diff --git a/default.nix b/default.nix
index 897740c..3c05e8c 100644
--- a/default.nix
+++ b/default.nix
@@ -1,16 +1,26 @@
# This file provides backward compatibility to nix < 2.4 clients
-{ system ? builtins.currentSystem }:
+{
+ system ? builtins.currentSystem,
+}:
let
lock = builtins.fromJSON (builtins.readFile ./flake.lock);
root = lock.nodes.${lock.root};
- inherit (lock.nodes.${root.inputs.flake-compat}.locked) owner repo rev narHash;
+ inherit (lock.nodes.${root.inputs.flake-compat}.locked)
+ owner
+ repo
+ rev
+ narHash
+ ;
flake-compat = fetchTarball {
url = "https://github.com/${owner}/${repo}/archive/${rev}.tar.gz";
sha256 = narHash;
};
- flake = import flake-compat { inherit system; src = ./.; };
+ flake = import flake-compat {
+ inherit system;
+ src = ./.;
+ };
in
flake.defaultNix
diff --git a/dev/docs.nix b/dev/docs.nix
index 6fc6627..d86eda0 100644
--- a/dev/docs.nix
+++ b/dev/docs.nix
@@ -1,28 +1,23 @@
{ config, pkgs, ... }:
{
- devShells.mkdocs = pkgs.mkShellNoCC {
- inputsFrom = [
- config.packages.docs
- ];
- };
+ devShells.mkdocs = pkgs.mkShellNoCC { inputsFrom = [ config.packages.docs ]; };
packages = {
- docs = pkgs.runCommand "docs"
- {
- buildInputs = [
- pkgs.python3.pkgs.mkdocs-material
- ];
- files = pkgs.lib.fileset.toSource {
- root = ../.;
- fileset = pkgs.lib.fileset.unions [
- ../docs
- ../mkdocs.yml
- ];
- };
- }
- ''
- cd $files
- mkdocs build --strict --site-dir $out
- '';
+ docs =
+ pkgs.runCommand "docs"
+ {
+ buildInputs = [ pkgs.python3.pkgs.mkdocs-material ];
+ files = pkgs.lib.fileset.toSource {
+ root = ../.;
+ fileset = pkgs.lib.fileset.unions [
+ ../docs
+ ../mkdocs.yml
+ ];
+ };
+ }
+ ''
+ cd $files
+ mkdocs build --strict --site-dir $out
+ '';
docs-linkcheck = pkgs.testers.lycheeLinkCheck rec {
extraConfig = {
exclude = [
diff --git a/dev/shell.nix b/dev/shell.nix
index 70a3cab..1d058e5 100644
--- a/dev/shell.nix
+++ b/dev/shell.nix
@@ -1,32 +1,39 @@
{ inputs', pkgs, ... }:
{
devShells = {
- default = with pkgs; mkShellNoCC {
- packages = [
- inputs'.agenix.packages.default
- jq
- python3.pkgs.deploykit
- python3.pkgs.invoke
- sops
- ssh-to-age
- ];
- };
- sotp = with pkgs; mkShellNoCC {
- packages = [
- (buildGoModule rec {
- pname = "sotp";
- version = "e7f7c804b1641169ce850d8352fb07294881609e";
- src = pkgs.fetchFromGitHub {
- owner = "getsops";
- repo = "sotp";
- rev = version;
- hash = "sha256-Cu8cZCmM19G5zeMIiiaCwVJee8wrBZP3Ltk1jWKb2vs=";
- };
- vendorHash = "sha256-vQruuohwi53By8UZLrPbRtUrmNbmPt+Sku9hI5J3Dlc=";
- ldflags = [ "-s" "-w" ];
- doCheck = false;
- })
- ];
- };
+ default =
+ with pkgs;
+ mkShellNoCC {
+ packages = [
+ inputs'.agenix.packages.default
+ jq
+ python3.pkgs.deploykit
+ python3.pkgs.invoke
+ sops
+ ssh-to-age
+ ];
+ };
+ sotp =
+ with pkgs;
+ mkShellNoCC {
+ packages = [
+ (buildGoModule rec {
+ pname = "sotp";
+ version = "e7f7c804b1641169ce850d8352fb07294881609e";
+ src = pkgs.fetchFromGitHub {
+ owner = "getsops";
+ repo = "sotp";
+ rev = version;
+ hash = "sha256-Cu8cZCmM19G5zeMIiiaCwVJee8wrBZP3Ltk1jWKb2vs=";
+ };
+ vendorHash = "sha256-vQruuohwi53By8UZLrPbRtUrmNbmPt+Sku9hI5J3Dlc=";
+ ldflags = [
+ "-s"
+ "-w"
+ ];
+ doCheck = false;
+ })
+ ];
+ };
};
}
diff --git a/dev/treefmt.nix b/dev/treefmt.nix
index 241668a..4c94f35 100644
--- a/dev/treefmt.nix
+++ b/dev/treefmt.nix
@@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
# Used to find the project root
projectRootFile = ".git/config";
@@ -57,9 +58,7 @@
"--prose-wrap"
"never"
];
- excludes = [
- "*secrets.yaml"
- ];
+ excludes = [ "*secrets.yaml" ];
};
};
}
diff --git a/flake.nix b/flake.nix
index d5c76b2..d687498 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,9 +1,7 @@
{
description = "NixOS configuration of our builders";
- nixConfig.extra-substituters = [
- "https://nix-community.cachix.org"
- ];
+ nixConfig.extra-substituters = [ "https://nix-community.cachix.org" ];
nixConfig.extra-trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
@@ -47,121 +45,148 @@
treefmt-nix.url = "github:numtide/treefmt-nix";
};
- outputs = inputs @ { flake-parts, self, ... }:
- flake-parts.lib.mkFlake
- { inherit inputs; }
- {
- systems = import inputs.systems;
+ outputs =
+ inputs@{ flake-parts, self, ... }:
+ flake-parts.lib.mkFlake { inherit inputs; } {
+ systems = import inputs.systems;
- imports = [
- inputs.treefmt-nix.flakeModule
- ];
+ imports = [ inputs.treefmt-nix.flakeModule ];
- perSystem = { inputs', lib, pkgs, self', system, ... }:
- {
- imports = [
- ./dev/docs.nix
- ./dev/shell.nix
- ./terraform/shell.nix
- ];
- treefmt = {
- flakeCheck = system == "x86_64-linux";
- imports = [ ./dev/treefmt.nix ];
+ perSystem =
+ {
+ inputs',
+ lib,
+ pkgs,
+ self',
+ system,
+ ...
+ }:
+ {
+ imports = [
+ ./dev/docs.nix
+ ./dev/shell.nix
+ ./terraform/shell.nix
+ ];
+ treefmt = {
+ flakeCheck = system == "x86_64-linux";
+ imports = [ ./dev/treefmt.nix ];
+ };
+
+ _module.args.pkgs = import inputs.nixpkgs {
+ inherit system;
+ config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "terraform" ];
+ };
+
+ checks =
+ let
+ darwinConfigurations = lib.mapAttrs' (
+ name: config: lib.nameValuePair name config.config.system.build.toplevel
+ ) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.darwinConfigurations);
+ devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells;
+ nixosConfigurations = lib.mapAttrs' (
+ name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel
+ ) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations);
+ in
+ darwinConfigurations
+ // devShells
+ // {
+ inherit (self') formatter;
+ }
+ // nixosConfigurations
+ // pkgs.lib.optionalAttrs (system == "x86_64-linux") {
+ inherit (self'.packages) docs docs-linkcheck;
+ nixpkgs-update-supervisor-test = pkgs.callPackage ./hosts/build02/supervisor_test.nix { };
+ nixosTests-buildbot = pkgs.nixosTests.buildbot;
+ nixosTests-buildbot-nix-master = inputs'.buildbot-nix.checks.master;
+ nixosTests-buildbot-nix-worker = inputs'.buildbot-nix.checks.worker;
+ nixosTests-hydra = pkgs.nixosTests.hydra.hydra_unstable;
};
+ };
- _module.args.pkgs = import inputs.nixpkgs {
- inherit system;
- config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
- "terraform"
- ];
- };
-
- checks =
- let
- darwinConfigurations = lib.mapAttrs' (name: config: lib.nameValuePair name config.config.system.build.toplevel) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.darwinConfigurations);
- devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells;
- nixosConfigurations = lib.mapAttrs' (name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations);
- in
- darwinConfigurations // devShells // { inherit (self') formatter; } // nixosConfigurations
- // pkgs.lib.optionalAttrs (system == "x86_64-linux")
- {
- inherit (self'.packages) docs docs-linkcheck;
- nixpkgs-update-supervisor-test = pkgs.callPackage ./hosts/build02/supervisor_test.nix { };
- nixosTests-buildbot = pkgs.nixosTests.buildbot;
- nixosTests-buildbot-nix-master = inputs'.buildbot-nix.checks.master;
- nixosTests-buildbot-nix-worker = inputs'.buildbot-nix.checks.worker;
- nixosTests-hydra = pkgs.nixosTests.hydra.hydra_unstable;
+ flake.darwinConfigurations =
+ let
+ darwinSystem =
+ args:
+ inputs.nix-darwin.lib.darwinSystem (
+ {
+ specialArgs = {
+ inherit inputs;
};
+ }
+ // args
+ );
+ in
+ {
+ darwin01 = darwinSystem {
+ pkgs = inputs.nixpkgs.legacyPackages.aarch64-darwin;
+ modules = [ ./hosts/darwin01/configuration.nix ];
};
-
- flake.darwinConfigurations =
- let
- darwinSystem = args:
- inputs.nix-darwin.lib.darwinSystem ({ specialArgs = { inherit inputs; }; } // args);
- in
- {
- darwin01 = darwinSystem {
- pkgs = inputs.nixpkgs.legacyPackages.aarch64-darwin;
- modules = [ ./hosts/darwin01/configuration.nix ];
- };
- darwin02 = darwinSystem {
- pkgs = inputs.nixpkgs.legacyPackages.aarch64-darwin;
- modules = [ ./hosts/darwin02/configuration.nix ];
- };
+ darwin02 = darwinSystem {
+ pkgs = inputs.nixpkgs.legacyPackages.aarch64-darwin;
+ modules = [ ./hosts/darwin02/configuration.nix ];
};
-
- flake.nixosConfigurations =
- let
- nixosSystem = args:
- inputs.nixpkgs.lib.nixosSystem ({ specialArgs = { inherit inputs; }; } // args);
- in
- {
- build01 = nixosSystem {
- pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
- modules = [ ./hosts/build01/configuration.nix ];
- };
- build02 = nixosSystem {
- pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
- modules = [ ./hosts/build02/configuration.nix ];
- };
- build03 = nixosSystem {
- pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
- modules = [ ./hosts/build03/configuration.nix ];
- };
- build04 = nixosSystem {
- pkgs = inputs.nixpkgs.legacyPackages.aarch64-linux;
- modules = [ ./hosts/build04/configuration.nix ];
- };
- web02 = nixosSystem {
- pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
- modules = [ ./hosts/web02/configuration.nix ];
- };
- };
-
- flake.darwinModules = {
- common = ./modules/darwin/common;
-
- builder = ./modules/darwin/builder.nix;
- community-builder = ./modules/darwin/community-builder;
- hercules-ci = ./modules/darwin/hercules-ci.nix;
- remote-builder = ./modules/darwin/remote-builder.nix;
};
- flake.nixosModules = {
- common = ./modules/nixos/common;
-
- buildbot = ./modules/nixos/buildbot.nix;
- builder = ./modules/nixos/builder.nix;
- community-builder = ./modules/nixos/community-builder;
- disko-zfs = ./modules/nixos/disko-zfs.nix;
- github-org-backup = ./modules/nixos/github-org-backup.nix;
- hercules-ci = ./modules/nixos/hercules-ci.nix;
- hydra = ./modules/nixos/hydra.nix;
- emergency-access = ./modules/nixos/emergency-access.nix;
- monitoring = ./modules/nixos/monitoring;
- nur-update = ./modules/nixos/nur-update.nix;
- remote-builder = ./modules/nixos/remote-builder.nix;
- watch-store = ./modules/nixos/watch-store.nix;
+ flake.nixosConfigurations =
+ let
+ nixosSystem =
+ args:
+ inputs.nixpkgs.lib.nixosSystem (
+ {
+ specialArgs = {
+ inherit inputs;
+ };
+ }
+ // args
+ );
+ in
+ {
+ build01 = nixosSystem {
+ pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
+ modules = [ ./hosts/build01/configuration.nix ];
+ };
+ build02 = nixosSystem {
+ pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
+ modules = [ ./hosts/build02/configuration.nix ];
+ };
+ build03 = nixosSystem {
+ pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
+ modules = [ ./hosts/build03/configuration.nix ];
+ };
+ build04 = nixosSystem {
+ pkgs = inputs.nixpkgs.legacyPackages.aarch64-linux;
+ modules = [ ./hosts/build04/configuration.nix ];
+ };
+ web02 = nixosSystem {
+ pkgs = inputs.nixpkgs.legacyPackages.x86_64-linux;
+ modules = [ ./hosts/web02/configuration.nix ];
+ };
};
+
+ flake.darwinModules = {
+ common = ./modules/darwin/common;
+
+ builder = ./modules/darwin/builder.nix;
+ community-builder = ./modules/darwin/community-builder;
+ hercules-ci = ./modules/darwin/hercules-ci.nix;
+ remote-builder = ./modules/darwin/remote-builder.nix;
};
+
+ flake.nixosModules = {
+ common = ./modules/nixos/common;
+
+ buildbot = ./modules/nixos/buildbot.nix;
+ builder = ./modules/nixos/builder.nix;
+ community-builder = ./modules/nixos/community-builder;
+ disko-zfs = ./modules/nixos/disko-zfs.nix;
+ github-org-backup = ./modules/nixos/github-org-backup.nix;
+ hercules-ci = ./modules/nixos/hercules-ci.nix;
+ hydra = ./modules/nixos/hydra.nix;
+ emergency-access = ./modules/nixos/emergency-access.nix;
+ monitoring = ./modules/nixos/monitoring;
+ nur-update = ./modules/nixos/nur-update.nix;
+ remote-builder = ./modules/nixos/remote-builder.nix;
+ watch-store = ./modules/nixos/watch-store.nix;
+ };
+ };
}
diff --git a/hosts/build02/configuration.nix b/hosts/build02/configuration.nix
index cc6dc51..8512f56 100644
--- a/hosts/build02/configuration.nix
+++ b/hosts/build02/configuration.nix
@@ -20,7 +20,10 @@
boot.kernelParams = [ "zfs.zfs_arc_max=${toString (24 * 1024 * 1024 * 1024)}" ]; # 24GB, try to limit OOM kills / reboots
networking.hostName = "build02";
- networking.nameservers = [ "1.1.1.1" "1.0.0.1" ];
+ networking.nameservers = [
+ "1.1.1.1"
+ "1.0.0.1"
+ ];
systemd.network.networks."10-uplink".networkConfig.Address = "2a01:4f9:3b:41d9::1";
diff --git a/hosts/build02/nixpkgs-update-backup.nix b/hosts/build02/nixpkgs-update-backup.nix
index 4d02348..67458c5 100644
--- a/hosts/build02/nixpkgs-update-backup.nix
+++ b/hosts/build02/nixpkgs-update-backup.nix
@@ -6,15 +6,11 @@
systemd.services.borgbackup-job-nixpkgs-update = {
after = [ "nixpkgs-update-delete-old-logs.service" ];
- serviceConfig.ReadWritePaths = [
- "/var/log/telegraf"
- ];
+ serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
};
services.borgbackup.jobs.nixpkgs-update = {
- paths = [
- "/var/log/nixpkgs-update"
- ];
+ paths = [ "/var/log/nixpkgs-update" ];
repo = "u348918@u348918.your-storagebox.de:/./nixpkgs-update";
encryption.mode = "none";
compression = "auto,zstd";
diff --git a/hosts/build02/nixpkgs-update.nix b/hosts/build02/nixpkgs-update.nix
index e58340e..58aad7f 100644
--- a/hosts/build02/nixpkgs-update.nix
+++ b/hosts/build02/nixpkgs-update.nix
@@ -1,4 +1,10 @@
-{ pkgs, lib, inputs, config, ... }:
+{
+ pkgs,
+ lib,
+ inputs,
+ config,
+ ...
+}:
let
userLib = import "${toString inputs.self}/users/lib.nix" { inherit lib; };
@@ -18,7 +24,10 @@ let
];
mkWorker = name: {
- after = [ "network-online.target" "nixpkgs-update-supervisor.service" ];
+ after = [
+ "network-online.target"
+ "nixpkgs-update-supervisor.service"
+ ];
wants = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];
description = "nixpkgs-update ${name} service";
@@ -107,8 +116,15 @@ let
wants = [ "network-online.target" ];
path = nixpkgsUpdateSystemDependencies ++ [
# nixpkgs-update-github-releases
- (pkgs.python3.withPackages (p: with p;
- [ requests dateutil libversion cachecontrol lockfile filelock ]
+ (pkgs.python3.withPackages (
+ p: with p; [
+ requests
+ dateutil
+ libversion
+ cachecontrol
+ lockfile
+ filelock
+ ]
))
];
# API_TOKEN is used by nixpkgs-update-github-releases
@@ -242,7 +258,9 @@ in
"e /var/cache/nixpkgs-update/worker/nixpkgs-review - - - 1d -"
"d /var/lib/nixpkgs-update/bin/ 700 r-ryantm r-ryantm - -"
- "L+ ${nixpkgs-update-bin} - - - - ${inputs.nixpkgs-update.packages.${pkgs.system}.default}/bin/nixpkgs-update"
+ "L+ ${nixpkgs-update-bin} - - - - ${
+ inputs.nixpkgs-update.packages.${pkgs.system}.default
+ }/bin/nixpkgs-update"
];
sops.secrets.github-r-ryantm-key = {
diff --git a/hosts/build02/supervisor_test.nix b/hosts/build02/supervisor_test.nix
index 323b7d8..9ace240 100644
--- a/hosts/build02/supervisor_test.nix
+++ b/hosts/build02/supervisor_test.nix
@@ -1,16 +1,17 @@
{ pkgs, ... }:
pkgs.runCommand "nixpkgs-update-supervisor-test"
-{
- buildInputs = [ (pkgs.python3.withPackages (ps: [ ps.asyncinotify ])) ];
- files = pkgs.lib.fileset.toSource {
- root = ./.;
- fileset = pkgs.lib.fileset.unions [
- ./supervisor.py
- ./supervisor_test.py
- ];
- };
-} ''
- python3 $files/supervisor_test.py
- touch $out
-''
+ {
+ buildInputs = [ (pkgs.python3.withPackages (ps: [ ps.asyncinotify ])) ];
+ files = pkgs.lib.fileset.toSource {
+ root = ./.;
+ fileset = pkgs.lib.fileset.unions [
+ ./supervisor.py
+ ./supervisor_test.py
+ ];
+ };
+ }
+ ''
+ python3 $files/supervisor_test.py
+ touch $out
+ ''
diff --git a/hosts/build03/builders.nix b/hosts/build03/builders.nix
index 017a917..795b3eb 100644
--- a/hosts/build03/builders.nix
+++ b/hosts/build03/builders.nix
@@ -11,7 +11,8 @@
sshKey = config.sops.secrets.id_buildfarm.path;
sshUser = "nix";
systems = [ "aarch64-linux" ];
- supportedFeatures = inputs.self.outputs.nixosConfigurations.build04.config.nix.settings.system-features;
+ supportedFeatures =
+ inputs.self.outputs.nixosConfigurations.build04.config.nix.settings.system-features;
}
{
hostName = "darwin02.nix-community.org";
@@ -19,8 +20,12 @@
protocol = "ssh-ng";
sshKey = config.sops.secrets.id_buildfarm.path;
sshUser = "nix";
- systems = [ "aarch64-darwin" "x86_64-darwin" ];
- supportedFeatures = inputs.self.outputs.darwinConfigurations.darwin02.config.nix.settings.system-features;
+ systems = [
+ "aarch64-darwin"
+ "x86_64-darwin"
+ ];
+ supportedFeatures =
+ inputs.self.outputs.darwinConfigurations.darwin02.config.nix.settings.system-features;
}
];
}
diff --git a/hosts/build03/postgresql.nix b/hosts/build03/postgresql.nix
index ee25bbd..40e8332 100644
--- a/hosts/build03/postgresql.nix
+++ b/hosts/build03/postgresql.nix
@@ -1,9 +1,7 @@
{ pkgs, ... }:
{
- services.postgresql.ensureUsers = [{
- name = "telegraf";
- }];
+ services.postgresql.ensureUsers = [ { name = "telegraf"; } ];
systemd.services.postgresql.postStart = ''
$PSQL -tAc 'GRANT pg_read_all_stats TO telegraf' -d postgres
@@ -53,7 +51,6 @@
max_wal_size = "2 GB";
min_wal_size = "1 GB";
-
# WAL writing
wal_compression = "on";
wal_buffers = -1; # auto-tuned by Postgres till maximum of segment size (16MB by default)
diff --git a/hosts/web02/gandi.nix b/hosts/web02/gandi.nix
index 22069a8..50bfb4a 100644
--- a/hosts/web02/gandi.nix
+++ b/hosts/web02/gandi.nix
@@ -1,9 +1,7 @@
# This is the configuration required to run NixOS on GandiCloud.
{ lib, modulesPath, ... }:
{
- imports = [
- (modulesPath + "/virtualisation/openstack-config.nix")
- ];
+ imports = [ (modulesPath + "/virtualisation/openstack-config.nix") ];
config = {
boot.initrd.kernelModules = [
"xen-blkfront"
diff --git a/modules/darwin/builder.nix b/modules/darwin/builder.nix
index 5d17829..87b9867 100644
--- a/modules/darwin/builder.nix
+++ b/modules/darwin/builder.nix
@@ -1,10 +1,10 @@
{
- imports = [
- ../shared/builder.nix
- ];
+ imports = [ ../shared/builder.nix ];
# https://github.com/LnL7/nix-darwin/blob/230a197063de9287128e2c68a7a4b0cd7d0b50a7/modules/nix/default.nix#L201
nix.daemonProcessType = "Interactive";
- nix.gc.interval = { Minute = 15; };
+ nix.gc.interval = {
+ Minute = 15;
+ };
}
diff --git a/modules/darwin/common/default.nix b/modules/darwin/common/default.nix
index 5ef04ec..bef1c71 100644
--- a/modules/darwin/common/default.nix
+++ b/modules/darwin/common/default.nix
@@ -21,7 +21,9 @@ in
# TODO: refactor this to share /users with nixos
users.users = {
- customer.openssh = { inherit authorizedKeys; };
+ customer.openssh = {
+ inherit authorizedKeys;
+ };
};
services.nix-daemon.enable = true;
@@ -32,9 +34,7 @@ in
programs.info.enable = false;
- nix.settings.trusted-users = [
- "@admin"
- ];
+ nix.settings.trusted-users = [ "@admin" ];
# shouldn't need to set this for a nix multi-user install
nix.gc.user = "root";
@@ -48,9 +48,7 @@ in
"flakes"
];
- environment.systemPackages = with pkgs; [
- htop
- ];
+ environment.systemPackages = with pkgs; [ htop ];
system.includeUninstaller = false;
diff --git a/modules/darwin/common/telegraf.nix b/modules/darwin/common/telegraf.nix
index 4c61e66..b8272b6 100644
--- a/modules/darwin/common/telegraf.nix
+++ b/modules/darwin/common/telegraf.nix
@@ -1,8 +1,6 @@
{ pkgs, ... }:
{
- imports = [
- ../../shared/telegraf.nix
- ];
+ imports = [ ../../shared/telegraf.nix ];
services.telegraf = {
enable = true;
@@ -14,8 +12,22 @@
mem = { };
swap = { };
disk.tagdrop = {
- fstype = [ "tmpfs" "ramfs" "devtmpfs" "devfs" "iso9660" "overlay" "aufs" "squashfs" ];
- device = [ "rpc_pipefs" "lxcfs" "nsfs" "borgfs" ];
+ fstype = [
+ "tmpfs"
+ "ramfs"
+ "devtmpfs"
+ "devfs"
+ "iso9660"
+ "overlay"
+ "aufs"
+ "squashfs"
+ ];
+ device = [
+ "rpc_pipefs"
+ "lxcfs"
+ "nsfs"
+ "borgfs"
+ ];
};
diskio = { };
internal = { };
diff --git a/modules/darwin/community-builder/users.nix b/modules/darwin/community-builder/users.nix
index 21744ca..c5d269b 100644
--- a/modules/darwin/community-builder/users.nix
+++ b/modules/darwin/community-builder/users.nix
@@ -287,20 +287,18 @@ let
];
in
{
- users.users = builtins.listToAttrs (builtins.map
- (u: {
+ users.users = builtins.listToAttrs (
+ builtins.map (u: {
inherit (u) name;
value = {
inherit (u) uid;
home = "/Users/${u.name}";
createHome = true;
shell = "/bin/zsh";
- openssh.authorizedKeys.keyFiles = [
- u.keys
- ];
+ openssh.authorizedKeys.keyFiles = [ u.keys ];
};
- })
- users);
+ }) users
+ );
users.knownUsers = builtins.map (u: u.name) users;
diff --git a/modules/darwin/remote-builder.nix b/modules/darwin/remote-builder.nix
index ddda955..bd4e729 100644
--- a/modules/darwin/remote-builder.nix
+++ b/modules/darwin/remote-builder.nix
@@ -1,7 +1,5 @@
{
- imports = [
- ../shared/remote-builder.nix
- ];
+ imports = [ ../shared/remote-builder.nix ];
users.knownUsers = [ "nix" ];
diff --git a/modules/nixos/buildbot.nix b/modules/nixos/buildbot.nix
index 32ba5fe..b7bba9e 100644
--- a/modules/nixos/buildbot.nix
+++ b/modules/nixos/buildbot.nix
@@ -1,4 +1,9 @@
-{ config, inputs, pkgs, ... }:
+{
+ config,
+ inputs,
+ pkgs,
+ ...
+}:
{
imports = [
inputs.buildbot-nix.nixosModules.buildbot-master
@@ -10,9 +15,7 @@
forceSSL = true;
};
- services.telegraf.extraConfig.inputs.prometheus.urls = [
- "http://localhost:8011/metrics"
- ];
+ services.telegraf.extraConfig.inputs.prometheus.urls = [ "http://localhost:8011/metrics" ];
sops.secrets.buildbot-github-oauth-secret = { };
sops.secrets.buildbot-github-app-secret-key = { };
@@ -22,8 +25,18 @@
services.buildbot-nix.master = {
enable = true;
- admins = [ "adisbladis" "ryantm" "zimbatm" "zowoq" ];
- buildSystems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
+ admins = [
+ "adisbladis"
+ "ryantm"
+ "zimbatm"
+ "zowoq"
+ ];
+ buildSystems = [
+ "x86_64-linux"
+ "aarch64-linux"
+ "x86_64-darwin"
+ "aarch64-darwin"
+ ];
buildRetries = 0;
domain = "buildbot.nix-community.org";
evalMaxMemorySize = "4096";
diff --git a/modules/nixos/builder.nix b/modules/nixos/builder.nix
index 6ff07da..c46c3d0 100644
--- a/modules/nixos/builder.nix
+++ b/modules/nixos/builder.nix
@@ -1,12 +1,15 @@
{
- imports = [
- ../shared/builder.nix
- ];
+ imports = [ ../shared/builder.nix ];
nix.gc.dates = "hourly";
# Bump the open files limit so that non-root users can run NixOS VM tests
security.pam.loginLimits = [
- { domain = "*"; item = "nofile"; type = "-"; value = "20480"; }
+ {
+ domain = "*";
+ item = "nofile";
+ type = "-";
+ value = "20480";
+ }
];
}
diff --git a/modules/nixos/common/comin.nix b/modules/nixos/common/comin.nix
index dbd8323..712e7f1 100644
--- a/modules/nixos/common/comin.nix
+++ b/modules/nixos/common/comin.nix
@@ -1,12 +1,8 @@
{ inputs, ... }:
{
- imports = [
- inputs.comin.nixosModules.comin
- ];
+ imports = [ inputs.comin.nixosModules.comin ];
- services.telegraf.extraConfig.inputs.prometheus.urls = [
- "http://localhost:4243/metrics"
- ];
+ services.telegraf.extraConfig.inputs.prometheus.urls = [ "http://localhost:4243/metrics" ];
services.comin = {
enable = true;
diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix
index a43fa5c..d57c69a 100644
--- a/modules/nixos/common/default.nix
+++ b/modules/nixos/common/default.nix
@@ -1,4 +1,9 @@
-{ config, inputs, pkgs, ... }:
+{
+ config,
+ inputs,
+ pkgs,
+ ...
+}:
{
imports = [
./comin.nix
@@ -25,7 +30,9 @@
Restart = "on-failure";
};
- boot.kernelPackages = pkgs.lib.mkIf (!config.boot.supportedFilesystems.zfs or false) pkgs.linuxPackages_latest;
+ boot.kernelPackages = pkgs.lib.mkIf (
+ !config.boot.supportedFilesystems.zfs or false
+ ) pkgs.linuxPackages_latest;
zramSwap.enable = true;
diff --git a/modules/nixos/common/reboot.nix b/modules/nixos/common/reboot.nix
index 9269008..f86ee03 100644
--- a/modules/nixos/common/reboot.nix
+++ b/modules/nixos/common/reboot.nix
@@ -7,7 +7,11 @@
restartIfChanged = false;
unitConfig.X-StopOnRemoval = false;
serviceConfig.Type = "oneshot";
- path = [ config.systemd.package pkgs.coreutils pkgs.kexec-tools ];
+ path = [
+ config.systemd.package
+ pkgs.coreutils
+ pkgs.kexec-tools
+ ];
script = ''
booted="$(readlink /run/booted-system/{initrd,kernel,kernel-modules} && cat /run/booted-system/kernel-params)"
p="$(readlink -f /nix/var/nix/profiles/system)"
diff --git a/modules/nixos/common/security.nix b/modules/nixos/common/security.nix
index 4f8b123..a4729ac 100644
--- a/modules/nixos/common/security.nix
+++ b/modules/nixos/common/security.nix
@@ -4,7 +4,10 @@
services.openssh = {
hostKeys = [
- { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }
+ {
+ path = "/etc/ssh/ssh_host_ed25519_key";
+ type = "ed25519";
+ }
];
};
}
diff --git a/modules/nixos/common/sops-nix.nix b/modules/nixos/common/sops-nix.nix
index 76bc786..3ad6a72 100644
--- a/modules/nixos/common/sops-nix.nix
+++ b/modules/nixos/common/sops-nix.nix
@@ -1,4 +1,9 @@
-{ config, inputs, lib, ... }:
+{
+ config,
+ inputs,
+ lib,
+ ...
+}:
let
defaultSopsPath = "${toString inputs.self}/hosts/${config.networking.hostName}/secrets.yaml";
in
diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix
index c806b9c..0add45c 100644
--- a/modules/nixos/common/users.nix
+++ b/modules/nixos/common/users.nix
@@ -5,10 +5,7 @@ let
userImports =
let
toUserPath = f: usersDir + "/${f}";
- onlyUserFiles = x:
- lib.hasSuffix ".nix" x &&
- x != "lib.nix"
- ;
+ onlyUserFiles = x: lib.hasSuffix ".nix" x && x != "lib.nix";
userDirEntries = builtins.readDir usersDir;
userFiles = builtins.filter onlyUserFiles (lib.attrNames userDirEntries);
in
diff --git a/modules/nixos/community-builder/default.nix b/modules/nixos/community-builder/default.nix
index d6af1c1..544fd89 100644
--- a/modules/nixos/community-builder/default.nix
+++ b/modules/nixos/community-builder/default.nix
@@ -1,4 +1,5 @@
-{ pkgs, ... }: {
+{ pkgs, ... }:
+{
imports = [
./packages.nix
./users.nix
diff --git a/modules/nixos/community-builder/users.nix b/modules/nixos/community-builder/users.nix
index eab3a28..4c4ba66 100644
--- a/modules/nixos/community-builder/users.nix
+++ b/modules/nixos/community-builder/users.nix
@@ -149,29 +149,23 @@ let
};
};
- ifAttr = key: default: result: opts:
- if (opts ? "${key}") && opts."${key}"
- then result
- else default;
+ ifAttr =
+ key: default: result: opts:
+ if (opts ? "${key}") && opts."${key}" then result else default;
maybeTrusted = ifAttr "trusted" [ ] [ "trusted" ];
maybeWheel = ifAttr "sudo" [ ] [ "wheel" ];
- userGroups = opts:
- (maybeTrusted opts) ++
- (maybeWheel opts);
+ userGroups = opts: (maybeTrusted opts) ++ (maybeWheel opts);
- descToUser = name: opts:
- {
- isNormalUser = true;
- extraGroups = userGroups opts;
- createHome = true;
- home = "/home/${name}";
- hashedPassword = opts.password or null;
- openssh.authorizedKeys.keyFiles = [
- opts.keys
- ];
- };
+ descToUser = name: opts: {
+ isNormalUser = true;
+ extraGroups = userGroups opts;
+ createHome = true;
+ home = "/home/${name}";
+ hashedPassword = opts.password or null;
+ openssh.authorizedKeys.keyFiles = [ opts.keys ];
+ };
in
{
users = {
diff --git a/modules/nixos/disko-zfs.nix b/modules/nixos/disko-zfs.nix
index b302f6e..491e578 100644
--- a/modules/nixos/disko-zfs.nix
+++ b/modules/nixos/disko-zfs.nix
@@ -1,8 +1,6 @@
{ inputs, ... }:
{
- imports = [
- inputs.disko.nixosModules.disko
- ];
+ imports = [ inputs.disko.nixosModules.disko ];
networking.hostId = "deadbeef";
diff --git a/modules/nixos/github-org-backup.nix b/modules/nixos/github-org-backup.nix
index 8b0232d..04f48ba 100644
--- a/modules/nixos/github-org-backup.nix
+++ b/modules/nixos/github-org-backup.nix
@@ -4,7 +4,10 @@
# https://github.com/gabrie30/ghorg/blob/92965c8b25ca423223888e1138d175bfc2f4b39b/README.md#creating-backups
systemd.services.github-org-backup = {
environment.HOME = "/var/lib/github-org-backup";
- path = [ pkgs.git pkgs.ghorg ];
+ path = [
+ pkgs.git
+ pkgs.ghorg
+ ];
# exclude nix, nixpkgs
script = ''
ghorg clone nix-community \
@@ -25,15 +28,11 @@
systemd.services.borgbackup-job-github-org = {
after = [ "github-org-backup.service" ];
- serviceConfig.ReadWritePaths = [
- "/var/log/telegraf"
- ];
+ serviceConfig.ReadWritePaths = [ "/var/log/telegraf" ];
};
services.borgbackup.jobs.github-org = {
- paths = [
- "/var/lib/github-org-backup"
- ];
+ paths = [ "/var/lib/github-org-backup" ];
repo = "u348918@u348918.your-storagebox.de:/./github-org";
encryption.mode = "none";
compression = "auto,zstd";
diff --git a/modules/nixos/hydra.nix b/modules/nixos/hydra.nix
index f776ca5..1fd4754 100644
--- a/modules/nixos/hydra.nix
+++ b/modules/nixos/hydra.nix
@@ -27,10 +27,7 @@
enable = true;
# remote builders set in /etc/nix/machines + localhost
buildMachinesFiles = [
- (pkgs.runCommand "etc-nix-machines"
- {
- machines = config.environment.etc."nix/machines".text;
- } ''
+ (pkgs.runCommand "etc-nix-machines" { machines = config.environment.etc."nix/machines".text; } ''
printf "$machines" > $out
substituteInPlace $out --replace 'ssh-ng://' 'ssh://'
'')
@@ -70,7 +67,10 @@
environment = {
inherit (config.systemd.services.hydra-init.environment) HYDRA_DBI;
};
- path = [ config.services.hydra.package pkgs.netcat ];
+ path = [
+ config.services.hydra.package
+ pkgs.netcat
+ ];
script = ''
set -e
while IFS=';' read -r user role passwordhash email fullname; do
diff --git a/modules/nixos/monitoring/alert-rules.nix b/modules/nixos/monitoring/alert-rules.nix
index 528267a..ccd4021 100644
--- a/modules/nixos/monitoring/alert-rules.nix
+++ b/modules/nixos/monitoring/alert-rules.nix
@@ -2,15 +2,17 @@
{
srvos.prometheus = {
ruleGroups.srvosAlerts.alertRules =
- (lib.genAttrs [
- "borgbackup-job-github-org.service"
- "borgbackup-job-nixpkgs-update.service"
- ]
+ (lib.genAttrs
+ [
+ "borgbackup-job-github-org.service"
+ "borgbackup-job-nixpkgs-update.service"
+ ]
(name: {
expr = ''absent_over_time(task_last_run{name="${name}"}[1d])'';
annotations.description = "status of ${name} is unknown: no data for a day";
- })) //
- {
+ })
+ )
+ // {
CominDeploymentDifferentCommits = {
expr = ''count(count by (commit_id) (comin_deployment_info)) > 1'';
for = "90m";
diff --git a/modules/nixos/monitoring/matrix-hook.nix b/modules/nixos/monitoring/matrix-hook.nix
index bf4be53..28b93e3 100644
--- a/modules/nixos/monitoring/matrix-hook.nix
+++ b/modules/nixos/monitoring/matrix-hook.nix
@@ -27,9 +27,7 @@ in
serviceConfig = {
Type = "simple";
ExecStart = "${matrixHook}/bin/matrix-hook";
- EnvironmentFile = [
- config.sops.secrets.nix-community-matrix-bot-token.path
- ];
+ EnvironmentFile = [ config.sops.secrets.nix-community-matrix-bot-token.path ];
Restart = "always";
RestartSec = "10";
User = "matrix-hook";
diff --git a/modules/nixos/monitoring/prometheus.nix b/modules/nixos/monitoring/prometheus.nix
index 850d6b9..5e7c369 100644
--- a/modules/nixos/monitoring/prometheus.nix
+++ b/modules/nixos/monitoring/prometheus.nix
@@ -8,7 +8,10 @@
enable = true;
checkConfig = true;
webExternalUrl = "https://monitoring.nix-community.org/prometheus/";
- extraFlags = [ "--storage.tsdb.retention.time=30d" "--web.route-prefix=/" ];
+ extraFlags = [
+ "--storage.tsdb.retention.time=30d"
+ "--web.route-prefix=/"
+ ];
scrapeConfigs = [
{
job_name = "telegraf";
@@ -26,15 +29,7 @@
];
}
];
- alertmanagers = [
- {
- static_configs = [
- {
- targets = [ "localhost:9093" ];
- }
- ];
- }
- ];
+ alertmanagers = [ { static_configs = [ { targets = [ "localhost:9093" ]; } ]; } ];
};
services.telegraf.extraConfig.inputs.prometheus.urls = [
@@ -46,7 +41,10 @@
enable = true;
webExternalUrl = "https://monitoring.nix-community.org/alertmanager/";
listenAddress = "[::1]";
- extraFlags = [ "--cluster.listen-address=''" "--web.route-prefix=/" ];
+ extraFlags = [
+ "--cluster.listen-address=''"
+ "--web.route-prefix=/"
+ ];
configuration = {
route = {
receiver = "default";
@@ -70,9 +68,7 @@
}
];
}
- {
- name = "default";
- }
+ { name = "default"; }
];
};
};
diff --git a/modules/nixos/monitoring/telegraf.nix b/modules/nixos/monitoring/telegraf.nix
index c469746..c5cd653 100644
--- a/modules/nixos/monitoring/telegraf.nix
+++ b/modules/nixos/monitoring/telegraf.nix
@@ -30,19 +30,15 @@
let
hosts = import ./hosts.nix;
in
- map
- (host: {
- protocol = "tcp";
- address = "${host}:22";
- send = "SSH-2.0-Telegraf";
- expect = "SSH-2.0";
- tags.host = host;
- tags.org = "nix-community";
- timeout = "10s";
- })
- hosts;
- prometheus.urls = [
- "https://events.ofborg.org/prometheus.php"
- ];
+ map (host: {
+ protocol = "tcp";
+ address = "${host}:22";
+ send = "SSH-2.0-Telegraf";
+ expect = "SSH-2.0";
+ tags.host = host;
+ tags.org = "nix-community";
+ timeout = "10s";
+ }) hosts;
+ prometheus.urls = [ "https://events.ofborg.org/prometheus.php" ];
};
}
diff --git a/modules/nixos/nur-update.nix b/modules/nixos/nur-update.nix
index c5cb988..16a7b3d 100644
--- a/modules/nixos/nur-update.nix
+++ b/modules/nixos/nur-update.nix
@@ -1,4 +1,9 @@
-{ config, inputs, pkgs, ... }:
+{
+ config,
+ inputs,
+ pkgs,
+ ...
+}:
{
services.nginx.virtualHosts."nur-update.nix-community.org" = {
@@ -11,11 +16,12 @@
systemd.services.nur-update =
let
- python = pkgs.python3.withPackages
- (ps: with ps; [
+ python = pkgs.python3.withPackages (
+ ps: with ps; [
(ps.toPythonModule inputs.nur-update.packages.${pkgs.system}.default)
gunicorn
- ]);
+ ]
+ );
in
{
description = "nur-update";
diff --git a/modules/nixos/remote-builder.nix b/modules/nixos/remote-builder.nix
index f628bcf..8885d89 100644
--- a/modules/nixos/remote-builder.nix
+++ b/modules/nixos/remote-builder.nix
@@ -1,7 +1,5 @@
{
- imports = [
- ../shared/remote-builder.nix
- ];
+ imports = [ ../shared/remote-builder.nix ];
users.users.nix = {
isNormalUser = true;
diff --git a/modules/shared/builder.nix b/modules/shared/builder.nix
index 7fe1da6..a2e57e3 100644
--- a/modules/shared/builder.nix
+++ b/modules/shared/builder.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
{
options.nixCommunity.gc.gbFree = lib.mkOption {
type = lib.types.int;
diff --git a/modules/shared/nix-daemon.nix b/modules/shared/nix-daemon.nix
index a1ac33f..da832b8 100644
--- a/modules/shared/nix-daemon.nix
+++ b/modules/shared/nix-daemon.nix
@@ -9,9 +9,7 @@ in
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
- settings.substituters = [
- "https://nix-community.cachix.org"
- ];
+ settings.substituters = [ "https://nix-community.cachix.org" ];
# Hard-link duplicated files
settings.auto-optimise-store = pkgs.lib.mkDefault true;
diff --git a/modules/shared/remote-builder.nix b/modules/shared/remote-builder.nix
index d253e66..989bb5a 100644
--- a/modules/shared/remote-builder.nix
+++ b/modules/shared/remote-builder.nix
@@ -1,4 +1,9 @@
-{ config, lib, pkgs, ... }:
+{
+ config,
+ lib,
+ pkgs,
+ ...
+}:
let
# https://discourse.nixos.org/t/wrapper-to-restrict-builder-access-through-ssh-worth-upstreaming/25834
nix-ssh-wrapper = pkgs.writeShellScript "nix-ssh-wrapper" ''
diff --git a/modules/shared/telegraf.nix b/modules/shared/telegraf.nix
index e0b5367..66767a0 100644
--- a/modules/shared/telegraf.nix
+++ b/modules/shared/telegraf.nix
@@ -1,4 +1,10 @@
-{ config, inputs, lib, pkgs, ... }:
+{
+ config,
+ inputs,
+ lib,
+ pkgs,
+ ...
+}:
let
hostInfo = pkgs.writeShellScript "host-info" ''
nix_version="$(${config.nix.package}/bin/nix store ping --store daemon --json | ${pkgs.jq}/bin/jq -r '.version')"
@@ -18,10 +24,14 @@ in
environment.etc =
let
inputsWithDate = lib.filterAttrs (_: input: input ? lastModified) inputs.self.inputs;
- flakeAttrs = input: (lib.mapAttrsToList (n: v: ''${n}="${v}"'')
- (lib.filterAttrs (_: v: (builtins.typeOf v) == "string") input));
- lastModified = name: input: ''
- flake_input_last_modified{input="${name}",${lib.concatStringsSep "," (flakeAttrs input)}} ${toString input.lastModified}'';
+ flakeAttrs =
+ input:
+ (lib.mapAttrsToList (n: v: ''${n}="${v}"'') (
+ lib.filterAttrs (_: v: (builtins.typeOf v) == "string") input
+ ));
+ lastModified =
+ name: input:
+ ''flake_input_last_modified{input="${name}",${lib.concatStringsSep "," (flakeAttrs input)}} ${toString input.lastModified}'';
in
{
"flake-inputs.prom" = {
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index e47008e..d13e261 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -5,7 +5,13 @@ let
zimbatm = builtins.readFile ../users/keys/zimbatm;
zowoq = builtins.readFile ../users/keys/zowoq;
- users = [ adisbladis mic92 ryantm zimbatm zowoq ];
+ users = [
+ adisbladis
+ mic92
+ ryantm
+ zimbatm
+ zowoq
+ ];
inherit ((import ../modules/shared/known-hosts.nix).programs.ssh) knownHosts;
@@ -14,7 +20,18 @@ let
darwin02 = knownHosts.darwin02.publicKey;
in
{
- "hercules-binary-caches.age".publicKeys = users ++ [ build03 build04 darwin02 ];
- "hercules-cluster-join-token.age".publicKeys = users ++ [ build03 build04 darwin02 ];
- "hercules-secrets.age".publicKeys = users ++ [ build03 build04 ]; # hercules-secrets are only needed on linux
+ "hercules-binary-caches.age".publicKeys = users ++ [
+ build03
+ build04
+ darwin02
+ ];
+ "hercules-cluster-join-token.age".publicKeys = users ++ [
+ build03
+ build04
+ darwin02
+ ];
+ "hercules-secrets.age".publicKeys = users ++ [
+ build03
+ build04
+ ]; # hercules-secrets are only needed on linux
}
diff --git a/terraform/shell.nix b/terraform/shell.nix
index 050a496..e305689 100644
--- a/terraform/shell.nix
+++ b/terraform/shell.nix
@@ -1,17 +1,19 @@
{ pkgs, ... }:
{
devShells = {
- terraform = with pkgs; mkShellNoCC {
- packages = [
- (terraform.withPlugins (p: [
- p.cloudflare
- p.external
- p.hydra
- p.null
- p.sops
- p.tfe
- ]))
- ];
- };
+ terraform =
+ with pkgs;
+ mkShellNoCC {
+ packages = [
+ (terraform.withPlugins (p: [
+ p.cloudflare
+ p.external
+ p.hydra
+ p.null
+ p.sops
+ p.tfe
+ ]))
+ ];
+ };
};
}
diff --git a/users/lib.nix b/users/lib.nix
index 8ce70d9..4376a9a 100644
--- a/users/lib.nix
+++ b/users/lib.nix
@@ -1,11 +1,17 @@
{ lib }:
let
- chrs = lib.listToAttrs (lib.imap (i: v: { name = v; value = i + 96; }) lib.lowerChars);
+ chrs = lib.listToAttrs (
+ lib.imap (i: v: {
+ name = v;
+ value = i + 96;
+ }) lib.lowerChars
+ );
ord = c: builtins.getAttr c chrs;
in
{
# Make a unique UID from a 4-char identifier
- mkUid = id:
+ mkUid =
+ id:
let
chars = lib.stringToCharacters (builtins.substring 0 4 id);
n = builtins.map (c: lib.mod (ord c) 10) chars;