chore: reformat

This commit is contained in:
Tim Schubert 2025-06-03 20:04:44 +02:00
parent b638c4125b
commit 1402ee13cc
No known key found for this signature in database
57 changed files with 845 additions and 466 deletions

View file

@ -21,6 +21,8 @@ in
sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path;
};
age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age";
age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age";
age.secrets."${config.networking.hostName}-backup-passphrase".file =
"${secretsPath}/${config.networking.hostName}-backup-passphrase.age";
age.secrets."${config.networking.hostName}-backup-ssh-key".file =
"${secretsPath}/${config.networking.hostName}-backup-ssh-key.age";
}

View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
mkDefault = lib.mkDefault;
inputs = config.dadada.inputs;
@ -27,7 +32,7 @@ in
nix.package = pkgs.lix;
nix.settings.substituters = [ https://cache.nixos.org/ ];
nix.settings.substituters = [ "https://cache.nixos.org/" ];
nix.settings.trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
@ -56,7 +61,10 @@ in
services.resolved = {
enable = mkDefault true;
fallbackDns = [ "9.9.9.9#dns.quad9.net" "2620:fe::fe:11#dns11.quad9.net" ];
fallbackDns = [
"9.9.9.9#dns.quad9.net"
"2620:fe::fe:11#dns11.quad9.net"
];
};
programs.zsh.enable = mkDefault true;
@ -64,4 +72,3 @@ in
# Avoid some bots
services.openssh.ports = [ 2222 ];
}

View file

@ -21,14 +21,13 @@ in
hostKeys = [
config.age.secrets."${initrdHostKey}".path
];
authorizedKeys = with lib;
concatLists (mapAttrsToList
(name: user:
if elem "wheel" user.extraGroups then
user.openssh.authorizedKeys.keys
else
[ ])
config.users.users);
authorizedKeys =
with lib;
concatLists (
mapAttrsToList (
name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ]
) config.users.users
);
};
postCommands = ''
echo 'cryptsetup-askpass' >> /root/.profile
@ -36,7 +35,9 @@ in
};
assertions = lib.singleton {
assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true;
assertion =
(config.boot.initrd.network.ssh.hostKeys != [ ])
-> config.boot.loader.supportsInitrdSecrets == true;
message = "Refusing to store private keys in store";
};

View file

@ -1,12 +1,14 @@
{ config
, lib
, ...
{
config,
lib,
...
}:
let
inputs = config.dadada.inputs;
secretsPath = config.dadada.secrets.path;
in
with lib; {
with lib;
{
imports = [
./backup.nix
./base.nix
@ -53,5 +55,6 @@ with lib; {
passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path;
};
age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age";
age.secrets."${config.networking.hostName}-backup-passphrase-gs".file =
"${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age";
}

View file

@ -1,9 +1,11 @@
{ config
, pkgs
, lib
, ...
{
config,
pkgs,
lib,
...
}:
with lib; {
with lib;
{
imports = [
./backup.nix
./base.nix
@ -16,7 +18,9 @@ with lib; {
documentation.enable = mkDefault false;
documentation.nixos.enable = mkDefault false;
services.btrfs.autoScrub.enable = mkDefault ((filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { });
services.btrfs.autoScrub.enable = mkDefault (
(filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { }
);
services.journald.extraConfig = ''
SystemKeepFree = 2G

View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
{
environment.systemPackages = lib.mkIf config.services.postgresql.enable [
(