chore: initial format

This commit is contained in:
truxnell 2024-03-18 20:26:02 +11:00
parent dc5bc4aecc
commit c6e6e00b66
28 changed files with 172 additions and 184 deletions

View file

@ -28,3 +28,8 @@ tasks:
cmds: cmds:
- task: lint - task: lint
- task: pc-run - task: pc-run
format:
desc: Check project files
cmds:
- nixpkgs-fmt {{.ROOT_DIR}}

View file

@ -18,21 +18,22 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
outputs = { outputs =
self, { self
nixpkgs, , nixpkgs
sops-nix, , sops-nix
... , ...
} @ inputs: let } @ inputs:
inherit (self) outputs; let
forAllSystems = nixpkgs.lib.genAttrs [ inherit (self) outputs;
"aarch64-linux" forAllSystems = nixpkgs.lib.genAttrs [
# "i686-linux" "aarch64-linux"
"x86_64-linux" # "i686-linux"
# "aarch64-darwin" "x86_64-linux"
# "x86_64-darwin" # "aarch64-darwin"
]; # "x86_64-darwin"
in ];
in
with inputs; { with inputs; {
# Use nixpkgs-fmt for 'nix fmt' # Use nixpkgs-fmt for 'nix fmt'
formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt); formatter = forAllSystems (system: nixpkgs.legacyPackages."${system}".nixpkgs-fmt);
@ -48,7 +49,7 @@
# Technically, adding the inputs is redundant as they can be also # Technically, adding the inputs is redundant as they can be also
# accessed with flake-self.inputs.X, but adding them individually # accessed with flake-self.inputs.X, but adding them individually
# allows to only pass what is needed to each module. # allows to only pass what is needed to each module.
specialArgs = {flake-self = self;} // inputs; specialArgs = { flake-self = self; } // inputs;
system = "x86_64-linux"; system = "x86_64-linux";

View file

@ -1,7 +1,6 @@
{ { config
config, , pkgs
pkgs, , ...
...
}: { }: {
imports = [ imports = [
<nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix> <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix>
@ -20,7 +19,7 @@
pkgs.dnsutils pkgs.dnsutils
]; ];
systemd.services.sshd.wantedBy = pkgs.lib.mkForce ["multi-user.target"]; systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home"
]; ];

View file

@ -1,28 +1,31 @@
{ {
description = "A flake to build a basic NixOS iso"; description = "A flake to build a basic NixOS iso";
inputs.nixos.url = "github:nixos/nixpkgs/nixos-22.11"; inputs.nixos.url = "github:nixos/nixpkgs/nixos-22.11";
outputs = { outputs =
self, { self
nixos, , nixos
}: { ,
nixosConfigurations = let }: {
exampleBase = { nixosConfigurations =
isoImage.squashfsCompression = "gzip -Xcompression-level 1"; let
systemd.services.sshd.wantedBy = nixos.lib.mkForce ["multi-user.target"]; exampleBase = {
users.users.root.openssh.authorizedKeys.keys = ["<my ssh key>"]; isoImage.squashfsCompression = "gzip -Xcompression-level 1";
}; systemd.services.sshd.wantedBy = nixos.lib.mkForce [ "multi-user.target" ];
in { users.users.root.openssh.authorizedKeys.keys = [ "<my ssh key>" ];
x86 = nixos.lib.nixosSystem { };
system = "x86_64-linux"; in
modules = [ {
"${nixos}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" x86 = nixos.lib.nixosSystem {
exampleBase system = "x86_64-linux";
]; modules = [
}; "${nixos}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
example = nixos.lib.nixosSystem { exampleBase
system = "x86_64-linux"; ];
modules = [exampleBase]; };
}; example = nixos.lib.nixosSystem {
system = "x86_64-linux";
modules = [ exampleBase ];
};
};
}; };
};
} }

View file

@ -1,11 +1,10 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on # your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ { config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: { }: {
imports = [ imports = [
# Host-specific # Host-specific
@ -58,7 +57,7 @@
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users.truxnell = { users.users.truxnell = {
isNormalUser = true; isNormalUser = true;
extraGroups = ["wheel"]; # Enable sudo for the user. extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [ packages = with pkgs; [
]; ];
}; };
@ -75,7 +74,7 @@
nix = { nix = {
settings = { settings = {
experimental-features = ["nix-command" "flakes"]; experimental-features = [ "nix-command" "flakes" ];
warn-dirty = false; warn-dirty = false;
}; };
}; };

View file

@ -1,13 +1,14 @@
{ { config
config, , inputs
inputs, , ...
... }:
}: let let
inherit (config.networking) hostName; inherit (config.networking) hostName;
# Only enable auto upgrade if current config came from a clean tree # Only enable auto upgrade if current config came from a clean tree
# This avoids accidental auto-upgrades when working locally. # This avoids accidental auto-upgrades when working locally.
isClean = inputs.self ? rev; isClean = inputs.self ? rev;
in { in
{
system.autoUpgrade = { system.autoUpgrade = {
enable = isClean; enable = isClean;
dates = "hourly"; dates = "hourly";

View file

@ -1,9 +1,8 @@
{ { inputs
inputs, , outputs
outputs, , config
config, , sops-nix
sops-nix, , ...
...
}: { }: {
imports = imports =
[ [
@ -14,7 +13,7 @@
./openssh.nix ./openssh.nix
./packages.nix ./packages.nix
] ]
++ (builtins.attrValues {}); ++ (builtins.attrValues { });
# home-manager.extraSpecialArgs = { inherit inputs outputs; }; TODO Home-manager # home-manager.extraSpecialArgs = { inherit inputs outputs; }; TODO Home-manager

View file

@ -1,4 +1,4 @@
{lib, ...}: { { lib, ... }: {
i18n = { i18n = {
defaultLocale = lib.mkDefault "en_US.UTF-8"; defaultLocale = lib.mkDefault "en_US.UTF-8";
}; };

View file

@ -1,11 +1,10 @@
{ { inputs
inputs, , lib
lib, , ...
...
}: { }: {
nix = { nix = {
settings = { settings = {
experimental-features = ["nix-command" "flakes"]; experimental-features = [ "nix-command" "flakes" ];
}; };
gc = { gc = {
automatic = true; automatic = true;

View file

@ -1,12 +1,13 @@
{ { outputs
outputs, , lib
lib, , config
config, , ...
... }:
}: let let
inherit (config.networking) hostName; inherit (config.networking) hostName;
hosts = outputs.nixosConfigurations; hosts = outputs.nixosConfigurations;
in { in
{
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { settings = {

View file

@ -1,8 +1,7 @@
{ { config
config, , pkgs
pkgs, , lib
lib, , ...
...
}: { }: {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
bat bat

View file

@ -1,10 +1,11 @@
{ { pkgs
pkgs, , config
config, , ...
... }:
}: let let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in { in
{
users.users.truxnell = { users.users.truxnell = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.fish; shell = pkgs.fish;
@ -23,7 +24,7 @@ in {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZS9J1ydflZ4iJdJgO8+vnN8nNSlEwyn9tbWU9OcysW truxnell@home"
]; ];
packages = [pkgs.home-manager]; packages = [ pkgs.home-manager ];
}; };
# home-manager.users.taylor = import ../../../../../home-manager/taylor_${config.networking.hostName}.nix; TODO home-manager? # home-manager.users.taylor = import ../../../../../home-manager/taylor_${config.networking.hostName}.nix; TODO home-manager?

View file

@ -1,11 +1,10 @@
{ { inputs
inputs, , outputs
outputs, , config
config, , ...
...
}: { }: {
# Time # Time
networking.timeServers = ["10.8.10.1"]; networking.timeServers = [ "10.8.10.1" ];
services.chrony = { services.chrony = {
enable = true; enable = true;
}; };

View file

@ -1,7 +1,6 @@
{ { config
config, , lib
lib, , ...
...
}: { }: {
# Current nixpkgs cf-ddns only supports using a env file for the apitoken # Current nixpkgs cf-ddns only supports using a env file for the apitoken
# but not for domains, which makes them hard to find. # but not for domains, which makes them hard to find.
@ -16,7 +15,7 @@
config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".sopsFile = ./cloudflare-dyndns.sops.yaml; config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".sopsFile = ./cloudflare-dyndns.sops.yaml;
# Restart when secret changes # Restart when secret changes
config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".restartUnits = ["cloudflare-dyndns"]; config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".restartUnits = [ "cloudflare-dyndns" ];
# Cloudflare dynamic dns to keep my DNS records pointed at home # Cloudflare dynamic dns to keep my DNS records pointed at home
config.services.cloudflare-dyndns = { config.services.cloudflare-dyndns = {
@ -24,6 +23,6 @@
ipv6 = false; ipv6 = false;
proxied = true; proxied = true;
apiTokenFile = config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".path; apiTokenFile = config.sops.secrets."system/networking/cloudflare-dyndns/apiTokenFile".path;
domains = []; domains = [ ];
}; };
} }

View file

@ -1,10 +1,9 @@
# Ref: https://nixos.wiki/wiki/Encrypted_DNS#dnscrypt-proxy2 # Ref: https://nixos.wiki/wiki/Encrypted_DNS#dnscrypt-proxy2
{ { inputs
inputs, , outputs
outputs, , pkgs
pkgs, , config
config, , ...
...
}: { }: {
# Disable resolvd to ensure it doesnt re-write /etc/resolv.conf # Disable resolvd to ensure it doesnt re-write /etc/resolv.conf
config.services.resolved.enable = false; config.services.resolved.enable = false;
@ -12,7 +11,7 @@
# Fix this devices DNS resolv.conf else resolvd will point it to dnscrypt # Fix this devices DNS resolv.conf else resolvd will point it to dnscrypt
# causing a risk of no dns if service fails. # causing a risk of no dns if service fails.
config.networking = { config.networking = {
nameservers = ["10.8.10.1"]; # TODO make varible IP nameservers = [ "10.8.10.1" ]; # TODO make varible IP
dhcpcd.extraConfig = "nohook resolv.conf"; dhcpcd.extraConfig = "nohook resolv.conf";
}; };
@ -22,7 +21,7 @@
config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".mode = "0444"; # This is world-readable but theres nothing security related in the file config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".mode = "0444"; # This is world-readable but theres nothing security related in the file
# Restart dnscrypt when secret changes # Restart dnscrypt when secret changes
config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".restartUnits = ["dnscrypt-proxy2"]; config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".restartUnits = [ "dnscrypt-proxy2" ];
config.services.dnscrypt-proxy2 = { config.services.dnscrypt-proxy2 = {
enable = true; enable = true;
@ -30,7 +29,7 @@
require_dnssec = true; require_dnssec = true;
forwarding_rules = config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".path; forwarding_rules = config.sops.secrets."system/networking/dnscrypt-proxy2/forwarding-rules".path;
server_names = ["NextDNS-f6fe35"]; server_names = [ "NextDNS-f6fe35" ];
static = { static = {
"NextDNS-f6fe35" = { "NextDNS-f6fe35" = {

View file

@ -1,7 +1,9 @@
# Warning, this file is autogenerated by nix4vscode. Don't modify this manually. # Warning, this file is autogenerated by nix4vscode. Don't modify this manually.
{pkgs}: let { pkgs }:
let
vscode-utils = pkgs.vscode-utils; vscode-utils = pkgs.vscode-utils;
in { in
{
"ms-python"."python" = vscode-utils.extensionFromVscodeMarketplace { "ms-python"."python" = vscode-utils.extensionFromVscodeMarketplace {
name = "python"; name = "python";
publisher = "ms-python"; publisher = "ms-python";

View file

@ -1,8 +1,7 @@
{ { config
config, , pkgs
pkgs, , lib
lib, , ...
...
}: { }: {
programs.firefox = { programs.firefox = {
enable = true; enable = true;

View file

@ -1,8 +1,7 @@
{ { config
config, , pkgs
pkgs, , lib
lib, , ...
...
}: { }: {
# Ref: https://nixos.wiki/wiki/GNOME # Ref: https://nixos.wiki/wiki/GNOME

View file

@ -1,8 +1,7 @@
{ { inputs
inputs, , outputs
outputs, , config
config, , ...
...
}: { }: {
# init secret # init secret
config.sops.secrets."system/mail/maddy/envFile" = { config.sops.secrets."system/mail/maddy/envFile" = {
@ -12,12 +11,12 @@
}; };
# Restart dnscrypt when secret changes # Restart dnscrypt when secret changes
config.sops.secrets."system/mail/maddy/envFile".restartUnits = ["maddy"]; config.sops.secrets."system/mail/maddy/envFile".restartUnits = [ "maddy" ];
# #
config.services.maddy = { config.services.maddy = {
enable = true; enable = true;
secrets = [config.sops.secrets."system/mail/maddy/envFile".path]; secrets = [ config.sops.secrets."system/mail/maddy/envFile".path ];
config = builtins.readFile ./maddy.conf; config = builtins.readFile ./maddy.conf;
}; };
} }

View file

@ -1,8 +1,7 @@
{ { config
config, , pkgs
pkgs, , lib
lib, , ...
...
}: { }: {
services.prometheus.exporters = { services.prometheus.exporters = {
node = { node = {

View file

@ -1,10 +1,9 @@
{ { config
config, , pkgs
pkgs, , ...
...
}: { }: {
systemd.timers."reboot-required-check" = { systemd.timers."reboot-required-check" = {
wantedBy = ["timers.target"]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
# start at boot # start at boot
OnBootSec = "0m"; OnBootSec = "0m";

View file

@ -1,11 +1,10 @@
{ { inputs
inputs, , outputs
outputs, , config
config, , ...
...
}: { }: {
# SOPS settings # SOPS settings
# https://github.com/Mic92/sops-nix # https://github.com/Mic92/sops-nix
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
} }

View file

@ -1,11 +1,10 @@
# Edit this configuration file to define what should be installed on # Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on # your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ { config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: { }: {
imports = [ imports = [
# Host-specific # Host-specific

View file

@ -1,19 +1,18 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config
config, , lib
lib, , pkgs
pkgs, , modulesPath
modulesPath, , ...
...
}: { }: {
imports = []; imports = [ ];
boot.initrd.availableKernelModules = ["ata_piix" "mptspi" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod"]; boot.initrd.availableKernelModules = [ "ata_piix" "mptspi" "uhci_hcd" "ehci_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = []; boot.initrd.kernelModules = [ ];
boot.kernelModules = ["kvm-amd"]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = []; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-label/nixos"; device = "/dev/disk/by-label/nixos";
@ -25,7 +24,7 @@
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [{device = "/dev/sda2";}]; swapDevices = [{ device = "/dev/sda2"; }];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's

View file

@ -1,9 +1,8 @@
{ { config
config, , lib
lib, , ...
...
}: { }: {
imports = [./playground.nix]; imports = [ ./playground.nix ];
boot.isContainer = true; boot.isContainer = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
networking = { networking = {

View file

@ -1,8 +1,7 @@
{ { config
config, , pkgs
pkgs, , lib
lib, , inputs
inputs, , outputs
outputs, , ...
... }: { }
}: {}

View file

@ -1,4 +1,4 @@
{inputs, ...}: { { inputs, ... }: {
unstable-packages = final: _prev: { unstable-packages = final: _prev: {
unstable = import inputs.nixpkgs-unstable { unstable = import inputs.nixpkgs-unstable {
system = final.system; system = final.system;

View file

@ -1,8 +0,0 @@
# A nixpkgs instance that is grabbed from the pinned nixpkgs commit in the lock file
# This is useful to avoid using channels when using legacy nix commands
let lock = (builtins.fromJSON (builtins.readFile ./flake.lock)).nodes.nixpkgs.locked;
in
import (fetchTarball {
url = "https://github.com/nixos/nixpkgs/archive/${lock.rev}.tar.gz";
sha256 = lock.narHash;
})