diff --git a/flake.lock b/flake.lock index ad2cb7c..a625c1b 100644 --- a/flake.lock +++ b/flake.lock @@ -935,11 +935,11 @@ ] }, "locked": { - "lastModified": 1720042825, - "narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", + "lastModified": 1726989464, + "narHash": "sha256-Vl+WVTJwutXkimwGprnEtXc/s/s8sMuXzqXaspIGlwM=", "owner": "nix-community", "repo": "home-manager", - "rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", + "rev": "2f23fa308a7c067e52dfcc30a0758f47043ec176", "type": "github" }, "original": { @@ -1519,11 +1519,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1722221733, - "narHash": "sha256-sga9SrrPb+pQJxG1ttJfMPheZvDOxApFfwXCFO0H9xw=", + "lastModified": 1731797254, + "narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=", "owner": "nixos", "repo": "nixpkgs", - "rev": "12bf09802d77264e441f48e25459c10c93eada2e", + "rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59", "type": "github" }, "original": { @@ -1535,11 +1535,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1719707984, - "narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=", + "lastModified": 1728740863, + "narHash": "sha256-u+rxA79a0lyhG+u+oPBRtTDtzz8kvkc9a6SWSt9ekVc=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7dca15289a1c2990efbe4680f0923ce14139b042", + "rev": "a3f9ad65a0bf298ed5847629a57808b97e6e8077", "type": "github" }, "original": { @@ -1555,11 +1555,11 @@ "snowfall-lib": "snowfall-lib" }, "locked": { - "lastModified": 1721741092, - "narHash": "sha256-ghFoP5gZpc1i4I4PiVCH00QNZ6s6ipGUcA0P1TsSSC8=", + "lastModified": 1731604482, + "narHash": "sha256-r75GaDBrZFNHSvhcTR5e0JlgSBALvmwFpgNq58pZ4Pg=", "owner": "matter-labs", "repo": "nixsgx", - "rev": "be2c19592d0d5601184c52c07ab6d88dec07ffd6", + "rev": "4ec107365fb8403b5dddf35f0ef940bc5657af22", "type": "github" }, "original": { @@ -2649,11 +2649,11 @@ }, "unstable": { "locked": { - "lastModified": 1722185531, - "narHash": "sha256-veKR07psFoJjINLC8RK4DiLniGGMgF3QMlS4tb74S6k=", + "lastModified": 1731676054, + "narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=", "owner": "nixos", "repo": "nixpkgs", - "rev": "52ec9ac3b12395ad677e8b62106f0b98c1f8569d", + "rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 9c2af2b..39a7f1c 100644 --- a/flake.nix +++ b/flake.nix @@ -45,7 +45,8 @@ attic.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = inputs: + outputs = + inputs: let lib = inputs.snowfall-lib.mkLib { inherit inputs; @@ -66,9 +67,7 @@ allowUnfree = true; }; - homes.modules = with inputs; [ - neovim-flake.homeManagerModules.default - ]; + homes.modules = with inputs; [ neovim-flake.homeManagerModules.default ]; systems.modules.nixos = with inputs; [ lanzaboote.nixosModules.lanzaboote @@ -79,9 +78,7 @@ attic.nixosModules.atticd ]; - overlays = with inputs; [ - nixsgx-flake.overlays.default - ]; + overlays = with inputs; [ nixsgx-flake.overlays.default ]; outputs-builder = channels: { formatter = channels.nixpkgs.nixfmt-rfc-style; diff --git a/homes/x86_64-darwin/harald@mpro/default.nix b/homes/x86_64-darwin/harald@mpro/default.nix index 752dfe1..139f1e5 100644 --- a/homes/x86_64-darwin/harald@mpro/default.nix +++ b/homes/x86_64-darwin/harald@mpro/default.nix @@ -1,7 +1,8 @@ -{ lib -, pkgs -, config -, ... +{ + lib, + pkgs, + config, + ... }: { home = { @@ -29,4 +30,3 @@ }; }; } - diff --git a/homes/x86_64-linux/harald@mx/default.nix b/homes/x86_64-linux/harald@mx/default.nix index c8ed951..a2f3061 100644 --- a/homes/x86_64-linux/harald@mx/default.nix +++ b/homes/x86_64-linux/harald@mx/default.nix @@ -1,7 +1,8 @@ -{ lib -, pkgs -, config -, ... +{ + lib, + pkgs, + config, + ... }: { home.sessionPath = [ "$HOME/bin" ]; @@ -32,43 +33,44 @@ xdg.enable = true; xdg.mime.enable = true; - /* ***************************************** - systemd.user.services = { - render_blog = { - Service = { - Type = "oneshot"; - Environment = "PATH=/run/current-system/sw/bin"; - ExecStart = toString ( - pkgs.writeShellScript "render_blog.sh" '' - set -eou pipefail - set -x - DIR=/var/tmp/blog.$$ - rm -fr $DIR - mkdir -p $DIR - cd $DIR - echo $HOME - set - git config --list - git clone --recurse-submodules https://git.hoyer.xyz/harald/blog.git - cd blog - ./build.sh - cd /var/tmp - rm -fr $DIR - '' - ); + /* + ***************************************** + systemd.user.services = { + render_blog = { + Service = { + Type = "oneshot"; + Environment = "PATH=/run/current-system/sw/bin"; + ExecStart = toString ( + pkgs.writeShellScript "render_blog.sh" '' + set -eou pipefail + set -x + DIR=/var/tmp/blog.$$ + rm -fr $DIR + mkdir -p $DIR + cd $DIR + echo $HOME + set + git config --list + git clone --recurse-submodules https://git.hoyer.xyz/harald/blog.git + cd blog + ./build.sh + cd /var/tmp + rm -fr $DIR + '' + ); + }; + Install.WantedBy = [ "default.target" ]; + }; }; - Install.WantedBy = [ "default.target" ]; - }; - }; - systemd.user.timers = { - render_blog = { - Timer = { - OnCalendar = "hourly"; + systemd.user.timers = { + render_blog = { + Timer = { + OnCalendar = "hourly"; + }; + Install.WantedBy = [ "timers.target" ]; }; - Install.WantedBy = [ "timers.target" ]; - }; - }; - ***************************** */ + }; + ***************************** + */ } - diff --git a/homes/x86_64-linux/harald@sgx-azure/default.nix b/homes/x86_64-linux/harald@sgx-azure/default.nix index 0f666e2..98e5381 100644 --- a/homes/x86_64-linux/harald@sgx-azure/default.nix +++ b/homes/x86_64-linux/harald@sgx-azure/default.nix @@ -1,7 +1,8 @@ -{ lib -, pkgs -, config -, ... +{ + lib, + pkgs, + config, + ... }: { home = { @@ -12,7 +13,10 @@ }; nix.settings = { - substituters = [ "https://cache.nixos.org" "https://attic.teepot.org/tee-pot" ]; + substituters = [ + "https://cache.nixos.org" + "https://attic.teepot.org/tee-pot" + ]; trusted-public-keys = [ "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg=" @@ -36,4 +40,3 @@ }; }; } - diff --git a/homes/x86_64-linux/harald@sgx-nixos/default.nix b/homes/x86_64-linux/harald@sgx-nixos/default.nix index 59320c9..4a26efe 100644 --- a/homes/x86_64-linux/harald@sgx-nixos/default.nix +++ b/homes/x86_64-linux/harald@sgx-nixos/default.nix @@ -1,7 +1,4 @@ -{ lib -, config -, ... -}: +{ lib, config, ... }: { home.sessionPath = [ "$HOME/bin" ]; @@ -27,4 +24,3 @@ xdg.enable = true; xdg.mime.enable = true; } - diff --git a/homes/x86_64-linux/harald@sgx/default.nix b/homes/x86_64-linux/harald@sgx/default.nix index 59320c9..4a26efe 100644 --- a/homes/x86_64-linux/harald@sgx/default.nix +++ b/homes/x86_64-linux/harald@sgx/default.nix @@ -1,7 +1,4 @@ -{ lib -, config -, ... -}: +{ lib, config, ... }: { home.sessionPath = [ "$HOME/bin" ]; @@ -27,4 +24,3 @@ xdg.enable = true; xdg.mime.enable = true; } - diff --git a/homes/x86_64-linux/harald@t15/default.nix b/homes/x86_64-linux/harald@t15/default.nix index a0a7fff..d2ed44e 100644 --- a/homes/x86_64-linux/harald@t15/default.nix +++ b/homes/x86_64-linux/harald@t15/default.nix @@ -1,7 +1,4 @@ -{ lib -, config -, ... -}: +{ lib, config, ... }: { home.sessionPath = [ "$HOME/bin" ]; @@ -63,4 +60,3 @@ xdg.enable = true; xdg.mime.enable = true; } - diff --git a/homes/x86_64-linux/harald@x1/default.nix b/homes/x86_64-linux/harald@x1/default.nix index a0a7fff..d2ed44e 100644 --- a/homes/x86_64-linux/harald@x1/default.nix +++ b/homes/x86_64-linux/harald@x1/default.nix @@ -1,7 +1,4 @@ -{ lib -, config -, ... -}: +{ lib, config, ... }: { home.sessionPath = [ "$HOME/bin" ]; @@ -63,4 +60,3 @@ xdg.enable = true; xdg.mime.enable = true; } - diff --git a/lib/audio/default.nix b/lib/audio/default.nix index ebe8154..3e5e61c 100644 --- a/lib/audio/default.nix +++ b/lib/audio/default.nix @@ -4,62 +4,96 @@ rec { ## Renames an alsa device from a given `name` using the new `description`. ## #@ { name: String, description: String } -> { matches: List, apply_properties: Attrs } - mkAlsaRename = { name, description }: { - matches = [ - [ - [ "device.name" "matches" name ] - ] - ]; - # actions = { "update-props" = { "node.description" = description; }; }; - apply_properties = { - "device.description" = description; + mkAlsaRename = + { name, description }: + { + matches = [ + [ + [ + "device.name" + "matches" + name + ] + ] + ]; + # actions = { "update-props" = { "node.description" = description; }; }; + apply_properties = { + "device.description" = description; + }; }; - }; ## Create a pipewire audio node. ## #@ { name: String, factory: String ? "adapter", ... } -> { factory: String, args: Attrs } - mkAudioNode = args@{ name, factory ? "adapter", ... }: { - inherit factory; - args = (builtins.removeAttrs args [ "name" "description" ]) // { - "node.name" = name; - "node.description" = args.description or args."node.description"; - "factory.name" = args."factory.name" or "support.null-audio-sink"; + mkAudioNode = + args@{ + name, + factory ? "adapter", + ... + }: + { + inherit factory; + args = + (builtins.removeAttrs args [ + "name" + "description" + ]) + // { + "node.name" = name; + "node.description" = args.description or args."node.description"; + "factory.name" = args."factory.name" or "support.null-audio-sink"; + }; }; - }; ## Create a virtual pipewire audio node. ## #@ { name: String, ... } -> { factory: "adapter", args: Attrs } - mkVirtualAudioNode = args@{ name, ... }: - mkAudioNode (args // { - name = "virtual-${lib.toLower name}-audio"; - description = "${name} (Virtual)"; - "media.class" = args.class or args."media.class" or "Audio/Duplex"; - "object.linger" = args."object.linger" or true; - "audio.position" = args."audio.position" or [ "FL" "FR" ]; - "monitor.channel-volumes" = args."monitor.channel-volumes" or true; - }); + mkVirtualAudioNode = + args@{ name, ... }: + mkAudioNode ( + args + // { + name = "virtual-${lib.toLower name}-audio"; + description = "${name} (Virtual)"; + "media.class" = args.class or args."media.class" or "Audio/Duplex"; + "object.linger" = args."object.linger" or true; + "audio.position" = + args."audio.position" or [ + "FL" + "FR" + ]; + "monitor.channel-volumes" = args."monitor.channel-volumes" or true; + } + ); ## Connect two pipewire audio nodes ## #@ { name: String?, from: String, to: String, ... } -> { name: "libpipewire-module-loopback", args: Attrs } - mkBridgeAudioModule = args@{ from, to, ... }: { - name = "libpipewire-module-loopback"; - args = (builtins.removeAttrs args [ "from" "to" "name" ]) // { - "node.name" = - if args ? name then - "${args.name}-bridge" - else - "${lib.toLower from}-to-${lib.toLower to}-bridge"; - "audio.position" = args."audio.position" or [ "FL" "FR" ]; - "capture.props" = { - "node.target" = from; - } // (args."capture.props" or { }); - "playback.props" = { - "node.target" = to; - "monitor.channel-volumes" = true; - } // (args."playback.props" or { }); + mkBridgeAudioModule = + args@{ from, to, ... }: + { + name = "libpipewire-module-loopback"; + args = + (builtins.removeAttrs args [ + "from" + "to" + "name" + ]) + // { + "node.name" = + if args ? name then "${args.name}-bridge" else "${lib.toLower from}-to-${lib.toLower to}-bridge"; + "audio.position" = + args."audio.position" or [ + "FL" + "FR" + ]; + "capture.props" = { + "node.target" = from; + } // (args."capture.props" or { }); + "playback.props" = { + "node.target" = to; + "monitor.channel-volumes" = true; + } // (args."playback.props" or { }); + }; }; - }; } diff --git a/lib/default.nix b/lib/default.nix index 61216de..326bfed 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,4 +1,8 @@ -{ lib, inputs, snowfall-inputs }: +{ + lib, + inputs, + snowfall-inputs, +}: rec { ## Override a package's metadata @@ -13,7 +17,8 @@ rec { ## ``` ## #@ Attrs -> Package -> Package - override-meta = meta: package: + override-meta = + meta: package: package.overrideAttrs (attrs: { meta = (attrs.meta or { }) // meta; }); diff --git a/lib/deploy/default.nix b/lib/deploy/default.nix index ea2b05f..1df2ab8 100644 --- a/lib/deploy/default.nix +++ b/lib/deploy/default.nix @@ -16,36 +16,42 @@ rec { ## ``` ## #@ { self: Flake, overrides: Attrs ? {} } -> Attrs - mkDeploy = { self, overrides ? { } }: + mkDeploy = + { + self, + overrides ? { }, + }: let hosts = self.nixosConfigurations or { }; names = builtins.attrNames hosts; - nodes = lib.foldl - (result: name: - let - host = hosts.${name}; - user = host.config.metacfg.user.name or null; - inherit (host.pkgs) system; - in - result // { - ${name} = (overrides.${name} or { }) // { - hostname = overrides.${name}.hostname or "${name}"; - profiles = (overrides.${name}.profiles or { }) // { - system = (overrides.${name}.profiles.system or { }) // { + nodes = lib.foldl ( + result: name: + let + host = hosts.${name}; + user = host.config.metacfg.user.name or null; + inherit (host.pkgs) system; + in + result + // { + ${name} = (overrides.${name} or { }) // { + hostname = overrides.${name}.hostname or "${name}"; + profiles = (overrides.${name}.profiles or { }) // { + system = + (overrides.${name}.profiles.system or { }) + // { path = deploy-rs.lib.${system}.activate.nixos host; - } // lib.optionalAttrs (user != null) { + } + // lib.optionalAttrs (user != null) { user = "root"; sshUser = user; - } // lib.optionalAttrs - (host.config.metacfg.security.doas.enable or false) - { - sudo = "doas -u"; - }; - }; + } + // lib.optionalAttrs (host.config.metacfg.security.doas.enable or false) { sudo = "doas -u"; }; }; - }) - { } - names; + }; + } + ) { } names; in - { inherit nodes; }; + { + inherit nodes; + }; } diff --git a/lib/module/default.nix b/lib/module/default.nix index 48e53c6..a55477d 100644 --- a/lib/module/default.nix +++ b/lib/module/default.nix @@ -1,6 +1,7 @@ { lib, ... }: -with lib; rec { +with lib; +rec { ## Create a NixOS module option. ## ## ```nix @@ -8,7 +9,8 @@ with lib; rec { ## ``` ## #@ Type -> Any -> String - mkOpt = type: default: description: + mkOpt = + type: default: description: mkOption { inherit type default description; }; ## Create a NixOS module option without a description. diff --git a/lib/network/default.nix b/lib/network/default.nix index 5b1033a..29944e7 100644 --- a/lib/network/default.nix +++ b/lib/network/default.nix @@ -1,4 +1,8 @@ -{ lib, inputs, snowfall-inputs }: +{ + lib, + inputs, + snowfall-inputs, +}: let inherit (inputs.nixpkgs.lib) assertMsg last; @@ -9,14 +13,17 @@ in # Type: String -> Attrs # Usage: get-address-parts "bismuth:3000" # result: { host = "bismuth"; port = "3000"; } - get-address-parts = address: + get-address-parts = + address: let address-parts = builtins.split ":" address; ip = builtins.head address-parts; host = if ip == "" then "127.0.0.1" else ip; port = if builtins.length address-parts != 3 then "" else last address-parts; in - { inherit host port; }; + { + inherit host port; + }; ## Create proxy configuration for NGINX virtual hosts. ## @@ -33,22 +40,23 @@ in ## #@ { port: Int ? null, host: String ? "127.0.0.1", proxy-web-sockets: Bool ? false, extra-config: Attrs ? { } } -> Attrs create-proxy = - { port ? null - , host ? "127.0.0.1" - , proxy-web-sockets ? false - , extra-config ? { } + { + port ? null, + host ? "127.0.0.1", + proxy-web-sockets ? false, + extra-config ? { }, }: - assert assertMsg (port != "" && port != null) "port cannot be empty"; - assert assertMsg (host != "") "host cannot be empty"; - extra-config // { - locations = (extra-config.locations or { }) // { - "/" = (extra-config.locations."/" or { }) // { - proxyPass = - "http://${host}${if port != null then ":${builtins.toString port}" else ""}"; + assert assertMsg (port != "" && port != null) "port cannot be empty"; + assert assertMsg (host != "") "host cannot be empty"; + extra-config + // { + locations = (extra-config.locations or { }) // { + "/" = (extra-config.locations."/" or { }) // { + proxyPass = "http://${host}${if port != null then ":${builtins.toString port}" else ""}"; - proxyWebsockets = proxy-web-sockets; - }; + proxyWebsockets = proxy-web-sockets; }; }; + }; }; } diff --git a/modules/darwin/home/default.nix b/modules/darwin/home/default.nix index d75b42c..a99544b 100644 --- a/modules/darwin/home/default.nix +++ b/modules/darwin/home/default.nix @@ -1,4 +1,11 @@ -{ options, config, pkgs, lib, inputs, ... }: +{ + options, + config, + pkgs, + lib, + inputs, + ... +}: with lib; with lib.metacfg; @@ -11,10 +18,10 @@ in # ]; options.metacfg.home = with types; { - file = mkOpt attrs { } - "A set of files to be managed by home-manager's ."; - configFile = mkOpt attrs { } - "A set of files to be managed by home-manager's ."; + file = mkOpt attrs { } "A set of files to be managed by home-manager's ."; + configFile = + mkOpt attrs { } + "A set of files to be managed by home-manager's ."; extraOptions = mkOpt attrs { } "Options to pass directly to home-manager."; homeConfig = mkOpt attrs { } "Final config for home-manager."; }; diff --git a/modules/darwin/nix/default.nix b/modules/darwin/nix/default.nix index 50bc1b4..b0e5ec4 100644 --- a/modules/darwin/nix/default.nix +++ b/modules/darwin/nix/default.nix @@ -1,11 +1,13 @@ -{ options -, config -, pkgs -, lib -, ... +{ + options, + config, + pkgs, + lib, + ... }: with lib; -with lib.metacfg; let +with lib.metacfg; +let cfg = config.metacfg.nix; in { @@ -24,7 +26,10 @@ in nix = let - users = [ "root" config.metacfg.user.name ]; + users = [ + "root" + config.metacfg.user.name + ]; in { package = cfg.package; @@ -60,7 +65,9 @@ in gc = { automatic = true; - interval = { Day = 7; }; + interval = { + Day = 7; + }; options = "--delete-older-than 30d"; user = config.metacfg.user.name; }; diff --git a/modules/darwin/security/gpg/default.nix b/modules/darwin/security/gpg/default.nix index 97984ba..ea9a5e8 100644 --- a/modules/darwin/security/gpg/default.nix +++ b/modules/darwin/security/gpg/default.nix @@ -1,4 +1,10 @@ -{ lib, config, pkgs, inputs, ... }: +{ + lib, + config, + pkgs, + inputs, + ... +}: let inherit (lib) types mkEnableOption mkIf; @@ -21,9 +27,7 @@ in }; config = mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - gnupg - ]; + environment.systemPackages = with pkgs; [ gnupg ]; environment.shellInit = '' export GPG_TTY="$(tty)" diff --git a/modules/darwin/services/base/default.nix b/modules/darwin/services/base/default.nix index ee44c19..96275da 100644 --- a/modules/darwin/services/base/default.nix +++ b/modules/darwin/services/base/default.nix @@ -1,8 +1,9 @@ -{ options -, config -, lib -, pkgs -, ... +{ + options, + config, + lib, + pkgs, + ... }: with lib; with lib.metacfg; @@ -37,7 +38,10 @@ in wget starship ]; - shells = [ pkgs.fish pkgs.bash ]; + shells = [ + pkgs.fish + pkgs.bash + ]; }; programs = { diff --git a/modules/darwin/services/nix-daemon/default.nix b/modules/darwin/services/nix-daemon/default.nix index 0efa94d..bcd11b0 100644 --- a/modules/darwin/services/nix-daemon/default.nix +++ b/modules/darwin/services/nix-daemon/default.nix @@ -11,7 +11,5 @@ in enable = mkOpt types.bool true "Whether to enable the Nix daemon."; }; - config = mkIf cfg.enable { - services.nix-daemon = enabled; - }; + config = mkIf cfg.enable { services.nix-daemon = enabled; }; } diff --git a/modules/darwin/suites/common/default.nix b/modules/darwin/suites/common/default.nix index c684f73..4cb7bf1 100644 --- a/modules/darwin/suites/common/default.nix +++ b/modules/darwin/suites/common/default.nix @@ -1,4 +1,10 @@ -{ options, config, lib, pkgs, ... }: +{ + options, + config, + lib, + pkgs, + ... +}: with lib; with lib.metacfg; diff --git a/modules/darwin/system/fonts/default.nix b/modules/darwin/system/fonts/default.nix index f8eecf8..4d73854 100644 --- a/modules/darwin/system/fonts/default.nix +++ b/modules/darwin/system/fonts/default.nix @@ -1,8 +1,15 @@ -{ options, config, pkgs, lib, ... }: +{ + options, + config, + pkgs, + lib, + ... +}: with lib; with lib.metacfg; -let cfg = config.metacfg.system.fonts; +let + cfg = config.metacfg.system.fonts; in { options.metacfg.system.fonts = with types; { @@ -17,14 +24,16 @@ in }; fonts = { - packages = with pkgs; + packages = + with pkgs; [ noto-fonts noto-fonts-cjk-sans noto-fonts-cjk-serif noto-fonts-emoji (nerdfonts.override { fonts = [ "Hack" ]; }) - ] ++ cfg.fonts; + ] + ++ cfg.fonts; }; }; } diff --git a/modules/darwin/system/interface/default.nix b/modules/darwin/system/interface/default.nix index 4a245dd..717f37b 100644 --- a/modules/darwin/system/interface/default.nix +++ b/modules/darwin/system/interface/default.nix @@ -1,8 +1,15 @@ -{ options, config, pkgs, lib, ... }: +{ + options, + config, + pkgs, + lib, + ... +}: with lib; with lib.metacfg; -let cfg = config.metacfg.system.interface; +let + cfg = config.metacfg.system.interface; in { options.metacfg.system.interface = with types; { @@ -10,25 +17,26 @@ in }; config = mkIf cfg.enable { - system.activationScripts.applications.text = let - env = pkgs.buildEnv { - name = "system-applications"; - paths = config.environment.systemPackages; - pathsToLink = "/Applications"; - }; - in + system.activationScripts.applications.text = + let + env = pkgs.buildEnv { + name = "system-applications"; + paths = config.environment.systemPackages; + pathsToLink = "/Applications"; + }; + in lib.mkForce '' - # Set up applications. - echo "setting up /Applications..." >&2 - rm -rf /Applications/Nix\ Apps - mkdir -p /Applications/Nix\ Apps - find ${env}/Applications -maxdepth 1 -type l -exec readlink '{}' + | - while read -r src; do - app_name=$(basename "$src") - echo "copying $src" >&2 - ${pkgs.mkalias}/bin/mkalias "$src" "/Applications/Nix Apps/$app_name" - done - ''; + # Set up applications. + echo "setting up /Applications..." >&2 + rm -rf /Applications/Nix\ Apps + mkdir -p /Applications/Nix\ Apps + find ${env}/Applications -maxdepth 1 -type l -exec readlink '{}' + | + while read -r src; do + app_name=$(basename "$src") + echo "copying $src" >&2 + ${pkgs.mkalias}/bin/mkalias "$src" "/Applications/Nix Apps/$app_name" + done + ''; system.defaults = { dock.autohide = true; diff --git a/modules/darwin/user/default.nix b/modules/darwin/user/default.nix index 78a3813..8de684c 100644 --- a/modules/darwin/user/default.nix +++ b/modules/darwin/user/default.nix @@ -1,7 +1,8 @@ -{ lib -, config -, pkgs -, ... +{ + lib, + config, + pkgs, + ... }: let inherit (lib) types mkIf mkDefault; diff --git a/modules/home/cli-apps/bash/default.nix b/modules/home/cli-apps/bash/default.nix index eb850b8..3f6c29f 100644 --- a/modules/home/cli-apps/bash/default.nix +++ b/modules/home/cli-apps/bash/default.nix @@ -1,7 +1,8 @@ -{ lib -, config -, pkgs -, ... +{ + lib, + config, + pkgs, + ... }: let inherit (lib) mkEnableOption mkIf; @@ -14,9 +15,7 @@ in }; config = mkIf cfg.enable { - home.packages = with pkgs; [ - bashInteractive - ]; + home.packages = with pkgs; [ bashInteractive ]; programs.bash = { enable = true; initExtra = '' diff --git a/modules/home/cli-apps/bat/default.nix b/modules/home/cli-apps/bat/default.nix index 5b99051..fd5bec4 100644 --- a/modules/home/cli-apps/bat/default.nix +++ b/modules/home/cli-apps/bat/default.nix @@ -1,10 +1,12 @@ -{ lib -, config -, pkgs -, ... +{ + lib, + config, + pkgs, + ... }: with lib; -with lib.metacfg; let +with lib.metacfg; +let cfg = config.metacfg.cli-apps.bat; in { @@ -16,7 +18,12 @@ in programs.bat = { enable = true; config.theme = "ansi"; - extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ]; + extraPackages = with pkgs.bat-extras; [ + batdiff + batman + batgrep + batwatch + ]; }; }; } diff --git a/modules/home/cli-apps/fish/default.nix b/modules/home/cli-apps/fish/default.nix index 3a62572..e1247fd 100644 --- a/modules/home/cli-apps/fish/default.nix +++ b/modules/home/cli-apps/fish/default.nix @@ -1,7 +1,8 @@ -{ lib -, config -, pkgs -, ... +{ + lib, + config, + pkgs, + ... }: let inherit (lib) mkEnableOption mkIf; @@ -33,15 +34,17 @@ in end ''; - plugins = [{ - name = "foreign-env"; - src = pkgs.fetchFromGitHub { - owner = "oh-my-fish"; - repo = "plugin-foreign-env"; - rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc"; - sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs"; - }; - }]; + plugins = [ + { + name = "foreign-env"; + src = pkgs.fetchFromGitHub { + owner = "oh-my-fish"; + repo = "plugin-foreign-env"; + rev = "dddd9213272a0ab848d474d0cbde12ad034e65bc"; + sha256 = "00xqlyl3lffc5l0viin1nyp819wf81fncqyz87jx8ljjdhilmgbs"; + }; + } + ]; # shellInit = # '' diff --git a/modules/home/cli-apps/home-manager/default.nix b/modules/home/cli-apps/home-manager/default.nix index de21236..eaf7586 100644 --- a/modules/home/cli-apps/home-manager/default.nix +++ b/modules/home/cli-apps/home-manager/default.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let inherit (lib) mkEnableOption mkIf; @@ -24,8 +29,6 @@ in man = "${pkgs.bat-extras.batman}/bin/batman"; }; - home.packages = with pkgs; [ - vim - ]; + home.packages = with pkgs; [ vim ]; }; } diff --git a/modules/home/cli-apps/neovim/default.nix b/modules/home/cli-apps/neovim/default.nix index 9f82fda..0744213 100644 --- a/modules/home/cli-apps/neovim/default.nix +++ b/modules/home/cli-apps/neovim/default.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let inherit (lib) mkEnableOption mkIf; @@ -199,7 +204,10 @@ in nix = 110; ruby = 120; java = 130; - go = [ 90 130 ]; + go = [ + 90 + 130 + ]; }; }; }; @@ -223,7 +231,10 @@ in comment-nvim.enable = true; }; - vim.spellChecking.languages = [ "en" "de" ]; + vim.spellChecking.languages = [ + "en" + "de" + ]; }; }; }; diff --git a/modules/home/cli-apps/starship/default.nix b/modules/home/cli-apps/starship/default.nix index 4f0d6d3..943dd87 100644 --- a/modules/home/cli-apps/starship/default.nix +++ b/modules/home/cli-apps/starship/default.nix @@ -1,7 +1,8 @@ -{ lib -, config -, pkgs -, ... +{ + lib, + config, + pkgs, + ... }: let inherit (lib) mkEnableOption mkIf; @@ -15,16 +16,22 @@ in config = mkIf cfg.enable { home.packages = with pkgs; [ - (pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) + (pkgs.nerdfonts.override { + fonts = [ + "FiraCode" + "DroidSansMono" + "JetBrainsMono" + ]; + }) ]; programs.starship = { enable = true; settings = { container.format = "[\\[$name\\]]($style) "; git_status = { - ahead = "⇡$\{count}"; - diverged = "⇕⇡$\{ahead_count}⇣$\{behind_count}"; - behind = "⇣$\{count}"; + ahead = "⇡\${count}"; + diverged = "⇕⇡\${ahead_count}⇣\${behind_count}"; + behind = "⇣\${count}"; }; }; }; diff --git a/modules/home/cli-apps/tmux/default.nix b/modules/home/cli-apps/tmux/default.nix index 336e82f..82ba6ba 100644 --- a/modules/home/cli-apps/tmux/default.nix +++ b/modules/home/cli-apps/tmux/default.nix @@ -1,10 +1,12 @@ -{ lib -, config -, pkgs -, ... +{ + lib, + config, + pkgs, + ... }: with lib; -with lib.metacfg; let +with lib.metacfg; +let cfg = config.metacfg.cli-apps.tmux; in { @@ -12,9 +14,5 @@ in enable = mkEnableOption "Tmux"; }; - config = mkIf cfg.enable { - home.packages = with pkgs; [ - tmux - ]; - }; + config = mkIf cfg.enable { home.packages = with pkgs; [ tmux ]; }; } diff --git a/modules/home/host/default.nix b/modules/home/host/default.nix index 4aaba8a..1fa62a6 100644 --- a/modules/home/host/default.nix +++ b/modules/home/host/default.nix @@ -1,4 +1,11 @@ -{ lib, config, pkgs, host ? null, format ? "unknown", ... }: +{ + lib, + config, + pkgs, + host ? null, + format ? "unknown", + ... +}: let inherit (lib) types; diff --git a/modules/home/tools/alacritty/default.nix b/modules/home/tools/alacritty/default.nix index aad2262..a0b4a3b 100644 --- a/modules/home/tools/alacritty/default.nix +++ b/modules/home/tools/alacritty/default.nix @@ -1,7 +1,8 @@ -{ lib -, config -, pkgs -, ... +{ + lib, + config, + pkgs, + ... }: let inherit (lib) mkEnableOption mkIf; @@ -16,7 +17,13 @@ in config = mkIf cfg.enable { home.packages = with pkgs; [ alacritty - (pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) + (pkgs.nerdfonts.override { + fonts = [ + "FiraCode" + "DroidSansMono" + "JetBrainsMono" + ]; + }) ]; }; } diff --git a/modules/home/tools/direnv/default.nix b/modules/home/tools/direnv/default.nix index a1c83bf..71315cf 100644 --- a/modules/home/tools/direnv/default.nix +++ b/modules/home/tools/direnv/default.nix @@ -1,8 +1,15 @@ -{ options, config, lib, pkgs, ... }: +{ + options, + config, + lib, + pkgs, + ... +}: with lib; with lib.metacfg; -let cfg = config.metacfg.tools.direnv; +let + cfg = config.metacfg.tools.direnv; in { options.metacfg.tools.direnv = with types; { diff --git a/modules/home/tools/git/default.nix b/modules/home/tools/git/default.nix index 75002df..92c38d8 100644 --- a/modules/home/tools/git/default.nix +++ b/modules/home/tools/git/default.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let inherit (lib) types mkEnableOption mkIf; @@ -13,7 +18,8 @@ in userName = mkOpt types.str user.fullName "The name to configure git with."; userEmail = mkOpt types.str user.email "The email to configure git with."; signingKey = - mkOpt types.str "7F3D64824AC0B6B8009E50504BC0896FB5693595" "The key ID to sign commits with."; + mkOpt types.str "7F3D64824AC0B6B8009E50504BC0896FB5693595" + "The key ID to sign commits with."; signByDefault = mkOpt types.bool false "Whether to sign commits by default."; }; @@ -32,10 +38,18 @@ in inherit (cfg) signByDefault; }; extraConfig = { - init = { defaultBranch = "main"; }; - pull = { rebase = true; }; - push = { autoSetupRemote = true; }; - core = { whitespace = "trailing-space,space-before-tab"; }; + init = { + defaultBranch = "main"; + }; + pull = { + rebase = true; + }; + push = { + autoSetupRemote = true; + }; + core = { + whitespace = "trailing-space,space-before-tab"; + }; safe = { directory = "${user.home}/git"; }; diff --git a/modules/home/tools/jetbrains/default.nix b/modules/home/tools/jetbrains/default.nix index e2f934b..fff08fe 100644 --- a/modules/home/tools/jetbrains/default.nix +++ b/modules/home/tools/jetbrains/default.nix @@ -1,8 +1,15 @@ -{ options, config, lib, pkgs, ... }: +{ + options, + config, + lib, + pkgs, + ... +}: with lib; with lib.metacfg; -let cfg = config.metacfg.tools.jetbrains; +let + cfg = config.metacfg.tools.jetbrains; in { options.metacfg.tools.jetbrains = with types; { @@ -10,12 +17,16 @@ in }; config = mkIf cfg.enable { - home.sessionPath = [ - "$HOME/.local/share/JetBrains/Toolbox/scripts" - ]; + home.sessionPath = [ "$HOME/.local/share/JetBrains/Toolbox/scripts" ]; home.packages = with pkgs; [ jetbrains-toolbox - (pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) + (pkgs.nerdfonts.override { + fonts = [ + "FiraCode" + "DroidSansMono" + "JetBrainsMono" + ]; + }) ]; }; } diff --git a/modules/home/tools/ssh/default.nix b/modules/home/tools/ssh/default.nix index 9278a73..9c71e6e 100644 --- a/modules/home/tools/ssh/default.nix +++ b/modules/home/tools/ssh/default.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let inherit (lib) types mkEnableOption mkIf; @@ -10,9 +15,7 @@ in }; config = mkIf cfg.enable { - home.packages = with pkgs; [ - mosh - ]; + home.packages = with pkgs; [ mosh ]; programs.ssh = { enable = true; extraConfig = '' diff --git a/modules/home/user/default.nix b/modules/home/user/default.nix index 49dcd68..5df5283 100644 --- a/modules/home/user/default.nix +++ b/modules/home/user/default.nix @@ -1,7 +1,18 @@ -{ lib, config, pkgs, osConfig ? { }, ... }: +{ + lib, + config, + pkgs, + osConfig ? { }, + ... +}: let - inherit (lib) types mkIf mkDefault mkMerge; + inherit (lib) + types + mkIf + mkDefault + mkMerge + ; inherit (lib.metacfg) mkOpt; cfg = config.metacfg.user; diff --git a/modules/nixos/home/default.nix b/modules/nixos/home/default.nix index c7e9591..cdd66ec 100644 --- a/modules/nixos/home/default.nix +++ b/modules/nixos/home/default.nix @@ -1,15 +1,23 @@ -{ options, config, pkgs, lib, inputs, ... }: +{ + options, + config, + pkgs, + lib, + inputs, + ... +}: with lib; with lib.metacfg; -let cfg = config.metacfg.home; +let + cfg = config.metacfg.home; in { options.metacfg.home = with types; { - file = mkOpt attrs { } - (mdDoc "A set of files to be managed by home-manager's `home.file`."); - configFile = mkOpt attrs { } - (mdDoc "A set of files to be managed by home-manager's `xdg.configFile`."); + file = mkOpt attrs { } (mdDoc "A set of files to be managed by home-manager's `home.file`."); + configFile = mkOpt attrs { } ( + mdDoc "A set of files to be managed by home-manager's `xdg.configFile`." + ); extraOptions = mkOpt attrs { } "Options to pass directly to home-manager."; }; @@ -25,8 +33,7 @@ in useUserPackages = true; useGlobalPkgs = true; - users.${config.metacfg.user.name} = - mkAliasDefinitions options.metacfg.home.extraOptions; + users.${config.metacfg.user.name} = mkAliasDefinitions options.metacfg.home.extraOptions; }; }; } diff --git a/modules/nixos/nix-ld/default.nix b/modules/nixos/nix-ld/default.nix index 3878c83..f775e7b 100644 --- a/modules/nixos/nix-ld/default.nix +++ b/modules/nixos/nix-ld/default.nix @@ -1,8 +1,15 @@ -{ options, config, lib, pkgs, ... }: +{ + options, + config, + lib, + pkgs, + ... +}: with lib; with lib.metacfg; -let cfg = config.metacfg.nix-ld; +let + cfg = config.metacfg.nix-ld; in { options.metacfg.nix-ld = with types; { diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix index 25e49ed..fe7ba58 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix/default.nix @@ -1,15 +1,25 @@ -{ options, config, pkgs, lib, inputs, ... }: +{ + options, + config, + pkgs, + lib, + inputs, + ... +}: with lib; with lib.metacfg; let cfg = config.metacfg.nix; - substituters-submodule = types.submodule ({ name, ... }: { - options = with types; { - key = mkOpt (nullOr str) null "The trusted public key for this substituter."; - }; - }); + substituters-submodule = types.submodule ( + { name, ... }: + { + options = with types; { + key = mkOpt (nullOr str) null "The trusted public key for this substituter."; + }; + } + ); in { options.metacfg.nix = with types; { @@ -18,25 +28,23 @@ in default-substituter = { url = mkOpt str "https://cache.nixos.org" "The url for the substituter."; - key = mkOpt str "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "The trusted public key for the substituter."; + key = + mkOpt str "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "The trusted public key for the substituter."; }; extra-substituters = mkOpt (attrsOf substituters-submodule) { } "Extra substituters to configure."; }; config = mkIf cfg.enable { - assertions = mapAttrsToList - (name: value: { - assertion = value.key != null; - message = "metacfg.nix.extra-substituters.${name}.key must be set"; - }) - cfg.extra-substituters; + assertions = mapAttrsToList (name: value: { + assertion = value.key != null; + message = "metacfg.nix.extra-substituters.${name}.key must be set"; + }) cfg.extra-substituters; environment.systemPackages = with pkgs; [ metacfg.nixos-revision - (metacfg.nixos-hosts.override { - hosts = inputs.self.nixosConfigurations; - }) + (metacfg.nixos-hosts.override { hosts = inputs.self.nixosConfigurations; }) deploy-rs nixfmt nix-index @@ -48,8 +56,10 @@ in nix = let - users = [ "root" config.metacfg.user.name ] ++ - optional config.services.hydra.enable "hydra"; + users = [ + "root" + config.metacfg.user.name + ] ++ optional config.services.hydra.enable "hydra"; extra-substituters = cfg.extra-substituters // { "https://attic.teepot.org/tee-pot".key = "tee-pot:SS6HcrpG87S1M6HZGPsfo7d1xJccCGev7/tXc5+I4jg="; }; @@ -57,29 +67,29 @@ in { package = cfg.package; - settings = { - experimental-features = "nix-command flakes"; - http-connections = 50; - warn-dirty = false; - log-lines = 50; - sandbox = true; - auto-optimise-store = true; - trusted-users = users; - allowed-users = users; + settings = + { + experimental-features = "nix-command flakes"; + http-connections = 50; + warn-dirty = false; + log-lines = 50; + sandbox = true; + auto-optimise-store = true; + trusted-users = users; + allowed-users = users; - substituters = - [ cfg.default-substituter.url ] - ++ - (mapAttrsToList (name: value: name) extra-substituters); - trusted-public-keys = - [ cfg.default-substituter.key ] - ++ - (mapAttrsToList (name: value: value.key) extra-substituters); + substituters = [ + cfg.default-substituter.url + ] ++ (mapAttrsToList (name: value: name) extra-substituters); + trusted-public-keys = [ + cfg.default-substituter.key + ] ++ (mapAttrsToList (name: value: value.key) extra-substituters); - } // (lib.optionalAttrs config.metacfg.tools.direnv.enable { - keep-outputs = true; - keep-derivations = true; - }); + } + // (lib.optionalAttrs config.metacfg.tools.direnv.enable { + keep-outputs = true; + keep-derivations = true; + }); gc = { automatic = true; diff --git a/modules/nixos/services/base/default.nix b/modules/nixos/services/base/default.nix index a2cb2e7..f745ac3 100644 --- a/modules/nixos/services/base/default.nix +++ b/modules/nixos/services/base/default.nix @@ -1,8 +1,9 @@ -{ options -, config -, lib -, pkgs -, ... +{ + options, + config, + lib, + pkgs, + ... }: with lib; with lib.metacfg; @@ -39,7 +40,9 @@ in }; environment = { - sessionVariables = { PATH = "$HOME/bin"; }; + sessionVariables = { + PATH = "$HOME/bin"; + }; systemPackages = with pkgs; [ age bash @@ -73,7 +76,10 @@ in "$@" '') ]; - shells = [ pkgs.fish pkgs.bash ]; + shells = [ + pkgs.fish + pkgs.bash + ]; }; hardware = { diff --git a/modules/nixos/services/gui/default.nix b/modules/nixos/services/gui/default.nix index c8d88fb..f5ce0df 100644 --- a/modules/nixos/services/gui/default.nix +++ b/modules/nixos/services/gui/default.nix @@ -1,8 +1,15 @@ -{ options, config, lib, pkgs, ... }: +{ + options, + config, + lib, + pkgs, + ... +}: with lib; with lib.metacfg; -let cfg = config.metacfg.gui; +let + cfg = config.metacfg.gui; in { options.metacfg.gui = with types; { @@ -150,7 +157,13 @@ in noto-fonts-emoji liberation_ttf freefont_ttf - (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "JetBrainsMono" ]; }) + (nerdfonts.override { + fonts = [ + "FiraCode" + "DroidSansMono" + "JetBrainsMono" + ]; + }) ]; fontconfig = { diff --git a/modules/nixos/services/homeprinter/default.nix b/modules/nixos/services/homeprinter/default.nix index c5ab726..e54bd26 100644 --- a/modules/nixos/services/homeprinter/default.nix +++ b/modules/nixos/services/homeprinter/default.nix @@ -1,8 +1,15 @@ -{ options, config, lib, pkgs, ... }: +{ + options, + config, + lib, + pkgs, + ... +}: with lib; with lib.metacfg; -let cfg = config.metacfg.homeprinter; +let + cfg = config.metacfg.homeprinter; in { options.metacfg.homeprinter = with types; { diff --git a/modules/nixos/services/podman/default.nix b/modules/nixos/services/podman/default.nix index 51e0d63..7443a40 100644 --- a/modules/nixos/services/podman/default.nix +++ b/modules/nixos/services/podman/default.nix @@ -1,8 +1,15 @@ -{ options, config, lib, pkgs, ... }: +{ + options, + config, + lib, + pkgs, + ... +}: with lib; with lib.metacfg; -let cfg = config.metacfg.podman; +let + cfg = config.metacfg.podman; in { options.metacfg.podman = with types; { @@ -18,7 +25,9 @@ in dockerCompat = lib.mkDefault true; # For Nixos version > 22.11 - defaultNetwork.settings = { dns_enabled = true; }; + defaultNetwork.settings = { + dns_enabled = true; + }; }; }; }; diff --git a/modules/nixos/services/secureboot/default.nix b/modules/nixos/services/secureboot/default.nix index e0e51d4..6c88bc0 100644 --- a/modules/nixos/services/secureboot/default.nix +++ b/modules/nixos/services/secureboot/default.nix @@ -1,8 +1,15 @@ -{ options, config, lib, pkgs, ... }: +{ + options, + config, + lib, + pkgs, + ... +}: with lib; with lib.metacfg; -let cfg = config.metacfg.secureboot; +let + cfg = config.metacfg.secureboot; in { options.metacfg.secureboot = with types; { diff --git a/modules/nixos/sgx/aesmd_dcap/default.nix b/modules/nixos/sgx/aesmd_dcap/default.nix index 79a32fb..496a029 100644 --- a/modules/nixos/sgx/aesmd_dcap/default.nix +++ b/modules/nixos/sgx/aesmd_dcap/default.nix @@ -1,4 +1,10 @@ -{ options, config, lib, pkgs, ... }: +{ + options, + config, + lib, + pkgs, + ... +}: with lib; with lib.metacfg; @@ -21,14 +27,15 @@ in quoteProviderLibrary = pkgs.nixsgx.sgx-dcap.default_qpl; }; systemd.services.aesmd = { - environment.LD_LIBRARY_PATH = lib.mkForce (lib.makeLibraryPath [ pkgs.nixsgx.sgx-dcap.default_qpl pkgs.curl.out ]); + environment.LD_LIBRARY_PATH = lib.mkForce ( + lib.makeLibraryPath [ + pkgs.nixsgx.sgx-dcap.default_qpl + pkgs.curl.out + ] + ); serviceConfig = { - BindReadOnlyPaths = [ - "/etc/sgx_default_qcnl.conf" - ]; - BindPaths = [ - "/dev/log" - ]; + BindReadOnlyPaths = [ "/etc/sgx_default_qcnl.conf" ]; + BindPaths = [ "/dev/log" ]; }; }; }; diff --git a/modules/nixos/sgx/pccs/default.nix b/modules/nixos/sgx/pccs/default.nix index 92a0eaa..165d2d8 100644 --- a/modules/nixos/sgx/pccs/default.nix +++ b/modules/nixos/sgx/pccs/default.nix @@ -1,4 +1,10 @@ -{ options, config, lib, pkgs, ... }: +{ + options, + config, + lib, + pkgs, + ... +}: with lib; with lib.metacfg; @@ -49,21 +55,19 @@ in }; }; - systemd.services.pccs-secret = - { - description = "Inject pccs secret"; - wantedBy = [ "multi-user.target" ]; - before = [ "podman-pccs.service" ]; + systemd.services.pccs-secret = { + description = "Inject pccs secret"; + wantedBy = [ "multi-user.target" ]; + before = [ "podman-pccs.service" ]; - serviceConfig = { - EnvironmentFile = cfg.secret; - ExecStart = '' - -${pkgs.podman}/bin/podman secret create --env PCCS_CONFIG PCCS_CONFIG - ''; - RemainAfterExit = true; - }; + serviceConfig = { + EnvironmentFile = cfg.secret; + ExecStart = '' + -${pkgs.podman}/bin/podman secret create --env PCCS_CONFIG PCCS_CONFIG + ''; + RemainAfterExit = true; }; - + }; }; } diff --git a/modules/nixos/tools/direnv/default.nix b/modules/nixos/tools/direnv/default.nix index c6c6066..ecffbba 100644 --- a/modules/nixos/tools/direnv/default.nix +++ b/modules/nixos/tools/direnv/default.nix @@ -1,8 +1,15 @@ -{ options, config, lib, pkgs, ... }: +{ + options, + config, + lib, + pkgs, + ... +}: with lib; with lib.metacfg; -let cfg = config.metacfg.tools.direnv; +let + cfg = config.metacfg.tools.direnv; in { options.metacfg.tools.direnv = with types; { diff --git a/modules/nixos/tools/git/default.nix b/modules/nixos/tools/git/default.nix index b6643a3..0eebdd5 100644 --- a/modules/nixos/tools/git/default.nix +++ b/modules/nixos/tools/git/default.nix @@ -1,4 +1,10 @@ -{ options, config, pkgs, lib, ... }: +{ + options, + config, + pkgs, + lib, + ... +}: with lib; with lib.metacfg; @@ -12,8 +18,7 @@ in enable = mkBoolOpt false "Whether or not to install and configure git."; userName = mkOpt types.str user.fullName "The name to configure git with."; userEmail = mkOpt types.str user.email "The email to configure git with."; - signingKey = - mkOpt types.str "9762169A1B35EA68" "The key ID to sign commits with."; + signingKey = mkOpt types.str "9762169A1B35EA68" "The key ID to sign commits with."; }; config = mkIf cfg.enable { @@ -29,10 +34,18 @@ in signByDefault = mkIf gpg.enable true; }; extraConfig = { - init = { defaultBranch = "main"; }; - pull = { rebase = true; }; - push = { autoSetupRemote = true; }; - core = { whitespace = "trailing-space,space-before-tab"; }; + init = { + defaultBranch = "main"; + }; + pull = { + rebase = true; + }; + push = { + autoSetupRemote = true; + }; + core = { + whitespace = "trailing-space,space-before-tab"; + }; safe = { directory = "${user.home}/git"; }; diff --git a/modules/nixos/user/default.nix b/modules/nixos/user/default.nix index 9aa4f94..24dcd99 100644 --- a/modules/nixos/user/default.nix +++ b/modules/nixos/user/default.nix @@ -1,11 +1,13 @@ -{ options -, config -, pkgs -, lib -, ... +{ + options, + config, + pkgs, + lib, + ... }: with lib; -with lib.metacfg; let +with lib.metacfg; +let cfg = config.metacfg.user; defaultIconFileName = "profile.jpg"; defaultIcon = pkgs.stdenvNoCC.mkDerivation { @@ -18,11 +20,17 @@ with lib.metacfg; let cp $src $out ''; - passthru = { fileName = defaultIconFileName; }; + passthru = { + fileName = defaultIconFileName; + }; }; propagatedIcon = pkgs.runCommandNoCC "propagated-icon" - { passthru = { fileName = cfg.icon.fileName; }; } + { + passthru = { + fileName = cfg.icon.fileName; + }; + } '' local target="$out/share/metacfg-icons/user/${cfg.name}" mkdir -p "$target" @@ -38,9 +46,7 @@ in initialPassword = mkOpt str "password" "The initial password to use when the user is first created."; - icon = - mkOpt (nullOr package) defaultIcon - "The profile picture to use for the user."; + icon = mkOpt (nullOr package) defaultIcon "The profile picture to use for the user."; prompt-init = mkBoolOpt true "Whether or not to show an initial message when opening a new shell."; extraGroups = mkOpt (listOf str) [ ] "Groups for the user to be assigned."; sshKeys = mkOpt (listOf str) [ @@ -49,14 +55,11 @@ in "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM=" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box" ] "ssh keys"; - extraOptions = - mkOpt attrs { } - (mdDoc "Extra options passed to `users.users.`."); + extraOptions = mkOpt attrs { } (mdDoc "Extra options passed to `users.users.`."); }; config = { - environment.systemPackages = with pkgs; [ - ]; + environment.systemPackages = with pkgs; [ ]; metacfg.home = { file = { @@ -68,10 +71,7 @@ in "Videos/.keep".text = ""; "work/.keep".text = ""; ".face".source = cfg.icon; - "Pictures/${ - cfg.icon.fileName or (builtins.baseNameOf cfg.icon) - }".source = - cfg.icon; + "Pictures/${cfg.icon.fileName or (builtins.baseNameOf cfg.icon)}".source = cfg.icon; }; extraOptions.programs.bash.initExtra = '' @@ -85,27 +85,25 @@ in ''; }; - users.users.${cfg.name} = - { - isNormalUser = true; + users.users.${cfg.name} = { + isNormalUser = true; - # inherit (cfg) name initialPassword; + # inherit (cfg) name initialPassword; - openssh.authorizedKeys.keys = cfg.sshKeys; - home = "/home/${cfg.name}"; - group = "users"; + openssh.authorizedKeys.keys = cfg.sshKeys; + home = "/home/${cfg.name}"; + group = "users"; - shell = pkgs.bash; + shell = pkgs.bash; - # Arbitrary user ID to use for the user. Since I only - # have a single user on my machines this won't ever collide. - # However, if you add multiple users you'll need to change this - # so each user has their own unique uid (or leave it out for the - # system to select). - uid = 1000; + # Arbitrary user ID to use for the user. Since I only + # have a single user on my machines this won't ever collide. + # However, if you add multiple users you'll need to change this + # so each user has their own unique uid (or leave it out for the + # system to select). + uid = 1000; - extraGroups = [ "wheel" ] ++ cfg.extraGroups; - } - // cfg.extraOptions; + extraGroups = [ "wheel" ] ++ cfg.extraGroups; + } // cfg.extraOptions; }; } diff --git a/overlays/nixsgx/default.nix b/overlays/nixsgx/default.nix index 66b492e..cdd3da6 100644 --- a/overlays/nixsgx/default.nix +++ b/overlays/nixsgx/default.nix @@ -1,5 +1 @@ -{ channels, ... }: -final: prev: -{ - inherit (channels.nixpkgs.nixsgx) sgx-psw; -} +{ channels, ... }: final: prev: { inherit (channels.nixpkgs.nixsgx) sgx-psw; } diff --git a/packages/dcpl2530dw-cups/default.nix b/packages/dcpl2530dw-cups/default.nix index 55da7e0..b9e3585 100644 --- a/packages/dcpl2530dw-cups/default.nix +++ b/packages/dcpl2530dw-cups/default.nix @@ -1,17 +1,18 @@ -{ lib -, stdenv -, fetchurl -, makeWrapper -, cups -, dpkg -, a2ps -, ghostscript -, gnugrep -, gnused -, coreutils -, file -, perl -, which +{ + lib, + stdenv, + fetchurl, + makeWrapper, + cups, + dpkg, + a2ps, + ghostscript, + gnugrep, + gnused, + coreutils, + file, + perl, + which, }: stdenv.mkDerivation rec { @@ -27,7 +28,12 @@ stdenv.mkDerivation rec { }; nativeBuildInputs = [ makeWrapper ]; - buildInputs = [ cups ghostscript dpkg a2ps ]; + buildInputs = [ + cups + ghostscript + dpkg + a2ps + ]; dontUnpack = true; @@ -55,9 +61,14 @@ stdenv.mkDerivation rec { ; do #substituteInPlace $f \ wrapProgram $f \ - --prefix PATH : ${lib.makeBinPath [ - coreutils ghostscript gnugrep gnused - ]} + --prefix PATH : ${ + lib.makeBinPath [ + coreutils + ghostscript + gnugrep + gnused + ] + } done mkdir -p $out/lib/cups/filter/ @@ -67,7 +78,17 @@ stdenv.mkDerivation rec { ln -s $out/opt/brother/Printers/DCPL2530DW/cupswrapper/brother-DCPL2530DW-cups-en.ppd $out/share/cups/model/ wrapProgram $out/opt/brother/Printers/DCPL2530DW/lpd/lpdfilter \ - --prefix PATH ":" ${ lib.makeBinPath [ ghostscript a2ps file gnused gnugrep coreutils which ] } + --prefix PATH ":" ${ + lib.makeBinPath [ + ghostscript + a2ps + file + gnused + gnugrep + coreutils + which + ] + } ''; meta = with lib; { @@ -79,4 +100,3 @@ stdenv.mkDerivation rec { downloadPage = "https://www.brother.de/support/dcp-l2530dw/downloads"; }; } - diff --git a/packages/nixos-hosts/default.nix b/packages/nixos-hosts/default.nix index 432ba36..ba35ad0 100644 --- a/packages/nixos-hosts/default.nix +++ b/packages/nixos-hosts/default.nix @@ -1,11 +1,12 @@ -{ lib -, writeText -, writeShellApplication -, substituteAll -, gum -, inputs -, hosts ? { } -, ... +{ + lib, + writeText, + writeShellApplication, + substituteAll, + gum, + inputs, + hosts ? { }, + ... }: let @@ -14,9 +15,7 @@ let substitute = args: builtins.readFile (substituteAll args); - formatted-hosts = mapAttrsToList - (name: host: "${name},${host.pkgs.system}") - hosts; + formatted-hosts = mapAttrsToList (name: host: "${name},${host.pkgs.system}") hosts; hosts-csv = writeText "hosts.csv" '' Name,System @@ -35,9 +34,7 @@ let checkPhase = ""; - runtimeInputs = [ - gum - ]; + runtimeInputs = [ gum ]; }; new-meta = with lib; { diff --git a/packages/nixos-revision/default.nix b/packages/nixos-revision/default.nix index fbdb676..d779d4b 100644 --- a/packages/nixos-revision/default.nix +++ b/packages/nixos-revision/default.nix @@ -1,7 +1,8 @@ -{ pkgs -, lib -, gitHostCommitUrl ? "https://git.hoyer.xyz/harald/nixcfg/commit" -, ... +{ + pkgs, + lib, + gitHostCommitUrl ? "https://git.hoyer.xyz/harald/nixcfg/commit", + ... }: let @@ -13,61 +14,60 @@ let maintainers = with maintainers; [ jakehamilton ]; }; - package = - pkgs.writeShellScriptBin "nixos-revision" '' - HAS_HELP=false - HAS_OPEN=false + package = pkgs.writeShellScriptBin "nixos-revision" '' + HAS_HELP=false + HAS_OPEN=false - while [[ $# -gt 0 ]]; do - case $1 in - -h|--help) - HAS_HELP=true - shift - ;; - -o|--open) - HAS_OPEN=true - shift - ;; - *) - shift - ;; - esac - done + while [[ $# -gt 0 ]]; do + case $1 in + -h|--help) + HAS_HELP=true + shift + ;; + -o|--open) + HAS_OPEN=true + shift + ;; + *) + shift + ;; + esac + done - if [ $HAS_HELP == true ]; then - HELP_MSG=" - nixos-revision + if [ $HAS_HELP == true ]; then + HELP_MSG=" + nixos-revision - USAGE + USAGE - nixos-revision [options] + nixos-revision [options] - OPTIONS + OPTIONS - -h, --help Show this help message - -o, --open Open the revision on GitHub + -h, --help Show this help message + -o, --open Open the revision on GitHub - EXAMPLES + EXAMPLES - $ # Print the current revision - $ nixos-revision + $ # Print the current revision + $ nixos-revision - $ # Open the current revision on GitHub - $ nixos-revision --open - " - echo "$HELP_MSG" - exit 0 - fi + $ # Open the current revision on GitHub + $ nixos-revision --open + " + echo "$HELP_MSG" + exit 0 + fi - REVISION=$(nixos-version --json | ${pkgs.jq}/bin/jq -r .configurationRevision) + REVISION=$(nixos-version --json | ${pkgs.jq}/bin/jq -r .configurationRevision) - if [ $HAS_OPEN == true ]; then - GITHUB_URL="${gitHostCommitUrl}/$REVISION" - echo "Opening URL: $GITHUB_URL" - ${pkgs.xdg-utils}/bin/xdg-open $GITHUB_URL - else - echo $REVISION - fi - ''; + if [ $HAS_OPEN == true ]; then + GITHUB_URL="${gitHostCommitUrl}/$REVISION" + echo "Opening URL: $GITHUB_URL" + ${pkgs.xdg-utils}/bin/xdg-open $GITHUB_URL + else + echo $REVISION + fi + ''; in override-meta new-meta package diff --git a/packages/rot8000/default.nix b/packages/rot8000/default.nix index b4483b2..4252ec0 100644 --- a/packages/rot8000/default.nix +++ b/packages/rot8000/default.nix @@ -1,8 +1,9 @@ -{ lib -, stdenv -, rustPlatform -, fetchFromGitHub -, ... +{ + lib, + stdenv, + rustPlatform, + fetchFromGitHub, + ... }: rustPlatform.buildRustPackage rec { pname = "rot8000"; diff --git a/systems/x86_64-darwin/mpro/default.nix b/systems/x86_64-darwin/mpro/default.nix index a783582..f051fa7 100644 --- a/systems/x86_64-darwin/mpro/default.nix +++ b/systems/x86_64-darwin/mpro/default.nix @@ -8,9 +8,7 @@ with lib.metacfg; }; }; - environment.systemPath = [ - "/usr/local/Homebrew/bin" - ]; + environment.systemPath = [ "/usr/local/Homebrew/bin" ]; users.users.harald.shell = pkgs.fish; diff --git a/systems/x86_64-linux/mx/acme.nix b/systems/x86_64-linux/mx/acme.nix index 8dc044e..069bb2d 100644 --- a/systems/x86_64-linux/mx/acme.nix +++ b/systems/x86_64-linux/mx/acme.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: { sops.secrets.internetbs = { sopsFile = ../../../.secrets/hetzner/internetbs.yaml; # bring your own password file @@ -13,27 +18,19 @@ }; certs = { "surfsite.org" = { - extraDomainNames = [ - "*.surfsite.org" - ]; + extraDomainNames = [ "*.surfsite.org" ]; }; "hartwin-hoyer.de" = { - extraDomainNames = [ - "*.hartwin-hoyer.de" - ]; + extraDomainNames = [ "*.hartwin-hoyer.de" ]; }; "herward-hoyer.de" = { - extraDomainNames = [ - "*.herward-hoyer.de" - ]; + extraDomainNames = [ "*.herward-hoyer.de" ]; }; "varlink.org" = { - extraDomainNames = [ - "*.varlink.org" - ]; + extraDomainNames = [ "*.varlink.org" ]; }; "meike-hoyer.de" = { }; @@ -71,9 +68,7 @@ }; "harald-hoyer.de" = { - extraDomainNames = [ - "*.harald-hoyer.de" - ]; + extraDomainNames = [ "*.harald-hoyer.de" ]; }; }; }; diff --git a/systems/x86_64-linux/mx/backup.nix b/systems/x86_64-linux/mx/backup.nix index 27a1721..613ca16 100644 --- a/systems/x86_64-linux/mx/backup.nix +++ b/systems/x86_64-linux/mx/backup.nix @@ -4,7 +4,7 @@ shell = pkgs.bash; isNormalUser = true; openssh.authorizedKeys.keys = [ - "restrict,command=\"/run/wrappers/bin/rrsync -ro /\" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQGdtB6BFdXN+cRepkzWhbG5KRIM5nXmHiw1K+CEhGihwWsNVKGgU/q4rePK6PVNflTIoHUfL30jkA7H8VpSzu0XOa97Tqf+sF9VQOFrMjpf2rOWv38nc2GnKpnUu68c17KRZ+i8cnPZH0VUqRzaY/1IPMFH3OYO4qHJAEN5oAsyMFI9pbqFLqRnwNALjxf8fUvR/XB88zt3P34vFFer15FtLr4dlIzoEFGdUSOErmGJGmDzTptMqi/t0kn2AgaBKzMxwGTDUj6adU6KKBERj4ii3ekOrPwcNjsws3Mtlm5p8ycUkwUFoIiXukF6XRzCRSWMbZOgSnu2TfC6jRRrdbMNWn4QGF/jdBvvKcBoD4sChzpG6aF4m+7ue0QuHES7Kd2Rwnq0jbesGuBnRciDN+jssGvxZKX7XEialuXiaTQ4jPUA4zgWq474CR6ksuxpUDlKpH+leWPLtuKlhEZZnJHCMhz8Ewk/ZwiNSbLO97cwJciBM71orGWpFxHciT1QE= root@sgx" + ''restrict,command="/run/wrappers/bin/rrsync -ro /" ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDQGdtB6BFdXN+cRepkzWhbG5KRIM5nXmHiw1K+CEhGihwWsNVKGgU/q4rePK6PVNflTIoHUfL30jkA7H8VpSzu0XOa97Tqf+sF9VQOFrMjpf2rOWv38nc2GnKpnUu68c17KRZ+i8cnPZH0VUqRzaY/1IPMFH3OYO4qHJAEN5oAsyMFI9pbqFLqRnwNALjxf8fUvR/XB88zt3P34vFFer15FtLr4dlIzoEFGdUSOErmGJGmDzTptMqi/t0kn2AgaBKzMxwGTDUj6adU6KKBERj4ii3ekOrPwcNjsws3Mtlm5p8ycUkwUFoIiXukF6XRzCRSWMbZOgSnu2TfC6jRRrdbMNWn4QGF/jdBvvKcBoD4sChzpG6aF4m+7ue0QuHES7Kd2Rwnq0jbesGuBnRciDN+jssGvxZKX7XEialuXiaTQ4jPUA4zgWq474CR6ksuxpUDlKpH+leWPLtuKlhEZZnJHCMhz8Ewk/ZwiNSbLO97cwJciBM71orGWpFxHciT1QE= root@sgx'' ]; }; diff --git a/systems/x86_64-linux/mx/coturn.nix b/systems/x86_64-linux/mx/coturn.nix index 6e7e171..fd6b792 100644 --- a/systems/x86_64-linux/mx/coturn.nix +++ b/systems/x86_64-linux/mx/coturn.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: { sops.secrets."coturn/static-auth-secret" = { sopsFile = ../../../.secrets/hetzner/coturn.yaml; # bring your own password file @@ -8,20 +13,30 @@ networking.firewall = let - range = with config.services.coturn; [{ - from = min-port; - to = max-port; - }]; + range = with config.services.coturn; [ + { + from = min-port; + to = max-port; + } + ]; in { allowedUDPPortRanges = range; - allowedTCPPorts = [ 3478 3479 5349 ]; - allowedUDPPorts = [ 3478 3479 5349 ]; + allowedTCPPorts = [ + 3478 + 3479 + 5349 + ]; + allowedUDPPorts = [ + 3478 + 3479 + 5349 + ]; }; # get a certificate security.acme.certs.${config.services.coturn.realm} = { - /* insert here the right configuration to obtain a certificate */ + # insert here the right configuration to obtain a certificate postRun = "systemctl restart coturn.service"; group = "turnserver"; }; diff --git a/systems/x86_64-linux/mx/forgejo.nix b/systems/x86_64-linux/mx/forgejo.nix index 99bdba3..488d436 100644 --- a/systems/x86_64-linux/mx/forgejo.nix +++ b/systems/x86_64-linux/mx/forgejo.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: { sops.secrets."postgres/gitea_dbpass" = { sopsFile = ../../../.secrets/hetzner/postgres.yaml; # bring your own password file diff --git a/systems/x86_64-linux/mx/hardware-configuration.nix b/systems/x86_64-linux/mx/hardware-configuration.nix index 756683b..e6fbe55 100644 --- a/systems/x86_64-linux/mx/hardware-configuration.nix +++ b/systems/x86_64-linux/mx/hardware-configuration.nix @@ -1,12 +1,15 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ lib, pkgs, modulesPath, ... }: +{ + lib, + pkgs, + modulesPath, + ... +}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot.kernelPackages = lib.mkForce pkgs.linuxPackages; @@ -28,15 +31,17 @@ "rng_core" ]; - boot.swraid.enable = true; boot.swraid.mdadmConf = '' MAILADDR admin@hoyer.xyz ''; disko.devices = import ./server-raid.nix { inherit lib; - disks = [ "/dev/sda" "/dev/sdb" ]; + disks = [ + "/dev/sda" + "/dev/sdb" + ]; }; - swapDevices = [{ device = "/swapfile"; }]; + swapDevices = [ { device = "/swapfile"; } ]; } diff --git a/systems/x86_64-linux/mx/kicker.nix b/systems/x86_64-linux/mx/kicker.nix index bf40d7b..d416878 100644 --- a/systems/x86_64-linux/mx/kicker.nix +++ b/systems/x86_64-linux/mx/kicker.nix @@ -9,9 +9,7 @@ "/home/hartwin/kicker/.htpasswd:/app/public/.htpasswd" "/home/hartwin/kicker/live.db:/app/db/data/current.db" ]; - extraOptions = [ - "--pull=always" - ]; + extraOptions = [ "--pull=always" ]; }; }; } diff --git a/systems/x86_64-linux/mx/mailserver.nix b/systems/x86_64-linux/mx/mailserver.nix index 2301514..3ac7076 100644 --- a/systems/x86_64-linux/mx/mailserver.nix +++ b/systems/x86_64-linux/mx/mailserver.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: { # email addresses git smudged mailserver = { diff --git a/systems/x86_64-linux/mx/network.nix b/systems/x86_64-linux/mx/network.nix index bfb2999..ad6bc8d 100644 --- a/systems/x86_64-linux/mx/network.nix +++ b/systems/x86_64-linux/mx/network.nix @@ -8,7 +8,10 @@ services.resolved.extraConfig = "ReadEtcHosts=no"; services.nscd.enableNsncd = false; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; networking.firewall.allowPing = true; networking.hostName = "mx"; # Define your hostname. @@ -26,20 +29,26 @@ networking.interfaces.enp0s31f6 = { ipv6 = { - addresses = [{ - address = "2a01:4f9:2b:2e3::2"; # Your IPv6 here - prefixLength = 64; - }]; + addresses = [ + { + address = "2a01:4f9:2b:2e3::2"; # Your IPv6 here + prefixLength = 64; + } + ]; # Default IPv6 route - routes = [{ - address = "::"; - prefixLength = 0; - via = "fe80::1"; - }]; + routes = [ + { + address = "::"; + prefixLength = 0; + via = "fe80::1"; + } + ]; }; - ipv4.addresses = [{ - address = "95.216.66.178"; - prefixLength = 26; - }]; + ipv4.addresses = [ + { + address = "95.216.66.178"; + prefixLength = 26; + } + ]; }; } diff --git a/systems/x86_64-linux/mx/nextcloud.nix b/systems/x86_64-linux/mx/nextcloud.nix index e2e98a9..6ddfc16 100644 --- a/systems/x86_64-linux/mx/nextcloud.nix +++ b/systems/x86_64-linux/mx/nextcloud.nix @@ -49,9 +49,7 @@ }; services.postgresql = { - ensureDatabases = [ - "nextcloud" - ]; + ensureDatabases = [ "nextcloud" ]; ensureUsers = [ { name = "nextcloud"; diff --git a/systems/x86_64-linux/mx/nginx.nix b/systems/x86_64-linux/mx/nginx.nix index a1d7762..a3934c7 100644 --- a/systems/x86_64-linux/mx/nginx.nix +++ b/systems/x86_64-linux/mx/nginx.nix @@ -30,7 +30,6 @@ root = "/var/www/hoyer.xyz/html"; }; - "hoyer.world" = { enableACME = false; useACMEHost = "hoyer.world"; @@ -47,9 +46,7 @@ "hoyer.xyz" = { # serverName = "hoyer.xyz"; - serverAliases = [ - "www.hoyer.xyz" - ]; + serverAliases = [ "www.hoyer.xyz" ]; useACMEHost = "hoyer.xyz"; enableACME = false; forceSSL = true; @@ -108,17 +105,13 @@ }; "harald-hoyer.de" = { - serverAliases = [ - "www.harald-hoyer.de" - ]; + serverAliases = [ "www.harald-hoyer.de" ]; useACMEHost = "harald-hoyer.de"; globalRedirect = "harald.hoyer.xyz"; forceSSL = true; }; "harald.hoyer.xyz" = { - serverAliases = [ - "www.harald.hoyer.xyz" - ]; + serverAliases = [ "www.harald.hoyer.xyz" ]; useACMEHost = "hoyer.xyz"; root = "/var/www/harald.hoyer.xyz/html/"; extraConfig = '' @@ -141,9 +134,7 @@ }; "hartwin-hoyer.de" = { - serverAliases = [ - "www.hartwin-hoyer.de" - ]; + serverAliases = [ "www.hartwin-hoyer.de" ]; useACMEHost = "hartwin-hoyer.de"; globalRedirect = "hartwin.hoyer.xyz"; forceSSL = true; diff --git a/systems/x86_64-linux/mx/postgresql.nix b/systems/x86_64-linux/mx/postgresql.nix index 8a35b8e..584635f 100644 --- a/systems/x86_64-linux/mx/postgresql.nix +++ b/systems/x86_64-linux/mx/postgresql.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: { services.postgresql = { package = pkgs.postgresql_14; diff --git a/systems/x86_64-linux/mx/rspamd.nix b/systems/x86_64-linux/mx/rspamd.nix index 8245881..1dca1de 100644 --- a/systems/x86_64-linux/mx/rspamd.nix +++ b/systems/x86_64-linux/mx/rspamd.nix @@ -10,10 +10,12 @@ let ''; in { - services.rspamd.workers.controller.bindSockets = [{ - socket = "/run/rspamd/worker-controller.sock"; - mode = "0660"; - }]; + services.rspamd.workers.controller.bindSockets = [ + { + socket = "/run/rspamd/worker-controller.sock"; + mode = "0660"; + } + ]; services.rspamd.locals = { "settings.conf".text = '' bogenschiessen { diff --git a/systems/x86_64-linux/mx/server-raid.nix b/systems/x86_64-linux/mx/server-raid.nix index 0639051..2ef0526 100644 --- a/systems/x86_64-linux/mx/server-raid.nix +++ b/systems/x86_64-linux/mx/server-raid.nix @@ -1,4 +1,11 @@ -{ disks ? [ "/dev/sda" "/dev/sdb" ], ... }: { +{ + disks ? [ + "/dev/sda" + "/dev/sdb" + ], + ... +}: +{ disk = { one = { type = "disk"; diff --git a/systems/x86_64-linux/sgx-attic/atticd.nix b/systems/x86_64-linux/sgx-attic/atticd.nix index a619380..b8704d6 100644 --- a/systems/x86_64-linux/sgx-attic/atticd.nix +++ b/systems/x86_64-linux/sgx-attic/atticd.nix @@ -1,18 +1,21 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: { services.postgresql = { enable = true; ensureDatabases = [ "attic" ]; - ensureUsers = [{ name = "atticd"; }]; + ensureUsers = [ { name = "atticd"; } ]; }; systemd.services.postgresql.postStart = lib.mkAfter '' $PSQL -tAc 'ALTER DATABASE "attic" OWNER TO "atticd"' ''; - environment.systemPackages = with pkgs; [ - attic-client - ]; + environment.systemPackages = with pkgs; [ attic-client ]; services.atticd = { enable = true; diff --git a/systems/x86_64-linux/sgx-attic/default.nix b/systems/x86_64-linux/sgx-attic/default.nix index 9b52ede..5cd7e1d 100644 --- a/systems/x86_64-linux/sgx-attic/default.nix +++ b/systems/x86_64-linux/sgx-attic/default.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: with lib; with lib.metacfg; { diff --git a/systems/x86_64-linux/sgx-attic/hardware-configuration.nix b/systems/x86_64-linux/sgx-attic/hardware-configuration.nix index 08bea94..d76795a 100644 --- a/systems/x86_64-linux/sgx-attic/hardware-configuration.nix +++ b/systems/x86_64-linux/sgx-attic/hardware-configuration.nix @@ -1,17 +1,28 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ - ./disko.nix - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ + ./disko.nix + (modulesPath + "/profiles/qemu-guest.nix") + ]; disko.devices.disk.main.device = "/dev/vda"; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.availableKernelModules = [ + "ahci" + "xhci_pci" + "virtio_pci" + "sr_mod" + "virtio_blk" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; diff --git a/systems/x86_64-linux/sgx-nixos/default.nix b/systems/x86_64-linux/sgx-nixos/default.nix index 9654e74..34f8178 100644 --- a/systems/x86_64-linux/sgx-nixos/default.nix +++ b/systems/x86_64-linux/sgx-nixos/default.nix @@ -1,10 +1,13 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: with lib; with lib.metacfg; { - imports = [ - ./hardware-configuration.nix - ]; + imports = [ ./hardware-configuration.nix ]; boot.kernel.sysctl."net.ipv4.conf.all.route_localnet" = 1; boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest; @@ -20,7 +23,10 @@ with lib.metacfg; nix.enable = true; aesmd_dcap.enable = true; podman.enable = true; - user.extraGroups = [ "docker" "sgx" ]; + user.extraGroups = [ + "docker" + "sgx" + ]; }; environment.etc."sgx_default_qcnl.conf".text = '' @@ -59,8 +65,18 @@ with lib.metacfg; systemd.user.extraConfig = "DefaultLimitNOFILE=32768"; security.pam.loginLimits = [ - { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } - { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } + { + domain = "*"; + item = "nofile"; + type = "-"; + value = "32768"; + } + { + domain = "*"; + item = "memlock"; + type = "-"; + value = "32768"; + } ]; system.stateVersion = "23.11"; diff --git a/systems/x86_64-linux/sgx-nixos/hardware-configuration.nix b/systems/x86_64-linux/sgx-nixos/hardware-configuration.nix index 51984ce..0d918a2 100644 --- a/systems/x86_64-linux/sgx-nixos/hardware-configuration.nix +++ b/systems/x86_64-linux/sgx-nixos/hardware-configuration.nix @@ -1,30 +1,37 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; + boot.initrd.availableKernelModules = [ + "ahci" + "xhci_pci" + "virtio_pci" + "sr_mod" + "virtio_blk" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/ebb90474-ddcb-484b-9663-d71863827af4"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/ebb90474-ddcb-484b-9663-d71863827af4"; + fsType = "ext4"; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/941C-7B02"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/941C-7B02"; + fsType = "vfat"; + }; swapDevices = [ ]; diff --git a/systems/x86_64-linux/sgx/backup.nix b/systems/x86_64-linux/sgx/backup.nix index 54b0023..f24cb8a 100644 --- a/systems/x86_64-linux/sgx/backup.nix +++ b/systems/x86_64-linux/sgx/backup.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: let backup_new_path = "/mnt/raid/backup/hoyer/new/"; restic_repo = "/mnt/backup/restic-repo"; @@ -61,8 +66,7 @@ in ".log" ".Trash" ]; - ignoreFile = builtins.toFile "ignore" - (lib.foldl (a: b: a + "\n" + b) "" ignorePatterns); + ignoreFile = builtins.toFile "ignore" (lib.foldl (a: b: a + "\n" + b) "" ignorePatterns); in [ "--exclude-file=${ignoreFile}" ]; pruneOpts = [ diff --git a/systems/x86_64-linux/sgx/default.nix b/systems/x86_64-linux/sgx/default.nix index f663b61..52a14d8 100644 --- a/systems/x86_64-linux/sgx/default.nix +++ b/systems/x86_64-linux/sgx/default.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: { imports = [ ./hardware-configuration.nix diff --git a/systems/x86_64-linux/sgx/fileserver.nix b/systems/x86_64-linux/sgx/fileserver.nix index 3a1ae2f..847565e 100644 --- a/systems/x86_64-linux/sgx/fileserver.nix +++ b/systems/x86_64-linux/sgx/fileserver.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: { services.netatalk = { enable = true; diff --git a/systems/x86_64-linux/sgx/hardware-configuration.nix b/systems/x86_64-linux/sgx/hardware-configuration.nix index 8750e49..74eb10e 100644 --- a/systems/x86_64-linux/sgx/hardware-configuration.nix +++ b/systems/x86_64-linux/sgx/hardware-configuration.nix @@ -1,12 +1,16 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ pkgs, config, lib, modulesPath, ... }: +{ + pkgs, + config, + lib, + modulesPath, + ... +}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = [ "xhci_pci" @@ -43,18 +47,33 @@ "/mnt/raid" = { fsType = "btrfs"; device = "/dev/disk/by-uuid/11727be7-bf9b-4888-8b02-d7eb1f898712"; - options = [ "defaults" "compress=zstd" "subvol=root" "autodefrag" "noatime" "nofail" "x-systemd.device-timeout=60" ]; + options = [ + "defaults" + "compress=zstd" + "subvol=root" + "autodefrag" + "noatime" + "nofail" + "x-systemd.device-timeout=60" + ]; }; "/mnt/backup" = { fsType = "btrfs"; device = "/dev/disk/by-uuid/c29e7eac-26ba-41b1-ac3e-11123476b7c5"; - options = [ "defaults" "compress=zstd" "subvol=root" "autodefrag" "noatime" "nofail" "x-systemd.device-timeout=60" ]; + options = [ + "defaults" + "compress=zstd" + "subvol=root" + "autodefrag" + "noatime" + "nofail" + "x-systemd.device-timeout=60" + ]; }; }; - swapDevices = - [{ device = "/dev/disk/by-uuid/72d061d7-ab18-47b9-beb1-1c465dda1be9"; }]; + swapDevices = [ { device = "/dev/disk/by-uuid/72d061d7-ab18-47b9-beb1-1c465dda1be9"; } ]; environment.etc."crypttab".text = '' a16 /dev/disk/by-uuid/6f1c1b24-3c94-44be-8d1b-70db562079c1 /dev/disk/by-id/usb-Ut165_USB2FlashStorage_08050508d213e6-0:0-part1 luks,keyfile-size=256 diff --git a/systems/x86_64-linux/sgx/network.nix b/systems/x86_64-linux/sgx/network.nix index 02b64d3..f871aae 100644 --- a/systems/x86_64-linux/sgx/network.nix +++ b/systems/x86_64-linux/sgx/network.nix @@ -1,4 +1,9 @@ -{ pkgs, lib, config, ... }: +{ + pkgs, + lib, + config, + ... +}: { networking.hostName = "sgx"; # Define your hostname. networking.useDHCP = false; @@ -37,7 +42,14 @@ }; }; - networking.firewall.allowedTCPPorts = [ 8384 22000 config.services.netatalk.port ]; - networking.firewall.allowedUDPPorts = [ 22000 21027 ]; + networking.firewall.allowedTCPPorts = [ + 8384 + 22000 + config.services.netatalk.port + ]; + networking.firewall.allowedUDPPorts = [ + 22000 + 21027 + ]; networking.firewall.allowPing = true; } diff --git a/systems/x86_64-linux/t15/default.nix b/systems/x86_64-linux/t15/default.nix index 2820d61..c7cc6b6 100644 --- a/systems/x86_64-linux/t15/default.nix +++ b/systems/x86_64-linux/t15/default.nix @@ -10,7 +10,10 @@ podman.enable = true; secureboot.enable = true; homeprinter.enable = true; - user.extraGroups = [ "docker" "dialout" ]; + user.extraGroups = [ + "docker" + "dialout" + ]; }; system.autoUpgrade = { diff --git a/systems/x86_64-linux/t15/hardware-configuration.nix b/systems/x86_64-linux/t15/hardware-configuration.nix index 623a683..d538c9e 100644 --- a/systems/x86_64-linux/t15/hardware-configuration.nix +++ b/systems/x86_64-linux/t15/hardware-configuration.nix @@ -1,12 +1,16 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; boot.kernelModules = [ "kvm-intel" ]; boot.initrd.availableKernelModules = [ @@ -40,7 +44,7 @@ boot.extraModulePackages = [ ]; services.btrfs.autoScrub.enable = true; - swapDevices = [{ device = "/swapfile"; }]; + swapDevices = [ { device = "/swapfile"; } ]; boot.initrd.luks.devices.crypted = { device = "/dev/nvme0n1p2"; @@ -48,13 +52,12 @@ }; fileSystems = { - "/" = - { - device = "/dev/mapper/crypted"; - fsType = "btrfs"; - options = [ "subvol=/rootfs" ]; - neededForBoot = true; - }; + "/" = { + device = "/dev/mapper/crypted"; + fsType = "btrfs"; + options = [ "subvol=/rootfs" ]; + neededForBoot = true; + }; "/nix" = { device = "/dev/mapper/crypted"; fsType = "btrfs"; @@ -72,11 +75,10 @@ options = [ "subvol=/persist" ]; neededForBoot = true; }; - "/boot" = - { - device = "/dev/disk/by-partlabel/disk-one-ESP"; - fsType = "vfat"; - }; + "/boot" = { + device = "/dev/disk/by-partlabel/disk-one-ESP"; + fsType = "vfat"; + }; }; console.keyMap = "de-latin1-nodeadkeys"; diff --git a/systems/x86_64-linux/x1/default.nix b/systems/x86_64-linux/x1/default.nix index a28648e..fef526b 100644 --- a/systems/x86_64-linux/x1/default.nix +++ b/systems/x86_64-linux/x1/default.nix @@ -12,7 +12,10 @@ with lib.metacfg; podman.enable = true; secureboot.enable = true; homeprinter.enable = true; - user.extraGroups = [ "docker" "dialout" ]; + user.extraGroups = [ + "docker" + "dialout" + ]; }; environment.systemPackages = with pkgs; [ @@ -51,8 +54,18 @@ with lib.metacfg; systemd.user.extraConfig = "DefaultLimitNOFILE=32768"; security.pam.loginLimits = [ - { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } - { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } + { + domain = "*"; + item = "nofile"; + type = "-"; + value = "32768"; + } + { + domain = "*"; + item = "memlock"; + type = "-"; + value = "32768"; + } ]; services.ollama = { diff --git a/systems/x86_64-linux/x1/hardware-configuration.nix b/systems/x86_64-linux/x1/hardware-configuration.nix index 1640ae6..cc39e6b 100644 --- a/systems/x86_64-linux/x1/hardware-configuration.nix +++ b/systems/x86_64-linux/x1/hardware-configuration.nix @@ -1,14 +1,25 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "uas" "usbhid" "sd_mod" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "uas" + "usbhid" + "sd_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelPackages = lib.mkOverride 0 pkgs.linuxPackages_latest; boot.kernelModules = [ "kvm-intel" ]; @@ -24,12 +35,11 @@ services.btrfs.autoScrub.enable = true; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/1106202c-c3bf-4c15-b7cd-e78749e5c955"; - fsType = "btrfs"; - options = [ "subvol=@" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/1106202c-c3bf-4c15-b7cd-e78749e5c955"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; boot.initrd.luks.devices."luks-0e2792db-1b80-49a7-b2eb-54e4b5fc3502" = { device = "/dev/disk/by-uuid/0e2792db-1b80-49a7-b2eb-54e4b5fc3502"; @@ -41,13 +51,12 @@ allowDiscards = true; }; - fileSystems."/boot" = - { - device = "/dev/disk/by-uuid/13C4-A825"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/13C4-A825"; + fsType = "vfat"; + }; - swapDevices = [{ device = "/dev/mapper/luks-280f2e07-e5fc-478e-b7ee-445c99bea415"; }]; + swapDevices = [ { device = "/dev/mapper/luks-280f2e07-e5fc-478e-b7ee-445c99bea415"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's