diff --git a/checks.nix b/checks.nix index 9505c35..65d3493 100644 --- a/checks.nix +++ b/checks.nix @@ -1,20 +1,20 @@ -{ - self, - flake-utils, - nixpkgs, - ... +{ self +, flake-utils +, nixpkgs +, ... }: -(flake-utils.lib.eachDefaultSystem ( - system: +(flake-utils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; formatter = self.formatter.${system}; in { checks = { - format = pkgs.runCommand "check-format" { - buildInputs = [ formatter ]; - } "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; + format = pkgs.runCommand + "check-format" + { + buildInputs = [ formatter ]; + } + "${formatter}/bin/nixpkgs-fmt --check ${./.} && touch $out"; }; - } -)).checks + })).checks diff --git a/flake.lock b/flake.lock index 0aba46f..8a95fce 100644 --- a/flake.lock +++ b/flake.lock @@ -6,19 +6,19 @@ "home-manager": "home-manager", "nixpkgs": [ "nixpkgs" - ], - "systems": "systems" + ] }, "locked": { - "lastModified": 1747575206, - "narHash": "sha256-NwmAFuDUO/PFcgaGGr4j3ozG9Pe5hZ/ogitWhY+D81k=", + "lastModified": 1703089996, + "narHash": "sha256-ipqShkBmHKC9ft1ZAsA6aeKps32k7+XZSPwfxeHLsAU=", "owner": "ryantm", "repo": "agenix", - "rev": "4835b1dc898959d8547a871ef484930675cb47f1", + "rev": "564595d0ad4be7277e07fa63b5a991b3c645655d", "type": "github" }, "original": { "owner": "ryantm", + "ref": "0.15.0", "repo": "agenix", "type": "github" } @@ -31,11 +31,11 @@ ] }, "locked": { - "lastModified": 1744478979, - "narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=", + "lastModified": 1673295039, + "narHash": "sha256-AsdYgE8/GPwcelGgrntlijMg4t3hLFJFCRF3tL5WVjA=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "43975d782b418ebf4969e9ccba82466728c2851b", + "rev": "87b9d090ad39b25b2400029c64825fc2a8868943", "type": "github" }, "original": { @@ -109,11 +109,11 @@ ] }, "locked": { - "lastModified": 1745494811, - "narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=", + "lastModified": 1682203081, + "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=", "owner": "nix-community", "repo": "home-manager", - "rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", + "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1", "type": "github" }, "original": { @@ -129,11 +129,11 @@ ] }, "locked": { - "lastModified": 1749358668, - "narHash": "sha256-V91nN4Q9ZwX0N+Gzu+F8SnvzMcdURYnMcIvpfLQzD5M=", + "lastModified": 1747439237, + "narHash": "sha256-5rCGrnkglKKj4cav1U3HC+SIUNJh08pqOK4spQv9RjA=", "owner": "nix-community", "repo": "home-manager", - "rev": "06451df423dd5e555f39857438ffc16c5b765862", + "rev": "ae755329092c87369b9e9a1510a8cf1ce2b1c708", "type": "github" }, "original": { @@ -179,11 +179,11 @@ ] }, "locked": { - "lastModified": 1747663185, - "narHash": "sha256-Obh50J+O9jhUM/FgXtI3he/QRNiV9+J53+l+RlKSaAk=", + "lastModified": 1742568034, + "narHash": "sha256-QaMEhcnscfF2MqB7flZr+sLJMMYZPnvqO4NYf9B4G38=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "ee07ba0d36c38e9915c55d2ac5a8fb0f05f2afcc", + "rev": "42ee229088490e3777ed7d1162cb9e9d8c3dbb11", "type": "github" }, "original": { @@ -194,11 +194,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1749195551, - "narHash": "sha256-W5GKQHgunda/OP9sbKENBZhMBDNu2QahoIPwnsF6CeM=", + "lastModified": 1747129300, + "narHash": "sha256-L3clA5YGeYCF47ghsI7Tcex+DnaaN/BbQ4dR2wzoiKg=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "4602f7e1d3f197b3cb540d5accf5669121629628", + "rev": "e81fd167b33121269149c57806599045fd33eeed", "type": "github" }, "original": { @@ -210,11 +210,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1749143949, - "narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=", + "lastModified": 1747327360, + "narHash": "sha256-LSmTbiq/nqZR9B2t4MRnWG7cb0KVNU70dB7RT4+wYK4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d", + "rev": "e06158e58f3adee28b139e9c2bcfcc41f8625b46", "type": "github" }, "original": { @@ -226,11 +226,11 @@ }, "nixpkgs-small": { "locked": { - "lastModified": 1749289455, - "narHash": "sha256-FmG/5HlnBrPNTCQv91GPUV2RKUw2WvDtyhXcN2fN280=", + "lastModified": 1747452614, + "narHash": "sha256-hSEz6JHZTJJTeIudt0SK3UoZnfThHwKCUGvSe5/zn8g=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "6dbd508802ef3f74cf792a25b653861ed8360a80", + "rev": "e067fb89ac3e59f993f257c799318132f1492f01", "type": "github" }, "original": { @@ -252,7 +252,7 @@ "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "nixpkgs-small": "nixpkgs-small", - "systems": "systems_2", + "systems": "systems", "treefmt-nix": "treefmt-nix" } }, @@ -271,21 +271,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -293,11 +278,11 @@ ] }, "locked": { - "lastModified": 1749194973, - "narHash": "sha256-eEy8cuS0mZ2j/r/FE0/LYBSBcIs/MKOIVakwHVuqTfk=", + "lastModified": 1747469671, + "narHash": "sha256-bo1ptiFoNqm6m1B2iAhJmWCBmqveLVvxom6xKmtuzjg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "a05be418a1af1198ca0f63facb13c985db4cb3c5", + "rev": "ab0378b61b0d85e73a8ab05d5c6029b5bd58c9fb", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 0cc4b5c..05f7349 100644 --- a/flake.nix +++ b/flake.nix @@ -18,7 +18,7 @@ flake = false; }; agenix = { - url = "github:ryantm/agenix"; + url = "github:ryantm/agenix/0.15.0"; inputs.nixpkgs.follows = "nixpkgs"; }; devshell = { @@ -40,5 +40,5 @@ }; }; - outputs = { ... }@args: import ./outputs.nix args; + outputs = { ... } @ args: import ./outputs.nix args; } diff --git a/home/dconf.nix b/home/dconf.nix index 5238c97..db5ca18 100644 --- a/home/dconf.nix +++ b/home/dconf.nix @@ -33,20 +33,8 @@ with lib.hm.gvariant; current = mkUint32 0; per-window = false; show-all-sources = true; - sources = [ - (mkTuple [ - "xkb" - "eu" - ]) - (mkTuple [ - "xkb" - "de" - ]) - ]; - xkb-options = [ - "lv3:ralt_switch" - "caps:escape" - ]; + sources = [ (mkTuple [ "xkb" "eu" ]) (mkTuple [ "xkb" "de" ]) ]; + xkb-options = [ "lv3:ralt_switch" "caps:escape" ]; }; "org/gnome/desktop/interface" = { @@ -139,10 +127,7 @@ with lib.hm.gvariant; composer-attribution-language = "de_DE"; composer-reply-start-bottom = false; composer-signature-in-new-only = true; - composer-spell-languages = [ - "de" - "en_US" - ]; + composer-spell-languages = [ "de" "en_US" ]; composer-top-signature = false; composer-unicode-smileys = false; composer-visually-wrap-long-lines = true; diff --git a/home/modules.nix b/home/modules.nix index 0a6c961..0e295c9 100644 --- a/home/modules.nix +++ b/home/modules.nix @@ -1,13 +1,8 @@ { lib, ... }: -with lib; -let - modules' = - dir: - filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) (builtins.readDir dir); - modules = - dir: - mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) ( - modules' dir - ); +with lib; let + modules' = dir: filterAttrs (name: type: (hasSuffix ".nix" name) || (type == "directory")) + (builtins.readDir dir); + modules = dir: mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) + (modules' dir); in (modules ./modules) diff --git a/home/modules/alacritty/default.nix b/home/modules/alacritty/default.nix index da9f503..086b945 100644 --- a/home/modules/alacritty/default.nix +++ b/home/modules/alacritty/default.nix @@ -1,11 +1,9 @@ -{ - pkgs, - lib, - config, - ... +{ pkgs +, lib +, config +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.alacritty; in { diff --git a/home/modules/colors.nix b/home/modules/colors.nix index a4dc5c7..5c197a1 100644 --- a/home/modules/colors.nix +++ b/home/modules/colors.nix @@ -1,10 +1,8 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: -with lib; -{ +with lib; { options.dadada.home.colors = mkOption { type = types.attrs; description = "Color scheme"; diff --git a/home/modules/direnv.nix b/home/modules/direnv.nix index 27a0907..cf36bf1 100644 --- a/home/modules/direnv.nix +++ b/home/modules/direnv.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.direnv; in { diff --git a/home/modules/git.nix b/home/modules/git.nix index 92c4c12..7762612 100644 --- a/home/modules/git.nix +++ b/home/modules/git.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.git; allowedSigners = pkgs.writeTextFile { name = "allowed-signers"; diff --git a/home/modules/gpg.nix b/home/modules/gpg.nix index baa17dd..d1af776 100644 --- a/home/modules/gpg.nix +++ b/home/modules/gpg.nix @@ -1,10 +1,8 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.gpg; in { diff --git a/home/modules/gtk.nix b/home/modules/gtk.nix index 5dcd2e6..eb6dae8 100644 --- a/home/modules/gtk.nix +++ b/home/modules/gtk.nix @@ -1,11 +1,9 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.gtk; in { diff --git a/home/modules/helix/default.nix b/home/modules/helix/default.nix index 7717423..2ffdc51 100644 --- a/home/modules/helix/default.nix +++ b/home/modules/helix/default.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: let cfg = config.dadada.home.helix; in diff --git a/home/modules/keyring.nix b/home/modules/keyring.nix index 48b8b54..e82d476 100644 --- a/home/modules/keyring.nix +++ b/home/modules/keyring.nix @@ -1,10 +1,8 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.keyring; in { diff --git a/home/modules/session.nix b/home/modules/session.nix index ba5c941..879400d 100644 --- a/home/modules/session.nix +++ b/home/modules/session.nix @@ -1,10 +1,8 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.session; in { diff --git a/home/modules/ssh.nix b/home/modules/ssh.nix index b8aab54..96f4ed3 100644 --- a/home/modules/ssh.nix +++ b/home/modules/ssh.nix @@ -1,10 +1,8 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.ssh; in { diff --git a/home/modules/syncthing.nix b/home/modules/syncthing.nix index 8095904..fd566b4 100644 --- a/home/modules/syncthing.nix +++ b/home/modules/syncthing.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.syncthing; in { diff --git a/home/modules/tmux.nix b/home/modules/tmux.nix index 063b8f2..70f2974 100644 --- a/home/modules/tmux.nix +++ b/home/modules/tmux.nix @@ -1,10 +1,8 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.tmux; in { diff --git a/home/modules/xdg.nix b/home/modules/xdg.nix index 02cadaf..cccf70e 100644 --- a/home/modules/xdg.nix +++ b/home/modules/xdg.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let apps = { "x-scheme-handler/mailto" = "evolution.desktop"; "message/rfc822" = "evolution.desktop"; diff --git a/home/modules/zsh.nix b/home/modules/zsh.nix index 96364ff..a095bff 100644 --- a/home/modules/zsh.nix +++ b/home/modules/zsh.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.home.zsh; in { @@ -47,7 +45,8 @@ in PROMPT="%F{red}%?%f %F{green}%m%f:%F{blue}%~%f"$'\n'"╰─> " RPROMPT='$(git_super_status)' ''; - profileExtra = ''''; + profileExtra = '' + ''; shellAliases = { ga = "git add"; gc = "git commit"; diff --git a/home/nixpkgs-config.nix b/home/nixpkgs-config.nix index 6a29a63..83fcdbc 100644 --- a/home/nixpkgs-config.nix +++ b/home/nixpkgs-config.nix @@ -1,5 +1,4 @@ -{ pkgs }: -{ +{ pkgs }: { allowUnfree = true; allowUnfreePredicate = pkg: true; allowBroken = false; diff --git a/home/pkgs.nix b/home/pkgs.nix index 8fd23e8..0facf12 100644 --- a/home/pkgs.nix +++ b/home/pkgs.nix @@ -1,6 +1,5 @@ { pkgs }: -with pkgs; -[ +with pkgs; [ anki aqbanking aria2 @@ -106,10 +105,7 @@ with pkgs; prusa-slicer pv pwgen - (python3.withPackages (pkgs: [ - pkgs.pandas - pkgs.requests - ])) + (python3.withPackages (pkgs: [pkgs.pandas pkgs.requests])) ranger reptyr ripgrep diff --git a/hydra-jobs.nix b/hydra-jobs.nix index 3369943..1d7dde7 100644 --- a/hydra-jobs.nix +++ b/hydra-jobs.nix @@ -1,4 +1,5 @@ { self, nixpkgs, ... }: -(nixpkgs.lib.mapAttrs' ( - name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel -) self.nixosConfigurations) +(nixpkgs.lib.mapAttrs' + (name: config: nixpkgs.lib.nameValuePair name config.config.system.build.toplevel) + self.nixosConfigurations +) diff --git a/nixos/agares/configuration.nix b/nixos/agares/configuration.nix index ba00c29..c8ab058 100644 --- a/nixos/agares/configuration.nix +++ b/nixos/agares/configuration.nix @@ -1,8 +1,7 @@ -{ - config, - modulesPath, - pkgs, - ... +{ config +, modulesPath +, pkgs +, ... }: { imports = [ @@ -31,10 +30,7 @@ fileSystems."/swap" = { device = "/dev/sda1"; fsType = "btrfs"; - options = [ - "subvol=/root/swap" - "noatime" - ]; + options = [ "subvol=/root/swap" "noatime" ]; }; #swapDevices = [{ @@ -53,14 +49,7 @@ networking.hostName = "agares"; networking.domain = "bs.dadada.li"; - boot.initrd.availableKernelModules = [ - "xhci_pci" - "ahci" - "ehci_pci" - "usb_storage" - "sd_mod" - "sdhci_pci" - ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; # Use the GRUB 2 boot loader. diff --git a/nixos/agares/dns.nix b/nixos/agares/dns.nix index fe2843f..7e52d8b 100644 --- a/nixos/agares/dns.nix +++ b/nixos/agares/dns.nix @@ -66,10 +66,7 @@ ]; stub-zone = let - stubZone = name: addrs: { - name = "${name}"; - stub-addr = addrs; - }; + stubZone = name: addrs: { name = "${name}"; stub-addr = addrs; }; in [ #(stubZone "li.dadada.bs" ["192.168.128.220" "2a01:4f8:c010:a710::1"]) diff --git a/nixos/agares/network.nix b/nixos/agares/network.nix index 6d86d22..af15e05 100644 --- a/nixos/agares/network.nix +++ b/nixos/agares/network.nix @@ -10,10 +10,7 @@ in enable = true; links = { "10-persistent" = { - matchConfig.OriginalName = [ - "enp1s0" - "enp2s0" - ]; # takes search domains from the [Network] + matchConfig.OriginalName = [ "enp1s0" "enp2s0" ]; # takes search domains from the [Network] linkConfig.MACAddressPolicy = "persistent"; }; }; @@ -52,21 +49,19 @@ in PrivateKeyFile = config.age.secrets."wg-privkey-vpn-dadada-li".path; ListenPort = 51234; }; - wireguardPeers = [ - { - wireguardPeerConfig = - let - peerAddresses = i: [ - "${ipv4Prefix}.120.${i}/32" - "${ulaPrefix}:120::${i}/128" - ]; - in - { - PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; - AllowedIPs = peerAddresses "3"; - }; - } - ]; + wireguardPeers = [{ + wireguardPeerConfig = + let + peerAddresses = i: [ + "${ipv4Prefix}.120.${i}/32" + "${ulaPrefix}:120::${i}/128" + ]; + in + { + PublicKey = "0eWP1hzkyoXlrjPSOq+6Y1u8tnFH+SejBJs8f8lf+iU="; + AllowedIPs = peerAddresses "3"; + }; + }]; }; "20-wg0" = { netdevConfig = { @@ -142,10 +137,7 @@ in "10-mgmt" = lib.mkMerge [ (subnet "enp1s0" "100") { - networkConfig.VLAN = [ - "lan.10" - "ff.11" - ]; + networkConfig.VLAN = [ "lan.10" "ff.11" ]; dhcpServerStaticLeases = [ { # legion @@ -166,24 +158,13 @@ in ]; "30-wg0" = { matchConfig.Name = "wg0"; - address = [ - "10.3.3.2/32" - "fd42:9c3b:f96d:121::2/128" - ]; + address = [ "10.3.3.2/32" "fd42:9c3b:f96d:121::2/128" ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = false; routes = [ - { - routeConfig = { - Destination = "10.3.3.1/24"; - }; - } - { - routeConfig = { - Destination = "fd42:9c3b:f96d:121::1/64"; - }; - } + { routeConfig = { Destination = "10.3.3.1/24"; }; } + { routeConfig = { Destination = "fd42:9c3b:f96d:121::1/64"; }; } ]; }; "30-lan" = subnet "lan.10" "101" // { @@ -285,14 +266,10 @@ in linkConfig.RequiredForOnline = false; routes = [ { - routeConfig = { - Destination = "${ipv4Prefix}.120.1/24"; - }; + routeConfig = { Destination = "${ipv4Prefix}.120.1/24"; }; } { - routeConfig = { - Destination = "${ulaPrefix}::120:1/64"; - }; + routeConfig = { Destination = "${ulaPrefix}::120:1/64"; }; } ]; }; diff --git a/nixos/agares/ppp.nix b/nixos/agares/ppp.nix index ffa5bc4..dc26e46 100644 --- a/nixos/agares/ppp.nix +++ b/nixos/agares/ppp.nix @@ -1,9 +1,4 @@ -{ - pkgs, - lib, - config, - ... -}: +{ pkgs, lib, config, ... }: let secretsPath = config.dadada.secrets.path; in diff --git a/nixos/gorgon/configuration.nix b/nixos/gorgon/configuration.nix index 9c8b8e3..13b861a 100644 --- a/nixos/gorgon/configuration.nix +++ b/nixos/gorgon/configuration.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: let xilinxJtag = pkgs.writeTextFile { @@ -105,18 +104,13 @@ in passwordFile = config.age.secrets.paperless.path; }; - systemd.tmpfiles.rules = - let - cfg = config.services.paperless; - in - [ - ( - if cfg.consumptionDirIsPublic then - "d '${cfg.consumptionDir}' 777 - - - -" - else - "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" - ) - ]; + systemd.tmpfiles.rules = let cfg = config.services.paperless; in [ + (if cfg.consumptionDirIsPublic then + "d '${cfg.consumptionDir}' 777 - - - -" + else + "d '${cfg.consumptionDir}' 770 ${cfg.user} ${config.users.users.${cfg.user}.group} - -" + ) + ]; age.secrets.paperless = { file = "${config.dadada.secrets.path}/paperless.age"; @@ -136,14 +130,12 @@ in ]; }; - hardware.printers.ensurePrinters = [ - { - name = "Brother_HL-L2300D"; - model = "everywhere"; - location = "BS"; - deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D"; - } - ]; + hardware.printers.ensurePrinters = [{ + name = "Brother_HL-L2300D"; + model = "everywhere"; + location = "BS"; + deviceUri = "ipp://192.168.101.29:631/printers/Brother_HL-L2300D"; + }]; environment.systemPackages = with pkgs; [ android-studio @@ -183,7 +175,7 @@ in saleaeLogic keychron pkgs.libsigrok - ]; # noMtpUdevRules ]; + ]; #noMtpUdevRules ]; virtualisation.libvirtd.enable = true; @@ -195,20 +187,7 @@ in users.users = { dadada = { isNormalUser = true; - extraGroups = [ - "wheel" - "networkmanager" - "libvirtd" - "adbusers" - "kvm" - "video" - "scanner" - "lp" - "docker" - "dialout" - "wireshark" - "paperless" - ]; + extraGroups = [ "wheel" "networkmanager" "libvirtd" "adbusers" "kvm" "video" "scanner" "lp" "docker" "dialout" "wireshark" "paperless" ]; shell = "/run/current-system/sw/bin/zsh"; }; }; diff --git a/nixos/gorgon/hardware-configuration.nix b/nixos/gorgon/hardware-configuration.nix index 30d7447..4155fae 100644 --- a/nixos/gorgon/hardware-configuration.nix +++ b/nixos/gorgon/hardware-configuration.nix @@ -1,26 +1,17 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: -{ +{ config +, lib +, pkgs +, modulesPath +, ... +}: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ - "nvme" - "ehci_pci" - "xhci_pci" - "usb_storage" - "sd_mod" - "rtsx_pci_sdmmc" - ]; + boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; diff --git a/nixos/modules/admin.nix b/nixos/modules/admin.nix index 07323da..873832d 100644 --- a/nixos/modules/admin.nix +++ b/nixos/modules/admin.nix @@ -1,16 +1,11 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.admin; - extraGroups = [ - "wheel" - "libvirtd" - ]; + extraGroups = [ "wheel" "libvirtd" ]; shells = { "bash" = pkgs.bashInteractive; @@ -21,32 +16,22 @@ let shellNames = builtins.attrNames shells; adminOpts = - { - name, - config, - ... - }: - { + { name + , config + , ... + }: { options = { keys = mkOption { type = types.listOf types.str; default = [ ]; - apply = - x: - assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); - x; + apply = x: assert (builtins.length x > 0 || abort "Please specify at least one key to be able to log in"); x; description = '' The keys that should be able to access the account. ''; }; shell = mkOption { type = types.nullOr types.str; - apply = - x: - assert ( - builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}" - ); - x; + apply = x: assert (builtins.elem x shellNames || abort "Please specify one of ${builtins.toString shellNames}"); x; default = "zsh"; defaultText = literalExpression "zsh"; example = literalExpression "bash"; @@ -96,12 +81,15 @@ in security.sudo.wheelNeedsPassword = false; services.openssh.openFirewall = true; - users.users = mapAttrs (user: keys: { - shell = shells."${keys.shell}"; - extraGroups = extraGroups; - isNormalUser = true; - openssh.authorizedKeys.keys = keys.keys; - }) cfg.users; + users.users = + mapAttrs + (user: keys: { + shell = shells."${keys.shell}"; + extraGroups = extraGroups; + isNormalUser = true; + openssh.authorizedKeys.keys = keys.keys; + }) + cfg.users; nix.settings.trusted-users = builtins.attrNames cfg.users; @@ -115,7 +103,7 @@ in services.tor.relay.onionServices = { "rat" = mkIf cfg.rat.enable { name = "rat"; - map = [ { port = 22; } ]; + map = [{ port = 22; }]; }; }; }; diff --git a/nixos/modules/backup.nix b/nixos/modules/backup.nix index 095fd35..0ec680f 100644 --- a/nixos/modules/backup.nix +++ b/nixos/modules/backup.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let backupExcludes = [ "/backup" "/dev" diff --git a/nixos/modules/borg-server.nix b/nixos/modules/borg-server.nix index 594f356..c1aceeb 100644 --- a/nixos/modules/borg-server.nix +++ b/nixos/modules/borg-server.nix @@ -1,11 +1,6 @@ { config, lib, ... }: let - inherit (lib) - mkEnableOption - mkIf - mkOption - types - ; + inherit (lib) mkEnableOption mkIf mkOption types; cfg = config.dadada.borgServer; in { @@ -25,41 +20,31 @@ in services.borgbackup.repos = { "metis" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" - ]; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnc1gCi8lbhlLmPKvaExtCxVaAni8RrOuHUQO6wTbzR root@metis" ]; path = "${cfg.path}/metis"; quota = "1T"; }; "gorgon" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" - ]; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP6p9b2D7y2W+9BGee2yk2xsCRewNNaE6oS3CqlW61ti root@gorgon" ]; path = "${cfg.path}/gorgon"; quota = "1T"; }; "surgat" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" - ]; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINGhatanrNG+M6jAkU7Yi44mJmTreJkqyZ6Z+qiEgV7O root@surgat" ]; path = "${cfg.path}/surgat"; quota = "50G"; }; "pruflas" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" - ]; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBk7f9DSnXCOIUsxFsjCKG23vHShV4TSzzPJunPOwa1I root@pruflas" ]; path = "${cfg.path}/pruflas"; quota = "50G"; }; "wohnzimmerpi" = { allowSubRepos = false; - authorizedKeysAppendOnly = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" - ]; + authorizedKeysAppendOnly = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK6uZ8mPQJWOL984gZKKPyxp7VLcxk42TpTh5iPP6N6k root@wohnzimmerpi" ]; path = "${cfg.path}/wohnzimmerpi"; quota = "50G"; }; diff --git a/nixos/modules/ddns.nix b/nixos/modules/ddns.nix index 594be6d..af7d725 100644 --- a/nixos/modules/ddns.nix +++ b/nixos/modules/ddns.nix @@ -1,70 +1,52 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.ddns; - ddnsConfig = - { - domains, - credentialsPath, - interface, - }: - { - systemd.timers = listToAttrs ( - forEach domains ( - domain: - nameValuePair "ddns-${domain}" { - wantedBy = [ "timers.target" ]; - partOf = [ "ddns-${domain}.service" ]; - timerConfig.OnCalendar = "hourly"; - } - ) - ); + ddnsConfig = { domains, credentialsPath, interface }: { + systemd.timers = listToAttrs (forEach domains (domain: + nameValuePair "ddns-${domain}" + { + wantedBy = [ "timers.target" ]; + partOf = [ "ddns-${domain}.service" ]; + timerConfig.OnCalendar = "hourly"; + })); - systemd.services = listToAttrs ( - forEach domains ( - domain: - nameValuePair "ddns-${domain}" { - serviceConfig = { - Type = "oneshot"; - PrivateTmp = true; - PrivateDevices = true; - PrivateUsers = true; - PrivateMounts = true; - PrivateIPC = true; - ProtectHome = true; - ProtectSystem = "strict"; - ProtectKernelTunables = true; - BindReadOnlyPaths = [ credentialsPath ]; - NoNewPrivileges = true; - CapabilitBoundingSet = [ ]; - }; - script = '' - function url() { - echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" - } + systemd.services = listToAttrs (forEach domains (domain: + nameValuePair "ddns-${domain}" + { + serviceConfig = { + Type = "oneshot"; + PrivateTmp = true; + PrivateDevices = true; + PrivateUsers = true; + PrivateMounts = true; + PrivateIPC = true; + ProtectHome = true; + ProtectSystem = "strict"; + ProtectKernelTunables = true; + BindReadOnlyPaths = [ credentialsPath ]; + NoNewPrivileges = true; + CapabilitBoundingSet = [ ]; + }; + script = '' + function url() { + echo "https://svc.joker.com/nic/update?username=$1&password=$2&hostname=$3" + } - IFS=':' - read -r user password < ${credentialsPath} - unset IFS + IFS=':' + read -r user password < ${credentialsPath} + unset IFS - curl_url=$(url "$user" "$password" ${domain}) + curl_url=$(url "$user" "$password" ${domain}) - ${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${ - if interface == null then "" else "--interface ${interface}" - } || true - ${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${ - if interface == null then "" else "--interface ${interface}" - } - ''; - } - ) - ); - }; + ${pkgs.curl}/bin/curl --ipv4 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} || true + ${pkgs.curl}/bin/curl --ipv6 "$curl_url" ${if interface == null then "" else "--interface ${interface}"} + ''; + })); + }; in { options = { diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index fa94c8c..d0554cc 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,16 +1,8 @@ { lib, ... }: -with lib; -let - modules' = - dir: - filterAttrs ( - name: type: - (name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory"))) - ) (builtins.readDir dir); - modules = - dir: - mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) ( - modules' dir - ); +with lib; let + modules' = dir: filterAttrs (name: type: (name != "default.nix" && name != "profiles" && ((hasSuffix ".nix" name) || (type == "directory")))) + (builtins.readDir dir); + modules = dir: mapAttrs' (name: _: nameValuePair (removeSuffix ".nix" name) (import (dir + "/${name}"))) + (modules' dir); in (modules ./.) diff --git a/nixos/modules/element.nix b/nixos/modules/element.nix index 2fcefec..2a45da1 100644 --- a/nixos/modules/element.nix +++ b/nixos/modules/element.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: let cfg = config.dadada.element; diff --git a/nixos/modules/fileShare.nix b/nixos/modules/fileShare.nix index a3a72ba..5b6a0f2 100644 --- a/nixos/modules/fileShare.nix +++ b/nixos/modules/fileShare.nix @@ -1,10 +1,8 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.fileShare; sharePath = "/mnt/storage/share"; ipv6 = "fd42:dead:beef::/48"; diff --git a/nixos/modules/gitea.nix b/nixos/modules/gitea.nix index 783bf6f..259815a 100644 --- a/nixos/modules/gitea.nix +++ b/nixos/modules/gitea.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: let cfg = config.dadada.forgejo; diff --git a/nixos/modules/headphones.nix b/nixos/modules/headphones.nix index 877be07..585a5dd 100644 --- a/nixos/modules/headphones.nix +++ b/nixos/modules/headphones.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.headphones; in { diff --git a/nixos/modules/homepage.nix b/nixos/modules/homepage.nix index 193e71e..b04c3b2 100644 --- a/nixos/modules/homepage.nix +++ b/nixos/modules/homepage.nix @@ -1,13 +1,11 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: let cfg = config.dadada.homepage; in -with lib; -{ +with lib; { options.dadada.homepage = { enable = mkEnableOption "Enable home page"; package = mkOption { diff --git a/nixos/modules/inputs.nix b/nixos/modules/inputs.nix index 9d18883..4db219c 100644 --- a/nixos/modules/inputs.nix +++ b/nixos/modules/inputs.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: let cfg = config.dadada.inputs; diff --git a/nixos/modules/profiles/backup.nix b/nixos/modules/profiles/backup.nix index d333804..a5ad0eb 100644 --- a/nixos/modules/profiles/backup.nix +++ b/nixos/modules/profiles/backup.nix @@ -21,8 +21,6 @@ in sshIdentityFile = config.age.secrets."${config.networking.hostName}-backup-ssh-key".path; }; - age.secrets."${config.networking.hostName}-backup-passphrase".file = - "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; - age.secrets."${config.networking.hostName}-backup-ssh-key".file = - "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; + age.secrets."${config.networking.hostName}-backup-passphrase".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase.age"; + age.secrets."${config.networking.hostName}-backup-ssh-key".file = "${secretsPath}/${config.networking.hostName}-backup-ssh-key.age"; } diff --git a/nixos/modules/profiles/base.nix b/nixos/modules/profiles/base.nix index b681d72..bc08040 100644 --- a/nixos/modules/profiles/base.nix +++ b/nixos/modules/profiles/base.nix @@ -1,9 +1,4 @@ -{ - config, - lib, - pkgs, - ... -}: +{ config, lib, pkgs, ... }: let mkDefault = lib.mkDefault; inputs = config.dadada.inputs; @@ -32,7 +27,7 @@ in nix.package = pkgs.lix; - nix.settings.substituters = [ "https://cache.nixos.org/" ]; + nix.settings.substituters = [ https://cache.nixos.org/ ]; nix.settings.trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" @@ -61,10 +56,7 @@ in services.resolved = { enable = mkDefault true; - fallbackDns = [ - "9.9.9.9#dns.quad9.net" - "2620:fe::fe:11#dns11.quad9.net" - ]; + fallbackDns = [ "9.9.9.9#dns.quad9.net" "2620:fe::fe:11#dns11.quad9.net" ]; }; programs.zsh.enable = mkDefault true; @@ -72,3 +64,4 @@ in # Avoid some bots services.openssh.ports = [ 2222 ]; } + diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix index de57714..ba131e1 100644 --- a/nixos/modules/profiles/cloud.nix +++ b/nixos/modules/profiles/cloud.nix @@ -21,13 +21,14 @@ in hostKeys = [ config.age.secrets."${initrdHostKey}".path ]; - authorizedKeys = - with lib; - concatLists ( - mapAttrsToList ( - name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ] - ) config.users.users - ); + authorizedKeys = with lib; + concatLists (mapAttrsToList + (name: user: + if elem "wheel" user.extraGroups then + user.openssh.authorizedKeys.keys + else + [ ]) + config.users.users); }; postCommands = '' echo 'cryptsetup-askpass' >> /root/.profile @@ -35,9 +36,7 @@ in }; assertions = lib.singleton { - assertion = - (config.boot.initrd.network.ssh.hostKeys != [ ]) - -> config.boot.loader.supportsInitrdSecrets == true; + assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true; message = "Refusing to store private keys in store"; }; diff --git a/nixos/modules/profiles/laptop.nix b/nixos/modules/profiles/laptop.nix index d9f0bde..bdba617 100644 --- a/nixos/modules/profiles/laptop.nix +++ b/nixos/modules/profiles/laptop.nix @@ -1,14 +1,12 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: let inputs = config.dadada.inputs; secretsPath = config.dadada.secrets.path; in -with lib; -{ +with lib; { imports = [ ./backup.nix ./base.nix @@ -55,6 +53,5 @@ with lib; passphrasePath = config.age.secrets."${config.networking.hostName}-backup-passphrase-gs".path; }; - age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = - "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; + age.secrets."${config.networking.hostName}-backup-passphrase-gs".file = "${secretsPath}/${config.networking.hostName}-backup-passphrase-gs.age"; } diff --git a/nixos/modules/profiles/server.nix b/nixos/modules/profiles/server.nix index 724655f..1aeab43 100644 --- a/nixos/modules/profiles/server.nix +++ b/nixos/modules/profiles/server.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -{ +with lib; { imports = [ ./backup.nix ./base.nix @@ -18,9 +16,7 @@ with lib; documentation.enable = mkDefault false; documentation.nixos.enable = mkDefault false; - services.btrfs.autoScrub.enable = mkDefault ( - (filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { } - ); + services.btrfs.autoScrub.enable = mkDefault ((filterAttrs (name: fs: fs.fsType == "btrfs") config.fileSystems) != { }); services.journald.extraConfig = '' SystemKeepFree = 2G diff --git a/nixos/modules/profiles/upgrade-pg-cluster.nix b/nixos/modules/profiles/upgrade-pg-cluster.nix index 486bf29..3042265 100644 --- a/nixos/modules/profiles/upgrade-pg-cluster.nix +++ b/nixos/modules/profiles/upgrade-pg-cluster.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: { environment.systemPackages = lib.mkIf config.services.postgresql.enable [ ( diff --git a/nixos/modules/share.nix b/nixos/modules/share.nix index 7c7410b..a4e5f9c 100644 --- a/nixos/modules/share.nix +++ b/nixos/modules/share.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.share; in { diff --git a/nixos/modules/steam.nix b/nixos/modules/steam.nix index b6b0846..82944eb 100644 --- a/nixos/modules/steam.nix +++ b/nixos/modules/steam.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.steam; in { diff --git a/nixos/modules/vpnServer.nix b/nixos/modules/vpnServer.nix index ee2298e..6c0513f 100644 --- a/nixos/modules/vpnServer.nix +++ b/nixos/modules/vpnServer.nix @@ -1,32 +1,28 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.vpnServer; - wgPeer = - { name, ... }: - { - options = { - name = mkOption { - internal = true; - default = name; - }; - id = mkOption { - description = "VPN client id"; - default = 0; - type = types.str; - }; - key = mkOption { - description = "VPN client public key"; - default = ""; - type = types.str; - }; + wgPeer = { name, ... }: { + options = { + name = mkOption { + internal = true; + default = name; + }; + id = mkOption { + description = "VPN client id"; + default = 0; + type = types.str; + }; + key = mkOption { + description = "VPN client public key"; + default = ""; + type = types.str; }; }; + }; in { options.dadada.vpnServer = { @@ -45,10 +41,13 @@ in privateKeyFile = "/var/lib/wireguard/wg0-key"; ips = [ "fd42:9c3b:f96d:0201::0/64" ]; listenPort = 51234; - peers = map (peer: { - allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ]; - publicKey = peer.key; - }) (attrValues cfg.peers); + peers = + map + (peer: { + allowedIPs = [ "fd42:9c3b:f96d:0201::${peer.id}/128" ]; + publicKey = peer.key; + }) + (attrValues cfg.peers); postSetup = '' wg set wg0 fwmark 51234 ip -6 route add table 2468 fd42:9c3b:f96d::/48 dev ens3 diff --git a/nixos/modules/weechat.nix b/nixos/modules/weechat.nix index 6ff0106..e3d8f48 100644 --- a/nixos/modules/weechat.nix +++ b/nixos/modules/weechat.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let cfg = config.dadada.weechat; in { diff --git a/nixos/modules/yubikey.nix b/nixos/modules/yubikey.nix index 4be4492..77f4394 100644 --- a/nixos/modules/yubikey.nix +++ b/nixos/modules/yubikey.nix @@ -1,11 +1,9 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: -with lib; -let +with lib; let yubikey = config.dadada.yubikey; in { diff --git a/nixos/ninurta/configuration.nix b/nixos/ninurta/configuration.nix index d4eed97..15c8a24 100644 --- a/nixos/ninurta/configuration.nix +++ b/nixos/ninurta/configuration.nix @@ -1,9 +1,4 @@ -{ - config, - pkgs, - lib, - ... -}: +{ config, pkgs, lib, ... }: let hostAliases = [ "ifrit.dadada.li" @@ -42,10 +37,7 @@ in }; }; - services.openssh.ports = [ - 22 - 2222 - ]; + services.openssh.ports = [ 22 2222 ]; dadada.backupClient.bs.enable = false; dadada.backupClient.backup1.enable = false; @@ -67,9 +59,7 @@ in boot.loader.efi.canTouchEfiVariables = true; assertions = lib.singleton { - assertion = - (config.boot.initrd.network.ssh.hostKeys != [ ]) - -> config.boot.loader.supportsInitrdSecrets == true; + assertion = (config.boot.initrd.network.ssh.hostKeys != [ ]) -> config.boot.loader.supportsInitrdSecrets == true; message = "Refusing to store private keys in store"; }; @@ -193,12 +183,7 @@ in { hostName = "localhost"; system = "x86_64-linux"; - supportedFeatures = [ - "kvm" - "nixos-test" - "big-parallel" - "benchmark" - ]; + supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; maxJobs = 16; } ]; @@ -292,48 +277,26 @@ in }; "30-wg0" = { matchConfig.Name = "wg0"; - address = [ - "10.3.3.3/32" - "fd42:9c3b:f96d:121::3/128" - ]; + address = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = false; routes = [ - { - routeConfig = { - Destination = "10.3.3.1/24"; - }; - } - { - routeConfig = { - Destination = "fd42:9c3b:f96d:121::1/64"; - }; - } + { routeConfig = { Destination = "10.3.3.1/24"; }; } + { routeConfig = { Destination = "fd42:9c3b:f96d:121::1/64"; }; } ]; }; "30-uwu" = { matchConfig.Name = "uwu"; - address = [ - "10.11.0.39/24" - "fc00:1337:dead:beef::10.11.0.39/128" - ]; + address = [ "10.11.0.39/24" "fc00:1337:dead:beef::10.11.0.39/128" ]; dns = [ "10.11.0.1%uwu#uwu" ]; domains = [ "uwu" ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = false; routes = [ - { - routeConfig = { - Destination = "10.11.0.0/22"; - }; - } - { - routeConfig = { - Destination = "fc00:1337:dead:beef::10.11.0.0/118"; - }; - } + { routeConfig = { Destination = "10.11.0.0/22"; }; } + { routeConfig = { Destination = "fc00:1337:dead:beef::10.11.0.0/118"; }; } ]; }; "20-br0" = { @@ -374,10 +337,7 @@ in { wireguardPeerConfig = { PublicKey = "KzL+PKlv4LktIqqTqC9Esw8dkSZN2qSn/vq76UHbOlY="; - AllowedIPs = [ - "10.3.3.1/32" - "fd42:9c3b:f96d:121::1/128" - ]; + AllowedIPs = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ]; PersistentKeepalive = 25; Endpoint = "surgat.dadada.li:51235"; }; @@ -385,10 +345,7 @@ in { wireguardPeerConfig = { PublicKey = "INfv++4R+Kd2jdh/3CooM70ZeeoN6aeU6mo+T4C8gWU="; - AllowedIPs = [ - "10.3.3.2/32" - "fd42:9c3b:f96d:121::2/128" - ]; + AllowedIPs = [ "10.3.3.2/32" "fd42:9c3b:f96d:121::2/128" ]; Endpoint = "192.168.101.1:51235"; }; } @@ -402,21 +359,15 @@ in wireguardConfig = { PrivateKeyFile = config.age.secrets.${uwuPrivKey}.path; }; - wireguardPeers = [ - { - wireguardPeerConfig = { - PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; - AllowedIPs = [ - "10.11.0.0/22" - "fc00:1337:dead:beef::10.11.0.0/118" - "192.168.178.0/23" - ]; - PersistentKeepalive = 25; - PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; - Endpoint = "53c70r.de:51820"; - }; - } - ]; + wireguardPeers = [{ + wireguardPeerConfig = { + PublicKey = "tuoiOWqgHz/lrgTcLjX+xIhvxh9jDH6gmDw2ZMvX5T8="; + AllowedIPs = [ "10.11.0.0/22" "fc00:1337:dead:beef::10.11.0.0/118" "192.168.178.0/23" ]; + PersistentKeepalive = 25; + PresharedKeyFile = config.age.secrets.${uwuPresharedKey}.path; + Endpoint = "53c70r.de:51820"; + }; + }]; }; }; }; diff --git a/nixos/ninurta/hardware-configuration.nix b/nixos/ninurta/hardware-configuration.nix index cd6b64b..8de34e8 100644 --- a/nixos/ninurta/hardware-configuration.nix +++ b/nixos/ninurta/hardware-configuration.nix @@ -1,115 +1,89 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... -}: +{ config, lib, modulesPath, ... }: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; - boot.initrd.availableKernelModules = [ - "igc" - "xhci_pci" - "thunderbolt" - "ahci" - "nvme" - "usbhid" - "usb_storage" - "sd_mod" - ]; + boot.initrd.availableKernelModules = [ "igc" "xhci_pci" "thunderbolt" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ "compress=zstd" ]; - }; + fileSystems."/" = + { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "compress=zstd" ]; + }; boot.initrd.luks.devices."luks".device = "/dev/disk/by-uuid/bac4ee0e-e393-414f-ac3e-1ec20739abae"; - fileSystems."/swap" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ - "subvol=swap" - "noatime" - ]; - }; - - fileSystems."/nix" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ - "subvol=nix" - "noatime" - "compress=zstd" - ]; - }; - - fileSystems."/var" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ - "subvol=var" - "compress=zstd" - ]; - }; - - fileSystems."/home" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ - "subvol=home" - "compress=zstd" - ]; - }; - - fileSystems."/root" = { - device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; - fsType = "btrfs"; - options = [ - "subvol=root" - "compress=zstd" - ]; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/2E20-49CB"; - fsType = "vfat"; - }; - - swapDevices = [ + fileSystems."/swap" = { - device = "/swap/swapfile"; - size = 32 * 1024; # 32 GByte - } - ]; + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "subvol=swap" "noatime" ]; + }; - fileSystems."/mnt/storage" = { - device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; - fsType = "btrfs"; - options = [ - "subvol=root" - "compress=zstd" - ]; - }; + fileSystems."/nix" = + { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "subvol=nix" "noatime" "compress=zstd" ]; + }; - fileSystems."/mnt/storage/backups" = { - device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; - fsType = "btrfs"; - options = [ - "subvol=backups" - "noatime" - ]; - }; + fileSystems."/var" = + { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "subvol=var" "compress=zstd" ]; + }; + + fileSystems."/home" = + { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "subvol=home" "compress=zstd" ]; + }; + + fileSystems."/root" = + { + device = "/dev/disk/by-uuid/7ca5fd2a-2a56-48fe-bd48-1e51b6a66714"; + fsType = "btrfs"; + options = [ "subvol=root" "compress=zstd" ]; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/2E20-49CB"; + fsType = "vfat"; + }; + + swapDevices = [{ + device = "/swap/swapfile"; + size = 32 * 1024; # 32 GByte + }]; + + + fileSystems."/mnt/storage" = + { + device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; + fsType = "btrfs"; + options = [ "subvol=root" "compress=zstd" ]; + }; + + + fileSystems."/mnt/storage/backups" = + { + device = "/dev/disk/by-uuid/ce483e75-5886-4b03-a3f9-675b80560ac9"; + fsType = "btrfs"; + options = [ "subvol=backups" "noatime" ]; + }; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; diff --git a/nixos/surgat/configuration.nix b/nixos/surgat/configuration.nix index 5cd9596..f2c7ba2 100644 --- a/nixos/surgat/configuration.nix +++ b/nixos/surgat/configuration.nix @@ -1,7 +1,6 @@ -{ - config, - pkgs, - ... +{ config +, pkgs +, ... }: let hostName = "surgat"; @@ -86,29 +85,14 @@ in }; "10-ninurta" = { matchConfig.Name = "ninurta"; - address = [ - "10.3.3.1/32" - "fd42:9c3b:f96d:121::1/128" - ]; + address = [ "10.3.3.1/32" "fd42:9c3b:f96d:121::1/128" ]; DHCP = "no"; networkConfig.IPv6AcceptRA = false; linkConfig.RequiredForOnline = "no"; routes = [ - { - routeConfig = { - Destination = "10.3.3.3/24"; - }; - } - { - routeConfig = { - Destination = "fd42:9c3b:f96d:121::/64"; - }; - } - { - routeConfig = { - Destination = "fd42:9c3b:f96d:101::/64"; - }; - } + { routeConfig = { Destination = "10.3.3.3/24"; }; } + { routeConfig = { Destination = "fd42:9c3b:f96d:121::/64"; }; } + { routeConfig = { Destination = "fd42:9c3b:f96d:101::/64"; }; } ]; }; }; @@ -122,18 +106,12 @@ in PrivateKeyFile = "/var/lib/wireguard/hydra"; ListenPort = 51235; }; - wireguardPeers = [ - { - wireguardPeerConfig = { - PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; - AllowedIPs = [ - "10.3.3.3/32" - "fd42:9c3b:f96d:121::3/128" - "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" - ]; - }; - } - ]; + wireguardPeers = [{ + wireguardPeerConfig = { + PublicKey = "Kw2HVRb1zeA7NAzBvI3UzmOj45VqM358EBuZWdlAUDE="; + AllowedIPs = [ "10.3.3.3/32" "fd42:9c3b:f96d:121::3/128" "fd42:9c3b:f96d:101:4a21:bff:fe3e:9cfe/128" ]; + }; + }]; }; }; }; @@ -165,10 +143,7 @@ in services.resolved = { enable = true; - fallbackDns = [ - "9.9.9.9" - "2620:fe::fe" - ]; + fallbackDns = [ "9.9.9.9" "2620:fe::fe" ]; }; system.autoUpgrade.allowReboot = false; diff --git a/nixos/surgat/hardware-configuration.nix b/nixos/surgat/hardware-configuration.nix index 8476779..71b7257 100644 --- a/nixos/surgat/hardware-configuration.nix +++ b/nixos/surgat/hardware-configuration.nix @@ -1,25 +1,17 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: -{ +{ config +, lib +, pkgs +, modulesPath +, ... +}: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = [ - "ata_piix" - "virtio_pci" - "xhci_pci" - "sd_mod" - "sr_mod" - ]; + boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; diff --git a/outputs.nix b/outputs.nix index aea7953..d588f6e 100644 --- a/outputs.nix +++ b/outputs.nix @@ -26,7 +26,7 @@ in import ./devshell.nix { inherit pkgs extraModules; }; - formatter = pkgs.nixfmt-tree; + formatter = pkgs.nixpkgs-fmt; packages = import ./pkgs { inherit pkgs; } // { installer-iso = self.nixosConfigurations.installer.config.system.build.isoImage; diff --git a/overlays.nix b/overlays.nix index ffcd441..2c63c08 100644 --- a/overlays.nix +++ b/overlays.nix @@ -1 +1,2 @@ -{ } +{ +} diff --git a/pkgs/default.nix b/pkgs/default.nix index 9fce6e9..c78fe50 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1 +1,2 @@ -{ pkgs }: { } +{ pkgs }: +{ } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1da186e..946d855 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -9,82 +9,30 @@ let surgat = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOJ9UgAle5sX0pAawfRztckVwaQm2U8o0Bawv7cZfXE root@surgat"; }; backupSecrets = hostName: { - "${hostName}-backup-passphrase.age".publicKeys = [ - systems.${hostName} - dadada - ]; - "${hostName}-backup-ssh-key.age".publicKeys = [ - systems.${hostName} - dadada - ]; + "${hostName}-backup-passphrase.age".publicKeys = [ systems.${hostName} dadada ]; + "${hostName}-backup-ssh-key.age".publicKeys = [ systems.${hostName} dadada ]; }; in { - "pruflas-wg0-key.age".publicKeys = [ - systems.ninurta - dadada - ]; - "pruflas-wg0-preshared-key.age".publicKeys = [ - systems.ninurta - dadada - ]; - "pruflas-wg-hydra-key.age".publicKeys = [ - systems.ninurta - dadada - ]; - "hydra-github-authorization.age".publicKeys = [ - systems.ninurta - dadada - ]; - "miniflux-admin-credentials.age".publicKeys = [ - systems.surgat - dadada - ]; - "gorgon-backup-passphrase-gs.age".publicKeys = [ - systems.gorgon - dadada - ]; - "paperless.age".publicKeys = [ - systems.gorgon - dadada - ]; - "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ - systems.surgat - dadada - ]; - "surgat-ssh_host_ed25519_key.age".publicKeys = [ - systems.surgat - dadada - ]; - "ninurta-initrd-ssh-key.age".publicKeys = [ - systems.ninurta - dadada - ]; - "ddns-credentials.age".publicKeys = [ - systems.agares - systems.ninurta - dadada - ]; - "etc-ppp-chap-secrets.age".publicKeys = [ - systems.agares - dadada - ]; - "etc-ppp-telekom-secret.age".publicKeys = [ - systems.agares - dadada - ]; - "wg-privkey-vpn-dadada-li.age".publicKeys = [ - systems.agares - dadada - ]; - "agares-wg0-key.age".publicKeys = [ - systems.agares - dadada - ]; -} -// backupSecrets "ninurta" -// backupSecrets "gorgon" -// backupSecrets "ifrit" -// backupSecrets "pruflas" -// backupSecrets "surgat" -// backupSecrets "agares" + "pruflas-wg0-key.age".publicKeys = [ systems.ninurta dadada ]; + "pruflas-wg0-preshared-key.age".publicKeys = [ systems.ninurta dadada ]; + "pruflas-wg-hydra-key.age".publicKeys = [ systems.ninurta dadada ]; + "hydra-github-authorization.age".publicKeys = [ systems.ninurta dadada ]; + "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ]; + "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ]; + "paperless.age".publicKeys = [ systems.gorgon dadada ]; + "initrd-surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; + "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ]; + "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ]; + "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ]; + "etc-ppp-chap-secrets.age".publicKeys = [ systems.agares dadada ]; + "etc-ppp-telekom-secret.age".publicKeys = [ systems.agares dadada ]; + "wg-privkey-vpn-dadada-li.age".publicKeys = [ systems.agares dadada ]; + "agares-wg0-key.age".publicKeys = [ systems.agares dadada ]; +} // +backupSecrets "ninurta" // +backupSecrets "gorgon" // +backupSecrets "ifrit" // +backupSecrets "pruflas" // +backupSecrets "surgat" // +backupSecrets "agares"