From f68a4f4431e3b91bf6bde04e7f7d781105778847 Mon Sep 17 00:00:00 2001 From: Zuckerberg Date: Tue, 4 Apr 2023 23:30:28 -0600 Subject: [PATCH] nixpkgs-fmt everything --- common/auto-update.nix | 5 +- common/boot/bios.nix | 5 +- common/boot/default.nix | 2 +- common/boot/efi.nix | 5 +- common/boot/firmware.nix | 5 +- common/boot/remote-luks-unlock.nix | 56 ++++---- common/default.nix | 3 +- common/flakes.nix | 3 +- common/network/default.nix | 2 +- common/network/hosts.nix | 11 +- common/network/pia-openvpn.nix | 2 +- common/network/pia-wireguard.nix | 7 +- common/network/ping.nix | 33 ++--- common/network/tailscale.nix | 2 +- common/network/vpn.nix | 6 +- common/pc/audio.nix | 25 ++-- common/pc/chromium.nix | 5 +- common/pc/default.nix | 11 +- common/pc/discord.nix | 5 +- common/pc/firefox.nix | 8 +- common/pc/kde.nix | 5 +- common/pc/mount-samba.nix | 17 +-- common/pc/pithos.nix | 5 +- common/pc/spotify.nix | 8 +- common/pc/steam.nix | 5 +- common/pc/torbrowser.nix | 3 +- common/pc/touchpad.nix | 3 +- common/pc/vscodium.nix | 4 +- common/pc/xfce.nix | 3 +- common/pc/yubikey.nix | 3 +- common/server/ceph.nix | 10 +- common/server/default.nix | 2 +- common/server/gitea.nix | 5 +- common/server/hydra.nix | 4 +- common/server/icecast.nix | 3 +- common/server/iodine.nix | 5 +- common/server/mailserver.nix | 15 +- common/server/matrix.nix | 20 +-- common/server/mumble.nix | 3 +- common/server/nextcloud.nix | 5 +- common/server/nginx-stream.nix | 5 +- common/server/nginx.nix | 5 +- common/server/owncast.nix | 5 +- common/server/privatebin/privatebin.nix | 7 +- common/server/radio.nix | 11 +- common/server/samba.nix | 4 +- common/server/searx.nix | 9 +- common/server/thelounge.nix | 5 +- common/server/video-stream.nix | 51 +++---- .../vscode/modules/vscode-server/default.nix | 12 +- .../vscode/modules/vscode-server/home.nix | 20 +-- common/server/zerobin.nix | 3 +- common/shell.nix | 2 +- common/ssh.nix | 2 +- flake.nix | 136 +++++++++--------- machines/ephemeral/iso.nix | 2 +- machines/ephemeral/kexec.nix | 2 +- machines/ephemeral/minimal.nix | 8 +- machines/nat/hardware-configuration.nix | 8 +- machines/ponyo/configuration.nix | 6 +- machines/ponyo/hardware-configuration.nix | 11 +- machines/ray/hardware-configuration.nix | 15 +- machines/router/configuration.nix | 2 +- machines/router/hardware-configuration.nix | 12 +- machines/router/router.nix | 10 +- machines/storage/s0/configuration.nix | 2 +- .../storage/s0/hardware-configuration.nix | 36 +++-- 67 files changed, 400 insertions(+), 320 deletions(-) diff --git a/common/auto-update.nix b/common/auto-update.nix index 4ef00bc..f744796 100644 --- a/common/auto-update.nix +++ b/common/auto-update.nix @@ -4,11 +4,12 @@ let cfg = config.system.autoUpgrade; -in { +in +{ config = lib.mkIf cfg.enable { system.autoUpgrade = { flake = "git+https://git.neet.dev/zuckerberg/nix-config.git"; flags = [ "--recreate-lock-file" ]; # ignore lock file, just pull the latest }; }; -} \ No newline at end of file +} diff --git a/common/boot/bios.nix b/common/boot/bios.nix index 2b3670a..b4cf3e3 100644 --- a/common/boot/bios.nix +++ b/common/boot/bios.nix @@ -3,7 +3,8 @@ with lib; let cfg = config.bios; -in { +in +{ options.bios = { enable = mkEnableOption "enable bios boot"; device = mkOption { @@ -25,4 +26,4 @@ in { }; }; }; -} \ No newline at end of file +} diff --git a/common/boot/default.nix b/common/boot/default.nix index 3a22364..09fae28 100644 --- a/common/boot/default.nix +++ b/common/boot/default.nix @@ -7,4 +7,4 @@ ./bios.nix ./remote-luks-unlock.nix ]; -} \ No newline at end of file +} diff --git a/common/boot/efi.nix b/common/boot/efi.nix index 60fd64b..d9b8d61 100644 --- a/common/boot/efi.nix +++ b/common/boot/efi.nix @@ -3,7 +3,8 @@ with lib; let cfg = config.efi; -in { +in +{ options.efi = { enable = mkEnableOption "enable efi boot"; }; @@ -19,7 +20,7 @@ in { version = 2; efiSupport = true; useOSProber = true; -# memtest86.enable = true; + # memtest86.enable = true; configurationLimit = 20; theme = pkgs.nixos-grub2-theme; }; diff --git a/common/boot/firmware.nix b/common/boot/firmware.nix index dcbd55d..bcf25d6 100644 --- a/common/boot/firmware.nix +++ b/common/boot/firmware.nix @@ -3,7 +3,8 @@ with lib; let cfg = config.firmware; -in { +in +{ options.firmware.x86_64 = { enable = mkEnableOption "enable x86_64 firmware"; }; @@ -14,4 +15,4 @@ in { }; # services.fwupd.enable = true; -} \ No newline at end of file +} diff --git a/common/boot/remote-luks-unlock.nix b/common/boot/remote-luks-unlock.nix index 6e32658..140b4e6 100644 --- a/common/boot/remote-luks-unlock.nix +++ b/common/boot/remote-luks-unlock.nix @@ -2,7 +2,8 @@ let cfg = config.remoteLuksUnlock; -in { +in +{ options.remoteLuksUnlock = { enable = lib.mkEnableOption "enable luks root remote decrypt over ssh/tor"; enableTorUnlock = lib.mkOption { @@ -61,33 +62,38 @@ in { copy_bin_and_libs ${pkgs.haveged}/bin/haveged ''; boot.initrd.network.postCommands = lib.mkMerge [ - ('' - # Add nice prompt for giving LUKS passphrase over ssh - echo 'read -s -p "Unlock Passphrase: " passphrase && echo $passphrase > /crypt-ramfs/passphrase && exit' >> /root/.profile - '') - - (let torRc = (pkgs.writeText "tor.rc" '' - DataDirectory /etc/tor - SOCKSPort 127.0.0.1:9050 IsolateDestAddr - SOCKSPort 127.0.0.1:9063 - HiddenServiceDir /etc/tor/onion/bootup - HiddenServicePort 22 127.0.0.1:22 - ''); in lib.mkIf cfg.enableTorUnlock '' - echo "tor: preparing onion folder" - # have to do this otherwise tor does not want to start - chmod -R 700 /etc/tor + ( + '' + # Add nice prompt for giving LUKS passphrase over ssh + echo 'read -s -p "Unlock Passphrase: " passphrase && echo $passphrase > /crypt-ramfs/passphrase && exit' >> /root/.profile + '' + ) - echo "make sure localhost is up" - ip a a 127.0.0.1/8 dev lo - ip link set lo up + ( + let torRc = (pkgs.writeText "tor.rc" '' + DataDirectory /etc/tor + SOCKSPort 127.0.0.1:9050 IsolateDestAddr + SOCKSPort 127.0.0.1:9063 + HiddenServiceDir /etc/tor/onion/bootup + HiddenServicePort 22 127.0.0.1:22 + ''); in + lib.mkIf cfg.enableTorUnlock '' + echo "tor: preparing onion folder" + # have to do this otherwise tor does not want to start + chmod -R 700 /etc/tor - echo "haveged: starting haveged" - haveged -F & + echo "make sure localhost is up" + ip a a 127.0.0.1/8 dev lo + ip link set lo up - echo "tor: starting tor" - tor -f ${torRc} --verify-config - tor -f ${torRc} & - '') + echo "haveged: starting haveged" + haveged -F & + + echo "tor: starting tor" + tor -f ${torRc} --verify-config + tor -f ${torRc} & + '' + ) ]; }; } diff --git a/common/default.nix b/common/default.nix index 81c0053..5f78016 100644 --- a/common/default.nix +++ b/common/default.nix @@ -40,7 +40,8 @@ in wget kakoune htop - git git-lfs + git + git-lfs dnsutils tmux nethogs diff --git a/common/flakes.nix b/common/flakes.nix index f15c5c9..21272d9 100644 --- a/common/flakes.nix +++ b/common/flakes.nix @@ -2,7 +2,8 @@ with lib; let cfg = config.nix.flakes; -in { +in +{ options.nix.flakes = { enable = mkEnableOption "use nix flakes"; }; diff --git a/common/network/default.nix b/common/network/default.nix index db8ecaa..80882e5 100644 --- a/common/network/default.nix +++ b/common/network/default.nix @@ -21,4 +21,4 @@ in boot.kernel.sysctl."net.ipv4.ip_forward" = 1; boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; }; -} \ No newline at end of file +} diff --git a/common/network/hosts.nix b/common/network/hosts.nix index aef397d..5fc2d10 100644 --- a/common/network/hosts.nix +++ b/common/network/hosts.nix @@ -22,7 +22,8 @@ let ponyo = "cfamr6artx75qvt7ho3rrbsc7mkucmv5aawebwflsfuorusayacffryd.onion"; s0 = "r3zvf7f2ppaeithzswigma46pajt3hqytmkg3rshgknbl3jbni455fqd.onion"; }; -in { +in +{ programs.ssh.knownHosts = { ponyo = { hostNames = [ "ponyo" "ponyo.neet.dev" "git.neet.dev" ]; @@ -56,7 +57,7 @@ in { # prebuilt cmds for easy ssh LUKS unlock environment.shellAliases = - concatMapAttrs (host: addr: {"unlock-over-tor_${host}" = "torsocks ssh root@${addr}";}) unlock-onion-hosts - // - concatMapAttrs (host: addr: {"unlock_${host}" = "ssh root@${addr}";}) unlock-clearnet-hosts; -} \ No newline at end of file + concatMapAttrs (host: addr: { "unlock-over-tor_${host}" = "torsocks ssh root@${addr}"; }) unlock-onion-hosts + // + concatMapAttrs (host: addr: { "unlock_${host}" = "ssh root@${addr}"; }) unlock-clearnet-hosts; +} diff --git a/common/network/pia-openvpn.nix b/common/network/pia-openvpn.nix index 9efba31..363cddf 100644 --- a/common/network/pia-openvpn.nix +++ b/common/network/pia-openvpn.nix @@ -110,4 +110,4 @@ in }; age.secrets."pia-login.conf".file = ../../secrets/pia-login.conf; }; -} \ No newline at end of file +} diff --git a/common/network/pia-wireguard.nix b/common/network/pia-wireguard.nix index 21eb5c5..101f4c6 100644 --- a/common/network/pia-wireguard.nix +++ b/common/network/pia-wireguard.nix @@ -72,7 +72,8 @@ let portForwarding = cfg.forwardPortForTransmission || cfg.forwardedPort != null; containerServiceName = "container@${config.vpn-container.containerName}.service"; -in { +in +{ options.pia.wireguard = { enable = mkEnableOption "Enable private internet access"; badPortForwardPorts = mkOption { @@ -157,7 +158,7 @@ in { # restart once a month; PIA forwarded port expires after two months # because the container is "PartOf" this unit, it gets restarted too - RuntimeMaxSec="30d"; + RuntimeMaxSec = "30d"; }; script = '' @@ -353,4 +354,4 @@ in { age.secrets."pia-login.conf".file = ../../secrets/pia-login.conf; }; -} \ No newline at end of file +} diff --git a/common/network/ping.nix b/common/network/ping.nix index fd0c758..865fe5a 100644 --- a/common/network/ping.nix +++ b/common/network/ping.nix @@ -11,34 +11,35 @@ let cfg = config.keepalive-ping; serviceTemplate = host: - { - "keepalive-ping@${host}" = { - description = "Periodic ping keep alive for ${host} connection"; + { + "keepalive-ping@${host}" = { + description = "Periodic ping keep alive for ${host} connection"; - requires = [ "network-online.target" ]; - after = [ "network.target" "network-online.target" ]; - wantedBy = [ "multi-user.target" ]; - serviceConfig.Restart="always"; + requires = [ "network-online.target" ]; + after = [ "network.target" "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + serviceConfig.Restart = "always"; - path = with pkgs; [ iputils ]; + path = with pkgs; [ iputils ]; - script = '' - ping -i ${cfg.delay} ${host} &>/dev/null - ''; + script = '' + ping -i ${cfg.delay} ${host} &>/dev/null + ''; + }; }; - }; - combineAttrs = foldl recursiveUpdate {}; + combineAttrs = foldl recursiveUpdate { }; serviceList = map serviceTemplate cfg.hosts; services = combineAttrs serviceList; -in { +in +{ options.keepalive-ping = { enable = mkEnableOption "Enable keep alive ping task"; hosts = mkOption { type = types.listOf types.str; - default = []; + default = [ ]; description = '' Hosts to ping periodically ''; @@ -55,4 +56,4 @@ in { config = mkIf cfg.enable { systemd.services = services; }; -} \ No newline at end of file +} diff --git a/common/network/tailscale.nix b/common/network/tailscale.nix index 788de17..6499641 100644 --- a/common/network/tailscale.nix +++ b/common/network/tailscale.nix @@ -17,4 +17,4 @@ in # exit node config.networking.firewall.checkReversePath = mkIf cfg.exitNode "loose"; config.networking.ip_forward = mkIf cfg.exitNode true; -} \ No newline at end of file +} diff --git a/common/network/vpn.nix b/common/network/vpn.nix index a107a35..81e7f5a 100644 --- a/common/network/vpn.nix +++ b/common/network/vpn.nix @@ -30,7 +30,7 @@ in config = mkOption { type = types.anything; - default = {}; + default = { }; example = '' { services.nginx.enable = true; @@ -70,7 +70,7 @@ in localAddress = "172.16.100.2"; config = { - imports = allModules ++ [cfg.config]; + imports = allModules ++ [ cfg.config ]; # speeds up evaluation nixpkgs.pkgs = pkgs; @@ -106,4 +106,4 @@ in networking.usePredictableInterfaceNames = false; networking.nat.externalInterface = "eth0"; }; -} \ No newline at end of file +} diff --git a/common/pc/audio.nix b/common/pc/audio.nix index 74c7764..ef1947f 100644 --- a/common/pc/audio.nix +++ b/common/pc/audio.nix @@ -2,7 +2,8 @@ let cfg = config.de; -in { +in +{ config = lib.mkIf cfg.enable { # enable pulseaudio support for packages nixpkgs.config.pulseaudio = true; @@ -28,29 +29,29 @@ in { # properyty when no other driver is currently active. JACK clients need this. factory = "spa-node-factory"; args = { - "factory.name" = "support.node.driver"; - "node.name" = "Dummy-Driver"; - "priority.driver" = 8000; + "factory.name" = "support.node.driver"; + "node.name" = "Dummy-Driver"; + "priority.driver" = 8000; }; } { factory = "adapter"; args = { - "factory.name" = "support.null-audio-sink"; - "node.name" = "Microphone-Proxy"; + "factory.name" = "support.null-audio-sink"; + "node.name" = "Microphone-Proxy"; "node.description" = "Microphone"; - "media.class" = "Audio/Source/Virtual"; - "audio.position" = "MONO"; + "media.class" = "Audio/Source/Virtual"; + "audio.position" = "MONO"; }; } { factory = "adapter"; args = { - "factory.name" = "support.null-audio-sink"; - "node.name" = "Main-Output-Proxy"; + "factory.name" = "support.null-audio-sink"; + "node.name" = "Main-Output-Proxy"; "node.description" = "Main Output"; - "media.class" = "Audio/Sink"; - "audio.position" = "FL,FR"; + "media.class" = "Audio/Sink"; + "audio.position" = "FL,FR"; }; } ]; diff --git a/common/pc/chromium.nix b/common/pc/chromium.nix index cd78e4a..1f81b04 100644 --- a/common/pc/chromium.nix +++ b/common/pc/chromium.nix @@ -49,7 +49,8 @@ let ]; }; -in { +in +{ config = lib.mkIf cfg.enable { # chromium with specific extensions + settings programs.chromium = { @@ -92,7 +93,7 @@ in { enable = true; extraPackages = with pkgs; [ intel-media-driver # LIBVA_DRIVER_NAME=iHD - vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) # vaapiVdpau libvdpau-va-gl nvidia-vaapi-driver diff --git a/common/pc/default.nix b/common/pc/default.nix index 7859c69..83b54c2 100644 --- a/common/pc/default.nix +++ b/common/pc/default.nix @@ -2,15 +2,16 @@ let cfg = config.de; -in { +in +{ imports = [ ./kde.nix ./xfce.nix ./yubikey.nix ./chromium.nix -# ./firefox.nix + # ./firefox.nix ./audio.nix -# ./torbrowser.nix + # ./torbrowser.nix ./pithos.nix ./spotify.nix ./vscodium.nix @@ -52,6 +53,10 @@ in { jellyfin-media-player joplin-desktop config.inputs.deploy-rs.packages.${config.currentSystem}.deploy-rs + + # For Nix IDE + nixpkgs-fmt + rnix-lsp ]; # Networking diff --git a/common/pc/discord.nix b/common/pc/discord.nix index f77dbc1..3830678 100644 --- a/common/pc/discord.nix +++ b/common/pc/discord.nix @@ -2,10 +2,11 @@ let cfg = config.de; -in { +in +{ config = lib.mkIf cfg.enable { users.users.googlebot.packages = [ pkgs.discord ]; }; -} \ No newline at end of file +} diff --git a/common/pc/firefox.nix b/common/pc/firefox.nix index b42aafb..8990f0f 100644 --- a/common/pc/firefox.nix +++ b/common/pc/firefox.nix @@ -20,7 +20,7 @@ let }; firefox = pkgs.wrapFirefox somewhatPrivateFF { - desktopName = "Sneed Browser"; + desktopName = "Sneed Browser"; nixExtensions = [ (pkgs.fetchFirefoxAddon { @@ -71,8 +71,8 @@ let TopSites = false; }; UserMessaging = { - ExtensionRecommendations = false; - SkipOnboarding = true; + ExtensionRecommendations = false; + SkipOnboarding = true; }; WebsiteFilter = { Block = [ @@ -92,4 +92,4 @@ in config = lib.mkIf cfg.enable { users.users.googlebot.packages = [ firefox ]; }; -} \ No newline at end of file +} diff --git a/common/pc/kde.nix b/common/pc/kde.nix index 8e5ceab..1de9dd7 100644 --- a/common/pc/kde.nix +++ b/common/pc/kde.nix @@ -2,7 +2,8 @@ let cfg = config.de; -in { +in +{ config = lib.mkIf cfg.enable { # kde plasma services.xserver = { @@ -19,5 +20,5 @@ in { # plasma5Packages.kmail-account-wizard kate ]; - }; + }; } diff --git a/common/pc/mount-samba.nix b/common/pc/mount-samba.nix index 937ba00..37c69e6 100644 --- a/common/pc/mount-samba.nix +++ b/common/pc/mount-samba.nix @@ -14,22 +14,23 @@ let version_opts = "vers=3.1.1"; opts = "${systemd_opts},${network_opts},${user_opts},${version_opts},${auth_opts}"; -in { +in +{ options.services.mount-samba = { enable = lib.mkEnableOption "enable mounting samba shares"; }; config = lib.mkIf (cfg.enable && config.services.tailscale.enable) { fileSystems."/mnt/public" = { - device = "//s0.koi-bebop.ts.net/public"; - fsType = "cifs"; - options = [ opts ]; + device = "//s0.koi-bebop.ts.net/public"; + fsType = "cifs"; + options = [ opts ]; }; fileSystems."/mnt/private" = { - device = "//s0.koi-bebop.ts.net/googlebot"; - fsType = "cifs"; - options = [ opts ]; + device = "//s0.koi-bebop.ts.net/googlebot"; + fsType = "cifs"; + options = [ opts ]; }; age.secrets.smb-secrets.file = ../../secrets/smb-secrets.age; @@ -44,4 +45,4 @@ in { vault_lock = "umount /mnt/vault/"; }; }; -} \ No newline at end of file +} diff --git a/common/pc/pithos.nix b/common/pc/pithos.nix index 53526b9..710bf3c 100644 --- a/common/pc/pithos.nix +++ b/common/pc/pithos.nix @@ -2,7 +2,8 @@ let cfg = config.de; -in { +in +{ config = lib.mkIf cfg.enable { nixpkgs.overlays = [ (self: super: { @@ -11,7 +12,7 @@ in { version = "1.5.1"; src = super.fetchFromGitHub { owner = pname; - repo = pname; + repo = pname; rev = version; sha256 = "il7OAALpHFZ6wjco9Asp04zWHCD8Ni+iBdiJWcMiQA4="; }; diff --git a/common/pc/spotify.nix b/common/pc/spotify.nix index 269ea35..83c52cf 100644 --- a/common/pc/spotify.nix +++ b/common/pc/spotify.nix @@ -4,7 +4,7 @@ with lib; let cfg = config.services.spotifyd; - toml = pkgs.formats.toml {}; + toml = pkgs.formats.toml { }; spotifydConf = toml.generate "spotify.conf" cfg.settings; in { @@ -17,7 +17,7 @@ in enable = mkEnableOption "spotifyd, a Spotify playing daemon"; settings = mkOption { - default = {}; + default = { }; type = toml.type; example = { global.bitrate = 320; }; description = '' @@ -28,7 +28,7 @@ in users = mkOption { type = with types; listOf str; - default = []; + default = [ ]; description = '' Usernames to be added to the "spotifyd" group, so that they can start and interact with the userspace daemon. @@ -83,4 +83,4 @@ in }; }; }; -} \ No newline at end of file +} diff --git a/common/pc/steam.nix b/common/pc/steam.nix index 2f6b067..132b8b8 100644 --- a/common/pc/steam.nix +++ b/common/pc/steam.nix @@ -2,7 +2,8 @@ let cfg = config.de; -in { +in +{ config = lib.mkIf cfg.enable { programs.steam.enable = true; hardware.steam-hardware.enable = true; # steam controller @@ -11,4 +12,4 @@ in { pkgs.steam ]; }; -} \ No newline at end of file +} diff --git a/common/pc/torbrowser.nix b/common/pc/torbrowser.nix index f85304a..698f6a6 100644 --- a/common/pc/torbrowser.nix +++ b/common/pc/torbrowser.nix @@ -2,7 +2,8 @@ let cfg = config.de; -in { +in +{ config = lib.mkIf cfg.enable { nixpkgs.overlays = [ (self: super: { diff --git a/common/pc/touchpad.nix b/common/pc/touchpad.nix index 92f6bb4..1e61976 100644 --- a/common/pc/touchpad.nix +++ b/common/pc/touchpad.nix @@ -2,7 +2,8 @@ let cfg = config.de.touchpad; -in { +in +{ options.de.touchpad = { enable = lib.mkEnableOption "enable touchpad"; }; diff --git a/common/pc/vscodium.nix b/common/pc/vscodium.nix index 5f955e3..e22b89f 100644 --- a/common/pc/vscodium.nix +++ b/common/pc/vscodium.nix @@ -4,8 +4,8 @@ let cfg = config.de; extensions = with pkgs.vscode-extensions; [ -# bbenoist.Nix # nix syntax support -# arrterian.nix-env-selector # nix dev envs + # bbenoist.Nix # nix syntax support + # arrterian.nix-env-selector # nix dev envs ]; vscodium-with-extensions = pkgs.vscode-with-extensions.override { diff --git a/common/pc/xfce.nix b/common/pc/xfce.nix index 3c01151..afb1ff0 100644 --- a/common/pc/xfce.nix +++ b/common/pc/xfce.nix @@ -2,7 +2,8 @@ let cfg = config.de; -in { +in +{ config = lib.mkIf cfg.enable { services.xserver = { enable = true; diff --git a/common/pc/yubikey.nix b/common/pc/yubikey.nix index 02f420c..efbdce1 100644 --- a/common/pc/yubikey.nix +++ b/common/pc/yubikey.nix @@ -2,7 +2,8 @@ let cfg = config.de; -in { +in +{ config = lib.mkIf cfg.enable { # yubikey services.pcscd.enable = true; diff --git a/common/server/ceph.nix b/common/server/ceph.nix index 98cc1bc..5ffe9ad 100644 --- a/common/server/ceph.nix +++ b/common/server/ceph.nix @@ -3,13 +3,13 @@ with lib; let cfg = config.ceph; -in { - options.ceph = { - }; +in +{ + options.ceph = { }; config = mkIf cfg.enable { # ceph.enable = true; - + ## S3 Object gateway #ceph.rgw.enable = true; #ceph.rgw.daemons = [ @@ -40,4 +40,4 @@ in { ceph.global.fsid = "925773DC-D95F-476C-BBCD-08E01BF0865F"; }; -} \ No newline at end of file +} diff --git a/common/server/default.nix b/common/server/default.nix index 43150a6..362d1e9 100644 --- a/common/server/default.nix +++ b/common/server/default.nix @@ -19,4 +19,4 @@ ./iodine.nix ./searx.nix ]; -} \ No newline at end of file +} diff --git a/common/server/gitea.nix b/common/server/gitea.nix index 60ef1b3..22a5d88 100644 --- a/common/server/gitea.nix +++ b/common/server/gitea.nix @@ -2,7 +2,8 @@ let cfg = config.services.gitea; -in { +in +{ options.services.gitea = { hostname = lib.mkOption { type = lib.types.str; @@ -40,4 +41,4 @@ in { }; }; }; -} \ No newline at end of file +} diff --git a/common/server/hydra.nix b/common/server/hydra.nix index a1f8994..2c4e845 100644 --- a/common/server/hydra.nix +++ b/common/server/hydra.nix @@ -20,6 +20,6 @@ in hydraURL = "https://${domain}"; useSubstitutes = true; notificationSender = notifyEmail; - buildMachinesFiles = []; + buildMachinesFiles = [ ]; }; -} \ No newline at end of file +} diff --git a/common/server/icecast.nix b/common/server/icecast.nix index 3ed1aa8..72390cc 100644 --- a/common/server/icecast.nix +++ b/common/server/icecast.nix @@ -7,7 +7,8 @@ let cfg = config.services.icecast; -in { +in +{ options.services.icecast = { mount = lib.mkOption { type = lib.types.str; diff --git a/common/server/iodine.nix b/common/server/iodine.nix index a1280ac..0187f11 100644 --- a/common/server/iodine.nix +++ b/common/server/iodine.nix @@ -2,7 +2,8 @@ let cfg = config.services.iodine.server; -in { +in +{ config = lib.mkIf cfg.enable { # iodine DNS-based vpn services.iodine.server = { @@ -17,4 +18,4 @@ in { "dns0" # iodine ]; }; -} \ No newline at end of file +} diff --git a/common/server/mailserver.nix b/common/server/mailserver.nix index 8f947c1..1baa605 100644 --- a/common/server/mailserver.nix +++ b/common/server/mailserver.nix @@ -15,7 +15,8 @@ let "bsd.ninja" "bsd.rocks" ]; -in { +in +{ config = lib.mkIf cfg.enable { # kresd doesn't work with tailscale MagicDNS mailserver.localDnsResolver = false; @@ -60,10 +61,12 @@ in { sender_dependent_relayhost_maps = "hash:/var/lib/postfix/conf/sender_relay"; smtp_sender_dependent_authentication = "yes"; }; - services.postfix.mapFiles.sender_relay = let - relayHost = "[smtp.mailgun.org]:587"; - in pkgs.writeText "sender_relay" - (concatStringsSep "\n" (map (domain: "@${domain} ${relayHost}") domains)); + services.postfix.mapFiles.sender_relay = + let + relayHost = "[smtp.mailgun.org]:587"; + in + pkgs.writeText "sender_relay" + (concatStringsSep "\n" (map (domain: "@${domain} ${relayHost}") domains)); services.postfix.mapFiles.sasl_relay_passwd = "/run/agenix/sasl_relay_passwd"; age.secrets.sasl_relay_passwd.file = ../../secrets/sasl_relay_passwd.age; @@ -80,4 +83,4 @@ in { ''; }; }; -} \ No newline at end of file +} diff --git a/common/server/matrix.nix b/common/server/matrix.nix index 7651a67..7cf5f9c 100644 --- a/common/server/matrix.nix +++ b/common/server/matrix.nix @@ -3,7 +3,8 @@ let cfg = config.services.matrix; certs = config.security.acme.certs; -in { +in +{ options.services.matrix = { enable = lib.mkEnableOption "enable matrix"; element-web = { @@ -62,15 +63,15 @@ in { settings = { server_name = cfg.host; enable_registration = cfg.enable_registration; - listeners = [ { - bind_addresses = ["127.0.0.1"]; + listeners = [{ + bind_addresses = [ "127.0.0.1" ]; port = cfg.port; tls = false; - resources = [ { + resources = [{ compress = true; names = [ "client" "federation" ]; - } ]; - } ]; + }]; + }]; turn_uris = [ "turn:${cfg.turn.host}:${toString cfg.turn.port}?transport=udp" "turn:${cfg.turn.host}:${toString cfg.turn.port}?transport=tcp" @@ -120,7 +121,7 @@ in { services.nginx = { enable = true; - virtualHosts.${cfg.host} = { + virtualHosts.${cfg.host} = { enableACME = true; forceSSL = true; listen = [ @@ -137,7 +138,8 @@ in { ]; locations."/".proxyPass = "http://localhost:${toString cfg.port}"; }; - virtualHosts.${cfg.turn.host} = { # get TLS cert for TURN server + virtualHosts.${cfg.turn.host} = { + # get TLS cert for TURN server enableACME = true; forceSSL = true; }; @@ -214,4 +216,4 @@ in { openFirewall = true; }; }; -} \ No newline at end of file +} diff --git a/common/server/mumble.nix b/common/server/mumble.nix index 257ca72..ecfd42d 100644 --- a/common/server/mumble.nix +++ b/common/server/mumble.nix @@ -3,7 +3,8 @@ let cfg = config.services.murmur; certs = config.security.acme.certs; -in { +in +{ options.services.murmur.domain = lib.mkOption { type = lib.types.str; }; diff --git a/common/server/nextcloud.nix b/common/server/nextcloud.nix index fef8336..09c5387 100644 --- a/common/server/nextcloud.nix +++ b/common/server/nextcloud.nix @@ -3,7 +3,8 @@ let cfg = config.services.nextcloud; -in { +in +{ config = lib.mkIf cfg.enable { services.nextcloud = { https = true; @@ -24,4 +25,4 @@ in { forceSSL = true; }; }; -} \ No newline at end of file +} diff --git a/common/server/nginx-stream.nix b/common/server/nginx-stream.nix index 9f29aaf..9da4bdb 100644 --- a/common/server/nginx-stream.nix +++ b/common/server/nginx-stream.nix @@ -5,7 +5,8 @@ let nginxWithRTMP = pkgs.nginx.override { modules = [ pkgs.nginxModules.rtmp ]; }; -in { +in +{ options.services.nginx.stream = { enable = lib.mkEnableOption "enable nginx rtmp/hls/dash video streaming"; port = lib.mkOption { @@ -72,4 +73,4 @@ in { cfg.port ]; }; -} \ No newline at end of file +} diff --git a/common/server/nginx.nix b/common/server/nginx.nix index 5a0defe..4cb984b 100644 --- a/common/server/nginx.nix +++ b/common/server/nginx.nix @@ -2,7 +2,8 @@ let cfg = config.services.nginx; -in { +in +{ config = lib.mkIf cfg.enable { services.nginx = { recommendedGzipSettings = true; @@ -13,4 +14,4 @@ in { networking.firewall.allowedTCPPorts = [ 80 443 ]; }; -} \ No newline at end of file +} diff --git a/common/server/owncast.nix b/common/server/owncast.nix index 24a403c..8c1e3a0 100644 --- a/common/server/owncast.nix +++ b/common/server/owncast.nix @@ -4,7 +4,8 @@ with lib; let cfg = config.services.owncast; -in { +in +{ options.services.owncast = { hostname = lib.mkOption { type = types.str; @@ -28,4 +29,4 @@ in { }; }; }; -} \ No newline at end of file +} diff --git a/common/server/privatebin/privatebin.nix b/common/server/privatebin/privatebin.nix index 8ab9738..85a2ffb 100644 --- a/common/server/privatebin/privatebin.nix +++ b/common/server/privatebin/privatebin.nix @@ -14,7 +14,8 @@ let cp -ar $src $out ''; }; -in { +in +{ options.services.privatebin = { enable = lib.mkEnableOption "enable privatebin"; host = lib.mkOption { @@ -30,7 +31,7 @@ in { group = "privatebin"; isSystemUser = true; }; - users.groups.privatebin = {}; + users.groups.privatebin = { }; services.nginx.enable = true; services.nginx.virtualHosts.${cfg.host} = { @@ -53,7 +54,7 @@ in { "d '/var/lib/privatebin' 0750 privatebin privatebin - -" ]; - services.phpfpm.pools.privatebin = { + services.phpfpm.pools.privatebin = { user = "privatebin"; group = "privatebin"; phpEnv = { diff --git a/common/server/radio.nix b/common/server/radio.nix index 38ccb81..436abe4 100644 --- a/common/server/radio.nix +++ b/common/server/radio.nix @@ -3,7 +3,8 @@ let cfg = config.services.radio; radioPackage = config.inputs.radio.packages.${config.currentSystem}.radio; -in { +in +{ options.services.radio = { enable = lib.mkEnableOption "enable radio"; user = lib.mkOption { @@ -56,11 +57,11 @@ in { home = cfg.dataDir; createHome = true; }; - users.groups.${cfg.group} = {}; + users.groups.${cfg.group} = { }; systemd.services.radio = { enable = true; - after = ["network.target"]; - wantedBy = ["multi-user.target"]; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; serviceConfig.ExecStart = "${radioPackage}/bin/radio ${config.services.icecast.listen.address}:${toString config.services.icecast.listen.port} ${config.services.icecast.mount} 5500"; serviceConfig.User = cfg.user; serviceConfig.Group = cfg.group; @@ -71,4 +72,4 @@ in { ''; }; }; -} \ No newline at end of file +} diff --git a/common/server/samba.nix b/common/server/samba.nix index b51c0cd..c3822a8 100644 --- a/common/server/samba.nix +++ b/common/server/samba.nix @@ -110,6 +110,6 @@ # samba user for share users.users.cris.isSystemUser = true; users.users.cris.group = "cris"; - users.groups.cris = {}; + users.groups.cris = { }; }; -} \ No newline at end of file +} diff --git a/common/server/searx.nix b/common/server/searx.nix index 66ff37c..4e444f9 100644 --- a/common/server/searx.nix +++ b/common/server/searx.nix @@ -2,19 +2,20 @@ let cfg = config.services.searx; -in { +in +{ config = lib.mkIf cfg.enable { services.searx = { environmentFile = "/run/agenix/searx"; settings = { server.port = 43254; server.secret_key = "@SEARX_SECRET_KEY@"; - engines = [ { + engines = [{ name = "wolframalpha"; shortcut = "wa"; api_key = "@WOLFRAM_API_KEY@"; engine = "wolframalpha_api"; - } ]; + }]; }; }; services.nginx.virtualHosts."search.neet.space" = { @@ -26,4 +27,4 @@ in { }; age.secrets.searx.file = ../../secrets/searx.age; }; -} \ No newline at end of file +} diff --git a/common/server/thelounge.nix b/common/server/thelounge.nix index 7914411..34f3e48 100644 --- a/common/server/thelounge.nix +++ b/common/server/thelounge.nix @@ -2,7 +2,8 @@ let cfg = config.services.thelounge; -in { +in +{ options.services.thelounge = { fileUploadBaseUrl = lib.mkOption { type = lib.types.str; @@ -28,7 +29,7 @@ in { reverseProxy = true; maxHistory = -1; https.enable = false; - # theme = "thelounge-theme-solarized"; + # theme = "thelounge-theme-solarized"; prefetch = false; prefetchStorage = false; fileUpload = { diff --git a/common/server/video-stream.nix b/common/server/video-stream.nix index 7ad305e..23a775d 100644 --- a/common/server/video-stream.nix +++ b/common/server/video-stream.nix @@ -15,14 +15,14 @@ let in { networking.firewall.allowedUDPPorts = [ rtp-port ]; - networking.firewall.allowedTCPPortRanges = [ { + networking.firewall.allowedTCPPortRanges = [{ from = webrtc-peer-lower-port; to = webrtc-peer-upper-port; - } ]; - networking.firewall.allowedUDPPortRanges = [ { + }]; + networking.firewall.allowedUDPPortRanges = [{ from = webrtc-peer-lower-port; to = webrtc-peer-upper-port; - } ]; + }]; virtualisation.docker.enable = true; @@ -49,12 +49,12 @@ in ports = [ "${toStr ingest-port}:8084" ]; -# imageFile = pkgs.dockerTools.pullImage { -# imageName = "projectlightspeed/ingest"; -# finalImageTag = "version-0.1.4"; -# imageDigest = "sha256:9fc51833b7c27a76d26e40f092b9cec1ac1c4bfebe452e94ad3269f1f73ff2fc"; -# sha256 = "19kxl02x0a3i6hlnsfcm49hl6qxnq2f3hfmyv1v8qdaz58f35kd5"; -# }; + # imageFile = pkgs.dockerTools.pullImage { + # imageName = "projectlightspeed/ingest"; + # finalImageTag = "version-0.1.4"; + # imageDigest = "sha256:9fc51833b7c27a76d26e40f092b9cec1ac1c4bfebe452e94ad3269f1f73ff2fc"; + # sha256 = "19kxl02x0a3i6hlnsfcm49hl6qxnq2f3hfmyv1v8qdaz58f35kd5"; + # }; }; "lightspeed-react" = { workdir = "/var/lib/lightspeed-react"; @@ -62,12 +62,12 @@ in ports = [ "${toStr web-port}:80" ]; -# imageFile = pkgs.dockerTools.pullImage { -# imageName = "projectlightspeed/react"; -# finalImageTag = "version-0.1.3"; -# imageDigest = "sha256:b7c58425f1593f7b4304726b57aa399b6e216e55af9c0962c5c19333fae638b6"; -# sha256 = "0d2jh7mr20h7dxgsp7ml7cw2qd4m8ja9rj75dpy59zyb6v0bn7js"; -# }; + # imageFile = pkgs.dockerTools.pullImage { + # imageName = "projectlightspeed/react"; + # finalImageTag = "version-0.1.3"; + # imageDigest = "sha256:b7c58425f1593f7b4304726b57aa399b6e216e55af9c0962c5c19333fae638b6"; + # sha256 = "0d2jh7mr20h7dxgsp7ml7cw2qd4m8ja9rj75dpy59zyb6v0bn7js"; + # }; }; "lightspeed-webrtc" = { workdir = "/var/lib/lightspeed-webrtc"; @@ -79,15 +79,18 @@ in "${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}:${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}/udp" ]; cmd = [ - "lightspeed-webrtc" "--addr=0.0.0.0" "--ip=${domain}" - "--ports=${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}" "run" + "lightspeed-webrtc" + "--addr=0.0.0.0" + "--ip=${domain}" + "--ports=${toStr webrtc-peer-lower-port}-${toStr webrtc-peer-upper-port}" + "run" ]; -# imageFile = pkgs.dockerTools.pullImage { -# imageName = "projectlightspeed/webrtc"; -# finalImageTag = "version-0.1.2"; -# imageDigest = "sha256:ddf8b3dd294485529ec11d1234a3fc38e365a53c4738998c6bc2c6930be45ecf"; -# sha256 = "1bdy4ak99fjdphj5bsk8rp13xxmbqdhfyfab14drbyffivg9ad2i"; -# }; + # imageFile = pkgs.dockerTools.pullImage { + # imageName = "projectlightspeed/webrtc"; + # finalImageTag = "version-0.1.2"; + # imageDigest = "sha256:ddf8b3dd294485529ec11d1234a3fc38e365a53c4738998c6bc2c6930be45ecf"; + # sha256 = "1bdy4ak99fjdphj5bsk8rp13xxmbqdhfyfab14drbyffivg9ad2i"; + # }; }; }; }; diff --git a/common/server/vscode/modules/vscode-server/default.nix b/common/server/vscode/modules/vscode-server/default.nix index 5782fab..81b4419 100644 --- a/common/server/vscode/modules/vscode-server/default.nix +++ b/common/server/vscode/modules/vscode-server/default.nix @@ -1,8 +1,8 @@ import ./module.nix ({ name, description, serviceConfig }: -{ - systemd.user.services.${name} = { - inherit description serviceConfig; - wantedBy = [ "default.target" ]; - }; -}) + { + systemd.user.services.${name} = { + inherit description serviceConfig; + wantedBy = [ "default.target" ]; + }; + }) diff --git a/common/server/vscode/modules/vscode-server/home.nix b/common/server/vscode/modules/vscode-server/home.nix index b4755c3..a24ae0b 100644 --- a/common/server/vscode/modules/vscode-server/home.nix +++ b/common/server/vscode/modules/vscode-server/home.nix @@ -1,15 +1,15 @@ import ./module.nix ({ name, description, serviceConfig }: -{ - systemd.user.services.${name} = { - Unit = { - Description = description; - }; + { + systemd.user.services.${name} = { + Unit = { + Description = description; + }; - Service = serviceConfig; + Service = serviceConfig; - Install = { - WantedBy = [ "default.target" ]; + Install = { + WantedBy = [ "default.target" ]; + }; }; - }; -}) + }) diff --git a/common/server/zerobin.nix b/common/server/zerobin.nix index a2b0029..6ecada7 100644 --- a/common/server/zerobin.nix +++ b/common/server/zerobin.nix @@ -2,7 +2,8 @@ let cfg = config.services.zerobin; -in { +in +{ options.services.zerobin = { host = lib.mkOption { type = lib.types.str; diff --git a/common/shell.nix b/common/shell.nix index 4c341ae..1ba9fb3 100644 --- a/common/shell.nix +++ b/common/shell.nix @@ -47,4 +47,4 @@ }); }) ]; -} \ No newline at end of file +} diff --git a/common/ssh.nix b/common/ssh.nix index a2351f6..8e24dc7 100644 --- a/common/ssh.nix +++ b/common/ssh.nix @@ -37,4 +37,4 @@ rec { storage = with system; [ s0 ]; -} \ No newline at end of file +} diff --git a/flake.nix b/flake.nix index f3fe472..bc62205 100644 --- a/flake.nix +++ b/flake.nix @@ -47,75 +47,78 @@ outputs = { self, nixpkgs, ... }@inputs: { nixosConfigurations = - let - modules = system: with inputs; [ - ./common - simple-nixos-mailserver.nixosModule - agenix.nixosModules.default - dailybuild_modules.nixosModule - archivebox.nixosModule - nix-index-database.nixosModules.nix-index - ({ lib, ... }: { - config.environment.systemPackages = [ - agenix.packages.${system}.agenix - ]; - - # because nixos specialArgs doesn't work for containers... need to pass in inputs a different way - options.inputs = lib.mkOption { default = inputs; }; - options.currentSystem = lib.mkOption { default = system; }; - }) - ]; - - mkSystem = system: nixpkgs: path: - let - allModules = modules system; - - # allow patching nixpkgs, remove this hack once this is solved: https://github.com/NixOS/nix/issues/3920 - patchedNixpkgsSrc = nixpkgs.legacyPackages.${system}.applyPatches { - name = "nixpkgs-patched"; - src = nixpkgs; - patches = [ - inputs.nixpkgs-hostapd-pr + let + modules = system: with inputs; [ + ./common + simple-nixos-mailserver.nixosModule + agenix.nixosModules.default + dailybuild_modules.nixosModule + archivebox.nixosModule + nix-index-database.nixosModules.nix-index + ({ lib, ... }: { + config.environment.systemPackages = [ + agenix.packages.${system}.agenix ]; + + # because nixos specialArgs doesn't work for containers... need to pass in inputs a different way + options.inputs = lib.mkOption { default = inputs; }; + options.currentSystem = lib.mkOption { default = system; }; + }) + ]; + + mkSystem = system: nixpkgs: path: + let + allModules = modules system; + + # allow patching nixpkgs, remove this hack once this is solved: https://github.com/NixOS/nix/issues/3920 + patchedNixpkgsSrc = nixpkgs.legacyPackages.${system}.applyPatches { + name = "nixpkgs-patched"; + src = nixpkgs; + patches = [ + inputs.nixpkgs-hostapd-pr + ]; + }; + patchedNixpkgs = nixpkgs.lib.fix (self: (import "${patchedNixpkgsSrc}/flake.nix").outputs { self = nixpkgs; }); + + in + patchedNixpkgs.lib.nixosSystem { + inherit system; + modules = allModules ++ [ path ]; + + specialArgs = { + inherit allModules; + }; }; - patchedNixpkgs = nixpkgs.lib.fix (self: (import "${patchedNixpkgsSrc}/flake.nix").outputs { self=nixpkgs; }); + in + { + "ray" = mkSystem "x86_64-linux" nixpkgs ./machines/ray/configuration.nix; + # "nat" = mkSystem "aarch64-linux" nixpkgs ./machines/nat/configuration.nix; + "ponyo" = mkSystem "x86_64-linux" nixpkgs ./machines/ponyo/configuration.nix; + "router" = mkSystem "x86_64-linux" nixpkgs ./machines/router/configuration.nix; + "s0" = mkSystem "x86_64-linux" nixpkgs ./machines/storage/s0/configuration.nix; + }; - in patchedNixpkgs.lib.nixosSystem { - inherit system; - modules = allModules ++ [path]; + packages = + let + mkKexec = system: + (nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./machines/ephemeral/kexec.nix ]; + }).config.system.build.kexec_tarball; + mkIso = system: + (nixpkgs.lib.nixosSystem { + inherit system; + modules = [ ./machines/ephemeral/iso.nix ]; + }).config.system.build.isoImage; + in + { + "x86_64-linux"."kexec" = mkKexec "x86_64-linux"; + "x86_64-linux"."iso" = mkIso "x86_64-linux"; + "aarch64-linux"."kexec" = mkKexec "aarch64-linux"; + "aarch64-linux"."iso" = mkIso "aarch64-linux"; + }; - specialArgs = { - inherit allModules; - }; - }; - in - { - "ray" = mkSystem "x86_64-linux" nixpkgs ./machines/ray/configuration.nix; - # "nat" = mkSystem "aarch64-linux" nixpkgs ./machines/nat/configuration.nix; - "ponyo" = mkSystem "x86_64-linux" nixpkgs ./machines/ponyo/configuration.nix; - "router" = mkSystem "x86_64-linux" nixpkgs ./machines/router/configuration.nix; - "s0" = mkSystem "x86_64-linux" nixpkgs ./machines/storage/s0/configuration.nix; - }; - - packages = let - mkKexec = system: - (nixpkgs.lib.nixosSystem { - inherit system; - modules = [ ./machines/ephemeral/kexec.nix ]; - }).config.system.build.kexec_tarball; - mkIso = system: - (nixpkgs.lib.nixosSystem { - inherit system; - modules = [ ./machines/ephemeral/iso.nix ]; - }).config.system.build.isoImage; - in { - "x86_64-linux"."kexec" = mkKexec "x86_64-linux"; - "x86_64-linux"."iso" = mkIso "x86_64-linux"; - "aarch64-linux"."kexec" = mkKexec "aarch64-linux"; - "aarch64-linux"."iso" = mkIso "aarch64-linux"; - }; - - deploy.nodes = + deploy.nodes = let mkDeploy = configName: hostname: { inherit hostname; @@ -124,7 +127,8 @@ profiles.system.path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${configName}; }; - in { + in + { s0 = mkDeploy "s0" "s0"; router = mkDeploy "router" "router"; ponyo = mkDeploy "ponyo" "ponyo.neet.dev"; diff --git a/machines/ephemeral/iso.nix b/machines/ephemeral/iso.nix index 48daeef..27dc6f2 100644 --- a/machines/ephemeral/iso.nix +++ b/machines/ephemeral/iso.nix @@ -9,4 +9,4 @@ isoImage.makeUsbBootable = true; networking.hostName = "iso"; -} \ No newline at end of file +} diff --git a/machines/ephemeral/kexec.nix b/machines/ephemeral/kexec.nix index c101816..a295758 100644 --- a/machines/ephemeral/kexec.nix +++ b/machines/ephemeral/kexec.nix @@ -45,4 +45,4 @@ contents = [ ]; }; }; -} \ No newline at end of file +} diff --git a/machines/ephemeral/minimal.nix b/machines/ephemeral/minimal.nix index 5938482..9c45a83 100644 --- a/machines/ephemeral/minimal.nix +++ b/machines/ephemeral/minimal.nix @@ -7,7 +7,8 @@ boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "e1000" "e1000e" "virtio_pci" "r8169" ]; boot.kernelParams = [ - "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues + "panic=30" + "boot.panic_on_fail" # reboot the machine upon fatal boot issues "console=ttyS0,115200" # enable serial console "console=tty1" ]; @@ -21,7 +22,8 @@ environment.systemPackages = with pkgs; [ cryptsetup btrfs-progs - git git-lfs + git + git-lfs wget htop dnsutils @@ -42,4 +44,4 @@ services.getty.autologinUser = "root"; users.users.root.openssh.authorizedKeys.keys = (import ../../common/ssh.nix).users; -} \ No newline at end of file +} diff --git a/machines/nat/hardware-configuration.nix b/machines/nat/hardware-configuration.nix index 827a083..8771611 100644 --- a/machines/nat/hardware-configuration.nix +++ b/machines/nat/hardware-configuration.nix @@ -12,14 +12,16 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/02a8c0c7-fd4e-4443-a83c-2d0b63848779"; + { + device = "/dev/disk/by-uuid/02a8c0c7-fd4e-4443-a83c-2d0b63848779"; fsType = "btrfs"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/0C95-1290"; + { + device = "/dev/disk/by-uuid/0C95-1290"; fsType = "vfat"; }; swapDevices = [ ]; -} \ No newline at end of file +} diff --git a/machines/ponyo/configuration.nix b/machines/ponyo/configuration.nix index f0ad0d9..fc22a64 100644 --- a/machines/ponyo/configuration.nix +++ b/machines/ponyo/configuration.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: { - imports =[ + imports = [ ./hardware-configuration.nix ]; @@ -61,7 +61,7 @@ host = "radio.runyan.org"; }; }; - pia.wireguard.badPortForwardPorts = []; + pia.wireguard.badPortForwardPorts = [ ]; services.nginx.virtualHosts."radio.runyan.org" = { enableACME = true; forceSSL = true; @@ -135,4 +135,4 @@ # owncast live streaming services.owncast.enable = true; services.owncast.hostname = "live.neet.dev"; -} \ No newline at end of file +} diff --git a/machines/ponyo/hardware-configuration.nix b/machines/ponyo/hardware-configuration.nix index 14443d3..b570922 100644 --- a/machines/ponyo/hardware-configuration.nix +++ b/machines/ponyo/hardware-configuration.nix @@ -2,7 +2,8 @@ { imports = - [ (modulesPath + "/profiles/qemu-guest.nix") + [ + (modulesPath + "/profiles/qemu-guest.nix") ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" ]; @@ -22,12 +23,14 @@ boot.initrd.luks.devices."enc-pv2".device = "/dev/disk/by-uuid/e52b01b3-81c8-4bb2-ae7e-a3d9c793cb00"; # expanded disk fileSystems."/" = - { device = "/dev/mapper/enc-pv"; + { + device = "/dev/mapper/enc-pv"; fsType = "btrfs"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/d3a3777d-1e70-47fa-a274-804dc70ee7fd"; + { + device = "/dev/disk/by-uuid/d3a3777d-1e70-47fa-a274-804dc70ee7fd"; fsType = "ext4"; }; @@ -39,4 +42,4 @@ ]; networking.interfaces.eth0.useDHCP = true; -} \ No newline at end of file +} diff --git a/machines/ray/hardware-configuration.nix b/machines/ray/hardware-configuration.nix index bc16c19..28878b0 100644 --- a/machines/ray/hardware-configuration.nix +++ b/machines/ray/hardware-configuration.nix @@ -5,7 +5,8 @@ { imports = - [ (modulesPath + "/installer/scan/not-detected.nix") + [ + (modulesPath + "/installer/scan/not-detected.nix") ]; # boot @@ -40,22 +41,24 @@ allowDiscards = true; }; fileSystems."/" = - { device = "/dev/vg/root"; + { + device = "/dev/vg/root"; fsType = "btrfs"; options = [ "subvol=root" ]; }; fileSystems."/home" = - { device = "/dev/vg/root"; + { + device = "/dev/vg/root"; fsType = "btrfs"; options = [ "subvol=home" ]; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/2C85-2B59"; + { + device = "/dev/disk/by-uuid/2C85-2B59"; fsType = "vfat"; }; swapDevices = - [ { device = "/dev/vg/swap"; } - ]; + [{ device = "/dev/vg/swap"; }]; # high-resolution display hardware.video.hidpi.enable = lib.mkDefault true; diff --git a/machines/router/configuration.nix b/machines/router/configuration.nix index cf00621..7c94de0 100644 --- a/machines/router/configuration.nix +++ b/machines/router/configuration.nix @@ -37,4 +37,4 @@ # externalInterface = "eth0"; # internalIPs = [ "br0" ]; # }; -} \ No newline at end of file +} diff --git a/machines/router/hardware-configuration.nix b/machines/router/hardware-configuration.nix index fed46a6..58343b9 100644 --- a/machines/router/hardware-configuration.nix +++ b/machines/router/hardware-configuration.nix @@ -10,7 +10,8 @@ # Enable serial output boot.kernelParams = [ - "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues + "panic=30" + "boot.panic_on_fail" # reboot the machine upon fatal boot issues "console=ttyS0,115200n8" # enable serial console ]; boot.loader.grub.extraConfig = " @@ -33,16 +34,17 @@ remoteLuksUnlock.enable = true; boot.initrd.luks.devices."enc-pv".device = "/dev/disk/by-uuid/9b090551-f78e-45ca-8570-196ed6a4af0c"; fileSystems."/" = - { device = "/dev/disk/by-uuid/421c82b9-d67c-4811-8824-8bb57cb10fce"; + { + device = "/dev/disk/by-uuid/421c82b9-d67c-4811-8824-8bb57cb10fce"; fsType = "btrfs"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/d97f324f-3a2e-4b84-ae2a-4b3d1209c689"; + { + device = "/dev/disk/by-uuid/d97f324f-3a2e-4b84-ae2a-4b3d1209c689"; fsType = "ext3"; }; swapDevices = - [ { device = "/dev/disk/by-uuid/45bf58dd-67eb-45e4-9a98-246e23fa7abd"; } - ]; + [{ device = "/dev/disk/by-uuid/45bf58dd-67eb-45e4-9a98-246e23fa7abd"; }]; nixpkgs.hostPlatform = "x86_64-linux"; } diff --git a/machines/router/router.nix b/machines/router/router.nix index cc5b6b9..75bbc5c 100644 --- a/machines/router/router.nix +++ b/machines/router/router.nix @@ -97,11 +97,11 @@ in channel = 6; countryCode = "US"; wifi4 = { - capabilities = ["LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40+"]; + capabilities = [ "LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40+" ]; }; wifi5 = { operatingChannelWidth = "20or40"; - capabilities = ["MAX-A-MPDU-LEN-EXP0"]; + capabilities = [ "MAX-A-MPDU-LEN-EXP0" ]; }; wifi6 = { enable = true; @@ -137,11 +137,11 @@ in channel = 128; countryCode = "US"; wifi4 = { - capabilities = ["LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40-"]; + capabilities = [ "LDPC" "GF" "SHORT-GI-20" "SHORT-GI-40" "TX-STBC" "RX-STBC1" "MAX-AMSDU-7935" "HT40-" ]; }; wifi5 = { operatingChannelWidth = "160"; - capabilities = ["RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-3" "BF-ANTENNA-3" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7"]; + capabilities = [ "RXLDPC" "SHORT-GI-80" "SHORT-GI-160" "TX-STBC-2BY1" "SU-BEAMFORMER" "SU-BEAMFORMEE" "MU-BEAMFORMER" "MU-BEAMFORMEE" "RX-ANTENNA-PATTERN" "TX-ANTENNA-PATTERN" "RX-STBC-1" "SOUNDING-DIMENSION-3" "BF-ANTENNA-3" "VHT160" "MAX-MPDU-11454" "MAX-A-MPDU-LEN-EXP7" ]; }; wifi6 = { enable = true; @@ -202,4 +202,4 @@ in }) ]; }; -} \ No newline at end of file +} diff --git a/machines/storage/s0/configuration.nix b/machines/storage/s0/configuration.nix index 6c5593e..024768e 100644 --- a/machines/storage/s0/configuration.nix +++ b/machines/storage/s0/configuration.nix @@ -1,7 +1,7 @@ { config, pkgs, lib, ... }: { - imports =[ + imports = [ ./hardware-configuration.nix ]; diff --git a/machines/storage/s0/hardware-configuration.nix b/machines/storage/s0/hardware-configuration.nix index 4c1d87c..39d41b8 100644 --- a/machines/storage/s0/hardware-configuration.nix +++ b/machines/storage/s0/hardware-configuration.nix @@ -2,7 +2,8 @@ { imports = - [ (modulesPath + "/installer/scan/not-detected.nix") + [ + (modulesPath + "/installer/scan/not-detected.nix") ]; # boot @@ -31,28 +32,39 @@ # mounts fileSystems."/" = - { device = "rpool/nixos/root"; - fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; + { + device = "rpool/nixos/root"; + fsType = "zfs"; + options = [ "zfsutil" "X-mount.mkdir" ]; }; fileSystems."/home" = - { device = "rpool/nixos/home"; - fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; + { + device = "rpool/nixos/home"; + fsType = "zfs"; + options = [ "zfsutil" "X-mount.mkdir" ]; }; fileSystems."/var/lib" = - { device = "rpool/nixos/var/lib"; - fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; + { + device = "rpool/nixos/var/lib"; + fsType = "zfs"; + options = [ "zfsutil" "X-mount.mkdir" ]; }; fileSystems."/var/log" = - { device = "rpool/nixos/var/log"; - fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; + { + device = "rpool/nixos/var/log"; + fsType = "zfs"; + options = [ "zfsutil" "X-mount.mkdir" ]; }; fileSystems."/data" = - { device = "rpool/nixos/data"; - fsType = "zfs"; options = [ "zfsutil" "X-mount.mkdir" ]; + { + device = "rpool/nixos/data"; + fsType = "zfs"; + options = [ "zfsutil" "X-mount.mkdir" ]; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/4FB4-738E"; + { + device = "/dev/disk/by-uuid/4FB4-738E"; fsType = "vfat"; }; swapDevices = [ ];