From c6e6e00b66e561f053cf366269b78e109192cd01 Mon Sep 17 00:00:00 2001 From: truxnell <19149206+truxnell@users.noreply.github.com> Date: Mon, 18 Mar 2024 20:26:02 +1100 Subject: [PATCH] chore: initial format --- Taskfile.yaml | 5 ++ flake.nix | 33 +++++++------ images/iso.nix | 9 ++-- images/rpi/flake.nix | 49 ++++++++++--------- nixos/hosts/bootstrap/configuration.nix | 13 +++-- nixos/hosts/common/nixos/auto-upgrade.nix | 13 ++--- nixos/hosts/common/nixos/default.nix | 13 +++-- nixos/hosts/common/nixos/locale.nix | 2 +- nixos/hosts/common/nixos/nix.nix | 9 ++-- nixos/hosts/common/nixos/openssh.nix | 15 +++--- nixos/hosts/common/nixos/packages.nix | 9 ++-- .../common/nixos/users/truxnell/default.nix | 15 +++--- nixos/hosts/common/optional/chrony.nix | 11 ++--- .../common/optional/cloudflare-dyndns.nix | 11 ++--- .../hosts/common/optional/dnscrypt-proxy2.nix | 17 +++---- .../optional/editors/vscode/extensions.nix | 6 ++- nixos/hosts/common/optional/firefox.nix | 9 ++-- nixos/hosts/common/optional/gnome.nix | 9 ++-- nixos/hosts/common/optional/maddy.nix | 13 +++-- nixos/hosts/common/optional/monitoring.nix | 9 ++-- .../hosts/common/optional/reboot-required.nix | 9 ++-- nixos/hosts/common/optional/sops-nix.nix | 11 ++--- nixos/hosts/nixosvm/default.nix | 9 ++-- .../hosts/nixosvm/hardware-configuration.nix | 23 +++++---- nixos/hosts/playground/default.nix | 9 ++-- nixos/hosts/playground/playground.nix | 15 +++--- nixos/overlays/default.nix | 2 +- nixpkgs.nix | 8 --- 28 files changed, 172 insertions(+), 184 deletions(-) delete mode 100644 nixpkgs.nix diff --git a/Taskfile.yaml b/Taskfile.yaml index 166364c..0d80508 100644 --- a/Taskfile.yaml +++ b/Taskfile.yaml @@ -28,3 +28,8 @@ tasks: cmds: - task: lint - task: pc-run + + format: + desc: Check project files + cmds: + - nixpkgs-fmt {{.ROOT_DIR}} diff --git a/flake.nix b/flake.nix index 0c33439..4848ee3 100644 --- a/flake.nix +++ b/flake.nix @@ -18,21 +18,22 @@ inputs.nixpkgs.follows = "nixpkgs"; }; }; - outputs = { - self, - nixpkgs, - sops-nix, - ... - } @ inputs: let - inherit (self) outputs; - forAllSystems = nixpkgs.lib.genAttrs [ - "aarch64-linux" - # "i686-linux" - "x86_64-linux" - # "aarch64-darwin" - # "x86_64-darwin" - ]; - in + outputs = + { self + , nixpkgs + , sops-nix + , ... + } @ inputs: + let + inherit (self) outputs; + forAllSystems = nixpkgs.lib.genAttrs [ + "aarch64-linux" + # "i686-linux" + "x86_64-linux" + # "aarch64-darwin" + # "x86_64-darwin" + ]; + in with inputs; { # Use nixpkgs-fmt for 'nix fmt' formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt); @@ -48,7 +49,7 @@ # Technically, adding the inputs is redundant as they can be also # accessed with flake-self.inputs.X, but adding them individually # allows to only pass what is needed to each module. - specialArgs = {flake-self = self;} // inputs; + specialArgs = { flake-self = self; } // inputs; system = "x86_64-linux"; diff --git a/images/iso.nix b/images/iso.nix index 96c4752..5da75d1 100644 --- a/images/iso.nix +++ b/images/iso.nix @@ -1,7 +1,6 @@ -{ - config, - pkgs, - ... +{ config +, pkgs +, ... }: { imports = [ @@ -20,7 +19,7 @@ pkgs.dnsutils ]; - systemd.services.sshd.wantedBy = pkgs.lib.mkForce ["multi-user.target"]; + systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ]; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home" ]; diff --git a/images/rpi/flake.nix b/images/rpi/flake.nix index 9eaeb76..f98b65f 100644 --- a/images/rpi/flake.nix +++ b/images/rpi/flake.nix @@ -1,28 +1,31 @@ { description = "A flake to build a basic NixOS iso"; inputs.nixos.url = "github:nixos/nixpkgs/nixos-22.11"; - outputs = { - self, - nixos, - }: { - nixosConfigurations = let - exampleBase = { - isoImage.squashfsCompression = "gzip -Xcompression-level 1"; - systemd.services.sshd.wantedBy = nixos.lib.mkForce ["multi-user.target"]; - users.users.root.openssh.authorizedKeys.keys = [""]; - }; - in { - x86 = nixos.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - "${nixos}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" - exampleBase - ]; - }; - example = nixos.lib.nixosSystem { - system = "x86_64-linux"; - modules = [exampleBase]; - }; + outputs = + { self + , nixos + , + }: { + nixosConfigurations = + let + exampleBase = { + isoImage.squashfsCompression = "gzip -Xcompression-level 1"; + systemd.services.sshd.wantedBy = nixos.lib.mkForce [ "multi-user.target" ]; + users.users.root.openssh.authorizedKeys.keys = [ "" ]; + }; + in + { + x86 = nixos.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + "${nixos}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" + exampleBase + ]; + }; + example = nixos.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ exampleBase ]; + }; + }; }; - }; } diff --git a/nixos/hosts/bootstrap/configuration.nix b/nixos/hosts/bootstrap/configuration.nix index 7d66a13..8c8a9af 100644 --- a/nixos/hosts/bootstrap/configuration.nix +++ b/nixos/hosts/bootstrap/configuration.nix @@ -1,11 +1,10 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: { imports = [ # Host-specific @@ -58,7 +57,7 @@ # Define a user account. Don't forget to set a password with ‘passwd’. users.users.truxnell = { isNormalUser = true; - extraGroups = ["wheel"]; # Enable ‘sudo’ for the user. + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. packages = with pkgs; [ ]; }; @@ -75,7 +74,7 @@ nix = { settings = { - experimental-features = ["nix-command" "flakes"]; + experimental-features = [ "nix-command" "flakes" ]; warn-dirty = false; }; }; diff --git a/nixos/hosts/common/nixos/auto-upgrade.nix b/nixos/hosts/common/nixos/auto-upgrade.nix index 3619869..3f04099 100644 --- a/nixos/hosts/common/nixos/auto-upgrade.nix +++ b/nixos/hosts/common/nixos/auto-upgrade.nix @@ -1,13 +1,14 @@ -{ - config, - inputs, - ... -}: let +{ config +, inputs +, ... +}: +let inherit (config.networking) hostName; # Only enable auto upgrade if current config came from a clean tree # This avoids accidental auto-upgrades when working locally. isClean = inputs.self ? rev; -in { +in +{ system.autoUpgrade = { enable = isClean; dates = "hourly"; diff --git a/nixos/hosts/common/nixos/default.nix b/nixos/hosts/common/nixos/default.nix index fbbca2a..1fd475b 100644 --- a/nixos/hosts/common/nixos/default.nix +++ b/nixos/hosts/common/nixos/default.nix @@ -1,9 +1,8 @@ -{ - inputs, - outputs, - config, - sops-nix, - ... +{ inputs +, outputs +, config +, sops-nix +, ... }: { imports = [ @@ -14,7 +13,7 @@ ./openssh.nix ./packages.nix ] - ++ (builtins.attrValues {}); + ++ (builtins.attrValues { }); # home-manager.extraSpecialArgs = { inherit inputs outputs; }; TODO Home-manager diff --git a/nixos/hosts/common/nixos/locale.nix b/nixos/hosts/common/nixos/locale.nix index 05ecce3..a96135a 100644 --- a/nixos/hosts/common/nixos/locale.nix +++ b/nixos/hosts/common/nixos/locale.nix @@ -1,4 +1,4 @@ -{lib, ...}: { +{ lib, ... }: { i18n = { defaultLocale = lib.mkDefault "en_US.UTF-8"; }; diff --git a/nixos/hosts/common/nixos/nix.nix b/nixos/hosts/common/nixos/nix.nix index d881d07..c1ef9f3 100644 --- a/nixos/hosts/common/nixos/nix.nix +++ b/nixos/hosts/common/nixos/nix.nix @@ -1,11 +1,10 @@ -{ - inputs, - lib, - ... +{ inputs +, lib +, ... }: { nix = { settings = { - experimental-features = ["nix-command" "flakes"]; + experimental-features = [ "nix-command" "flakes" ]; }; gc = { automatic = true; diff --git a/nixos/hosts/common/nixos/openssh.nix b/nixos/hosts/common/nixos/openssh.nix index 7247225..4290b6b 100644 --- a/nixos/hosts/common/nixos/openssh.nix +++ b/nixos/hosts/common/nixos/openssh.nix @@ -1,12 +1,13 @@ -{ - outputs, - lib, - config, - ... -}: let +{ outputs +, lib +, config +, ... +}: +let inherit (config.networking) hostName; hosts = outputs.nixosConfigurations; -in { +in +{ services.openssh = { enable = true; settings = { diff --git a/nixos/hosts/common/nixos/packages.nix b/nixos/hosts/common/nixos/packages.nix index 1832144..12bb716 100644 --- a/nixos/hosts/common/nixos/packages.nix +++ b/nixos/hosts/common/nixos/packages.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: { environment.systemPackages = with pkgs; [ bat diff --git a/nixos/hosts/common/nixos/users/truxnell/default.nix b/nixos/hosts/common/nixos/users/truxnell/default.nix index cbada4f..b6ec4d4 100644 --- a/nixos/hosts/common/nixos/users/truxnell/default.nix +++ b/nixos/hosts/common/nixos/users/truxnell/default.nix @@ -1,10 +1,11 @@ -{ - pkgs, - config, - ... -}: let +{ pkgs +, config +, ... +}: +let ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; -in { +in +{ users.users.truxnell = { isNormalUser = true; shell = pkgs.fish; @@ -23,7 +24,7 @@ in { "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home" ]; - packages = [pkgs.home-manager]; + packages = [ pkgs.home-manager ]; }; # home-manager.users.taylor = import ../../../../../home-manager/taylor_${config.networking.hostName}.nix; TODO home-manager? diff --git a/nixos/hosts/common/optional/chrony.nix b/nixos/hosts/common/optional/chrony.nix index 261f0ab..e9a42cf 100644 --- a/nixos/hosts/common/optional/chrony.nix +++ b/nixos/hosts/common/optional/chrony.nix @@ -1,11 +1,10 @@ -{ - inputs, - outputs, - config, - ... +{ inputs +, outputs +, config +, ... }: { # Time - networking.timeServers = ["10.8.10.1"]; + networking.timeServers = [ "10.8.10.1" ]; services.chrony = { enable = true; }; diff --git a/nixos/hosts/common/optional/cloudflare-dyndns.nix b/nixos/hosts/common/optional/cloudflare-dyndns.nix index 03142ed..f93b2ff 100644 --- a/nixos/hosts/common/optional/cloudflare-dyndns.nix +++ b/nixos/hosts/common/optional/cloudflare-dyndns.nix @@ -1,7 +1,6 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: { # Current nixpkgs cf-ddns only supports using a env file for the apitoken # but not for domains, which makes them hard to find. @@ -16,7 +15,7 @@ config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".sopsFile = ./cloudflare-dyndns.sops.yaml; # Restart when secret changes - config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".restartUnits = ["cloudflare-dyndns"]; + config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".restartUnits = [ "cloudflare-dyndns" ]; # Cloudflare dynamic dns to keep my DNS records pointed at home config.services.cloudflare-dyndns = { @@ -24,6 +23,6 @@ ipv6 = false; proxied = true; apiTokenFile = config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".path; - domains = []; + domains = [ ]; }; } diff --git a/nixos/hosts/common/optional/dnscrypt-proxy2.nix b/nixos/hosts/common/optional/dnscrypt-proxy2.nix index 30359a1..03a3f2b 100644 --- a/nixos/hosts/common/optional/dnscrypt-proxy2.nix +++ b/nixos/hosts/common/optional/dnscrypt-proxy2.nix @@ -1,10 +1,9 @@ # Ref: https://nixos.wiki/wiki/Encrypted_DNS#dnscrypt-proxy2 -{ - inputs, - outputs, - pkgs, - config, - ... +{ inputs +, outputs +, pkgs +, config +, ... }: { # Disable resolvd to ensure it doesnt re-write /etc/resolv.conf config.services.resolved.enable = false; @@ -12,7 +11,7 @@ # Fix this devices DNS resolv.conf else resolvd will point it to dnscrypt # causing a risk of no dns if service fails. config.networking = { - nameservers = ["10.8.10.1"]; # TODO make varible IP + nameservers = [ "10.8.10.1" ]; # TODO make varible IP dhcpcd.extraConfig = "nohook resolv.conf"; }; @@ -22,7 +21,7 @@ config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".mode = "0444"; # This is world-readable but theres nothing security related in the file # Restart dnscrypt when secret changes - config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".restartUnits = ["dnscrypt-proxy2"]; + config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".restartUnits = [ "dnscrypt-proxy2" ]; config.services.dnscrypt-proxy2 = { enable = true; @@ -30,7 +29,7 @@ require_dnssec = true; forwarding_rules = config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".path; - server_names = ["NextDNS-f6fe35"]; + server_names = [ "NextDNS-f6fe35" ]; static = { "NextDNS-f6fe35" = { diff --git a/nixos/hosts/common/optional/editors/vscode/extensions.nix b/nixos/hosts/common/optional/editors/vscode/extensions.nix index 0327f7f..9b24a06 100644 --- a/nixos/hosts/common/optional/editors/vscode/extensions.nix +++ b/nixos/hosts/common/optional/editors/vscode/extensions.nix @@ -1,7 +1,9 @@ # Warning, this file is autogenerated by nix4vscode. Don't modify this manually. -{pkgs}: let +{ pkgs }: +let vscode-utils = pkgs.vscode-utils; -in { +in +{ "ms-python"."python" = vscode-utils.extensionFromVscodeMarketplace { name = "python"; publisher = "ms-python"; diff --git a/nixos/hosts/common/optional/firefox.nix b/nixos/hosts/common/optional/firefox.nix index 4bf4797..e15318c 100644 --- a/nixos/hosts/common/optional/firefox.nix +++ b/nixos/hosts/common/optional/firefox.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: { programs.firefox = { enable = true; diff --git a/nixos/hosts/common/optional/gnome.nix b/nixos/hosts/common/optional/gnome.nix index 7b804d9..cae9eeb 100644 --- a/nixos/hosts/common/optional/gnome.nix +++ b/nixos/hosts/common/optional/gnome.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: { # Ref: https://nixos.wiki/wiki/GNOME diff --git a/nixos/hosts/common/optional/maddy.nix b/nixos/hosts/common/optional/maddy.nix index f233584..6043ae1 100644 --- a/nixos/hosts/common/optional/maddy.nix +++ b/nixos/hosts/common/optional/maddy.nix @@ -1,8 +1,7 @@ -{ - inputs, - outputs, - config, - ... +{ inputs +, outputs +, config +, ... }: { # init secret config.sops.secrets."system/mail/maddy/envFile" = { @@ -12,12 +11,12 @@ }; # Restart dnscrypt when secret changes - config.sops.secrets."system/mail/maddy/envFile".restartUnits = ["maddy"]; + config.sops.secrets."system/mail/maddy/envFile".restartUnits = [ "maddy" ]; # config.services.maddy = { enable = true; - secrets = [config.sops.secrets."system/mail/maddy/envFile".path]; + secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ]; config = builtins.readFile ./maddy.conf; }; } diff --git a/nixos/hosts/common/optional/monitoring.nix b/nixos/hosts/common/optional/monitoring.nix index 2852b8d..4dd7631 100644 --- a/nixos/hosts/common/optional/monitoring.nix +++ b/nixos/hosts/common/optional/monitoring.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - ... +{ config +, pkgs +, lib +, ... }: { services.prometheus.exporters = { node = { diff --git a/nixos/hosts/common/optional/reboot-required.nix b/nixos/hosts/common/optional/reboot-required.nix index 8a82672..607c86c 100644 --- a/nixos/hosts/common/optional/reboot-required.nix +++ b/nixos/hosts/common/optional/reboot-required.nix @@ -1,10 +1,9 @@ -{ - config, - pkgs, - ... +{ config +, pkgs +, ... }: { systemd.timers."reboot-required-check" = { - wantedBy = ["timers.target"]; + wantedBy = [ "timers.target" ]; timerConfig = { # start at boot OnBootSec = "0m"; diff --git a/nixos/hosts/common/optional/sops-nix.nix b/nixos/hosts/common/optional/sops-nix.nix index 234b4be..d06a35a 100644 --- a/nixos/hosts/common/optional/sops-nix.nix +++ b/nixos/hosts/common/optional/sops-nix.nix @@ -1,11 +1,10 @@ -{ - inputs, - outputs, - config, - ... +{ inputs +, outputs +, config +, ... }: { # SOPS settings # https://github.com/Mic92/sops-nix - sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; } diff --git a/nixos/hosts/nixosvm/default.nix b/nixos/hosts/nixosvm/default.nix index 8a63638..b4fa5f4 100644 --- a/nixos/hosts/nixosvm/default.nix +++ b/nixos/hosts/nixosvm/default.nix @@ -1,11 +1,10 @@ # Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page, on # https://search.nixos.org/options and in the NixOS manual (`nixos-help`). -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: { imports = [ # Host-specific diff --git a/nixos/hosts/nixosvm/hardware-configuration.nix b/nixos/hosts/nixosvm/hardware-configuration.nix index 78909f9..b54e6cf 100644 --- a/nixos/hosts/nixosvm/hardware-configuration.nix +++ b/nixos/hosts/nixosvm/hardware-configuration.nix @@ -1,19 +1,18 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... +{ config +, lib +, pkgs +, modulesPath +, ... }: { - imports = []; + imports = [ ]; - boot.initrd.availableKernelModules = ["ata_piix" "mptspi" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-amd"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-label/nixos"; @@ -25,7 +24,7 @@ fsType = "vfat"; }; - swapDevices = [{device = "/dev/sda2";}]; + swapDevices = [{ device = "/dev/sda2"; }]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/nixos/hosts/playground/default.nix b/nixos/hosts/playground/default.nix index 3b27774..0afbae2 100644 --- a/nixos/hosts/playground/default.nix +++ b/nixos/hosts/playground/default.nix @@ -1,9 +1,8 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: { - imports = [./playground.nix]; + imports = [ ./playground.nix ]; boot.isContainer = true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; networking = { diff --git a/nixos/hosts/playground/playground.nix b/nixos/hosts/playground/playground.nix index ebeafe6..e999062 100644 --- a/nixos/hosts/playground/playground.nix +++ b/nixos/hosts/playground/playground.nix @@ -1,8 +1,7 @@ -{ - config, - pkgs, - lib, - inputs, - outputs, - ... -}: {} +{ config +, pkgs +, lib +, inputs +, outputs +, ... +}: { } diff --git a/nixos/overlays/default.nix b/nixos/overlays/default.nix index a9ff0b7..7336531 100644 --- a/nixos/overlays/default.nix +++ b/nixos/overlays/default.nix @@ -1,4 +1,4 @@ -{inputs, ...}: { +{ inputs, ... }: { unstable-packages = final: _prev: { unstable = import inputs.nixpkgs-unstable { system = final.system; diff --git a/nixpkgs.nix b/nixpkgs.nix deleted file mode 100644 index 041de40..0000000 --- a/nixpkgs.nix +++ /dev/null @@ -1,8 +0,0 @@ -# A nixpkgs instance that is grabbed from the pinned nixpkgs commit in the lock file -# This is useful to avoid using channels when using legacy nix commands -let lock = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.nixpkgs.locked; -in -import (fetchTarball { - url = "https://github.com/nixos/nixpkgs/archive/${lock.rev}.tar.gz"; - sha256 = lock.narHash; -})