chore: reformat
This commit is contained in:
parent
b638c4125b
commit
1402ee13cc
57 changed files with 845 additions and 466 deletions
|
@ -21,6 +21,8 @@ in
|
|||
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
|
||||
};
|
||||
|
||||
age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age";
|
||||
age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age";
|
||||
age.secrets."${config.networking.hostName}-backup-passphrase".file =
|
||||
"${secretsPath}/${config.networking.hostName}-backup-passphrase.age";
|
||||
age.secrets."${config.networking.hostName}-backup-ssh-key".file =
|
||||
"${secretsPath}/${config.networking.hostName}-backup-ssh-key.age";
|
||||
}
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
let
|
||||
mkDefault = lib.mkDefault;
|
||||
inputs = config.dadada.inputs;
|
||||
|
@ -27,7 +32,7 @@ in
|
|||
|
||||
nix.package = pkgs.lix;
|
||||
|
||||
nix.settings.substituters = [ https://cache.nixos.org/ ];
|
||||
nix.settings.substituters = [ "https://cache.nixos.org/" ];
|
||||
|
||||
nix.settings.trusted-public-keys = [
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
|
@ -56,7 +61,10 @@ in
|
|||
|
||||
services.resolved = {
|
||||
enable = mkDefault true;
|
||||
fallbackDns = [ "9.9.9.9#dns.quad9.net" "2620:fe::fe:11#dns11.quad9.net" ];
|
||||
fallbackDns = [
|
||||
"9.9.9.9#dns.quad9.net"
|
||||
"2620:fe::fe:11#dns11.quad9.net"
|
||||
];
|
||||
};
|
||||
|
||||
programs.zsh.enable = mkDefault true;
|
||||
|
@ -64,4 +72,3 @@ in
|
|||
# Avoid some bots
|
||||
services.openssh.ports = [ 2222 ];
|
||||
}
|
||||
|
||||
|
|
|
@ -21,14 +21,13 @@ in
|
|||
hostKeys = [
|
||||
config.age.secrets."${initrdHostKey}".path
|
||||
];
|
||||
authorizedKeys = with lib;
|
||||
concatLists (mapAttrsToList
|
||||
(name: user:
|
||||
if elem "wheel" user.extraGroups then
|
||||
user.openssh.authorizedKeys.keys
|
||||
else
|
||||
[ ])
|
||||
config.users.users);
|
||||
authorizedKeys =
|
||||
with lib;
|
||||
concatLists (
|
||||
mapAttrsToList (
|
||||
name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ]
|
||||
) config.users.users
|
||||
);
|
||||
};
|
||||
postCommands = ''
|
||||
echo 'cryptsetup-askpass' >> /root/.profile
|
||||
|
@ -36,7 +35,9 @@ in
|
|||
};
|
||||
|
||||
assertions = lib.singleton {
|
||||
assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true;
|
||||
assertion =
|
||||
(config.boot.initrd.network.ssh.hostKeys != [ ])
|
||||
-> config.boot.loader.supportsInitrdSecrets == true;
|
||||
message = "Refusing to store private keys in store";
|
||||
};
|
||||
|
||||
|
|
|
@ -1,12 +1,14 @@
|
|||
{ config
|
||||
, lib
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inputs = config.dadada.inputs;
|
||||
secretsPath = config.dadada.secrets.path;
|
||||
in
|
||||
with lib; {
|
||||
with lib;
|
||||
{
|
||||
imports = [
|
||||
./backup.nix
|
||||
./base.nix
|
||||
|
@ -53,5 +55,6 @@ with lib; {
|
|||
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path;
|
||||
};
|
||||
|
||||
age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age";
|
||||
age.secrets."${config.networking.hostName}-backup-passphrase-gs".file =
|
||||
"${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age";
|
||||
}
|
||||
|
|
|
@ -1,9 +1,11 @@
|
|||
{ config
|
||||
, pkgs
|
||||
, lib
|
||||
, ...
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib; {
|
||||
with lib;
|
||||
{
|
||||
imports = [
|
||||
./backup.nix
|
||||
./base.nix
|
||||
|
@ -16,7 +18,9 @@ with lib; {
|
|||
documentation.enable = mkDefault false;
|
||||
documentation.nixos.enable = mkDefault false;
|
||||
|
||||
services.btrfs.autoScrub.enable = mkDefault ((filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { });
|
||||
services.btrfs.autoScrub.enable = mkDefault (
|
||||
(filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { }
|
||||
);
|
||||
|
||||
services.journald.extraConfig = ''
|
||||
SystemKeepFree = 2G
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
environment.systemPackages = lib.mkIf config.services.postgresql.enable [
|
||||
(
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue