diff --git a/build01/buildkite.nix b/build01/buildkite.nix
index b3205e9..2708b67 100644
--- a/build01/buildkite.nix
+++ b/build01/buildkite.nix
@@ -1,4 +1,4 @@
-{ pkgs, ...}:
+{ pkgs, ... }:
{
services.buildkite-agent = {
diff --git a/build01/configuration.nix b/build01/configuration.nix
index 610ca9b..65ac6cc 100644
--- a/build01/configuration.nix
+++ b/build01/configuration.nix
@@ -3,7 +3,8 @@
let
userImports = builtins.map (f: ../users/. + "/${f}") (builtins.filter (x: x != "lib.nix") (lib.attrNames (builtins.readDir ../users)));
-in {
+in
+{
imports = [
./hardware-configuration.nix
diff --git a/build01/gitlab.nix b/build01/gitlab.nix
index e800267..05f116f 100644
--- a/build01/gitlab.nix
+++ b/build01/gitlab.nix
@@ -5,7 +5,8 @@ let
url = "https://gitlab.com/arianvp/nixos-gitlab-runner/-/archive/9126927c701aa399bd1734e7e5230c3a0010c1b7/nixos-gitlab-runner-9126927c701aa399bd1734e7e5230c3a0010c1b7.tar.gz";
sha256 = "1s0fy5ny2ygcfvx35xws8xz5ih4z4kdfqlq3r6byxpylw7r52fyi";
};
-in {
+in
+{
imports = [
"${gitlabModule}/gitlab-runner.nix"
];
diff --git a/build01/hardware-configuration.nix b/build01/hardware-configuration.nix
index 6f017a5..ceebe2c 100644
--- a/build01/hardware-configuration.nix
+++ b/build01/hardware-configuration.nix
@@ -4,35 +4,37 @@
{ config, lib, pkgs, ... }:
{
- imports =
- [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
- ];
+ imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "sd_mod" ];
boot.kernelModules = [ "kvm-amd" ];
- boot.extraModulePackages = [ ];
+ boot.extraModulePackages = [];
fileSystems."/" =
- { device = "zroot/root";
+ {
+ device = "zroot/root";
fsType = "zfs";
};
fileSystems."/nix" =
- { device = "zroot/root/nix";
+ {
+ device = "zroot/root/nix";
fsType = "zfs";
};
fileSystems."/home" =
- { device = "zroot/root/home";
+ {
+ device = "zroot/root/home";
fsType = "zfs";
};
fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/3593e0a3-3bc7-42a7-b829-685b9e98e6ba";
+ {
+ device = "/dev/disk/by-uuid/3593e0a3-3bc7-42a7-b829-685b9e98e6ba";
fsType = "ext4";
};
- swapDevices = [ ];
+ swapDevices = [];
nix.maxJobs = lib.mkDefault 16;
}
diff --git a/build01/nixpkgs-update.nix b/build01/nixpkgs-update.nix
index 3284536..a030a9b 100644
--- a/build01/nixpkgs-update.nix
+++ b/build01/nixpkgs-update.nix
@@ -27,11 +27,12 @@ let
CacheDirectoryMode = "700";
LogsDirectory = "nixpkgs-update";
LogsDirectoryMode = "700";
- StandardOutput="journal";
+ StandardOutput = "journal";
};
-in {
+in
+{
users.users.r-ryantm.packages = [ pkgs.cachix ];
- users.groups.r-ryantm = { };
+ users.groups.r-ryantm = {};
users.users.r-ryantm = {
useDefaultShell = true;
isNormalUser = true; # The hub cli seems to really want stuff to be set up like a normal user
diff --git a/deployment.nix b/deployment.nix
index cadec6e..5370ecf 100644
--- a/deployment.nix
+++ b/deployment.nix
@@ -2,67 +2,68 @@ let
secrets = import ./secrets;
-in {
+in
+{
network.description = "nix-community infra";
build01 =
{ resources, ... }:
- {
- imports = [
- ./build01/configuration.nix
- ];
+ {
+ imports = [
+ ./build01/configuration.nix
+ ];
- deployment.targetHost = "94.130.143.84";
+ deployment.targetHost = "94.130.143.84";
+
+ deployment.keys.buildkite-token = {
+ text = secrets.buildkite-token;
+ user = "buildkite-agent";
+ permissions = "0600";
+ };
+
+ deployment.keys.buildkite-agent-key = {
+ text = secrets.buildkite-agent-key;
+ user = "buildkite-agent";
+ permissions = "0600";
+ };
+
+ deployment.keys."buildkite-agent-key.pub" = {
+ text = secrets."buildkite-agent-key.pub";
+ user = "buildkite-agent";
+ permissions = "0600";
+ };
+
+ deployment.keys.gitlab-runner-registration = {
+ text = secrets.gitlab-runner-registration;
+ user = "gitlab-runner";
+ permissions = "0600";
+ };
+
+ deployment.keys."id_rsa" = {
+ text = secrets.github-r-ryantm-key;
+ destDir = "/home/r-ryantm/.ssh";
+ user = "r-ryantm";
+ group = "r-ryantm";
+ permissions = "0600";
+ };
+
+ deployment.keys."github_token.txt" = {
+ text = secrets.github-r-ryantm-token;
+ destDir = "/var/lib/nixpkgs-update";
+ user = "r-ryantm";
+ group = "r-ryantm";
+ permissions = "0600";
+ };
+
+ deployment.keys."cachix.dhall" = {
+ text = secrets."cachix.dhall";
+ destDir = "/var/lib/nixpkgs-update/cachix";
+ user = "r-ryantm";
+ group = "r-ryantm";
+ permissions = "0600";
+ };
- deployment.keys.buildkite-token = {
- text = secrets.buildkite-token;
- user = "buildkite-agent";
- permissions = "0600";
};
- deployment.keys.buildkite-agent-key = {
- text = secrets.buildkite-agent-key;
- user = "buildkite-agent";
- permissions = "0600";
- };
-
- deployment.keys."buildkite-agent-key.pub" = {
- text = secrets."buildkite-agent-key.pub";
- user = "buildkite-agent";
- permissions = "0600";
- };
-
- deployment.keys.gitlab-runner-registration = {
- text = secrets.gitlab-runner-registration;
- user = "gitlab-runner";
- permissions = "0600";
- };
-
- deployment.keys."id_rsa" = {
- text = secrets.github-r-ryantm-key;
- destDir = "/home/r-ryantm/.ssh";
- user = "r-ryantm";
- group = "r-ryantm";
- permissions = "0600";
- };
-
- deployment.keys."github_token.txt" = {
- text = secrets.github-r-ryantm-token;
- destDir = "/var/lib/nixpkgs-update";
- user = "r-ryantm";
- group = "r-ryantm";
- permissions = "0600";
- };
-
- deployment.keys."cachix.dhall" = {
- text = secrets."cachix.dhall";
- destDir = "/var/lib/nixpkgs-update/cachix";
- user = "r-ryantm";
- group = "r-ryantm";
- permissions = "0600";
- };
-
- };
-
}
diff --git a/profiles/common.nix b/profiles/common.nix
index 37acf5a..e34990c 100644
--- a/profiles/common.nix
+++ b/profiles/common.nix
@@ -21,18 +21,19 @@
nix = let
asGB = size: toString (size * 1024 * 1024);
- in {
- extraOptions = ''
- # auto-free the /nix/store
- min-free = ${asGB 10}
- max-free = ${asGB 200}
+ in
+ {
+ extraOptions = ''
+ # auto-free the /nix/store
+ min-free = ${asGB 10}
+ max-free = ${asGB 200}
- # avoid copying unecessary stuff over SSH
- builders-use-substitutes = true
- '';
- # Hard-link duplicated files
- autoOptimiseStore = true;
- };
+ # avoid copying unecessary stuff over SSH
+ builders-use-substitutes = true
+ '';
+ # Hard-link duplicated files
+ autoOptimiseStore = true;
+ };
services.openssh.enable = true;
networking.firewall.allowedTCPPorts = [
@@ -56,10 +57,17 @@
# Assign keys from all users in wheel group
# This is only done because nixops cant be deployed from any other account
- users.extraUsers.root.openssh.authorizedKeys.keys = lib.unique (lib.flatten (
- builtins.map (u: u.openssh.authorizedKeys.keys)
- (lib.attrValues (lib.filterAttrs (_: u: lib.elem "wheel" u.extraGroups)
- config.users.extraUsers))));
+ users.extraUsers.root.openssh.authorizedKeys.keys = lib.unique (
+ lib.flatten (
+ builtins.map (u: u.openssh.authorizedKeys.keys)
+ (
+ lib.attrValues (
+ lib.filterAttrs (_: u: lib.elem "wheel" u.extraGroups)
+ config.users.extraUsers
+ )
+ )
+ )
+ );
}
diff --git a/profiles/docker.nix b/profiles/docker.nix
index e36b1e1..66ad198 100644
--- a/profiles/docker.nix
+++ b/profiles/docker.nix
@@ -1,4 +1,4 @@
-{...}:
+{ ... }:
{
diff --git a/shell.nix b/shell.nix
index d82576f..e4ec308 100644
--- a/shell.nix
+++ b/shell.nix
@@ -6,20 +6,25 @@ let
overlays = [];
};
-in pkgs.mkShell {
+in
+pkgs.mkShell {
- NIX_PATH="nixpkgs=${toString pkgs.path}";
+ NIX_PATH = "nixpkgs=${toString pkgs.path}";
- NIXOPS_DEPLOYMENT="nix-community-infra";
- NIXOPS_STATE="./state/deployment-state.nixops";
+ NIXOPS_DEPLOYMENT = "nix-community-infra";
+ NIXOPS_STATE = "./state/deployment-state.nixops";
buildInputs = [
pkgs.git-crypt
pkgs.niv
pkgs.nixops
- (pkgs.terraform.withPlugins (p: [
- p.cloudflare
- ]))
+ (
+ pkgs.terraform.withPlugins (
+ p: [
+ p.cloudflare
+ ]
+ )
+ )
];
# terraform cloud without the remote execution part
diff --git a/users/adisbladis.nix b/users/adisbladis.nix
index d33d263..dd7d8e8 100644
--- a/users/adisbladis.nix
+++ b/users/adisbladis.nix
@@ -6,7 +6,8 @@ let
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtr+rcxCZBAAqt8ocvhEEdBWfnRBCljjQPtC6Np24Y3H/HMe3rugsu3OhPscRV1k5hT+UlA2bpN8clMFAfK085orYY7DMUrgKQzFB7GDnOvuS1CqE1PRw7/OHLcWxDwf3YLpa8+ZIwMHFxR2gxsldCLGZV/VukNwhEvWs50SbXwVrjNkwA9LHy3Or0i6sAzU711V3B2heB83BnbT8lr3CKytF3uyoTEJvDE7XMmRdbvZK+c48bj6wDaqSmBEDrdNncsqnReDjScdNzXgP1849kMfIUwzXdhEF8QRVfU8n2A2kB0WRXiGgiL4ba5M+N9v1zLdzSHcmB0veWGgRyX8tN cardno:000607203159"
];
-in {
+in
+{
users.users.adisbladis = {
openssh.authorizedKeys.keys = keys;
useDefaultShell = true;
diff --git a/users/lib.nix b/users/lib.nix
index d915fc9..245ac4a 100644
--- a/users/lib.nix
+++ b/users/lib.nix
@@ -1,12 +1,14 @@
{ lib }:
let
- chrs = lib.listToAttrs (lib.imap (i: v: {name=v; value=i + 96;}) lib.lowerChars);
+ chrs = lib.listToAttrs (lib.imap (i: v: { name = v; value = i + 96; }) lib.lowerChars);
ord = c: builtins.getAttr c chrs;
-in {
+in
+{
# Make a unique UID from a 4-char identifier
- mkUid = id: let # TODO: Assert length
+ mkUid = id: let
+ # TODO: Assert length
chars = lib.stringToCharacters id;
n = builtins.map (c: lib.mod (ord c) 10) chars;
s = builtins.concatStringsSep "" (builtins.map (i: builtins.toString i) n);
diff --git a/users/ryantm.nix b/users/ryantm.nix
index 78970a4..a1724c2 100644
--- a/users/ryantm.nix
+++ b/users/ryantm.nix
@@ -6,7 +6,8 @@ let
"ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5KESKmapziCEd05LPnW1Ib+t5N18aZ8nzeVSZ3w79vGZHacgwKrGAQkQ1JbEFsm1aXQ4LR27l7Y5MM+auf0YZdGjtAiSsV/G/mjBP95HsuFTE1NSsXisdyKBkJ1g8TUfNOq2gsFyUVCeLMz4fC/ZYxdfBRpPnA6lCblWPmwLAaKTuI7afLv9UGN36/lFKReFzLpMfjYu/HAOYglRuQr8UcYvuysfDKwHImZYdZbzId2pg52nntSAiRgavjt2StiXVQz8zrCtvkguAkG6R8ZSPDyIJ0gLPNLxryIVLPscRbmH0usr3ipemOEplIsiNwp9pW2AQj0jZMBA55T75jxW2Q== ryantm-personal"
];
-in {
+in
+{
users.users.ryantm = {
openssh.authorizedKeys.keys = keys;
useDefaultShell = true;
diff --git a/users/worldofpeace.nix b/users/worldofpeace.nix
index eb09581..0c9baac 100644
--- a/users/worldofpeace.nix
+++ b/users/worldofpeace.nix
@@ -6,7 +6,8 @@ let
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHGEkPcumvhBjIZ44tnhN6+hZR8vsCSLD4r1dFzlnXA4 Nix Community - worldofpeace"
];
-in {
+in
+{
users.users.worldofpeace = {
openssh.authorizedKeys.keys = keys;
useDefaultShell = true;
diff --git a/users/zimbatm.nix b/users/zimbatm.nix
index 9bf06f3..8a8f6f8 100644
--- a/users/zimbatm.nix
+++ b/users/zimbatm.nix
@@ -7,7 +7,8 @@ let
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxiMI0QgaxBTRgzhCtgiyFEcRiZ7SH6LC0byweSlThcpevN6W8ZQZFqv9BhEmq/Hukrgytm8WkdYHCWWRdDcC94AUHxNG+wF4ONLUaX+xpuuwd6KQVHAOZ9kDyPNdXIO9Ad6YiqiVD4fI4wi9wl/hBQQgB7jF+BKPjOfoE2D95psyEqFcD13mlFQAMZnPzYVSv72uWu4Cf6ft4XbrMeqxa71TIoEsjlZ+BVOg+mVmfZNtThtwJ1FZ+tEX6pwFGNAacZWx4TZmPojZaauwBmTJDC5DKgPH4ZmejIgCerjIUsjmNcRXNRinKitWpaV3KIAPc+lrNZPB4I3lmKuW5uFQr"
];
-in {
+in
+{
users.users.zimbatm = {
openssh.authorizedKeys.keys = keys;
useDefaultShell = true;