diff --git a/bin/fmt b/bin/fmt index e585ba5..ef959d7 100755 --- a/bin/fmt +++ b/bin/fmt @@ -2,11 +2,12 @@ set -e -find . -name \*.nix -exec nix fmt -- -q {} \+ +find . -name \*.nix -exec nix fmt {} \+ find . -name \*.sh -exec shfmt -w {} \+ deadnix -f . shfmt -w bin/deploy shfmt -w bin/mkboot # TODO: https://github.com/nerdypepper/statix/issues/68 -statix check --ignore lib/default.nix . +#statix check --ignore lib/default.nix . +statix check . diff --git a/bins/check-restart.nix b/bins/check-restart.nix index 599f3f3..7b2461a 100644 --- a/bins/check-restart.nix +++ b/bins/check-restart.nix @@ -1,4 +1,4 @@ -{perl}: '' +{ perl }: '' #!${perl}/bin/perl use strict; diff --git a/bins/default.nix b/bins/default.nix index c00a854..001c916 100644 --- a/bins/default.nix +++ b/bins/default.nix @@ -1,25 +1,26 @@ -{ - pkgs, - isUnstable, - ... -}: let - gosignify = pkgs.callPackage ../pkgs/gosignify.nix {inherit isUnstable;}; +{ pkgs +, isUnstable +, ... +}: +let + gosignify = pkgs.callPackage ../pkgs/gosignify.nix { inherit isUnstable; }; - ix = pkgs.writeScriptBin "ix" (import ./ix.nix {inherit (pkgs) perl;}); + ix = pkgs.writeScriptBin "ix" (import ./ix.nix { inherit (pkgs) perl; }); checkRestart = pkgs.writeScriptBin "check-restart" - (import ./check-restart.nix {inherit (pkgs) perl;}); + (import ./check-restart.nix { inherit (pkgs) perl; }); xinStatus = pkgs.writeScriptBin "xin-status" - (import ./xin-status.nix {inherit (pkgs) perl perlPackages;}); + (import ./xin-status.nix { inherit (pkgs) perl perlPackages; }); tstart = - pkgs.writeScriptBin "tstart" (import ./tstart.nix {inherit (pkgs) tmux;}); + pkgs.writeScriptBin "tstart" (import ./tstart.nix { inherit (pkgs) tmux; }); sfetch = pkgs.writeScriptBin "sfetch" (import ./sfetch.nix { inherit gosignify; inherit (pkgs) curl; }); - genPatches = pkgs.callPackage ./gen-patches.nix {}; -in { + genPatches = pkgs.callPackage ./gen-patches.nix { }; +in +{ environment.systemPackages = with pkgs; [ checkRestart genPatches diff --git a/bins/gen-patches.nix b/bins/gen-patches.nix index b383374..3b76204 100644 --- a/bins/gen-patches.nix +++ b/bins/gen-patches.nix @@ -1,13 +1,13 @@ -{ - writeShellApplication, - diffutils, - findutils, - coreutils, - ... -}: let +{ writeShellApplication +, diffutils +, findutils +, coreutils +, ... +}: +let genPatches = writeShellApplication { name = "gen-patches"; - runtimeInputs = [diffutils findutils coreutils]; + runtimeInputs = [ diffutils findutils coreutils ]; text = '' suffix=".orig" srcdir=$PWD @@ -52,4 +52,4 @@ ''; }; in - genPatches +genPatches diff --git a/bins/icb-irc-tunnel.nix b/bins/icb-irc-tunnel.nix index 87ee012..9decc43 100644 --- a/bins/icb-irc-tunnel.nix +++ b/bins/icb-irc-tunnel.nix @@ -1,6 +1,6 @@ -{ - pkgs, - icbirc, +{ pkgs +, icbirc +, }: '' #!${pkgs.yash}/bin/yash ${pkgs.procps}/bin/pkill icbirc diff --git a/bins/ix.nix b/bins/ix.nix index b90b269..ad8da16 100644 --- a/bins/ix.nix +++ b/bins/ix.nix @@ -1,4 +1,4 @@ -{perl}: '' +{ perl }: '' #!${perl}/bin/perl use strict; diff --git a/bins/rage.nix b/bins/rage.nix index b0e4ea2..af23f71 100644 --- a/bins/rage.nix +++ b/bins/rage.nix @@ -1,4 +1,5 @@ -{pkgs}: let +{ pkgs }: +let oathPkg = pkgs.oath-toolkit or pkgs.oathToolkit; wlclip = if pkgs.system == "aarch64-darwin" @@ -8,7 +9,8 @@ if pkgs.system == "aarch64-darwin" then "pbcopy" else "${pkgs.xclip}/bin/xclip"; -in '' +in +'' #!${pkgs.yash}/bin/yash set -e diff --git a/bins/restic.nix b/bins/restic.nix index bcb7f81..c108197 100644 --- a/bins/restic.nix +++ b/bins/restic.nix @@ -1,16 +1,16 @@ -{ - lib, - pkgs, - config, - ... +{ lib +, pkgs +, config +, ... }: assert (builtins.length (lib.mapAttrsToList (a: _: a) config.services.restic.backups)) -<= 1; let + <= 1; let resticBin = "${pkgs.restic}/bin/restic"; cfg = config.services.restic.backups; bkp = lib.mapAttrs' (_: lib.nameValuePair "default") cfg; -in '' +in +'' #!/usr/bin/env sh set -e diff --git a/bins/rpr.nix b/bins/rpr.nix index aad8171..5dc2ebc 100644 --- a/bins/rpr.nix +++ b/bins/rpr.nix @@ -1,12 +1,14 @@ -{ - tea, - gh, - hut, -}: let +{ tea +, gh +, hut +, +}: +let teaBin = "${tea}/bin/tea"; ghBin = "${gh}/bin/gh"; htBin = "${hut}/bin/hut"; -in '' +in +'' #!/usr/bin/env sh set -eu diff --git a/bins/sfetch.nix b/bins/sfetch.nix index 3cff27e..550ffa1 100644 --- a/bins/sfetch.nix +++ b/bins/sfetch.nix @@ -1,6 +1,6 @@ -{ - curl, - gosignify, +{ curl +, gosignify +, }: '' #!/usr/bin/env sh diff --git a/bins/tstart.nix b/bins/tstart.nix index 80cd7da..44c6f7f 100644 --- a/bins/tstart.nix +++ b/bins/tstart.nix @@ -1,6 +1,8 @@ -{tmux}: let +{ tmux }: +let tmuxBin = "${tmux}/bin/tmux"; -in '' +in +'' #!/usr/bin/env sh set -e diff --git a/bins/xin-status.nix b/bins/xin-status.nix index f1afd55..b9b37a4 100644 --- a/bins/xin-status.nix +++ b/bins/xin-status.nix @@ -1,7 +1,6 @@ -{ - perl, - perlPackages, - ... +{ perl +, perlPackages +, ... }: '' #!${perl}/bin/perl diff --git a/configs/ca.nix b/configs/ca.nix index 87003f1..50e8563 100644 --- a/configs/ca.nix +++ b/configs/ca.nix @@ -1,118 +1,118 @@ -{ - config, - lib, - pkgs, - ... -}: let +{ config +, lib +, pkgs +, ... +}: +let cfg = config.services.xinCA; in - with lib; { - options = { - services.xinCA = { - enable = mkEnableOption "Configure host as a xin certificate authority."; +with lib; { + options = { + services.xinCA = { + enable = mkEnableOption "Configure host as a xin certificate authority."; - user = mkOption { - type = types.str; - default = "step-ca"; - description = '' - User who will own the CA key material. - ''; - }; + user = mkOption { + type = types.str; + default = "step-ca"; + description = '' + User who will own the CA key material. + ''; + }; + }; + }; + + imports = [ ../modules/ts-rev-prox.nix ]; + config = mkIf cfg.enable { + sops.secrets = { + ca_password = { + mode = "400"; + owner = cfg.user; + sopsFile = config.xin-secrets.cert_authority; + }; + "defaults.json" = { + mode = "400"; + owner = cfg.user; + path = "/var/lib/step-ca/config/defaults.json"; + sopsFile = config.xin-secrets.cert_authority; + }; + "intermediate_ca.crt" = { + mode = "444"; + owner = cfg.user; + path = "/var/lib/step-ca/certs/intermediate_ca.crt"; + sopsFile = config.xin-secrets.cert_authority; + }; + "intermediate_ca_key" = { + mode = "400"; + owner = cfg.user; + path = "/var/lib/step-ca/secrets/intermediate_ca_key"; + sopsFile = config.xin-secrets.cert_authority; + }; + "root_ca.crt" = { + mode = "444"; + owner = cfg.user; + path = "/var/lib/step-ca/certs/root_ca.crt"; + sopsFile = config.xin-secrets.cert_authority; + }; + "root_ca_key" = { + mode = "400"; + owner = cfg.user; + path = "/var/lib/step-ca/secrets/root_ca_key"; + sopsFile = config.xin-secrets.cert_authority; + }; + "jwk_encryptedKey" = { + mode = "400"; + owner = cfg.user; + path = "/var/lib/step-ca/secrets/jwk_encryptedKey"; + sopsFile = config.xin-secrets.cert_authority; }; }; - imports = [../modules/ts-rev-prox.nix]; - config = mkIf cfg.enable { - sops.secrets = { - ca_password = { - mode = "400"; - owner = cfg.user; - sopsFile = config.xin-secrets.cert_authority; - }; - "defaults.json" = { - mode = "400"; - owner = cfg.user; - path = "/var/lib/step-ca/config/defaults.json"; - sopsFile = config.xin-secrets.cert_authority; - }; - "intermediate_ca.crt" = { - mode = "444"; - owner = cfg.user; - path = "/var/lib/step-ca/certs/intermediate_ca.crt"; - sopsFile = config.xin-secrets.cert_authority; - }; - "intermediate_ca_key" = { - mode = "400"; - owner = cfg.user; - path = "/var/lib/step-ca/secrets/intermediate_ca_key"; - sopsFile = config.xin-secrets.cert_authority; - }; - "root_ca.crt" = { - mode = "444"; - owner = cfg.user; - path = "/var/lib/step-ca/certs/root_ca.crt"; - sopsFile = config.xin-secrets.cert_authority; - }; - "root_ca_key" = { - mode = "400"; - owner = cfg.user; - path = "/var/lib/step-ca/secrets/root_ca_key"; - sopsFile = config.xin-secrets.cert_authority; - }; - "jwk_encryptedKey" = { - mode = "400"; - owner = cfg.user; - path = "/var/lib/step-ca/secrets/jwk_encryptedKey"; - sopsFile = config.xin-secrets.cert_authority; - }; - }; + networking.hosts = { "127.0.0.1" = [ "ca.bolddaemon.com" ]; }; - networking.hosts = {"127.0.0.1" = ["ca.bolddaemon.com"];}; + environment.sessionVariables = { STEPPATH = "/var/lib/step-ca"; }; + environment.systemPackages = with pkgs; [ + step-cli + step-kms-plugin + opensc + libressl + ]; - environment.sessionVariables = {STEPPATH = "/var/lib/step-ca";}; - environment.systemPackages = with pkgs; [ - step-cli - step-kms-plugin - opensc - libressl - ]; + services.step-ca = { + enable = true; + intermediatePasswordFile = "${config.sops.secrets.ca_password.path}"; + address = "127.0.0.1"; + port = 443; + settings = { + root = config.sops.secrets."root_ca.crt".path; + crt = config.sops.secrets."intermediate_ca.crt".path; + key = config.sops.secrets.intermediate_ca_key.path; + dnsNames = [ "ca.bolddaemon.com" ]; + logger = { format = "text"; }; + db = { + type = "badgerv2"; + dataSource = "/var/lib/step-ca/db"; + badgerFileLoadingMode = ""; + }; + authority = { + provisioners = [ + { + type = "SSHPOP"; + name = "sshpop"; + claims = { enableSSHCA = true; }; + } + ]; + }; - services.step-ca = { - enable = true; - intermediatePasswordFile = "${config.sops.secrets.ca_password.path}"; - address = "127.0.0.1"; - port = 443; - settings = { - root = config.sops.secrets."root_ca.crt".path; - crt = config.sops.secrets."intermediate_ca.crt".path; - key = config.sops.secrets.intermediate_ca_key.path; - dnsNames = ["ca.bolddaemon.com"]; - logger = {format = "text";}; - db = { - type = "badgerv2"; - dataSource = "/var/lib/step-ca/db"; - badgerFileLoadingMode = ""; - }; - authority = { - provisioners = [ - { - type = "SSHPOP"; - name = "sshpop"; - claims = {enableSSHCA = true;}; - } - ]; - }; - - tls = { - cipherSuites = [ - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" - ]; - minVersion = 1.2; - maxVersion = 1.3; - renegotiation = false; - }; + tls = { + cipherSuites = [ + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256" + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" + ]; + minVersion = 1.2; + maxVersion = 1.3; + renegotiation = false; }; }; }; - } + }; +} diff --git a/configs/ci.nix b/configs/ci.nix index 12ed94a..658f4cf 100644 --- a/configs/ci.nix +++ b/configs/ci.nix @@ -1,11 +1,11 @@ -{ - config, - lib, - pkgs, - inputs, - xinlib, - ... -}: let +{ config +, lib +, pkgs +, inputs +, xinlib +, ... +}: +let #inherit (xinlib) prIsOpen; jobs = [ { @@ -13,99 +13,99 @@ user = "qbit"; script = "cd ~/src/xin && ./bin/ci update"; startAt = "23:00"; - path = []; + path = [ ]; } { name = "xin-ci"; user = "qbit"; script = "cd ~/src/xin && ./bin/ci"; startAt = "*:30:00"; - path = []; + path = [ ]; } ]; in - with lib; { - options = { - xinCI = { - enable = mkEnableOption "Configure host as a xin CI host."; +with lib; { + options = { + xinCI = { + enable = mkEnableOption "Configure host as a xin CI host."; - user = mkOption { - type = types.str; - default = "root"; - description = '' - User who will own the CI private key. - ''; - }; + user = mkOption { + type = types.str; + default = "root"; + description = '' + User who will own the CI private key. + ''; }; }; + }; - imports = [../modules/ts-rev-prox.nix]; - config = mkIf config.xinCI.enable { - sops.defaultSopsFile = config.xin-secrets.ci; - sops.secrets = { - po_env = {owner = config.xinCI.user;}; - ci_ed25519_key = { - mode = "400"; - owner = config.xinCI.user; - }; - ci_ed25519_pub = { - mode = "444"; - owner = config.xinCI.user; - }; - ci_signing_ed25519_key = { - mode = "400"; - owner = config.xinCI.user; - }; - ci_signing_ed25519_pub = { - mode = "444"; - owner = config.xinCI.user; - }; - bin_cache_priv_key = { - mode = "400"; - owner = "root"; - group = "wheel"; - }; - bin_cache_pub_key = { - mode = "444"; - owner = "root"; - group = "wheel"; - }; - ts_proxy_env = { - mode = "400"; - owner = config.services.tsrevprox.user; - }; + imports = [ ../modules/ts-rev-prox.nix ]; + config = mkIf config.xinCI.enable { + sops.defaultSopsFile = config.xin-secrets.ci; + sops.secrets = { + po_env = { owner = config.xinCI.user; }; + ci_ed25519_key = { + mode = "400"; + owner = config.xinCI.user; }; - environment.systemPackages = with pkgs; [ - inputs.po.packages.${pkgs.system}.po - keychain - ]; - - nix = { - #settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ]; - settings.allowed-users = ["root" config.xinCI.user "harmonia"]; + ci_ed25519_pub = { + mode = "444"; + owner = config.xinCI.user; }; - - systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs); - - services = { - tsrevprox = { - enable = true; - reverseName = "nix-binary-cache"; - envFile = config.sops.secrets.ts_proxy_env.path; - }; - harmonia = { - enable = true; - signKeyPath = config.sops.secrets.bin_cache_priv_key.path; - settings = {bind = "127.0.0.1:5000";}; - }; - #nix-serve = { - # package = pkgs.nix-serve-ng; - # enable = true; - # secretKeyFile = config.sops.secrets.bin_cache_priv_key.path; - # bindAddress = "127.0.0.1"; - #}; + ci_signing_ed25519_key = { + mode = "400"; + owner = config.xinCI.user; + }; + ci_signing_ed25519_pub = { + mode = "444"; + owner = config.xinCI.user; + }; + bin_cache_priv_key = { + mode = "400"; + owner = "root"; + group = "wheel"; + }; + bin_cache_pub_key = { + mode = "444"; + owner = "root"; + group = "wheel"; + }; + ts_proxy_env = { + mode = "400"; + owner = config.services.tsrevprox.user; }; - - boot.binfmt.emulatedSystems = ["aarch64-linux" "armv6l-linux"]; }; - } + environment.systemPackages = with pkgs; [ + inputs.po.packages.${pkgs.system}.po + keychain + ]; + + nix = { + #settings.allowed-users = [ "root" config.xinCI.user "nix-serve" ]; + settings.allowed-users = [ "root" config.xinCI.user "harmonia" ]; + }; + + systemd.services = lib.listToAttrs (builtins.map xinlib.jobToService jobs); + + services = { + tsrevprox = { + enable = true; + reverseName = "nix-binary-cache"; + envFile = config.sops.secrets.ts_proxy_env.path; + }; + harmonia = { + enable = true; + signKeyPath = config.sops.secrets.bin_cache_priv_key.path; + settings = { bind = "127.0.0.1:5000"; }; + }; + #nix-serve = { + # package = pkgs.nix-serve-ng; + # enable = true; + # secretKeyFile = config.sops.secrets.bin_cache_priv_key.path; + # bindAddress = "127.0.0.1"; + #}; + }; + + boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv6l-linux" ]; + }; +} diff --git a/configs/colemak.nix b/configs/colemak.nix index c81b6bd..51fd3fb 100644 --- a/configs/colemak.nix +++ b/configs/colemak.nix @@ -1,7 +1,6 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; { options = { @@ -16,7 +15,7 @@ with lib; { }; config = mkIf config.colemak.enable { - console = {keyMap = "colemak";}; + console = { keyMap = "colemak"; }; services.xserver = { layout = "us"; xkbVariant = "colemak"; diff --git a/configs/default.nix b/configs/default.nix index c9ccc8e..4fca5f3 100644 --- a/configs/default.nix +++ b/configs/default.nix @@ -1,4 +1,4 @@ -{...}: { +{ ... }: { imports = [ ./ca.nix ./ci.nix diff --git a/configs/dns.nix b/configs/dns.nix index c0936ab..457bf87 100644 --- a/configs/dns.nix +++ b/configs/dns.nix @@ -1,7 +1,6 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; { options = { @@ -22,7 +21,7 @@ with lib; { enable = true; dnssec = "allow-downgrade"; # TODO: Enable a toggle for ipv6 - fallbackDns = ["9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9"]; + fallbackDns = [ "9.9.9.9" "2620:fe::fe" "149.112.112.112" "2620:fe::9" ]; extraConfig = '' [Resolve] DNS=45.90.28.0#8436c6.dns1.nextdns.io diff --git a/configs/doas.nix b/configs/doas.nix index 19d0381..05ad492 100644 --- a/configs/doas.nix +++ b/configs/doas.nix @@ -1,23 +1,22 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; { options = { - doas = {enable = mkEnableOption "Enable doas for priv-escie";}; + doas = { enable = mkEnableOption "Enable doas for priv-escie"; }; }; config = mkIf config.doas.enable { nixpkgs.config.packageOverrides = pkgs: { - doas = pkgs.doas.override {withPAM = false;}; + doas = pkgs.doas.override { withPAM = false; }; }; security = { doas = { enable = true; extraRules = [ { - groups = ["wheel"]; + groups = [ "wheel" ]; persist = true; } ]; diff --git a/configs/emacs.nix b/configs/emacs.nix index 94ebf9c..dae89b8 100644 --- a/configs/emacs.nix +++ b/configs/emacs.nix @@ -1,19 +1,19 @@ -{ - runCommand, - emacsWithPackagesFromUsePackage, - pkgs, - lib, - makeWrapper, - mu, - writeTextDir, - emacs, - emacsPkg ? pkgs.emacsPgtkNativeComp, - ... -}: let +{ runCommand +, emacsWithPackagesFromUsePackage +, pkgs +, lib +, makeWrapper +, mu +, writeTextDir +, emacs +, emacsPkg ? pkgs.emacsPgtkNativeComp +, ... +}: +let muDir = "${mu}/share/emacs/site-lisp/mu4e"; # Generate a .el file from our emacs.org. - emacsConfig = runCommand "emacsConfig" {} '' + emacsConfig = runCommand "emacsConfig" { } '' mkdir -p $out cp -v ${./emacs.org} $out/emacs.org cd $out @@ -50,19 +50,19 @@ texlive.combined.scheme-full ]; in - emacsWithPackagesFromUsePackage { - config = ./emacs.org; +emacsWithPackagesFromUsePackage { + config = ./emacs.org; - alwaysEnsure = true; - alwaysTangle = true; + alwaysEnsure = true; + alwaysTangle = true; - package = emacsPkg.overrideAttrs (oa: { - nativeBuildInputs = oa.nativeBuildInputs ++ [makeWrapper emacsConfig]; - postInstall = '' - ${oa.postInstall} - wrapProgram $out/bin/emacs \ - --prefix PATH : ${pkgs.lib.makeBinPath emacsDepList} \ - --add-flags '--init-directory ${emacsInitDir}' - ''; - }); - } + package = emacsPkg.overrideAttrs (oa: { + nativeBuildInputs = oa.nativeBuildInputs ++ [ makeWrapper emacsConfig ]; + postInstall = '' + ${oa.postInstall} + wrapProgram $out/bin/emacs \ + --prefix PATH : ${pkgs.lib.makeBinPath emacsDepList} \ + --add-flags '--init-directory ${emacsInitDir}' + ''; + }); +} diff --git a/configs/firefox.nix b/configs/firefox.nix index 16d9296..481287c 100644 --- a/configs/firefox.nix +++ b/configs/firefox.nix @@ -1,4 +1,4 @@ -{...}: { +{ ... }: { programs = { firefox = { enable = true; diff --git a/configs/git.nix b/configs/git.nix index f5461cc..e8d7c28 100644 --- a/configs/git.nix +++ b/configs/git.nix @@ -1,19 +1,21 @@ -{config, ...}: let +{ config, ... }: +let rewriteGitHub = if config.networking.hostName != "stan" then { - url = {"ssh://git@github.com/" = {insteadOf = "https://github.com/";};}; + url = { "ssh://git@github.com/" = { insteadOf = "https://github.com/"; }; }; } else { - url = {}; + url = { }; }; -in { +in +{ programs.git = { enable = true; lfs.enable = true; config = [ - {init = {defaultBranch = "main";};} - {advice.detachedHead = false;} + { init = { defaultBranch = "main"; }; } + { advice.detachedHead = false; } { user = { name = "Aaron Bieber"; @@ -22,7 +24,7 @@ in { }; } - {branch = {sort = "-committerdate";};} + { branch = { sort = "-committerdate"; }; } { alias = { log = "log --color=never"; @@ -32,10 +34,10 @@ in { "!f() { git fetch $1 refs/pull/$2/head:refs/remotes/pr/$2; }; f"''; }; } - {push = {default = "current";};} + { push = { default = "current"; }; } - {gpg = {format = "ssh";};} - {commit = {gpgsign = true;};} + { gpg = { format = "ssh"; }; } + { commit = { gpgsign = true; }; } { color = { @@ -47,13 +49,13 @@ in { }; } - {safe = {directory = "/home/qbit/src/nix-conf";};} + { safe = { directory = "/home/qbit/src/nix-conf"; }; } - {transfer = {fsckobjects = true;};} - {fetch = {fsckobjects = true;};} - {github = {user = "qbit";};} + { transfer = { fsckobjects = true; }; } + { fetch = { fsckobjects = true; }; } + { github = { user = "qbit"; }; } - {inherit (rewriteGitHub) url;} + { inherit (rewriteGitHub) url; } { sendmail = { @@ -67,8 +69,8 @@ in { }; } - {pull = {rebase = false;};} - {include = {path = "~/work/git/gitconfig";};} + { pull = { rebase = false; }; } + { include = { path = "~/work/git/gitconfig"; }; } ]; }; } diff --git a/configs/hardened.nix b/configs/hardened.nix index 3fae98a..b882c0a 100644 --- a/configs/hardened.nix +++ b/configs/hardened.nix @@ -1,4 +1,4 @@ -{lib, ...}: +{ lib, ... }: with lib; { environment = { memoryAllocator.provider = mkDefault "scudo"; diff --git a/configs/helix.nix b/configs/helix.nix index a14237a..a87c18f 100644 --- a/configs/helix.nix +++ b/configs/helix.nix @@ -1,9 +1,9 @@ -{ - pkgs, - linkFarm, - ... -}: let - tomlFmt = pkgs.formats.toml {}; +{ pkgs +, linkFarm +, ... +}: +let + tomlFmt = pkgs.formats.toml { }; helixBin = "${pkgs.helix}/bin/hx"; helixConfig = tomlFmt.generate "config.toml" { @@ -15,7 +15,7 @@ normal = "block"; select = "underline"; }; - lsp = {auto-signature-help = false;}; + lsp = { auto-signature-help = false; }; }; }; @@ -38,9 +38,9 @@ } ]; in - pkgs.writeScriptBin "hx" '' - # Conf: ${helixConfig} - # Theme: ${helixTheme} +pkgs.writeScriptBin "hx" '' + # Conf: ${helixConfig} + # Theme: ${helixTheme} - env XDG_CONFIG_HOME="${xdgDir}" ${helixBin} "$@" - '' + env XDG_CONFIG_HOME="${xdgDir}" ${helixBin} "$@" +'' diff --git a/configs/manager.nix b/configs/manager.nix index 3d54b67..f3f751c 100644 --- a/configs/manager.nix +++ b/configs/manager.nix @@ -1,57 +1,57 @@ -{ - config, - lib, - pkgs, - inputs, - ... -}: let +{ config +, lib +, pkgs +, inputs +, ... +}: +let microcaBin = "${pkgs.microca}/bin/microca"; microca = pkgs.writeScriptBin "microca" '' #!/usr/bin/env sh ${microcaBin} -ca-key /run/secrets/ca_key -ca-cert /run/secrets/ca_cert $@ ''; in - with lib; { - options = { - nixManager = { - enable = mkEnableOption "Configure host as nix-conf manager."; - user = mkOption { - type = types.str; - default = "root"; - description = '' - User who will own the private key. - ''; - }; +with lib; { + options = { + nixManager = { + enable = mkEnableOption "Configure host as nix-conf manager."; + user = mkOption { + type = types.str; + default = "root"; + description = '' + User who will own the private key. + ''; }; }; + }; - imports = [./tailnet.nix]; + imports = [ ./tailnet.nix ]; - config = mkIf config.nixManager.enable { - sops.defaultSopsFile = config.xin-secrets.manager; - sops.secrets = { - xin_status_key = {owner = config.nixManager.user;}; - xin_status_pubkey = {owner = config.nixManager.user;}; - manager_key = {owner = config.nixManager.user;}; - manager_pubkey = {owner = config.nixManager.user;}; - ca_key = {owner = config.nixManager.user;}; - ca_cert = {owner = config.nixManager.user;}; - po_env = {owner = config.nixManager.user;}; - }; + config = mkIf config.nixManager.enable { + sops.defaultSopsFile = config.xin-secrets.manager; + sops.secrets = { + xin_status_key = { owner = config.nixManager.user; }; + xin_status_pubkey = { owner = config.nixManager.user; }; + manager_key = { owner = config.nixManager.user; }; + manager_pubkey = { owner = config.nixManager.user; }; + ca_key = { owner = config.nixManager.user; }; + ca_cert = { owner = config.nixManager.user; }; + po_env = { owner = config.nixManager.user; }; + }; - environment.systemPackages = [ - microca - inputs.xintray.packages.${pkgs.system}.xintray - inputs.po.packages.${pkgs.system}.po - ]; + environment.systemPackages = [ + microca + inputs.xintray.packages.${pkgs.system}.xintray + inputs.po.packages.${pkgs.system}.po + ]; - networking = { - hosts = { - "66.135.2.235" = ["ns1"]; - "23.234.251.216" = ["ns2"]; - "46.23.94.18" = ["ns3"]; - "198.23.149.18" = ["ns4"]; - }; + networking = { + hosts = { + "66.135.2.235" = [ "ns1" ]; + "23.234.251.216" = [ "ns2" ]; + "46.23.94.18" = [ "ns3" ]; + "198.23.149.18" = [ "ns4" ]; }; }; - } + }; +} diff --git a/configs/neomutt.nix b/configs/neomutt.nix index 44b268c..1b51f61 100644 --- a/configs/neomutt.nix +++ b/configs/neomutt.nix @@ -1,5 +1,5 @@ -{pkgs, ...}: { - environment.systemPackages = with pkgs; [neomutt urlview]; +{ pkgs, ... }: { + environment.systemPackages = with pkgs; [ neomutt urlview ]; environment.etc."neomuttrc" = { text = '' ignore * diff --git a/configs/neovim.nix b/configs/neovim.nix index 32ad1be..4b8d0b9 100644 --- a/configs/neovim.nix +++ b/configs/neovim.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: +{ pkgs, ... }: with pkgs; let parchment = pkgs.vimUtils.buildVimPluginFrom2Nix rec { pname = "parchment"; @@ -30,7 +30,7 @@ with pkgs; let sha256 = "sha256-pMYvtNEYoVFaWlj35F1rDlfJkNY4y4S62RNpHBNBgto="; fetchSubmodules = true; }; - dependencies = with vimPlugins; [nvim-cmp tabular]; + dependencies = with vimPlugins; [ nvim-cmp tabular ]; }; neogen = pkgs.vimUtils.buildVimPluginFrom2Nix rec { pname = "neogen"; @@ -51,10 +51,10 @@ with pkgs; let url = "mirror://cpan/authors/id/J/JA/JACQUESG/MsgPack-Raw-0.05.tar.gz"; sha256 = "8559e2b64cd98d99abc666edf2a4c8724c9534612616af11f4eb0bbd0d422dac"; }; - buildInputs = with perlPackages; [TestPod TestPodCoverage]; + buildInputs = with perlPackages; [ TestPod TestPodCoverage ]; meta = { description = "Perl bindings to the msgpack C library"; - license = with lib.licenses; [artistic1 gpl1Plus]; + license = with lib.licenses; [ artistic1 gpl1Plus ]; }; }; @@ -66,7 +66,7 @@ with pkgs; let sha256 = "55a52c233e2dae86113f9f19b34f617edcfc8416f9bece671267bd1811b12111"; }; - outputs = ["out" "dev"]; + outputs = [ "out" "dev" ]; meta = { description = "Simplified safe evaluation of Perl code"; @@ -99,11 +99,11 @@ with pkgs; let # Attempts to download stuff from the internet. doCheck = false; - outputs = ["out" "dev"]; + outputs = [ "out" "dev" ]; meta = { description = "Perl bindings for neovim"; - license = with lib.licenses; [artistic1 gpl1Plus]; + license = with lib.licenses; [ artistic1 gpl1Plus ]; }; }; @@ -139,13 +139,11 @@ with pkgs; let parchment vacme ]; - myVimPackages = - if pkgs.system == "aarch64-linux" - then baseVimPackages - else baseVimPackages ++ []; -in { + myVimPackages = baseVimPackages; +in +{ environment.systemPackages = with pkgs; [ - alejandra + nixpkgs-fmt elmPackages.elm elmPackages.elm-format elmPackages.elm-language-server @@ -177,7 +175,7 @@ in { enable = true; defaultEditor = true; configure = { - packages.myVimPackage = {start = myVimPackages;}; + packages.myVimPackage = { start = myVimPackages; }; customRC = '' " Restore cursor position autocmd BufReadPost * diff --git a/configs/net-overlay.nix b/configs/net-overlay.nix index 29d2dd1..0c0c23e 100644 --- a/configs/net-overlay.nix +++ b/configs/net-overlay.nix @@ -1,8 +1,7 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: with lib; { options = { @@ -32,7 +31,7 @@ with lib; { config = mkMerge [ (mkIf config.tailscale.enable { - services = {tailscale = {enable = mkDefault true;};}; + services = { tailscale = { enable = mkDefault true; }; }; networking.firewall.checkReversePath = mkDefault "loose"; }) (mkIf (config.tailscale.enable && config.tailscale.sshOnly) { @@ -45,8 +44,8 @@ with lib; { }; systemd.services = { "tailscale-ssh-init" = { - wantedBy = ["tailscaled.service"]; - after = ["tailscaled.service"]; + wantedBy = [ "tailscaled.service" ]; + after = [ "tailscaled.service" ]; serviceConfig = { ExecStart = "${pkgs.tailscale}/bin/tailscale up --auth-key file://${config.sops.secrets.ts_sshonly.path}"; }; @@ -54,11 +53,11 @@ with lib; { }; }) (mkIf config.zerotier.enable { - environment.systemPackages = with pkgs; [zerotierone]; + environment.systemPackages = with pkgs; [ zerotierone ]; services = { zerotierone = { enable = true; - joinNetworks = ["db64858fedd3b256"]; + joinNetworks = [ "db64858fedd3b256" ]; }; }; networking.firewall.checkReversePath = "loose"; diff --git a/configs/peerix.nix b/configs/peerix.nix index 05c9ba7..1f019a4 100644 --- a/configs/peerix.nix +++ b/configs/peerix.nix @@ -1,8 +1,7 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: with lib; { options = { @@ -22,25 +21,25 @@ with lib; { interfaces = mkOption { description = "Interfaces to allow peerix to listen on."; type = types.listOf types.str; - default = ["tailscale0"]; + default = [ "tailscale0" ]; }; }; }; config = mkIf config.tsPeerix.enable { - users.groups.peerix = {name = "peerix";}; + users.groups.peerix = { name = "peerix"; }; users.users.peerix = { name = "peerix"; group = "peerix"; isSystemUser = true; }; - nix.settings.allowed-users = ["peerix"]; + nix.settings.allowed-users = [ "peerix" ]; services = { zerotierone = { enable = true; - joinNetworks = ["db64858fedd3b256"]; + joinNetworks = [ "db64858fedd3b256" ]; }; peerix = { @@ -53,13 +52,14 @@ with lib; { }; }; - environment.systemPackages = [pkgs.zerotierone]; + environment.systemPackages = [ pkgs.zerotierone ]; - networking.firewall.interfaces = listToAttrs (flatten (map (i: { + networking.firewall.interfaces = listToAttrs (flatten (map + (i: { name = i; value = { - allowedUDPPorts = [12304]; - allowedTCPPorts = [12304]; + allowedUDPPorts = [ 12304 ]; + allowedTCPPorts = [ 12304 ]; }; }) config.tsPeerix.interfaces)); diff --git a/configs/tailnet.nix b/configs/tailnet.nix index 5f58766..44718c7 100644 --- a/configs/tailnet.nix +++ b/configs/tailnet.nix @@ -1,59 +1,60 @@ -{ - config, - pkgs, - lib, - inputs, - xinlib, - ... -}: let - tailnetACLs = let - acls = { - hosts = { - europa = "100.92.31.80"; - startpage = "100.120.84.116"; - startdev = "100.92.56.119"; - go = "100.117.47.51"; - nbc = "100.122.61.43"; # nix-binary-cache - console = "100.87.112.70"; - box = "100.120.151.126"; - }; +{ config +, pkgs +, lib +, inputs +, xinlib +, ... +}: +let + tailnetACLs = + let + acls = { + hosts = { + europa = "100.92.31.80"; + startpage = "100.120.84.116"; + startdev = "100.92.56.119"; + go = "100.117.47.51"; + nbc = "100.122.61.43"; # nix-binary-cache + console = "100.87.112.70"; + box = "100.120.151.126"; + }; - tagOwners = { - "tag:untrusted" = ["qbit@github"]; - "tag:minservice" = ["qbit@github"]; - "tag:sshonly" = ["qbit@github"]; - "tag:apper" = ["qbit@github"]; - "tag:golink" = ["qbit@github"]; - "tag:lab" = ["qbit@github"]; - }; + tagOwners = { + "tag:untrusted" = [ "qbit@github" ]; + "tag:minservice" = [ "qbit@github" ]; + "tag:sshonly" = [ "qbit@github" ]; + "tag:apper" = [ "qbit@github" ]; + "tag:golink" = [ "qbit@github" ]; + "tag:lab" = [ "qbit@github" ]; + }; - acls = [ - { - action = "accept"; - src = ["tag:untrusted"]; - dst = [ - "europa:22" - "europa:12304" - "startpage:443" - "startdev:443" - "go:80" - "tag:lab:22" - "nbc:443" - ]; - } - { - action = "accept"; - src = ["tag:minservice" "tag:sshonly"]; - dst = ["*:22" "box:3030" "nbc:443" "console:2222"]; - } - { - action = "accept"; - src = ["qbit@github"]; - dst = ["*:*"]; - } - ]; - }; - in + acls = [ + { + action = "accept"; + src = [ "tag:untrusted" ]; + dst = [ + "europa:22" + "europa:12304" + "startpage:443" + "startdev:443" + "go:80" + "tag:lab:22" + "nbc:443" + ]; + } + { + action = "accept"; + src = [ "tag:minservice" "tag:sshonly" ]; + dst = [ "*:22" "box:3030" "nbc:443" "console:2222" ]; + } + { + action = "accept"; + src = [ "qbit@github" ]; + dst = [ "*:*" ]; + } + ]; + }; + in pkgs.writeTextFile { name = "tailnet-acls.json"; text = builtins.toJSON acls; @@ -83,22 +84,22 @@ name = "update-talenet-acls"; script = "${aclUpdateScript}/bin/tailnet-acl-updater"; startAt = "*:30:00"; - path = []; + path = [ ]; inherit (config.nixManager) user; } ]; enabled = config.nixManager.enable; in - with lib; { - sops.secrets = mkIf enabled { - tailnet_acl_manager = { - owner = config.nixManager.user; - sopsFile = config.xin-secrets.manager; - }; - po_env = { - owner = config.nixManager.user; - sopsFile = config.xin-secrets.manager; - }; +with lib; { + sops.secrets = mkIf enabled { + tailnet_acl_manager = { + owner = config.nixManager.user; + sopsFile = config.xin-secrets.manager; }; - systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs)); - } + po_env = { + owner = config.nixManager.user; + sopsFile = config.xin-secrets.manager; + }; + }; + systemd.services = mkIf enabled (listToAttrs (builtins.map xinlib.jobToService jobs)); +} diff --git a/configs/tmux.nix b/configs/tmux.nix index a5b12da..669cb14 100644 --- a/configs/tmux.nix +++ b/configs/tmux.nix @@ -1,4 +1,4 @@ -{...}: { +{ ... }: { programs.tmux = { enable = true; extraConfig = '' diff --git a/configs/zsh.nix b/configs/zsh.nix index e596f50..2fb9b1a 100644 --- a/configs/zsh.nix +++ b/configs/zsh.nix @@ -1,4 +1,4 @@ -{...}: { +{ ... }: { config = { programs.zsh.interactiveShellInit = '' export NO_COLOR=1 diff --git a/dbuild/build-consumer.nix b/dbuild/build-consumer.nix index 837627f..18a7aed 100644 --- a/dbuild/build-consumer.nix +++ b/dbuild/build-consumer.nix @@ -1,17 +1,16 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; { options = { - buildConsumer = {enable = mkEnableOption "Use remote build machines";}; + buildConsumer = { enable = mkEnableOption "Use remote build machines"; }; }; config = mkIf config.buildConsumer.enable { programs.ssh.knownHosts = { pcake = { - hostNames = ["pcake" "pcake.tapenet.org" "10.6.0.202"]; + hostNames = [ "pcake" "pcake.tapenet.org" "10.6.0.202" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgqVw3QWNG6Ty5o2HwW+25Eh59W3lZ30+wMqTEkUZVH"; }; }; @@ -21,20 +20,22 @@ with lib; { IdentitiesOnly yes IdentityFile /root/.ssh/nix_remote ''; - nix.buildMachines = [ - { - hostName = "pcake"; - systems = ["x86_64-linux" "aarch64-linux"]; - maxJobs = 2; - speedFactor = 4; - supportedFeatures = ["kvm" "big-parallel" "nixos-test" "benchmark"]; - mandatoryFeatures = []; - } - ]; + nix = { + buildMachines = [ + { + hostName = "pcake"; + systems = [ "x86_64-linux" "aarch64-linux" ]; + maxJobs = 2; + speedFactor = 4; + supportedFeatures = [ "kvm" "big-parallel" "nixos-test" "benchmark" ]; + mandatoryFeatures = [ ]; + } + ]; - nix.distributedBuilds = true; - nix.extraOptions = '' - builders-use-substitutes = true - ''; + distributedBuilds = true; + extraOptions = '' + builders-use-substitutes = true + ''; + }; }; } diff --git a/dbuild/build-server.nix b/dbuild/build-server.nix index 3983d18..5058b52 100644 --- a/dbuild/build-server.nix +++ b/dbuild/build-server.nix @@ -1,7 +1,6 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; { options = { @@ -11,7 +10,7 @@ with lib; { }; config = mkIf config.buildServer.enable { - boot.binfmt.emulatedSystems = ["aarch64-linux"]; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICEtoU6ObMP7wmglT7rXMg0HEnh7cGBo6COL7BpmRC/o" diff --git a/dbuild/default.nix b/dbuild/default.nix index 9797e07..3e55b79 100644 --- a/dbuild/default.nix +++ b/dbuild/default.nix @@ -1 +1 @@ -{...}: {imports = [./build-consumer.nix ./build-server.nix];} +{ ... }: { imports = [ ./build-consumer.nix ./build-server.nix ]; } diff --git a/default.nix b/default.nix index 42ca86c..a9e9e4f 100644 --- a/default.nix +++ b/default.nix @@ -1,12 +1,12 @@ -{ - config, - lib, - options, - pkgs, - xinlib, - isUnstable, - ... -}: let +{ config +, lib +, options +, pkgs +, xinlib +, isUnstable +, ... +}: +let inherit (xinlib) todo; caPubKeys = builtins.concatStringsSep "\n" [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5xMSYMwu6rjjLe2UYs1YGCIBVs35E9db2qAjNltCVPG5UoctxCDXxIz0PMOJrBbfqZzP/6qPU1WAhdGNTZ5eXq/ftnhI+2xFfMg1uzpXZ9vjy8lUCfXIObtoEdZ9h/7OUCN/BnL0ySqsamkcUo8SAj6wXoNCdwk6oncfyTmhPnoW5tCWCS9p7Q/LuWpYGsvW5nFDSxteP7re6SUe10eftIkFAPNhKA2lsrvzMgjxhnXqwIr1qJeY0otcuYA4V5V09FmElbnOWVuy4Pt8SqV4N9ykkAUXZN1Pi7Q4JnCUifRJVWpKHLoJe0mqwMDJbGtt2Akn3EwiGhyaVjq2FFgBKAb7w8UAE8gob8n4+DOx4TQAXlmWviYij2Xh6CvepbamxlJMvVdWgqk53+u4e+/oOQQ9QTmQvAuecg9dSO3m7+hNHEf+0TXjuTNlk9KHRg4s7ZAI+2Stfo1tBrvEeE2fAF//Mw7zaLPKmEbMiXdbDs816gvYtG6Y36fTGyzhowDQAMNm+zbg8YPz7xFukLdSCPt7RcpPnP1iJs/hGBnog5UaG/Cm4ftkm9zKvOaQKIoA/GQ3yQSyltczA+2h5fur6VQQGrQeVhAcXm9a6GaLPWxgvJX/og76CHps0rYzFM3QBlsiJ+Z0sstk5TtBex9nTjwRZ1U9+4DQes2TB4/uxnQ== SUAH CA" @@ -16,9 +16,10 @@ statusKey = '' command="/run/current-system/sw/bin/xin-status",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9PIhQ+yWfBM2tEG+W8W8HXJXqISXif8BcPZHakKvLM xin-status ''; - gosignify = pkgs.callPackage ./pkgs/gosignify.nix {inherit isUnstable;}; - myOpenSSH = pkgs.callPackage ./pkgs/openssh {}; -in { + gosignify = pkgs.callPackage ./pkgs/gosignify.nix { inherit isUnstable; }; + myOpenSSH = pkgs.callPackage ./pkgs/openssh { }; +in +{ imports = [ ./configs ./dbuild @@ -44,7 +45,7 @@ in { options.myconf = { managementPubKeys = lib.mkOption rec { type = lib.types.listOf lib.types.str; - default = [managementKey statusKey breakGlassKey]; + default = [ managementKey statusKey breakGlassKey ]; example = default; description = "List of management public keys to use"; }; @@ -63,7 +64,7 @@ in { }; config = { - sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.secrets = { xin_secrets_deploy_key = { @@ -74,7 +75,7 @@ in { }; }; - security.pki.caCertificateBlacklist = ["TrustCor ECA-1" "TrustCor RootCert CA-1" "TrustCor RootCert CA-2"]; + security.pki.caCertificateBlacklist = [ "TrustCor ECA-1" "TrustCor RootCert CA-1" "TrustCor RootCert CA-2" ]; security.pki.certificates = [ '' -----BEGIN CERTIFICATE----- @@ -130,7 +131,7 @@ in { ''; boot = { - loader = {systemd-boot.configurationLimit = 15;}; + loader = { systemd-boot.configurationLimit = 15; }; kernelPackages = lib.mkDefault pkgs.linuxPackages_hardened; kernel.sysctl = { "net.ipv4.tcp_keepalive_time" = 60; @@ -142,48 +143,51 @@ in { nix = { settings = if config.xinCI.enable - then {} + then { } else { - substituters = ["https://nix-binary-cache.humpback-trout.ts.net/"]; + substituters = [ "https://nix-binary-cache.humpback-trout.ts.net/" ]; trusted-public-keys = [ "nix-binary-cache.humpback-trout.ts.net:e9fJhcRtNVp6miW2pffFyK/gZ2et4y6IDigBNrEsAa0=" ]; }; }; - environment.systemPackages = with pkgs; - [ - age - apg - bind - btop - direnv - git-bug - git-sync - gosignify - got - jq - lz4 - minisign - mosh - nb - nix-diff - nix-index - nix-top - pass - ripgrep - taskwarrior - tmux - ] - ++ ( - if isUnstable - then [nil] - else [] - ); + environment = { + etc."ssh/ca.pub" = { text = caPubKeys; }; + systemPackages = with pkgs; + [ + age + apg + bind + btop + direnv + git-bug + git-sync + gosignify + got + jq + lz4 + minisign + mosh + nb + nix-diff + nix-index + nix-top + pass + ripgrep + taskwarrior + tmux + ] + ++ ( + if isUnstable + then [ nil ] + else [ ] + ); - environment.interactiveShellInit = '' - alias vi=nvim - ''; + interactiveShellInit = '' + alias vi=nvim + ''; + }; time.timeZone = "US/Mountain"; @@ -201,7 +205,7 @@ in { "[namish.humpback-trout.ts.net]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9jlU5XATs8N90mXuCqrflwOJ+s3s7LefDmFZBx8cCk"; "[git.tapenet.org]:2222".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkbSJWeWJyJjak/boaMTqzPVq91wfJz1P+I4rnBUsPW"; }; - knownHostsFiles = [./configs/ssh_known_hosts]; + knownHostsFiles = [ ./configs/ssh_known_hosts ]; startAgent = true; agentTimeout = "100m"; extraConfig = '' @@ -216,8 +220,6 @@ in { }; }; - environment.etc."ssh/ca.pub" = {text = caPubKeys;}; - services.logrotate.checkConfig = todo "logrotate disabled: https://github.com/NixOS/nix/issues/8502" false; @@ -230,7 +232,7 @@ in { settings = { PermitRootLogin = "prohibit-password"; PasswordAuthentication = false; - KexAlgorithms = ["curve25519-sha256" "curve25519-sha256@libssh.org"]; + KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ]; Macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-256-etm@openssh.com" diff --git a/flake.nix b/flake.nix index dcd27ab..a350b43 100644 --- a/flake.nix +++ b/flake.nix @@ -19,7 +19,7 @@ inputs.sops-nix.follows = "sops-nix"; }; - nixos-hardware = {url = "github:NixOS/nixos-hardware/master";}; + nixos-hardware = { url = "github:NixOS/nixos-hardware/master"; }; #emacs-overlay = { # url = "github:nix-community/emacs-overlay/d54a1521619daa37c9aa8c9e3362abb34e676007"; @@ -80,285 +80,297 @@ }; }; - outputs = { - self, - darwin, - gostart, - nixos-hardware, - peerix, - po, - pots, - pr-status, - stable, - tsRevProx, - tsvnstat, - unstable, - unstableSmall, - xin-secrets, - xintray, - ... - } @ inputs: let - xinlib = import ./lib {inherit (unstable) lib;}; - supportedSystems = ["x86_64-linux"]; - #[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; - forAllSystems = unstable.lib.genAttrs supportedSystems; - unstablePkgsFor = forAllSystems (system: - import unstable { - inherit system; - #imports = [ ./overlays ]; - }); - stablePkgsFor = forAllSystems (system: - import stable { - inherit system; - #imports = [ ./overlays ]; - }); - hostBase = { - modules = [ - # Common config stuffs - (import ./default.nix) + outputs = + { self + , darwin + , gostart + , nixos-hardware + , peerix + , po + , pots + , pr-status + , stable + , tsRevProx + , tsvnstat + , unstable + , unstableSmall + , xin-secrets + , xintray + , ... + } @ inputs: + let + xinlib = import ./lib { inherit (unstable) lib; }; + supportedSystems = [ "x86_64-linux" ]; + #[ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; + forAllSystems = unstable.lib.genAttrs supportedSystems; + unstablePkgsFor = forAllSystems (system: + import unstable { + inherit system; + #imports = [ ./overlays ]; + }); + stablePkgsFor = forAllSystems (system: + import stable { + inherit system; + #imports = [ ./overlays ]; + }); + hostBase = { + modules = [ + # Common config stuffs + (import ./default.nix) - xin-secrets.nixosModules.sops - xin-secrets.nixosModules.xin-secrets + xin-secrets.nixosModules.sops + xin-secrets.nixosModules.xin-secrets - peerix.nixosModules.peerix + peerix.nixosModules.peerix + ]; + }; + + overlays = [ + #inputs.emacs-overlay.overlay + inputs.gostart.overlay + inputs.microca.overlay + inputs.peerix.overlay + inputs.pots.overlay + inputs.pr-status.overlay + inputs.taskobs.overlay + inputs.tsRevProx.overlay ]; - }; - overlays = [ - #inputs.emacs-overlay.overlay - inputs.gostart.overlay - inputs.microca.overlay - inputs.peerix.overlay - inputs.pots.overlay - inputs.pr-status.overlay - inputs.taskobs.overlay - inputs.tsRevProx.overlay - ]; - - buildSys = sys: sysBase: extraMods: name: - sysBase.lib.nixosSystem { - system = sys; - specialArgs = { - inherit inputs; - inherit xinlib; + buildSys = sys: sysBase: extraMods: name: + sysBase.lib.nixosSystem { + system = sys; + specialArgs = { + inherit inputs; + inherit xinlib; + }; + modules = + hostBase.modules + ++ extraMods + ++ [ + { + nix = { + registry = { + nixpkgs.flake = sysBase; + stable.flake = stable; + unstable.flake = unstable; + }; + nixPath = [ "nixpkgs=${sysBase}" ]; + }; + } + ] + ++ [ (xinlib.buildVer self) (./. + "/hosts/${name}") ] + ++ [{ nixpkgs.overlays = overlays; }]; }; - modules = - hostBase.modules - ++ extraMods - ++ [ - { - nix = { - registry.nixpkgs.flake = sysBase; - registry.stable.flake = stable; - registry.unstable.flake = unstable; - nixPath = ["nixpkgs=${sysBase}"]; - }; - } - ] - ++ [(xinlib.buildVer self) (./. + "/hosts/${name}")] - ++ [{nixpkgs.overlays = overlays;}]; - }; - lpkgs = unstable.legacyPackages.x86_64-linux; - darwinPkgs = unstableSmall.legacyPackages.aarch64-darwin; - in { - darwinConfigurations = { - plq = darwin.lib.darwinSystem { - system = "aarch64-darwin"; - specialArgs = {inherit xinlib;}; - modules = [ - xin-secrets.nixosModules.sops - ./overlays - - ./hosts/plq - ]; - }; - }; - - # Expose all of the overlays to unstable so we can test build - # everything before deploying - legacyPackages.x86_64-linux = import unstable { - system = "x86_64-linux"; - overlays = let - overlayFn = import ./overlays; - stableList = overlayFn { - isUnstable = true; - inherit xinlib; - }; - unstableList = overlayFn { - isUnstable = false; - inherit xinlib; - }; - in - [] ++ stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays; - }; - - formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.alejandra; - formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.alejandra; - - devShells.x86_64-linux.default = xinlib.buildShell lpkgs; - devShells.aarch64-darwin.default = xinlib.buildShell darwinPkgs; - - nixosConfigurations = { - europa = buildSys "x86_64-linux" unstable [ - nixos-hardware.nixosModules.framework - ] "europa"; - pwntie = buildSys "x86_64-linux" stable [] "pwntie"; - stan = buildSys "x86_64-linux" unstable [] "stan"; - weather = buildSys "aarch64-linux" stable [] "weather"; - - faf = buildSys "x86_64-linux" stable [./configs/hardened.nix] "faf"; - box = buildSys "x86_64-linux" stable [./configs/hardened.nix] "box"; - #luna = buildSys "x86_64-linux" stable - # [ "${nixos-hardware}/common/cpu/intel" ] "luna"; - h = buildSys "x86_64-linux" stable [ - ./configs/hardened.nix - gostart.nixosModule - pots.nixosModule - pr-status.nixosModule - ] "h"; - #router = - # buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "router"; - - arm64Install = stable.lib.nixosSystem { - system = "aarch64-linux"; - - modules = [ - (import ./installer.nix) - xin-secrets.nixosModules.sops - - "${stable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix" - ]; - }; - - #weatherzero = buildSys "armv6l" stable [ - # "${stable}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" - # { - # nixpkgs = { - # buildPlatform = { - # system = "x86_64-linux"; - # config = "x86_64-unknown-linux-gnu"; - # }; - # hostPlatform = { - # system = "armv6l-linux"; - # config = "armv6l-unknown-linux-gnueabihf"; - # }; - # }; - # } - #] "weatherzero"; - - isoInstall = stable.lib.nixosSystem { - system = "x86_64-linux"; - - modules = [ - (xinlib.buildVer self) - (import ./installer.nix) - xin-secrets.nixosModules.sops - - "${stable}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma5.nix" - ]; - }; - }; - - packages = forAllSystems (system: let - upkgs = unstablePkgsFor.${system}; - spkgs = stablePkgsFor.${system}; - in { - ada_language_server = - spkgs.callPackage ./pkgs/ada_language_server.nix {inherit spkgs;}; - alire = spkgs.callPackage ./pkgs/alire.nix {inherit spkgs;}; - bearclaw = spkgs.callPackage ./pkgs/bearclaw.nix {inherit spkgs;}; - rtlamr = spkgs.callPackage ./pkgs/rtlamr.nix {inherit spkgs;}; - clilol = spkgs.callPackage ./pkgs/clilol.nix {inherit spkgs;}; - gqrss = spkgs.callPackage ./pkgs/gqrss.nix { - inherit spkgs; - isUnstable = true; - }; - iamb = upkgs.callPackage ./pkgs/iamb.nix {}; - icbirc = spkgs.callPackage ./pkgs/icbirc.nix { - inherit spkgs; - isUnstable = true; - }; - femtolisp = upkgs.callPackage ./pkgs/femtolisp.nix {}; - fyne = upkgs.callPackage ./pkgs/fyne.nix {inherit upkgs;}; - flake-warn = - spkgs.callPackage ./pkgs/flake-warn.nix {inherit spkgs;}; - #kurinto = spkgs.callPackage ./pkgs/kurinto.nix {}; - mcchunkie = spkgs.callPackage ./pkgs/mcchunkie.nix {inherit spkgs;}; - yaegi = spkgs.callPackage ./pkgs/yaegi.nix {inherit spkgs;}; - gen-patches = - spkgs.callPackage ./bins/gen-patches.nix {inherit spkgs;}; - yarr = spkgs.callPackage ./pkgs/yarr.nix { - inherit spkgs; - isUnstable = true; - }; - precursorupdater = spkgs.python3Packages.callPackage ./pkgs/precursorupdater.nix { - inherit spkgs; - }; - rtlamr2mqtt = spkgs.python3Packages.callPackage ./pkgs/rtlamr2mqtt.nix { - inherit spkgs; - }; - kobuddy = upkgs.python3Packages.callPackage ./pkgs/kobuddy.nix { - inherit upkgs; - }; - ghexport = upkgs.python3Packages.callPackage ./pkgs/ghexport.nix { - inherit upkgs; - }; - hpi = - upkgs.python3Packages.callPackage ./pkgs/hpi.nix {inherit upkgs;}; - promnesia = upkgs.python3Packages.callPackage ./pkgs/promnesia.nix { - inherit upkgs; - }; - sliding-sync = - spkgs.callPackage ./pkgs/sliding-sync.nix {inherit spkgs;}; - golink = spkgs.callPackage ./pkgs/golink.nix {inherit spkgs;}; - gokrazy = upkgs.callPackage ./pkgs/gokrazy.nix {inherit upkgs;}; - gosignify = spkgs.callPackage ./pkgs/gosignify.nix {inherit spkgs;}; - gotosocial = - spkgs.callPackage ./pkgs/gotosocial.nix {inherit spkgs;}; - zutty = upkgs.callPackage ./pkgs/zutty.nix { - inherit upkgs; - }; - mvoice = upkgs.callPackage ./pkgs/mvoice.nix { - inherit upkgs; - }; - inherit (xintray.packages.${system}) xintray; - inherit (tsvnstat.packages.${system}) tsvnstat; - inherit (pots.packages.${system}) pots; - inherit (po.packages.${system}) po; - inherit (tsRevProx.packages.${system}) ts-reverse-proxy; - - inherit (spkgs) matrix-synapse; - }); - - templates."ada" = { - path = ./templates/ada; - description = "Ada template."; - }; - templates."go" = { - path = ./templates/go; - description = "Go template."; - }; - templates."perl" = { - path = ./templates/perl; - description = "Perl template."; - }; - templates."mojo" = { - path = ./templates/mojo; - description = "Perl MojoLicious template."; - }; - templates."ocaml" = { - path = ./templates/ocaml; - description = "OCaml template."; - }; - - checks = let - buildList = ["europa" "stan" "h" "box" "faf" "weather"]; + lpkgs = unstable.legacyPackages.x86_64-linux; + darwinPkgs = unstableSmall.legacyPackages.aarch64-darwin; in - with unstable.lib; - foldl' recursiveUpdate {} (mapAttrsToList (name: system: { + { + darwinConfigurations = { + plq = darwin.lib.darwinSystem { + system = "aarch64-darwin"; + specialArgs = { inherit xinlib; }; + modules = [ + xin-secrets.nixosModules.sops + ./overlays + + ./hosts/plq + ]; + }; + }; + + # Expose all of the overlays to unstable so we can test build + # everything before deploying + legacyPackages.x86_64-linux = import unstable { + system = "x86_64-linux"; + overlays = + let + overlayFn = import ./overlays; + stableList = overlayFn { + isUnstable = true; + inherit xinlib; + }; + unstableList = overlayFn { + isUnstable = false; + inherit xinlib; + }; + in + stableList.nixpkgs.overlays ++ unstableList.nixpkgs.overlays; + }; + + formatter.x86_64-linux = stable.legacyPackages.x86_64-linux.nixpkgs-fmt; + formatter.aarch64-darwin = stable.legacyPackages.aarch64-darwin.nixpkgs-fmt; + + devShells.x86_64-linux.default = xinlib.buildShell lpkgs; + devShells.aarch64-darwin.default = xinlib.buildShell darwinPkgs; + + nixosConfigurations = { + europa = buildSys "x86_64-linux" unstable [ + nixos-hardware.nixosModules.framework + ] "europa"; + pwntie = buildSys "x86_64-linux" stable [ ] "pwntie"; + stan = buildSys "x86_64-linux" unstable [ ] "stan"; + weather = buildSys "aarch64-linux" stable [ ] "weather"; + + faf = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "faf"; + box = buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "box"; + #luna = buildSys "x86_64-linux" stable + # [ "${nixos-hardware}/common/cpu/intel" ] "luna"; + h = buildSys "x86_64-linux" stable [ + ./configs/hardened.nix + gostart.nixosModule + pots.nixosModule + pr-status.nixosModule + ] "h"; + #router = + # buildSys "x86_64-linux" stable [ ./configs/hardened.nix ] "router"; + + arm64Install = stable.lib.nixosSystem { + system = "aarch64-linux"; + + modules = [ + (import ./installer.nix) + xin-secrets.nixosModules.sops + + "${stable}/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix" + ]; + }; + + #weatherzero = buildSys "armv6l" stable [ + # "${stable}/nixos/modules/installer/sd-card/sd-image-raspberrypi.nix" + # { + # nixpkgs = { + # buildPlatform = { + # system = "x86_64-linux"; + # config = "x86_64-unknown-linux-gnu"; + # }; + # hostPlatform = { + # system = "armv6l-linux"; + # config = "armv6l-unknown-linux-gnueabihf"; + # }; + # }; + # } + #] "weatherzero"; + + isoInstall = stable.lib.nixosSystem { + system = "x86_64-linux"; + + modules = [ + (xinlib.buildVer self) + (import ./installer.nix) + xin-secrets.nixosModules.sops + + "${stable}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma5.nix" + ]; + }; + }; + + packages = forAllSystems (system: + let + upkgs = unstablePkgsFor.${system}; + spkgs = stablePkgsFor.${system}; + in + { + ada_language_server = + spkgs.callPackage ./pkgs/ada_language_server.nix { inherit spkgs; }; + alire = spkgs.callPackage ./pkgs/alire.nix { inherit spkgs; }; + bearclaw = spkgs.callPackage ./pkgs/bearclaw.nix { inherit spkgs; }; + rtlamr = spkgs.callPackage ./pkgs/rtlamr.nix { inherit spkgs; }; + clilol = spkgs.callPackage ./pkgs/clilol.nix { inherit spkgs; }; + gqrss = spkgs.callPackage ./pkgs/gqrss.nix { + inherit spkgs; + isUnstable = true; + }; + iamb = upkgs.callPackage ./pkgs/iamb.nix { }; + icbirc = spkgs.callPackage ./pkgs/icbirc.nix { + inherit spkgs; + isUnstable = true; + }; + femtolisp = upkgs.callPackage ./pkgs/femtolisp.nix { }; + fyne = upkgs.callPackage ./pkgs/fyne.nix { inherit upkgs; }; + flake-warn = + spkgs.callPackage ./pkgs/flake-warn.nix { inherit spkgs; }; + #kurinto = spkgs.callPackage ./pkgs/kurinto.nix {}; + mcchunkie = spkgs.callPackage ./pkgs/mcchunkie.nix { inherit spkgs; }; + yaegi = spkgs.callPackage ./pkgs/yaegi.nix { inherit spkgs; }; + gen-patches = + spkgs.callPackage ./bins/gen-patches.nix { inherit spkgs; }; + yarr = spkgs.callPackage ./pkgs/yarr.nix { + inherit spkgs; + isUnstable = true; + }; + precursorupdater = spkgs.python3Packages.callPackage ./pkgs/precursorupdater.nix { + inherit spkgs; + }; + rtlamr2mqtt = spkgs.python3Packages.callPackage ./pkgs/rtlamr2mqtt.nix { + inherit spkgs; + }; + kobuddy = upkgs.python3Packages.callPackage ./pkgs/kobuddy.nix { + inherit upkgs; + }; + ghexport = upkgs.python3Packages.callPackage ./pkgs/ghexport.nix { + inherit upkgs; + }; + hpi = + upkgs.python3Packages.callPackage ./pkgs/hpi.nix { inherit upkgs; }; + promnesia = upkgs.python3Packages.callPackage ./pkgs/promnesia.nix { + inherit upkgs; + }; + sliding-sync = + spkgs.callPackage ./pkgs/sliding-sync.nix { inherit spkgs; }; + golink = spkgs.callPackage ./pkgs/golink.nix { inherit spkgs; }; + gokrazy = upkgs.callPackage ./pkgs/gokrazy.nix { inherit upkgs; }; + gosignify = spkgs.callPackage ./pkgs/gosignify.nix { inherit spkgs; }; + gotosocial = + spkgs.callPackage ./pkgs/gotosocial.nix { inherit spkgs; }; + zutty = upkgs.callPackage ./pkgs/zutty.nix { + inherit upkgs; + }; + mvoice = upkgs.callPackage ./pkgs/mvoice.nix { + inherit upkgs; + }; + inherit (xintray.packages.${system}) xintray; + inherit (tsvnstat.packages.${system}) tsvnstat; + inherit (pots.packages.${system}) pots; + inherit (po.packages.${system}) po; + inherit (tsRevProx.packages.${system}) ts-reverse-proxy; + + inherit (spkgs) matrix-synapse; + }); + + templates = { + "ada" = { + path = ./templates/ada; + description = "Ada template."; + }; + "go" = { + path = ./templates/go; + description = "Go template."; + }; + "perl" = { + path = ./templates/perl; + description = "Perl template."; + }; + "mojo" = { + path = ./templates/mojo; + description = "Perl MojoLicious template."; + }; + "ocaml" = { + path = ./templates/ocaml; + description = "OCaml template."; + }; + }; + + checks = + let + buildList = [ "europa" "stan" "h" "box" "faf" "weather" ]; + in + with unstable.lib; + foldl' recursiveUpdate { } (mapAttrsToList + (name: system: { "${system.pkgs.stdenv.hostPlatform.system}"."${name}" = system.config.system.build.toplevel; - }) (filterAttrs (n: _: (builtins.elem n buildList)) + }) + (filterAttrs (n: _: (builtins.elem n buildList)) self.nixosConfigurations)); - }; + }; } diff --git a/gui/arcan.nix b/gui/arcan.nix index 46c994d..1550cfa 100644 --- a/gui/arcan.nix +++ b/gui/arcan.nix @@ -1,15 +1,14 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: with lib; { options = { - arcan = {enable = mkEnableOption "Enable Arcan/Durden desktop.";}; + arcan = { enable = mkEnableOption "Enable Arcan/Durden desktop."; }; }; config = mkIf config.arcan.enable { - environment.systemPackages = with pkgs; [arcanPackages.all-wrapped]; + environment.systemPackages = with pkgs; [ arcanPackages.all-wrapped ]; }; } diff --git a/gui/default.nix b/gui/default.nix index 5b61449..b1be777 100644 --- a/gui/default.nix +++ b/gui/default.nix @@ -1,24 +1,24 @@ -{ - config, - lib, - pkgs, - xinlib, - ... -}: let - firefox = import ../configs/firefox.nix {inherit pkgs;}; - rage = pkgs.writeScriptBin "rage" (import ../bins/rage.nix {inherit pkgs;}); +{ config +, lib +, pkgs +, xinlib +, ... +}: +let + firefox = import ../configs/firefox.nix { inherit pkgs; }; + rage = pkgs.writeScriptBin "rage" (import ../bins/rage.nix { inherit pkgs; }); rpr = pkgs.writeScriptBin "rpr" - (import ../bins/rpr.nix {inherit (pkgs) hut gh tea;}); + (import ../bins/rpr.nix { inherit (pkgs) hut gh tea; }); promnesia = - pkgs.python3Packages.callPackage ../pkgs/promnesia.nix {inherit pkgs;}; - hpi = pkgs.python3Packages.callPackage ../pkgs/hpi.nix {inherit pkgs;}; + pkgs.python3Packages.callPackage ../pkgs/promnesia.nix { inherit pkgs; }; + hpi = pkgs.python3Packages.callPackage ../pkgs/hpi.nix { inherit pkgs; }; promnesiaService = { promnesia = { description = "Service for promnesia.server"; - wantedBy = ["graphical-session.target"]; - partOf = ["graphical-session.target"]; - after = ["graphical-session.target"]; + wantedBy = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; script = '' ${promnesia}/bin/promnesia serve ''; @@ -29,82 +29,82 @@ name = "promnesia-index"; script = "${promnesia}/bin/promnesia index"; startAt = "*:0/5"; - path = [promnesia hpi]; + path = [ promnesia hpi ]; } ]; in - with lib; { - imports = [./gnome.nix ./kde.nix ./xfce.nix ./arcan.nix]; +with lib; { + imports = [ ./gnome.nix ./kde.nix ./xfce.nix ./arcan.nix ]; - options = { - pulse = { - enable = mkOption { - description = "Enable PulseAudio"; - default = false; - example = true; - type = types.bool; - }; - }; - pipewire = { - enable = mkOption { - description = "Enable PipeWire"; - default = true; - example = true; - type = types.bool; - }; + options = { + pulse = { + enable = mkOption { + description = "Enable PulseAudio"; + default = false; + example = true; + type = types.bool; }; }; + pipewire = { + enable = mkOption { + description = "Enable PipeWire"; + default = true; + example = true; + type = types.bool; + }; + }; + }; - config = mkMerge [ - (mkIf (config.kde.enable || config.gnome.enable || config.xfce.enable) { - services = { - xserver.enable = true; - pcscd.enable = true; - }; + config = mkMerge [ + (mkIf (config.kde.enable || config.gnome.enable || config.xfce.enable) { + services = { + xserver.enable = true; + pcscd.enable = true; + }; - documentation.enable = true; + documentation.enable = true; - # TODO: TEMP FIX - systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = - lib.mkForce ["" "${pkgs.networkmanager}/bin/nm-online -q"]; - fonts.fonts = with pkgs; [ - go-font - #(callPackage ../pkgs/kurinto.nix {}) - ]; - sound.enable = true; - environment.systemPackages = with pkgs; (xinlib.filterList [ - arcanPackages.all-wrapped - bc - black - drawterm - exiftool - go-font - govulncheck - hpi - pcsctools - promnesia - rage - rpr - vlc - zeal + # TODO: TEMP FIX + systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = + lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ]; + fonts.fonts = with pkgs; [ + go-font + #(callPackage ../pkgs/kurinto.nix {}) + ]; + sound.enable = true; + environment.systemPackages = with pkgs; (xinlib.filterList [ + arcanPackages.all-wrapped + bc + black + drawterm + exiftool + go-font + govulncheck + hpi + pcsctools + promnesia + rage + rpr + vlc + zeal - (callPackage ../configs/helix.nix {}) - ]); + (callPackage ../configs/helix.nix { }) + ]); - programs = {} // firefox.programs; + programs = { } // firefox.programs; - systemd.user.services = - (lib.listToAttrs (builtins.map xinlib.jobToUserService jobs)) - // promnesiaService; - security.rtkit.enable = true; - }) - (mkIf config.pipewire.enable { - services.pipewire = { - enable = true; - pulse.enable = true; - jack.enable = true; - alsa.enable = true; - }; - }) - ]; - } + systemd.user.services = + (lib.listToAttrs (builtins.map xinlib.jobToUserService jobs)) + // promnesiaService; + security.rtkit.enable = true; + }) + (mkIf config.pipewire.enable { + services.pipewire = { + enable = true; + pulse.enable = true; + jack.enable = true; + alsa.enable = true; + }; + }) + ]; +} diff --git a/gui/gnome.nix b/gui/gnome.nix index 189de57..f4959cd 100644 --- a/gui/gnome.nix +++ b/gui/gnome.nix @@ -1,10 +1,9 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; { - options = {gnome = {enable = mkEnableOption "Enable GNOME desktop.";};}; + options = { gnome = { enable = mkEnableOption "Enable GNOME desktop."; }; }; config = mkIf config.gnome.enable { services.xserver.displayManager.gdm.enable = true; diff --git a/gui/kde.nix b/gui/kde.nix index 562065a..1c06bed 100644 --- a/gui/kde.nix +++ b/gui/kde.nix @@ -1,12 +1,13 @@ -{ - config, - lib, - pkgs, - ... -}: let +{ config +, lib +, pkgs +, ... +}: +let inherit (pkgs.libsForQt5) callPackage; -in { - options = {kde = {enable = lib.mkEnableOption "Enable KDE desktop.";};}; +in +{ + options = { kde = { enable = lib.mkEnableOption "Enable KDE desktop."; }; }; config = lib.mkIf config.kde.enable { services.xserver.displayManager.sddm.enable = true; @@ -21,7 +22,7 @@ in { }; environment.systemPackages = with pkgs; [ - (callPackage ../pkgs/tile-gaps.nix {}) + (callPackage ../pkgs/tile-gaps.nix { }) libsForQt5.bismuth plasma5Packages.kdeconnect-kde waynergy diff --git a/gui/xfce.nix b/gui/xfce.nix index 237d049..337c50a 100644 --- a/gui/xfce.nix +++ b/gui/xfce.nix @@ -1,11 +1,10 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: with lib; { - options = {xfce = {enable = mkEnableOption "Enable XFCE desktop.";};}; + options = { xfce = { enable = mkEnableOption "Enable XFCE desktop."; }; }; config = mkIf config.xfce.enable { security.pam.services = { @@ -23,6 +22,6 @@ with lib; { ]; services.xserver.displayManager.sddm.enable = true; - services.xserver.desktopManager.xfce = {enable = true;}; + services.xserver.desktopManager.xfce = { enable = true; }; }; } diff --git a/hosts/box/default.nix b/hosts/box/default.nix index 219671f..653f418 100644 --- a/hosts/box/default.nix +++ b/hosts/box/default.nix @@ -1,11 +1,11 @@ -{ - inputs, - config, - lib, - pkgs, - isUnstable, - ... -}: let +{ inputs +, config +, lib +, pkgs +, isUnstable +, ... +}: +let #photoPrismTag = "220901-bullseye"; httpCacheTime = "720m"; httpAllow = '' @@ -38,13 +38,14 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" ]; - userBase = {openssh.authorizedKeys.keys = pubKeys;}; + userBase = { openssh.authorizedKeys.keys = pubKeys; }; mkNginxSecret = { sopsFile = config.xin-secrets.box.certs; owner = config.users.users.nginx.name; mode = "400"; }; -in { +in +{ _module.args.isUnstable = false; imports = [ ./hardware-configuration.nix @@ -65,41 +66,45 @@ in { owner = config.users.users.gitea.name; sopsFile = config.xin-secrets.box.services; }; - "bitwarden_rs.env" = {sopsFile = config.xin-secrets.box.services;}; - "wireguard_private_key" = {sopsFile = config.xin-secrets.box.services;}; + "bitwarden_rs.env" = { sopsFile = config.xin-secrets.box.services; }; + "wireguard_private_key" = { sopsFile = config.xin-secrets.box.services; }; + + books_cert = mkNginxSecret; + books_key = mkNginxSecret; + jelly_cert = mkNginxSecret; + jelly_key = mkNginxSecret; + lidarr_cert = mkNginxSecret; + lidarr_key = mkNginxSecret; + nzb_cert = mkNginxSecret; + nzb_key = mkNginxSecret; + prowlarr_cert = mkNginxSecret; + prowlarr_key = mkNginxSecret; + radarr_cert = mkNginxSecret; + radarr_key = mkNginxSecret; + reddit_cert = mkNginxSecret; + reddit_key = mkNginxSecret; + sonarr_cert = mkNginxSecret; + sonarr_key = mkNginxSecret; + graph_cert = mkNginxSecret; + graph_key = mkNginxSecret; + bw_cert = mkNginxSecret; + bw_key = mkNginxSecret; + invidious_cert = mkNginxSecret; + invidious_key = mkNginxSecret; + readarr_cert = mkNginxSecret; + readarr_key = mkNginxSecret; + home_cert = mkNginxSecret; + home_key = mkNginxSecret; }; - sops.secrets.books_cert = mkNginxSecret; - sops.secrets.books_key = mkNginxSecret; - sops.secrets.jelly_cert = mkNginxSecret; - sops.secrets.jelly_key = mkNginxSecret; - sops.secrets.lidarr_cert = mkNginxSecret; - sops.secrets.lidarr_key = mkNginxSecret; - sops.secrets.nzb_cert = mkNginxSecret; - sops.secrets.nzb_key = mkNginxSecret; - sops.secrets.prowlarr_cert = mkNginxSecret; - sops.secrets.prowlarr_key = mkNginxSecret; - sops.secrets.radarr_cert = mkNginxSecret; - sops.secrets.radarr_key = mkNginxSecret; - sops.secrets.reddit_cert = mkNginxSecret; - sops.secrets.reddit_key = mkNginxSecret; - sops.secrets.sonarr_cert = mkNginxSecret; - sops.secrets.sonarr_key = mkNginxSecret; - sops.secrets.graph_cert = mkNginxSecret; - sops.secrets.graph_key = mkNginxSecret; - sops.secrets.bw_cert = mkNginxSecret; - sops.secrets.bw_key = mkNginxSecret; - sops.secrets.invidious_cert = mkNginxSecret; - sops.secrets.invidious_key = mkNginxSecret; - sops.secrets.readarr_cert = mkNginxSecret; - sops.secrets.readarr_key = mkNginxSecret; - sops.secrets.home_cert = mkNginxSecret; - sops.secrets.home_key = mkNginxSecret; - - boot.supportedFilesystems = ["zfs"]; - boot.loader.grub.copyKernels = true; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + boot = { + supportedFilesystems = [ "zfs" ]; + loader = { + grub.copyKernels = true; + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }; doas.enable = true; @@ -111,14 +116,14 @@ in { enableIPv6 = false; hosts = { - "127.0.0.1" = ["git.tapenet.org"]; - "10.6.0.15" = ["jelly.bold.daemon"]; - "100.122.61.43" = ["nix-binary-cache.humpback-trout.ts.net"]; + "127.0.0.1" = [ "git.tapenet.org" ]; + "10.6.0.15" = [ "jelly.bold.daemon" ]; + "100.122.61.43" = [ "nix-binary-cache.humpback-trout.ts.net" ]; }; - interfaces.enp7s0 = {useDHCP = true;}; + interfaces.enp7s0 = { useDHCP = true; }; firewall = { - interfaces = {"tailscale0" = {allowedTCPPorts = [3030];};}; + interfaces = { "tailscale0" = { allowedTCPPorts = [ 3030 ]; }; }; interfaces = { "wg0" = { allowedTCPPorts = [ @@ -154,12 +159,12 @@ in { interfaces = { wg0 = { listenPort = 7122; - ips = ["192.168.112.4/32"]; + ips = [ "192.168.112.4/32" ]; peers = [ { publicKey = "IMJ1gVK6KzRghon5Wg1dxv1JCB8IbdSqeFjwQAxJM10="; endpoint = "23.29.118.127:7122"; - allowedIPs = ["192.168.112.3/32"]; + allowedIPs = [ "192.168.112.3/32" ]; persistentKeepalive = 25; } ]; @@ -192,7 +197,7 @@ in { glowing-bear rtl_433 - (callPackage ../../pkgs/athens.nix {inherit isUnstable;}) + (callPackage ../../pkgs/athens.nix { inherit isUnstable; }) ]; security.acme = { @@ -200,35 +205,34 @@ in { defaults.email = "aaron@bolddaemon.com"; }; - users.groups.media = { - name = "media"; - members = ["qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones" "rtorrent" "readarr"]; - }; + users = { + groups = { + media = { + name = "media"; + members = [ "qbit" "sonarr" "radarr" "lidarr" "nzbget" "jellyfin" "headphones" "rtorrent" "readarr" ]; + }; - users.groups.photos = { - name = "photos"; - members = ["qbit"]; - }; + photos = { + name = "photos"; + members = [ "qbit" ]; + }; - users.groups.photoprism = { - name = "photoprism"; - gid = 986; - }; - users.users.photoprism = { - uid = 991; - name = "photoprism"; - isSystemUser = true; - hashedPassword = null; - group = "photoprism"; - shell = "/bin/sh"; - openssh.authorizedKeys.keys = pubKeys; - }; - - systemd.services.photoprism = { - serviceConfig = { - WorkingDirectory = lib.mkForce "/media/pictures/photoprism"; + photoprism = { + name = "photoprism"; + gid = 986; + }; + }; + users = { + photoprism = { + uid = 991; + name = "photoprism"; + isSystemUser = true; + hashedPassword = null; + group = "photoprism"; + shell = "/bin/sh"; + openssh.authorizedKeys.keys = pubKeys; + }; }; - preStart = lib.mkForce ""; }; hardware.rtl-sdr.enable = true; @@ -238,7 +242,7 @@ in { enable = true; listeners = [ { - acl = ["pattern readwrite #"]; + acl = [ "pattern readwrite #" ]; omitPasswordAuth = true; settings.allow_anonymous = true; } @@ -311,7 +315,7 @@ in { ]; device_tracker = [ ]; - default_config = {}; + default_config = { }; http = { use_x_forwarded_for = true; server_host = "127.0.0.1"; @@ -382,23 +386,25 @@ in { }; cron = { enable = true; - systemCronJobs = let - tsCertsScript = pkgs.writeScriptBin "ts-certs.sh" '' - #!/usr/bin/env sh - . /etc/profile; - ( - mkdir -p /etc/nixos/secrets; - chown root /etc/nixos/secrets/box.humpback-trout.ts.net.*; - tailscale cert \ - --cert-file /etc/nixos/secrets/box.humpback-trout.ts.net.crt \ - --key-file=/etc/nixos/secrets/box.humpback-trout.ts.net.key \ - box.humpback-trout.ts.net; - chown nginx /etc/nixos/secrets/box.humpback-trout.ts.net.* - ) >/dev/null 2>&1 - ''; - in ["@daily root ${tsCertsScript}/bin/ts-certs.sh"]; + systemCronJobs = + let + tsCertsScript = pkgs.writeScriptBin "ts-certs.sh" '' + #!/usr/bin/env sh + . /etc/profile; + ( + mkdir -p /etc/nixos/secrets; + chown root /etc/nixos/secrets/box.humpback-trout.ts.net.*; + tailscale cert \ + --cert-file /etc/nixos/secrets/box.humpback-trout.ts.net.crt \ + --key-file=/etc/nixos/secrets/box.humpback-trout.ts.net.key \ + box.humpback-trout.ts.net; + chown nginx /etc/nixos/secrets/box.humpback-trout.ts.net.* + ) >/dev/null 2>&1 + ''; + in + [ "@daily root ${tsCertsScript}/bin/ts-certs.sh" ]; }; - openssh = {settings.X11Forwarding = true;}; + openssh = { settings.X11Forwarding = true; }; tor.enable = true; @@ -424,7 +430,7 @@ in { nzbget = { enable = true; group = "media"; - settings = {MainDir = "/media/downloads";}; + settings = { MainDir = "/media/downloads"; }; }; fwupd.enable = true; @@ -449,7 +455,7 @@ in { calibre-web = { enable = true; group = "media"; - options = {enableBookUploading = true;}; + options = { enableBookUploading = true; }; listen.port = 8909; listen.ip = "127.0.0.1"; }; @@ -501,7 +507,7 @@ in { lifecycler = { address = "127.0.0.1"; ring = { - kvstore = {store = "inmemory";}; + kvstore = { store = "inmemory"; }; replication_factor = 1; }; }; @@ -535,7 +541,7 @@ in { shared_store = "filesystem"; }; - filesystem = {directory = "/var/lib/loki/chunks";}; + filesystem = { directory = "/var/lib/loki/chunks"; }; }; limits_config = { @@ -543,7 +549,7 @@ in { reject_old_samples_max_age = "168h"; }; - chunk_store_config = {max_look_back_period = "0s";}; + chunk_store_config = { max_look_back_period = "0s"; }; table_manager = { retention_deletes_enabled = false; @@ -553,7 +559,7 @@ in { compactor = { working_directory = "/var/lib/loki"; shared_store = "filesystem"; - compactor_ring = {kvstore = {store = "inmemory";};}; + compactor_ring = { kvstore = { store = "inmemory"; }; }; }; }; }; @@ -565,7 +571,7 @@ in { http_listen_port = 3031; grpc_listen_port = 0; }; - positions = {filename = "/tmp/positions.yaml";}; + positions = { filename = "/tmp/positions.yaml"; }; clients = [ { url = "http://127.0.0.1:${ @@ -586,7 +592,7 @@ in { }; relabel_configs = [ { - source_labels = ["__journal__systemd_unit"]; + source_labels = [ "__journal__systemd_unit" ]; target_label = "unit"; } ]; @@ -602,11 +608,11 @@ in { exporters = { node = { enable = true; - enabledCollectors = ["systemd"]; + enabledCollectors = [ "systemd" ]; port = 9002; }; - nginx = {enable = true;}; + nginx = { enable = true; }; rtl_433 = { enable = true; @@ -648,27 +654,27 @@ in { } { job_name = "greenhouse"; - static_configs = [{targets = ["10.6.0.20:80"];}]; + static_configs = [{ targets = [ "10.6.0.20:80" ]; }]; } { job_name = "house"; - static_configs = [{targets = ["10.6.0.21:80"];}]; + static_configs = [{ targets = [ "10.6.0.21:80" ]; }]; } { job_name = "outside"; - static_configs = [{targets = ["10.6.0.22:8811"];}]; + static_configs = [{ targets = [ "10.6.0.22:8811" ]; }]; } { job_name = "faf"; - static_configs = [{targets = ["10.6.0.245:9002"];}]; + static_configs = [{ targets = [ "10.6.0.245:9002" ]; }]; } { job_name = "h"; - static_configs = [{targets = ["100.64.247.69:9002"];}]; + static_configs = [{ targets = [ "100.64.247.69:9002" ]; }]; } { job_name = "namish"; - static_configs = [{targets = ["10.200.0.100:9100"];}]; + static_configs = [{ targets = [ "10.200.0.100:9100" ]; }]; } { job_name = "nginx"; @@ -746,7 +752,7 @@ in { backup root@suah.dev:/var/www/ suah.dev/ backup_exec date "+ backup of suah.dev ended at %c" ''; - cronIntervals = {daily = "50 21 * * *";}; + cronIntervals = { daily = "50 21 * * *"; }; }; libreddit = { @@ -1031,7 +1037,7 @@ in { # host all all ::1/128 trust #''; - ensureDatabases = ["nextcloud" "gitea" "invidious"]; + ensureDatabases = [ "nextcloud" "gitea" "invidious" ]; ensureUsers = [ { name = "nextcloud"; @@ -1049,24 +1055,36 @@ in { }; }; - systemd.services.nginx.serviceConfig = { - ReadWritePaths = ["/backups/nginx_cache"]; - ReadOnlyPaths = ["/etc/nixos/secrets"]; + systemd = { + services = { + photoprism = { + serviceConfig = { + WorkingDirectory = lib.mkForce "/media/pictures/photoprism"; + }; + preStart = lib.mkForce ""; + }; + + nginx.serviceConfig = { + ReadWritePaths = [ "/backups/nginx_cache" ]; + ReadOnlyPaths = [ "/etc/nixos/secrets" ]; + }; + + gitea.environment = { + GIT_CONFIG_NOGLOBAL = "true"; + GIT_CONFIG_NOSYSTEM = "true"; + }; + #"nextcloud-setup" = { + # requires = [ "postgresql.service" ]; + # after = [ "postgresql.service" ]; + #}; + }; }; - systemd.services.gitea.environment = { - GIT_CONFIG_NOGLOBAL = "true"; - GIT_CONFIG_NOSYSTEM = "true"; + users.users = { + qbit = userBase; + root = userBase; }; - #systemd.services."nextcloud-setup" = { - # requires = [ "postgresql.service" ]; - # after = [ "postgresql.service" ]; - #}; - - users.users.qbit = userBase; - users.users.root = userBase; - programs.zsh.enable = true; system.stateVersion = "20.03"; diff --git a/hosts/box/hardware-configuration.nix b/hosts/box/hardware-configuration.nix index 6cf947c..40a784a 100644 --- a/hosts/box/hardware-configuration.nix +++ b/hosts/box/hardware-configuration.nix @@ -1,70 +1,76 @@ -{...}: { - boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel" "wireguard"]; - boot.extraModulePackages = []; +{ ... }: { + boot = { + initrd = { + availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" "wireguard" ]; + extraModulePackages = [ ]; + }; hardware.enableRedistributableFirmware = true; - fileSystems."/" = { - device = "/dev/disk/by-uuid/248dfcf7-999b-4dba-bfbf-0b10dbb376b1"; - fsType = "ext4"; + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/248dfcf7-999b-4dba-bfbf-0b10dbb376b1"; + fsType = "ext4"; + }; + + "/home" = { + device = "rpool/home"; + fsType = "zfs"; + }; + + "/backups" = { + device = "rpool/backups"; + fsType = "zfs"; + }; + + "/media/music" = { + device = "rpool/media/music"; + fsType = "zfs"; + }; + + "/media/movies" = { + device = "rpool/media/movies"; + fsType = "zfs"; + }; + + "/media/pictures" = { + device = "rpool/pictures"; + fsType = "zfs"; + }; + + "/media/tv" = { + device = "rpool/media/tv"; + fsType = "zfs"; + }; + + "/media/nextcloud" = { + device = "rpool/nextcloud"; + fsType = "zfs"; + }; + + "/media/git" = { + device = "rpool/git"; + fsType = "zfs"; + }; + + "/media/downloads" = { + device = "rpool/downloads"; + fsType = "zfs"; + }; + + "/db/postgres" = { + device = "rpool/db/postgres"; + fsType = "zfs"; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/2AC3-DB6C"; + fsType = "vfat"; + }; }; - fileSystems."/home" = { - device = "rpool/home"; - fsType = "zfs"; - }; - - fileSystems."/backups" = { - device = "rpool/backups"; - fsType = "zfs"; - }; - - fileSystems."/media/music" = { - device = "rpool/media/music"; - fsType = "zfs"; - }; - - fileSystems."/media/movies" = { - device = "rpool/media/movies"; - fsType = "zfs"; - }; - - fileSystems."/media/pictures" = { - device = "rpool/pictures"; - fsType = "zfs"; - }; - - fileSystems."/media/tv" = { - device = "rpool/media/tv"; - fsType = "zfs"; - }; - - fileSystems."/media/nextcloud" = { - device = "rpool/nextcloud"; - fsType = "zfs"; - }; - - fileSystems."/media/git" = { - device = "rpool/git"; - fsType = "zfs"; - }; - - fileSystems."/media/downloads" = { - device = "rpool/downloads"; - fsType = "zfs"; - }; - - fileSystems."/db/postgres" = { - device = "rpool/db/postgres"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/2AC3-DB6C"; - fsType = "vfat"; - }; - - swapDevices = [{device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30";}]; + swapDevices = [{ device = "/dev/disk/by-uuid/97d6ef56-ea18-493b-aac0-e58e773ced30"; }]; } diff --git a/hosts/europa/default.nix b/hosts/europa/default.nix index ee8eb14..a95a6f6 100644 --- a/hosts/europa/default.nix +++ b/hosts/europa/default.nix @@ -1,11 +1,11 @@ -{ - inputs, - config, - pkgs, - lib, - xinlib, - ... -}: let +{ inputs +, config +, pkgs +, lib +, xinlib +, ... +}: +let inherit (inputs.stable.legacyPackages.${pkgs.system}) chirp; restic = pkgs.writeScriptBin "restic" (import ../../bins/restic.nix { inherit pkgs; @@ -25,25 +25,26 @@ name = "brain"; script = "cd ~/Brain && git sync"; startAt = "*:0/2"; - path = [pkgs.git pkgs.git-sync]; + path = [ pkgs.git pkgs.git-sync ]; } { name = "org"; script = "(cd ~/org && git sync)"; startAt = "*:0/5"; - path = [pkgs.git pkgs.git-sync]; + path = [ pkgs.git pkgs.git-sync ]; } { name = "taskobs"; script = "taskobs"; startAt = "*:0/30"; - path = [pkgs.taskobs] ++ pkgs.taskobs.buildInputs; + path = [ pkgs.taskobs ] ++ pkgs.taskobs.buildInputs; } ]; -in { +in +{ _module.args.isUnstable = true; - imports = [./hardware-configuration.nix ../../pkgs ../../configs/neomutt.nix]; + imports = [ ./hardware-configuration.nix ../../pkgs ../../configs/neomutt.nix ]; sops.secrets = { fastmail = { @@ -94,7 +95,7 @@ in { }; boot = { - binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"]; + binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; initrd.systemd.enable = true; loader = { systemd-boot.enable = true; @@ -103,7 +104,7 @@ in { efiSysMountPoint = "/boot/efi"; }; }; - kernelParams = ["boot.shell_on_fail" "mem_sleep_default=deep"]; + kernelParams = [ "boot.shell_on_fail" "mem_sleep_default=deep" ]; kernelPackages = pkgs.linuxPackages_latest; }; @@ -122,21 +123,21 @@ in { hostName = "europa"; hostId = "87703c3e"; hosts = { - "192.168.122.6" = ["chubs"]; + "192.168.122.6" = [ "chubs" ]; }; wireless.userControlled.enable = true; networkmanager.enable = true; firewall = { enable = true; - allowedTCPPorts = [22]; + allowedTCPPorts = [ 22 ]; }; }; tsPeerix = { enable = false; privateKeyFile = "${config.sops.secrets.peerix_private_key.path}"; - interfaces = ["wlp170s0" "ztksevmpn3"]; + interfaces = [ "wlp170s0" "ztksevmpn3" ]; }; programs = { @@ -144,7 +145,7 @@ in { _1password.enable = true; _1password-gui = { enable = true; - polkitPolicyOwners = ["qbit"]; + polkitPolicyOwners = [ "qbit" ]; }; dconf.enable = true; zsh = { @@ -162,7 +163,7 @@ in { }; }; - services.xinCA = {enable = false;}; + services.xinCA = { enable = false; }; services = { avahi = { @@ -178,9 +179,9 @@ in { environmentFile = "${config.sops.secrets.restic_env_file.path}"; passwordFile = "${config.sops.secrets.restic_password_file.path}"; - paths = ["/home/qbit" "/var/lib/libvirt"]; + paths = [ "/home/qbit" "/var/lib/libvirt" ]; - pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-yearly 5"]; + pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 5" ]; }; }; }; @@ -231,17 +232,19 @@ in { '' ]; - systemd.user.services = - lib.listToAttrs (builtins.map xinlib.jobToUserService jobs); - systemd.services."whytailscalewhy" = { - description = "Tailscale restart on resume"; - wantedBy = ["post-resume.target"]; - after = ["post-resume.target"]; - script = '' - . /etc/profile; - ${pkgs.systemd}/bin/systemctl restart tailscaled.service - ''; - serviceConfig.Type = "oneshot"; + systemd = { + user.services = + lib.listToAttrs (builtins.map xinlib.jobToUserService jobs); + services."whytailscalewhy" = { + description = "Tailscale restart on resume"; + wantedBy = [ "post-resume.target" ]; + after = [ "post-resume.target" ]; + script = '' + . /etc/profile; + ${pkgs.systemd}/bin/systemctl restart tailscaled.service + ''; + serviceConfig.Type = "oneshot"; + }; }; virtualisation.docker.enable = false; @@ -259,7 +262,7 @@ in { XDG_DATA_HOME = "\${HOME}/.local/share"; STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d"; - PATH = ["\${XDG_BIN_HOME}"]; + PATH = [ "\${XDG_BIN_HOME}" ]; MUHOME = "\${HOME}/.config/mu"; }; @@ -320,8 +323,8 @@ in { #yubioath-flutter zig - (callPackage ../../pkgs/clilol.nix {}) - (callPackage ../../pkgs/iamb.nix {}) + (callPackage ../../pkgs/clilol.nix { }) + (callPackage ../../pkgs/iamb.nix { }) (callPackage ../../pkgs/kobuddy.nix { inherit pkgs; inherit @@ -335,9 +338,9 @@ in { alembic ; }) - (callPackage ../../pkgs/gokrazy.nix {}) - (callPackage ../../pkgs/mvoice.nix {}) - (callPackage ../../pkgs/zutty.nix {}) + (callPackage ../../pkgs/gokrazy.nix { }) + (callPackage ../../pkgs/mvoice.nix { }) + (callPackage ../../pkgs/zutty.nix { }) restic ]; @@ -358,7 +361,9 @@ in { } ]; - system.autoUpgrade.allowReboot = false; - system.autoUpgrade.enable = false; - system.stateVersion = "21.11"; + system = { + autoUpgrade.allowReboot = false; + autoUpgrade.enable = false; + stateVersion = "21.11"; + }; } diff --git a/hosts/europa/hardware-configuration.nix b/hosts/europa/hardware-configuration.nix index b388dce..a7fc386 100644 --- a/hosts/europa/hardware-configuration.nix +++ b/hosts/europa/hardware-configuration.nix @@ -1,15 +1,18 @@ -{ - config, - lib, - modulesPath, - ... +{ config +, lib +, modulesPath +, ... }: { - imports = [(modulesPath + "/installer/scan/not-detected.nix")]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; fileSystems = { "/" = { @@ -25,14 +28,14 @@ }; boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".device = "/dev/disk/by-uuid/1f16b568-7726-44b6-b082-6b9d5e4d1972"; - boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".crypttabExtraOpts = ["fido2-device=auto"]; + boot.initrd.luks.devices."luks-1f16b568-7726-44b6-b082-6b9d5e4d1972".crypttabExtraOpts = [ "fido2-device=auto" ]; fileSystems."/boot/efi" = { device = "/dev/disk/by-uuid/F0A2-4A56"; fsType = "vfat"; }; - swapDevices = [{device = "/dev/disk/by-label/swap";}]; + swapDevices = [{ device = "/dev/disk/by-label/swap"; }]; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware = { diff --git a/hosts/faf/default.nix b/hosts/faf/default.nix index b3a0933..8049064 100644 --- a/hosts/faf/default.nix +++ b/hosts/faf/default.nix @@ -1,19 +1,25 @@ -{config, ...}: let +{ config, ... }: +let pubKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box" ]; userBase = { openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys; }; -in { +in +{ _module.args.isUnstable = false; - imports = [./hardware-configuration.nix]; + imports = [ ./hardware-configuration.nix ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; - boot.supportedFilesystems = ["zfs"]; - boot.zfs.devNodes = "/dev/"; + supportedFilesystems = [ "zfs" ]; + zfs.devNodes = "/dev/"; + }; networking = { hostName = "faf"; @@ -23,13 +29,17 @@ in { interfaces.enp1s0.useDHCP = true; interfaces.enp2s0.useDHCP = true; - firewall.allowedTCPPorts = [22 53 config.services.prometheus.exporters.node.port]; - firewall.allowedUDPPorts = [53]; - hosts = {"100.122.61.43" = ["nix-binary-cache.humpback-trout.ts.net"];}; + firewall = { + allowedTCPPorts = [ 22 53 config.services.prometheus.exporters.node.port ]; + allowedUDPPorts = [ 53 ]; + }; + hosts = { "100.122.61.43" = [ "nix-binary-cache.humpback-trout.ts.net" ]; }; }; - users.users.root = userBase; - users.users.qbit = userBase; + users.users = { + root = userBase; + qbit = userBase; + }; services = { prometheus = { @@ -39,7 +49,7 @@ in { exporters = { node = { enable = true; - enabledCollectors = ["systemd"]; + enabledCollectors = [ "systemd" ]; port = 9002; }; }; @@ -101,8 +111,8 @@ in { enable = true; settings = { server = { - interface = ["100.64.130.122"]; - access-control = ["100.64.0.0/10 allow"]; + interface = [ "100.64.130.122" ]; + access-control = [ "100.64.0.0/10 allow" ]; }; local-zone = ''"bold.daemon." static''; local-data = [ diff --git a/hosts/faf/hardware-configuration.nix b/hosts/faf/hardware-configuration.nix index 83957d4..c462116 100644 --- a/hosts/faf/hardware-configuration.nix +++ b/hosts/faf/hardware-configuration.nix @@ -1,74 +1,77 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... +{ config +, lib +, modulesPath +, ... }: { - imports = [(modulesPath + "/installer/scan/not-detected.nix")]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ - "uhci_hcd" - "ehci_pci" - "ahci" - "xhci_pci" - "sata_sil24" - "usb_storage" - "usbhid" - "sd_mod" - ]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "tank/nixos"; - fsType = "zfs"; + boot = { + initrd.availableKernelModules = [ + "uhci_hcd" + "ehci_pci" + "ahci" + "xhci_pci" + "sata_sil24" + "usb_storage" + "usbhid" + "sd_mod" + ]; + initrd.kernelModules = [ ]; + kernelModules = [ ]; + extraModulePackages = [ ]; }; - fileSystems."/nix" = { - device = "tank/nixos/nix"; - fsType = "zfs"; + fileSystems = { + "/" = { + device = "tank/nixos"; + fsType = "zfs"; + }; + + "/nix" = { + device = "tank/nixos/nix"; + fsType = "zfs"; + }; + + "/etc" = { + device = "tank/nixos/etc"; + fsType = "zfs"; + }; + + "/var" = { + device = "tank/nixos/var"; + fsType = "zfs"; + }; + + "/var/lib" = { + device = "tank/nixos/var/lib"; + fsType = "zfs"; + }; + + "/var/log" = { + device = "tank/nixos/var/log"; + fsType = "zfs"; + }; + + "/var/spool" = { + device = "tank/nixos/var/spool"; + fsType = "zfs"; + }; + + "/home" = { + device = "tank/userdata/home"; + fsType = "zfs"; + }; + + "/boot" = { + device = "/dev/disk/by-uuid/5851-DEF2"; + fsType = "vfat"; + }; }; - fileSystems."/etc" = { - device = "tank/nixos/etc"; - fsType = "zfs"; - }; - - fileSystems."/var" = { - device = "tank/nixos/var"; - fsType = "zfs"; - }; - - fileSystems."/var/lib" = { - device = "tank/nixos/var/lib"; - fsType = "zfs"; - }; - - fileSystems."/var/log" = { - device = "tank/nixos/var/log"; - fsType = "zfs"; - }; - - fileSystems."/var/spool" = { - device = "tank/nixos/var/spool"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "tank/userdata/home"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/5851-DEF2"; - fsType = "vfat"; - }; - - swapDevices = []; + swapDevices = [ ]; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/h/default.nix b/hosts/h/default.nix index 885d37c..c69c5eb 100644 --- a/hosts/h/default.nix +++ b/hosts/h/default.nix @@ -1,9 +1,8 @@ -{ - config, - pkgs, - isUnstable, - inputs, - ... +{ config +, pkgs +, isUnstable +, inputs +, ... }: with pkgs; let restic = pkgs.writeScriptBin "restic" (import ../../bins/restic.nix { @@ -11,24 +10,24 @@ with pkgs; let inherit lib; inherit config; }); - gqrss = callPackage ../../pkgs/gqrss.nix {inherit isUnstable;}; - icbirc = callPackage ../../pkgs/icbirc.nix {inherit isUnstable;}; - mcchunkie = callPackage ../../pkgs/mcchunkie.nix {inherit isUnstable;}; - slidingSyncPkg = callPackage ../../pkgs/sliding-sync.nix {}; + gqrss = callPackage ../../pkgs/gqrss.nix { inherit isUnstable; }; + icbirc = callPackage ../../pkgs/icbirc.nix { inherit isUnstable; }; + mcchunkie = callPackage ../../pkgs/mcchunkie.nix { inherit isUnstable; }; + slidingSyncPkg = callPackage ../../pkgs/sliding-sync.nix { }; weepushover = - python3Packages.callPackage ../../pkgs/weepushover.nix {inherit pkgs;}; + python3Packages.callPackage ../../pkgs/weepushover.nix { inherit pkgs; }; pgBackupDir = "/var/backups/postgresql"; pubKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" ]; - userBase = {openssh.authorizedKeys.keys = pubKeys;}; + userBase = { openssh.authorizedKeys.keys = pubKeys; }; icbIrcTunnel = pkgs.writeScriptBin "icb-irc-tunnel" - (import ../../bins/icb-irc-tunnel.nix { - inherit pkgs; - inherit icbirc; - }); + (import ../../bins/icb-irc-tunnel.nix { + inherit pkgs; + inherit icbirc; + }); goModuleHost = "https://codeberg.org/qbit"; # "https://git.sr.ht/~qbit"; httpAllow = '' allow 10.6.0.0/24; @@ -44,9 +43,9 @@ with pkgs; let matrixServer = "tapenet.org"; matrixClientConfig = { "m.homeserver".base_url = "https://${matrixServer}:443"; - "org.matrix.msc3575.proxy" = {url = "https://${matrixServer}";}; + "org.matrix.msc3575.proxy" = { url = "https://${matrixServer}"; }; }; - matrixServerConfig = {"m.server" = "${matrixServer}:443";}; + matrixServerConfig = { "m.server" = "${matrixServer}:443"; }; mkMatrixWellKnown = p: '' return 200 '${builtins.toJSON p}'; ''; @@ -61,25 +60,30 @@ with pkgs; let proxyWebsockets = true; proxyPass = "http://${mtxCfg.address}:${toString mtxCfg.port}"; }; -in { +in +{ _module.args.isUnstable = false; imports = [ ./hardware-configuration.nix ]; - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.configurationLimit = 15; + boot = { + loader.grub = { + enable = true; + device = "/dev/sda"; + configurationLimit = 15; + }; - boot.kernelParams = ["net.ifnames=0"]; + kernelParams = [ "net.ifnames=0" ]; + }; tailscale.sshOnly = true; nixpkgs.overlays = [ (_: super: { weechat = super.weechat.override { - configure = {...}: { - scripts = with super.weechatScripts; [highmon weepushover]; + configure = { ... }: { + scripts = with super.weechatScripts; [ highmon weepushover ]; }; }; }) @@ -129,7 +133,7 @@ in { sopsFile = config.xin-secrets.h.services; owner = config.users.users.gostart.name; }; - wireguard_private_key = {sopsFile = config.xin-secrets.h.services;}; + wireguard_private_key = { sopsFile = config.xin-secrets.h.services; }; pots_env_file = { owner = config.users.users.pots.name; mode = "400"; @@ -158,7 +162,7 @@ in { useDHCP = false; defaultGateway = "23.29.118.1"; defaultGateway6 = "2602:ff16:3::1"; - nameservers = ["9.9.9.9"]; + nameservers = [ "9.9.9.9" ]; interfaces.eth0 = { ipv4.addresses = [ @@ -182,11 +186,11 @@ in { interfaces = { wg0 = { listenPort = 7122; - ips = ["192.168.112.3/32"]; + ips = [ "192.168.112.3/32" ]; peers = [ { publicKey = "gZ16FwqUgzKgEpJgVC9BngJ+Dd0e5LPsDhDuJby0VzY="; - allowedIPs = ["192.168.112.4/32"]; + allowedIPs = [ "192.168.112.4/32" ]; persistentKeepalive = 25; } ]; @@ -196,9 +200,9 @@ in { }; firewall = { - interfaces = {"tailscale0" = {allowedTCPPorts = [9002];};}; - allowedTCPPorts = [22 80 443 2222 53589]; - allowedUDPPorts = [7122]; + interfaces = { "tailscale0" = { allowedTCPPorts = [ 9002 ]; }; }; + allowedTCPPorts = [ 22 80 443 2222 53589 ]; + allowedUDPPorts = [ 7122 ]; allowedUDPPortRanges = [ { from = 60000; @@ -231,33 +235,39 @@ in { defaults.email = "aaron@bolddaemon.com"; }; - users.groups.mcchunkie = {}; - - users.users.mcchunkie = { - createHome = true; - isSystemUser = true; - home = "/var/lib/mcchunkie"; - group = "mcchunkie"; - }; - - systemd.services.icb-tunnel = { - wantedBy = ["network.target"]; - after = ["network.target" "multi-user.target"]; - serviceConfig = { - User = "qbit"; - WorkingDirectory = "/home/qbit"; - ExecStart = "${icbIrcTunnel}/bin/icb-irc-tunnel"; + users = { + users = { + qbit = userBase; + mcchunkie = { + createHome = true; + isSystemUser = true; + home = "/var/lib/mcchunkie"; + group = "mcchunkie"; + }; }; + groups.mcchunkie = { }; }; - systemd.services.mcchunkie = { - wantedBy = ["multi-user.target"]; - serviceConfig = { - User = "mcchunkie"; - Group = "mcchunkie"; - Restart = "always"; - WorkingDirectory = "/var/lib/mcchunkie"; - ExecStart = "${mcchunkie}/bin/mcchunkie"; + systemd.services = { + icb-tunnel = { + wantedBy = [ "network.target" ]; + after = [ "network.target" "multi-user.target" ]; + serviceConfig = { + User = "qbit"; + WorkingDirectory = "/home/qbit"; + ExecStart = "${icbIrcTunnel}/bin/icb-irc-tunnel"; + }; + }; + + mcchunkie = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + User = "mcchunkie"; + Group = "mcchunkie"; + Restart = "always"; + WorkingDirectory = "/var/lib/mcchunkie"; + ExecStart = "${mcchunkie}/bin/mcchunkie"; + }; }; }; @@ -277,8 +287,8 @@ in { exclusive = true; } ]; - aliases = []; - rooms = []; + aliases = [ ]; + rooms = [ ]; }; }; tsrevprox = { @@ -296,7 +306,7 @@ in { enable = true; envFile = "${config.sops.secrets.pots_env_file.path}"; }; - pr-status = {enable = true;}; + pr-status = { enable = true; }; gostart = { enable = true; keyPath = "${config.sops.secrets.gostart.path}"; @@ -335,7 +345,7 @@ in { protocol = "https"; storage-backend = "local"; storage-local-base-path = "/var/lib/gotosocial"; - trusted-proxies = ["127.0.0.1/32" "23.29.118.0/24"]; + trusted-proxies = [ "127.0.0.1/32" "23.29.118.0/24" ]; web-template-base-dir = "${config.services.gotosocial.package}/assets/web/template/"; web-asset-base-dir = "${config.services.gotosocial.package}/assets/web/assets/"; }; @@ -347,8 +357,8 @@ in { http_listen_port = 3031; grpc_listen_port = 0; }; - positions = {filename = "/tmp/positions.yaml";}; - clients = [{url = "http://box.humpback-trout.ts.net:3030/loki/api/v1/push";}]; + positions = { filename = "/tmp/positions.yaml"; }; + clients = [{ url = "http://box.humpback-trout.ts.net:3030/loki/api/v1/push"; }]; scrape_configs = [ { job_name = "journal"; @@ -361,7 +371,7 @@ in { }; relabel_configs = [ { - source_labels = ["__journal__systemd_unit"]; + source_labels = [ "__journal__systemd_unit" ]; target_label = "unit"; } ]; @@ -377,7 +387,7 @@ in { exporters = { node = { enable = true; - enabledCollectors = ["systemd"]; + enabledCollectors = [ "systemd" ]; port = 9002; }; }; @@ -386,7 +396,7 @@ in { enable = true; fqdn = "tasks.suah.dev"; listenHost = "::"; - organisations."bolddaemon".users = ["qbit"]; + organisations."bolddaemon".users = [ "qbit" ]; openFirewall = false; }; cron = { @@ -418,9 +428,9 @@ in { "/var/lib/writefreely" ]; - timerConfig = {OnCalendar = "00:05";}; + timerConfig = { OnCalendar = "00:05"; }; - pruneOpts = ["--keep-daily 7" "--keep-weekly 5" "--keep-yearly 10"]; + pruneOpts = [ "--keep-daily 7" "--keep-weekly 5" "--keep-yearly 10" ]; }; }; }; @@ -480,7 +490,7 @@ in { ''; upstreams = { - "ssh_gitea" = {servers = {"192.168.112.4:2222" = {};};}; + "ssh_gitea" = { servers = { "192.168.112.4:2222" = { }; }; }; }; streamConfig = '' @@ -551,7 +561,7 @@ in { forceSSL = true; enableACME = true; - locations."/" = {root = "${pkgs.glowing-bear}";}; + locations."/" = { root = "${pkgs.glowing-bear}"; }; }; "git.tapenet.org" = { @@ -569,15 +579,17 @@ in { forceSSL = true; enableACME = true; - locations."/" = { - proxyPass = "http://192.168.112.4:8222"; - proxyWebsockets = true; - }; - locations."/admin" = { - extraConfig = '' - ${httpAllow} - deny all; - ''; + locations = { + "/" = { + proxyPass = "http://192.168.112.4:8222"; + proxyWebsockets = true; + }; + "/admin" = { + extraConfig = '' + ${httpAllow} + deny all; + ''; + }; }; }; @@ -728,29 +740,33 @@ in { forceSSL = true; enableACME = true; root = "/var/www/tapenet.org"; - locations."/.well-known/matrix/client".extraConfig = - mkMatrixWellKnown matrixClientConfig; - locations."/.well-known/matrix/server".extraConfig = - mkMatrixWellKnown matrixServerConfig; + locations = { + "/.well-known/matrix/client".extraConfig = + mkMatrixWellKnown matrixClientConfig; + "/.well-known/matrix/server".extraConfig = + mkMatrixWellKnown matrixServerConfig; - locations."/client" = mkMatrixSliderLoc; - locations."/_matrix/client/unstable/org.matrix.msc3575/sync" = - mkMatrixSliderLoc; + "/client" = mkMatrixSliderLoc; + "/_matrix/client/unstable/org.matrix.msc3575/sync" = + mkMatrixSliderLoc; - locations."/_matrix" = mkMatrixLoc; - locations."/_synapse/client" = mkMatrixLoc; + "/_matrix" = mkMatrixLoc; + "/_synapse/client" = mkMatrixLoc; + }; } else { forceSSL = true; enableACME = true; root = "/var/www/tapenet.org"; - locations."/.well-known/matrix/client".extraConfig = - mkMatrixWellKnown matrixClientConfig; - locations."/.well-known/matrix/server".extraConfig = - mkMatrixWellKnown matrixServerConfig; + locations = { + "/.well-known/matrix/client".extraConfig = + mkMatrixWellKnown matrixClientConfig; + "/.well-known/matrix/server".extraConfig = + mkMatrixWellKnown matrixServerConfig; - locations."/_matrix" = mkMatrixLoc; - locations."/_synapse/client" = mkMatrixLoc; + "/_matrix" = mkMatrixLoc; + "/_synapse/client" = mkMatrixLoc; + }; }; }; }; @@ -764,7 +780,7 @@ in { enable = true; package = pkgs.postgresql_14; - settings = {}; + settings = { }; enableTCPIP = true; authentication = pkgs.lib.mkOverride 14 '' @@ -780,7 +796,7 @@ in { LC_COLLATE = "C" LC_CTYPE = "C"; ''; - ensureDatabases = ["synapse" "gotosocial" "syncv3"]; + ensureDatabases = [ "synapse" "gotosocial" "syncv3" ]; ensureUsers = [ { name = "synapse_user"; @@ -834,7 +850,7 @@ in { "porn" "csam" ]; - aditionalPrefixes = ["hammer"]; + aditionalPrefixes = [ "hammer" ]; confirmWildcardBan = false; }; }; @@ -850,7 +866,7 @@ in { server_name = "tapenet.org"; signing_key_path = "${config.sops.secrets.synapse_signing_key.path}"; url_preview_enabled = false; - plugins = with config.services.matrix-synapse.package.plugins; [matrix-synapse-mjolnir-antispam]; + plugins = with config.services.matrix-synapse.package.plugins; [ matrix-synapse-mjolnir-antispam ]; app_service_config_files = [ "/var/lib/heisenbridge/registration.yml" ]; @@ -864,15 +880,15 @@ in { listeners = [ { inherit (mtxCfg) port; - bind_addresses = [mtxCfg.address]; + bind_addresses = [ mtxCfg.address ]; resources = [ { compress = true; - names = ["client"]; + names = [ "client" ]; } { compress = false; - names = ["federation"]; + names = [ "federation" ]; } ]; tls = false; @@ -884,7 +900,6 @@ in { }; }; - users.users.qbit = userBase; system.stateVersion = "22.11"; } diff --git a/hosts/h/hardware-configuration.nix b/hosts/h/hardware-configuration.nix index f3a3579..5552a53 100644 --- a/hosts/h/hardware-configuration.nix +++ b/hosts/h/hardware-configuration.nix @@ -1,25 +1,28 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... +{ config +, lib +, modulesPath +, ... }: { - imports = [(modulesPath + "/profiles/qemu-guest.nix")]; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["wireguard"]; - boot.extraModulePackages = []; + boot = { + initrd = { + availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "wireguard" ]; + extraModulePackages = [ ]; + }; fileSystems."/" = { device = "/dev/disk/by-uuid/b3caa6ff-5610-4ae2-999d-f8f0b1599c4f"; fsType = "ext4"; }; - swapDevices = [{device = "/dev/disk/by-uuid/610a3dbc-59d5-4e5b-b5de-b31402135d44";}]; + swapDevices = [{ device = "/dev/disk/by-uuid/610a3dbc-59d5-4e5b-b5de-b31402135d44"; }]; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/luna/default.nix b/hosts/luna/default.nix index 037e4bc..68d6af5 100644 --- a/hosts/luna/default.nix +++ b/hosts/luna/default.nix @@ -1,24 +1,30 @@ -{...}: let +{ ... }: +let pubKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIPMaAm4rDxyU975Z54YiNw3itC2fGc3SaE2VaS1fai8 root@box" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILnaC1v+VoVNnK04D32H+euiCyWPXU8nX6w+4UoFfjA3 qbit@plq" ]; - userBase = {openssh.authorizedKeys.keys = pubKeys;}; -in { + userBase = { openssh.authorizedKeys.keys = pubKeys; }; +in +{ _module.args.isUnstable = false; - imports = [./hardware-configuration.nix]; + imports = [ ./hardware-configuration.nix ]; - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sdb"; - boot.loader.grub.useOSProber = true; + boot.loader.grub = { + enable = true; + device = "/dev/sdb"; + useOSProber = true; + }; # The moon based shipyard - networking.hostName = "luna"; + networking = { + hostName = "luna"; - networking.networkmanager.enable = true; - networking.firewall.allowedTCPPorts = [22]; + networkmanager.enable = true; + firewall.allowedTCPPorts = [ 22 ]; + }; - environment.systemPackages = []; + environment.systemPackages = [ ]; users.users.root = userBase; users.users.qbit = userBase; diff --git a/hosts/luna/hardware-configuration.nix b/hosts/luna/hardware-configuration.nix index a9c9dd0..2d4e920 100644 --- a/hosts/luna/hardware-configuration.nix +++ b/hosts/luna/hardware-configuration.nix @@ -1,31 +1,34 @@ -{ - config, - lib, - modulesPath, - ... +{ config +, lib +, modulesPath +, ... }: { - imports = [(modulesPath + "/installer/scan/not-detected.nix")]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ - "uhci_hcd" - "ehci_pci" - "ata_piix" - "megaraid_sas" - "usb_storage" - "usbhid" - "sd_mod" - "sr_mod" - ]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot = { + initrd = { + availableKernelModules = [ + "uhci_hcd" + "ehci_pci" + "ata_piix" + "megaraid_sas" + "usb_storage" + "usbhid" + "sd_mod" + "sr_mod" + ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; fileSystems."/" = { device = "/dev/disk/by-uuid/caa1051c-f7c3-4809-9a63-b3908de9c27c"; fsType = "ext4"; }; - swapDevices = [{device = "/dev/disk/by-uuid/53f8fb0f-1fd8-4785-9278-343b525a23be";}]; + swapDevices = [{ device = "/dev/disk/by-uuid/53f8fb0f-1fd8-4785-9278-343b525a23be"; }]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/hosts/plq/default.nix b/hosts/plq/default.nix index 4f90f21..de9795b 100644 --- a/hosts/plq/default.nix +++ b/hosts/plq/default.nix @@ -1,17 +1,18 @@ -{ - pkgs, - lib, - isUnstable, - ... -}: let +{ pkgs +, lib +, isUnstable +, ... +}: +let secretAgent = "Contents/Library/LoginItems/SecretAgent.app/Contents/MacOS/SecretAgent"; rage = - pkgs.writeScriptBin "rage" (import ../../bins/rage.nix {inherit pkgs;}); -in { + pkgs.writeScriptBin "rage" (import ../../bins/rage.nix { inherit pkgs; }); +in +{ _module.args.isUnstable = false; - imports = [../../configs/tmux.nix ../../configs/zsh.nix ../../bins]; + imports = [ ../../configs/tmux.nix ../../configs/zsh.nix ../../bins ]; - sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; networking.hostName = "plq"; @@ -69,8 +70,8 @@ in { }; environment.systemPackages = with pkgs; [ - (callPackage ../../pkgs/secretive.nix {inherit isUnstable;}) - (callPackage ../../pkgs/hammerspoon.nix {inherit isUnstable;}) + (callPackage ../../pkgs/secretive.nix { inherit isUnstable; }) + (callPackage ../../pkgs/hammerspoon.nix { inherit isUnstable; }) direnv exiftool diff --git a/hosts/pwntie/default.nix b/hosts/pwntie/default.nix index 37652d5..6883fb0 100644 --- a/hosts/pwntie/default.nix +++ b/hosts/pwntie/default.nix @@ -1,13 +1,14 @@ -{ - pkgs, - config, - ... -}: let +{ pkgs +, config +, ... +}: +let #myEmacs = pkgs.callPackage ../../configs/emacs.nix { }; pubKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" ]; -in { +in +{ _module.args.isUnstable = false; imports = [ ./hardware-configuration.nix @@ -16,12 +17,18 @@ in { hardware.rtl-sdr.enable = true; # Bootloader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot/efi"; - boot.kernelPackages = pkgs.linuxPackages_latest; + boot = { + loader = { + systemd-boot.enable = true; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot/efi"; + }; + }; + kernelPackages = pkgs.linuxPackages_latest; - boot.binfmt.emulatedSystems = ["aarch64-linux" "riscv64-linux"]; + binfmt.emulatedSystems = [ "aarch64-linux" "riscv64-linux" ]; + }; nixpkgs.config.allowUnsupportedSystem = true; networking = { @@ -29,7 +36,7 @@ in { networkmanager.enable = true; firewall = { enable = true; - allowedTCPPorts = [22]; + allowedTCPPorts = [ 22 ]; checkReversePath = "loose"; }; }; @@ -43,16 +50,14 @@ in { XDG_DATA_HOME = "\${HOME}/.local/share"; STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d"; - PATH = ["\${XDG_BIN_HOME}"]; + PATH = [ "\${XDG_BIN_HOME}" ]; }; - users.users.qbit.extraGroups = ["dialout" "libvirtd" "docker" "plugdev"]; - #nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ rtl-sdr direwolf - (callPackage ../../pkgs/rtlamr.nix {}) + (callPackage ../../pkgs/rtlamr.nix { }) ]; #programs = { @@ -116,8 +121,15 @@ in { }; }; - users.users.root = {openssh.authorizedKeys.keys = pubKeys;}; - users.users.qbit = {openssh.authorizedKeys.keys = pubKeys;}; + users = { + users = { + root = { openssh.authorizedKeys.keys = pubKeys; }; + qbit = { + openssh.authorizedKeys.keys = pubKeys; + extraGroups = [ "dialout" "libvirtd" "docker" "plugdev" ]; + }; + }; + }; system.stateVersion = "22.11"; } diff --git a/hosts/pwntie/hardware-configuration.nix b/hosts/pwntie/hardware-configuration.nix index 3ecb763..657214d 100644 --- a/hosts/pwntie/hardware-configuration.nix +++ b/hosts/pwntie/hardware-configuration.nix @@ -1,30 +1,33 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... +{ config +, lib +, modulesPath +, ... }: { - imports = [(modulesPath + "/installer/scan/not-detected.nix")]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-amd"]; - boot.extraModulePackages = []; - - fileSystems."/" = { - device = "/dev/disk/by-uuid/dd7f2225-4c7a-4f40-8452-0aebf1a75aec"; - fsType = "ext4"; + boot = { + initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; }; - fileSystems."/boot/efi" = { - device = "/dev/disk/by-uuid/2079-D1CE"; - fsType = "vfat"; + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/dd7f2225-4c7a-4f40-8452-0aebf1a75aec"; + fsType = "ext4"; + }; + + "/boot/efi" = { + device = "/dev/disk/by-uuid/2079-D1CE"; + fsType = "vfat"; + }; }; - swapDevices = [{device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d";}]; + swapDevices = [{ device = "/dev/disk/by-uuid/e14ac85b-d7b0-4a76-b9ab-a2c61fd67a5d"; }]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/hosts/router/default.nix b/hosts/router/default.nix index 5feb938..cff1424 100644 --- a/hosts/router/default.nix +++ b/hosts/router/default.nix @@ -1,9 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config +, pkgs +, lib +, ... +}: +let inherit (builtins) head @@ -11,7 +11,7 @@ attrValues mapAttrs attrNames - ; # hasAttr; + ;# hasAttr; inherit (lib.attrsets) filterAttrsRecursive filterAttrs; pubKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" @@ -22,9 +22,9 @@ wan = "enp5s0f0"; trunk = "enp5s0f1"; - dnsServers = ["45.90.28.147" "45.90.30.147"]; + dnsServers = [ "45.90.28.147" "45.90.30.147" ]; interfaces = { - "${wan}" = {useDHCP = true;}; + "${wan}" = { useDHCP = true; }; "${trunk}" = rec { ipv4.addresses = [ { @@ -96,7 +96,7 @@ enable = true; start = "10.99.1.100"; end = "10.99.1.155"; - staticIPs = []; + staticIPs = [ ]; }; }; }; @@ -118,7 +118,7 @@ enable = true; start = "10.98.1.100"; end = "10.98.1.150"; - staticIPs = []; + staticIPs = [ ]; }; }; }; @@ -140,7 +140,7 @@ enable = true; start = "10.10.0.100"; end = "10.10.0.155"; - staticIPs = []; + staticIPs = [ ]; }; }; }; @@ -162,7 +162,7 @@ enable = false; start = "10.12.0.100"; end = "10.12.0.155"; - staticIPs = []; + staticIPs = [ ]; }; }; }; @@ -213,7 +213,7 @@ enable = false; start = "10.20.30.100"; end = "10.20.30.155"; - staticIPs = []; + staticIPs = [ ]; }; }; }; @@ -294,14 +294,15 @@ enable = false; start = "10.7.0.100"; end = "10.7.0.155"; - staticIPs = []; + staticIPs = [ ]; }; }; }; }; -in { +in +{ _module.args.isUnstable = false; - imports = [./hardware-configuration.nix ../../modules/tsvnstat.nix]; + imports = [ ./hardware-configuration.nix ../../modules/tsvnstat.nix ]; boot.kernel.sysctl = { "net.ipv4.conf.all.forwarding" = true; @@ -463,7 +464,7 @@ in { { name = "common"; advertise = true; - prefix = [{prefix = "::/64";}]; + prefix = [{ prefix = "::/64"; }]; } ]; }; @@ -514,7 +515,7 @@ in { }; }; - environment.systemPackages = with pkgs; [bmon termshark tcpdump]; + environment.systemPackages = with pkgs; [ bmon termshark tcpdump ]; users.users.root = userBase; users.users.qbit = userBase; diff --git a/hosts/router/hardware-configuration.nix b/hosts/router/hardware-configuration.nix index d16899a..76cc1ea 100644 --- a/hosts/router/hardware-configuration.nix +++ b/hosts/router/hardware-configuration.nix @@ -1,29 +1,34 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - modulesPath, - ... +{ config +, lib +, modulesPath +, ... }: { - imports = [(modulesPath + "/installer/scan/not-detected.nix")]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.loader.grub.enable = true; - boot.loader.grub.device = "/dev/sda"; - boot.loader.grub.useOSProber = true; + boot.loader.grub = { + enable = true; + device = "/dev/sda"; + useOSProber = true; + }; - boot.initrd.availableKernelModules = ["ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["nf_tables" "nf_tables_ipv6" "nf_conntrack_tftp"]; - boot.extraModulePackages = []; + boot = { + initrd = { + availableKernelModules = [ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" ]; + kernelModules = [ ]; + }; + kernelModules = [ "nf_tables" "nf_tables_ipv6" "nf_conntrack_tftp" ]; + extraModulePackages = [ ]; + }; fileSystems."/" = { device = "/dev/disk/by-uuid/4c84fd36-f143-4db8-bfe5-65de0287f894"; fsType = "ext4"; }; - swapDevices = []; + swapDevices = [ ]; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/stan/default.nix b/hosts/stan/default.nix index 1298255..2a9ae6d 100644 --- a/hosts/stan/default.nix +++ b/hosts/stan/default.nix @@ -1,9 +1,9 @@ -{ - config, - inputs, - pkgs, - ... -}: let +{ config +, inputs +, pkgs +, ... +}: +let pubKeys = [ "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" @@ -20,9 +20,10 @@ doom-emacs = inputs.nix-doom-emacs.packages.${pkgs.system}.default.override { doomPrivateDir = ../../configs/doom.d; }; -in { +in +{ _module.args.isUnstable = true; - imports = [./hardware-configuration.nix]; + imports = [ ./hardware-configuration.nix ]; boot = { loader = { @@ -34,9 +35,9 @@ in { initrd = { luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".device = "/dev/disk/by-uuid/23b20980-eb1e-4390-b706-f0f42a623ddf"; luks.devices."luks-23b20980-eb1e-4390-b706-f0f42a623ddf".keyFile = "/crypto_keyfile.bin"; - secrets = {"/crypto_keyfile.bin" = null;}; + secrets = { "/crypto_keyfile.bin" = null; }; }; - kernelParams = ["intel_idle.max_cstate=4"]; + kernelParams = [ "intel_idle.max_cstate=4" ]; kernelPackages = pkgs.linuxPackages; }; security.pki.certificates = [ @@ -97,15 +98,15 @@ in { hostName = "stan"; hosts = { - "172.16.30.253" = ["proxmox-02.vm.calyptix.local"]; - "127.0.0.1" = ["borg.calyptix.dev" "localhost"]; - "192.168.122.249" = ["arst.arst" "vm"]; - "192.168.8.194" = ["router.arst" "router"]; + "172.16.30.253" = [ "proxmox-02.vm.calyptix.local" ]; + "127.0.0.1" = [ "borg.calyptix.dev" "localhost" ]; + "192.168.122.249" = [ "arst.arst" "vm" ]; + "192.168.8.194" = [ "router.arst" "router" ]; }; networkmanager.enable = true; firewall = { - allowedTCPPorts = [22]; + allowedTCPPorts = [ 22 ]; checkReversePath = "loose"; }; }; @@ -138,8 +139,8 @@ in { systemd.services = { "tailscale-init" = { - wantedBy = ["tailscaled.service"]; - after = ["tailscaled.service"]; + wantedBy = [ "tailscaled.service" ]; + after = [ "tailscaled.service" ]; serviceConfig = { ExecStart = "${pkgs.tailscale}/bin/tailscale up --auth-key file://${config.sops.secrets.tskey.path}"; }; @@ -152,7 +153,7 @@ in { isNormalUser = true; description = "Aaron Bieber"; shell = pkgs.zsh; - extraGroups = ["networkmanager" "wheel" "libvirtd"]; + extraGroups = [ "networkmanager" "wheel" "libvirtd" ]; } // userBase; @@ -184,22 +185,24 @@ in { zig rustdesk - (callPackage ../../pkgs/zutty.nix {}) + (callPackage ../../pkgs/zutty.nix { }) ]; virtualisation.libvirtd.enable = true; - programs.git.config.safe.directory = "/home/abieber/aef100"; - programs = { + git.config.safe.directory = "/home/abieber/aef100"; dconf.enable = true; zsh.enable = true; + ssh.knownHosts = { + "[192.168.122.249]:7022".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOzf2Rv6FZYuH758TlNBcq4CXAHTPJxe5qoQTRM3nRc"; + }; }; tsPeerix = { enable = false; privateKeyFile = "${config.sops.secrets.peerix_private_key.path}"; - interfaces = ["wlp170s0" "ztksevmpn3"]; + interfaces = [ "wlp170s0" "ztksevmpn3" ]; }; services = { @@ -213,9 +216,6 @@ in { }; }; - programs.ssh.knownHosts = { - "[192.168.122.249]:7022".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAOzf2Rv6FZYuH758TlNBcq4CXAHTPJxe5qoQTRM3nRc"; - }; system.autoUpgrade.allowReboot = false; system.stateVersion = "22.05"; # Did you read the comment? diff --git a/hosts/stan/hardware-configuration.nix b/hosts/stan/hardware-configuration.nix index bb358b0..e85ed43 100644 --- a/hosts/stan/hardware-configuration.nix +++ b/hosts/stan/hardware-configuration.nix @@ -1,18 +1,22 @@ -{ - pkgs, - config, - lib, - modulesPath, - ... +{ pkgs +, config +, lib +, modulesPath +, ... }: { - imports = [(modulesPath + "/installer/scan/not-detected.nix")]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + luks.devices."luks-e12e4b82-6f9e-4f80-b3f4-7e9a248e7827".device = "/dev/disk/by-uuid/e12e4b82-6f9e-4f80-b3f4-7e9a248e7827"; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; - system.fsPackages = [pkgs.sshfs]; + system.fsPackages = [ pkgs.sshfs ]; fileSystems = { "/" = { @@ -30,7 +34,7 @@ "_netdev" "x-systemd.automount" - (builtins.replaceStrings [" "] ["\\040"] + (builtins.replaceStrings [ " " ] [ "\\040" ] "ssh_command=${pkgs.openssh}/bin/ssh -F /home/abieber/.ssh/config") "reconnect" "allow_other" @@ -43,9 +47,8 @@ }; }; - boot.initrd.luks.devices."luks-e12e4b82-6f9e-4f80-b3f4-7e9a248e7827".device = "/dev/disk/by-uuid/e12e4b82-6f9e-4f80-b3f4-7e9a248e7827"; - swapDevices = [{device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da";}]; + swapDevices = [{ device = "/dev/disk/by-uuid/85a3b559-0c0f-485d-9107-9f6ba5ad31da"; }]; networking.useDHCP = lib.mkDefault true; diff --git a/hosts/weather/default.nix b/hosts/weather/default.nix index 4f1f5de..d4837e9 100644 --- a/hosts/weather/default.nix +++ b/hosts/weather/default.nix @@ -1,9 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config +, pkgs +, lib +, ... +}: +let pubKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local" @@ -11,19 +11,20 @@ userBase = { openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys; }; - firefox = import ../../configs/firefox.nix {inherit pkgs;}; -in { + firefox = import ../../configs/firefox.nix { inherit pkgs; }; +in +{ _module.args.isUnstable = false; - imports = [./hardware-configuration.nix]; + imports = [ ./hardware-configuration.nix ]; defaultUsers.enable = false; - programs = {} // firefox.programs; + programs = { } // firefox.programs; boot = { - initrd.availableKernelModules = ["usbhid" "usb_storage" "vc4" "rtc-ds3232" "rtc-ds1307"]; + initrd.availableKernelModules = [ "usbhid" "usb_storage" "vc4" "rtc-ds3232" "rtc-ds1307" ]; kernelPackages = pkgs.linuxPackages_latest; - kernelModules = ["raspberrypi_ts" "rtc-ds3232" "rtc-ds1307"]; + kernelModules = [ "raspberrypi_ts" "rtc-ds3232" "rtc-ds1307" ]; loader = { grub.enable = false; generic-extlinux-compatible.enable = true; @@ -32,21 +33,21 @@ in { networking = { hostName = "weather"; - networkmanager = {enable = true;}; + networkmanager = { enable = true; }; wireless.userControlled.enable = true; - hosts."100.120.151.126" = ["graph.tapenet.org"]; + hosts."100.120.151.126" = [ "graph.tapenet.org" ]; }; users.users.weather = { shell = pkgs.zsh; isNormalUser = true; description = "Weather"; - extraGroups = ["wheel"]; + extraGroups = [ "wheel" ]; }; preDNS.enable = false; systemd.services.NetworkManager-wait-online.serviceConfig.ExecStart = - lib.mkForce ["" "${pkgs.networkmanager}/bin/nm-online -q"]; + lib.mkForce [ "" "${pkgs.networkmanager}/bin/nm-online -q" ]; services.xserver = { enable = true; @@ -54,7 +55,7 @@ in { windowManager.xmonad = { enable = true; - extraPackages = haskellPackages: [haskellPackages.xmonad-contrib]; + extraPackages = haskellPackages: [ haskellPackages.xmonad-contrib ]; config = '' {-# LANGUAGE QuasiQuotes #-} diff --git a/hosts/weather/hardware-configuration.nix b/hosts/weather/hardware-configuration.nix index 21e0ef1..eccc117 100644 --- a/hosts/weather/hardware-configuration.nix +++ b/hosts/weather/hardware-configuration.nix @@ -1,4 +1,4 @@ -{...}: { +{ ... }: { fileSystems = { "/" = { device = "/dev/disk/by-label/NIXOS_SD"; diff --git a/hosts/weatherzero/default.nix b/hosts/weatherzero/default.nix index 6f519c3..9afb180 100644 --- a/hosts/weatherzero/default.nix +++ b/hosts/weatherzero/default.nix @@ -1,9 +1,9 @@ -{ - config, - pkgs, - lib, - ... -}: let +{ config +, pkgs +, lib +, ... +}: +let pubKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO7v+/xS8832iMqJHCWsxUZ8zYoMWoZhjj++e26g1fLT europa" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0= hosts@secretive.plq.local" @@ -11,7 +11,8 @@ userBase = { openssh.authorizedKeys.keys = pubKeys ++ config.myconf.managementPubKeys; }; -in { +in +{ _module.args.isUnstable = false; imports = [ ./hardware-configuration.nix @@ -27,23 +28,23 @@ in { "hid_microsoft" ]; - supportedFilesystems = lib.mkForce ["vfat"]; + supportedFilesystems = lib.mkForce [ "vfat" ]; kernelPackages = lib.mkForce pkgs.linuxPackages_rpi0; }; networking = { hostName = "wzero"; - networkmanager = {enable = true;}; + networkmanager = { enable = true; }; wireless.userControlled.enable = true; - hosts."100.120.151.126" = ["graph.tapenet.org"]; + hosts."100.120.151.126" = [ "graph.tapenet.org" ]; }; users.users.weather = { shell = pkgs.zsh; isNormalUser = true; description = "Weather"; - extraGroups = ["wheel"]; + extraGroups = [ "wheel" ]; }; preDNS.enable = false; diff --git a/hosts/weatherzero/hardware-configuration.nix b/hosts/weatherzero/hardware-configuration.nix index 6696d91..8425c8b 100644 --- a/hosts/weatherzero/hardware-configuration.nix +++ b/hosts/weatherzero/hardware-configuration.nix @@ -1,8 +1,8 @@ -{pkgs, ...}: { +{ pkgs, ... }: { hardware = { deviceTree = { enable = true; - overlays = ["${pkgs.device-tree_rpi.overlays}/hifiberry-dac.dtbo"]; + overlays = [ "${pkgs.device-tree_rpi.overlays}/hifiberry-dac.dtbo" ]; }; enableRedistributableFirmware = true; diff --git a/install_template.nix b/install_template.nix index fb0dbf0..c8b0ef5 100644 --- a/install_template.nix +++ b/install_template.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: let +{ pkgs, ... }: +let pubKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB1cBO17AFcS2NtIT+rIxR2Fhdu3HD4de4+IsFyKKuGQAAAACnNzaDpsZXNzZXI=" @@ -6,12 +7,17 @@ "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrYWbbgBkGcOntDqdMaWVZ9xn+dHM+Ap6s1HSAalL28AAAACHNzaDptYWlu" ]; -in { - imports = [./hardware-configuration.nix]; +in +{ + imports = [ ./hardware-configuration.nix ]; - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.efi.efiSysMountPoint = "/boot/efi"; + boot.loader = { + systemd-boot.enable = true; + efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "/boot/efi"; + }; + }; nix = { package = pkgs.nixUnstable; @@ -20,9 +26,10 @@ in { ''; }; - networking.hostName = "changeme"; - - networking.networkmanager.enable = true; + networking = { + hostName = "changeme"; + networkmanager.enable = true; + }; time.timeZone = "America/Denver"; @@ -32,24 +39,25 @@ in { layout = "us"; xkbVariant = "colemak"; }; - console = {keyMap = "colemak";}; + console = { keyMap = "colemak"; }; - users.users.qbit = { - isNormalUser = true; - description = "Aaron Bieber"; - extraGroups = ["networkmanager" "wheel"]; - packages = []; + users.users = { + qbit = { + isNormalUser = true; + description = "Aaron Bieber"; + extraGroups = [ "networkmanager" "wheel" ]; + packages = [ ]; + }; + root = { openssh.authorizedKeys.keys = pubKeys; }; }; # neovim will overwrite my neovim!! - environment.systemPackages = with pkgs; [neovim jq]; + environment.systemPackages = with pkgs; [ neovim jq ]; services.openssh = { enable = true; permitRootLogin = "prohibit-password"; }; - users.users.root = {openssh.authorizedKeys.keys = pubKeys;}; - system.stateVersion = "22.05"; # Did you read the comment? } diff --git a/installer.nix b/installer.nix index d390a0f..3b0b0e5 100644 --- a/installer.nix +++ b/installer.nix @@ -1,13 +1,13 @@ -{ - config, - lib, - options, - pkgs, - ... -}: let +{ config +, lib +, pkgs +, ... +}: +let managementKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager"; -in { - imports = [./configs/colemak.nix ./configs/tmux.nix ./configs/neovim.nix]; +in +{ + imports = [ ./configs/colemak.nix ./configs/tmux.nix ./configs/neovim.nix ]; options.myconf = { hwPubKeys = lib.mkOption rec { @@ -74,7 +74,7 @@ in { }; config = { - sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # from https://github.com/dylanaraps/neofetch users.motd = '' @@ -102,11 +102,13 @@ in { ''; boot.tmp.cleanOnBoot = true; - environment.systemPackages = with pkgs; [apg inetutils]; + environment = { + systemPackages = with pkgs; [ apg inetutils ]; - environment.interactiveShellInit = '' - alias vi=nvim - ''; + interactiveShellInit = '' + alias vi=nvim + ''; + }; time.timeZone = "US/Mountain"; @@ -114,15 +116,15 @@ in { if pkgs.system == "aarch64-linux" then { description = "Set date on boot"; - wantedBy = ["network-online.target"]; - after = ["network-online.target"]; + wantedBy = [ "network-online.target" ]; + after = [ "network-online.target" ]; script = '' . /etc/profile; ${pkgs.outils}/bin/rdate pool.ntp.org ''; serviceConfig.Type = "oneshot"; } - else {}; + else { }; programs = { zsh.enable = true; @@ -149,7 +151,7 @@ in { settings = { PermitRootLogin = lib.mkForce "prohibit-password"; PasswordAuthentication = false; - KexAlgorithms = ["curve25519-sha256" "curve25519-sha256@libssh.org"]; + KexAlgorithms = [ "curve25519-sha256" "curve25519-sha256@libssh.org" ]; Macs = [ "hmac-sha2-512-etm@openssh.com" "hmac-sha2-256-etm@openssh.com" diff --git a/lib/default.nix b/lib/default.nix index 922efa8..0fc6c35 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,36 +1,42 @@ -{lib, ...}: let +{ lib, ... }: +let inherit (builtins) toString readFile fromJSON filter; - getPrStatus = pr: let - prstr = toString pr; - prStatus = fromJSON (readFile ../pull_requests/${prstr}.json); - in + getPrStatus = pr: + let + prstr = toString pr; + prStatus = fromJSON (readFile ../pull_requests/${prstr}.json); + in prStatus; prIsOpen = { - option = pr: a: let - prStatus = getPrStatus pr; - in + option = pr: a: + let + prStatus = getPrStatus pr; + in if prStatus.status == "open" then a - else {}; - pkg = pr: localPkg: upstreamPkg: let - prStatus = getPrStatus pr; - in + else { }; + pkg = pr: localPkg: upstreamPkg: + let + prStatus = getPrStatus pr; + in if prStatus.status == "open" then localPkg else lib.warn - "PR: ${toString pr} (${prStatus.title}) is complete, ignoring pkg..." - upstreamPkg; + "PR: ${toString pr} (${prStatus.title}) is complete, ignoring pkg..." + upstreamPkg; - overlay = pr: overlay: let - prStatus = getPrStatus pr; - in + overlay = pr: overlay: + let + prStatus = getPrStatus pr; + in if pr == 0 || prStatus.status == "open" then overlay else lib.warn "PR: ${ toString pr - } (${prStatus.title}) is complete, ignoring overlay..." (_: _: {}); + } (${prStatus.title}) is complete, ignoring overlay..." + (_: _: { }); }; todo = msg: lib.warn "TODO: ${msg}"; @@ -48,7 +54,7 @@ value = { script = mkCronScript "${job.name}_script" job.script; inherit (job) startAt path; - serviceConfig = {Type = "oneshot";}; + serviceConfig = { Type = "oneshot"; }; }; }; jobToService = job: { @@ -91,12 +97,14 @@ # Set our configurationRevison based on the status of our git repo. # If the repo is dirty, disable autoUpgrade as it means we are # testing something. - buildVer = self: let - state = self.rev or "DIRTY"; - in { - system.configurationRevision = state; - system.autoUpgrade.enable = lib.mkDefault (state != "DIRTY"); - }; + buildVer = self: + let + state = self.rev or "DIRTY"; + in + { + system.configurationRevision = state; + system.autoUpgrade.enable = lib.mkDefault (state != "DIRTY"); + }; xinlib = { inherit @@ -111,4 +119,4 @@ ; }; in - xinlib +xinlib diff --git a/modules/default.nix b/modules/default.nix index c15229a..0b28640 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,4 +1,4 @@ -{...}: { +{ ... }: { imports = [ ./golink.nix ./gotosocial.nix diff --git a/modules/golink.nix b/modules/golink.nix index 27eb1b7..9593e33 100644 --- a/modules/golink.nix +++ b/modules/golink.nix @@ -1,19 +1,19 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: with pkgs; let cfg = config.services.golink; - golink = callPackage ../pkgs/golink.nix {}; -in { + golink = callPackage ../pkgs/golink.nix { }; +in +{ options = with lib; { services.golink = { enable = mkEnableOption "Enable golink"; user = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "golink"; description = '' The user the service will use. @@ -37,7 +37,7 @@ in { }; group = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "golink"; description = '' The user the service will use. @@ -53,7 +53,7 @@ in { }; }; config = lib.mkIf cfg.enable { - users.groups.${cfg.group} = {}; + users.groups.${cfg.group} = { }; users.users.${cfg.user} = { description = "golink service user"; isSystemUser = true; @@ -65,10 +65,10 @@ in { systemd.services.golink = { enable = true; description = "golink server"; - wantedBy = ["network-online.target"]; - after = ["network-online.target"]; + wantedBy = [ "network-online.target" ]; + after = [ "network-online.target" ]; - path = [pkgs.vnstat]; + path = [ pkgs.vnstat ]; environment = { HOME = cfg.dataDir; diff --git a/modules/gotosocial.nix b/modules/gotosocial.nix index f9dc9b0..85e8d80 100644 --- a/modules/gotosocial.nix +++ b/modules/gotosocial.nix @@ -1,27 +1,27 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: with pkgs; let cfg = config.services.gotosocial; - gotosocial = callPackage ../pkgs/gotosocial.nix {}; - settingsFormat = pkgs.formats.json {}; + gotosocial = callPackage ../pkgs/gotosocial.nix { }; + settingsFormat = pkgs.formats.json { }; settingsType = settingsFormat.type; prettyJSON = conf: - pkgs.runCommandLocal "gotosocial-config.json" {} '' + pkgs.runCommandLocal "gotosocial-config.json" { } '' echo '${ builtins.toJSON conf }' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out ''; -in { +in +{ options = with lib; { services.gotosocial = { enable = mkEnableOption "Enable gotosocial"; user = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "gotosocial"; description = '' The user the service will use. @@ -29,7 +29,7 @@ in { }; group = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "gotosocial"; description = '' The user the service will use. @@ -53,7 +53,7 @@ in { }; config = lib.mkIf cfg.enable { - users.groups.gotosocial = {}; + users.groups.gotosocial = { }; users.users.gotosocial = { description = "Gotosocial service user"; isSystemUser = true; @@ -65,8 +65,8 @@ in { systemd.services.gotosocial = { enable = true; description = "GoToSocial server"; - wantedBy = ["multi-user.target"]; - after = ["postgresql.service"]; + wantedBy = [ "multi-user.target" ]; + after = [ "postgresql.service" ]; serviceConfig = { User = cfg.user; diff --git a/modules/rtlamr2mqtt.nix b/modules/rtlamr2mqtt.nix index b4e9983..b90cea8 100644 --- a/modules/rtlamr2mqtt.nix +++ b/modules/rtlamr2mqtt.nix @@ -1,27 +1,27 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: with pkgs; let cfg = config.services.rtlamr2mqtt; - rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix {}; - settingsFormat = pkgs.formats.json {}; + rtlamr2mqtt = pkgs.python3Packages.callPackage ../pkgs/rtlamr2mqtt.nix { }; + settingsFormat = pkgs.formats.json { }; settingsType = settingsFormat.type; prettyJSON = conf: - pkgs.runCommandLocal "rtlamr2mqtt-config.json" {} '' + pkgs.runCommandLocal "rtlamr2mqtt-config.json" { } '' echo '${ builtins.toJSON conf }' | ${pkgs.buildPackages.jq}/bin/jq 'del(._module)' > $out ''; -in { +in +{ options = with lib; { services.rtlamr2mqtt = { enable = mkEnableOption "Enable rtlamr2mqtt"; user = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "rtlamr2mqtt"; description = '' The user the service will use. @@ -29,7 +29,7 @@ in { }; group = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "rtlamr2mqtt"; description = '' The user the service will use. @@ -53,20 +53,20 @@ in { }; config = lib.mkIf cfg.enable { - users.groups.rtlamr2mqtt = {}; + users.groups.rtlamr2mqtt = { }; users.users.rtlamr2mqtt = { description = "rtlamr2mqtt service user"; isSystemUser = true; home = "/var/lib/rtlamr2mqtt"; createHome = true; group = "rtlamr2mqtt"; - extraGroups = ["plugdev"]; + extraGroups = [ "plugdev" ]; }; systemd.services.rtlamr2mqtt = { enable = true; description = "rtlamr2mqtt server"; - wantedBy = ["multi-user.target"]; + wantedBy = [ "multi-user.target" ]; serviceConfig = { User = cfg.user; diff --git a/modules/sliding-sync.nix b/modules/sliding-sync.nix index 489366f..94829f6 100644 --- a/modules/sliding-sync.nix +++ b/modules/sliding-sync.nix @@ -1,17 +1,18 @@ -{ - lib, - config, - pkgs, - ... -}: let +{ lib +, config +, pkgs +, ... +}: +let cfg = config.services.sliding-sync; -in { +in +{ options = with lib; { services.sliding-sync = { enable = lib.mkEnableOption "Enable sliding-sync"; user = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "syncv3"; description = '' The user the service will use. @@ -19,7 +20,7 @@ in { }; group = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "syncv3"; description = '' The group the service will use. @@ -68,7 +69,7 @@ in { }; config = lib.mkIf cfg.enable { - users.groups.${cfg.group} = {}; + users.groups.${cfg.group} = { }; users.users.${cfg.user} = { description = "sliding-sync service user"; isSystemUser = true; @@ -80,8 +81,8 @@ in { systemd.services.sliding-sync = { enable = true; description = "sliding-sync server"; - wantedBy = ["network-online.target"]; - after = ["network-online.target" "matrix-synapse.service"]; + wantedBy = [ "network-online.target" ]; + after = [ "network-online.target" "matrix-synapse.service" ]; environment = { HOME = "${cfg.dataDir}"; diff --git a/modules/ssh-fido-agent.nix b/modules/ssh-fido-agent.nix index 2d62952..33631ac 100644 --- a/modules/ssh-fido-agent.nix +++ b/modules/ssh-fido-agent.nix @@ -1,9 +1,9 @@ -{ - config, - lib, - pkgs, - ... -}: let +{ config +, lib +, pkgs +, ... +}: +let perl = "${pkgs.perl}/bin/perl"; sshAdd = "${pkgs.openssh}/bin/ssh-add"; pKill = "${pkgs.procps}/bin/pkill"; @@ -45,7 +45,8 @@ export SSH_AUTH_SOCK="$(echo $XDG_RUNTIME_DIR/ssh-agent)"; exec ${config.programs.ssh.askPassword} "$@" ''; -in { +in +{ options = { sshFidoAgent = { enable = lib.mkEnableOption "Add FIDO keys to ssh-agent when attached."; @@ -53,14 +54,14 @@ in { }; config = lib.mkIf config.sshFidoAgent.enable { - environment.systemPackages = [fidoAddDevice]; + environment.systemPackages = [ fidoAddDevice ]; systemd.user.services.sshfidoagent = { script = '' ${fidoAddDevice}/bin/fido-add-device ''; - wantedBy = ["graphical-session.target"]; - partOf = ["graphical-session.target"]; - after = ["graphical-session.target"]; + wantedBy = [ "graphical-session.target" ]; + partOf = [ "graphical-session.target" ]; + after = [ "graphical-session.target" ]; environment.DISPLAY = "fake"; environment.SSH_ASKPASS = askPassWrapper; #serviceConfig = { Restart = "on-failure"; }; diff --git a/modules/ts-rev-prox.nix b/modules/ts-rev-prox.nix index b3251e7..1b90476 100644 --- a/modules/ts-rev-prox.nix +++ b/modules/ts-rev-prox.nix @@ -1,11 +1,12 @@ -{ - lib, - config, - pkgs, - ... -}: let +{ lib +, config +, pkgs +, ... +}: +let cfg = config.services.tsrevprox; -in { +in +{ options = with lib; { services.tsrevprox = { enable = lib.mkEnableOption "Enable tsrevprox"; @@ -35,7 +36,7 @@ in { }; user = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "tsrevprox"; description = '' The user the service will use. @@ -43,7 +44,7 @@ in { }; group = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "tsrevprox"; description = '' The group the service will use. @@ -74,7 +75,7 @@ in { }; config = lib.mkIf cfg.enable { - users.groups.${cfg.group} = {}; + users.groups.${cfg.group} = { }; users.users.${cfg.user} = { description = "tsrevprox service user"; isSystemUser = true; @@ -86,10 +87,10 @@ in { systemd.services.tsrevprox = { enable = true; description = "tsrevprox server"; - wantedBy = ["network-online.target"]; - after = ["network-online.target"]; + wantedBy = [ "network-online.target" ]; + after = [ "network-online.target" ]; - environment = {HOME = "${cfg.dataDir}";}; + environment = { HOME = "${cfg.dataDir}"; }; serviceConfig = { User = cfg.user; diff --git a/modules/tsvnstat.nix b/modules/tsvnstat.nix index 13c6f77..7802eae 100644 --- a/modules/tsvnstat.nix +++ b/modules/tsvnstat.nix @@ -1,20 +1,20 @@ -{ - config, - lib, - pkgs, - inputs, - ... +{ config +, lib +, pkgs +, inputs +, ... }: with pkgs; let cfg = config.services.tsvnstat; inherit (inputs.tsvnstat.packages.${pkgs.system}) tsvnstat; -in { +in +{ options = with lib; { services.tsvnstat = { enable = mkEnableOption "Enable tsvnstat"; user = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "tsvnstat"; description = '' The user the service will use. @@ -38,7 +38,7 @@ in { }; group = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "tsvnstat"; description = '' The user the service will use. @@ -53,7 +53,7 @@ in { }; }; config = lib.mkIf cfg.enable { - users.groups.${cfg.group} = {}; + users.groups.${cfg.group} = { }; users.users.${cfg.user} = { description = "tsvnstat service user"; isSystemUser = true; @@ -67,10 +67,10 @@ in { systemd.services.tsvnstat = { enable = true; description = "tsvnstat server"; - wantedBy = ["network-online.target"]; - after = ["network-online.target"]; + wantedBy = [ "network-online.target" ]; + after = [ "network-online.target" ]; - path = [pkgs.vnstat]; + path = [ pkgs.vnstat ]; environment = { HOME = "/var/lib/tsvnstat"; diff --git a/modules/veilid-server.nix b/modules/veilid-server.nix index 0e4934c..1c37625 100644 --- a/modules/veilid-server.nix +++ b/modules/veilid-server.nix @@ -1,23 +1,23 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: with pkgs; let cfg = config.services.veilid-server; -in { +in +{ options = with lib; { services.veilid-server = { enable = mkEnableOption "Enable velid-server"; user = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "veilid"; description = "The user veilid-server will run as."; }; group = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "veilid"; description = "The group veilid-server will run with."; }; @@ -42,7 +42,7 @@ in { }; config = lib.mkIf cfg.enable { - users.groups.${cfg.group} = {}; + users.groups.${cfg.group} = { }; users.users.${cfg.user} = { inherit (cfg) group; description = "veilid-server user"; @@ -52,15 +52,15 @@ in { }; networking.firewall = lib.mkIf cfg.openFirewall { - allowedTCPPorts = [5150]; - allowedUDPPorts = [5150]; + allowedTCPPorts = [ 5150 ]; + allowedUDPPorts = [ 5150 ]; }; systemd.services.veilid-server = { enable = true; description = "veilid-server"; - wantedBy = ["network-online.target"]; - after = ["network-online.target"]; + wantedBy = [ "network-online.target" ]; + after = [ "network-online.target" ]; environment = { HOME = cfg.dataDir; diff --git a/modules/yarr.nix b/modules/yarr.nix index 90bc3e9..8e5d9c2 100644 --- a/modules/yarr.nix +++ b/modules/yarr.nix @@ -1,13 +1,13 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: with pkgs; let cfg = config.services.yarr; - yarr = callPackage ../pkgs/yarr.nix {}; -in { + yarr = callPackage ../pkgs/yarr.nix { }; +in +{ options = with lib; { services.yarr = { enable = mkEnableOption "Enable yarr"; @@ -51,7 +51,7 @@ in { }; user = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "yarr"; description = '' The user the service will use. @@ -59,7 +59,7 @@ in { }; group = mkOption { - type = with types; oneOf [str int]; + type = with types; oneOf [ str int ]; default = "yarr"; description = '' The user the service will use. @@ -76,7 +76,7 @@ in { }; config = lib.mkIf cfg.enable { - users.groups.yarr = {}; + users.groups.yarr = { }; users.users.yarr = { description = "Yarr service user"; isSystemUser = true; @@ -88,8 +88,8 @@ in { systemd.services.yarr = { enable = true; description = "Yet Another Rss Reader server"; - wantedBy = ["multi-user.target"]; - after = ["networking.service"]; + wantedBy = [ "multi-user.target" ]; + after = [ "networking.service" ]; serviceConfig = { User = cfg.user; diff --git a/monitoring/default.nix b/monitoring/default.nix index 4ddb591..9e31111 100644 --- a/monitoring/default.nix +++ b/monitoring/default.nix @@ -1,7 +1,6 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; let cfg = config.services.xin-monitoring; @@ -15,16 +14,18 @@ with lib; let ; nginxCfg = config.services.nginx; - buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs (f: v: - if v.fsType != "sshfs" - then '' - check filesystem ${replaceStrings ["/"] ["_"] f} with path ${f} - if space usage > 90% then alert - if inode usage > 90% then alert - '' - else "") - fsList))); - buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs (f: v: '' + buildFSChecker = fsList: (concatStringsSep "\n" (attrValues (mapAttrs + (f: v: + if v.fsType != "sshfs" + then '' + check filesystem ${replaceStrings ["/"] ["_"] f} with path ${f} + if space usage > 90% then alert + if inode usage > 90% then alert + '' + else "") + fsList))); + buildNginxChecker = vhostList: (concatStringsSep "\n" (attrValues (mapAttrs + (f: v: '' check host ${f} with address ${f} if failed port 80 protocol http then alert ${ @@ -41,7 +42,8 @@ with lib; let then (buildNginxChecker nginxCfg.virtualHosts) else "" else ""; -in { +in +{ options = { services.xin-monitoring = { enable = mkOption { diff --git a/overlays/1password-gui.nix b/overlays/1password-gui.nix index 35f1d6e..6cc0eb7 100644 --- a/overlays/1password-gui.nix +++ b/overlays/1password-gui.nix @@ -9,4 +9,4 @@ let }); }; in - _1password-gui +_1password-gui diff --git a/overlays/default.nix b/overlays/default.nix index 1341e46..26aeadf 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,8 +1,8 @@ -{ - isUnstable, - xinlib, - ... -}: let +{ isUnstable +, xinlib +, ... +}: +let inherit (xinlib) prIsOpen; #_1password-gui = prIsOpen.overlay 235900 (import ./1password-gui.nix); #openssh = import ./openssh.nix; @@ -13,7 +13,8 @@ #nixd = prIsOpen.overlay 238779 (import ./nixd.nix); heisenbridge = prIsOpen.overlay 0 (import ./heisenbridge.nix); #rex = prIsOpen.overlay 0 (import ./rex.nix); -in { +in +{ nixpkgs.overlays = if isUnstable then [ diff --git a/overlays/heisenbridge.nix b/overlays/heisenbridge.nix index 8eef035..3f8cf79 100644 --- a/overlays/heisenbridge.nix +++ b/overlays/heisenbridge.nix @@ -14,4 +14,4 @@ let }); }; in - heisenbridge +heisenbridge diff --git a/overlays/matrix-synapse.nix b/overlays/matrix-synapse.nix index de37446..6a24506 100644 --- a/overlays/matrix-synapse.nix +++ b/overlays/matrix-synapse.nix @@ -20,4 +20,4 @@ let }); }; in - matrix-synapse +matrix-synapse diff --git a/overlays/nixd.nix b/overlays/nixd.nix index 44b5f5c..ac4aa20 100644 --- a/overlays/nixd.nix +++ b/overlays/nixd.nix @@ -18,4 +18,4 @@ let }); }; in - nixd +nixd diff --git a/overlays/obsidian.nix b/overlays/obsidian.nix index d930367..76d6b02 100644 --- a/overlays/obsidian.nix +++ b/overlays/obsidian.nix @@ -16,4 +16,4 @@ let }); }; in - obsidian +obsidian diff --git a/overlays/openssh.nix b/overlays/openssh.nix index a46a32f..a628135 100644 --- a/overlays/openssh.nix +++ b/overlays/openssh.nix @@ -15,4 +15,4 @@ let }); }; in - openssh +openssh diff --git a/overlays/rex.nix b/overlays/rex.nix index d419799..74cc8b1 100644 --- a/overlays/rex.nix +++ b/overlays/rex.nix @@ -7,4 +7,4 @@ let }); }; in - rex +rex diff --git a/overlays/tailscale.nix b/overlays/tailscale.nix index 158adc9..2b0ab1d 100644 --- a/overlays/tailscale.nix +++ b/overlays/tailscale.nix @@ -28,4 +28,4 @@ let # }; #}; in - tailscale +tailscale diff --git a/overlays/tidal-hifi.nix b/overlays/tidal-hifi.nix index e24d708..0964e36 100644 --- a/overlays/tidal-hifi.nix +++ b/overlays/tidal-hifi.nix @@ -10,4 +10,4 @@ let }); }; in - tidal-hifi +tidal-hifi diff --git a/pkgs/ada_language_server.nix b/pkgs/ada_language_server.nix index 3a7ed13..6071489 100644 --- a/pkgs/ada_language_server.nix +++ b/pkgs/ada_language_server.nix @@ -1,10 +1,10 @@ -{ - lib, - stdenv, - fetchFromGitHub, - pkgs, - ... -}: let +{ lib +, stdenv +, fetchFromGitHub +, pkgs +, ... +}: +let libadalang = stdenv.mkDerivation rec { pname = "libadalang"; version = "22.0.0"; @@ -25,7 +25,7 @@ gnatcoll-gmp ]; - makeFlags = ["PREFIX=$(out)"]; + makeFlags = [ "PREFIX=$(out)" ]; }; vss = stdenv.mkDerivation rec { pname = "vss"; @@ -38,9 +38,9 @@ sha256 = "sha256-IDPcIJfavlqMsxLOGrvXYv98FdYVWkCiimLcMFp3ees="; }; - buildInputs = with pkgs; [gnat12 gprbuild]; + buildInputs = with pkgs; [ gnat12 gprbuild ]; - makeFlags = ["PREFIX=$(out)"]; + makeFlags = [ "PREFIX=$(out)" ]; }; gnatdoc = stdenv.mkDerivation rec { pname = "gnatdoc"; @@ -53,32 +53,32 @@ sha256 = "sha256-kA5yOd3NDkRl08o38F5CyeFrihBZktNF6di3PC+/ZLU="; }; - buildInputs = with pkgs; [gnat12 gprbuild libadalang]; + buildInputs = with pkgs; [ gnat12 gprbuild libadalang ]; - makeFlags = ["PREFIX=$(out)"]; + makeFlags = [ "PREFIX=$(out)" ]; }; in - stdenv.mkDerivation rec { - pname = "ada_language_server"; - version = "23.0.10"; +stdenv.mkDerivation rec { + pname = "ada_language_server"; + version = "23.0.10"; - src = fetchFromGitHub { - owner = "AdaCore"; - repo = pname; - rev = version; - sha256 = "sha256-ZUzym0aMjq14W9h/lDL5hVCF/i+1SFu6kccGqzmGO3E="; - }; + src = fetchFromGitHub { + owner = "AdaCore"; + repo = pname; + rev = version; + sha256 = "sha256-ZUzym0aMjq14W9h/lDL5hVCF/i+1SFu6kccGqzmGO3E="; + }; - buildInputs = with pkgs; [gnat12 gprbuild python3 vss gnatdoc]; + buildInputs = with pkgs; [ gnat12 gprbuild python3 vss gnatdoc ]; - meta = with lib; { - description = "Language server for Ada and SPARK"; - longDescription = '' - Server implementing the Microsoft Language Protocol for Ada and SPARk - ''; - homepage = "https://github.com/AdaCore/ada_language_server"; - license = licenses.gpl3; - platforms = platforms.linux; - maintainers = with maintainers; [qbit]; - }; - } + meta = with lib; { + description = "Language server for Ada and SPARK"; + longDescription = '' + Server implementing the Microsoft Language Protocol for Ada and SPARk + ''; + homepage = "https://github.com/AdaCore/ada_language_server"; + license = licenses.gpl3; + platforms = platforms.linux; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/alire.nix b/pkgs/alire.nix index a1aca00..9ca0b53 100644 --- a/pkgs/alire.nix +++ b/pkgs/alire.nix @@ -1,37 +1,36 @@ -{ - stdenv, - lib, - fetchurl, - unzip, - autoPatchelfHook, - ... +{ stdenv +, lib +, fetchurl +, unzip +, autoPatchelfHook +, ... }: with lib; - stdenv.mkDerivation rec { - pname = "alire"; - version = "1.2.1"; +stdenv.mkDerivation rec { + pname = "alire"; + version = "1.2.1"; - src = fetchurl { - url = "https://github.com/alire-project/alire/releases/download/v1.2.1/alr-1.2.1-bin-x86_64-linux.zip"; - sha256 = "sha256-bN/H5CPN7uvUH9+p+y/sg01qTJI3asToxVSVnKVNHuM="; - }; + src = fetchurl { + url = "https://github.com/alire-project/alire/releases/download/v1.2.1/alr-1.2.1-bin-x86_64-linux.zip"; + sha256 = "sha256-bN/H5CPN7uvUH9+p+y/sg01qTJI3asToxVSVnKVNHuM="; + }; - nativeBuildInputs = [unzip autoPatchelfHook]; + nativeBuildInputs = [ unzip autoPatchelfHook ]; - dontBuild = true; - doCheck = false; + dontBuild = true; + doCheck = false; - installPhase = '' - runHook preInstall - mkdir -p $out/bin - install -D alr $out/bin/ - runHook postInstall - ''; + installPhase = '' + runHook preInstall + mkdir -p $out/bin + install -D alr $out/bin/ + runHook postInstall + ''; - meta = { - description = "ALIRE: Ada LIbrary REpository."; - homepage = "https://github.com/alire-project/alire"; - license = licenses.gpl3; - maintainers = with maintainers; [qbit]; - }; - } + meta = { + description = "ALIRE: Ada LIbrary REpository."; + homepage = "https://github.com/alire-project/alire"; + license = licenses.gpl3; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/athens.nix b/pkgs/athens.nix index d96c242..bbdb1d0 100644 --- a/pkgs/athens.nix +++ b/pkgs/athens.nix @@ -1,52 +1,52 @@ -{ - stdenv, - lib, - buildGoModule, - fetchFromGitHub, - isUnstable, - makeWrapper, - go, - git, - ... -}: let +{ stdenv +, lib +, buildGoModule +, fetchFromGitHub +, isUnstable +, makeWrapper +, go +, git +, ... +}: +let vendorHash = if isUnstable then "" else "sha256-7CnkKMZ1so1lflmp4D9EAESR6/u9ys5CTuVOsYetp0I="; in - with lib; - buildGoModule rec { - pname = "athens"; - version = "0.11.0"; +with lib; +buildGoModule rec { + pname = "athens"; + version = "0.11.0"; - src = fetchFromGitHub { - owner = "gomods"; - repo = pname; - rev = "v${version}"; - sha256 = "sha256-hkewZ21ElkoDsbPPiCZNmWu4MBlKTlnrK72/xCX06Sk="; - }; + src = fetchFromGitHub { + owner = "gomods"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-hkewZ21ElkoDsbPPiCZNmWu4MBlKTlnrK72/xCX06Sk="; + }; - doCheck = false; + doCheck = false; - ldflags = ["-X github.com/gomods/athens/pkg/build.version=${version}"]; + ldflags = [ "-X github.com/gomods/athens/pkg/build.version=${version}" ]; - nativeBuildInputs = lib.optionals stdenv.isLinux [makeWrapper go]; + nativeBuildInputs = lib.optionals stdenv.isLinux [ makeWrapper go ]; - proxyVendor = true; + proxyVendor = true; - subPackages = ["cmd/proxy"]; + subPackages = [ "cmd/proxy" ]; - vendorSha256 = vendorHash; + vendorSha256 = vendorHash; - postInstall = lib.optionalString stdenv.isLinux '' - mv $out/bin/proxy $out/bin/athens - wrapProgram $out/bin/athens --prefix PATH : ${lib.makeBinPath [git]} - ''; + postInstall = lib.optionalString stdenv.isLinux '' + mv $out/bin/proxy $out/bin/athens + wrapProgram $out/bin/athens --prefix PATH : ${lib.makeBinPath [git]} + ''; - meta = { - description = "A Go module datastore and proxy"; - homepage = "https://github.com/gomods/athens"; - license = licenses.mit; - maintainers = with maintainers; [qbit]; - }; - } + meta = { + description = "A Go module datastore and proxy"; + homepage = "https://github.com/gomods/athens"; + license = licenses.mit; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/bearclaw.nix b/pkgs/bearclaw.nix index 9eddf00..7c22114 100644 --- a/pkgs/bearclaw.nix +++ b/pkgs/bearclaw.nix @@ -1,27 +1,26 @@ -{ - lib, - buildGoModule, - fetchFromGitHub, - ... +{ lib +, buildGoModule +, fetchFromGitHub +, ... }: with lib; - buildGoModule rec { - pname = "bearclaw"; - version = "1.1.0"; +buildGoModule rec { + pname = "bearclaw"; + version = "1.1.0"; - src = fetchFromGitHub { - owner = "donuts-are-good"; - repo = pname; - rev = "${version}"; - sha256 = "sha256-AhqW+AAEBbAPJO0hnZnC5a/u4IKyLII6OWYEQzoX0C8="; - }; + src = fetchFromGitHub { + owner = "donuts-are-good"; + repo = pname; + rev = "${version}"; + sha256 = "sha256-AhqW+AAEBbAPJO0hnZnC5a/u4IKyLII6OWYEQzoX0C8="; + }; - vendorSha256 = "sha256-7XFvghT411YE+Y9bYEFOKR655EaFS4GZiDzUYiYRbMY="; + vendorSha256 = "sha256-7XFvghT411YE+Y9bYEFOKR655EaFS4GZiDzUYiYRbMY="; - meta = { - description = "tiny static site generator"; - homepage = "https://github.com/donuts-are-good/bearclaw"; - license = licenses.mit; - maintainers = with maintainers; [qbit]; - }; - } + meta = { + description = "tiny static site generator"; + homepage = "https://github.com/donuts-are-good/bearclaw"; + license = licenses.mit; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/cachew.nix b/pkgs/cachew.nix index a983114..b5ac371 100644 --- a/pkgs/cachew.nix +++ b/pkgs/cachew.nix @@ -1,20 +1,19 @@ -{ - buildPythonPackage, - fetchPypi, - setuptools-scm, - appdirs, - sqlalchemy, - ... +{ buildPythonPackage +, fetchPypi +, setuptools-scm +, appdirs +, sqlalchemy +, ... }: buildPythonPackage rec { pname = "cachew"; version = "0.11.0"; - nativeBuildInputs = [setuptools-scm]; + nativeBuildInputs = [ setuptools-scm ]; doCheck = true; - propagatedBuildInputs = [appdirs sqlalchemy]; + propagatedBuildInputs = [ appdirs sqlalchemy ]; src = fetchPypi { inherit pname version; diff --git a/pkgs/cinny-desktop.nix b/pkgs/cinny-desktop.nix index 663ec59..0b6cf95 100644 --- a/pkgs/cinny-desktop.nix +++ b/pkgs/cinny-desktop.nix @@ -1,9 +1,9 @@ -{ - fetchurl, - appimageTools, - desktop-file-utils, - ... -}: let +{ fetchurl +, appimageTools +, desktop-file-utils +, ... +}: +let name = "cinny-desktop"; version = "2.0.4"; @@ -13,47 +13,47 @@ sha256 = "sha256-9ZQyVcTsHja67DhuIyniTK/xr0C6qN7fiCmjt8enUd8="; }; - appimageContents = appimageTools.extract {inherit name src;}; + appimageContents = appimageTools.extract { inherit name src; }; in - appimageTools.wrapType2 rec { - inherit name src; +appimageTools.wrapType2 rec { + inherit name src; - extraInstallCommands = '' - cp -r ${appimageContents}/* $out - cd $out - chmod -R +w $out + extraInstallCommands = '' + cp -r ${appimageContents}/* $out + cd $out + chmod -R +w $out - ${desktop-file-utils}/bin/desktop-file-install --dir $out/share/applications \ - --set-key Exec --set-value ${name} "cinny.desktop" + ${desktop-file-utils}/bin/desktop-file-install --dir $out/share/applications \ + --set-key Exec --set-value ${name} "cinny.desktop" - mv usr/bin/cinny $out/${name} - #mv usr/share share + mv usr/bin/cinny $out/${name} + #mv usr/share share - rm -rf usr/lib/* AppRun* *.desktop - ''; + rm -rf usr/lib/* AppRun* *.desktop + ''; - extraPkgs = pkgs: - with pkgs; [ - atk - avahi - brotli - cairo - fontconfig - freetype - fribidi - glew-egl - gobject-introspection - gst_all_1.gstreamer - harfbuzz - icu - libdrm - libGLU - libgpg-error - librsvg - libthai - pango - xorg.libX11 - xorg.libxcb - zlib - ]; - } + extraPkgs = pkgs: + with pkgs; [ + atk + avahi + brotli + cairo + fontconfig + freetype + fribidi + glew-egl + gobject-introspection + gst_all_1.gstreamer + harfbuzz + icu + libdrm + libGLU + libgpg-error + librsvg + libthai + pango + xorg.libX11 + xorg.libxcb + zlib + ]; +} diff --git a/pkgs/clilol.nix b/pkgs/clilol.nix index 536cfd6..ec89f9a 100644 --- a/pkgs/clilol.nix +++ b/pkgs/clilol.nix @@ -1,8 +1,7 @@ -{ - lib, - buildGoModule, - fetchgit, - ... +{ lib +, buildGoModule +, fetchgit +, ... }: buildGoModule rec { pname = "clilol"; @@ -24,6 +23,6 @@ buildGoModule rec { homepage = "https://mcornick.dev/clilol/"; changelog = "https://git.mcornick.dev/mcornick/clilol/releases/tag/${version}"; license = licenses.mpl20; - maintainers = [maintainers.qbit]; + maintainers = [ maintainers.qbit ]; }; } diff --git a/pkgs/default.nix b/pkgs/default.nix index 8226ac2..d7cc87d 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,4 +1,4 @@ -{...}: { +{ ... }: { environment.systemPackages = [ #(callPackage ./cinny-desktop.nix { inherit isUnstable; }) #(callPackage ./mudita-center.nix { inherit isUnstable; }) diff --git a/pkgs/femtolisp.nix b/pkgs/femtolisp.nix index 68364c9..2248904 100644 --- a/pkgs/femtolisp.nix +++ b/pkgs/femtolisp.nix @@ -1,8 +1,8 @@ -{ - stdenv, - lib, - fetchgit, - gnumake, +{ stdenv +, lib +, fetchgit +, gnumake +, }: stdenv.mkDerivation { pname = "femtolisp"; @@ -14,7 +14,7 @@ stdenv.mkDerivation { hash = "sha256-mh7upbCmWXLhudtaaebBf1XTIv4nYPSh0OAJDOqaQnk="; }; - buildInputs = [gnumake]; + buildInputs = [ gnumake ]; installPhase = '' mkdir -p $out/bin @@ -25,7 +25,7 @@ stdenv.mkDerivation { description = "A compact interpreter for a minimal lisp/scheme dialect."; homepage = "https://git.sr.ht/~ft/femtolisp"; license = lib.licenses.bsd3; - maintainer = with lib.maintainers; [qbit]; + maintainer = with lib.maintainers; [ qbit ]; mainProgram = "flisp"; }; } diff --git a/pkgs/flake-warn.nix b/pkgs/flake-warn.nix index 14722d5..5c428f4 100644 --- a/pkgs/flake-warn.nix +++ b/pkgs/flake-warn.nix @@ -1,11 +1,10 @@ -{ - stdenv, - lib, - substituteAll, - jq, - nix, - coreutils, - ... +{ stdenv +, lib +, substituteAll +, jq +, nix +, coreutils +, ... }: stdenv.mkDerivation rec { pname = "flake-warn"; @@ -26,7 +25,7 @@ stdenv.mkDerivation rec { description = "script to warn when flake inputs are out of date"; homepage = "https://github.com/qbit/xin"; license = lib.licenses.isc; - maintainer = with lib.maintainers; [qbit]; + maintainer = with lib.maintainers; [ qbit ]; mainProgram = "flake-warn"; }; } diff --git a/pkgs/fyne.nix b/pkgs/fyne.nix index 665e360..d6d7847 100644 --- a/pkgs/fyne.nix +++ b/pkgs/fyne.nix @@ -1,31 +1,30 @@ -{ - lib, - buildGoModule, - fetchFromGitHub, - ... +{ lib +, buildGoModule +, fetchFromGitHub +, ... }: with lib; - buildGoModule rec { - pname = "fyne"; - version = "2.3.5"; +buildGoModule rec { + pname = "fyne"; + version = "2.3.5"; - src = fetchFromGitHub { - owner = "fyne-io"; - repo = pname; - rev = "v${version}"; - sha256 = "sha256-iSQ1oqUePxDyjQTKNazX0IZyHAoz50bqukV2CmQjrAk="; - }; + src = fetchFromGitHub { + owner = "fyne-io"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-iSQ1oqUePxDyjQTKNazX0IZyHAoz50bqukV2CmQjrAk="; + }; - vendorHash = null; + vendorHash = null; - proxyVendor = true; + proxyVendor = true; - subPackages = ["cmd/fyne"]; + subPackages = [ "cmd/fyne" ]; - meta = { - description = "Fyne command line tool"; - homepage = "https://github.com/fyne-io/fyne"; - license = licenses.bsd3; - maintainers = with maintainers; [qbit]; - }; - } + meta = { + description = "Fyne command line tool"; + homepage = "https://github.com/fyne-io/fyne"; + license = licenses.bsd3; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/ghexport.nix b/pkgs/ghexport.nix index 6a9504e..6bef4a4 100644 --- a/pkgs/ghexport.nix +++ b/pkgs/ghexport.nix @@ -1,21 +1,20 @@ -{ - buildPythonPackage, - setuptools-scm, - fetchFromGitHub, - PyGithub, - pytz, - ... +{ buildPythonPackage +, setuptools-scm +, fetchFromGitHub +, PyGithub +, pytz +, ... }: buildPythonPackage rec { pname = "ghexport"; version = "20220828"; - nativeBuildInputs = [setuptools-scm]; - propagatedBuildInputs = [PyGithub pytz]; + nativeBuildInputs = [ setuptools-scm ]; + propagatedBuildInputs = [ PyGithub pytz ]; doCheck = true; - buildInputs = []; + buildInputs = [ ]; preCheck = '' export HOME=$(mktemp -d) diff --git a/pkgs/gokrazy.nix b/pkgs/gokrazy.nix index 9b23580..3627357 100644 --- a/pkgs/gokrazy.nix +++ b/pkgs/gokrazy.nix @@ -1,31 +1,30 @@ -{ - lib, - buildGoModule, - fetchFromGitHub, - ... +{ lib +, buildGoModule +, fetchFromGitHub +, ... }: with lib; - buildGoModule { - pname = "gokrazy"; - version = "0.0.0"; +buildGoModule { + pname = "gokrazy"; + version = "0.0.0"; - src = fetchFromGitHub { - owner = "gokrazy"; - repo = "tools"; - rev = "b89d9dc6e09742ea23492bb84021da70b2965bff"; - sha256 = "sha256-1nWpLQMDvtV83HFvmrNdN31DVENq3HUqk/6+zuavoTU="; - }; + src = fetchFromGitHub { + owner = "gokrazy"; + repo = "tools"; + rev = "b89d9dc6e09742ea23492bb84021da70b2965bff"; + sha256 = "sha256-1nWpLQMDvtV83HFvmrNdN31DVENq3HUqk/6+zuavoTU="; + }; - vendorSha256 = "sha256-d6je2aRHlgP4r/Yg55zezRMTul1p5aLEpxfLb3V6BFg="; + vendorSha256 = "sha256-d6je2aRHlgP4r/Yg55zezRMTul1p5aLEpxfLb3V6BFg="; - proxyVendor = true; + proxyVendor = true; - doCheck = false; + doCheck = false; - meta = { - description = "CLI tools for gokrazy"; - homepage = "https://github.com/gokrazy/tools"; - license = licenses.bsd3; - maintainers = with maintainers; [qbit]; - }; - } + meta = { + description = "CLI tools for gokrazy"; + homepage = "https://github.com/gokrazy/tools"; + license = licenses.bsd3; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/golink.nix b/pkgs/golink.nix index c793daf..aea021d 100644 --- a/pkgs/golink.nix +++ b/pkgs/golink.nix @@ -1,29 +1,28 @@ -{ - lib, - buildGoModule, - fetchFromGitHub, - ... +{ lib +, buildGoModule +, fetchFromGitHub +, ... }: with lib; - buildGoModule rec { - pname = "golink"; - version = "0.0.0"; +buildGoModule rec { + pname = "golink"; + version = "0.0.0"; - src = fetchFromGitHub { - owner = "tailscale"; - repo = pname; - rev = "cada6f65af471470f85092a7152023e956ce0fb4"; - sha256 = "sha256-YApJezFbihypIZx8UHqqhXQ/fw1Zz/XL6P6Z3gTFtrA="; - }; + src = fetchFromGitHub { + owner = "tailscale"; + repo = pname; + rev = "cada6f65af471470f85092a7152023e956ce0fb4"; + sha256 = "sha256-YApJezFbihypIZx8UHqqhXQ/fw1Zz/XL6P6Z3gTFtrA="; + }; - vendorSha256 = "sha256-0k+1G+ox9+NZI4GaHm2Ba2Q4Eybz20gTAPnGKkU5Iec="; + vendorSha256 = "sha256-0k+1G+ox9+NZI4GaHm2Ba2Q4Eybz20gTAPnGKkU5Iec="; - proxyVendor = true; + proxyVendor = true; - meta = { - description = "A private shortlink service for tailnets"; - homepage = "https://github.com/tailscale/golink"; - license = licenses.bsd3; - maintainers = with maintainers; [qbit]; - }; - } + meta = { + description = "A private shortlink service for tailnets"; + homepage = "https://github.com/tailscale/golink"; + license = licenses.bsd3; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/gosignify.nix b/pkgs/gosignify.nix index 99f70d0..96f9c0d 100644 --- a/pkgs/gosignify.nix +++ b/pkgs/gosignify.nix @@ -1,29 +1,28 @@ -{ - lib, - buildGoModule, - fetchFromGitHub, - ... +{ lib +, buildGoModule +, fetchFromGitHub +, ... }: with lib; - buildGoModule rec { - pname = "gosignify"; - version = "0.0.0-20210702013543-c91e79d30e91"; +buildGoModule rec { + pname = "gosignify"; + version = "0.0.0-20210702013543-c91e79d30e91"; - src = fetchFromGitHub { - owner = "frankbraun"; - repo = pname; - rev = "c91e79d30e9115216a827222e07f44e9c4339ed2"; - sha256 = "sha256-Ynmx6NUUQ5WEYFowuW/ELjV2ESOHqoOTVqdZ6CWt6LQ="; - }; + src = fetchFromGitHub { + owner = "frankbraun"; + repo = pname; + rev = "c91e79d30e9115216a827222e07f44e9c4339ed2"; + sha256 = "sha256-Ynmx6NUUQ5WEYFowuW/ELjV2ESOHqoOTVqdZ6CWt6LQ="; + }; - proxyVendor = false; + proxyVendor = false; - vendorSha256 = null; + vendorSha256 = null; - meta = { - description = "gosignify is a Go reimplementation of OpenBSD's signify"; - homepage = "https://github.com/frankbraun/gosignify"; - license = licenses.unlicense; - maintainers = with maintainers; [qbit]; - }; - } + meta = { + description = "gosignify is a Go reimplementation of OpenBSD's signify"; + homepage = "https://github.com/frankbraun/gosignify"; + license = licenses.unlicense; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/gotosocial.nix b/pkgs/gotosocial.nix index c07481d..458c89b 100644 --- a/pkgs/gotosocial.nix +++ b/pkgs/gotosocial.nix @@ -1,11 +1,11 @@ -{ - lib, - buildGoModule, - fetchFromGitHub, - go, - ffmpeg, - ... -}: let +{ lib +, buildGoModule +, fetchFromGitHub +, go +, ffmpeg +, ... +}: +let gotosocialVersion = "0.11.0"; gtswaHash = "sha256:0qbs4a3wblrlcr1l5155p54vdd6hn2szkdns99wxjhjr8kw6dbil"; gtssHash = "sha256-qbq5pDvG2L1s6BG+sh7eagcFNH/DWyANMQaAl2WcQzE="; @@ -14,48 +14,48 @@ sha256 = gtswaHash; }; in - with lib; - buildGoModule rec { - pname = "gotosocial"; - version = gotosocialVersion; +with lib; +buildGoModule rec { + pname = "gotosocial"; + version = gotosocialVersion; - src = fetchFromGitHub { - owner = "superseriousbusiness"; - repo = pname; - rev = "v${version}"; - hash = gtssHash; - }; + src = fetchFromGitHub { + owner = "superseriousbusiness"; + repo = pname; + rev = "v${version}"; + hash = gtssHash; + }; - ldflags = [ - "-s" - "-w" - "-extldflags '-static'" - "-X 'main.Commit=${version}'" - "-X 'main.Version=${version}'" - ]; + ldflags = [ + "-s" + "-w" + "-extldflags '-static'" + "-X 'main.Commit=${version}'" + "-X 'main.Version=${version}'" + ]; - propagatedBuildInputs = [ffmpeg]; + propagatedBuildInputs = [ ffmpeg ]; - proxyVendor = false; + proxyVendor = false; - vendorSha256 = null; + vendorSha256 = null; - doCheck = false; + doCheck = false; - preBuild = '' - echo ${go}/bin/go - ${go}/bin/go version - ''; + preBuild = '' + echo ${go}/bin/go + ${go}/bin/go version + ''; - postInstall = '' - mkdir -p $out/assets - tar -C $out/assets/ -zxvf ${gotosocialWebAssets} - ''; + postInstall = '' + mkdir -p $out/assets + tar -C $out/assets/ -zxvf ${gotosocialWebAssets} + ''; - meta = { - description = "Fast, fun, ActivityPub server, powered by Go."; - homepage = "https://github.com/superseriousbusiness/gotosocial"; - license = licenses.agpl3; - maintainers = with maintainers; [qbit]; - }; - } + meta = { + description = "Fast, fun, ActivityPub server, powered by Go."; + homepage = "https://github.com/superseriousbusiness/gotosocial"; + license = licenses.agpl3; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/gqrss.nix b/pkgs/gqrss.nix index 92622ae..609a679 100644 --- a/pkgs/gqrss.nix +++ b/pkgs/gqrss.nix @@ -1,33 +1,33 @@ -{ - lib, - buildGoModule, - fetchFromGitHub, - ... -}: let +{ lib +, buildGoModule +, fetchFromGitHub +, ... +}: +let vendorHash = "sha256-1zBZREClt8jy0TUXJ1FuBEAJEPQoUcl4DZZ6U2LtRzg="; in - with lib; - buildGoModule rec { - pname = "gqrss"; - version = "1.0.0"; +with lib; +buildGoModule rec { + pname = "gqrss"; + version = "1.0.0"; - src = fetchFromGitHub { - owner = "qbit"; - repo = pname; - rev = "v${version}"; - sha256 = "sha256-1ZGjifDgqA9yk9l0YB4rLpcvwaq9lWxDgItJ7lCVj2I="; - }; + src = fetchFromGitHub { + owner = "qbit"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-1ZGjifDgqA9yk9l0YB4rLpcvwaq9lWxDgItJ7lCVj2I="; + }; - vendorSha256 = vendorHash; + vendorSha256 = vendorHash; - proxyVendor = true; + proxyVendor = true; - doCheck = false; + doCheck = false; - meta = { - description = "Simple github query tool"; - homepage = "https://github.com/qbit/gqrss"; - license = licenses.isc; - maintainers = with maintainers; [qbit]; - }; - } + meta = { + description = "Simple github query tool"; + homepage = "https://github.com/qbit/gqrss"; + license = licenses.isc; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/hammerspoon.nix b/pkgs/hammerspoon.nix index 057fad7..67be770 100644 --- a/pkgs/hammerspoon.nix +++ b/pkgs/hammerspoon.nix @@ -1,9 +1,8 @@ -{ - lib, - fetchurl, - stdenv, - unzip, - ... +{ lib +, fetchurl +, stdenv +, unzip +, ... }: stdenv.mkDerivation rec { pname = "hammerspoon"; @@ -15,7 +14,7 @@ stdenv.mkDerivation rec { hash = "sha256-7y7YZYmB+KMVdHZXLdic5JanXQl6vtaTmqmvkFa8UTM="; }; - buildInputs = [unzip]; + buildInputs = [ unzip ]; installPhase = '' mkdir -p $out/Applications diff --git a/pkgs/hpi.nix b/pkgs/hpi.nix index 4df2b1a..732958a 100644 --- a/pkgs/hpi.nix +++ b/pkgs/hpi.nix @@ -1,68 +1,67 @@ -{ - pkgs, - buildPythonPackage, - setuptools-scm, - pytest, - fetchPypi, - appdirs, - click, - decorator, - geopy, - logzero, - lxml, - more-itertools, - mypy, - orjson, - pandas, - pytz, - simplejson, - ... +{ pkgs +, buildPythonPackage +, setuptools-scm +, pytest +, fetchPypi +, appdirs +, click +, decorator +, geopy +, logzero +, lxml +, more-itertools +, mypy +, orjson +, pandas +, pytz +, simplejson +, ... }: with pkgs; let - orgparse = pkgs.python3Packages.callPackage ./orgparse.nix {inherit pkgs;}; - kobuddy = pkgs.python3Packages.callPackage ./kobuddy.nix {inherit pkgs;}; - ghexport = pkgs.python3Packages.callPackage ./ghexport.nix {inherit pkgs;}; + orgparse = pkgs.python3Packages.callPackage ./orgparse.nix { inherit pkgs; }; + kobuddy = pkgs.python3Packages.callPackage ./kobuddy.nix { inherit pkgs; }; + ghexport = pkgs.python3Packages.callPackage ./ghexport.nix { inherit pkgs; }; in - buildPythonPackage rec { - pname = "HPI"; - version = "0.3.20230207"; +buildPythonPackage rec { + pname = "HPI"; + version = "0.3.20230207"; - nativeBuildInputs = [setuptools-scm]; - propagatedBuildInputs = [ - appdirs - click - decorator - geopy - kobuddy - logzero - lxml - ghexport - more-itertools - mypy - orgparse - orjson - pandas - pytest - pytz - simplejson - ]; + nativeBuildInputs = [ setuptools-scm ]; + propagatedBuildInputs = [ + appdirs + click + decorator + geopy + kobuddy + logzero + lxml + ghexport + more-itertools + mypy + orgparse + orjson + pandas + pytest + pytz + simplejson + ]; - doCheck = true; + doCheck = true; - buildInputs = [mypy kobuddy]; + buildInputs = [ mypy kobuddy ]; - makeWrapperArgs = [ - # Add the installed directories to the python path so the daemon can find them - "--prefix PYTHONPATH : ${python3.pkgs.makePythonPath propagatedBuildInputs}" - "--prefix PYTHONPATH : $out/lib/${python3.libPrefix}/site-packages" - ]; + makeWrapperArgs = [ + # Add the installed directories to the python path so the daemon can find them + "--prefix PYTHONPATH : ${python3.pkgs.makePythonPath propagatedBuildInputs}" + "--prefix PYTHONPATH : $out/lib/${python3.libPrefix}/site-packages" + ]; - preCheck = '' - export HOME=$(mktemp -d) - ''; + preCheck = '' + export HOME=$(mktemp -d) + ''; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-i3C1Lmj6K48zVG960uv1epQm38qQnxalwy8kHnLTZrE="; - }; - } + src = fetchPypi { + inherit pname version; + sha256 = "sha256-i3C1Lmj6K48zVG960uv1epQm38qQnxalwy8kHnLTZrE="; + }; +} diff --git a/pkgs/iamb.nix b/pkgs/iamb.nix index 732fcf0..d8499af 100644 --- a/pkgs/iamb.nix +++ b/pkgs/iamb.nix @@ -1,7 +1,7 @@ -{ - lib, - rustPlatform, - fetchFromGitHub, +{ lib +, rustPlatform +, fetchFromGitHub +, }: rustPlatform.buildRustPackage rec { pname = "iamb"; @@ -20,6 +20,6 @@ rustPlatform.buildRustPackage rec { description = "A Matrix client for Vim addicts"; homepage = "https://github.com/ulyssa/iamb"; license = licenses.asl20; - maintainers = [maintainers.qbit]; + maintainers = [ maintainers.qbit ]; }; } diff --git a/pkgs/icbirc.nix b/pkgs/icbirc.nix index 3523cc1..0ac6c69 100644 --- a/pkgs/icbirc.nix +++ b/pkgs/icbirc.nix @@ -1,9 +1,8 @@ -{ - lib, - stdenv, - fetchurl, - pkgs, - ... +{ lib +, stdenv +, fetchurl +, pkgs +, ... }: stdenv.mkDerivation rec { pname = "icbirc"; @@ -14,9 +13,9 @@ stdenv.mkDerivation rec { sha256 = "sha256-aDk0TZPABNqX7Gu12AWh234Kee/DhwRFeIBDYnFiu7E="; }; - patches = [./icbirc.diff]; + patches = [ ./icbirc.diff ]; - buildInputs = with pkgs; [libbsd bsdbuild bmake]; + buildInputs = with pkgs; [ libbsd bsdbuild bmake ]; meta = with lib; { description = "proxy IRC client with ICB server"; @@ -26,6 +25,6 @@ stdenv.mkDerivation rec { homepage = "http://www.benzedrine.ch/icbirc.html"; license = licenses.bsd2; platforms = platforms.linux; - maintainers = with maintainers; [qbit]; + maintainers = with maintainers; [ qbit ]; }; } diff --git a/pkgs/kobuddy.nix b/pkgs/kobuddy.nix index a5066d0..e5925c0 100644 --- a/pkgs/kobuddy.nix +++ b/pkgs/kobuddy.nix @@ -1,15 +1,15 @@ -{ - lib, - fetchFromGitHub, - buildPythonPackage, - fetchPypi, - setuptools-scm, - pytz, - alembic, - banal, - sqlalchemy, - ... -}: let +{ lib +, fetchFromGitHub +, buildPythonPackage +, fetchPypi +, setuptools-scm +, pytz +, alembic +, banal +, sqlalchemy +, ... +}: +let myDataset = buildPythonPackage rec { pname = "dataset"; version = "1.6.0"; @@ -22,42 +22,42 @@ hash = "sha256-BfIGQvXKlsydV3p93/qLYtbVujTNWqWfMg16/aENHks="; }; - patches = [./kobuddy.diff]; + patches = [ ./kobuddy.diff ]; - propagatedBuildInputs = [alembic banal sqlalchemy]; + propagatedBuildInputs = [ alembic banal sqlalchemy ]; # checks attempt to import nonexistent module 'test.test' and fail doCheck = false; - pythonImportsCheck = ["dataset"]; + pythonImportsCheck = [ "dataset" ]; meta = with lib; { description = "Toolkit for Python-based database access"; homepage = "https://dataset.readthedocs.io"; license = licenses.mit; - maintainers = with maintainers; [xfnw]; + maintainers = with maintainers; [ xfnw ]; }; }; in - buildPythonPackage rec { - pname = "kobuddy"; - version = "0.2.20221023"; +buildPythonPackage rec { + pname = "kobuddy"; + version = "0.2.20221023"; - src = fetchPypi { - inherit pname version; - sha256 = "sha256-2Al1aDx9ymr0Pw+HC2S6mXkKvsDLhM1Oto+urr9i7BY="; - }; + src = fetchPypi { + inherit pname version; + sha256 = "sha256-2Al1aDx9ymr0Pw+HC2S6mXkKvsDLhM1Oto+urr9i7BY="; + }; - doCheck = true; + doCheck = true; - nativeBuildInputs = [setuptools-scm]; + nativeBuildInputs = [ setuptools-scm ]; - propagatedBuildInputs = [myDataset pytz]; + propagatedBuildInputs = [ myDataset pytz ]; - meta = with lib; { - homepage = "https://github.com/karlicoss/promnesia"; - description = "Another piece of your extended mind"; - license = licenses.mit; - maintainers = with maintainers; [qbit]; - }; - } + meta = with lib; { + homepage = "https://github.com/karlicoss/promnesia"; + description = "Another piece of your extended mind"; + license = licenses.mit; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/kurinto.nix b/pkgs/kurinto.nix index 2ac07cc..b4ac31a 100644 --- a/pkgs/kurinto.nix +++ b/pkgs/kurinto.nix @@ -1,7 +1,7 @@ -{ - lib, - stdenvNoCC, - fetchzip, +{ lib +, stdenvNoCC +, fetchzip +, }: stdenvNoCC.mkDerivation rec { pname = "kurinto"; @@ -26,8 +26,8 @@ stdenvNoCC.mkDerivation rec { homepage = "https://www.kurinto.com/index.htm"; description = "a large collection of free fonts that include most of the characters in every human language"; license = licenses.ofl; - maintainers = with maintainers; [qbit]; + maintainers = with maintainers; [ qbit ]; platforms = lib.platforms.all; - hydraPlatform = []; + hydraPlatform = [ ]; }; } diff --git a/pkgs/mcchunkie.nix b/pkgs/mcchunkie.nix index 8581bc8..ddafa2e 100644 --- a/pkgs/mcchunkie.nix +++ b/pkgs/mcchunkie.nix @@ -1,33 +1,32 @@ -{ - lib, - buildGoModule, - fetchFromGitHub, - ... +{ lib +, buildGoModule +, fetchFromGitHub +, ... }: with lib; - buildGoModule rec { - pname = "mcchunkie"; - version = "1.0.13"; +buildGoModule rec { + pname = "mcchunkie"; + version = "1.0.13"; - src = fetchFromGitHub { - owner = "qbit"; - repo = pname; - rev = "v${version}"; - hash = "sha256-/vPiwrNSdGDZtnnZTCxrkvRLP45c/c2/rYhBQNsddsg="; - }; + src = fetchFromGitHub { + owner = "qbit"; + repo = pname; + rev = "v${version}"; + hash = "sha256-/vPiwrNSdGDZtnnZTCxrkvRLP45c/c2/rYhBQNsddsg="; + }; - vendorHash = "sha256-OWIjq8Qsr1UEOrdDZlYG6qlVKs51R6xNhCqXSqAE2Mk="; + vendorHash = "sha256-OWIjq8Qsr1UEOrdDZlYG6qlVKs51R6xNhCqXSqAE2Mk="; - ldflags = ["-X suah.dev/mcchunkie/plugins.version=${version}"]; + ldflags = [ "-X suah.dev/mcchunkie/plugins.version=${version}" ]; - proxyVendor = true; + proxyVendor = true; - doCheck = false; + doCheck = false; - meta = { - description = "Matrix Bot"; - homepage = "https://github.com/qbit/mcchunkie"; - license = licenses.mit; - maintainers = with maintainers; [qbit]; - }; - } + meta = { + description = "Matrix Bot"; + homepage = "https://github.com/qbit/mcchunkie"; + license = licenses.mit; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/mudita-center.nix b/pkgs/mudita-center.nix index 4e004c3..9cb5efa 100644 --- a/pkgs/mudita-center.nix +++ b/pkgs/mudita-center.nix @@ -1,9 +1,9 @@ -{ - fetchurl, - appimageTools, - desktop-file-utils, - ... -}: let +{ fetchurl +, appimageTools +, desktop-file-utils +, ... +}: +let name = "mudita-center"; version = "1.3.0"; @@ -13,26 +13,26 @@ sha256 = "1cqrrs5ycl5lrla8mprx443dpiz99a63f4i3da43vxh1xxl0ki4n"; }; - appimageContents = appimageTools.extract {inherit name src;}; + appimageContents = appimageTools.extract { inherit name src; }; in - appimageTools.wrapType1 rec { - inherit name src; +appimageTools.wrapType1 rec { + inherit name src; - extraInstallCommands = '' - cp -r ${appimageContents}/* $out - cd $out - chmod -R +w $out + extraInstallCommands = '' + cp -r ${appimageContents}/* $out + cd $out + chmod -R +w $out - mv "Mudita Center" $out/${name} + mv "Mudita Center" $out/${name} - # TODO: - #${desktop-file-utils}/bin/desktop-file-install --dir $out/share/applications \ - # --set-key Exec --set-value ${name} "Mudita Center.desktop" + # TODO: + #${desktop-file-utils}/bin/desktop-file-install --dir $out/share/applications \ + # --set-key Exec --set-value ${name} "Mudita Center.desktop" - mv usr/share/icons share + mv usr/share/icons share - rm usr/lib/* AppRun *.desktop - ''; + rm usr/lib/* AppRun *.desktop + ''; - #extraPkgs = pkgs: with pkgs; [ ]; - } + #extraPkgs = pkgs: with pkgs; [ ]; +} diff --git a/pkgs/mvoice.nix b/pkgs/mvoice.nix index 7176a45..6514816 100644 --- a/pkgs/mvoice.nix +++ b/pkgs/mvoice.nix @@ -1,9 +1,8 @@ -{ - lib, - stdenv, - fetchFromGitHub, - pkgs, - ... +{ lib +, stdenv +, fetchFromGitHub +, pkgs +, ... }: stdenv.mkDerivation { pname = "mvoice"; @@ -46,6 +45,6 @@ stdenv.mkDerivation { homepage = "https://github.com/n7tae/mvoice"; license = licenses.gpl3; platforms = platforms.unix; - maintainers = with maintainers; [qbit]; + maintainers = with maintainers; [ qbit ]; }; } diff --git a/pkgs/nheko.nix b/pkgs/nheko.nix index 6c37821..84e5a5d 100644 --- a/pkgs/nheko.nix +++ b/pkgs/nheko.nix @@ -1,9 +1,8 @@ -{ - lib, - fetchurl, - stdenv, - undmg, - ... +{ lib +, fetchurl +, stdenv +, undmg +, ... }: stdenv.mkDerivation rec { pname = "nheko"; @@ -14,7 +13,7 @@ stdenv.mkDerivation rec { hash = "sha256-t7evlvb+ueJZhtmt4KrOeXv2BZV8/fY4vj4GAmoCR2w="; }; - nativeBuildInputs = [undmg]; + nativeBuildInputs = [ undmg ]; sourceRoot = "."; diff --git a/pkgs/openssh/common.nix b/pkgs/openssh/common.nix index 836e471..14878ae 100644 --- a/pkgs/openssh/common.nix +++ b/pkgs/openssh/common.nix @@ -1,35 +1,35 @@ -{ - pname, - version, - extraDesc ? "", - src, - extraPatches ? [], - extraNativeBuildInputs ? [], - extraConfigureFlags ? [], - extraMeta ? {}, -}: { - lib, - stdenv, - # This *is* correct, though unusual. as a way of getting krb5-config from the - # package without splicing See: https://github.com/NixOS/nixpkgs/pull/107606 - pkgs, - autoreconfHook, - zlib, - libressl, - libedit, - pkg-config, - pam, - libredirect, - etcDir ? "/etc/ssh", - withKerberos ? true, - libkrb5, - libfido2, - hostname, - nixosTests, - withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl, - withPAM ? stdenv.hostPlatform.isLinux, - linkOpenssl ? true, -}: +{ pname +, version +, extraDesc ? "" +, src +, extraPatches ? [ ] +, extraNativeBuildInputs ? [ ] +, extraConfigureFlags ? [ ] +, extraMeta ? { } +, +}: { lib + , stdenv + , # This *is* correct, though unusual. as a way of getting krb5-config from the + # package without splicing See: https://github.com/NixOS/nixpkgs/pull/107606 + pkgs + , autoreconfHook + , zlib + , libressl + , libedit + , pkg-config + , pam + , libredirect + , etcDir ? "/etc/ssh" + , withKerberos ? true + , libkrb5 + , libfido2 + , hostname + , nixosTests + , withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl + , withPAM ? stdenv.hostPlatform.isLinux + , linkOpenssl ? true + , + }: stdenv.mkDerivation { inherit pname version src; @@ -51,14 +51,14 @@ stdenv.mkDerivation { strictDeps = true; nativeBuildInputs = - [autoreconfHook pkg-config] + [ autoreconfHook pkg-config ] # This is not the same as the libkrb5 from the inputs! pkgs.libkrb5 is # needed here to access krb5-config in order to cross compile. See: # https://github.com/NixOS/nixpkgs/pull/107606 ++ lib.optional withKerberos pkgs.libkrb5 ++ extraNativeBuildInputs; buildInputs = - [zlib libressl libedit] + [ zlib libressl libedit ] ++ lib.optional withFIDO libfido2 ++ lib.optional withKerberos libkrb5 ++ lib.optional withPAM pam; @@ -89,21 +89,21 @@ stdenv.mkDerivation { ++ extraConfigureFlags; ${ - if stdenv.hostPlatform.isStatic - then "NIX_LDFLAGS" - else null + if stdenv.hostPlatform.isStatic + then "NIX_LDFLAGS" + else null } = - ["-laudit"] ++ lib.optionals withKerberos ["-lkeyutils"]; + [ "-laudit" ] ++ lib.optionals withKerberos [ "-lkeyutils" ]; - buildFlags = ["SSH_KEYSIGN=ssh-keysign"]; + buildFlags = [ "SSH_KEYSIGN=ssh-keysign" ]; enableParallelBuilding = true; - hardeningEnable = ["pie"]; + hardeningEnable = [ "pie" ]; doCheck = true; enableParallelChecking = false; - nativeCheckInputs = [libressl] ++ lib.optional (!stdenv.isDarwin) hostname; + nativeCheckInputs = [ libressl ] ++ lib.optional (!stdenv.isDarwin) hostname; preCheck = lib.optionalString (stdenv.hostPlatform == stdenv.buildPlatform) '' # construct a dummy HOME export HOME=$(realpath ../dummy-home) @@ -154,9 +154,9 @@ stdenv.mkDerivation { checkTarget = lib.optional (!stdenv.isDarwin && !stdenv.hostPlatform.isMusl) "t-exec" # other tests are less demanding of the environment - ++ ["unit" "file-tests" "interop-tests"]; + ++ [ "unit" "file-tests" "interop-tests" ]; - installTargets = ["install-nokeys"]; + installTargets = [ "install-nokeys" ]; installFlags = [ "sysconfdir=\${out}/etc/ssh" ]; @@ -172,7 +172,7 @@ stdenv.mkDerivation { changelog = "https://www.openssh.com/releasenotes.html"; license = licenses.bsd2; platforms = platforms.unix ++ platforms.windows; - maintainers = (extraMeta.maintainers or []) ++ (with maintainers; [eelco aneeshusa]); + maintainers = (extraMeta.maintainers or [ ]) ++ (with maintainers; [ eelco aneeshusa ]); mainProgram = "ssh"; } // extraMeta; diff --git a/pkgs/openssh/default.nix b/pkgs/openssh/default.nix index 2efc987..149eb82 100644 --- a/pkgs/openssh/default.nix +++ b/pkgs/openssh/default.nix @@ -1,12 +1,14 @@ -{ - callPackage, - lib, - fetchFromGitHub, -}: let +{ callPackage +, lib +, fetchFromGitHub +, +}: +let inherit (builtins) readFile fromJSON; - common = opts: callPackage (import ./common.nix opts) {}; + common = opts: callPackage (import ./common.nix opts) { }; verStr = fromJSON (readFile ./version.json); -in { +in +{ openssh = common { pname = "openssh"; inherit (verStr) version; @@ -17,7 +19,7 @@ in { repo = "openssh-portable"; }; - extraPatches = [./ssh-keysign-8.5.patch]; - extraMeta.maintainers = with lib.maintainers; [qbit]; + extraPatches = [ ./ssh-keysign-8.5.patch ]; + extraMeta.maintainers = with lib.maintainers; [ qbit ]; }; } diff --git a/pkgs/orgparse.nix b/pkgs/orgparse.nix index 5f6c661..58a4e7b 100644 --- a/pkgs/orgparse.nix +++ b/pkgs/orgparse.nix @@ -1,18 +1,17 @@ -{ - buildPythonPackage, - setuptools-scm, - pytest, - fetchPypi, - ... +{ buildPythonPackage +, setuptools-scm +, pytest +, fetchPypi +, ... }: buildPythonPackage rec { pname = "orgparse"; version = "0.3.2"; - nativeBuildInputs = [setuptools-scm]; + nativeBuildInputs = [ setuptools-scm ]; #propagatedBuildInputs = [ ]; - nativeCheckInputs = [pytest]; + nativeCheckInputs = [ pytest ]; doCheck = true; diff --git a/pkgs/precursorupdater.nix b/pkgs/precursorupdater.nix index 541be08..4977adc 100644 --- a/pkgs/precursorupdater.nix +++ b/pkgs/precursorupdater.nix @@ -1,12 +1,11 @@ -{ - lib, - buildPythonPackage, - fetchPypi, - pyusb, - progressbar2, - requests, - pycryptodome, - ... +{ lib +, buildPythonPackage +, fetchPypi +, pyusb +, progressbar2 +, requests +, pycryptodome +, ... }: buildPythonPackage rec { pname = "precursorupdater"; @@ -17,7 +16,7 @@ buildPythonPackage rec { sha256 = "sha256-YWPWGQLFbHjhYbdhLvbWndsNPfWEPSD7rfN6pJdnZFs="; }; - propagatedBuildInputs = [pyusb progressbar2 requests pycryptodome]; + propagatedBuildInputs = [ pyusb progressbar2 requests pycryptodome ]; doCheck = false; @@ -25,6 +24,6 @@ buildPythonPackage rec { homepage = "https://github.com/betrusted-io/betrusted-wiki/wiki/Updating-Your-Device"; description = "script to automatically updates a Precursor device"; license = licenses.asl20; - maintainers = with maintainers; [qbit]; + maintainers = with maintainers; [ qbit ]; }; } diff --git a/pkgs/promnesia.nix b/pkgs/promnesia.nix index 9ea3651..0ec4af7 100644 --- a/pkgs/promnesia.nix +++ b/pkgs/promnesia.nix @@ -1,86 +1,85 @@ -{ - lib, - buildPythonPackage, - fetchFromGitHub, - beautifulsoup4, - fastapi, - httptools, - logzero, - lxml, - mistletoe, - more-itertools, - mypy, - pytz, - setuptools, - tzlocal, - urlextract, - uvicorn, - uvloop, - watchfiles, - websockets, - setuptools-scm, - pkgs, - ... +{ lib +, buildPythonPackage +, fetchFromGitHub +, beautifulsoup4 +, fastapi +, httptools +, logzero +, lxml +, mistletoe +, more-itertools +, mypy +, pytz +, setuptools +, tzlocal +, urlextract +, uvicorn +, uvloop +, watchfiles +, websockets +, setuptools-scm +, pkgs +, ... }: with pkgs; let - hpi = pkgs.python3Packages.callPackage ./hpi.nix {inherit pkgs;}; + hpi = pkgs.python3Packages.callPackage ./hpi.nix { inherit pkgs; }; sqlcipher3 = - pkgs.python3Packages.callPackage ./sqlcipher3.nix {inherit pkgs;}; - cachew = pkgs.python3Packages.callPackage ./cachew.nix {inherit pkgs;}; - python-dotenv = pkgs.python3Packages.callPackage ./python-dotenv.nix {}; + pkgs.python3Packages.callPackage ./sqlcipher3.nix { inherit pkgs; }; + cachew = pkgs.python3Packages.callPackage ./cachew.nix { inherit pkgs; }; + python-dotenv = pkgs.python3Packages.callPackage ./python-dotenv.nix { }; in - buildPythonPackage rec { - pname = "promnesia"; - version = "1.1.20230417"; +buildPythonPackage rec { + pname = "promnesia"; + version = "1.1.20230417"; - src = fetchFromGitHub { - owner = "karlicoss"; - repo = pname; - rev = "1f60af17761570b8a6787ebf0753ecfa750cad1b"; - hash = "sha256-iaMoNEz3bNNEH+K2vXu21T+JLQVGC7iq3PBjm4Vv+24="; - }; + src = fetchFromGitHub { + owner = "karlicoss"; + repo = pname; + rev = "1f60af17761570b8a6787ebf0753ecfa750cad1b"; + hash = "sha256-iaMoNEz3bNNEH+K2vXu21T+JLQVGC7iq3PBjm4Vv+24="; + }; - SETUPTOOLS_SCM_PRETEND_VERSION = version; + SETUPTOOLS_SCM_PRETEND_VERSION = version; - doCheck = true; + doCheck = true; - nativeBuildInputs = [setuptools-scm]; + nativeBuildInputs = [ setuptools-scm ]; - # Optional - # bs4 lxml mistletoe logzero - propagatedBuildInputs = [ - beautifulsoup4 - cachew - fastapi - hpi - httptools - logzero - lxml - mistletoe - more-itertools - mypy - python-dotenv - pytz - setuptools - sqlcipher3 - tzlocal - urlextract - uvicorn - uvloop - watchfiles - websockets - ]; + # Optional + # bs4 lxml mistletoe logzero + propagatedBuildInputs = [ + beautifulsoup4 + cachew + fastapi + hpi + httptools + logzero + lxml + mistletoe + more-itertools + mypy + python-dotenv + pytz + setuptools + sqlcipher3 + tzlocal + urlextract + uvicorn + uvloop + watchfiles + websockets + ]; - makeWrapperArgs = [ - # Add the installed directories to the python path so the daemon can find them - "--prefix PYTHONPATH : ${python3.pkgs.makePythonPath propagatedBuildInputs}" - "--prefix PYTHONPATH : $out/lib/${python3.libPrefix}/site-packages" - ]; + makeWrapperArgs = [ + # Add the installed directories to the python path so the daemon can find them + "--prefix PYTHONPATH : ${python3.pkgs.makePythonPath propagatedBuildInputs}" + "--prefix PYTHONPATH : $out/lib/${python3.libPrefix}/site-packages" + ]; - meta = with lib; { - homepage = "https://github.com/karlicoss/promnesia"; - description = "Another piece of your extended mind"; - license = licenses.mit; - maintainers = with maintainers; [qbit]; - }; - } + meta = with lib; { + homepage = "https://github.com/karlicoss/promnesia"; + description = "Another piece of your extended mind"; + license = licenses.mit; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/python-dotenv.nix b/pkgs/python-dotenv.nix index aba4109..bd027b1 100644 --- a/pkgs/python-dotenv.nix +++ b/pkgs/python-dotenv.nix @@ -1,13 +1,13 @@ -{ - lib, - buildPythonPackage, - click, - fetchPypi, - ipython, - mock, - pytestCheckHook, - pythonOlder, - sh, +{ lib +, buildPythonPackage +, click +, fetchPypi +, ipython +, mock +, pytestCheckHook +, pythonOlder +, sh +, }: buildPythonPackage rec { pname = "python-dotenv"; @@ -19,18 +19,18 @@ buildPythonPackage rec { sha256 = "sha256-t30IJ0Y549NBRd+mxwCOZt8PBLe+enX9DVKSwZHXkEU="; }; - propagatedBuildInputs = [click]; + propagatedBuildInputs = [ click ]; - nativeCheckInputs = [ipython mock pytestCheckHook sh]; + nativeCheckInputs = [ ipython mock pytestCheckHook sh ]; - disabledTests = ["cli"]; + disabledTests = [ "cli" ]; - pythonImportsCheck = ["dotenv"]; + pythonImportsCheck = [ "dotenv" ]; meta = with lib; { description = "Add .env support to your django/flask apps in development and deployments"; homepage = "https://github.com/theskumar/python-dotenv"; license = licenses.bsdOriginal; - maintainers = with maintainers; [erikarvstedt]; + maintainers = with maintainers; [ erikarvstedt ]; }; } diff --git a/pkgs/rkvm.nix b/pkgs/rkvm.nix index 8a42e19..387a12d 100644 --- a/pkgs/rkvm.nix +++ b/pkgs/rkvm.nix @@ -1,13 +1,12 @@ -{ - lib, - fetchFromGitHub, - rustPlatform, - pkg-config, - openssl_1_1, - llvmPackages, - libevdev, - linuxHeaders, - ... +{ lib +, fetchFromGitHub +, rustPlatform +, pkg-config +, openssl_1_1 +, llvmPackages +, libevdev +, linuxHeaders +, ... }: rustPlatform.buildRustPackage { pname = "rkvm"; @@ -25,8 +24,8 @@ rustPlatform.buildRustPackage { BINDGEN_EXTRA_CLANG_ARGS = "-I${lib.getDev libevdev}/include/libevdev-1.0"; LIBCLANG_PATH = "${llvmPackages.libclang.lib}/lib"; - nativeBuildInputs = [llvmPackages.clang pkg-config openssl_1_1]; - buildInputs = [libevdev openssl_1_1 linuxHeaders]; + nativeBuildInputs = [ llvmPackages.clang pkg-config openssl_1_1 ]; + buildInputs = [ libevdev openssl_1_1 linuxHeaders ]; doCheck = false; @@ -40,8 +39,8 @@ rustPlatform.buildRustPackage { description = "Virtual KVM switch for Linux machines"; homepage = "https://github.com/htrefil/rkvm"; license = licenses.mit; - maintainers = with maintainers; [qbit]; - platforms = ["x86_64-linux"]; + maintainers = with maintainers; [ qbit ]; + platforms = [ "x86_64-linux" ]; mainProgram = "rkvm"; }; } diff --git a/pkgs/rtlamr.nix b/pkgs/rtlamr.nix index 8886fb8..fcd16dd 100644 --- a/pkgs/rtlamr.nix +++ b/pkgs/rtlamr.nix @@ -1,27 +1,26 @@ -{ - lib, - buildGoModule, - fetchFromGitHub, - ... +{ lib +, buildGoModule +, fetchFromGitHub +, ... }: with lib; - buildGoModule rec { - pname = "rtlamr"; - version = "0.9.3"; +buildGoModule rec { + pname = "rtlamr"; + version = "0.9.3"; - src = fetchFromGitHub { - owner = "bemasher"; - repo = pname; - rev = "v${version}"; - hash = "sha256-0LufLU/wTmCRqTnQBNJg5UnDv0u1Thec5FSWATWqZsQ="; - }; + src = fetchFromGitHub { + owner = "bemasher"; + repo = pname; + rev = "v${version}"; + hash = "sha256-0LufLU/wTmCRqTnQBNJg5UnDv0u1Thec5FSWATWqZsQ="; + }; - vendorHash = "sha256-uT6zfsWgIot0EMNqwtwJNFXN/WaAyOGfcYJjuyOXT4g="; + vendorHash = "sha256-uT6zfsWgIot0EMNqwtwJNFXN/WaAyOGfcYJjuyOXT4g="; - meta = { - description = "rtl-sdr receiver for Itron ETR meters"; - homepage = "https://github.com/bemasher/rtlamr"; - license = licenses.agpl3; - maintainers = with maintainers; [qbit]; - }; - } + meta = { + description = "rtl-sdr receiver for Itron ETR meters"; + homepage = "https://github.com/bemasher/rtlamr"; + license = licenses.agpl3; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/rtlamr2mqtt.nix b/pkgs/rtlamr2mqtt.nix index 2b379d8..5c92ffa 100644 --- a/pkgs/rtlamr2mqtt.nix +++ b/pkgs/rtlamr2mqtt.nix @@ -1,42 +1,42 @@ -{ - buildPythonPackage, - callPackage, - fetchFromGitHub, - paho-mqtt, - pyusb, - pyyaml, - requests, - rtl-sdr, - ... -}: let - rtlamr = callPackage ./rtlamr.nix {}; +{ buildPythonPackage +, callPackage +, fetchFromGitHub +, paho-mqtt +, pyusb +, pyyaml +, requests +, rtl-sdr +, ... +}: +let + rtlamr = callPackage ./rtlamr.nix { }; in - buildPythonPackage { - pname = "rtlamr2mqtt"; - version = "unstable-2023-08-17"; +buildPythonPackage { + pname = "rtlamr2mqtt"; + version = "unstable-2023-08-17"; - format = "none"; + format = "none"; - nativeBuildInputs = []; - propagatedBuildInputs = [paho-mqtt pyyaml requests pyusb rtlamr rtl-sdr]; + nativeBuildInputs = [ ]; + propagatedBuildInputs = [ paho-mqtt pyyaml requests pyusb rtlamr rtl-sdr ]; - doCheck = false; - doBuild = false; + doCheck = false; + doBuild = false; - installPhase = '' - mkdir -p $out/bin - cp rtlamr2mqtt-addon/rtlamr2mqtt.py $out/bin/rtlamr2mqtt - cp rtlamr2mqtt-addon/sdl_ids.txt $out/ - ''; + installPhase = '' + mkdir -p $out/bin + cp rtlamr2mqtt-addon/rtlamr2mqtt.py $out/bin/rtlamr2mqtt + cp rtlamr2mqtt-addon/sdl_ids.txt $out/ + ''; - src = fetchFromGitHub { - owner = "qbit"; - repo = "rtlamr2mqtt"; - hash = "sha256-WqW+RZQhwYAIvBAizO3/7SdlhWR9ZIIliEq76XwsUEo="; - rev = "631504e"; - }; + src = fetchFromGitHub { + owner = "qbit"; + repo = "rtlamr2mqtt"; + hash = "sha256-WqW+RZQhwYAIvBAizO3/7SdlhWR9ZIIliEq76XwsUEo="; + rev = "631504e"; + }; - meta = { - mainProgram = "rtlamr2mqtt"; - }; - } + meta = { + mainProgram = "rtlamr2mqtt"; + }; +} diff --git a/pkgs/secretive.nix b/pkgs/secretive.nix index a248933..71e2d92 100644 --- a/pkgs/secretive.nix +++ b/pkgs/secretive.nix @@ -1,9 +1,8 @@ -{ - lib, - fetchurl, - stdenv, - unzip, - ... +{ lib +, fetchurl +, stdenv +, unzip +, ... }: stdenv.mkDerivation rec { pname = "secretive"; @@ -15,7 +14,7 @@ stdenv.mkDerivation rec { hash = "sha256-STpyNiiYtEgLqnDxFdlRW0Gyr0pQPK8AJ34rw4JLC70="; }; - buildInputs = [unzip]; + buildInputs = [ unzip ]; installPhase = '' mkdir -p $out/Applications diff --git a/pkgs/sliding-sync.nix b/pkgs/sliding-sync.nix index f3d584d..61b2c47 100644 --- a/pkgs/sliding-sync.nix +++ b/pkgs/sliding-sync.nix @@ -1,30 +1,29 @@ -{ - lib, - buildGoModule, - fetchFromGitHub, - ... +{ lib +, buildGoModule +, fetchFromGitHub +, ... }: with lib; - buildGoModule rec { - pname = "sliding-sync"; - version = "0.99.10"; +buildGoModule rec { + pname = "sliding-sync"; + version = "0.99.10"; - src = fetchFromGitHub { - owner = "matrix-org"; - repo = pname; - rev = "v${version}"; - hash = "sha256-TjChelGVicA59q6iIIDTI7nSj8KtjpA4bfZqsfoiOQg="; - }; + src = fetchFromGitHub { + owner = "matrix-org"; + repo = pname; + rev = "v${version}"; + hash = "sha256-TjChelGVicA59q6iIIDTI7nSj8KtjpA4bfZqsfoiOQg="; + }; - vendorHash = "sha256-E3nCcw6eTKKcL55ls6n5pYlRFffsefsN0G1Hwd49uh8="; + vendorHash = "sha256-E3nCcw6eTKKcL55ls6n5pYlRFffsefsN0G1Hwd49uh8="; - # Note: tests require a postgres install accessible to the current user - doCheck = false; + # Note: tests require a postgres install accessible to the current user + doCheck = false; - meta = { - description = "An implementation of MSC3575"; - homepage = "https://github.com/matrix-org/sliding-sync"; - license = licenses.asl20; - maintainers = with maintainers; [qbit]; - }; - } + meta = { + description = "An implementation of MSC3575"; + homepage = "https://github.com/matrix-org/sliding-sync"; + license = licenses.asl20; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/sqlcipher3.nix b/pkgs/sqlcipher3.nix index 78d7630..c85c516 100644 --- a/pkgs/sqlcipher3.nix +++ b/pkgs/sqlcipher3.nix @@ -1,16 +1,15 @@ -{ - buildPythonPackage, - setuptools-scm, - sqlcipher, - fetchPypi, - ... +{ buildPythonPackage +, setuptools-scm +, sqlcipher +, fetchPypi +, ... }: buildPythonPackage rec { pname = "sqlcipher3"; version = "0.5.0"; - nativeBuildInputs = [setuptools-scm]; - propagatedBuildInputs = [sqlcipher]; + nativeBuildInputs = [ setuptools-scm ]; + propagatedBuildInputs = [ sqlcipher ]; doCheck = true; diff --git a/pkgs/tailscale-systray.nix b/pkgs/tailscale-systray.nix index c0b2ac9..0ed01fa 100644 --- a/pkgs/tailscale-systray.nix +++ b/pkgs/tailscale-systray.nix @@ -1,34 +1,33 @@ -{ - pkgs, - lib, - buildGoModule, - fetchFromGitHub, - ... +{ pkgs +, lib +, buildGoModule +, fetchFromGitHub +, ... }: with lib; with pkgs; - buildGoModule rec { - pname = "tailscale-systray"; - version = "2022-10-19"; +buildGoModule rec { + pname = "tailscale-systray"; + version = "2022-10-19"; - src = fetchFromGitHub { - owner = "mattn"; - repo = pname; - rev = "e7f8893684e7b8779f34045ca90e5abe6df6056d"; - sha256 = "sha256-3kozp6jq0xGllxoK2lGCNUahy/FvXyq11vNSxfDehKE="; - }; + src = fetchFromGitHub { + owner = "mattn"; + repo = pname; + rev = "e7f8893684e7b8779f34045ca90e5abe6df6056d"; + sha256 = "sha256-3kozp6jq0xGllxoK2lGCNUahy/FvXyq11vNSxfDehKE="; + }; - vendorSha256 = "sha256-YJ74SeZAMS+dXyoPhPTJ3L+5uL5bF8gumhMOqfvmlms="; + vendorSha256 = "sha256-YJ74SeZAMS+dXyoPhPTJ3L+5uL5bF8gumhMOqfvmlms="; - nativeBuildInputs = [pkg-config]; - buildInputs = [libayatana-appindicator gtk3]; + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ libayatana-appindicator gtk3 ]; - proxyVendor = true; + proxyVendor = true; - meta = { - description = "Tailscale systray"; - homepage = "https://github.com/mattn/tailscale-systray"; - license = licenses.mit; - maintainers = with maintainers; [qbit]; - }; - } + meta = { + description = "Tailscale systray"; + homepage = "https://github.com/mattn/tailscale-systray"; + license = licenses.mit; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/tile-gaps.nix b/pkgs/tile-gaps.nix index f586926..2f032f6 100644 --- a/pkgs/tile-gaps.nix +++ b/pkgs/tile-gaps.nix @@ -1,11 +1,11 @@ -{ - lib, - mkDerivation, - fetchFromGitHub, - kcoreaddons, - kwindowsystem, - plasma-framework, - systemsettings, +{ lib +, mkDerivation +, fetchFromGitHub +, kcoreaddons +, kwindowsystem +, plasma-framework +, systemsettings +, }: mkDerivation rec { pname = "tile-gaps"; @@ -18,7 +18,7 @@ mkDerivation rec { sha256 = "sha256-IqmRazguCLSBe27Sy94gABCL+9lJFhFRYe1SPLF8jT8="; }; - buildInputs = [kcoreaddons kwindowsystem plasma-framework systemsettings]; + buildInputs = [ kcoreaddons kwindowsystem plasma-framework systemsettings ]; dontBuild = true; @@ -38,7 +38,7 @@ mkDerivation rec { KWin script to add space around windows touching a screen edge or other window ''; license = licenses.gpl3; - maintainers = with maintainers; [qbit]; + maintainers = with maintainers; [ qbit ]; inherit (src.meta) homepage; inherit (kwindowsystem.meta) platforms; }; diff --git a/pkgs/weepushover.nix b/pkgs/weepushover.nix index 243aba3..e96bc4a 100644 --- a/pkgs/weepushover.nix +++ b/pkgs/weepushover.nix @@ -1,10 +1,9 @@ -{ - buildPythonPackage, - lib, - fetchurl, - python, - weechat, - ... +{ buildPythonPackage +, lib +, fetchurl +, python +, weechat +, ... }: buildPythonPackage { pname = "weepushover"; @@ -15,11 +14,11 @@ buildPythonPackage { hash = "sha256-msOdNfYg88Wq00UJIRNu1OjKSUO0Kfq5rvLbIET2eo4="; }; - propagatedBuildInputs = []; + propagatedBuildInputs = [ ]; dontUnpack = true; - passthru.scripts = ["weepushover.py"]; + passthru.scripts = [ "weepushover.py" ]; dontBuild = true; doCheck = false; @@ -43,6 +42,6 @@ buildPythonPackage { homepage = "https://github.com/adtac/weepushover"; description = "push notifications from weechat to pushover"; license = licenses.mit; - maintainers = with maintainers; [qbit]; + maintainers = with maintainers; [ qbit ]; }; } diff --git a/pkgs/yaegi.nix b/pkgs/yaegi.nix index 21e49f3..db1e8f5 100644 --- a/pkgs/yaegi.nix +++ b/pkgs/yaegi.nix @@ -1,27 +1,26 @@ -{ - lib, - buildGoModule, - fetchFromGitHub, - ... +{ lib +, buildGoModule +, fetchFromGitHub +, ... }: with lib; - buildGoModule rec { - pname = "yaegi"; - version = "0.15.0"; +buildGoModule rec { + pname = "yaegi"; + version = "0.15.0"; - src = fetchFromGitHub { - owner = "traefik"; - repo = pname; - rev = "v${version}"; - sha256 = "sha256-++WA6Xdo9YuMQgCL/c485LgKeV4XeodVZBBYCBsmh+M="; - }; + src = fetchFromGitHub { + owner = "traefik"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-++WA6Xdo9YuMQgCL/c485LgKeV4XeodVZBBYCBsmh+M="; + }; - vendorHash = null; + vendorHash = null; - meta = { - description = "Yaegi is Another Elegant Go Interpreter"; - homepage = "https://github.com/traefik/yaegi"; - license = licenses.asl20; - maintainers = with maintainers; [qbit]; - }; - } + meta = { + description = "Yaegi is Another Elegant Go Interpreter"; + homepage = "https://github.com/traefik/yaegi"; + license = licenses.asl20; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/yarr.nix b/pkgs/yarr.nix index 51c1783..422c737 100644 --- a/pkgs/yarr.nix +++ b/pkgs/yarr.nix @@ -1,41 +1,40 @@ -{ - lib, - buildGoModule, - fetchFromGitHub, - ... +{ lib +, buildGoModule +, fetchFromGitHub +, ... }: with lib; - buildGoModule rec { - pname = "yarr"; - version = "2.4"; +buildGoModule rec { + pname = "yarr"; + version = "2.4"; - src = fetchFromGitHub { - owner = "nkanaev"; - repo = pname; - rev = "v${version}"; - sha256 = "sha256-ZMQ+IX8dZuxyxQhD/eWAe4bGGCVcaCeVgF+Wqs79G+k="; - }; + src = fetchFromGitHub { + owner = "nkanaev"; + repo = pname; + rev = "v${version}"; + sha256 = "sha256-ZMQ+IX8dZuxyxQhD/eWAe4bGGCVcaCeVgF+Wqs79G+k="; + }; - vendorHash = null; + vendorHash = null; - ldflags = ["-X main.Version=${version}"]; + ldflags = [ "-X main.Version=${version}" ]; - tags = ["sqlite_foreign_keys" "release"]; + tags = [ "sqlite_foreign_keys" "release" ]; - proxyVendor = true; + proxyVendor = true; - doCheck = false; + doCheck = false; - subPackages = ["./src/main.go"]; + subPackages = [ "./src/main.go" ]; - postInstall = '' - mv $out/bin/main $out/bin/yarr - ''; + postInstall = '' + mv $out/bin/main $out/bin/yarr + ''; - meta = { - description = "Yet Another RSS Reader"; - homepage = "https://github.com/nkanaev/yarr"; - license = licenses.mit; - maintainers = with maintainers; [qbit]; - }; - } + meta = { + description = "Yet Another RSS Reader"; + homepage = "https://github.com/nkanaev/yarr"; + license = licenses.mit; + maintainers = with maintainers; [ qbit ]; + }; +} diff --git a/pkgs/zutty.nix b/pkgs/zutty.nix index eb8920e..db89dd7 100644 --- a/pkgs/zutty.nix +++ b/pkgs/zutty.nix @@ -1,10 +1,9 @@ -{ - lib, - stdenv, - fetchFromGitHub, - pkgs, - go-font, - ... +{ lib +, stdenv +, fetchFromGitHub +, pkgs +, go-font +, ... }: stdenv.mkDerivation rec { pname = "zutty"; @@ -17,7 +16,7 @@ stdenv.mkDerivation rec { sha256 = "sha256-b/q7hIi/U/GkKo+MIFX2wWnHZAy5rQGXNul3I1pxo1Q="; }; - patches = [./zutty_go.diff]; + patches = [ ./zutty_go.diff ]; nativeBuildInputs = with pkgs; [ gcc @@ -28,7 +27,7 @@ stdenv.mkDerivation rec { libGL ]; - buildInputs = with pkgs; [freetype fontconfig]; + buildInputs = with pkgs; [ freetype fontconfig ]; prePatch = '' substituteInPlace src/options.h \ @@ -59,6 +58,6 @@ stdenv.mkDerivation rec { homepage = "https://tomscii.sig7.se/zutty/"; license = licenses.gpl3; platforms = platforms.linux; - maintainers = with maintainers; [qbit]; + maintainers = with maintainers; [ qbit ]; }; } diff --git a/services/config-manager.nix b/services/config-manager.nix index a790fa1..b272ad3 100644 --- a/services/config-manager.nix +++ b/services/config-manager.nix @@ -1,8 +1,7 @@ -{ - config, - lib, - pkgs, - ... +{ config +, lib +, pkgs +, ... }: with lib; let cfgMgr = config.configManager; @@ -62,14 +61,16 @@ with lib; let ''; }; - interfaceOptions = mkOptionType {name = "interface text";}; + interfaceOptions = mkOptionType { name = "interface text"; }; - interfaceFiles = mapAttrs' (name: value: - nameValuePair "configManager/router/hostname.${name}" { - text = value.text + "\n"; - }) - cfgRouter.interfaces; -in { + interfaceFiles = mapAttrs' + (name: value: + nameValuePair "configManager/router/hostname.${name}" { + text = value.text + "\n"; + }) + cfgRouter.interfaces; +in +{ options = { configManager = { enable = lib.mkEnableOption "Manage configurations for non-nix machines."; @@ -93,8 +94,8 @@ in { services = mkOption { type = types.listOf types.str; - default = []; - example = ["dhcpd" "unbound"]; + default = [ ]; + example = [ "dhcpd" "unbound" ]; description = '' Services to run on the router (rcctl enable XXX, rcctl start XXX). ''; @@ -111,7 +112,7 @@ in { }; interfaces = mkOption { - default = {}; + default = { }; type = types.attrsOf interfaceOptions; description = '' Interfaces to create hostname.if files for. @@ -144,7 +145,7 @@ in { "configManager/router/pf.conf".text = builtins.readFile pfConf; "configManager/router/managed_interfaces".text = (concatMapStringsSep "\n") (h: "hostname.${h}") - (builtins.attrNames config.configManager.router.interfaces) + (builtins.attrNames config.configManager.router.interfaces) + "\n"; } // interfaceFiles; diff --git a/services/default.nix b/services/default.nix index 657dce3..c4f7b77 100644 --- a/services/default.nix +++ b/services/default.nix @@ -1 +1 @@ -{lib, ...}: with lib; {imports = [./config-manager.nix];} +{ lib, ... }: with lib; { imports = [ ./config-manager.nix ]; } diff --git a/system/nix-config.nix b/system/nix-config.nix index ade4b87..5345ecb 100644 --- a/system/nix-config.nix +++ b/system/nix-config.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: let +{ pkgs, ... }: +let nixOptions = { gc = { automatic = true; @@ -12,4 +13,5 @@ experimental-features = nix-command flakes ''; }; -in {nix = {settings.auto-optimise-store = true;} // nixOptions;} +in +{ nix = { settings.auto-optimise-store = true; } // nixOptions; } diff --git a/system/nix-lockdown.nix b/system/nix-lockdown.nix index b4d9014..0b06867 100644 --- a/system/nix-lockdown.nix +++ b/system/nix-lockdown.nix @@ -1,7 +1,6 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; { options = { @@ -16,9 +15,11 @@ with lib; { }; config = mkIf config.nixLockdown.enable { nix = { - settings.sandbox = true; - settings.trusted-users = ["@wheel"]; - settings.allowed-users = ["root" "qbit"]; + settings = { + sandbox = true; + trusted-users = [ "@wheel" ]; + allowed-users = [ "root" "qbit" ]; + }; }; }; } diff --git a/system/update.nix b/system/update.nix index af19efa..46a2db2 100644 --- a/system/update.nix +++ b/system/update.nix @@ -1,7 +1,6 @@ -{ - config, - lib, - ... +{ config +, lib +, ... }: with lib; { options = { diff --git a/templates/ada/flake.nix b/templates/ada/flake.nix index a710f6d..e888fb2 100644 --- a/templates/ada/flake.nix +++ b/templates/ada/flake.nix @@ -3,46 +3,53 @@ inputs.nixpkgs.url = "nixpkgs/nixos-23.05"; - outputs = { - self, - nixpkgs, - }: let - supportedSystems = ["x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin"]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; - nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;}); - in { - packages = forAllSystems (system: let - pkgs = nixpkgsFor.${system}; - in { - thing = pkgs.stdenv.mkDerivation { - pname = "thing"; - version = "v0.0.0"; - src = ./.; - buildInputs = with pkgs; [gnat12 gprbuild]; + outputs = + { self + , nixpkgs + , + }: + let + supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); + in + { + packages = forAllSystems (system: + let + pkgs = nixpkgsFor.${system}; + in + { + thing = pkgs.stdenv.mkDerivation { + pname = "thing"; + version = "v0.0.0"; + src = ./.; + buildInputs = with pkgs; [ gnat12 gprbuild ]; - buildPhase = '' - gprbuild thing - ''; + buildPhase = '' + gprbuild thing + ''; - installPhase = '' - mkdir -p $out/bin - mv thing $out/bin - ''; - }; - }); + installPhase = '' + mkdir -p $out/bin + mv thing $out/bin + ''; + }; + }); - defaultPackage = forAllSystems (system: self.packages.${system}.thing); - devShells = forAllSystems (system: let - pkgs = nixpkgsFor.${system}; - in { - default = pkgs.mkShell { - shellHook = '' - PS1='\u@\h:\@; ' - nix flake run github:qbit/xin#flake-warn - echo "Ada `${pkgs.gnat12}/bin/gnatmake --version`" - ''; - nativeBuildInputs = with pkgs; [gnat12 gprbuild]; - }; - }); - }; + defaultPackage = forAllSystems (system: self.packages.${system}.thing); + devShells = forAllSystems (system: + let + pkgs = nixpkgsFor.${system}; + in + { + default = pkgs.mkShell { + shellHook = '' + PS1='\u@\h:\@; ' + nix flake run github:qbit/xin#flake-warn + echo "Ada `${pkgs.gnat12}/bin/gnatmake --version`" + ''; + nativeBuildInputs = with pkgs; [ gnat12 gprbuild ]; + }; + }); + }; } diff --git a/templates/fyne/flake.nix b/templates/fyne/flake.nix index 9262720..191c4de 100644 --- a/templates/fyne/flake.nix +++ b/templates/fyne/flake.nix @@ -3,71 +3,78 @@ inputs.nixpkgs.url = "nixpkgs/nixos-23.05"; - outputs = { - self, - nixpkgs, - }: let - supportedSystems = ["x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin"]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; - nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;}); - in { - overlay = _: prev: {inherit (self.packages.${prev.system}) thing;}; + outputs = + { self + , nixpkgs + , + }: + let + supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); + in + { + overlay = _: prev: { inherit (self.packages.${prev.system}) thing; }; - packages = forAllSystems (system: let - pkgs = nixpkgsFor.${system}; - in { - thing = pkgs.buildGoModule { - pname = "thing"; - version = "v0.0.0"; - src = ./.; + packages = forAllSystems (system: + let + pkgs = nixpkgsFor.${system}; + in + { + thing = pkgs.buildGoModule { + pname = "thing"; + version = "v0.0.0"; + src = ./.; - vendorHash = pkgs.lib.fakeSha256; - proxyVendor = true; + vendorHash = pkgs.lib.fakeSha256; + proxyVendor = true; - nativeBuildInputs = with pkgs; [pkg-config]; - buildInputs = with pkgs; [ - git - glfw - libGL - libGLU - openssh - pkg-config - xorg.libXcursor - xorg.libXi - xorg.libXinerama - xorg.libXrandr - xorg.libXxf86vm - xorg.xinput - ]; - }; - }); + nativeBuildInputs = with pkgs; [ pkg-config ]; + buildInputs = with pkgs; [ + git + glfw + libGL + libGLU + openssh + pkg-config + xorg.libXcursor + xorg.libXi + xorg.libXinerama + xorg.libXrandr + xorg.libXxf86vm + xorg.xinput + ]; + }; + }); - defaultPackage = forAllSystems (system: self.packages.${system}.thing); - devShells = forAllSystems (system: let - pkgs = nixpkgsFor.${system}; - in { - default = pkgs.mkShell { - shellHook = '' - PS1='\u@\h:\@; ' - nix flake run github:qbit/xin#flake-warn - echo "Go `${pkgs.go}/bin/go version`" - ''; - buildInputs = with pkgs; [ - git - go_1_20 - gopls - go-tools + defaultPackage = forAllSystems (system: self.packages.${system}.thing); + devShells = forAllSystems (system: + let + pkgs = nixpkgsFor.${system}; + in + { + default = pkgs.mkShell { + shellHook = '' + PS1='\u@\h:\@; ' + nix flake run github:qbit/xin#flake-warn + echo "Go `${pkgs.go}/bin/go version`" + ''; + buildInputs = with pkgs; [ + git + go_1_20 + gopls + go-tools - glfw - pkg-config - xorg.libXcursor - xorg.libXi - xorg.libXinerama - xorg.libXrandr - xorg.libXxf86vm - xorg.xinput - ]; - }; - }); - }; + glfw + pkg-config + xorg.libXcursor + xorg.libXi + xorg.libXinerama + xorg.libXrandr + xorg.libXxf86vm + xorg.xinput + ]; + }; + }); + }; } diff --git a/templates/go/flake.nix b/templates/go/flake.nix index b97b16f..f3a2c3c 100644 --- a/templates/go/flake.nix +++ b/templates/go/flake.nix @@ -3,40 +3,47 @@ inputs.nixpkgs.url = "nixpkgs/nixos-23.05"; - outputs = { - self, - nixpkgs, - }: let - supportedSystems = ["x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin"]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; - nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;}); - in { - overlay = _: prev: {inherit (self.packages.${prev.system}) thing;}; + outputs = + { self + , nixpkgs + , + }: + let + supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); + in + { + overlay = _: prev: { inherit (self.packages.${prev.system}) thing; }; - packages = forAllSystems (system: let - pkgs = nixpkgsFor.${system}; - in { - thing = pkgs.buildGoModule { - pname = "thing"; - version = "v0.0.0"; - src = ./.; + packages = forAllSystems (system: + let + pkgs = nixpkgsFor.${system}; + in + { + thing = pkgs.buildGoModule { + pname = "thing"; + version = "v0.0.0"; + src = ./.; - vendorHash = pkgs.lib.fakeSha256; - }; - }); + vendorHash = pkgs.lib.fakeSha256; + }; + }); - defaultPackage = forAllSystems (system: self.packages.${system}.thing); - devShells = forAllSystems (system: let - pkgs = nixpkgsFor.${system}; - in { - default = pkgs.mkShell { - shellHook = '' - PS1='\u@\h:\@; ' - nix flake run github:qbit/xin#flake-warn - echo "Go `${pkgs.go}/bin/go version`" - ''; - nativeBuildInputs = with pkgs; [git go gopls go-tools]; - }; - }); - }; + defaultPackage = forAllSystems (system: self.packages.${system}.thing); + devShells = forAllSystems (system: + let + pkgs = nixpkgsFor.${system}; + in + { + default = pkgs.mkShell { + shellHook = '' + PS1='\u@\h:\@; ' + nix flake run github:qbit/xin#flake-warn + echo "Go `${pkgs.go}/bin/go version`" + ''; + nativeBuildInputs = with pkgs; [ git go gopls go-tools ]; + }; + }); + }; } diff --git a/templates/mojo/flake.nix b/templates/mojo/flake.nix index 25709de..84545ab 100644 --- a/templates/mojo/flake.nix +++ b/templates/mojo/flake.nix @@ -3,52 +3,59 @@ inputs.nixpkgs.url = "nixpkgs/nixos-23.05"; - outputs = { - self, - nixpkgs, - }: let - supportedSystems = ["x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin"]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; - nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;}); - in { - packages = forAllSystems (system: let - pkgs = nixpkgsFor.${system}; - in { - thing = pkgs.stdenv.mkDerivation { - pname = "thing"; - version = "v0.0.0"; - src = ./.; - buildInputs = with pkgs.perlPackages; [PerlTidy perl]; - nativeBuildInputs = with pkgs.perlPackages; [ - perl - Mojolicious - MojoSQLite - ]; + outputs = + { self + , nixpkgs + , + }: + let + supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); + in + { + packages = forAllSystems (system: + let + pkgs = nixpkgsFor.${system}; + in + { + thing = pkgs.stdenv.mkDerivation { + pname = "thing"; + version = "v0.0.0"; + src = ./.; + buildInputs = with pkgs.perlPackages; [ PerlTidy perl ]; + nativeBuildInputs = with pkgs.perlPackages; [ + perl + Mojolicious + MojoSQLite + ]; - installPhase = '' - mkdir -p $out/bin - install -t $out/bin thing.pl - ''; - }; - }); + installPhase = '' + mkdir -p $out/bin + install -t $out/bin thing.pl + ''; + }; + }); - defaultPackage = forAllSystems (system: self.packages.${system}.thing); - devShells = forAllSystems (system: let - pkgs = nixpkgsFor.${system}; - in { - default = pkgs.mkShell { - shellHook = '' - PS1='\u@\h:\@; ' - nix flake run github:qbit/xin#flake-warn - echo "Perl `${pkgs.perl}/bin/perl --version`" - ''; - buildInputs = with pkgs.perlPackages; [PerlTidy]; - nativeBuildInputs = with pkgs.perlPackages; [ - perl - Mojolicious - MojoSQLite - ]; - }; - }); - }; + defaultPackage = forAllSystems (system: self.packages.${system}.thing); + devShells = forAllSystems (system: + let + pkgs = nixpkgsFor.${system}; + in + { + default = pkgs.mkShell { + shellHook = '' + PS1='\u@\h:\@; ' + nix flake run github:qbit/xin#flake-warn + echo "Perl `${pkgs.perl}/bin/perl --version`" + ''; + buildInputs = with pkgs.perlPackages; [ PerlTidy ]; + nativeBuildInputs = with pkgs.perlPackages; [ + perl + Mojolicious + MojoSQLite + ]; + }; + }); + }; } diff --git a/templates/ocaml/flake.nix b/templates/ocaml/flake.nix index c52678e..0226f57 100644 --- a/templates/ocaml/flake.nix +++ b/templates/ocaml/flake.nix @@ -3,50 +3,57 @@ inputs.nixpkgs.url = "nixpkgs/nixos-23.05"; - outputs = { - self, - nixpkgs, - }: let - supportedSystems = ["x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin"]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; - nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;}); - in { - packages = forAllSystems (system: let - pkgs = nixpkgsFor.${system}; - in { - thing = pkgs.stdenv.mkDerivation { - pname = "thing"; - version = "v0.0.0"; - src = ./.; - buildInputs = with pkgs; - [ocaml opam ocamlformat pkg-config] - ++ (with pkgs.ocamlPackages; [dune_3 odoc]); + outputs = + { self + , nixpkgs + , + }: + let + supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); + in + { + packages = forAllSystems (system: + let + pkgs = nixpkgsFor.${system}; + in + { + thing = pkgs.stdenv.mkDerivation { + pname = "thing"; + version = "v0.0.0"; + src = ./.; + buildInputs = with pkgs; + [ ocaml opam ocamlformat pkg-config ] + ++ (with pkgs.ocamlPackages; [ dune_3 odoc ]); - buildPhase = '' - ocamlc -o thing thing.ml - ''; + buildPhase = '' + ocamlc -o thing thing.ml + ''; - installPhase = '' - mkdir -p $out/bin - mv thing $out/bin - ''; - }; - }); + installPhase = '' + mkdir -p $out/bin + mv thing $out/bin + ''; + }; + }); - defaultPackage = forAllSystems (system: self.packages.${system}.thing); - devShells = forAllSystems (system: let - pkgs = nixpkgsFor.${system}; - in { - default = pkgs.mkShell { - shellHook = '' - PS1='\u@\h:\@; ' - nix flake run github:qbit/xin#flake-warn - echo "OCaml `${pkgs.ocaml}/bin/ocaml --version`" - ''; - nativeBuildInputs = with pkgs; - [ocaml opam ocamlformat pkg-config] - ++ (with pkgs.ocamlPackages; [dune_3 odoc]); - }; - }); - }; + defaultPackage = forAllSystems (system: self.packages.${system}.thing); + devShells = forAllSystems (system: + let + pkgs = nixpkgsFor.${system}; + in + { + default = pkgs.mkShell { + shellHook = '' + PS1='\u@\h:\@; ' + nix flake run github:qbit/xin#flake-warn + echo "OCaml `${pkgs.ocaml}/bin/ocaml --version`" + ''; + nativeBuildInputs = with pkgs; + [ ocaml opam ocamlformat pkg-config ] + ++ (with pkgs.ocamlPackages; [ dune_3 odoc ]); + }; + }); + }; } diff --git a/templates/perl/flake.nix b/templates/perl/flake.nix index 87a6261..e2cb3b6 100644 --- a/templates/perl/flake.nix +++ b/templates/perl/flake.nix @@ -3,44 +3,51 @@ inputs.nixpkgs.url = "nixpkgs/nixos-23.05"; - outputs = { - self, - nixpkgs, - }: let - supportedSystems = ["x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin"]; - forAllSystems = nixpkgs.lib.genAttrs supportedSystems; - nixpkgsFor = forAllSystems (system: import nixpkgs {inherit system;}); - in { - packages = forAllSystems (system: let - pkgs = nixpkgsFor.${system}; - in { - thing = pkgs.stdenv.mkDerivation { - pname = "thing"; - version = "v0.0.0"; - src = ./.; - buildInputs = with pkgs.perlPackages; [PerlTidy]; - nativeBuildInputs = with pkgs.perlPackages; [perl]; + outputs = + { self + , nixpkgs + , + }: + let + supportedSystems = [ "x86_64-linux" "x86_64-darwin" "aarch64-linux" "aarch64-darwin" ]; + forAllSystems = nixpkgs.lib.genAttrs supportedSystems; + nixpkgsFor = forAllSystems (system: import nixpkgs { inherit system; }); + in + { + packages = forAllSystems (system: + let + pkgs = nixpkgsFor.${system}; + in + { + thing = pkgs.stdenv.mkDerivation { + pname = "thing"; + version = "v0.0.0"; + src = ./.; + buildInputs = with pkgs.perlPackages; [ PerlTidy ]; + nativeBuildInputs = with pkgs.perlPackages; [ perl ]; - installPhase = '' - mkdir -p $out/bin - install -t $out/bin thing.pl - ''; - }; - }); + installPhase = '' + mkdir -p $out/bin + install -t $out/bin thing.pl + ''; + }; + }); - defaultPackage = forAllSystems (system: self.packages.${system}.thing); - devShells = forAllSystems (system: let - pkgs = nixpkgsFor.${system}; - in { - default = pkgs.mkShell { - shellHook = '' - PS1='\u@\h:\@; ' - nix flake run github:qbit/xin#flake-warn - echo "Perl `${pkgs.perl}/bin/perl --version`" - ''; - buildInputs = with pkgs.perlPackages; [PerlTidy]; - nativeBuildInputs = with pkgs.perlPackages; [perl]; - }; - }); - }; + defaultPackage = forAllSystems (system: self.packages.${system}.thing); + devShells = forAllSystems (system: + let + pkgs = nixpkgsFor.${system}; + in + { + default = pkgs.mkShell { + shellHook = '' + PS1='\u@\h:\@; ' + nix flake run github:qbit/xin#flake-warn + echo "Perl `${pkgs.perl}/bin/perl --version`" + ''; + buildInputs = with pkgs.perlPackages; [ PerlTidy ]; + nativeBuildInputs = with pkgs.perlPackages; [ perl ]; + }; + }); + }; } diff --git a/users/default.nix b/users/default.nix index 139ef21..a2031c8 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,9 +1,8 @@ -{ - config, - lib, - pkgs, - isUnstable, - ... +{ config +, lib +, pkgs +, isUnstable +, ... }: with lib; let userBase = { @@ -12,7 +11,8 @@ with lib; let config.myconf.hwPubKeys ++ config.myconf.managementPubKeys; }; -in { +in +{ options = { defaultUsers = { enable = mkOption { @@ -32,12 +32,12 @@ in { isNormalUser = true; description = "Aaron Bieber"; home = "/home/qbit"; - extraGroups = ["wheel"]; + extraGroups = [ "wheel" ]; }; environment.systemPackages = if isUnstable - then [pkgs.yash pkgs.go] - else [pkgs.go]; + then [ pkgs.yash pkgs.go ] + else [ pkgs.go ]; }; }