alejandra: initial repo format

This commit is contained in:
Fiscal Velvet Poet 2022-08-15 17:32:25 +10:00
parent 180d6bc1a5
commit 584f00ed86
Signed by: fiscalvelvetpoet
GPG key ID: D8EBFD58B023BD47
13 changed files with 426 additions and 435 deletions

View file

@ -1,8 +1,10 @@
# Configuration common to all JFDIC Linode VMs # Configuration common to all JFDIC Linode VMs
{ config, pkgs, lib, ... }:
{ {
config,
pkgs,
lib,
...
}: {
imports = [ imports = [
# Import the NixOS Qemu guest settings # Import the NixOS Qemu guest settings
<nixpkgs/nixos/modules/profiles/qemu-guest.nix> <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
@ -26,8 +28,8 @@
}; };
# File systems configuration for the Linode VMs # File systems configuration for the Linode VMs
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/sda"; device = "/dev/sda";
fsType = "ext4"; fsType = "ext4";
}; };

View file

@ -1,10 +1,11 @@
# NixOps configuration common to Linode VMs # NixOps configuration common to Linode VMs
{ config, pkgs, lib, ... }:
{ {
imports = config,
[ pkgs,
lib,
...
}: {
imports = [
../profiles/host_common.nix ../profiles/host_common.nix
../profiles/server_common.nix ../profiles/server_common.nix
]; ];
@ -33,5 +34,4 @@
trustedInterfaces = ["lo"]; trustedInterfaces = ["lo"];
}; };
}; };
} }

View file

@ -1,10 +1,11 @@
# NixOps configuration for the Linode VMs # NixOps configuration for the Linode VMs
{ config, pkgs, lib, ... }:
{ {
imports = config,
[ pkgs,
lib,
...
}: {
imports = [
../hardware/linode_vm.nix ../hardware/linode_vm.nix
./linode-common.nix ./linode-common.nix
]; ];

View file

@ -1,9 +1,5 @@
# Configuration common to all JFDIC servers # Configuration common to all JFDIC servers
{config, ...}: {
{ config, ... }:
{
# Program defaults for all hosts # Program defaults for all hosts
programs.bash = { programs.bash = {
interactiveShellInit = '' interactiveShellInit = ''
@ -15,5 +11,4 @@
''; '';
vteIntegration = true; vteIntegration = true;
}; };
} }

View file

@ -1,11 +1,6 @@
# NixOps configuration for the hosts running a Chrony service # NixOps configuration for the hosts running a Chrony service
{config, ...}: {
{ config, ... }:
{
services.chrony = { services.chrony = {
enable = true; # Enable Chrony enable = true; # Enable Chrony
}; };
} }

View file

@ -1,9 +1,10 @@
# NixOps configuration for the hosts running Gitea # NixOps configuration for the hosts running Gitea
{ config, pkgs, lib, ... }:
{ {
config,
pkgs,
lib,
...
}: {
services.gitea = { services.gitea = {
enable = true; # Enable Gitea enable = true; # Enable Gitea
appName = "JFDI Collective: Gitea Service"; # Give the site a name appName = "JFDI Collective: Gitea Service"; # Give the site a name
@ -16,8 +17,8 @@
rootUrl = "https://source.jfdic.org/"; # Root web URL rootUrl = "https://source.jfdic.org/"; # Root web URL
httpPort = 3002; # Provided unique port httpPort = 3002; # Provided unique port
settings = let settings = let
docutils = docutils = pkgs.python37.withPackages (ps:
pkgs.python37.withPackages (ps: with ps; [ with ps; [
docutils # Provides rendering of ReStructured Text files docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting pygments # Provides syntax highlighting
]); ]);
@ -49,7 +50,8 @@
authentication = '' authentication = ''
local gitea all ident map=gitea-users local gitea all ident map=gitea-users
''; '';
identMap = # Map the gitea user to postgresql identMap =
# Map the gitea user to postgresql
'' ''
gitea-users gitea gitea gitea-users gitea gitea
''; '';
@ -57,7 +59,8 @@
ensureUsers = [ ensureUsers = [
{ {
name = "gitea"; # Ensure the database user persists name = "gitea"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist ensurePermissions = {
# Ensure the database permissions persist
"DATABASE gitea" = "ALL PRIVILEGES"; "DATABASE gitea" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
}; };
@ -71,7 +74,8 @@
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts."source.jfdic.org" = { # Gitea hostname virtualHosts."source.jfdic.org" = {
# Gitea hostname
enableACME = true; # Use ACME certs enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea
@ -86,5 +90,4 @@
}; };
users.groups.keys.members = ["gitea"]; # Required due to NixOps issue #1204 users.groups.keys.members = ["gitea"]; # Required due to NixOps issue #1204
} }

View file

@ -1,9 +1,10 @@
# Configuration common to all JFDIC servers # Configuration common to all JFDIC servers
{ config, pkgs, lib, ... }:
{ {
config,
pkgs,
lib,
...
}: {
imports = [ imports = [
../profiles/bash.nix ../profiles/bash.nix
../profiles/chrony.nix ../profiles/chrony.nix
@ -52,7 +53,8 @@
# Ruin the config so we don't accidentally run # Ruin the config so we don't accidentally run
# nixos-rebuild switch on the host # nixos-rebuild switch on the host
(let (let
cfg = pkgs.writeText "configuration.nix" cfg =
pkgs.writeText "configuration.nix"
'' ''
assert builtins.trace "This system is managed by NixOps." false; assert builtins.trace "This system is managed by NixOps." false;
{} {}

View file

@ -1,11 +1,6 @@
# logrotate configuration for NixOS / NixOps # logrotate configuration for NixOS / NixOps
{config, ...}: {
{ config, ... }:
{
services.logrotate = { services.logrotate = {
enable = true; # Enable the logrotate service enable = true; # Enable the logrotate service
}; };
} }

View file

@ -1,9 +1,9 @@
{ pkgs, ... }: {pkgs, ...}: {
{
environment.variables = {EDITOR = "vim";}; environment.variables = {EDITOR = "vim";};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(neovim.override { (
neovim.override {
vimAlias = true; vimAlias = true;
configure = { configure = {
packages.myPlugins = with pkgs.vimPlugins; { packages.myPlugins = with pkgs.vimPlugins; {
@ -296,5 +296,6 @@
''; '';
}; };
} }
)]; )
];
} }

View file

@ -1,9 +1,10 @@
# NixOps configuration nix-direnv # NixOps configuration nix-direnv
{ config, pkgs, lib, ... }:
{ {
config,
pkgs,
lib,
...
}: {
nix = { nix = {
extraOptions = '' extraOptions = ''
keep-outputs = true keep-outputs = true
@ -25,5 +26,4 @@
nixpkgs.overlays = [ nixpkgs.overlays = [
(self: super: {nix-direnv = super.nix-direnv.override {enableFlakes = true;};}) (self: super: {nix-direnv = super.nix-direnv.override {enableFlakes = true;};})
]; ];
} }

View file

@ -1,11 +1,11 @@
# Configuration common to all JFDIC servers # Configuration common to all JFDIC servers
{ config, pkgs, lib, ... }:
{ {
config,
imports = pkgs,
[ lib,
...
}: {
imports = [
../profiles/openssh.nix ../profiles/openssh.nix
../secrets/user-fiscalvelvetpoet.nix ../secrets/user-fiscalvelvetpoet.nix
../secrets/user-root.nix ../secrets/user-root.nix
@ -15,5 +15,4 @@
enable = true; enable = true;
withUtempter = true; withUtempter = true;
}; };
} }

View file

@ -1,6 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
starship # A minimal, blazing fast, and extremely customizable prompt for any shell starship # A minimal, blazing fast, and extremely customizable prompt for any shell
]; ];

View file

@ -1,9 +1,10 @@
# Configuration common to all JFDIC servers # Configuration common to all JFDIC servers
{ config, pkgs, lib, ... }:
{ {
config,
pkgs,
lib,
...
}: {
# Program defaults for all hosts # Program defaults for all hosts
programs.zsh = { programs.zsh = {
enable = true; # Also enables & installs nix-zsh-completions enable = true; # Also enables & installs nix-zsh-completions
@ -38,5 +39,4 @@
]; ];
users.defaultUserShell = pkgs.zsh; # Set the default shell for all users users.defaultUserShell = pkgs.zsh; # Set the default shell for all users
} }