statix

2024-07-30 18:47:59 -05:00 · 2024-07-30 18:47:59 -05:00 · fb545ba987
commit fb545ba987
parent b6132b689e
16 changed files with 314 additions and 264 deletions
--- a/nixos/home/modules/shell/git/default.nix
+++ b/nixos/home/modules/shell/git/default.nix
@ -18,10 +18,10 @@ in

  config = lib.mkMerge [
    (lib.mkIf cfg.enable {
-      programs.gh.enable = true;
-      programs.gpg.enable = true;
-
-      programs.git = {
+      programs = {
+        gh.enable = true;
+        gpg.enable = true;
+        git = {
          enable = true;

          userName = cfg.username;
@ -58,6 +58,7 @@ in
            ".venv"
          ];
        };
+      };

      home.packages = [
        pkgs.git-filter-repo
--- a/nixos/hosts/durincore/default.nix
+++ b/nixos/hosts/durincore/default.nix
@ -12,21 +12,26 @@
      extraModulePackages = [ ];
    };

-    fileSystems."/" =
-      { device = "rpool/root";
+    fileSystems = {
+      "/" =
+        {
+          device = "rpool/root";
          fsType = "zfs";
        };

-    fileSystems."/home" =
-      { device = "rpool/home";
+      "/home" =
+        {
+          device = "rpool/home";
          fsType = "zfs";
        };

-    fileSystems."/boot" =
-      { device = "/dev/disk/by-uuid/F1B9-CA7C";
+      "/boot" =
+        {
+          device = "/dev/disk/by-uuid/F1B9-CA7C";
          fsType = "vfat";
          options = [ "fmask=0077" "dmask=0077" ];
        };
+    };

    swapDevices = [ ];

--- a/nixos/hosts/gandalf/default.nix
+++ b/nixos/hosts/gandalf/default.nix
@ -79,13 +79,17 @@ in
      # NFS
      nfs.enable = true;
      # Samba
-      samba.enable = true;
-      samba.shares = import ./config/samba-shares.nix { };
-      samba.extraConfig = import ./config/samba-config.nix { };
-      resticBackup.local.enable = false;
-      resticBackup.remote.enable = false;
-      resticBackup.local.noWarning = true;
-      resticBackup.remote.noWarning = true;
+      samba = {
+        enable = true;
+        shares = import ./config/samba-shares.nix { };
+        extraConfig = import ./config/samba-config.nix { };
+      };
+      resticBackup = {
+        local.enable = false;
+        remote.enable = false;
+        local.noWarning = true;
+        remote.noWarning = true;
+      };
      # Borg
      borgbackup = {
        enable = true;
--- a/nixos/hosts/legiondary/default.nix
+++ b/nixos/hosts/legiondary/default.nix
@ -5,7 +5,8 @@

 {
  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
    ];

  networking.hostId = "2132e3bf";
@ -17,25 +18,32 @@
    extraModulePackages = [ ];
  };

-  fileSystems."/" =
-    { device = "zroot/root";
+  fileSystems =
+    {
+      "/" =
+        {
+          device = "zroot/root";
          fsType = "zfs";
        };

-  fileSystems."/nix" =
-    { device = "zroot/nix";
+      "/nix" =
+        {
+          device = "zroot/nix";
          fsType = "zfs";
        };

-  fileSystems."/var" =
-    { device = "zroot/var";
+      "/var" =
+        {
+          device = "zroot/var";
          fsType = "zfs";
        };

-  fileSystems."/home" =
-    { device = "zroot/home";
+      "/home" =
+        {
+          device = "zroot/home";
          fsType = "zfs";
        };
+    };

  # fileSystems."/boot" =
  #   { device = "/dev/disk/by-uuid/E532-B74A";
--- a/nixos/hosts/telchar/default.nix
+++ b/nixos/hosts/telchar/default.nix
@ -18,25 +18,27 @@
    extraModulePackages = [ ];
  };

-  fileSystems."/" = {
+  fileSystems = {
+    "/" = {
      device = "zroot/root";
      fsType = "zfs";
    };

-  fileSystems."/nix" = {
+    "/nix" = {
      device = "zroot/nix";
      fsType = "zfs";
    };

-  fileSystems."/var" = {
+    "/var" = {
      device = "zroot/var";
      fsType = "zfs";
    };

-  fileSystems."/home" = {
+    "/home" = {
      device = "zroot/home";
      fsType = "zfs";
    };
+  };

  swapDevices = [ ];
  virtualisation.docker.enable = true;
@ -45,10 +47,12 @@
  # System settings and services.
  mySystem = {
    purpose = "Development";
-    system.motd.networkInterfaces = [ "wlp1s0" ];
+    system = {
+      motd.networkInterfaces = [ "wlp1s0" ];
+      fingerprint-reader-on-laptop-lid.enable = true;
+      borg.pika-backup.enable = true;
+    };
    security._1password.enable = true;
-    system.fingerprint-reader-on-laptop-lid.enable = true;
    framework_wifi_swap.enable = true;
-    system.borg.pika-backup.enable = true;
  };
 }
--- a/nixos/hosts/telperion/default.nix
+++ b/nixos/hosts/telperion/default.nix
@ -17,26 +17,27 @@
    kernelModules = [ "kvm-intel" ];
    extraModulePackages = [ ];
  };
-
-  fileSystems."/" = {
+  fileSystems = {
+    "/" = {
      device = "zroot/root";
      fsType = "zfs";
    };

-  fileSystems."/nix" = {
+    "/nix" = {
      device = "zroot/nix";
      fsType = "zfs";
    };

-  fileSystems."/var" = {
+    "/var" = {
      device = "zroot/var";
      fsType = "zfs";
    };

-  fileSystems."/home" = {
+    "/home" = {
      device = "zroot/home";
      fsType = "zfs";
    };
+  };

  swapDevices = [ ];

@ -65,11 +66,15 @@
  # System settings and services.
  mySystem = {
    purpose = "Production";
-    system.motd.networkInterfaces = [ "enp2s0" "wlp3s0" ];
-    system.resticBackup.local.enable = false;
-    system.resticBackup.remote.enable = false;
-    system.resticBackup.local.noWarning = true;
-    system.resticBackup.remote.noWarning = true;
+    system = {
+      motd.networkInterfaces = [ "enp2s0" "wlp3s0" ];
+      resticBackup = {
+        local.enable = false;
+        remote.enable = false;
+        local.noWarning = true;
+        remote.noWarning = true;
+      };
+    };

    services = {
      podman.enable = true;
--- a/nixos/hosts/varda/default.nix
+++ b/nixos/hosts/varda/default.nix
@ -3,21 +3,22 @@

  networking.hostId = "cdab8473";
  networking.hostName = "varda"; # Define your hostname.
-
-  fileSystems."/" = {
+  fileSystems = {
+    "/" = {
      device = "rpool/root";
      fsType = "zfs";
    };

-  fileSystems."/home" = {
+    "/home" = {
      device = "rpool/home";
      fsType = "zfs";
    };

-  fileSystems."/boot" = {
+    "/boot" = {
      device = "/dev/disk/by-uuid/8091-E7F2";
      fsType = "vfat";
    };
+  };

  swapDevices = [ ];

--- a/nixos/modules/nixos/de/gnome.nix
+++ b/nixos/modules/nixos/de/gnome.nix
@ -4,12 +4,14 @@ let
  cfg = config.mySystem.de.gnome;
 in
 {
-  options.mySystem.de.gnome.enable = mkEnableOption "GNOME";
-  options.mySystem.de.gnome.systrayicons = mkEnableOption "Enable systray icons" // { default = true; };
-  options.mySystem.de.gnome.gsconnect = mkEnableOption "Enable gsconnect (KDEConnect for GNOME)" // { default = true; };
+  options = {
+    mySystem.de.gnome = {
+      systrayicons = mkEnableOption "Enable systray icons" // { default = true; };
+      gsconnect = mkEnableOption "Enable gsconnect (KDEConnect for GNOME)" // { default = true; };
+    };
+  };

  config = mkIf cfg.enable {
-
    # Ref: https://nixos.wiki/wiki/GNOME

    # GNOME plz
--- a/nixos/modules/nixos/default.nix
+++ b/nixos/modules/nixos/default.nix
@ -13,43 +13,45 @@ with lib;
    ./system
  ];

-  options.mySystem.persistentFolder = mkOption {
+  options.mySystem = {
+    persistentFolder = mkOption {
      type = types.str;
      description = "persistent folder for nixos mutable files";
      default = "/persist";
    };

-  options.mySystem.nasFolder = mkOption {
+    nasFolder = mkOption {
      type = types.str;
      description = "folder where nas mounts reside";
      default = "/mnt/nas";
    };

-  options.mySystem.nasAddress = mkOption {
+    nasAddress = mkOption {
      type = types.str;
      description = "NAS Address or name for the backup nas";
      default = "10.1.1.13";
    };

-  options.mySystem.domain = mkOption {
+    domain = mkOption {
      type = types.str;
      description = "domain for hosted services";
      default = "";
    };

-  options.mySystem.internalDomain = mkOption {
+    internalDomain = mkOption {
      type = types.str;
      description = "domain for local devices";
      default = "";
    };

-  options.mySystem.purpose = mkOption {
+    purpose = mkOption {
      type = types.str;
      description = "System purpose";
      default = "Development";
    };
+  };

-  options.mySystem.monitoring.prometheus.scrapeConfigs = mkOption {
+  monitoring.prometheus.scrapeConfigs = mkOption {
    type = lib.types.listOf lib.types.attrs;
    description = "Prometheus scrape targets";
    default = [ ];
--- a/nixos/modules/nixos/hardware/nvidia/default.nix
+++ b/nixos/modules/nixos/hardware/nvidia/default.nix
@ -8,9 +8,11 @@ in

  config = mkIf cfg.enable {

+    environment.sessionVariables.NIXOS_OZONE_WL = "1";
    # ref: https://nixos.wiki/wiki/Nvidia
    # Enable OpenGL
-    hardware.opengl = {
+    hardware = {
+      opengl = {
        enable = true;
        driSupport = true;
        driSupport32Bit = true;
@ -21,7 +23,6 @@ in
      ];

      # This is for the benefit of VSCODE running natively in wayland
-    environment.sessionVariables.NIXOS_OZONE_WL = "1";

      hardware.nvidia = {

@ -73,6 +74,7 @@ in
            # patches = [ rcu_patch ];
          };
      };
+    };

    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  };
--- a/nixos/modules/nixos/services/podman/default.nix
+++ b/nixos/modules/nixos/services/podman/default.nix
@ -34,17 +34,19 @@ in

      programs.fish.shellAliases = {
        # lazydocker --> lazypodman
-        lazypodman="sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker";
+        lazypodman = "sudo DOCKER_HOST=unix:///run/podman/podman.sock lazydocker";
      };

      networking.firewall.interfaces.podman0.allowedUDPPorts = [ 53 ];

      # extra user for containers
-      users.users.kah = {
+      users = {
+        kah = {
          uid = 568;
          group = "kah";
        };
-      users.groups.kah = { };
-      users.users.jahanson.extraGroups = [ "kah" ];
+        groups.kah = { };
+        jahanson.extraGroups = [ "kah" ];
+      };
    };
 }
--- a/nixos/modules/nixos/services/radicale/default.nix
+++ b/nixos/modules/nixos/services/radicale/default.nix
@ -52,8 +52,19 @@ in
      directories = [ "/var/lib/radicale/" ];
    };

+
+    services =
+      {
        ## service
-    services.radicale = {
+        nginx.virtualHosts.${host} = {
+          useACMEHost = config.networking.domain;
+          forceSSL = true;
+          locations."/" = {
+            proxyPass = "http://127.0.0.1:${builtins.toString port}";
+          };
+        };
+        ### Ingress
+        radicale = {
          enable = true;
          settings = {
            server.hosts = [ "0.0.0.0:${builtins.toString port}" ];
@ -66,14 +77,6 @@ in
            storage.filesystem_folder = "/var/lib/radicale/collections";
          };
        };
-
-    ### Ingress
-    services.nginx.virtualHosts.${host} = {
-      useACMEHost = config.networking.domain;
-      forceSSL = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:${builtins.toString port}";
-      };
      };

    ### firewall config
--- a/nixos/modules/nixos/system/samba/default.nix
+++ b/nixos/modules/nixos/system/samba/default.nix
@ -17,9 +17,13 @@ in
  };

  config = lib.mkIf cfg.enable {
-    services.samba.enable = true;
-    services.samba.extraConfig = cfg.extraConfig;
-    services.samba.shares = cfg.shares;
-    services.samba.openFirewall = true;
+    services = {
+      samaba = {
+        enable = true;
+        inherit (cfg) extraConfig;
+        inherit (cfg) shares;
+        openFirewall = true;
+      };
+    };
  };
 }
--- a/nixos/profiles/global/sops.nix
+++ b/nixos/profiles/global/sops.nix
@ -2,13 +2,15 @@
 {
  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  # Secret for machine-specific pushover
-  sops.secrets."services/pushover/env" = {
+  sops.secrets = {
+    "services/pushover/env" = {
      sopsFile = ./secrets.sops.yaml;
    };
-  sops.secrets.pushover-user-key = {
+    pushover-user-key = {
      sopsFile = ./secrets.sops.yaml;
    };
-  sops.secrets.pushover-api-key = {
+    pushover-api-key = {
      sopsFile = ./secrets.sops.yaml;
    };
+  };
 }
--- a/nixos/profiles/hw-hetzner-cax.nix
+++ b/nixos/profiles/hw-hetzner-cax.nix
@ -1,12 +1,14 @@
 { lib, ... }: {
  imports = [ ];

-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-  boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
+  boot = {
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+    initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod" ];
+    initrd.kernelModules = [ ];
+    kernelModules = [ ];
+    extraModulePackages = [ ];
+  };

  mySystem = {
    services.openssh.enable = true;
--- a/nixos/profiles/role-server.nix
+++ b/nixos/profiles/role-server.nix
@ -6,10 +6,13 @@ with lib;
 {
  config = {
    # Enable monitoring for remote scraping
-    mySystem.services.rebootRequiredCheck.enable = true;
-    mySystem.security.wheelNeedsSudoPassword = false;
-    mySystem.services.cockpit.enable = true;
-    mySystem.system.motd.enable = true;
+    mySystem = {
+      services.rebootRequiredCheck.enable = true;
+      security.wheelNeedsSudoPassword = false;
+      services.cockpit.enable = true;
+      system.motd.enable = true;
+    };
+
    nix.settings = {
      # TODO factor out into mySystem
      # Avoid disk full issues