ahuston-0/nix-dotfiles
1
0
Fork 0
Code Issues Pull Requests 3 Actions Packages Projects Releases Wiki Activity

Feature/rfc 0166 fmt (#113)

Browse Source 
* change formatter to nixfmt-rfc-style

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

* Add rfc-style fmt'ing

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>

---------

Signed-off-by: ahuston-0 <aliceghuston@gmail.com>
This commit is contained in:
Alice Huston 2024-03-03 18:06:28 -05:00 committed by GitHub
parent e732499201
commit 1a8a2fa394
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
19 changed files with 492 additions and 264 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
flake.lock generated
View File

@ -8,11 +8,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1708150887,
"narHash": "sha256-lyEaeShLZqQtFO+ULLfxF9fYaYpTal0Ck1B+iKYBOMs=",
"lastModified": 1709446916,
"narHash": "sha256-MX3eR3ao971besQvKt9aKu4tN8tZht7Do3G/eNylNY8=",
"owner": "nix-community",
"repo": "fenix",
"rev": "761431323e30846bae160e15682cfa687c200606",
"rev": "4b07da0f91ea99f263f47165a11a48678c9e0dc3",
"type": "github"
},
"original": {
@ -44,11 +44,11 @@
]
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
@ -64,11 +64,11 @@
]
},
"locked": {
"lastModified": 1708031129,
"narHash": "sha256-EH20hJfNnc1/ODdDVat9B7aKm0B95L3YtkIRwKLvQG8=",
"lastModified": 1709445365,
"narHash": "sha256-DVv6nd9FQBbMWbOmhq0KVqmlc3y3FMSYl49UXmMcO+0=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3d6791b3897b526c82920a2ab5f61d71985b3cf8",
"rev": "4de84265d7ec7634a69ba75028696d74de9a44a7",
"type": "github"
},
"original": {
@ -103,11 +103,11 @@
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1706631035,
"narHash": "sha256-tLO1Y08d+1K1Tm8UpLdnx7bi3vR5dhfuZho5S/RPQ0s=",
"lastModified": 1709085635,
"narHash": "sha256-Sv5VFPF5BAXkMWgekh0iH1SeqTF8VcCiW5nR6/AATrI=",
"owner": "NixOS",
"repo": "nix",
"rev": "a4a4ef9b53fa13a4a9db52cb536b96a8e54a4ac3",
"rev": "edcb3430ef39a225aada06ef898c907d8277fbe8",
"type": "github"
},
"original": {
@ -124,11 +124,11 @@
]
},
"locked": {
"lastModified": 1707620986,
"narHash": "sha256-XE0tCSkSVBeJDWhjFwusNInwAhrnp+TloUNUpvnTiLw=",
"lastModified": 1709435391,
"narHash": "sha256-s4itTkIVxn5lYeTzwkbAgl99atnjdZv1idI1118vdzA=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "0cb4345704123492e6d1f1068629069413c80de0",
"rev": "93554c04c2f1c02f4a383538e8848d511c3129e9",
"type": "github"
},
"original": {
@ -170,11 +170,11 @@
]
},
"locked": {
"lastModified": 1708134366,
"narHash": "sha256-MtjbG+lQHrmxbBdIOlRQ9RBULsszGhqCpVD23y3KMEw=",
"lastModified": 1709281475,
"narHash": "sha256-usg85sNHuh3OVrUgI40ZqAq5hfT/3rBs2QJeFxv0POU=",
"owner": "SuperSandro2000",
"repo": "nixos-modules",
"rev": "4e41d2a44dde45e234a7795e5a502d21ad484d52",
"rev": "529db3a982d4939e8b4656472945c73181520a67",
"type": "github"
},
"original": {
@ -185,11 +185,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1708118438,
"narHash": "sha256-kk9/0nuVgA220FcqH/D2xaN6uGyHp/zoxPNUmPCMmEE=",
"lastModified": 1709237383,
"narHash": "sha256-cy6ArO4k5qTx+l5o+0mL9f5fa86tYUX3ozE1S+Txlds=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5863c27340ba4de8f83e7e3c023b9599c3cb3c80",
"rev": "1536926ef5621b09bba54035ae2bb6d806d72ac8",
"type": "github"
},
"original": {
@ -199,32 +199,6 @@
"type": "github"
}
},
"nixpkgs-fmt": {
"inputs": {
"fenix": [
"fenix"
],
"flake-utils": [
"flake-utils"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1706847205,
"narHash": "sha256-lkrvtZj4YhRLi6cmIP1dqZmULy3ujTN2hvZKKIYqZLU=",
"owner": "rad-development",
"repo": "nixpkgs-fmt",
"rev": "d83302adb7f6b40a5ed6f91e83af94a6bf83436f",
"type": "github"
},
"original": {
"owner": "rad-development",
"repo": "nixpkgs-fmt",
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
@ -251,7 +225,6 @@
"nix-pre-commit": "nix-pre-commit",
"nixos-modules": "nixos-modules",
"nixpkgs": "nixpkgs",
"nixpkgs-fmt": "nixpkgs-fmt",
"sops-nix": "sops-nix",
"systems": "systems"
}
@ -259,11 +232,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1708018577,
"narHash": "sha256-B75VUqKvQeIqAUnYw4bGjY3xxrCqzRBJHLbmD0MAWEw=",
"lastModified": 1709373076,
"narHash": "sha256-vRBRyCVMhH+giewRQgOgNO+p7VlGeJNgCqrZBnvfWQc=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "b9b0d29b8e69b02457cfabe20c4c69cdb45f3cc5",
"rev": "4ef6a49b44e8aa380da7522442234bfd7a52c55e",
"type": "github"
},
"original": {
@ -283,11 +256,11 @@
]
},
"locked": {
"lastModified": 1707842202,
"narHash": "sha256-3dTBbCzHJBinwhsisGJHW1HLBsLbj91+a5ZDXt7ttW0=",
"lastModified": 1709434911,
"narHash": "sha256-UN47hQPM9ijwoz7cYq10xl19hvlSP/232+M5vZDOMs4=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "48afd3264ec52bee85231a7122612e2c5202fa74",
"rev": "075df9d85ee70cfb53e598058045e1738f05e273",
"type": "github"
},
"original": {

267
flake.nix
View File

@ -45,15 +45,6 @@
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-fmt = {
url = "github:rad-development/nixpkgs-fmt";
inputs = {
nixpkgs.follows = "nixpkgs";
flake-utils.follows = "flake-utils";
fenix.follows = "fenix";
};
};
nixos-modules = {
url = "github:SuperSandro2000/nixos-modules";
inputs = {
@ -84,7 +75,17 @@
};
};
outputs = { self, nixpkgs-fmt, nix, home-manager, nix-pre-commit, nixos-modules, nixpkgs, sops-nix, ... }@inputs:
outputs =
{
self,
nix,
home-manager,
nix-pre-commit,
nixos-modules,
nixpkgs,
sops-nix,
...
}@inputs:
let
inherit (nixpkgs) lib;
systems = [
@ -95,25 +96,43 @@
];
forEachSystem = lib.genAttrs systems;
overlayList = [ self.overlays.default nix.overlays.default ];
pkgsBySystem = forEachSystem (system: import nixpkgs {
overlayList = [
self.overlays.default
nix.overlays.default
];
pkgsBySystem = forEachSystem (
system:
import nixpkgs {
inherit system;
overlays = overlayList;
config = {
allowUnfree = true;
isHydra = true;
};
});
}
);
src = builtins.filterSource (path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path)) ./.;
src =
builtins.filterSource (path: type: type == "directory" || lib.hasSuffix ".nix" (baseNameOf path))
./.;
ls = dir: lib.attrNames (builtins.readDir (src + "/${dir}"));
lsdir = dir: if (builtins.pathExists (src + "/${dir}")) then (lib.attrNames (lib.filterAttrs (path: type: type == "directory") (builtins.readDir (src + "/${dir}")))) else [ ];
lsdir =
dir:
if (builtins.pathExists (src + "/${dir}")) then
(lib.attrNames (
lib.filterAttrs (path: type: type == "directory") (builtins.readDir (src + "/${dir}"))
))
else
[ ];
fileList = dir: map (file: ./. + "/${dir}/${file}") (ls dir);
recursiveMerge = attrList:
recursiveMerge =
attrList:
let
f = attrPath:
builtins.zipAttrsWith (n: values:
f =
attrPath:
builtins.zipAttrsWith (
n: values:
if builtins.tail values == [ ] then
builtins.head values
else if builtins.all builtins.isList values then
@ -121,7 +140,8 @@
else if builtins.all builtins.isAttrs values then
f (attrPath ++ [ n ]) values
else
lib.last values);
lib.last values
);
in
f [ ] attrList;
@ -130,17 +150,19 @@
{
repo = "https://gitlab.com/vojko.pribudic/pre-commit-update";
rev = "bbd69145df8741f4f470b8f1cf2867121be52121";
hooks = [{
hooks = [
{
id = "pre-commit-update";
args = [ "--dry-run" ];
}];
}
];
}
{
repo = "local";
hooks = [
# {
# id = "nixfmt check";
# entry = "${nixpkgs-fmt.legacyPackages.x86_64-linux.nixpkgs-fmt}/bin/nixpkgs-fmt";
# entry = "${nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style}/bin/nixfmt";
# args = [ "--check" ];
# language = "system";
# files = "\\.nix";
@ -158,119 +180,215 @@
};
in
{
formatter = forEachSystem (system: nixpkgs-fmt.legacyPackages.${system}.nixpkgs-fmt);
formatter = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
overlays.default = final: prev: {
nixpkgs-fmt = forEachSystem (system: nixpkgs-fmt.legacyPackages.${system}.nixpkgs.fmt);
nixpkgs-fmt = forEachSystem (system: nixpkgs.legacyPackages.${system}.nixfmt-rfc-style);
};
nixosConfigurations =
let
constructSystem = { hostname, users, home ? true, iso ? [ ], modules ? [ ], server ? true, sops ? true, system ? "x86_64-linux", owner ? null }:
constructSystem =
{
hostname,
users,
home ? true,
iso ? [ ],
modules ? [ ],
server ? true,
sops ? true,
system ? "x86_64-linux",
owner ? null,
}:
lib.nixosSystem {
system = "x86_64-linux";
# pkgs = lib.mkIf (system != "x86_64-linux") (import inputs.patch-aarch64 { inherit (nixpkgs) config; inherit system; }).legacyPackages.${system};
modules = [
modules =
[
nixos-modules.nixosModule
sops-nix.nixosModules.sops
{ config.networking.hostName = "${hostname}"; }
{
nixpkgs.overlays = [
(_self: super: {
libgit2 = super.libgit2.overrideAttrs { doCheck = false; };
})
(_self: super: { libgit2 = super.libgit2.overrideAttrs { doCheck = false; }; })
];
}
] ++ (if server then [
]
++ (
if server then
[
./systems/programs.nix
./systems/configuration.nix
./systems/${hostname}/hardware.nix
./systems/${hostname}/configuration.nix
] else [
]
else
[
./users/${builtins.head users}/systems/${hostname}/configuration.nix
./users/${builtins.head users}/systems/${hostname}/hardware.nix
]) ++ fileList "modules"
]
)
++ fileList "modules"
++ modules
++ lib.optional home home-manager.nixosModules.home-manager
++ lib.optional (builtins.elem "minimal" iso) "${toString nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
++ lib.optional (builtins.elem "sd" iso) "${toString nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
++ (if home then (map (user: {
++
lib.optional (builtins.elem "minimal" iso)
"${toString nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
++
lib.optional (builtins.elem "sd" iso)
"${toString nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
++ (
if home then
(map
(user: {
home-manager.users.${user} = import ./users/${user}/home.nix;
home-manager.users.root = lib.mkIf (owner == user) (import ./users/${user}/home.nix);
}) users) else [ ])
})
users
)
else
[ ]
)
++ lib.optional (system != "x86_64-linux") {
config.nixpkgs = {
config.allowUnsupportedSystem = true;
buildPlatform = "x86_64-linux";
};
} ++ map (user: { config, lib, pkgs, ... }@args: {
}
++
map
(
user:
{
config,
lib,
pkgs,
...
}@args:
{
users.users.${user} = import ./users/${user} (args // { name = "${user}"; });
boot.initrd.network.ssh.authorizedKeys = lib.mkIf server config.users.users.${user}.openssh.authorizedKeys.keys;
boot.initrd.network.ssh.authorizedKeys =
lib.mkIf server
config.users.users.${user}.openssh.authorizedKeys.keys;
sops = lib.mkIf sops {
secrets."${user}/user-password" = {
sopsFile = ./users/${user}/secrets.yaml;
neededForUsers = true;
};
};
}) users;
}
)
users;
};
in
(builtins.listToAttrs (map
(builtins.listToAttrs (
map
(system: {
name = system;
value = constructSystem ({ hostname = system; } // builtins.removeAttrs (import ./systems/${system} { inherit inputs; }) [ "hostname" "server" "home" ]);
value = constructSystem (
{
hostname = system;
}
// builtins.removeAttrs (import ./systems/${system} { inherit inputs; }) [
"hostname"
"server"
"home"
]
);
})
(lsdir "systems"))) // (builtins.listToAttrs (builtins.concatMap
(user: map
(lsdir "systems")
))
// (builtins.listToAttrs (
builtins.concatMap
(
user:
map
(system: {
name = "${user}.${system}";
value = constructSystem ({
value = constructSystem (
{
hostname = system;
server = false;
users = [ user ];
owner = user;
} // builtins.removeAttrs (import ./users/${user}/systems/${system} { inherit inputs; }) [ "hostname" "server" "users" "owner" ]);
}
// builtins.removeAttrs (import ./users/${user}/systems/${system} { inherit inputs; }) [
"hostname"
"server"
"users"
"owner"
]
);
})
(lsdir "users/${user}/systems"))
(lsdir "users")));
(lsdir "users/${user}/systems")
)
(lsdir "users")
));
devShell = lib.mapAttrs
(system: sopsPkgs:
devShell =
lib.mapAttrs
(
system: sopsPkgs:
with nixpkgs.legacyPackages.${system};
mkShell {
sopsPGPKeyDirs = [ "./keys" ];
nativeBuildInputs = [ apacheHttpd sopsPkgs.sops-import-keys-hook ];
nativeBuildInputs = [
apacheHttpd
sopsPkgs.sops-import-keys-hook
];
packages = [
self.formatter.${system}
nixpkgs.legacyPackages.${system}.deadnix
];
shellHook = (nix-pre-commit.lib.${system}.mkConfig { inherit pkgs config; }).shellHook;
})
}
)
sops-nix.packages;
hydraJobs = {
build = (recursiveMerge
(
hydraJobs =
{
build = (
recursiveMerge (
(map
(machine: {
${machine.pkgs.system} = (builtins.listToAttrs (builtins.filter (v: v != { }) (map
(pkg: (if (builtins.hasAttr pkg.name pkgsBySystem.${machine.pkgs.system}) then {
${machine.pkgs.system} = (
builtins.listToAttrs (
builtins.filter (v: v != { }) (
map
(
pkg:
(
if (builtins.hasAttr pkg.name pkgsBySystem.${machine.pkgs.system}) then
{
name = pkg.name;
value = pkgsBySystem.${machine.pkgs.system}.${pkg.name};
} else { }))
machine.config.environment.systemPackages)));
}
else
{ }
)
)
machine.config.environment.systemPackages
)
)
);
})
(builtins.attrValues self.nixosConfigurations)) ++ [
(forEachSystem (system: {
${nixpkgs-fmt.legacyPackages.${system}.nixpkgs-fmt.name} = pkgsBySystem.${system}.${nixpkgs-fmt.legacyPackages.${system}.nixpkgs-fmt.name};
}))
(builtins.attrValues self.nixosConfigurations)
)
++ [
# not fully sure what this is for but it breaks with nixfmt
# (forEachSystem (system: {
# ${nixpkgs.legacyPackages.${system}.nixfmt-rfc-style.name} = pkgsBySystem.${system}.${nixpkgs.legacyPackages.${system}.nixfmt-rfc-style.name};
# }))
]
));
} // lib.mapAttrs (__: lib.mapAttrs (_: lib.hydraJob))
(
)
);
}
// lib.mapAttrs (__: lib.mapAttrs (_: lib.hydraJob)) (
let
mkBuild = type:
mkBuild =
type:
let
getBuildEntryPoint = (name: nixosSystem:
getBuildEntryPoint = (
name: nixosSystem:
if builtins.hasAttr type nixosSystem.config.system.build then
let
cfg = nixosSystem.config.system.build.${type};
@ -279,15 +397,24 @@
lib.recursiveUpdate cfg { meta.timeout = 24 * 60 * 60; }
else
cfg
else { });
else
{ }
);
in
lib.filterAttrs (n: v: v != { }) (builtins.mapAttrs getBuildEntryPoint self.nixosConfigurations);
in
builtins.listToAttrs (map
builtins.listToAttrs (
map
(type: {
name = type;
value = mkBuild type;
}) [ "toplevel" "isoImage" "sdImage" ])
})
[
"toplevel"
"isoImage"
"sdImage"
]
)
);
};
}

18
modules/boot.nix
View File

@ -1,7 +1,14 @@
{ config, lib, libS, ... }:
{
config,
lib,
libS,
...
}:
let cfg = config.boot;
in {
let
cfg = config.boot;
in
{
options = {
boot = {
default = libS.mkOpinionatedOption "enable the boot builder";
@ -28,7 +35,10 @@ in {
supportedFilesystems = [ cfg.filesystem ];
tmp.useTmpfs = true;
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
kernelParams = [ "nordrand" ] ++ lib.optional (cfg.cpuType == "amd") "kvm-amd" ++ lib.optional cfg.fullDiskEncryption "ip=<ip-addr>::<ip-gateway>:<netmask>";
kernelParams =
[ "nordrand" ]
++ lib.optional (cfg.cpuType == "amd") "kvm-amd"
++ lib.optional cfg.fullDiskEncryption "ip=<ip-addr>::<ip-gateway>:<netmask>";
initrd = {
kernelModules = lib.mkIf cfg.amdGPU [ "amdgpu" ];
network = lib.mkIf cfg.fullDiskEncryption {

13
modules/fail2ban.nix
View File

@ -1,7 +1,14 @@
{ config, lib, libS, ... }:
{
config,
lib,
libS,
...
}:
let cfg = config.services.fail2ban;
in {
let
cfg = config.services.fail2ban;
in
{
options.services.fail2ban.recommendedDefaults = libS.mkOpinionatedOption "use fail2ban with recommended defaults";
config.services.fail2ban = lib.mkIf cfg.recommendedDefaults {

22
modules/flake-update-service.nix
View File

@ -1,7 +1,14 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let cfg = config.services.autopull;
in {
let
cfg = config.services.autopull;
in
{
options = {
services.autopull = {
enable = lib.mkEnableOption "autopull";
@ -38,12 +45,17 @@ in {
};
config = lib.mkIf (cfg.enable && !(builtins.isNull cfg.path)) {
environment.systemPackages = [ pkgs.openssh pkgs.git ];
environment.systemPackages = [
pkgs.openssh
pkgs.git
];
systemd.services."autopull@${cfg.name}" = {
after = [ "multi-user.target" ];
requires = [ "multi-user.target" ];
description = "Pull the latest data for ${cfg.name}";
environment = lib.mkIf (cfg.ssh-key != "") { GIT_SSH_COMMAND="${pkgs.openssh}/bin/ssh -i ${cfg.ssh-key} -o IdentitiesOnly=yes";};
environment = lib.mkIf (cfg.ssh-key != "") {
GIT_SSH_COMMAND = "${pkgs.openssh}/bin/ssh -i ${cfg.ssh-key} -o IdentitiesOnly=yes";
};
serviceConfig = {
Type = "oneshot";
User = "root";

12
modules/hydra.nix
View File

@ -1,15 +1,19 @@
{ config, lib, ... }:
let cfg = config.services.hydra;
in {
let
cfg = config.services.hydra;
in
{
config = {
services.hydra.extraConfig = lib.mkDefault (lib.concatLines [
services.hydra.extraConfig = lib.mkDefault (
lib.concatLines [
cfg.extraConfig
''
<git-input>
timeout = 3600
</git-input>
''
]);
]
);
};
}

3
modules/security.nix
View File

@ -1,5 +1,6 @@
# BIASED
{ config, lib, ... }: {
{ config, lib, ... }:
{
config = {
services = {
openssh = lib.mkIf config.services.gitea.enable {

37
systems/configuration.nix
View File

@ -1,4 +1,10 @@
{ lib, pkgs, config, ... }: {
{
lib,
pkgs,
config,
...
}:
{
security.auditd.enable = true;
nixpkgs.config.allowUnfree = true;
i18n = {
@ -8,7 +14,9 @@
boot = {
default = true;
kernel.sysctl = { "net.ipv6.conf.ens3.accept_ra" = 1; };
kernel.sysctl = {
"net.ipv6.conf.ens3.accept_ra" = 1;
};
};
home-manager = {
@ -146,14 +154,35 @@
nix-ld = {
enable = true;
libraries = with pkgs; [ acl attr bzip2 curl glib libglvnd libmysqlclient libsodium libssh libxml2 openssl stdenv.cc.cc systemd util-linux xz zlib zstd ];
libraries = with pkgs; [
acl
attr
bzip2
curl
glib
libglvnd
libmysqlclient
libsodium
libssh
libxml2
openssl
stdenv.cc.cc
systemd
util-linux
xz
zlib
zstd
];
};
};
nix = {
diffSystem = true;
settings = {
experimental-features = [ "nix-command" "flakes" ];
experimental-features = [
"nix-command"
"flakes"
];
keep-outputs = true;
builders-use-substitutes = true;
connect-timeout = 20;

3
systems/jeeves-jr/configuration.nix
View File

@ -1,4 +1,5 @@
{pkgs, ...}: {
{ pkgs, ... }:
{
time.timeZone = "America/New_York";
console.keyMap = "us";
networking = {

8
systems/jeeves-jr/default.nix
View File

@ -1 +1,7 @@
{...}: {users = ["alice" "richie"];}
{ ... }:
{
users = [
"alice"
"richie"
];
}

16
systems/jeeves-jr/hardware.nix
View File

@ -3,10 +3,9 @@
lib,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
networking.useDHCP = lib.mkDefault true;
@ -17,7 +16,14 @@
extraModulePackages = [ ];
initrd = {
kernelModules = [ ];
availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod"];
availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
};
};

21
systems/palatine-hill/configuration.nix
View File

@ -1,7 +1,9 @@
{ config, pkgs, ... }: {
{ config, pkgs, ... }:
{
time.timeZone = "America/New_York";
console.keyMap = "us";
systemd.services.hydra-notify.serviceConfig.EnvironmentFile = config.sops.secrets."hydra/environment".path;
systemd.services.hydra-notify.serviceConfig.EnvironmentFile =
config.sops.secrets."hydra/environment".path;
programs.git.lfs.enable = false;
networking = {
hostId = "dc2f9781";
@ -9,9 +11,7 @@
};
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override {
enableHybridCodec = true;
};
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
boot = {
@ -19,7 +19,10 @@
loader.grub.device = "/dev/sda";
filesystem = "zfs";
useSystemdBoot = true;
kernelParams = [ "i915.force_probe=56a5" "i915.enable_guc=2" ];
kernelParams = [
"i915.force_probe=56a5"
"i915.enable_guc=2"
];
kernel.sysctl = {
"vm.overcommit_memory" = 1;
"vm.swappiness" = 10;
@ -33,7 +36,8 @@
builders-use-substitutes = true
'';
buildMachines = [{
buildMachines = [
{
hostName = "localhost";
maxJobs = 2;
protocol = "ssh-ng";
@ -49,7 +53,8 @@
"big-parallel"
"benchmark"
];
}];
}
];
};
hardware = {

8
systems/palatine-hill/default.nix
View File

@ -1 +1,7 @@
{ ... }: { users = [ "alice" "richie" ]; }
{ ... }:
{
users = [
"alice"
"richie"
];
}

11
systems/palatine-hill/hardware.nix
View File

@ -1,8 +1,11 @@
{ config, lib, modulesPath, ... }:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config,
lib,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
networking.useDHCP = lib.mkDefault true;

3
systems/programs.nix
View File

@ -1,4 +1,5 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
bat
btop

15
users/alice/default.nix
View File

@ -1,6 +1,17 @@
{ pkgs, lib, config, name, ... }:
{
pkgs,
lib,
config,
name,
...
}:
import ../default.nix {
inherit pkgs lib config name;
inherit
pkgs
lib
config
name
;
publicKeys = [
# photon
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOGcqhLaKsjwAnb6plDavAhEyQHNvFS9Uh5lMTuwMhGF alice@parthenon-7588"

10
users/alice/home.nix
View File

@ -61,7 +61,15 @@
topgrade = {
enable = true;
settings = { misc = { disable = [ "system" "nix" "shell" ]; }; };
settings = {
misc = {
disable = [
"system"
"nix"
"shell"
];
};
};
};
};

9
users/default.nix
View File

@ -1,4 +1,11 @@
{ lib, config, pkgs, name, publicKeys ? [ ], defaultShell ? "zsh", }:
{
lib,
config,
pkgs,
name,
publicKeys ? [ ],
defaultShell ? "zsh",
}:
{
inherit name;

15
users/richie/default.nix
View File

@ -1,6 +1,17 @@
{ pkgs, lib, config, name, ... }:
{
pkgs,
lib,
config,
name,
...
}:
import ../default.nix {
inherit pkgs lib config name;
inherit
pkgs
lib
config
name
;
publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtRuAqeERMet9sFh1NEkG+pHLq/JRAAGDtv29flXF59 Richie@tmmworkshop.com Desktop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJSlv8ujrMpr8qjpX2V+UBXSP5FGhM1l+/5aGnfb2MV Richie@tmmworkshop.com Laptop"