alejandra: initial repo format

This commit is contained in:
Fiscal Velvet Poet 2022-08-15 17:32:25 +10:00
parent 180d6bc1a5
commit 584f00ed86
Signed by: fiscalvelvetpoet
GPG key ID: D8EBFD58B023BD47
13 changed files with 426 additions and 435 deletions

View file

@ -1,18 +1,20 @@
# Configuration common to all JFDIC Linode VMs # Configuration common to all JFDIC Linode VMs
{ config, pkgs, lib, ... }:
{ {
config,
pkgs,
lib,
...
}: {
imports = [ imports = [
# Import the NixOS Qemu guest settings # Import the NixOS Qemu guest settings
<nixpkgs/nixos/modules/profiles/qemu-guest.nix> <nixpkgs/nixos/modules/profiles/qemu-guest.nix>
]; ];
boot.initrd.availableKernelModules = [ "virtio_pci" "ahci" "sd_mod" ]; boot.initrd.availableKernelModules = ["virtio_pci" "ahci" "sd_mod"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [];
boot.kernelModules = [ ]; boot.kernelModules = [];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [];
boot.kernelParams = [ "console=ttyS0,19200n8" ]; boot.kernelParams = ["console=ttyS0,19200n8"];
boot.loader = { boot.loader = {
grub = { grub = {
extraConfig = '' extraConfig = ''
@ -26,8 +28,8 @@
}; };
# File systems configuration for the Linode VMs # File systems configuration for the Linode VMs
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/sda"; device = "/dev/sda";
fsType = "ext4"; fsType = "ext4";
}; };

View file

@ -1,10 +1,11 @@
# NixOps configuration common to Linode VMs # NixOps configuration common to Linode VMs
{ config, pkgs, lib, ... }:
{ {
imports = config,
[ pkgs,
lib,
...
}: {
imports = [
../profiles/host_common.nix ../profiles/host_common.nix
../profiles/server_common.nix ../profiles/server_common.nix
]; ];
@ -29,9 +30,8 @@
interfaces.eth0.useDHCP = true; interfaces.eth0.useDHCP = true;
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ 80 443 ]; allowedTCPPorts = [80 443];
trustedInterfaces = [ "lo" ]; trustedInterfaces = ["lo"];
}; };
}; };
} }

View file

@ -1,10 +1,11 @@
# NixOps configuration for the Linode VMs # NixOps configuration for the Linode VMs
{ config, pkgs, lib, ... }:
{ {
imports = config,
[ pkgs,
lib,
...
}: {
imports = [
../hardware/linode_vm.nix ../hardware/linode_vm.nix
./linode-common.nix ./linode-common.nix
]; ];

View file

@ -1,9 +1,5 @@
# Configuration common to all JFDIC servers # Configuration common to all JFDIC servers
{config, ...}: {
{ config, ... }:
{
# Program defaults for all hosts # Program defaults for all hosts
programs.bash = { programs.bash = {
interactiveShellInit = '' interactiveShellInit = ''
@ -15,5 +11,4 @@
''; '';
vteIntegration = true; vteIntegration = true;
}; };
} }

View file

@ -1,11 +1,6 @@
# NixOps configuration for the hosts running a Chrony service # NixOps configuration for the hosts running a Chrony service
{config, ...}: {
{ config, ... }:
{
services.chrony = { services.chrony = {
enable = true; # Enable Chrony enable = true; # Enable Chrony
}; };
} }

View file

@ -1,9 +1,10 @@
# NixOps configuration for the hosts running Gitea # NixOps configuration for the hosts running Gitea
{ config, pkgs, lib, ... }:
{ {
config,
pkgs,
lib,
...
}: {
services.gitea = { services.gitea = {
enable = true; # Enable Gitea enable = true; # Enable Gitea
appName = "JFDI Collective: Gitea Service"; # Give the site a name appName = "JFDI Collective: Gitea Service"; # Give the site a name
@ -16,8 +17,8 @@
rootUrl = "https://source.jfdic.org/"; # Root web URL rootUrl = "https://source.jfdic.org/"; # Root web URL
httpPort = 3002; # Provided unique port httpPort = 3002; # Provided unique port
settings = let settings = let
docutils = docutils = pkgs.python37.withPackages (ps:
pkgs.python37.withPackages (ps: with ps; [ with ps; [
docutils # Provides rendering of ReStructured Text files docutils # Provides rendering of ReStructured Text files
pygments # Provides syntax highlighting pygments # Provides syntax highlighting
]); ]);
@ -49,15 +50,17 @@
authentication = '' authentication = ''
local gitea all ident map=gitea-users local gitea all ident map=gitea-users
''; '';
identMap = # Map the gitea user to postgresql identMap =
# Map the gitea user to postgresql
'' ''
gitea-users gitea gitea gitea-users gitea gitea
''; '';
ensureDatabases = [ "gitea" ]; # Ensure the database persists ensureDatabases = ["gitea"]; # Ensure the database persists
ensureUsers = [ ensureUsers = [
{ {
name = "gitea"; # Ensure the database user persists name = "gitea"; # Ensure the database user persists
ensurePermissions = { # Ensure the database permissions persist ensurePermissions = {
# Ensure the database permissions persist
"DATABASE gitea" = "ALL PRIVILEGES"; "DATABASE gitea" = "ALL PRIVILEGES";
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
}; };
@ -71,7 +74,8 @@
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts."source.jfdic.org" = { # Gitea hostname virtualHosts."source.jfdic.org" = {
# Gitea hostname
enableACME = true; # Use ACME certs enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL forceSSL = true; # Force SSL
locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea
@ -85,6 +89,5 @@
}; };
}; };
users.groups.keys.members = [ "gitea" ]; # Required due to NixOps issue #1204 users.groups.keys.members = ["gitea"]; # Required due to NixOps issue #1204
} }

View file

@ -1,9 +1,10 @@
# Configuration common to all JFDIC servers # Configuration common to all JFDIC servers
{ config, pkgs, lib, ... }:
{ {
config,
pkgs,
lib,
...
}: {
imports = [ imports = [
../profiles/bash.nix ../profiles/bash.nix
../profiles/chrony.nix ../profiles/chrony.nix
@ -52,7 +53,8 @@
# Ruin the config so we don't accidentally run # Ruin the config so we don't accidentally run
# nixos-rebuild switch on the host # nixos-rebuild switch on the host
(let (let
cfg = pkgs.writeText "configuration.nix" cfg =
pkgs.writeText "configuration.nix"
'' ''
assert builtins.trace "This system is managed by NixOps." false; assert builtins.trace "This system is managed by NixOps." false;
{} {}
@ -81,7 +83,7 @@
environment.etc.host-nix-channel.source = pkgs.path; environment.etc.host-nix-channel.source = pkgs.path;
environment.variables = { environment.variables = {
BAT_THEME="Dracula"; BAT_THEME = "Dracula";
}; };
# Set the system-wide environment # Set the system-wide environment

View file

@ -1,11 +1,6 @@
# logrotate configuration for NixOS / NixOps # logrotate configuration for NixOS / NixOps
{config, ...}: {
{ config, ... }:
{
services.logrotate = { services.logrotate = {
enable = true; # Enable the logrotate service enable = true; # Enable the logrotate service
}; };
} }

View file

@ -1,9 +1,9 @@
{ pkgs, ... }: {pkgs, ...}: {
{ environment.variables = {EDITOR = "vim";};
environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(neovim.override { (
neovim.override {
vimAlias = true; vimAlias = true;
configure = { configure = {
packages.myPlugins = with pkgs.vimPlugins; { packages.myPlugins = with pkgs.vimPlugins; {
@ -296,5 +296,6 @@
''; '';
}; };
} }
)]; )
];
} }

View file

@ -1,9 +1,10 @@
# NixOps configuration nix-direnv # NixOps configuration nix-direnv
{ config, pkgs, lib, ... }:
{ {
config,
pkgs,
lib,
...
}: {
nix = { nix = {
extraOptions = '' extraOptions = ''
keep-outputs = true keep-outputs = true
@ -23,7 +24,6 @@
}; };
nixpkgs.overlays = [ nixpkgs.overlays = [
(self: super: { nix-direnv = super.nix-direnv.override { enableFlakes = true; }; } ) (self: super: {nix-direnv = super.nix-direnv.override {enableFlakes = true;};})
]; ];
} }

View file

@ -1,11 +1,11 @@
# Configuration common to all JFDIC servers # Configuration common to all JFDIC servers
{ config, pkgs, lib, ... }:
{ {
config,
imports = pkgs,
[ lib,
...
}: {
imports = [
../profiles/openssh.nix ../profiles/openssh.nix
../secrets/user-fiscalvelvetpoet.nix ../secrets/user-fiscalvelvetpoet.nix
../secrets/user-root.nix ../secrets/user-root.nix
@ -15,5 +15,4 @@
enable = true; enable = true;
withUtempter = true; withUtempter = true;
}; };
} }

View file

@ -1,6 +1,4 @@
{ pkgs, ... }: {pkgs, ...}: {
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
starship # A minimal, blazing fast, and extremely customizable prompt for any shell starship # A minimal, blazing fast, and extremely customizable prompt for any shell
]; ];

View file

@ -1,9 +1,10 @@
# Configuration common to all JFDIC servers # Configuration common to all JFDIC servers
{ config, pkgs, lib, ... }:
{ {
config,
pkgs,
lib,
...
}: {
# Program defaults for all hosts # Program defaults for all hosts
programs.zsh = { programs.zsh = {
enable = true; # Also enables & installs nix-zsh-completions enable = true; # Also enables & installs nix-zsh-completions
@ -38,5 +39,4 @@
]; ];
users.defaultUserShell = pkgs.zsh; # Set the default shell for all users users.defaultUserShell = pkgs.zsh; # Set the default shell for all users
} }