec-opts = [ "native.cgroupdriver=systemd" ];
log-opts = { log-opts = {
max-size = "10m"; max-size = "10m";
max-file = "5"; max-file = "5";
@ -36,7 +37,7 @@
}; };
environment = { environment = {
systemPackages = with pkgs; [docker-compose]; systemPackages = with pkgs; [ docker-compose ];
etc = { etc = {
# Creates /etc/lynis/custom.prf # Creates /etc/lynis/custom.prf
"lynis/custom.prf" = { "lynis/custom.prf" = {
@ -60,7 +61,7 @@
services = { services = {
nfs.server.enable = true; nfs.server.enable = true;
openssh.ports = [352]; openssh.ports = [ 352 ];
smartd.enable = true; smartd.enable = true;
@ -80,7 +81,7 @@
zerotierone = { zerotierone = {
enable = true; enable = true;
joinNetworks = ["e4da7455b2ae64ca"]; joinNetworks = [ "e4da7455b2ae64ca" ];
}; };
}; };

8
systems/jeeves-jr/default.nix
View File

@ -1 +1,7 @@
{...}: {users = ["alice" "richie"];} { ... }:
{
users = [
"alice"
"richie"
];
}

24
systems/jeeves-jr/hardware.nix
View File

@ -3,21 +3,27 @@
lib, lib,
modulesPath, modulesPath,
... ...
}: { }:
imports = [ {
(modulesPath + "/installer/scan/not-detected.nix") imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
swapDevices = [{device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed";}]; swapDevices = [ { device = "/dev/disk/by-uuid/9d4ef549-d426-489d-8332-0a49589c6aed"; } ];
boot = { boot = {
kernelModules = ["kvm-amd"]; kernelModules = [ "kvm-amd" ];
extraModulePackages = []; extraModulePackages = [ ];
initrd = { initrd = {
kernelModules = []; kernelModules = [ ];
availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"]; availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
}; };
}; };

49
systems/palatine-hill/configuration.nix
View File

@ -1,7 +1,9 @@
{ config, pkgs, ... }: { { config, pkgs, ... }:
{
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
console.keyMap = "us"; console.keyMap = "us";
systemd.services.hydra-notify.serviceConfig.EnvironmentFile = config.sops.secrets."hydra/environment".path; systemd.services.hydra-notify.serviceConfig.EnvironmentFile =
config.sops.secrets."hydra/environment".path;
programs.git.lfs.enable = false; programs.git.lfs.enable = false;
networking = { networking = {
hostId = "dc2f9781"; hostId = "dc2f9781";
@ -9,9 +11,7 @@
}; };
nixpkgs.config.packageOverrides = pkgs: { nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
enableHybridCodec = true;
};
}; };
boot = { boot = {
@ -19,7 +19,10 @@
loader.grub.device = "/dev/sda"; loader.grub.device = "/dev/sda";
filesystem = "zfs"; filesystem = "zfs";
useSystemdBoot = true; useSystemdBoot = true;
kernelParams = [ "i915.force_probe=56a5" "i915.enable_guc=2" ]; kernelParams = [
"i915.force_probe=56a5"
"i915.enable_guc=2"
];
kernel.sysctl = { kernel.sysctl = {
"vm.overcommit_memory" = 1; "vm.overcommit_memory" = 1;
"vm.swappiness" = 10; "vm.swappiness" = 10;
@ -33,23 +36,25 @@
builders-use-substitutes = true builders-use-substitutes = true
''; '';
buildMachines = [{ buildMachines = [
hostName = "localhost"; {
maxJobs = 2; hostName = "localhost";
protocol = "ssh-ng"; maxJobs = 2;
speedFactor = 2; protocol = "ssh-ng";
systems = [ speedFactor = 2;
"x86_64-linux" systems = [
"aarch64-linux" "x86_64-linux"
]; "aarch64-linux"
];
supportedFeatures = [ supportedFeatures = [
"kvm" "kvm"
"nixos-test" "nixos-test"
"big-parallel" "big-parallel"
"benchmark" "benchmark"
]; ];
}]; }
];
}; };
hardware = { hardware = {

8
systems/palatine-hill/default.nix
View File

@ -1 +1,7 @@
{ ... }: { users = [ "alice" "richie" ]; } { ... }:
{
users = [
"alice"
"richie"
];
}

13
systems/palatine-hill/hardware.nix
View File

@ -1,13 +1,16 @@
{ config, lib, modulesPath, ... }:
{ {
imports = [ config,
(modulesPath + "/installer/scan/not-detected.nix") lib,
]; modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
swapDevices = [{ device = "/dev/disk/by-uuid/2b01e592-2297-4eb1-854b-17a63f1d4cf6"; }]; swapDevices = [ { device = "/dev/disk/by-uuid/2b01e592-2297-4eb1-854b-17a63f1d4cf6"; } ];
boot = { boot = {
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ]; extraModulePackages = [ ];

3
systems/programs.nix
View File

@ -1,4 +1,5 @@
{ pkgs, ... }: { { pkgs, ... }:
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
bat bat
btop btop

15
users/alice/default.nix
View File

@ -1,6 +1,17 @@
{ pkgs, lib, config, name, ... }: {
pkgs,
lib,
config,
name,
...
}:
import ../default.nix { import ../default.nix {
inherit pkgs lib config name; inherit
pkgs
lib
config
name
;
publicKeys = [ publicKeys = [
# photon # photon
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOGcqhLaKsjwAnb6plDavAhEyQHNvFS9Uh5lMTuwMhGF alice@parthenon-7588" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOGcqhLaKsjwAnb6plDavAhEyQHNvFS9Uh5lMTuwMhGF alice@parthenon-7588"

10
users/alice/home.nix
View File

@ -61,7 +61,15 @@
topgrade = { topgrade = {
enable = true; enable = true;
settings = { misc = { disable = [ "system" "nix" "shell" ]; }; }; settings = {
misc = {
disable = [
"system"
"nix"
"shell"
];
};
};
}; };
}; };

9
users/default.nix
View File

@ -1,4 +1,11 @@
{ lib, config, pkgs, name, publicKeys ? [ ], defaultShell ? "zsh", }: {
lib,
config,
pkgs,
name,
publicKeys ? [ ],
defaultShell ? "zsh",
}:
{ {
inherit name; inherit name;

15
users/richie/default.nix
View File

@ -1,6 +1,17 @@
{ pkgs, lib, config, name, ... }: {
pkgs,
lib,
config,
name,
...
}:
import ../default.nix { import ../default.nix {
inherit pkgs lib config name; inherit
pkgs
lib
config
name
;
publicKeys = [ publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtRuAqeERMet9sFh1NEkG+pHLq/JRAAGDtv29flXF59 Richie@tmmworkshop.com Desktop" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtRuAqeERMet9sFh1NEkG+pHLq/JRAAGDtv29flXF59 Richie@tmmworkshop.com Desktop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJSlv8ujrMpr8qjpX2V+UBXSP5FGhM1l+/5aGnfb2MV Richie@tmmworkshop.com Laptop" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJSlv8ujrMpr8qjpX2V+UBXSP5FGhM1l+/5aGnfb2MV Richie@tmmworkshop.com Laptop"