run nixpkgs-fmt

build02/packages-with-update-script.nix

@@ -1,22 +1,22 @@
 let
-  pkgs = import /var/cache/nixpkgs-update/updatescript/nixpkgs {};
+  pkgs = import /var/cache/nixpkgs-update/updatescript/nixpkgs { };
 in
 # code in the following let block was copied from nixos/nixpkgs under
-# the MIT License
+  # the MIT License
 let
   inherit (pkgs) lib;
 
   /* Remove duplicate elements from the list based on some extracted value. O(n^2) complexity.
    */
   nubOn = f: list:
-    if list == [] then
+    if list == [ ] then
-      []
+      [ ]
     else
       let
         x = lib.head list;
         xs = lib.filter (p: f x != f p) (lib.drop 1 list);
       in
-        [x] ++ nubOn f xs;
+      [ x ] ++ nubOn f xs;
 
   /* Recursively find all packages (derivations) in `pkgs` matching `cond` predicate.
 
@@ -35,25 +35,25 @@ let
 
           dedupResults = lst: nubOn ({ package, attrPath }: package.updateScript) (lib.concatLists lst);
         in
-          if result.success then
+        if result.success then
-            let
+          let
-              evaluatedPathContent = result.value;
+            evaluatedPathContent = result.value;
-            in
+          in
-              if lib.isDerivation evaluatedPathContent then
+          if lib.isDerivation evaluatedPathContent then
-                lib.optional (cond path evaluatedPathContent) { attrPath = lib.concatStringsSep "." path; package = evaluatedPathContent; }
+            lib.optional (cond path evaluatedPathContent) { attrPath = lib.concatStringsSep "." path; package = evaluatedPathContent; }
-              else if lib.isAttrs evaluatedPathContent then
+          else if lib.isAttrs evaluatedPathContent then
-                # If user explicitly points to an attrSet or it is marked for recursion, we recur.
+          # If user explicitly points to an attrSet or it is marked for recursion, we recur.
-                if path == rootPath || evaluatedPathContent.recurseForDerivations or false || evaluatedPathContent.recurseForRelease or false then
+            if path == rootPath || evaluatedPathContent.recurseForDerivations or false || evaluatedPathContent.recurseForRelease or false then
-                  dedupResults (lib.mapAttrsToList (name: elem: packagesWithPathInner (path ++ [name]) elem) evaluatedPathContent)
+              dedupResults (lib.mapAttrsToList (name: elem: packagesWithPathInner (path ++ [ name ]) elem) evaluatedPathContent)
-                else []
+            else [ ]
-              else []
+          else [ ]
-          else [];
+        else [ ];
     in
-      packagesWithPathInner rootPath pkgs;
+    packagesWithPathInner rootPath pkgs;
 
   /* Recursively find all packages (derivations) in `pkgs` matching `cond` predicate.
    */
-  packagesWith = packagesWithPath [];
+  packagesWith = packagesWithPath [ ];
 
   /* Recursively find all packages in `pkgs` with updateScript matching given predicate.
    */

build03/configuration.nix

@@ -17,6 +17,7 @@
     ../roles/hetzner-network.nix
     ../roles/nginx.nix
     ../roles/raid.nix
+    ../roles/aarch64-builder.nix
 
     ../services/hound
     ../services/matterbridge.nix

build04/configuration.nix

@@ -34,14 +34,14 @@
 # after loading kexec, be patient. The kexec image can take up to 5 minutes to boot
 # partition guide
 /*
-sgdisk -n 1:0:+800M -N 2 -t 1:ef00 -t 2:8304 /dev/sda
+  sgdisk -n 1:0:+800M -N 2 -t 1:ef00 -t 2:8304 /dev/sda
-mkfs.vfat -b32 /dev/sda1
+  mkfs.vfat -b32 /dev/sda1
-zpool create zroot -O acltype=posixacl -O xattr=sa -O compression=lz4 /dev/sda2
+  zpool create zroot -O acltype=posixacl -O xattr=sa -O compression=lz4 /dev/sda2
-zfs create -o mountpoint=none zroot/root
+  zfs create -o mountpoint=none zroot/root
-zfs create -o mountpoint=legacy zroot/root/nixos
+  zfs create -o mountpoint=legacy zroot/root/nixos
-zfs create -o mountpoint=legacy zroot/root/home
+  zfs create -o mountpoint=legacy zroot/root/home
-mount -t zfs zroot/root/nixos /mnt
+  mount -t zfs zroot/root/nixos /mnt
-mkdir /mnt/{home,boot}
+  mkdir /mnt/{home,boot}
-mount -t zfs zroot/root/home /mnt/home
+  mount -t zfs zroot/root/home /mnt/home
-mount /dev/sda1 /mnt/boot
+  mount /dev/sda1 /mnt/boot
 */

build04/hardware-configuration.nix

@@ -5,7 +5,8 @@
 
 {
   imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
+    [
+      (modulesPath + "/profiles/qemu-guest.nix")
     ];
 
   boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" ];
@@ -14,17 +15,20 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "zroot/root/nixos";
+    {
+      device = "zroot/root/nixos";
       fsType = "zfs";
     };
 
   fileSystems."/home" =
-    { device = "zroot/root/home";
+    {
+      device = "zroot/root/home";
       fsType = "zfs";
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/E6D6-572B";
+    {
+      device = "/dev/disk/by-uuid/E6D6-572B";
       fsType = "vfat";
     };
 

roles/aarch64-builder.nix

@@ -3,10 +3,10 @@
   nix.distributedBuilds = true;
   nix.buildMachines = [
     {
-      hostName = "aarch64.nixos.community";
+      hostName = "build04.nixos-community.org";
       maxJobs = 4;
       sshKey = config.sops.secrets.id_buildfarm.path;
-      sshUser = "ssh-ng://nix";
+      sshUser = "nix";
       system = "aarch64-linux";
       supportedFeatures = [
         "big-parallel"
@@ -15,5 +15,5 @@
       ];
     }
   ];
-  sops.secrets.id_buildfarm = {};
+  sops.secrets.id_buildfarm = { };
 }

roles/builder.nix

@@ -8,6 +8,6 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmdo1x1QkRepZf7nSe+OdEWX+wOjkBLF70vX9F+xf68 builder"
     ];
   };
-  users.groups.nix = {};
+  users.groups.nix = { };
-  nix.settings.trusted-users = ["nix"];
+  nix.settings.trusted-users = [ "nix" ];
 }

roles/builder/users.nix

@@ -32,11 +32,11 @@ let
 
   ifAttr = key: default: result: opts:
     if (opts ? "${key}") && opts."${key}"
-      then result
+    then result
-      else default;
+    else default;
 
-  maybeTrusted = ifAttr "trusted" [] [ "trusted" ];
+  maybeTrusted = ifAttr "trusted" [ ] [ "trusted" ];
-  maybeWheel = ifAttr "sudo" [] [ "wheel" ];
+  maybeWheel = ifAttr "sudo" [ ] [ "wheel" ];
 
   userGroups = opts:
     (maybeTrusted opts) ++
@@ -53,7 +53,8 @@ let
         opts.keys
       ];
     };
-in {
+in
+{
   users = {
     mutableUsers = false;
     users = lib.mapAttrs descToUser users;

roles/hardware/hetzner-amd.nix

@@ -18,8 +18,8 @@
   ];
 
   fileSystems."/" = {
-     device = "zroot/root/nixos";
+    device = "zroot/root/nixos";
-     fsType = "zfs";
+    fsType = "zfs";
   };
 
   fileSystems."/home" = {

roles/hercules-ci/default.nix

@@ -5,7 +5,8 @@ let
     sopsFile = ./secrets.yaml;
   };
   secrets = config.sops.secrets;
-in {
+in
+{
   sops.secrets."binary-caches.json" = herculesSecret;
   sops.secrets."cluster-join-token.key" = herculesSecret;
   sops.secrets."hercules-secrets" = herculesSecret;

roles/hetzner-network.nix

@@ -2,7 +2,8 @@
 with lib;
 let
   cfg = config.networking.nix-community;
-in {
+in
+{
   options = {
     networking.nix-community.ipv6.address = mkOption {
       type = types.str;

roles/nix-daemon.nix

@@ -42,5 +42,5 @@ in
     Restart = "on-failure";
   };
 
-  users.groups.trusted = {};
+  users.groups.trusted = { };
 }

roles/raid.nix

@@ -1,5 +1,5 @@
 {
   # for mdraid 1.1
   boot.loader.grub.extraConfig = "insmod mdraid1x";
-  services.telegraf.extraConfig.inputs.mdstat = {};
+  services.telegraf.extraConfig.inputs.mdstat = { };
 }

roles/security.nix

@@ -26,19 +26,19 @@
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
     };
     build01 = {
-      hostNames = ["build01.nix-community.org"];
+      hostNames = [ "build01.nix-community.org" ];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElIQ54qAy7Dh63rBudYKdbzJHrrbrrMXLYl7Pkmk88H";
     };
     build02 = {
-      hostNames = ["build02.nix-community.org"];
+      hostNames = [ "build02.nix-community.org" ];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMm3/o1HguyRL1z/nZxLBY9j/YUNXeNuDoiBLZAyt88Z";
     };
     build03 = {
-      hostNames = ["build03.nix-community.org"];
+      hostNames = [ "build03.nix-community.org" ];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFiozp1A1+SUfJQPa5DZUQcVc6CZK2ZxL6FJtNdh+2TP";
     };
     build04 = {
-      hostNames = ["build04.nix-community.org"];
+      hostNames = [ "build04.nix-community.org" ];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPU/gbREwVuI1p3ag1iG72jxl2/92yGl38c+TPOfFMH8";
     };
   };

roles/telegraf/default.nix

@@ -25,7 +25,7 @@ in
             exec /run/wrappers/bin/sudo ${pkgs.smartmontools}/bin/smartctl "$@"
           '';
         };
-        mdstat = {};
+        mdstat = { };
         system = { };
         mem = { };
         file = [{
@@ -37,7 +37,7 @@ in
           files = [ "/sys/fs/ext4/*/errors_count" ];
           data_format = "value";
         };
-        exec =  [{
+        exec = [{
           ## Commands array
           commands = (lib.optional (lib.any (fs: fs == "zfs") config.boot.supportedFilesystems)
             (pkgs.writeScript "zpool-health" ''
@@ -52,40 +52,47 @@ in
                 }
               }
             '')
-            ) ++ (let
+          ) ++ (
+            let
               collectHosts = shares: fs:
-                if builtins.elem fs.fsType ["nfs" "nfs3" "nfs4"] then
+                if builtins.elem fs.fsType [ "nfs" "nfs3" "nfs4" ] then
-                  shares // (let
+                  shares // (
-                    # also match ipv6 addresses
+                    let
-                    group = builtins.match "\\[?([^\]]+)]?:([^:]+)$" fs.device;
+                      # also match ipv6 addresses
-                    host = builtins.head group;
+                      group = builtins.match "\\[?([^\]]+)]?:([^:]+)$" fs.device;
-                    path = builtins.elemAt group 1;
+                      host = builtins.head group;
-                  in {
+                      path = builtins.elemAt group 1;
-                    ${host} = (shares.${host} or []) ++ [ path ];
+                    in
-                  })
+                    {
+                      ${host} = (shares.${host} or [ ]) ++ [ path ];
+                    }
+                  )
                 else
                   shares;
-              nfsHosts = lib.foldl collectHosts {} (builtins.attrValues config.fileSystems);
+              nfsHosts = lib.foldl collectHosts { } (builtins.attrValues config.fileSystems);
-            in lib.mapAttrsToList (host: args:
+            in
-              (pkgs.writeScript "zpool-health" ''
+            lib.mapAttrsToList
-                #!${pkgs.gawk}/bin/awk -f
+              (host: args:
-                BEGIN {
+                (pkgs.writeScript "zpool-health" ''
-                  for (i = 2; i < ARGC; i++) {
+                  #!${pkgs.gawk}/bin/awk -f
-                      mounts[ARGV[i]] = 1
+                  BEGIN {
-                  }
+                    for (i = 2; i < ARGC; i++) {
-                  while ("${pkgs.nfs-utils}/bin/showmount -e " ARGV[1] | getline) {
+                        mounts[ARGV[i]] = 1
-                    if (NR == 1) { continue }
+                    }
-                    if (mounts[$1] == 1) {
+                    while ("${pkgs.nfs-utils}/bin/showmount -e " ARGV[1] | getline) {
-                        printf "nfs_export,host=%s,path=%s present=1\n", ARGV[1], $1
+                      if (NR == 1) { continue }
+                      if (mounts[$1] == 1) {
+                          printf "nfs_export,host=%s,path=%s present=1\n", ARGV[1], $1
+                      }
+                      delete mounts[$1]
+                    }
+                    for (mount in mounts) {
+                        printf "nfs_export,host=%s,path=%s present=0\n", ARGV[1], $1
                     }
-                    delete mounts[$1]
                   }
-                  for (mount in mounts) {
+                '') + " ${host} ${builtins.concatStringsSep " " args}"
-                      printf "nfs_export,host=%s,path=%s present=0\n", ARGV[1], $1
+              )
-                  }
+              nfsHosts
-                }
-               '') + " ${host} ${builtins.concatStringsSep " " args}"
-            ) nfsHosts
           );
           data_format = "influx";
         }];

roles/zfs.nix

@@ -1,4 +1,4 @@
-{...}: {
+{ ... }: {
   services.zfs = {
     autoSnapshot.enable = true;
     # defaults to 12, which is a bit much given how much data is written

services/hydra/default.nix

@@ -1,8 +1,9 @@
-{ hydra }:
+{ hydra }: { lib
-{ lib, pkgs, config, ... }:
+           , pkgs
-
+           , config
-with lib;
+           , ...
-let
+           }:
+with lib; let
   cfg = config;
 
   hydraPort = 3000;
@@ -53,16 +54,17 @@ in
         unfreeRedistributable
         issl
       ];
-      allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+      allowUnfreePredicate = pkg:
-        "cudnn_cudatoolkit"
+        builtins.elem (lib.getName pkg) [
-        "cudatoolkit"
+          "cudnn_cudatoolkit"
-      ];
+          "cudatoolkit"
+        ];
     };
 
     services.hydra.package = hydra.defaultPackage.${pkgs.system};
 
     sops.secrets.nix-community-cachix.sopsFile = ../../roles/nix-community-cache.yaml;
-    sops.secrets.id_buildfarm = {};
+    sops.secrets.id_buildfarm = { };
 
     services.hydra = {
       enable = true;
@@ -71,19 +73,24 @@ in
       port = hydraPort;
       useSubstitutes = true;
       adminPasswordFile = config.sops.secrets.hydra-admin-password.path;
-      buildMachinesFiles = [
-        (pkgs.writeText "builders" ''
-          localhost x86_64-linux,builtin - 8 1 nixos-test,big-parallel,kvm  -
-          ssh://nix@build04.nix-community.org aarch64-linux ${config.sops.secrets.id_buildfarm.path} 4 1 nixos-test,big-parallel,kvm  -
-        '')
-      ];
-
       usersFile = config.sops.secrets.hydra-users.path;
       extraConfig = ''
         max_output_size = ${builtins.toString (8 * 1024 * 1024 * 1024)}
       '';
     };
 
+    nix = {
+      distributedBuilds = true;
+      buildMachines = [
+        {
+          hostName = "localhost";
+          systems = [ "x86_64-linux" "builtin" ];
+          maxJobs = 8;
+          supportedFeatures = [ "nixos-test" "big-parallel" "kvm" ];
+        }
+      ];
+    };
+
     services.postgresql = {
       enable = true;
       settings = {

users/adisbladis.nix

@@ -12,7 +12,8 @@ in
     useDefaultShell = true;
     isNormalUser = true;
     extraGroups = [
-      "wheel" "trusted"
+      "wheel"
+      "trusted"
     ];
     uid = userLib.mkUid "adis";
   };

users/flokli.nix

@@ -11,7 +11,8 @@ in
     useDefaultShell = true;
     isNormalUser = true;
     extraGroups = [
-      "wheel" "trusted"
+      "wheel"
+      "trusted"
     ];
     uid = userLib.mkUid "flok";
   };

users/lewo.nix

@@ -11,7 +11,8 @@ in
     useDefaultShell = true;
     isNormalUser = true;
     extraGroups = [
-      "wheel" "trusted"
+      "wheel"
+      "trusted"
     ];
     uid = userLib.mkUid "lewo";
   };

users/mic92.nix

@@ -11,7 +11,8 @@ in
     useDefaultShell = true;
     isNormalUser = true;
     extraGroups = [
-      "wheel" "trusted"
+      "wheel"
+      "trusted"
     ];
     uid = userLib.mkUid "micc";
   };

users/ryantm.nix

@@ -12,7 +12,8 @@ in
     useDefaultShell = true;
     isNormalUser = true;
     extraGroups = [
-      "wheel" "trusted"
+      "wheel"
+      "trusted"
     ];
     uid = userLib.mkUid "rytm";
   };

users/zimbatm.nix

@@ -13,7 +13,8 @@ in
     useDefaultShell = true;
     isNormalUser = true;
     extraGroups = [
-      "wheel" "trusted"
+      "wheel"
+      "trusted"
     ];
     uid = userLib.mkUid "zimb";
   };