From c05057015eeda74d5f41aee68147427b89bbb78e Mon Sep 17 00:00:00 2001 From: Craige McWhirter Date: Tue, 8 Mar 2022 00:26:15 +1000 Subject: [PATCH] treefmt: formatted all nix files --- globals-defaults.nix | 2 +- globals.nix | 14 +- hardware/eeepc701.nix | 28 +- hardware/lenovo_x201.nix | 23 +- hardware/linode_vm-encrypted.nix | 20 +- hardware/linode_vm.nix | 20 +- hardware/odroid-hc4/default.nix | 18 +- .../odroid-hc4/modules/sd-image/default.nix | 12 +- .../odroid-hc4/overlays/kernel/kernel.nix | 23 +- .../odroid-hc4/overlays/uboot/blx_fix.nix | 2 +- .../odroid-hc4/overlays/uboot/hardkernel.nix | 23 +- .../overlays/uboot/meson64-tools.nix | 13 +- .../odroid-hc4/overlays/uboot/overlay.nix | 27 +- hardware/odroid-hc4/overlays/uboot/u-boot.nix | 162 +++--- .../odroid-hc4/uboot/boot-ini-builder.nix | 3 +- .../odroid-hc4/uboot/hardkernel-uboot.nix | 36 +- hardware/purism_librem_15.nix | 20 +- hardware/raspberry_pi_2_model_B.nix | 29 +- hardware/raspberry_pi_3_model_B.nix | 29 +- hosts/airgead.nix | 9 +- hosts/ceilidh.nix | 21 +- hosts/cuallaidh.nix | 17 +- hosts/dhu.nix | 8 +- hosts/dionach.nix | 22 +- hosts/iolear-beag.nix | 8 +- hosts/paidh-aon.nix | 10 +- hosts/paidh-ceithir.nix | 12 +- hosts/paidh-coig.nix | 12 +- hosts/paidh-dha.nix | 8 +- hosts/paidh-tri.nix | 17 +- hosts/paidh-uachdar.nix | 15 +- hosts/sithlainnir.nix | 8 +- hosts/teintidh.nix | 8 +- images/sd-image_paidh-aarch64.nix | 17 +- images/sd-image_paidh-aon.nix | 7 +- images/sd-image_paidh-armv7.nix | 17 +- images/sd-image_paidh-ceithir.nix | 7 +- images/sd-image_paidh-coig.nix | 7 +- images/sd-image_paidh-dha.nix | 7 +- images/sd-image_paidh-tri.nix | 7 +- images/usb-yubikey.nix | 21 +- networks/linode-common.nix | 21 +- networks/linode-encrypted.nix | 10 +- networks/linode.nix | 10 +- networks/pi2B_rack.nix | 5 +- networks/pi3B_rack.nix | 9 +- nix/default.nix | 26 +- nix/sources.nix | 146 ++--- nixops.nix | 16 +- overlays/nixUnstable.nix | 10 +- overlays/qemu/default.nix | 21 +- overlays/qemu/qemu/default.nix | 86 +-- overlays/vim-cue.nix | 21 +- profiles/android.nix | 11 +- profiles/bash.nix | 7 +- profiles/cardano-node.nix | 46 +- profiles/chrony.nix | 9 +- profiles/coturn.nix | 32 +- profiles/craige4rocky.nix | 25 +- profiles/cron-craige.nix | 9 +- profiles/cryptpad.nix | 26 +- profiles/cyclone-ibis.nix | 25 +- profiles/daedalus.nix | 16 +- profiles/desktop-feeds.nix | 10 +- profiles/desktopCraige.nix | 7 +- profiles/desktopFiona.nix | 7 +- profiles/desktop_common.nix | 20 +- profiles/ebooks.nix | 11 +- profiles/emacs.nix | 50 +- profiles/games-kids.nix | 16 +- profiles/gitea_home.nix | 20 +- profiles/grafana.nix | 30 +- profiles/haskell-dev.nix | 9 +- profiles/host_common.nix | 29 +- profiles/hydra-dev.nix | 25 +- profiles/hydra-fork.nix | 12 +- profiles/hydra.nix | 59 +- profiles/iohk.nix | 19 +- profiles/jormungandr-stake.nix | 22 +- profiles/jormungandr.nix | 11 +- profiles/keyboard.nix | 16 +- profiles/kids-dev.nix | 16 +- profiles/logrotate.nix | 7 +- profiles/matrix.nix | 62 +- profiles/mcwhirter.io.nix | 25 +- profiles/minecraftServer.nix | 19 +- profiles/monitoring.nix | 18 +- profiles/neomutt.nix | 9 +- profiles/nextcloud.nix | 66 +-- profiles/nix-community.nix | 19 +- profiles/nix-direnv.nix | 14 +- profiles/nix-mio-ops.nix | 19 +- profiles/nixpkgs-dev.nix | 14 +- profiles/openssh.nix | 20 +- profiles/pi_common.nix | 20 +- profiles/picom.nix | 10 +- profiles/powerManagement.nix | 9 +- profiles/prometheus.nix | 281 +++++---- profiles/qemu.nix | 46 +- profiles/retro-gaming.nix | 8 +- profiles/server_common.nix | 10 +- profiles/spotify.nix | 20 +- profiles/starship.nix | 11 +- profiles/sway.nix | 9 +- profiles/taskserver.nix | 22 +- profiles/terminal-recording.nix | 10 +- profiles/tmux.nix | 12 +- profiles/tor-client.nix | 14 +- profiles/transmission.nix | 14 +- profiles/tt-rss.nix | 42 +- profiles/typingTutor.nix | 7 +- profiles/vim.nix | 534 +++++++++--------- profiles/weechat.nix | 12 +- profiles/wine.nix | 6 +- profiles/xmonad.nix | 48 +- profiles/yubikey.nix | 12 +- profiles/zsh.nix | 14 +- 117 files changed, 1640 insertions(+), 1568 deletions(-) diff --git a/globals-defaults.nix b/globals-defaults.nix index ffcd441..0967ef4 100644 --- a/globals-defaults.nix +++ b/globals-defaults.nix @@ -1 +1 @@ -{ } +{} diff --git a/globals.nix b/globals.nix index 369c5ed..ace84e5 100644 --- a/globals.nix +++ b/globals.nix @@ -1,11 +1,11 @@ self: super: { - globals = import ./globals-defaults.nix // rec { + globals = + import ./globals-defaults.nix + // rec { + deploymentName = "mio-ops"; - deploymentName = "mio-ops"; + domain = "mcwhirter.io"; - domain = "mcwhirter.io"; - - environment = "${deploymentName}"; - - }; + environment = "${deploymentName}"; + }; } diff --git a/hardware/eeepc701.nix b/hardware/eeepc701.nix index 0e0691b..4499bee 100644 --- a/hardware/eeepc701.nix +++ b/hardware/eeepc701.nix @@ -1,8 +1,10 @@ # Hardware configuration file common to ASUS 701 EeePC4G-BK004 - -{ config, lib, pkgs, ... }: - { + config, + lib, + pkgs, + ... +}: { imports = [ ../profiles/host_common.nix @@ -33,14 +35,18 @@ config = { allowUnfree = true; packageOverrides = pkgs: { - stdenv = pkgs.stdenv // { - platform = pkgs.stdenv.platform // { - kernelExtraConfig = '' - HIGHMEM64G? n # 32-bit proc with > 4G RAM - HIGHMEM4G y # 32-bit proc with =< 4G RAM - ''; + stdenv = + pkgs.stdenv + // { + platform = + pkgs.stdenv.platform + // { + kernelExtraConfig = '' + HIGHMEM64G? n # 32-bit proc with > 4G RAM + HIGHMEM4G y # 32-bit proc with =< 4G RAM + ''; + }; }; - }; }; }; localSystem = { @@ -55,7 +61,7 @@ fsType = "ext4"; }; - swapDevices = [{ device = "/dev/disk/by-label/swap"; }]; + swapDevices = [{device = "/dev/disk/by-label/swap";}]; networking.wireless.enable = true; # Enable wireless via wpa_supplicant. nix.maxJobs = lib.mkDefault 1; diff --git a/hardware/lenovo_x201.nix b/hardware/lenovo_x201.nix index bb65f2c..568634e 100644 --- a/hardware/lenovo_x201.nix +++ b/hardware/lenovo_x201.nix @@ -1,24 +1,25 @@ # Hardware configuration file common to all Lenovo x201 devices - -{ config, lib, pkgs, ... }: - { - imports = [ ]; + config, + lib, + pkgs, + ... +}: { + imports = []; - boot.initrd.availableKernelModules = - [ "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; + boot.initrd.availableKernelModules = ["ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; }; - swapDevices = [{ device = "/dev/disk/by-label/swap"; }]; + swapDevices = [{device = "/dev/disk/by-label/swap";}]; - hardware.opengl.extraPackages = with pkgs; [ vaapiIntel ]; + hardware.opengl.extraPackages = with pkgs; [vaapiIntel]; nix.maxJobs = lib.mkDefault 4; services.thinkfan = { diff --git a/hardware/linode_vm-encrypted.nix b/hardware/linode_vm-encrypted.nix index e032856..59ca698 100644 --- a/hardware/linode_vm-encrypted.nix +++ b/hardware/linode_vm-encrypted.nix @@ -1,18 +1,20 @@ # Configuration common to all my encrypted Linode VMs - -{ config, pkgs, lib, ... }: - { + config, + pkgs, + lib, + ... +}: { imports = [ # Import the NixOS Qemu guest settings ]; boot = { - extraModulePackages = [ ]; + extraModulePackages = []; initrd = { - availableKernelModules = [ "virtio_pci" "ahci" "sd_mod" ]; - kernelModules = [ "dm-snapshot" ]; + availableKernelModules = ["virtio_pci" "ahci" "sd_mod"]; + kernelModules = ["dm-snapshot"]; luks = { devices = { root = { @@ -22,8 +24,8 @@ }; }; }; - kernelModules = [ ]; - kernelParams = [ "console=ttyS0,19200n8" ]; + kernelModules = []; + kernelParams = ["console=ttyS0,19200n8"]; loader = { grub = { forceInstall = true; @@ -46,7 +48,7 @@ fsType = "ext4"; }; - swapDevices = [{ device = "/dev/disk/by-label/swap"; }]; + swapDevices = [{device = "/dev/disk/by-label/swap";}]; nix.maxJobs = lib.mkDefault 8; } diff --git a/hardware/linode_vm.nix b/hardware/linode_vm.nix index 377f75e..f8eb01e 100644 --- a/hardware/linode_vm.nix +++ b/hardware/linode_vm.nix @@ -1,18 +1,20 @@ # Configuration common to all my Linode VMs - -{ config, pkgs, lib, ... }: - { + config, + pkgs, + lib, + ... +}: { imports = [ # Import the NixOS Qemu guest settings ]; - boot.initrd.availableKernelModules = [ "virtio_pci" "ahci" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ ]; - boot.extraModulePackages = [ ]; - boot.kernelParams = [ "console=ttyS0,19200n8" ]; + boot.initrd.availableKernelModules = ["virtio_pci" "ahci" "sd_mod"]; + boot.initrd.kernelModules = []; + boot.kernelModules = []; + boot.extraModulePackages = []; + boot.kernelParams = ["console=ttyS0,19200n8"]; boot.loader = { grub = { extraConfig = '' @@ -31,7 +33,7 @@ fsType = "ext4"; }; - swapDevices = [{ device = "/dev/sdb"; }]; + swapDevices = [{device = "/dev/sdb";}]; nix.maxJobs = lib.mkDefault 4; } diff --git a/hardware/odroid-hc4/default.nix b/hardware/odroid-hc4/default.nix index c6a9b3b..2120633 100644 --- a/hardware/odroid-hc4/default.nix +++ b/hardware/odroid-hc4/default.nix @@ -1,11 +1,13 @@ -{ config, lib, modulesPath, pkgs, ... }: - -with lib; - -let +{ + config, + lib, + modulesPath, + pkgs, + ... +}: +with lib; let sources = import ../../nix/sources.nix; - unstable = import sources.nixpkgsUnstable { }; - + unstable = import sources.nixpkgsUnstable {}; in { imports = [ "${modulesPath}/profiles/base.nix" @@ -17,7 +19,7 @@ in { # The linux kernel used is compiled from the Hardkernel fork of # torvalds/linux boot = { - initrd.availableKernelModules = mkForce [ ]; + initrd.availableKernelModules = mkForce []; kernelPackages = pkgs.linuxPackagesFor pkgs.linux_hardkernel; # Bootloader (use Hardkernel fork of Das U-Boot) loader = { diff --git a/hardware/odroid-hc4/modules/sd-image/default.nix b/hardware/odroid-hc4/modules/sd-image/default.nix index 7a6c7e5..0de71f3 100644 --- a/hardware/odroid-hc4/modules/sd-image/default.nix +++ b/hardware/odroid-hc4/modules/sd-image/default.nix @@ -1,4 +1,10 @@ -{ pkgs, lib, config, modulesPath, ... }: { +{ + pkgs, + lib, + config, + modulesPath, + ... +}: { imports = [ "${modulesPath}/installer/sd-card/sd-image.nix" # should we include this module or should we treat the SD @@ -11,14 +17,14 @@ nixpkgs.overlays = [ (final: prev: { - smartmontools = prev.smartmontools.override { enableMail = false; }; + smartmontools = prev.smartmontools.override {enableMail = false;}; }) ]; # Remove zfs from supported filesystems as it fails when cross-compiling due # to not being able to build kernel module boot.supportedFilesystems = - lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; + lib.mkForce ["btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs"]; sdImage = { compressImage = false; diff --git a/hardware/odroid-hc4/overlays/kernel/kernel.nix b/hardware/odroid-hc4/overlays/kernel/kernel.nix index e2aef92..b557fb8 100644 --- a/hardware/odroid-hc4/overlays/kernel/kernel.nix +++ b/hardware/odroid-hc4/overlays/kernel/kernel.nix @@ -1,7 +1,16 @@ -{ stdenv, buildPackages, fetchFromGitHub, perl, buildLinux, libelf, utillinux -, lib, ... }@args: - -buildLinux (args // rec { +{ + stdenv, + buildPackages, + fetchFromGitHub, + perl, + buildLinux, + libelf, + utillinux, + lib, + ... +} @ args: +buildLinux (args +// rec { version = "4.9.241-107"; # modDirVersion needs to be x.y.z. @@ -25,6 +34,6 @@ buildLinux (args // rec { NR_CPUS = lib.mkForce (freeform "8"); }; - extraMeta.platforms = [ "aarch64-linux" ]; - -} // (args.argsOverride or { })) + extraMeta.platforms = ["aarch64-linux"]; +} +// (args.argsOverride or {})) diff --git a/hardware/odroid-hc4/overlays/uboot/blx_fix.nix b/hardware/odroid-hc4/overlays/uboot/blx_fix.nix index 8ed40d6..1cb9e3f 100644 --- a/hardware/odroid-hc4/overlays/uboot/blx_fix.nix +++ b/hardware/odroid-hc4/overlays/uboot/blx_fix.nix @@ -1,4 +1,4 @@ -{ writeShellScript }: +{writeShellScript}: writeShellScript "blx_fix" '' #bl2 file size 41K, bl21 file size 3K (file size not equal runtime size) #total 44K diff --git a/hardware/odroid-hc4/overlays/uboot/hardkernel.nix b/hardware/odroid-hc4/overlays/uboot/hardkernel.nix index 6fae66a..bd1aa30 100644 --- a/hardware/odroid-hc4/overlays/uboot/hardkernel.nix +++ b/hardware/odroid-hc4/overlays/uboot/hardkernel.nix @@ -1,16 +1,23 @@ -{ gcc49Stdenv, git, bc, bison, flex, nettools, buildPackages, arm-gcc49 }: - +{ + gcc49Stdenv, + git, + bc, + bison, + flex, + nettools, + buildPackages, + arm-gcc49, +}: gcc49Stdenv.mkDerivation { name = "hardkernel-uboot"; src = builtins.fetchTarball { - url = - "https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz"; + url = "https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz"; sha256 = "0hj49jf9w2w55r7fjpx8asb92r85lws8mvq4mvl1v309z7k56zwv"; }; - patches = [ ./pwd.diff ./fip_create.diff ]; - nativeBuildInputs = [ git gcc49Stdenv.cc bc bison flex nettools ]; - depsBuildBuild = [ arm-gcc49 buildPackages.gcc49Stdenv.cc ]; - makeFlags = [ "CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}" ]; + patches = [./pwd.diff ./fip_create.diff]; + nativeBuildInputs = [git gcc49Stdenv.cc bc bison flex nettools]; + depsBuildBuild = [arm-gcc49 buildPackages.gcc49Stdenv.cc]; + makeFlags = ["CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}"]; configurePhase = '' make odroidc4_defconfig ''; diff --git a/hardware/odroid-hc4/overlays/uboot/meson64-tools.nix b/hardware/odroid-hc4/overlays/uboot/meson64-tools.nix index 4344740..fad3e74 100644 --- a/hardware/odroid-hc4/overlays/uboot/meson64-tools.nix +++ b/hardware/odroid-hc4/overlays/uboot/meson64-tools.nix @@ -1,10 +1,13 @@ -{ stdenv, python2, python3 }: +{ + stdenv, + python2, + python3, +}: stdenv.mkDerivation { name = "meson64-tools"; - nativeBuildInputs = [ python2 python3 ]; + nativeBuildInputs = [python2 python3]; src = builtins.fetchTarball { - url = - "https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz"; + url = "https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz"; sha256 = "1487cr7sv34yry8f0chaj6s2g3736dzq0aqw239ahdy30yg7hb2v"; }; @@ -12,5 +15,5 @@ stdenv.mkDerivation { patchShebangs . patchShebangs ./mbedtls/scripts/generate_psa_constants.py ''; - makeFlags = [ "PREFIX=$(out)/bin" ]; + makeFlags = ["PREFIX=$(out)/bin"]; } diff --git a/hardware/odroid-hc4/overlays/uboot/overlay.nix b/hardware/odroid-hc4/overlays/uboot/overlay.nix index e4b92a4..54cb9be 100644 --- a/hardware/odroid-hc4/overlays/uboot/overlay.nix +++ b/hardware/odroid-hc4/overlays/uboot/overlay.nix @@ -1,22 +1,25 @@ -final: prev: -let - platform = final.lib.systems.examples.aarch64-multiplatform // { - gcc = { arch = "armv8-a+crypto"; }; - }; +final: prev: let + platform = + final.lib.systems.examples.aarch64-multiplatform + // { + gcc = {arch = "armv8-a+crypto";}; + }; arm64 = final.pkgsCross.aarch64-embedded; arm = final.pkgsCross.arm-embedded; uboot-hardkernel = - arm64.callPackage ./hardkernel.nix { arm-gcc49 = arm.buildPackages.gcc49; }; - with-crypto = import final.path { crossSystem = platform; }; - meson64-tools = with-crypto.buildPackages.callPackage ./meson64-tools.nix { }; - blx_fix = arm64.buildPackages.callPackage ./blx_fix.nix { }; + arm64.callPackage ./hardkernel.nix {arm-gcc49 = arm.buildPackages.gcc49;}; + with-crypto = import final.path {crossSystem = platform;}; + meson64-tools = with-crypto.buildPackages.callPackage ./meson64-tools.nix {}; + blx_fix = arm64.buildPackages.callPackage ./blx_fix.nix {}; uboot = arm64.callPackage ./u-boot.nix { inherit uboot-hardkernel meson64-tools blx_fix; }; in { uboot-hardkernel = uboot; ubootTools-hardkernel = final.buildPackages.ubootTools; - buildPackages = prev.buildPackages // { - ubootTools-hardkernel = final.buildPackages.buildPackages.ubootTools; - }; + buildPackages = + prev.buildPackages + // { + ubootTools-hardkernel = final.buildPackages.buildPackages.ubootTools; + }; } diff --git a/hardware/odroid-hc4/overlays/uboot/u-boot.nix b/hardware/odroid-hc4/overlays/uboot/u-boot.nix index 30cbd70..fb51839 100644 --- a/hardware/odroid-hc4/overlays/uboot/u-boot.nix +++ b/hardware/odroid-hc4/overlays/uboot/u-boot.nix @@ -1,79 +1,89 @@ -{ stdenv, git, bc, bison, flex, nettools, openssl, buildPackages -, uboot-hardkernel, meson64-tools, blx_fix }: -let -in stdenv.mkDerivation { - name = "uboot"; - src = builtins.fetchTarball { - url = - "https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz"; - sha256 = "1ardkap35pi2dsajag728fnvlvpfmdrsa0igj93wbkbf2ypzzhf6"; - }; - CROSS_COMPILE = stdenv.cc.targetPrefix; - configurePhase = '' - make odroid-c4_defconfig - ''; - buildPhase = '' - make - ''; - installPhase = '' - mkdir fip - cp ${uboot-hardkernel}/fip/* fip/ - cp u-boot.bin fip/bl33.bin - ${blx_fix} \ - fip/bl30.bin \ - fip/zero_tmp \ - fip/bl30_zero.bin \ - fip/bl301.bin \ - fip/bl301_zero.bin \ - fip/bl30_new.bin \ - bl30 +{ + stdenv, + git, + bc, + bison, + flex, + nettools, + openssl, + buildPackages, + uboot-hardkernel, + meson64-tools, + blx_fix, +}: let +in + stdenv.mkDerivation { + name = "uboot"; + src = builtins.fetchTarball { + url = "https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz"; + sha256 = "1ardkap35pi2dsajag728fnvlvpfmdrsa0igj93wbkbf2ypzzhf6"; + }; + CROSS_COMPILE = stdenv.cc.targetPrefix; + configurePhase = '' + make odroid-c4_defconfig + ''; + buildPhase = '' + make + ''; + installPhase = '' + mkdir fip + cp ${uboot-hardkernel}/fip/* fip/ + cp u-boot.bin fip/bl33.bin + ${blx_fix} \ + fip/bl30.bin \ + fip/zero_tmp \ + fip/bl30_zero.bin \ + fip/bl301.bin \ + fip/bl301_zero.bin \ + fip/bl30_new.bin \ + bl30 - ${blx_fix} \ - fip/bl2.bin \ - fip/zero_tmp \ - fip/bl2_zero.bin \ - fip/acs.bin \ - fip/bl21_zero.bin \ - fip/bl2_new.bin \ - bl2 + ${blx_fix} \ + fip/bl2.bin \ + fip/zero_tmp \ + fip/bl2_zero.bin \ + fip/acs.bin \ + fip/bl21_zero.bin \ + fip/bl2_new.bin \ + bl2 - ${meson64-tools}/bin/bl30sig \ - --input fip/bl30_new.bin \ - --output fip/bl30_new.bin.g12a.enc \ - --level v3 - ${meson64-tools}/bin/bl3sig \ - --input fip/bl30_new.bin.g12a.enc \ - --output fip/bl30_new.bin.enc \ - --level v3 --type bl30 - ${meson64-tools}/bin/bl3sig \ - --input fip/bl31.img \ - --output fip/bl31.img.enc \ - --level v3 --type bl31 - ${meson64-tools}/bin/bl3sig \ - --input fip/bl33.bin --compress lz4 \ - --output fip/bl33.bin.enc \ - --level v3 --type bl33 --compress lz4 - ${meson64-tools}/bin/bl2sig \ - --input fip/bl2_new.bin \ - --output fip/bl2.n.bin.sig - ${meson64-tools}/bin/bootmk \ - --output $out \ - --bl2 fip/bl2.n.bin.sig \ - --bl30 fip/bl30_new.bin.enc \ - --bl31 fip/bl31.img.enc \ - --bl33 fip/bl33.bin.enc \ - --ddrfw1 fip/ddr4_1d.fw \ - --ddrfw2 fip/ddr4_2d.fw \ - --ddrfw3 fip/ddr3_1d.fw \ - --ddrfw4 fip/piei.fw \ - --ddrfw5 fip/lpddr4_1d.fw \ - --ddrfw6 fip/lpddr4_2d.fw \ - --ddrfw7 fip/diag_lpddr4.fw \ - --ddrfw8 fip/aml_ddr.fw \ - --ddrfw9 fip/lpddr3_1d.fw \ - --level v3 - ''; - nativeBuildInputs = [ git bc bison flex nettools ]; + ${meson64-tools}/bin/bl30sig \ + --input fip/bl30_new.bin \ + --output fip/bl30_new.bin.g12a.enc \ + --level v3 + ${meson64-tools}/bin/bl3sig \ + --input fip/bl30_new.bin.g12a.enc \ + --output fip/bl30_new.bin.enc \ + --level v3 --type bl30 + ${meson64-tools}/bin/bl3sig \ + --input fip/bl31.img \ + --output fip/bl31.img.enc \ + --level v3 --type bl31 + ${meson64-tools}/bin/bl3sig \ + --input fip/bl33.bin --compress lz4 \ + --output fip/bl33.bin.enc \ + --level v3 --type bl33 --compress lz4 + ${meson64-tools}/bin/bl2sig \ + --input fip/bl2_new.bin \ + --output fip/bl2.n.bin.sig + ${meson64-tools}/bin/bootmk \ + --output $out \ + --bl2 fip/bl2.n.bin.sig \ + --bl30 fip/bl30_new.bin.enc \ + --bl31 fip/bl31.img.enc \ + --bl33 fip/bl33.bin.enc \ + --ddrfw1 fip/ddr4_1d.fw \ + --ddrfw2 fip/ddr4_2d.fw \ + --ddrfw3 fip/ddr3_1d.fw \ + --ddrfw4 fip/piei.fw \ + --ddrfw5 fip/lpddr4_1d.fw \ + --ddrfw6 fip/lpddr4_2d.fw \ + --ddrfw7 fip/diag_lpddr4.fw \ + --ddrfw8 fip/aml_ddr.fw \ + --ddrfw9 fip/lpddr3_1d.fw \ + --level v3 + ''; + nativeBuildInputs = [git bc bison flex nettools]; - depsBuildBuild = [ buildPackages.stdenv.cc buildPackages.openssl.dev ]; -} + depsBuildBuild = [buildPackages.stdenv.cc buildPackages.openssl.dev]; + } diff --git a/hardware/odroid-hc4/uboot/boot-ini-builder.nix b/hardware/odroid-hc4/uboot/boot-ini-builder.nix index 4d6d407..823abc1 100644 --- a/hardware/odroid-hc4/uboot/boot-ini-builder.nix +++ b/hardware/odroid-hc4/uboot/boot-ini-builder.nix @@ -1,5 +1,4 @@ -{ pkgs }: - +{pkgs}: pkgs.substituteAll { src = ./boot-ini-builder.sh; isExecutable = true; diff --git a/hardware/odroid-hc4/uboot/hardkernel-uboot.nix b/hardware/odroid-hc4/uboot/hardkernel-uboot.nix index 982b390..85c03f5 100644 --- a/hardware/odroid-hc4/uboot/hardkernel-uboot.nix +++ b/hardware/odroid-hc4/uboot/hardkernel-uboot.nix @@ -1,18 +1,24 @@ -{ config, lib, pkgs, ... }: - -with lib; -let +{ + config, + lib, + pkgs, + ... +}: +with lib; let blCfg = config.boot.loader; dtCfg = config.hardware.deviceTree; cfg = blCfg.hardkernel-uboot; - timeoutStr = if blCfg.timeout == null then "-1" else toString blCfg.timeout; + timeoutStr = + if blCfg.timeout == null + then "-1" + else toString blCfg.timeout; # The builder used to write during system activation - builder = import ./boot-ini-builder.nix { inherit pkgs; }; + builder = import ./boot-ini-builder.nix {inherit pkgs;}; # The builder exposed in populateCmd, which runs on the build architecture populateBuilder = - import ./boot-ini-builder.nix { pkgs = pkgs.buildPackages; }; + import ./boot-ini-builder.nix {pkgs = pkgs.buildPackages;}; in { options = { boot.loader.hardkernel-uboot = { @@ -38,17 +44,17 @@ in { Useful to have for sdImage.populateRootCommands ''; }; - }; }; config = let - builderArgs = "-t ${timeoutStr}" + builderArgs = + "-t ${timeoutStr}" + lib.optionalString (dtCfg.name != null) " -n ${dtCfg.name}"; - in mkIf cfg.enable { - system.build.installBootLoader = "${builder} ${builderArgs} -c"; - system.boot.loader.id = "hardkernel-uboot"; - boot.loader.hardkernel-uboot.populateCmd = - "${populateBuilder} ${builderArgs}"; - }; + in + mkIf cfg.enable { + system.build.installBootLoader = "${builder} ${builderArgs} -c"; + system.boot.loader.id = "hardkernel-uboot"; + boot.loader.hardkernel-uboot.populateCmd = "${populateBuilder} ${builderArgs}"; + }; } diff --git a/hardware/purism_librem_15.nix b/hardware/purism_librem_15.nix index 7cd035b..c76147e 100644 --- a/hardware/purism_librem_15.nix +++ b/hardware/purism_librem_15.nix @@ -1,9 +1,11 @@ # Hardware configuration file common to all Purism Librem 15 ver 3 TPM devices - -{ config, lib, pkgs, ... }: - { - imports = [ ]; + config, + lib, + pkgs, + ... +}: { + imports = []; boot = { initrd = { @@ -17,11 +19,10 @@ "aesni_intel" # AES-NI + SSE2 implementation of AEGIS-128 "cryptd" # Software async crypto daemon ]; - kernelModules = [ "dm-snapshot" ]; - luks.devices."cryptroot".device = - "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4"; + kernelModules = ["dm-snapshot"]; + luks.devices."cryptroot".device = "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4"; }; - kernelModules = [ "kvm-intel" ]; # Enable kvm for libvirtd + kernelModules = ["kvm-intel"]; # Enable kvm for libvirtd }; fileSystems."/" = { @@ -34,8 +35,7 @@ fsType = "ext4"; }; - swapDevices = - [{ device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e"; }]; + swapDevices = [{device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e";}]; nix.maxJobs = lib.mkDefault 4; } diff --git a/hardware/raspberry_pi_2_model_B.nix b/hardware/raspberry_pi_2_model_B.nix index 56d7b9e..f3ed8c3 100644 --- a/hardware/raspberry_pi_2_model_B.nix +++ b/hardware/raspberry_pi_2_model_B.nix @@ -1,9 +1,10 @@ # Configuration common to all Raspberry Pi 2 Model B devices - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { boot = { consoleLogLevel = lib.mkDefault 7; initrd = { @@ -50,7 +51,7 @@ # Alternatively, this could be removed from the configuration. # The filesystem is not needed at runtime, it could be treated # as an opaque blob instead of a discrete FAT32 filesystem. - options = [ "nofail" "noauto" ]; + options = ["nofail" "noauto"]; }; "/var" = { device = "/dev/disk/by-label/var"; @@ -59,10 +60,12 @@ }; # !!! Adding a swap file is optional, but strongly recommended! - swapDevices = [{ - device = "/swapfile"; - size = 1024; - }]; + swapDevices = [ + { + device = "/swapfile"; + size = 1024; + } + ]; hardware = { enableRedistributableFirmware = true; # Enable support for Pi firmware blobs @@ -74,9 +77,7 @@ sound.enable = false; # Disable sound. - environment.systemPackages = with pkgs; - [ - libraspberrypi # Userland tools for the Raspberry Pi board - ]; - + environment.systemPackages = with pkgs; [ + libraspberrypi # Userland tools for the Raspberry Pi board + ]; } diff --git a/hardware/raspberry_pi_3_model_B.nix b/hardware/raspberry_pi_3_model_B.nix index 498f87d..a0b8ff6 100644 --- a/hardware/raspberry_pi_3_model_B.nix +++ b/hardware/raspberry_pi_3_model_B.nix @@ -1,9 +1,10 @@ # Configuration common to all Raspberry Pi 3 Model B devices - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { boot = { initrd = { availableKernelModules = [ @@ -53,7 +54,7 @@ # Alternatively, this could be removed from the configuration. # The filesystem is not needed at runtime, it could be treated # as an opaque blob instead of a discrete FAT32 filesystem. - options = [ "nofail" "noauto" ]; + options = ["nofail" "noauto"]; }; #"/var" = { # device = "/dev/disk/by-label/var"; @@ -62,10 +63,12 @@ }; # !!! Adding a swap file is optional, but strongly recommended! - swapDevices = [{ - device = "/swapfile"; - size = 1024; - }]; + swapDevices = [ + { + device = "/swapfile"; + size = 1024; + } + ]; hardware = { enableRedistributableFirmware = true; # Enable support for Pi firmware blobs @@ -75,9 +78,7 @@ enableB43Firmware = false; # If true, enable Pi wireless firmware }; - environment.systemPackages = with pkgs; - [ - libraspberrypi # Userland tools for the Raspberry Pi board - ]; - + environment.systemPackages = with pkgs; [ + libraspberrypi # Userland tools for the Raspberry Pi board + ]; } diff --git a/hosts/airgead.nix b/hosts/airgead.nix index d2aaa74..9f6ebd3 100644 --- a/hosts/airgead.nix +++ b/hosts/airgead.nix @@ -1,9 +1,10 @@ # NixOps configuration for airgead - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { imports = [ ../networks/linode.nix ../profiles/cardano-node.nix diff --git a/hosts/ceilidh.nix b/hosts/ceilidh.nix index 052d530..93ad9fb 100644 --- a/hosts/ceilidh.nix +++ b/hosts/ceilidh.nix @@ -1,12 +1,14 @@ -# NixOps configuration for pàidh-tri - -{ config, pkgs, lib, ... }: - +# NixOps configuration for ceilidh { - imports = [ ../hardware/odroid-hc4 ]; + config, + pkgs, + lib, + ... +}: { + imports = [../hardware/odroid-hc4]; # Comment out deployment when building the SD Image. - deployment.targetHost = "10.42.0.121"; + deployment.targetHost = "10.42.0.108"; networking.hostName = "ceilidh"; # Define your hostname. # Ensure the right package architecture is used @@ -21,10 +23,9 @@ }; }; - environment.systemPackages = with pkgs; - [ - gnupg # GPL OpenPGP implementation - ]; + environment.systemPackages = with pkgs; [ + gnupg # GPL OpenPGP implementation + ]; system.stateVersion = "21.05"; # The version of NixOS originally installed } diff --git a/hosts/cuallaidh.nix b/hosts/cuallaidh.nix index b27e36c..ffc7d31 100644 --- a/hosts/cuallaidh.nix +++ b/hosts/cuallaidh.nix @@ -1,9 +1,10 @@ # NixOps configuration for cuallaidh - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { imports = [ ../networks/linode.nix ../profiles/coturn.nix @@ -11,6 +12,8 @@ ../profiles/gitea.nix #../profiles/hydra.nix ../profiles/iohk.nix + ../profiles/ipv6.nix + ../profiles/mastodon.nix ../profiles/matrix.nix ../profiles/mcwhirter.io.nix ../profiles/minecraftServer.nix @@ -26,6 +29,12 @@ deployment.targetHost = "172.105.171.16"; networking.hostName = "cuallaidh"; # Define your hostname. + networking.interfaces.eth0.ipv6.addresses = [ + { + address = "2400:8907::f03c:92ff:fe08:f1d4"; + prefixLength = 64; + } + ]; system.stateVersion = "19.03"; # The version of NixOS originally installed } diff --git a/hosts/dhu.nix b/hosts/dhu.nix index c993f54..5109590 100644 --- a/hosts/dhu.nix +++ b/hosts/dhu.nix @@ -1,8 +1,9 @@ # Configuration for an ASUS ASUS 701 EeePC4G-BK004 - -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { imports = [ ../hardware/eeepc701.nix # Include common configuration options ../secrets/wireless.nix @@ -13,5 +14,4 @@ networking.hostName = "dhu"; # Define your hostname. system.stateVersion = "20.09"; # The version of NixOS originally installed - } diff --git a/hosts/dionach.nix b/hosts/dionach.nix index 829f839..ef89e91 100644 --- a/hosts/dionach.nix +++ b/hosts/dionach.nix @@ -1,9 +1,9 @@ # NixOps configuration for dionach - -{ config, pkgs, ... }: - { - + config, + pkgs, + ... +}: { imports = [ ../hardware/purism_librem_15.nix # Include results of the hardware scan. ../profiles/android.nix # Provide an Android dev environment @@ -14,6 +14,7 @@ ../profiles/haskell-dev.nix # Haskell dev environment ../profiles/host_common.nix # Common host configuration options ../profiles/iohk.nix # IOHK environment + ../profiles/kde.nix # kdeenvironment ../profiles/keyboard.nix ../profiles/neomutt.nix # Neomutt email ../profiles/nix-community.nix # Nix community aarch64 tooling @@ -35,7 +36,7 @@ nixpkgs.config = { allowUnfree = true; - permittedInsecurePackages = [ "openssl-1.0.2u" "minecraft" ]; + permittedInsecurePackages = ["openssl-1.0.2u" "minecraft"]; }; # Use the GRUB 2 boot loader. @@ -153,7 +154,7 @@ ]; environment.variables = { - GIO_EXTRA_MODULES = [ "${pkgs.gvfs}/lib/gio/modules" ]; + GIO_EXTRA_MODULES = ["${pkgs.gvfs}/lib/gio/modules"]; }; services.acpid.enable = true; @@ -165,7 +166,7 @@ networking.firewall = { enable = true; checkReversePath = false; # Needed for libvirtd - allowedTCPPorts = [ 15000 ]; + allowedTCPPorts = [15000]; }; # Virtualisation configuration: @@ -193,13 +194,13 @@ pulseaudio = { enable = true; systemWide = false; - extraModules = [ pkgs.pulseaudio-modules-bt ]; + extraModules = [pkgs.pulseaudio-modules-bt]; package = pkgs.pulseaudioFull; }; bluetooth = { enable = true; hsphfpd.enable = true; - settings = { Policy = { AutoEnable = "true"; }; }; + settings = {Policy = {AutoEnable = "true";};}; }; opengl.enable = true; }; @@ -212,12 +213,11 @@ TCPKeepAlive no ''; - users.groups = { lp.members = [ "messagebus" ]; }; + users.groups = {lp.members = ["messagebus"];}; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. system.stateVersion = "20.03"; # Did you read the comment? - } diff --git a/hosts/iolear-beag.nix b/hosts/iolear-beag.nix index 8f3cb82..5c424ce 100644 --- a/hosts/iolear-beag.nix +++ b/hosts/iolear-beag.nix @@ -1,8 +1,9 @@ # NixOS Configuration for a Lenovo x201 - -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { imports = [ ../hardware/lenovo_x201.nix ../profiles/desktop_common.nix @@ -18,5 +19,4 @@ networking.hostName = "iolear-beag"; # Define your hostname. system.stateVersion = "18.09"; # The version of NixOS originally installed - } diff --git a/hosts/paidh-aon.nix b/hosts/paidh-aon.nix index 79cce2f..0b7fb87 100644 --- a/hosts/paidh-aon.nix +++ b/hosts/paidh-aon.nix @@ -1,9 +1,11 @@ # NixOps configuration for pàidh-aon - -{ config, pkgs, lib, ... }: - { - imports = [ ../networks/pi2B_rack.nix ]; + config, + pkgs, + lib, + ... +}: { + imports = [../networks/pi2B_rack.nix]; # Comment out deployment when building the SD Image. #deployment.targetHost = "10.69.0.201"; diff --git a/hosts/paidh-ceithir.nix b/hosts/paidh-ceithir.nix index 5c7d2c0..6e6de30 100644 --- a/hosts/paidh-ceithir.nix +++ b/hosts/paidh-ceithir.nix @@ -1,15 +1,17 @@ # NixOps configuration for paidh-ceithir - -{ config, pkgs, lib, ... }: - { - imports = [ ../networks/pi3B_rack.nix ]; + config, + pkgs, + lib, + ... +}: { + imports = [../networks/pi3B_rack.nix]; # Comment out deployment when building the SD Image. deployment.targetHost = "10.42.0.204"; networking.hostName = "paidh-ceithir"; # Define your hostname. - environment.systemPackages = with pkgs; [ ]; + environment.systemPackages = with pkgs; []; system.stateVersion = "20.09"; # The version of NixOS originally installed } diff --git a/hosts/paidh-coig.nix b/hosts/paidh-coig.nix index 3d7f648..023f847 100644 --- a/hosts/paidh-coig.nix +++ b/hosts/paidh-coig.nix @@ -1,15 +1,17 @@ # NixOps configuration for paidh-coig - -{ config, pkgs, lib, ... }: - { - imports = [ ../networks/pi3B_rack.nix ]; + config, + pkgs, + lib, + ... +}: { + imports = [../networks/pi3B_rack.nix]; # Comment out deployment when building the SD Image. deployment.targetHost = "10.42.0.205"; networking.hostName = "paidh-coig"; # Define your hostname. - environment.systemPackages = with pkgs; [ ]; + environment.systemPackages = with pkgs; []; system.stateVersion = "20.09"; # The version of NixOS originally installed } diff --git a/hosts/paidh-dha.nix b/hosts/paidh-dha.nix index b2d7869..bbff36b 100644 --- a/hosts/paidh-dha.nix +++ b/hosts/paidh-dha.nix @@ -1,8 +1,10 @@ # NixOps configuration for pàidh-dha - -{ config, pkgs, lib, ... }: - { + config, + pkgs, + lib, + ... +}: { imports = [ ../networks/pi3B_rack.nix ../profiles/transmission.nix diff --git a/hosts/paidh-tri.nix b/hosts/paidh-tri.nix index dda3811..c114694 100644 --- a/hosts/paidh-tri.nix +++ b/hosts/paidh-tri.nix @@ -1,18 +1,19 @@ # NixOps configuration for pàidh-tri - -{ config, pkgs, lib, ... }: - { - imports = [ ../networks/pi3B_rack.nix ../profiles/cyclone-ibis.nix ]; + config, + pkgs, + lib, + ... +}: { + imports = [../networks/pi3B_rack.nix ../profiles/cyclone-ibis.nix]; # Comment out deployment when building the SD Image. deployment.targetHost = "10.42.0.203"; networking.hostName = "paidh-tri"; # Define your hostname. - environment.systemPackages = with pkgs; - [ - gnupg # GPL OpenPGP implementation - ]; + environment.systemPackages = with pkgs; [ + gnupg # GPL OpenPGP implementation + ]; system.stateVersion = "20.09"; # The version of NixOS originally installed } diff --git a/hosts/paidh-uachdar.nix b/hosts/paidh-uachdar.nix index 583aec1..b23fb7c 100644 --- a/hosts/paidh-uachdar.nix +++ b/hosts/paidh-uachdar.nix @@ -1,8 +1,10 @@ # NixOps configuration for pàidh-uachdar - -{ config, pkgs, lib, ... }: - { + config, + pkgs, + lib, + ... +}: { imports = [ ../hardware/raspberry_pi_3_model_B.nix ../profiles/host_common.nix @@ -34,10 +36,9 @@ nixos.enable = false; # Save some space by disabling the manual }; - environment.systemPackages = with pkgs; - [ - gnupg # GPL OpenPGP implementation - ]; + environment.systemPackages = with pkgs; [ + gnupg # GPL OpenPGP implementation + ]; system.stateVersion = "20.09"; # The version of NixOS originally installed } diff --git a/hosts/sithlainnir.nix b/hosts/sithlainnir.nix index 9ad2c00..84bb46c 100644 --- a/hosts/sithlainnir.nix +++ b/hosts/sithlainnir.nix @@ -1,8 +1,9 @@ # Configuration for sithlainnir, a Lenovo x201 - -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { imports = [ ../hardware/lenovo_x201.nix ../profiles/desktopFiona.nix @@ -18,5 +19,4 @@ networking.hostName = "sithlainnir"; # Define your hostname. system.stateVersion = "18.09"; # The version of NixOS originally installed - } diff --git a/hosts/teintidh.nix b/hosts/teintidh.nix index 02de9cc..ba45276 100644 --- a/hosts/teintidh.nix +++ b/hosts/teintidh.nix @@ -1,8 +1,9 @@ # Configuration for a Lenovo x201 - -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { imports = [ ../hardware/lenovo_x201.nix ../profiles/desktop_common.nix @@ -19,5 +20,4 @@ networking.hostName = "teintidh"; # Define your hostname. system.stateVersion = "18.09"; # The version of NixOS originally installed - } diff --git a/images/sd-image_paidh-aarch64.nix b/images/sd-image_paidh-aarch64.nix index 17eff34..1d63ef1 100644 --- a/images/sd-image_paidh-aarch64.nix +++ b/images/sd-image_paidh-aarch64.nix @@ -2,14 +2,16 @@ # # To build, use: # imports = [ ./sd-image_paidh-base ] - -{ config, lib, pkgs, ... }: - -let +{ + config, + lib, + pkgs, + ... +}: let extlinux-conf-builder = import - { - pkgs = pkgs.buildPackages; - }; + { + pkgs = pkgs.buildPackages; + }; in { imports = [ @@ -44,5 +46,4 @@ in { ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot ''; }; - } diff --git a/images/sd-image_paidh-aon.nix b/images/sd-image_paidh-aon.nix index 1937f51..3af7341 100644 --- a/images/sd-image_paidh-aon.nix +++ b/images/sd-image_paidh-aon.nix @@ -8,9 +8,6 @@ # An example of how to write the image to SD card: # # bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb - -{ ... }: { - - imports = [ ./sd-image_paidh-armv7.nix ../hosts/paidh-aon.nix ]; - +{...}: { + imports = [./sd-image_paidh-armv7.nix ../hosts/paidh-aon.nix]; } diff --git a/images/sd-image_paidh-armv7.nix b/images/sd-image_paidh-armv7.nix index 1a527fd..5c106cb 100644 --- a/images/sd-image_paidh-armv7.nix +++ b/images/sd-image_paidh-armv7.nix @@ -2,14 +2,16 @@ # # To build, use: # imports = [ ./sd-image_paidh-armv7.nix ] - -{ config, lib, pkgs, ... }: - -let +{ + config, + lib, + pkgs, + ... +}: let extlinux-conf-builder = import - { - pkgs = pkgs.buildPackages; - }; + { + pkgs = pkgs.buildPackages; + }; in { imports = [ @@ -42,5 +44,4 @@ in { ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot ''; }; - } diff --git a/images/sd-image_paidh-ceithir.nix b/images/sd-image_paidh-ceithir.nix index 2dc3e85..1be98f5 100644 --- a/images/sd-image_paidh-ceithir.nix +++ b/images/sd-image_paidh-ceithir.nix @@ -8,9 +8,6 @@ # An example of how to write the image to SD card: # # bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb - -{ ... }: { - - imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-ceithir.nix ]; - +{...}: { + imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-ceithir.nix]; } diff --git a/images/sd-image_paidh-coig.nix b/images/sd-image_paidh-coig.nix index 98a670e..7ef74f2 100644 --- a/images/sd-image_paidh-coig.nix +++ b/images/sd-image_paidh-coig.nix @@ -8,9 +8,6 @@ # An example of how to write the image to SD card: # # bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb - -{ ... }: { - - imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-coig.nix ]; - +{...}: { + imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-coig.nix]; } diff --git a/images/sd-image_paidh-dha.nix b/images/sd-image_paidh-dha.nix index 765dc2b..810d324 100644 --- a/images/sd-image_paidh-dha.nix +++ b/images/sd-image_paidh-dha.nix @@ -1,7 +1,4 @@ # SD image for paidh-dha - -{ ... }: { - - imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-dha.nix ]; - +{...}: { + imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-dha.nix]; } diff --git a/images/sd-image_paidh-tri.nix b/images/sd-image_paidh-tri.nix index 501188c..2e9b6b0 100644 --- a/images/sd-image_paidh-tri.nix +++ b/images/sd-image_paidh-tri.nix @@ -8,9 +8,6 @@ # An example of how to write the image to SD card: # # bzcat ./result/sd-image/nixos-sd-image-20.03.1577.74a80c5a9ab-aarch64-linux.img.bz2 | sudo dd of=/dev/sdb - -{ ... }: { - - imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-tri.nix ]; - +{...}: { + imports = [./sd-image_paidh-aarch64.nix ../hosts/paidh-tri.nix]; } diff --git a/images/usb-yubikey.nix b/images/usb-yubikey.nix index be265b1..ac74802 100644 --- a/images/usb-yubikey.nix +++ b/images/usb-yubikey.nix @@ -1,17 +1,17 @@ # Configuration for USB image for air gapped Yubikey machine # # Usage: nix-build -A iso images/usb-yubikey.nix - -{ nixpkgs ? , system ? "x86_64-linux" }: - -let - config = { pkgs, ... }: +{ + nixpkgs ? , + system ? "x86_64-linux", +}: let + config = {pkgs, ...}: with pkgs; { imports = [ ]; - boot.supportedFilesystems = [ "zfs" ]; - boot.kernelParams = [ "console=ttyS0,115200n8" ]; + boot.supportedFilesystems = ["zfs"]; + boot.kernelParams = ["console=ttyS0,115200n8"]; programs = { ssh.startAgent = false; gnupg.agent = { @@ -20,7 +20,7 @@ let }; }; services.pcscd.enable = true; - services.udev.packages = [ yubikey-personalization ]; + services.udev.packages = [yubikey-personalization]; environment.systemPackages = [ curl # Tool for transferring files with URL syntax gnupg # GNU Privacy Guard @@ -32,6 +32,5 @@ let #services.openssh.enable = false; }; evalNixos = configuration: - import { inherit system configuration; }; - -in { iso = (evalNixos config).config.system.build.isoImage; } + import {inherit system configuration;}; +in {iso = (evalNixos config).config.system.build.isoImage;} diff --git a/networks/linode-common.nix b/networks/linode-common.nix index 111dcf9..ef45d47 100644 --- a/networks/linode-common.nix +++ b/networks/linode-common.nix @@ -1,9 +1,11 @@ # NixOps configuration common to Linode VMs - -{ config, pkgs, lib, ... }: - { - imports = [ ../profiles/host_common.nix ../profiles/server_common.nix ]; + config, + pkgs, + lib, + ... +}: { + imports = [../profiles/host_common.nix ../profiles/server_common.nix]; # Ensure the right package architecture is used nixpkgs.localSystem = { @@ -12,7 +14,7 @@ }; # Tools that Linode support like to have install if you need them. - environment.systemPackages = with pkgs; [ inetutils mtr sysstat ]; + environment.systemPackages = with pkgs; [inetutils mtr sysstat]; # Configure firewall defaults: networking = { @@ -21,9 +23,14 @@ interfaces.eth0.useDHCP = true; firewall = { enable = true; - allowedTCPPorts = [ 80 443 ]; - trustedInterfaces = [ "lo" ]; + allowedTCPPorts = [80 443]; + trustedInterfaces = ["lo"]; }; }; + systemd.network.networks.eth0.ipv6SendRAConfig = { + EmitDNS = true; + Managed = true; + OtherInformation = true; + }; } diff --git a/networks/linode-encrypted.nix b/networks/linode-encrypted.nix index 49cb218..4cffe14 100644 --- a/networks/linode-encrypted.nix +++ b/networks/linode-encrypted.nix @@ -1,7 +1,9 @@ # NixOps configuration for the Linode VMs - -{ config, pkgs, lib, ... }: - { - imports = [ ../hardware/linode_vm-encrypted.nix ./linode-common.nix ]; + config, + pkgs, + lib, + ... +}: { + imports = [../hardware/linode_vm-encrypted.nix ./linode-common.nix]; } diff --git a/networks/linode.nix b/networks/linode.nix index 256f383..8584667 100644 --- a/networks/linode.nix +++ b/networks/linode.nix @@ -1,7 +1,9 @@ # NixOps configuration for the Linode VMs - -{ config, pkgs, lib, ... }: - { - imports = [ ../hardware/linode_vm.nix ./linode-common.nix ]; + config, + pkgs, + lib, + ... +}: { + imports = [../hardware/linode_vm.nix ./linode-common.nix]; } diff --git a/networks/pi2B_rack.nix b/networks/pi2B_rack.nix index c80c875..0689699 100644 --- a/networks/pi2B_rack.nix +++ b/networks/pi2B_rack.nix @@ -1,7 +1,5 @@ # NixOps configuration for the Raspberry Pi 2B Rack - { - imports = [ ../hardware/raspberry_pi_2_model_B.nix @@ -11,7 +9,7 @@ ]; # Ensure the right package architecture is used - nixpkgs.crossSystem = { system = "armv7l-linux"; }; + nixpkgs.crossSystem = {system = "armv7l-linux";}; networking.wireless.enable = false; # Toggles wireless support via wpa_supplicant. @@ -26,5 +24,4 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFq6/C6ZSM8nS091fqw/om9LRszHDmS82ZTL7+GaSBnz craige@paidh-tri" ]; }; - } diff --git a/networks/pi3B_rack.nix b/networks/pi3B_rack.nix index bc74580..5f14319 100644 --- a/networks/pi3B_rack.nix +++ b/networks/pi3B_rack.nix @@ -1,7 +1,5 @@ # NixOps configuration for the Raspberry Pi 3B Rack - { - imports = [ ../hardware/raspberry_pi_3_model_B.nix @@ -20,6 +18,12 @@ networking.wireless.enable = false; # Toggles wireless support via wpa_supplicant. + systemd.network.networks.eth0.ipv6SendRAConfig = { + EmitDNS = true; + Managed = true; + OtherInformation = true; + }; + documentation = { nixos.enable = false; # Save some space by disabling the manual }; @@ -30,5 +34,4 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFq6/C6ZSM8nS091fqw/om9LRszHDmS82ZTL7+GaSBnz craige@pi-tri" ]; }; - } diff --git a/nix/default.nix b/nix/default.nix index 0f9dca8..06583c2 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -1,22 +1,24 @@ -{ sources ? import ./sources.nix, system ? builtins.currentSystem -, crossSystem ? null, config ? { } }: - -let +{ + sources ? import ./sources.nix, + system ? builtins.currentSystem, + crossSystem ? null, + config ? {}, +}: let # our own overlays: - local-overlays = [ ]; + local-overlays = []; - globals = if builtins.pathExists ../globals.nix then - [ (import ../globals.nix) ] - else - builtins.trace "globals.nix missing, please add symlink" [ ]; + globals = + if builtins.pathExists ../globals.nix + then [(import ../globals.nix)] + else builtins.trace "globals.nix missing, please add symlink" []; # merge upstream sources with our own: upstream-overlays = [ (_: super: { - - sources = (super.sources or { }) // sources; + sources = (super.sources or {}) // sources; }) ]; overlays = local-overlays ++ globals ++ upstream-overlays; -in import sources.nixpkgs { inherit overlays system crossSystem config; } +in + import sources.nixpkgs {inherit overlays system crossSystem config;} diff --git a/nix/sources.nix b/nix/sources.nix index f69e4d9..fae06a4 100644 --- a/nix/sources.nix +++ b/nix/sources.nix @@ -1,22 +1,17 @@ # This file has been generated by Niv. - let - # # The fetchers. fetch_ fetches specs of type . # - fetch_file = pkgs: spec: - if spec.builtin or true then - builtins_fetchurl { inherit (spec) url sha256; } - else - pkgs.fetchurl { inherit (spec) url sha256; }; + if spec.builtin or true + then builtins_fetchurl {inherit (spec) url sha256;} + else pkgs.fetchurl {inherit (spec) url sha256;}; fetch_tarball = pkgs: spec: - if spec.builtin or true then - builtins_fetchTarball { inherit (spec) url sha256; } - else - pkgs.fetchzip { inherit (spec) url sha256; }; + if spec.builtin or true + then builtins_fetchTarball {inherit (spec) url sha256;} + else pkgs.fetchzip {inherit (spec) url sha256;}; fetch_git = spec: builtins.fetchGit { @@ -31,7 +26,8 @@ let instead use `builtin = true`. $ niv modify -a type=tarball -a builtin=true - '' builtins_fetchTarball { inherit (spec) url sha256; }; + '' + builtins_fetchTarball {inherit (spec) url sha256;}; fetch_builtin-url = spec: builtins.trace '' @@ -40,24 +36,24 @@ let instead use `builtin = true`. $ niv modify -a type=file -a builtin=true - '' (builtins_fetchurl { inherit (spec) url sha256; }); + '' (builtins_fetchurl {inherit (spec) url sha256;}); # # Various helpers # # The set of packages used when specs are fetched using non-builtins. - mkPkgs = sources: - let - sourcesNixpkgs = - import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) - { }; - hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; - hasThisAsNixpkgsPath = == ./.; - in if builtins.hasAttr "nixpkgs" sources then - sourcesNixpkgs - else if hasNixpkgsPath && !hasThisAsNixpkgsPath then - import { } + mkPkgs = sources: let + sourcesNixpkgs = + import (builtins_fetchTarball {inherit (sources.nixpkgs) url sha256;}) + {}; + hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; + hasThisAsNixpkgsPath = == ./.; + in + if builtins.hasAttr "nixpkgs" sources + then sourcesNixpkgs + else if hasNixpkgsPath && !hasThisAsNixpkgsPath + then import {} else abort '' Please specify either (through -I or NIX_PATH=nixpkgs=...) or @@ -66,19 +62,18 @@ let # The actual fetching function. fetch = pkgs: name: spec: - - if !builtins.hasAttr "type" spec then - abort "ERROR: niv spec ${name} does not have a 'type' attribute" - else if spec.type == "file" then - fetch_file pkgs spec - else if spec.type == "tarball" then - fetch_tarball pkgs spec - else if spec.type == "git" then - fetch_git spec - else if spec.type == "builtin-tarball" then - fetch_builtin-tarball spec - else if spec.type == "builtin-url" then - fetch_builtin-url spec + if !builtins.hasAttr "type" spec + then abort "ERROR: niv spec ${name} does not have a 'type' attribute" + else if spec.type == "file" + then fetch_file pkgs spec + else if spec.type == "tarball" + then fetch_tarball pkgs spec + else if spec.type == "git" + then fetch_git spec + else if spec.type == "builtin-tarball" + then fetch_builtin-tarball spec + else if spec.type == "builtin-url" + then fetch_builtin-url spec else abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; @@ -86,48 +81,61 @@ let # Ports of functions for older nix versions # a Nix version of mapAttrs if the built-in doesn't exist - mapAttrs = builtins.mapAttrs or (f: set: - with builtins; - listToAttrs (map (attr: { - name = attr; - value = f attr set.${attr}; - }) (attrNames set))); + mapAttrs = + builtins.mapAttrs + or (f: set: + with builtins; + listToAttrs (map (attr: { + name = attr; + value = f attr set.${attr}; + }) (attrNames set))); # fetchTarball version that is compatible between all the versions of Nix - builtins_fetchTarball = { url, sha256 }@attrs: - let inherit (builtins) lessThan nixVersion fetchTarball; - in if lessThan nixVersion "1.12" then - fetchTarball { inherit url; } - else - fetchTarball attrs; + builtins_fetchTarball = { + url, + sha256, + } @ attrs: let + inherit (builtins) lessThan nixVersion fetchTarball; + in + if lessThan nixVersion "1.12" + then fetchTarball {inherit url;} + else fetchTarball attrs; # fetchurl version that is compatible between all the versions of Nix - builtins_fetchurl = { url, sha256 }@attrs: - let inherit (builtins) lessThan nixVersion fetchurl; - in if lessThan nixVersion "1.12" then - fetchurl { inherit url; } - else - fetchurl attrs; + builtins_fetchurl = { + url, + sha256, + } @ attrs: let + inherit (builtins) lessThan nixVersion fetchurl; + in + if lessThan nixVersion "1.12" + then fetchurl {inherit url;} + else fetchurl attrs; # Create the final "sources" from the config mkSources = config: mapAttrs (name: spec: - if builtins.hasAttr "outPath" spec then + if builtins.hasAttr "outPath" spec + then abort "The values in sources.json should not have an 'outPath' attribute" - else - spec // { outPath = fetch config.pkgs name spec; }) config.sources; + else spec // {outPath = fetch config.pkgs name spec;}) + config.sources; # The "config" used by the fetchers - mkConfig = { sourcesFile ? ./sources.json - , sources ? builtins.fromJSON (builtins.readFile sourcesFile) - , pkgs ? mkPkgs sources }: rec { - # The sources, i.e. the attribute set of spec name to spec - inherit sources; + mkConfig = { + sourcesFile ? ./sources.json, + sources ? builtins.fromJSON (builtins.readFile sourcesFile), + pkgs ? mkPkgs sources, + }: rec { + # The sources, i.e. the attribute set of spec name to spec + inherit sources; - # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers - inherit pkgs; - }; -in mkSources (mkConfig { }) // { - __functor = _: settings: mkSources (mkConfig settings); -} + # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers + inherit pkgs; + }; +in + mkSources (mkConfig {}) + // { + __functor = _: settings: mkSources (mkConfig settings); + } diff --git a/nixops.nix b/nixops.nix index 28e5dcf..f078d47 100644 --- a/nixops.nix +++ b/nixops.nix @@ -1,18 +1,20 @@ # NixOps configuration for the mio-ops nodes - { network = { description = "mio-ops nodes"; enableRollback = true; }; - network.storage.legacy = { databasefile = "~/.nixops/deployments.nixops"; }; + network.storage.legacy = {databasefile = "~/.nixops/deployments.nixops";}; - defaults = { config, pkgs, lib, ... }: - - { - system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps - }; + defaults = { + config, + pkgs, + lib, + ... + }: { + system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps + }; airgead = import hosts/airgead.nix; ceilidh = import hosts/ceilidh.nix; diff --git a/overlays/nixUnstable.nix b/overlays/nixUnstable.nix index b83f541..02d7d7e 100644 --- a/overlays/nixUnstable.nix +++ b/overlays/nixUnstable.nix @@ -1,4 +1,6 @@ -let sources = import ../nix/sources.nix { }; -in final: prev: { - nixUnstable = (import sources.nixos-unstable { }).nixUnstable; -} +let + sources = import ../nix/sources.nix {}; +in + final: prev: { + nixUnstable = (import sources.nixos-unstable {}).nixUnstable; + } diff --git a/overlays/qemu/default.nix b/overlays/qemu/default.nix index 3313b74..b9829e4 100644 --- a/overlays/qemu/default.nix +++ b/overlays/qemu/default.nix @@ -1,15 +1,12 @@ # Based up original waokr by cleverca22 # https://github.com/cleverca22/nixos-configs/blob/master/overlays/qemu/default.nix - -self: super: - -{ - qemu-user-arm = if self.stdenv.system == "x86_64-linux" then - self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; } - else - self.callPackage ./qemu { user_arch = "arm"; }; - qemu-user-x86 = self.callPackage ./qemu { user_arch = "x86_64"; }; - qemu-user-arm64 = self.callPackage ./qemu { user_arch = "aarch64"; }; - qemu-user-riscv32 = self.callPackage ./qemu { user_arch = "riscv32"; }; - qemu-user-riscv64 = self.callPackage ./qemu { user_arch = "riscv64"; }; +self: super: { + qemu-user-arm = + if self.stdenv.system == "x86_64-linux" + then self.pkgsi686Linux.callPackage ./qemu {user_arch = "arm";} + else self.callPackage ./qemu {user_arch = "arm";}; + qemu-user-x86 = self.callPackage ./qemu {user_arch = "x86_64";}; + qemu-user-arm64 = self.callPackage ./qemu {user_arch = "aarch64";}; + qemu-user-riscv32 = self.callPackage ./qemu {user_arch = "riscv32";}; + qemu-user-riscv64 = self.callPackage ./qemu {user_arch = "riscv64";}; } diff --git a/overlays/qemu/qemu/default.nix b/overlays/qemu/qemu/default.nix index 3947862..00c17d4 100644 --- a/overlays/qemu/qemu/default.nix +++ b/overlays/qemu/qemu/default.nix @@ -1,13 +1,23 @@ # Based up original waokr by cleverca22 # https://raw.githubusercontent.com/cleverca22/nixos-configs/master/overlays/qemu/qemu/default.nix - -{ stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison -, makeStaticLibraries, glibc, qemu, fetchFromGitHub }: - -let +{ + stdenv, + fetchurl, + python, + pkgconfig, + zlib, + glib, + user_arch, + flex, + bison, + makeStaticLibraries, + glibc, + qemu, + fetchFromGitHub, +}: let env2 = makeStaticLibraries stdenv; - myglib = (glib.override { stdenv = env2; }).overrideAttrs (drv: { - mesonFlags = (drv.mesonFlags or [ ]) ++ [ "-Ddefault_library=both" ]; + myglib = (glib.override {stdenv = env2;}).overrideAttrs (drv: { + mesonFlags = (drv.mesonFlags or []) ++ ["-Ddefault_library=both"]; }); riscv_src = fetchFromGitHub { owner = "riscv"; @@ -22,32 +32,36 @@ let riscv64 = "x86_64"; x86_64 = "x86_64"; }; -in stdenv.mkDerivation rec { - name = "qemu-user-${user_arch}-${version}"; - version = "3.1.0"; - src = if is_riscv then riscv_src else qemu.src; - buildInputs = [ python pkgconfig zlib.static myglib flex bison glibc.static ]; - patches = [ ./qemu-stack.patch ]; - configureFlags = [ - "--enable-linux-user" - "--target-list=${user_arch}-linux-user" - "--disable-bsd-user" - "--disable-system" - "--disable-vnc" - "--disable-curses" - "--disable-sdl" - "--disable-vde" - "--disable-bluez" - "--disable-kvm" - "--static" - "--disable-tools" - "--cpu=${arch_map.${user_arch}}" - ]; - NIX_LDFLAGS = [ "-lglib-2.0" ]; - enableParallelBuilding = true; - postInstall = '' - cc -static ${ - ./qemu-wrap.c - } -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap - ''; -} +in + stdenv.mkDerivation rec { + name = "qemu-user-${user_arch}-${version}"; + version = "3.1.0"; + src = + if is_riscv + then riscv_src + else qemu.src; + buildInputs = [python pkgconfig zlib.static myglib flex bison glibc.static]; + patches = [./qemu-stack.patch]; + configureFlags = [ + "--enable-linux-user" + "--target-list=${user_arch}-linux-user" + "--disable-bsd-user" + "--disable-system" + "--disable-vnc" + "--disable-curses" + "--disable-sdl" + "--disable-vde" + "--disable-bluez" + "--disable-kvm" + "--static" + "--disable-tools" + "--cpu=${arch_map.${user_arch}}" + ]; + NIX_LDFLAGS = ["-lglib-2.0"]; + enableParallelBuilding = true; + postInstall = '' + cc -static ${ + ./qemu-wrap.c + } -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap + ''; + } diff --git a/overlays/vim-cue.nix b/overlays/vim-cue.nix index 81535b6..9cedb66 100644 --- a/overlays/vim-cue.nix +++ b/overlays/vim-cue.nix @@ -1,17 +1,18 @@ # Cue filetype plugin for Vim # # Provide an overlay to obtain vim-cue from upstream rather than nixpkgs - final: prev: { - vimPlugins = prev.vimPlugins // { - vim-cue = prev.vimUtils.buildVimPlugin { - name = "vim-cue"; - src = prev.fetchFromGitHub { - owner = "jjo"; - repo = "vim-cue"; - rev = "9e8bef1198817b6bae1143fecd965403d65d2466"; - sha256 = "sha256-VEJh3u2s4Ccc/JQa383FDcurCgUiNFlEuqXXhO0nB2c="; + vimPlugins = + prev.vimPlugins + // { + vim-cue = prev.vimUtils.buildVimPlugin { + name = "vim-cue"; + src = prev.fetchFromGitHub { + owner = "jjo"; + repo = "vim-cue"; + rev = "9e8bef1198817b6bae1143fecd965403d65d2466"; + sha256 = "sha256-VEJh3u2s4Ccc/JQa383FDcurCgUiNFlEuqXXhO0nB2c="; + }; }; }; - }; } diff --git a/profiles/android.nix b/profiles/android.nix index 8ca6ced..04a3b25 100644 --- a/profiles/android.nix +++ b/profiles/android.nix @@ -1,9 +1,9 @@ # Configuration for my Android development requirements - -{ config, pkgs, ... }: - { - + config, + pkgs, + ... +}: { nixpkgs.config = { android_sdk.accept_license = true; # Accept the Android SDK licence }; @@ -17,6 +17,5 @@ kconfig-frontends # Linux kconfig infrastructure ]; - users.groups.adbusers.members = [ "craige" ]; - + users.groups.adbusers.members = ["craige"]; } diff --git a/profiles/bash.nix b/profiles/bash.nix index e31192b..f603b43 100644 --- a/profiles/bash.nix +++ b/profiles/bash.nix @@ -1,9 +1,5 @@ # Configuration common to all my servers - -{ config, ... }: - -{ - +{config, ...}: { # Program defaults for all hosts programs.bash = { interactiveShellInit = '' @@ -15,5 +11,4 @@ ''; vteIntegration = true; }; - } diff --git a/profiles/cardano-node.nix b/profiles/cardano-node.nix index cdfda66..ba29e74 100644 --- a/profiles/cardano-node.nix +++ b/profiles/cardano-node.nix @@ -1,36 +1,38 @@ # NixOps configuration for the hosts running a Cardano node - -{ config, pkgs, lib, ... }: - -let - +{ + config, + pkgs, + lib, + ... +}: let sources = import ../nix/sources.nix; cardanoNodeProject = import (sources.cardano-node + "/nix") { gitrev = sources.cardano-node.rev; }; - iohkNix = import (sources.iohk-nix) { }; - + iohkNix = import (sources.iohk-nix) {}; in { + imports = [../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos"]; - imports = - [ ../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos" ]; - - environment.systemPackages = [ cardanoNodeProject.cardano-cli ]; + environment.systemPackages = [cardanoNodeProject.cardano-cli]; services = { cardano-node = { enable = true; environment = "mainnet"; hostAddr = "0.0.0.0"; - nodeConfig = iohkNix.cardanoLib.environments.mainnet.nodeConfig // { - hasPrometheus = [ "127.0.0.1" 12798 ]; - setupScribes = [{ - scKind = "JournalSK"; - scName = "cardano"; - scFormat = "ScText"; - }]; - defaultScribes = [[ "JournalSK" "cardano" ]]; - }; + nodeConfig = + iohkNix.cardanoLib.environments.mainnet.nodeConfig + // { + hasPrometheus = ["127.0.0.1" 12798]; + setupScribes = [ + { + scKind = "JournalSK"; + scName = "cardano"; + scFormat = "ScText"; + } + ]; + defaultScribes = [["JournalSK" "cardano"]]; + }; kesKey = "/run/keys/cardano-kes"; vrfKey = "/run/keys/cardano-vrf"; operationalCertificate = "/run/keys/cardano-opcert"; @@ -45,7 +47,5 @@ in { }; }; - users.groups.keys.members = - [ "cardano-node" ]; # Required due to NixOps issue #1204 - + users.groups.keys.members = ["cardano-node"]; # Required due to NixOps issue #1204 } diff --git a/profiles/chrony.nix b/profiles/chrony.nix index 56c4f24..d464d08 100644 --- a/profiles/chrony.nix +++ b/profiles/chrony.nix @@ -1,11 +1,6 @@ # NixOps configuration for the hosts running a Chrony service - -{ config, ... }: - -{ - +{config, ...}: { services.chrony = { - enable = true; # Enable Chrony + #enable = true; # Enable Chrony }; - } diff --git a/profiles/coturn.nix b/profiles/coturn.nix index 9815181..e6825a6 100644 --- a/profiles/coturn.nix +++ b/profiles/coturn.nix @@ -1,24 +1,24 @@ # NixOps configuration for the hosts running a TURN server (coturn) - -{ config, pkgs, lib, ... }: - { - - imports = [ ../secrets/coturn.nix ]; + config, + pkgs, + lib, + ... +}: { + imports = [../secrets/coturn.nix]; services = { - coturn = { enable = true; # Enable the coturn server lt-cred-mech = true; # Enable long-term credentials use-auth-secret = true; # Enable TURN REST API realm = "turn.mcwhirter.io"; # Default realm for users - relay-ips = [ # Relay addresses + relay-ips = [ + # Relay addresses "172.105.171.16" ]; no-tcp-relay = true; # Disable TCP relay endpoints - extraConfig = - "\n cipher-list=\"HIGH\"\n no-loopback-peers\n no-multicast-peers\n "; + extraConfig = "\n cipher-list=\"HIGH\"\n no-loopback-peers\n no-multicast-peers\n "; secure-stun = true; # Require authentication of the STUN Binding request cert = "/var/lib/acme/turn.mcwhirter.io/fullchain.pem"; pkey = "/var/lib/acme/turn.mcwhirter.io/key.pem"; @@ -52,13 +52,13 @@ 5350 # STUN tls alt 443 # HTTPS ]; - allowedUDPPortRanges = [{ - from = 49152; - to = 49999; - } # TURN relay - ]; + allowedUDPPortRanges = [ + { + from = 49152; + to = 49999; + } # TURN relay + ]; }; - users.groups.turnserver.members = [ "nginx" ]; # Added for keys permissions - + users.groups.turnserver.members = ["nginx"]; # Added for keys permissions } diff --git a/profiles/craige4rocky.nix b/profiles/craige4rocky.nix index 48dbcfc..4e178a0 100644 --- a/profiles/craige4rocky.nix +++ b/profiles/craige4rocky.nix @@ -1,18 +1,17 @@ # NixOps configuration for deploying the craige4rocky website - -{ config, pkgs, ... }: - -let +{ + config, + pkgs, + ... +}: let craige4rocky = import (pkgs.fetchgit { name = "craige4rocky-src"; url = "https://source.mcwhirter.io/craige/craige4rocky.git"; branchName = "master"; sha256 = "1cammdgszclrhvp56af3c7vnanyn0gplvkhqi6jkg1ygy01ard4w"; - }) { nixpkgs = pkgs; }; + }) {nixpkgs = pkgs;}; webdomain = "craige4rocky.org"; - in { - environment.sessionVariables = { LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; }; @@ -24,16 +23,17 @@ in { recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { - "${webdomain}" = { # website hostname + "${webdomain}" = { + # website hostname enableACME = true; # Use ACME certs forceSSL = true; # Force SSL root = "${craige4rocky}"; # Wesbite root }; - "www.${webdomain}" = { # Respect our elders :-) + "www.${webdomain}" = { + # Respect our elders :-) forceSSL = true; enableACME = true; - locations."/".extraConfig = - "return 301 $scheme://${webdomain}$request_uri;"; + locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; }; }; }; @@ -46,6 +46,5 @@ in { }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - + networking.firewall.allowedTCPPorts = [80 443]; } diff --git a/profiles/cron-craige.nix b/profiles/cron-craige.nix index 86100e3..fcd14e6 100644 --- a/profiles/cron-craige.nix +++ b/profiles/cron-craige.nix @@ -1,9 +1,9 @@ # NixOps configuration for Craige's cron jobs - -{ config, pkgs, ... }: - { - + config, + pkgs, + ... +}: { services.cron = { enable = true; # Enable cron service systemCronJobs = [ @@ -12,5 +12,4 @@ "*/5 * * * * craige /run/current-system/sw/bin/task rc:~/.taskrc_obair sync >> /home/craige/.tasksync_obair.log 2>&1" ]; }; - } diff --git a/profiles/cryptpad.nix b/profiles/cryptpad.nix index 8246a9e..cf497d3 100644 --- a/profiles/cryptpad.nix +++ b/profiles/cryptpad.nix @@ -1,9 +1,10 @@ # NixOps configuration for the hosts running a Cryptpad server - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { services.cryptpad = { enable = true; # Enable Cryptpad server }; @@ -14,7 +15,8 @@ recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts."pad.mcwhirter.io" = { # Cryptpad hostname + virtualHosts."pad.mcwhirter.io" = { + # Cryptpad hostname enableACME = true; # Use ACME certs forceSSL = true; # Force SSL locations = { @@ -55,12 +57,11 @@ ''; tryFiles = "$uri =404"; }; - "~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" = - { - extraConfig = '' - rewrite ^(.*)$ $1/ redirect; - ''; - }; + "~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" = { + extraConfig = '' + rewrite ^(.*)$ $1/ redirect; + ''; + }; }; #extraConfig = '' # try_files /www/$uri /www/$uri/index.html /customize/$uri; @@ -70,7 +71,6 @@ security.acme = { acceptTerms = true; - certs = { "pad.mcwhirter.io".email = "craige@mcwhirter.io"; }; + certs = {"pad.mcwhirter.io".email = "craige@mcwhirter.io";}; }; - } diff --git a/profiles/cyclone-ibis.nix b/profiles/cyclone-ibis.nix index dab6843..2e47094 100644 --- a/profiles/cyclone-ibis.nix +++ b/profiles/cyclone-ibis.nix @@ -1,18 +1,17 @@ # NixOps configuration for deploying the Cyclone Ibis website - -{ config, pkgs, ... }: - -let +{ + config, + pkgs, + ... +}: let cyclone-ibis = import (pkgs.fetchgit { name = "cyclone-ibis-src"; url = "https://source.mcwhirter.io/craige/cyclone-ibis.git"; branchName = "consensus"; sha256 = "sha256-NIEs0EuiHL9Zll0Sa4aR5zyzerw5akXxSC1pkDQPG5s="; - }) { nixpkgs = pkgs; }; + }) {nixpkgs = pkgs;}; webdomain = "cycloneibis.com"; - in { - environment.sessionVariables = { LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; }; @@ -26,16 +25,17 @@ in { recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { - "${webdomain}" = { # website hostname + "${webdomain}" = { + # website hostname enableACME = true; # Use ACME certs forceSSL = true; # Force SSL root = "${cyclone-ibis}"; # Wesbite root }; - "www.${webdomain}" = { # Respect our elders :-) + "www.${webdomain}" = { + # Respect our elders :-) forceSSL = true; enableACME = true; - locations."/".extraConfig = - "return 301 $scheme://${webdomain}$request_uri;"; + locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; }; }; }; @@ -48,6 +48,5 @@ in { }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - + networking.firewall.allowedTCPPorts = [80 443]; } diff --git a/profiles/daedalus.nix b/profiles/daedalus.nix index e25d91d..56d209e 100644 --- a/profiles/daedalus.nix +++ b/profiles/daedalus.nix @@ -1,19 +1,17 @@ # NixOps configuration for the hosts running Daedalus - -{ config, pkgs, lib, ... }: - -let - +{ + config, + pkgs, + lib, + ... +}: let sources = import ../nix/sources.nix; - daedalusProject = import sources.daedalus { }; + daedalusProject = import sources.daedalus {}; daedalusMainnet = daedalusProject.daedalus; #daedalusFlight = daedalusProject.daedalus {--argstr cluster mainnet_flight -o daedalusFlight}; - in { - environment.systemPackages = [ daedalusMainnet #daedalusFlight ]; - } diff --git a/profiles/desktop-feeds.nix b/profiles/desktop-feeds.nix index b1e968f..38a7f88 100644 --- a/profiles/desktop-feeds.nix +++ b/profiles/desktop-feeds.nix @@ -1,9 +1,10 @@ # NixOps configuration for the hosts using feed applications - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { # Set the system-wide environment environment = { systemPackages = with pkgs; [ @@ -13,5 +14,4 @@ gpodder # A podcatcher written in python ]; }; - } diff --git a/profiles/desktopCraige.nix b/profiles/desktopCraige.nix index f443d40..eb50560 100644 --- a/profiles/desktopCraige.nix +++ b/profiles/desktopCraige.nix @@ -1,8 +1,9 @@ # Craige's desktop requirements - -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { # Craige's Desktop Packages imports = [ ../profiles/ebooks.nix diff --git a/profiles/desktopFiona.nix b/profiles/desktopFiona.nix index aa86bdd..01605b4 100644 --- a/profiles/desktopFiona.nix +++ b/profiles/desktopFiona.nix @@ -1,8 +1,9 @@ # Fiona's desktop requirements - -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { # Fiona's Desktop Packages environment.systemPackages = with pkgs; [ slack-dark # Slack desktop client diff --git a/profiles/desktop_common.nix b/profiles/desktop_common.nix index b2d2ccb..20be23f 100644 --- a/profiles/desktop_common.nix +++ b/profiles/desktop_common.nix @@ -1,8 +1,9 @@ # Common configuration for MIO desktops - -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { imports = [ ../profiles/games-kids.nix ../profiles/host_common.nix @@ -68,7 +69,7 @@ hardware = { pulseaudio = { enable = true; - extraModules = [ pkgs.pulseaudio-modules-bt ]; + extraModules = [pkgs.pulseaudio-modules-bt]; package = pkgs.pulseaudioFull; }; bluetooth = { @@ -79,14 +80,14 @@ Enable = "Source,Sink,Media,Socket"; NoPlugin = "sap"; }; - Policy = { AutoEnable = "true"; }; + Policy = {AutoEnable = "true";}; }; }; opengl.enable = true; }; # Configure Firefox and Chromium - nixpkgs.config = { allowUnfree = true; }; + nixpkgs.config = {allowUnfree = true;}; programs = { chromium = { @@ -97,9 +98,8 @@ # Groups to add users.groups = { - audio.members = [ "craige" "fiona" "hamish" "logan" "xander" ]; - libvirtd.members = [ "craige" "fiona" "hamish" "logan" "xander" ]; - networkmanager.members = [ "craige" "fiona" "hamish" "logan" "xander" ]; + audio.members = ["craige" "fiona" "hamish" "logan" "xander"]; + libvirtd.members = ["craige" "fiona" "hamish" "logan" "xander"]; + networkmanager.members = ["craige" "fiona" "hamish" "logan" "xander"]; }; - } diff --git a/profiles/ebooks.nix b/profiles/ebooks.nix index 906de1d..16f0265 100644 --- a/profiles/ebooks.nix +++ b/profiles/ebooks.nix @@ -1,15 +1,14 @@ # ebook reading requirements - -{ config, pkgs, ... }: - { - - environment.variables = { FOLIATE_TTS_LANG = "en-gb"; }; + config, + pkgs, + ... +}: { + environment.variables = {FOLIATE_TTS_LANG = "en-gb";}; environment.systemPackages = with pkgs; [ #python39Packages.gtts # Speech synthesizer, required for text to speech. foliate # A simple and modern GTK eBook reader vlc ]; - } diff --git a/profiles/emacs.nix b/profiles/emacs.nix index e8ee2d2..ec0aed9 100644 --- a/profiles/emacs.nix +++ b/profiles/emacs.nix @@ -1,33 +1,35 @@ -/* This is a nix expression to build Emacs and some Emacs packages I like - from source on any distribution where Nix is installed. This will install - all the dependencies from the nixpkgs repository and build the binary files - without interfering with the host distribution. - - To build the project, type the following from the current directory: - - $ nix-build emacs.nix - - To run the newly compiled executable: - - $ ./result/bin/emacs -*/ -{ pkgs ? import { } }: - -let +/* + This is a nix expression to build Emacs and some Emacs packages I like + from source on any distribution where Nix is installed. This will install + all the dependencies from the nixpkgs repository and build the binary files + without interfering with the host distribution. + + To build the project, type the following from the current directory: + + $ nix-build emacs.nix + + To run the newly compiled executable: + + $ ./result/bin/emacs + */ +{pkgs ? import {}}: let myEmacs = pkgs.emacs; emacsWithPackages = (pkgs.emacsPackagesNgGen myEmacs).emacsWithPackages; -in emacsWithPackages (epkgs: - (with epkgs.melpaStablePackages; [ - magit # ; Integrate git - zerodark-theme # ; Nicolas' theme - ]) ++ (with epkgs.melpaPackages; - [ +in + emacsWithPackages (epkgs: + (with epkgs.melpaStablePackages; [ + magit # ; Integrate git + zerodark-theme # ; Nicolas' theme + ]) + ++ (with epkgs.melpaPackages; [ #undo-tree # ; to show the undo tree #zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+> - ]) ++ (with epkgs.elpaPackages; [ + ]) + ++ (with epkgs.elpaPackages; [ auctex # ; LaTeX mode beacon # ; highlight my cursor when scrolling nameless # ; hide current package name everywhere in elisp code - ]) ++ [ + ]) + ++ [ pkgs.notmuch # From main packages set ]) diff --git a/profiles/games-kids.nix b/profiles/games-kids.nix index 5837505..d99fcd2 100644 --- a/profiles/games-kids.nix +++ b/profiles/games-kids.nix @@ -1,16 +1,15 @@ # Configuration for - -{ config, pkgs, ... }: - -let +{ + config, + pkgs, + ... +}: let sources = import ../nix/sources.nix; - unstable = import sources.nixpkgsUnstable { }; - + unstable = import sources.nixpkgsUnstable {}; in { - nixpkgs.config = { allowUnfree = true; - permittedInsecurePackages = [ "minecraft" ]; + permittedInsecurePackages = ["minecraft"]; }; # Retro Gaming Packages @@ -36,5 +35,4 @@ in { superTuxKart # A Free 3D kart racing game wesnoth # Battle for Wesnoth server and client ]; - } diff --git a/profiles/gitea_home.nix b/profiles/gitea_home.nix index 55a7acd..4e82b7f 100644 --- a/profiles/gitea_home.nix +++ b/profiles/gitea_home.nix @@ -1,9 +1,10 @@ # NixOps configuration for the hosts running Gitea - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { services.gitea = { enable = true; # Enable Gitea appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name @@ -39,7 +40,8 @@ authentication = '' local gitea all ident map=gitea-users ''; - identMap = # Map the gitea user to postgresql + identMap = + # Map the gitea user to postgresql '' gitea-users gitea gitea ''; @@ -51,7 +53,8 @@ recommendedOptimisation = true; recommendedProxySettings = true; #recommendedTlsSettings = true; - virtualHosts."source.taigh.mcwhirter.io" = { # Gitea hostname + virtualHosts."source.taigh.mcwhirter.io" = { + # Gitea hostname #enableACME = true; # Use ACME certs #forceSSL = true; # Force SSL locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea @@ -62,13 +65,12 @@ networking = { firewall = { enable = true; - allowedTCPPorts = [ 80 ]; - trustedInterfaces = [ "lo" ]; + allowedTCPPorts = [80]; + trustedInterfaces = ["lo"]; }; }; #security.acme.certs = { # "source.mcwhirter.io".email = "craige@mcwhirter.io"; #}; - } diff --git a/profiles/grafana.nix b/profiles/grafana.nix index efbec2e..551cb25 100644 --- a/profiles/grafana.nix +++ b/profiles/grafana.nix @@ -1,10 +1,11 @@ # NixOps configuration for the hosts running Prometheus on a Cardano node - -{ config, pkgs, lib, ... }: - { - - imports = [ ../secrets/cardano/grafana.nix ]; + config, + pkgs, + lib, + ... +}: { + imports = [../secrets/cardano/grafana.nix]; services = { grafana = { @@ -13,8 +14,7 @@ domain = "monitoring.mcwhirter.io"; rootUrl = "https://monitoring.mcwhirter.io/grafana"; security = { - adminPasswordFile = - "/run/keys/grafana-apass"; # Where to find the password + adminPasswordFile = "/run/keys/grafana-apass"; # Where to find the password }; auth = { anonymous = { @@ -30,16 +30,16 @@ # options.path = ../monitoring/NodeSystemDashboard.json; # } #]; - datasources = [{ - type = "prometheus"; - name = "prometheus"; - url = "http://localhost:9090/prometheus"; - }]; + datasources = [ + { + type = "prometheus"; + name = "prometheus"; + url = "http://localhost:9090/prometheus"; + } + ]; }; }; }; - users.groups.keys.members = - [ "grafana" ]; # Required due to NixOps issue #1204 - + users.groups.keys.members = ["grafana"]; # Required due to NixOps issue #1204 } diff --git a/profiles/haskell-dev.nix b/profiles/haskell-dev.nix index 1b3f1ec..50994c9 100644 --- a/profiles/haskell-dev.nix +++ b/profiles/haskell-dev.nix @@ -1,13 +1,12 @@ # Configuration for Haskell development - -{ config, pkgs, ... }: - { - + config, + pkgs, + ... +}: { environment.systemPackages = with pkgs.haskellPackages; [ cabal-install # Haskell software automation ghc # Glasgow Haskell Compiler hlint # Haskell source linter ]; - } diff --git a/profiles/host_common.nix b/profiles/host_common.nix index d8e8a1b..7e371d1 100644 --- a/profiles/host_common.nix +++ b/profiles/host_common.nix @@ -1,9 +1,10 @@ # Configuration common to all my servers - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { imports = [ ../profiles/bash.nix ./chrony.nix @@ -40,10 +41,9 @@ # Configure and install required fonts fonts.enableDefaultFonts = true; fonts.fontDir.enable = true; - fonts.fonts = with pkgs; - [ - powerline-fonts # Required for Powerline prompts - ]; + fonts.fonts = with pkgs; [ + powerline-fonts # Required for Powerline prompts + ]; fonts.fontconfig.includeUserConf = false; # Adapted from gchristensen and clever @@ -71,15 +71,17 @@ show-trace = true # Enable --show-trace by default for nix builders-use-substitutes = true # Set builders to use caches ''; - trustedUsers = [ "craige" ]; + trustedUsers = ["craige"]; }; + networking = {enableIPv6 = true;}; + system.extraSystemBuilderCmds = '' ln -sv ${pkgs.path} $out/nixpkgs ''; environment.etc.host-nix-channel.source = pkgs.path; - environment.variables = { BAT_THEME = "Dracula"; }; + environment.variables = {BAT_THEME = "Dracula";}; # Set the system-wide environment environment = { @@ -87,10 +89,9 @@ bat # cat clone with syntax highlighting & Git integration dnsutils # Bind DNS utilities fd # A simple, fast and user-friendly alternative to find - (if config.services.xserver.enable then - gitAndTools.gitFull - else - git) # Distributed version control system + (if config.services.xserver.enable + then gitAndTools.gitFull + else git) # Distributed version control system htop # interactive process viewer hwinfo # Hardware detection tool killall # kill processes by name diff --git a/profiles/hydra-dev.nix b/profiles/hydra-dev.nix index 762064f..6971b9c 100644 --- a/profiles/hydra-dev.nix +++ b/profiles/hydra-dev.nix @@ -1,6 +1,4 @@ -{ pkgs }: - -let +{pkgs}: let hydraSrc = pkgs.fetchFromGitHub { owner = "nixos"; repo = "hydra"; @@ -9,13 +7,14 @@ let #sha256 = "1vs3lyfyafsl7wbpmycv7c3n9n2rkrswp65msb6q1iskgpvr96d5"; sha256 = "0i7szp04c873gfmj1h0dcl5rsbzzldc160pcls8z9v6iphils34i"; }; -in pkgs.callPackage ./hydra-fork.nix { - nixpkgsPath = pkgs.path; - #patches = [ - # (pkgs.fetchpatch { - # url = "https://github.com/NixOS/hydra/pull/648/commits/4171ab4c4fd576c516dc03ba64d1c7945f769af0.patch"; - # sha256 = "1fxa2459kdws6qc419dv4084c1ssmys7kqg4ic7n643kybamsgrx"; - # }) - #]; - src = hydraSrc; -} +in + pkgs.callPackage ./hydra-fork.nix { + nixpkgsPath = pkgs.path; + #patches = [ + # (pkgs.fetchpatch { + # url = "https://github.com/NixOS/hydra/pull/648/commits/4171ab4c4fd576c516dc03ba64d1c7945f769af0.patch"; + # sha256 = "1fxa2459kdws6qc419dv4084c1ssmys7kqg4ic7n643kybamsgrx"; + # }) + #]; + src = hydraSrc; + } diff --git a/profiles/hydra-fork.nix b/profiles/hydra-fork.nix index b63089f..5001320 100644 --- a/profiles/hydra-fork.nix +++ b/profiles/hydra-fork.nix @@ -1,6 +1,8 @@ -{ fetchFromGitHub, nixpkgsPath, src }: - -let +{ + fetchFromGitHub, + nixpkgsPath, + src, +}: let hydraRelease = (import (src + "/release.nix") { #hydraRelease = (import src { nixpkgs = nixpkgsPath; @@ -10,5 +12,5 @@ let revCount = 1234; }; }); - -in hydraRelease.build.x86_64-linux.overrideAttrs (drv: { }) +in + hydraRelease.build.x86_64-linux.overrideAttrs (drv: {}) diff --git a/profiles/hydra.nix b/profiles/hydra.nix index 1a8be48..7aa177a 100644 --- a/profiles/hydra.nix +++ b/profiles/hydra.nix @@ -1,8 +1,10 @@ # NixOps configuration for the VMs running Hydra - -{ config, pkgs, lib, ... }: - { + config, + pkgs, + lib, + ... +}: { #disabledModules = [ "services/continuous-integration/hydra/default.nix" ]; #imports = [ @@ -24,17 +26,20 @@ hydra-users root postgres hydra-users postgres postgres ''; - ensureDatabases = [ "hydra" ]; # Ensure the database persists - ensureUsers = [{ - name = "hydra"; # Ensure the database user persists - ensurePermissions = { # Ensure the database permissions persist - "DATABASE hydra" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; - }]; + ensureDatabases = ["hydra"]; # Ensure the database persists + ensureUsers = [ + { + name = "hydra"; # Ensure the database user persists + ensurePermissions = { + # Ensure the database permissions persist + "DATABASE hydra" = "ALL PRIVILEGES"; + "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + }; + } + ]; }; - networking.firewall.allowedTCPPorts = [ config.services.hydra.port ]; + networking.firewall.allowedTCPPorts = [config.services.hydra.port]; #services.hydra-dev = { services.hydra = { @@ -59,18 +64,18 @@ }; }; - security.acme.certs = { "hydra.mcwhirter.io".email = "craige@mcwhirter.io"; }; + security.acme.certs = {"hydra.mcwhirter.io".email = "craige@mcwhirter.io";}; systemd.services.hydra-manual-setup = { description = "Create Admin User for Hydra"; serviceConfig.Type = "oneshot"; serviceConfig.RemainAfterExit = true; - wantedBy = [ "multi-user.target" ]; - requires = [ "hydra-init.service" ]; - after = [ "hydra-init.service" ]; + wantedBy = ["multi-user.target"]; + requires = ["hydra-init.service"]; + after = ["hydra-init.service"]; environment = builtins.removeAttrs (config.systemd.services.hydra-init.environment) - [ "PATH" ]; + ["PATH"]; script = '' if [ ! -e ~hydra/.setup-is-complete ]; then # create signing keys @@ -87,13 +92,15 @@ fi ''; }; - nix.trustedUsers = [ "hydra" "hydra-evaluator" "hydra-queue-runner" ]; - nix.buildMachines = [{ - hostName = "localhost"; - systems = [ "x86_64-linux" "i686-linux" ]; - maxJobs = 4; - # for building VirtualBox VMs as build artifacts, you might need other - # features depending on what you are doing - supportedFeatures = [ "big-parallel" "kvm" "nixos-test" ]; - }]; + nix.trustedUsers = ["hydra" "hydra-evaluator" "hydra-queue-runner"]; + nix.buildMachines = [ + { + hostName = "localhost"; + systems = ["x86_64-linux" "i686-linux"]; + maxJobs = 4; + # for building VirtualBox VMs as build artifacts, you might need other + # features depending on what you are doing + supportedFeatures = ["big-parallel" "kvm" "nixos-test"]; + } + ]; } diff --git a/profiles/iohk.nix b/profiles/iohk.nix index f7c8a1f..7b4025f 100644 --- a/profiles/iohk.nix +++ b/profiles/iohk.nix @@ -1,14 +1,14 @@ # NixOps configuration for the hosts utilising IOHK resources - -{ config, pkgs, lib, ... }: - -let +{ + config, + pkgs, + lib, + ... +}: let sources = import ../nix/sources.nix; - nixUnstable = (import sources.nixpkgsUnstable { }).nixVersions.unstable; - + nixUnstable = (import sources.nixpkgsUnstable {}).nixVersions.unstable; in { - - imports = [ ../profiles/terminal-recording.nix ../profiles/nix-direnv.nix ]; + imports = [../profiles/terminal-recording.nix ../profiles/nix-direnv.nix]; nix = { package = nixUnstable; @@ -68,6 +68,5 @@ in { # package = pkgs.postgresql_10; # Set the required version, if needed }; - users.groups.docker.members = [ "craige" ]; - + users.groups.docker.members = ["craige"]; } diff --git a/profiles/jormungandr-stake.nix b/profiles/jormungandr-stake.nix index ade7f37..d9ae493 100644 --- a/profiles/jormungandr-stake.nix +++ b/profiles/jormungandr-stake.nix @@ -1,17 +1,17 @@ -{ lib, config, pkgs, ... }: - { - - disabledModules = [ "services/networking/jormungandr.nix" ]; + lib, + config, + pkgs, + ... +}: { + disabledModules = ["services/networking/jormungandr.nix"]; imports = let jormungandrNixSrc = builtins.fetchTarball - "https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz"; - in [ (import (jormungandrNixSrc + "/nixos")) ]; - - environment.systemPackages = with pkgs; - [ - jq # CLI JSON processor - ]; + "https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz"; + in [(import (jormungandrNixSrc + "/nixos"))]; + environment.systemPackages = with pkgs; [ + jq # CLI JSON processor + ]; } diff --git a/profiles/jormungandr.nix b/profiles/jormungandr.nix index 1abcef3..d0e808d 100644 --- a/profiles/jormungandr.nix +++ b/profiles/jormungandr.nix @@ -1,11 +1,14 @@ -{ config, pkgs, ... }: { - imports = [ /home/craige/source/IOHK/jormungandr-nix/nixos/jormungandr.nix ]; +{ + config, + pkgs, + ... +}: { + imports = [/home/craige/source/IOHK/jormungandr-nix/nixos/jormungandr.nix]; services = { jormungandr = { enable = true; enableExplorer = false; - genesisBlockHash = - "11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2"; + genesisBlockHash = "11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2"; trustedPeersAddresses = [ "/ip4/3.123.177.192/tcp/3000" "/ip4/52.57.157.167/tcp/3000" diff --git a/profiles/keyboard.nix b/profiles/keyboard.nix index 3e54aa3..b5e98a8 100644 --- a/profiles/keyboard.nix +++ b/profiles/keyboard.nix @@ -1,9 +1,9 @@ # NixOps configuration for Moonlander mechanical keyboard - -{ config, pkgs, ... }: - { - + config, + pkgs, + ... +}: { services.udev.extraRules = '' # STM32 rules for the Moonlander and Planck EZ SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", \ @@ -17,10 +17,8 @@ ''; environment = { - systemPackages = with pkgs; - [ - wally-cli # Flash firmware to mechanical keyboard - ]; + systemPackages = with pkgs; [ + wally-cli # Flash firmware to mechanical keyboard + ]; }; - } diff --git a/profiles/kids-dev.nix b/profiles/kids-dev.nix index bd81867..24215b1 100644 --- a/profiles/kids-dev.nix +++ b/profiles/kids-dev.nix @@ -1,12 +1,10 @@ # Configuration for Haskell development - -{ config, pkgs, ... }: - { - - environment.systemPackages = with pkgs; - [ - kate # Multi-document editor with syntax highlighting - ]; - + config, + pkgs, + ... +}: { + environment.systemPackages = with pkgs; [ + kate # Multi-document editor with syntax highlighting + ]; } diff --git a/profiles/logrotate.nix b/profiles/logrotate.nix index 9d34c14..f656690 100644 --- a/profiles/logrotate.nix +++ b/profiles/logrotate.nix @@ -1,11 +1,6 @@ # logrotate configuration for NixOS / NixOps - -{ config, ... }: - -{ - +{config, ...}: { services.logrotate = { enable = true; # Enable the logrotate service }; - } diff --git a/profiles/matrix.nix b/profiles/matrix.nix index 6412c49..a7b721e 100644 --- a/profiles/matrix.nix +++ b/profiles/matrix.nix @@ -1,10 +1,11 @@ # NixOps configuration for the hosts running a Matrix server (synapse) - -{ config, pkgs, lib, ... }: - { - - imports = [ ../secrets/matrix.nix ]; + config, + pkgs, + lib, + ... +}: { + imports = [../secrets/matrix.nix]; i18n = { extraLocaleSettings = { @@ -14,41 +15,42 @@ }; services = { - matrix-synapse = { enable = true; # Enable the synapse server server_name = "mcwhirter.io"; # Server's public domain name public_baseurl = "https://synapse.mcwhirter.io:443/"; # Matrix target URL enable_registration = true; # Toggle user registration listeners = [ - { # federation + { + # federation bind_address = ""; port = 8448; resources = [ { compress = true; - names = [ "client" ]; + names = ["client"]; } { compress = false; - names = [ "federation" ]; + names = ["federation"]; } ]; tls = true; type = "http"; x_forwarded = false; } - { # client + { + # client bind_address = "::1"; # Listen on localhost only port = 8008; # Port to listen on resources = [ { compress = true; - names = [ "client" ]; + names = ["client"]; } { compress = false; - names = [ "federation" ]; + names = ["federation"]; } ]; tls = true; @@ -59,8 +61,7 @@ max_upload_size = "200M"; # Also set client_max_body_size to at least this tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem"; tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem"; - turn_shared_secret = - "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6"; + turn_shared_secret = "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6"; turn_uris = [ "turn:turn.mcwhirter.io:5349?transport=udp" "turn:turn.mcwhirter.io:5350?transport=udp" @@ -84,11 +85,11 @@ forceSSL = true; enableACME = true; locations = { - "/_matrix" = { proxyPass = "https://[::1]:8008"; }; + "/_matrix" = {proxyPass = "https://[::1]:8008";}; "/.well-known/matrix/server".extraConfig = let # use 443 instead of the default 8448 port to unite # the client-server and server-server port for simplicity - server = { "m.server" = "synapse.mcwhirter.io:443"; }; + server = {"m.server" = "synapse.mcwhirter.io:443";}; in '' add_header Content-Type application/json; return 200 '${builtins.toJSON server}'; @@ -98,7 +99,7 @@ "m.homeserver" = { "base_url" = "https://synapse.mcwhirter.io"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; + "m.identity_server" = {"base_url" = "https://vector.im";}; }; # ACAO required to allow element-web on any URL to request this json file in '' @@ -121,14 +122,18 @@ postgresql = { enable = true; - ensureDatabases = [ "matrix-synapse" ]; # Ensure the database persists - ensureUsers = [{ - name = "matrix-synapse"; # Ensure the database user persists - ensurePermissions = { # Ensure the database permissions persist - "DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; - }]; + package = pkgs.postgresql_10; + ensureDatabases = ["matrix-synapse"]; # Ensure the database persists + ensureUsers = [ + { + name = "matrix-synapse"; # Ensure the database user persists + ensurePermissions = { + # Ensure the database permissions persist + "DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES"; + "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + }; + } + ]; # Initial database creation initialScript = pkgs.writeText "synapse-init.sql" '' CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; @@ -149,8 +154,7 @@ }; "synapse.mcwhirter.io" = { group = "matrix-synapse"; - postRun = - "systemctl reload nginx.service; systemctl restart matrix-synapse.service"; + postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service"; email = "acme@mcwhirter.io"; }; }; @@ -164,7 +168,5 @@ ]; }; - users.groups.matrix-synapse.members = - [ "nginx" ]; # Added for keys permissions - + users.groups.matrix-synapse.members = ["nginx"]; # Added for keys permissions } diff --git a/profiles/mcwhirter.io.nix b/profiles/mcwhirter.io.nix index 659c44b..021e12d 100644 --- a/profiles/mcwhirter.io.nix +++ b/profiles/mcwhirter.io.nix @@ -1,14 +1,13 @@ # NixOps configuration for deploying the mcwhirter.io website - -{ config, pkgs, ... }: - -let +{ + config, + pkgs, + ... +}: let sources = import ../nix/sources.nix; - mcwhirter-io = import sources.mcwhirter-io { }; + mcwhirter-io = import sources.mcwhirter-io {}; webdomain = "mcwhirter.io"; - in { - environment.sessionVariables = { LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; }; @@ -20,14 +19,15 @@ in { recommendedProxySettings = true; recommendedTlsSettings = true; virtualHosts = { - "${webdomain}" = { # website hostname + "${webdomain}" = { + # website hostname enableACME = true; # Use ACME certs forceSSL = true; # Force SSL root = "${mcwhirter-io}"; # Wesbite root }; - "www.${webdomain}" = { # Respect our elders :-) - locations."/".extraConfig = - "return 301 $scheme://${webdomain}$request_uri;"; + "www.${webdomain}" = { + # Respect our elders :-) + locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; }; }; }; @@ -42,6 +42,5 @@ in { }; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - + networking.firewall.allowedTCPPorts = [80 443]; } diff --git a/profiles/minecraftServer.nix b/profiles/minecraftServer.nix index 597ed29..e3d90f7 100644 --- a/profiles/minecraftServer.nix +++ b/profiles/minecraftServer.nix @@ -1,12 +1,12 @@ # Minecraft server configuration for NixOS / NixOps - -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { + imports = [../secrets/minecraftServer.nix]; - imports = [ ../secrets/minecraftServer.nix ]; - - nixpkgs = { config = { allowUnfree = true; }; }; + nixpkgs = {config = {allowUnfree = true;};}; services.minecraft-server = { enable = true; # Enable the Minecraft server. @@ -22,8 +22,7 @@ }; }; - environment.systemPackages = with pkgs; - [ - mcron # Minecraft console client - ]; + environment.systemPackages = with pkgs; [ + mcron # Minecraft console client + ]; } diff --git a/profiles/monitoring.nix b/profiles/monitoring.nix index ec53539..bdae00f 100644 --- a/profiles/monitoring.nix +++ b/profiles/monitoring.nix @@ -1,10 +1,11 @@ # NixOps configuration for the monitoring host - -{ config, pkgs, lib, ... }: - { - - imports = [ ./grafana.nix ./prometheus.nix ]; + config, + pkgs, + lib, + ... +}: { + imports = [./grafana.nix ./prometheus.nix]; services = { nginx = { @@ -13,7 +14,8 @@ recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts."monitoring.mcwhirter.io" = { # Monitoring hostname + virtualHosts."monitoring.mcwhirter.io" = { + # Monitoring hostname enableACME = true; # Use ACME certs forceSSL = true; # Force SSL locations = { @@ -28,12 +30,10 @@ }; }; }; - }; security.acme = { acceptTerms = true; - certs = { "monitoring.mcwhirter.io".email = "craige@mcwhirter.io"; }; + certs = {"monitoring.mcwhirter.io".email = "craige@mcwhirter.io";}; }; - } diff --git a/profiles/neomutt.nix b/profiles/neomutt.nix index cefd5e8..630898d 100644 --- a/profiles/neomutt.nix +++ b/profiles/neomutt.nix @@ -1,9 +1,9 @@ # Configuration for my neomutt email requirements - -{ config, pkgs, ... }: - { - + config, + pkgs, + ... +}: { # Install other packages that I require to be used with neomutt. environment.systemPackages = with pkgs; [ isync # My mail fetcher @@ -23,5 +23,4 @@ "*/5 * * * * craige /run/current-system/sw/bin/mbsync -q IOHK >> /home/craige/.mailsync-IOHK.log 2>&1" ]; }; - } diff --git a/profiles/nextcloud.nix b/profiles/nextcloud.nix index 6fcc7a6..6bc18d7 100644 --- a/profiles/nextcloud.nix +++ b/profiles/nextcloud.nix @@ -1,28 +1,27 @@ # NixOps configuration for the hosts running Nextcloud - -{ config, pkgs, lib, ... }: - { - - imports = [ ../secrets/nextcloud.nix ]; + config, + pkgs, + lib, + ... +}: { + imports = [../secrets/nextcloud.nix]; services.nextcloud = { enable = true; # Enable Nextcloud hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance https = true; # Use HTTPS for links - config = { # Configure Nextcloud + config = { + # Configure Nextcloud dbtype = "pgsql"; # Set the database type dbname = "nextcloud"; # Set the database name dbhost = "/run/postgresql"; # Set the database connection dbuser = "nextcloud"; # Set the database user - dbpassFile = - "/run/keys/nextcloud-dbpass"; # Where to find the database password - adminpassFile = - "/run/keys/nextcloud-admin"; # Where to find the admin password + dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the database password + adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the admin password adminuser = "root"; # Set the admin user name overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS - defaultPhoneRegion = - "AU"; # Country code for automatic phone-number detection + defaultPhoneRegion = "AU"; # Country code for automatic phone-number detection }; autoUpdateApps = { enable = true; # Run regular auto update of all apps installed @@ -33,14 +32,17 @@ services.postgresql = { enable = true; # Ensure postgresql is enabled - ensureDatabases = [ "nextcloud" ]; # Ensure the database persists - ensureUsers = [{ - name = "nextcloud"; # Ensure the database user persists - ensurePermissions = { # Ensure the database permissions persist - "DATABASE nextcloud" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; - }]; + ensureDatabases = ["nextcloud"]; # Ensure the database persists + ensureUsers = [ + { + name = "nextcloud"; # Ensure the database user persists + ensurePermissions = { + # Ensure the database permissions persist + "DATABASE nextcloud" = "ALL PRIVILEGES"; + "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + }; + } + ]; }; services.nginx = { @@ -49,30 +51,30 @@ recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts."cloud.mcwhirter.io" = { # Nextcloud hostname + virtualHosts."cloud.mcwhirter.io" = { + # Nextcloud hostname enableACME = true; # Use ACME certs forceSSL = true; # Force SSL }; - virtualHosts."owncloud.mcwhirter.io" = { # Hostname to be redirected + virtualHosts."owncloud.mcwhirter.io" = { + # Hostname to be redirected globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host }; }; - systemd.services."nextcloud-setup" = { # Ensure PostgreSQL is running first - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; + systemd.services."nextcloud-setup" = { + # Ensure PostgreSQL is running first + requires = ["postgresql.service"]; + after = ["postgresql.service"]; }; security.acme = { acceptTerms = true; - certs = { "cloud.mcwhirter.io" = { email = "craige@mcwhirter.io"; }; }; + certs = {"cloud.mcwhirter.io" = {email = "craige@mcwhirter.io";};}; }; - users.groups.keys.members = - [ "nextcloud" ]; # Required due to NixOps issue #1204 - users.groups.nextcloud.members = [ "nextcloud" ]; # Added for keys permissions - - networking.firewall.allowedTCPPorts = - [ 80 443 ]; # Open the required firewall ports + users.groups.keys.members = ["nextcloud"]; # Required due to NixOps issue #1204 + users.groups.nextcloud.members = ["nextcloud"]; # Added for keys permissions + networking.firewall.allowedTCPPorts = [80 443]; # Open the required firewall ports } diff --git a/profiles/nix-community.nix b/profiles/nix-community.nix index 863a640..a5fde36 100644 --- a/profiles/nix-community.nix +++ b/profiles/nix-community.nix @@ -1,16 +1,17 @@ # Use the Nix community aarch64 server as a build server # https://github.com/nix-community/aarch64-build-box - { nix = { distributedBuilds = true; - buildMachines = [{ - hostName = "aarch64.nixos.community"; - maxJobs = 64; - sshKey = "/root/.ssh/id_nixops_ed25519"; - sshUser = "craige"; - system = "aarch64-linux"; - supportedFeatures = [ "big-parallel" ]; - }]; + buildMachines = [ + { + hostName = "aarch64.nixos.community"; + maxJobs = 64; + sshKey = "/root/.ssh/id_nixops_ed25519"; + sshUser = "craige"; + system = "aarch64-linux"; + supportedFeatures = ["big-parallel"]; + } + ]; }; } diff --git a/profiles/nix-direnv.nix b/profiles/nix-direnv.nix index 589dd3d..da33b1d 100644 --- a/profiles/nix-direnv.nix +++ b/profiles/nix-direnv.nix @@ -1,9 +1,10 @@ # NixOps configuration nix-direnv - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { nix = { extraOptions = '' keep-outputs = true @@ -17,13 +18,12 @@ direnv # A shell extension that manages your environment nix-direnv # A fast, persistent use_nix implementation for direnv ]; - pathsToLink = [ "/share/nix-direnv" ]; + pathsToLink = ["/share/nix-direnv"]; }; nixpkgs.overlays = [ (self: super: { - nix-direnv = super.nix-direnv.override { enableFlakes = true; }; + nix-direnv = super.nix-direnv.override {enableFlakes = true;}; }) ]; - } diff --git a/profiles/nix-mio-ops.nix b/profiles/nix-mio-ops.nix index 034f838..b1eedfb 100644 --- a/profiles/nix-mio-ops.nix +++ b/profiles/nix-mio-ops.nix @@ -1,15 +1,16 @@ # Use the mio-ops build servers - { nix = { distributedBuilds = true; - buildMachines = [{ - hostName = "cuallaidh.mcwhirter.io"; - maxJobs = 64; - sshKey = "/root/.ssh/id_nixops_ed25519"; - sshUser = "craige"; - system = "x86_64-linux"; - supportedFeatures = [ "big-parallel" ]; - }]; + buildMachines = [ + { + hostName = "cuallaidh.mcwhirter.io"; + maxJobs = 64; + sshKey = "/root/.ssh/id_nixops_ed25519"; + sshUser = "craige"; + system = "x86_64-linux"; + supportedFeatures = ["big-parallel"]; + } + ]; }; } diff --git a/profiles/nixpkgs-dev.nix b/profiles/nixpkgs-dev.nix index 3893f9e..ff5b1b4 100644 --- a/profiles/nixpkgs-dev.nix +++ b/profiles/nixpkgs-dev.nix @@ -1,15 +1,16 @@ # NixOps configuration for the hosts I'm doing nixpkgs dev work on - -{ config, pkgs, lib, ... }: - +{ + config, + pkgs, + lib, + ... +}: #let # sources = import ../nix/sources.nix; # unstable = import sources.nixpkgsUnstable {}; #in - { - - nixpkgs = { config = { allowUnfree = true; }; }; + nixpkgs = {config = {allowUnfree = true;};}; environment = { systemPackages = with pkgs; [ @@ -27,5 +28,4 @@ #unstable.statix # Lints and suggestions for the nix programming language ]; }; - } diff --git a/profiles/openssh.nix b/profiles/openssh.nix index 89543e0..e69577b 100644 --- a/profiles/openssh.nix +++ b/profiles/openssh.nix @@ -1,19 +1,21 @@ # SSH service configuration common to all hosts - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { services.openssh = { enable = true; # Enable the OpenSSH daemon. permitRootLogin = "prohibit-password"; challengeResponseAuthentication = false; passwordAuthentication = false; openFirewall = true; - hostKeys = [{ - path = "/etc/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - }]; + hostKeys = [ + { + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; }; - } diff --git a/profiles/pi_common.nix b/profiles/pi_common.nix index 5514b4a..fb45389 100644 --- a/profiles/pi_common.nix +++ b/profiles/pi_common.nix @@ -1,14 +1,14 @@ # Configuration common to all my servers - -{ config, pkgs, lib, ... }: - { - - environment = { # Set the system-wide environment - systemPackages = with pkgs; - [ - usbutils # Tools for working with USB devices, such as lsusb - ]; + config, + pkgs, + lib, + ... +}: { + environment = { + # Set the system-wide environment + systemPackages = with pkgs; [ + usbutils # Tools for working with USB devices, such as lsusb + ]; }; - } diff --git a/profiles/picom.nix b/profiles/picom.nix index 0a595be..92b1f34 100644 --- a/profiles/picom.nix +++ b/profiles/picom.nix @@ -1,9 +1,5 @@ # Configuration for the Picom Compositor - -{ config, ... }: - -{ - +{config, ...}: { services = { picom = { enable = true; @@ -11,8 +7,8 @@ fade = true; inactiveOpacity = 0.8; menuOpacity = 0.8; - opacityRules = [ "100:class_g = 'XScreenSaver'" ]; - settings = { use-ewmh-active-win = true; }; + opacityRules = ["100:class_g = 'XScreenSaver'"]; + settings = {use-ewmh-active-win = true;}; vSync = true; }; }; diff --git a/profiles/powerManagement.nix b/profiles/powerManagement.nix index db533c1..1931d6b 100644 --- a/profiles/powerManagement.nix +++ b/profiles/powerManagement.nix @@ -1,9 +1,10 @@ # Power management configuration for the laptops - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { powerManagement = { enable = true; cpuFreqGovernor = lib.mkDefault "performance"; diff --git a/profiles/prometheus.nix b/profiles/prometheus.nix index d5417ca..eb58241 100644 --- a/profiles/prometheus.nix +++ b/profiles/prometheus.nix @@ -1,14 +1,15 @@ # NixOps configuration for the hosts running Prometheus on a Cardano node - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { services = { prometheus = { enable = true; webExternalUrl = "https://monitoring.mcwhirter.io/prometheus/"; - extraFlags = [ "--storage.tsdb.retention.time 8760h" ]; + extraFlags = ["--storage.tsdb.retention.time 8760h"]; exporters = { node = { enable = true; @@ -52,163 +53,151 @@ #} ]; rules = [ (builtins.toJSON { - groups = [{ - name = "system"; - rules = [ - { - alert = "node_down"; - expr = "up == 0"; - for = "5m"; - labels = { severity = "page"; }; - annotations = { - summary = "{{$labels.alias}}: Node is down."; - description = - "{{$labels.alias}} has been down for more than 5 minutes."; - }; - } - { - alert = "node_systemd_service_failed"; - expr = ''node_systemd_unit_state{state="failed"} == 1''; - for = "4m"; - labels = { severity = "page"; }; - annotations = { - summary = - "{{$labels.alias}}: Service {{$labels.name}} failed to start."; - description = - "{{$labels.alias}} failed to (re)start service {{$labels.name}}."; - }; - } - { - alert = "node_filesystem_full_90percent"; - expr = '' - sort(node_filesystem_free_bytes{device!="ramfs"} < node_filesystem_size_bytes{device!="ramfs"} * 0.1) / 1024^3''; - for = "5m"; - labels = { severity = "page"; }; - annotations = { - summary = - "{{$labels.alias}}: Filesystem is running out of space soon."; - description = - "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."; - }; - } - { - alert = "node_filesystem_full_in_4h"; - expr = '' - predict_linear(node_filesystem_free_bytes{device!="ramfs",device!="tmpfs",fstype!="autofs",fstype!="cd9660"}[4h], 4*3600) <= 0''; - for = "5m"; - labels = { severity = "page"; }; - annotations = { - summary = - "{{$labels.alias}}: Filesystem is running out of space in 4 hours."; - description = - "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"; - }; - } - { - alert = "node_filedescriptors_full_in_3h"; - expr = - "predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum"; - for = "20m"; - labels = { severity = "page"; }; - annotations = { - summary = - "{{$labels.alias}} is running out of available file descriptors in 3 hours."; - description = - "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"; - }; - } - { - alert = "node_load1_90percent"; - expr = '' - node_load1 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 0.9''; - for = "1h"; - labels = { severity = "page"; }; - annotations = { - summary = "{{$labels.alias}}: Running on high load."; - description = - "{{$labels.alias}} is running with > 90% total load for at least 1h."; - }; - } - { - alert = "node_cpu_util_90percent"; - expr = '' - 100 - (avg by (alias) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) >= 90''; - for = "1h"; - labels = { severity = "page"; }; - annotations = { - summary = "{{$labels.alias}}: High CPU utilization."; - description = - "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."; - }; - } - { - alert = "node_ram_using_99percent"; - expr = - "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01"; - for = "30m"; - labels = { severity = "page"; }; - annotations = { - summary = "{{$labels.alias}}: Using lots of RAM."; - description = - "{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now."; - }; - } - { - alert = "node_swap_using_80percent"; - expr = - "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8"; - for = "10m"; - labels = { severity = "page"; }; - annotations = { - summary = "{{$labels.alias}}: Running out of swap soon."; - description = - "{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."; - }; - } - { - alert = "node_time_unsync"; - expr = - "abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1"; - for = "1m"; - labels = { severity = "page"; }; - annotations = { - summary = "{{$labels.alias}}: Clock out of sync with NTP"; - description = - "{{$labels.alias}} Local clock offset is too large or out of sync with NTP"; - }; - } - ]; - }]; + groups = [ + { + name = "system"; + rules = [ + { + alert = "node_down"; + expr = "up == 0"; + for = "5m"; + labels = {severity = "page";}; + annotations = { + summary = "{{$labels.alias}}: Node is down."; + description = "{{$labels.alias}} has been down for more than 5 minutes."; + }; + } + { + alert = "node_systemd_service_failed"; + expr = ''node_systemd_unit_state{state="failed"} == 1''; + for = "4m"; + labels = {severity = "page";}; + annotations = { + summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start."; + description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."; + }; + } + { + alert = "node_filesystem_full_90percent"; + expr = '' + sort(node_filesystem_free_bytes{device!="ramfs"} < node_filesystem_size_bytes{device!="ramfs"} * 0.1) / 1024^3''; + for = "5m"; + labels = {severity = "page";}; + annotations = { + summary = "{{$labels.alias}}: Filesystem is running out of space soon."; + description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."; + }; + } + { + alert = "node_filesystem_full_in_4h"; + expr = '' + predict_linear(node_filesystem_free_bytes{device!="ramfs",device!="tmpfs",fstype!="autofs",fstype!="cd9660"}[4h], 4*3600) <= 0''; + for = "5m"; + labels = {severity = "page";}; + annotations = { + summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours."; + description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"; + }; + } + { + alert = "node_filedescriptors_full_in_3h"; + expr = "predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum"; + for = "20m"; + labels = {severity = "page";}; + annotations = { + summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours."; + description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"; + }; + } + { + alert = "node_load1_90percent"; + expr = '' + node_load1 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 0.9''; + for = "1h"; + labels = {severity = "page";}; + annotations = { + summary = "{{$labels.alias}}: Running on high load."; + description = "{{$labels.alias}} is running with > 90% total load for at least 1h."; + }; + } + { + alert = "node_cpu_util_90percent"; + expr = '' + 100 - (avg by (alias) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) >= 90''; + for = "1h"; + labels = {severity = "page";}; + annotations = { + summary = "{{$labels.alias}}: High CPU utilization."; + description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."; + }; + } + { + alert = "node_ram_using_99percent"; + expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01"; + for = "30m"; + labels = {severity = "page";}; + annotations = { + summary = "{{$labels.alias}}: Using lots of RAM."; + description = "{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now."; + }; + } + { + alert = "node_swap_using_80percent"; + expr = "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8"; + for = "10m"; + labels = {severity = "page";}; + annotations = { + summary = "{{$labels.alias}}: Running out of swap soon."; + description = "{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."; + }; + } + { + alert = "node_time_unsync"; + expr = "abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1"; + for = "1m"; + labels = {severity = "page";}; + annotations = { + summary = "{{$labels.alias}}: Clock out of sync with NTP"; + description = "{{$labels.alias}} Local clock offset is too large or out of sync with NTP"; + }; + } + ]; + } + ]; }) ]; scrapeConfigs = [ { job_name = "prometheus"; scrape_interval = "5s"; - static_configs = [{ - targets = [ "localhost:9090" ]; - labels = { alias = "prometheus"; }; - }]; + static_configs = [ + { + targets = ["localhost:9090"]; + labels = {alias = "prometheus";}; + } + ]; } { job_name = "cardano-node"; scrape_interval = "10s"; - static_configs = [{ - targets = [ "127.0.0.1:12798" ]; - labels = { alias = "airgead"; }; - }]; + static_configs = [ + { + targets = ["127.0.0.1:12798"]; + labels = {alias = "airgead";}; + } + ]; } { job_name = "node"; scrape_interval = "10s"; - static_configs = [{ - targets = [ "airgead.mcwhirter.io:9100" ]; - labels = { alias = "airgead.mcwhirter.io"; }; - }]; + static_configs = [ + { + targets = ["airgead.mcwhirter.io:9100"]; + labels = {alias = "airgead.mcwhirter.io";}; + } + ]; } ]; }; - }; - } diff --git a/profiles/qemu.nix b/profiles/qemu.nix index c620774..ea9de6e 100644 --- a/profiles/qemu.nix +++ b/profiles/qemu.nix @@ -1,31 +1,27 @@ # Based up original work by cleverca22 # https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix - -{ config, pkgs, lib, ... }: - -with lib; -let +{ + config, + pkgs, + lib, + ... +}: +with lib; let cfg = config.qemu-user; arm = { interpreter = "${pkgs.qemu-user-arm}/bin/qemu-arm"; - magicOrExtension = - "\\x7fELF\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x28\\x00"; - mask = - "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff"; + magicOrExtension = "\\x7fELF\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x28\\x00"; + mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff"; }; aarch64 = { interpreter = "${pkgs.qemu-user-arm64}/bin/qemu-aarch64"; - magicOrExtension = - "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00"; - mask = - "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff"; + magicOrExtension = "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00"; + mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff"; }; riscv64 = { interpreter = "${pkgs.qemu-riscv64}/bin/qemu-riscv64"; - magicOrExtension = - "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xf3\\x00"; - mask = - "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff"; + magicOrExtension = "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xf3\\x00"; + mask = "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff"; }; in { options = { @@ -37,21 +33,23 @@ in { nix.supportedPlatforms = mkOption { type = types.listOf types.str; description = "extra platforms that nix will run binaries for"; - default = [ ]; + default = []; }; }; config = mkIf (cfg.arm || cfg.aarch64) { - nixpkgs = { overlays = [ (import ../overlays/qemu) ]; }; - boot.binfmt.registrations = optionalAttrs cfg.arm { inherit arm; } - // optionalAttrs cfg.aarch64 { inherit aarch64; } - // optionalAttrs cfg.riscv64 { inherit riscv64; }; + nixpkgs = {overlays = [(import ../overlays/qemu)];}; + boot.binfmt.registrations = + optionalAttrs cfg.arm {inherit arm;} + // optionalAttrs cfg.aarch64 {inherit aarch64;} + // optionalAttrs cfg.riscv64 {inherit riscv64;}; nix.supportedPlatforms = - (optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ]) + (optionals cfg.arm ["armv6l-linux" "armv7l-linux"]) ++ (optional cfg.aarch64 "aarch64-linux"); nix.extraOptions = '' extra-platforms = ${toString config.nix.supportedPlatforms} i686-linux ''; - nix.sandboxPaths = [ "/run/binfmt" ] + nix.sandboxPaths = + ["/run/binfmt"] ++ (optional cfg.arm "${pkgs.qemu-user-arm}") ++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}"); }; diff --git a/profiles/retro-gaming.nix b/profiles/retro-gaming.nix index 4941283..04ec291 100644 --- a/profiles/retro-gaming.nix +++ b/profiles/retro-gaming.nix @@ -1,13 +1,13 @@ # Configuration for - -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { # Retro Gaming Packages environment.systemPackages = with pkgs; [ emulationstation libretro.stella retroarch ]; - } diff --git a/profiles/server_common.nix b/profiles/server_common.nix index 5bd8538..27b649a 100644 --- a/profiles/server_common.nix +++ b/profiles/server_common.nix @@ -1,9 +1,10 @@ # Configuration common to all my servers - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { imports = [ ../profiles/openssh.nix ../secrets/user-craige.nix @@ -17,5 +18,4 @@ # avoid CVE-2021-4034 (PwnKit) security.polkit.enable = false; - } diff --git a/profiles/spotify.nix b/profiles/spotify.nix index decc234..944444c 100644 --- a/profiles/spotify.nix +++ b/profiles/spotify.nix @@ -1,18 +1,16 @@ # Spotify service configuration - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { services.spotifyd = { enable = false; # Enable the Spotify daemon. - config = - "\n username = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/userName.gpg\n password_cmd = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/passwd.gpg\n "; + config = "\n username = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/userName.gpg\n password_cmd = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/passwd.gpg\n "; }; - environment.systemPackages = with pkgs; - [ - ncspot # ncurses Spotify client - ]; - + environment.systemPackages = with pkgs; [ + ncspot # ncurses Spotify client + ]; } diff --git a/profiles/starship.nix b/profiles/starship.nix index e2c9515..3d49779 100644 --- a/profiles/starship.nix +++ b/profiles/starship.nix @@ -1,8 +1,5 @@ -{ pkgs, ... }: - -{ - environment.systemPackages = with pkgs; - [ - starship # A minimal, blazing fast, and extremely customizable prompt for any shell - ]; +{pkgs, ...}: { + environment.systemPackages = with pkgs; [ + starship # A minimal, blazing fast, and extremely customizable prompt for any shell + ]; } diff --git a/profiles/sway.nix b/profiles/sway.nix index c613e31..af1caac 100644 --- a/profiles/sway.nix +++ b/profiles/sway.nix @@ -1,10 +1,11 @@ # Configuration the Sway window manager - -{ config, pkgs, ... }: - { + config, + pkgs, + ... +}: { programs.sway = { enable = true; - extraPackages = with pkgs; [ alacritty dmenu swayidle swaylock xwayland ]; + extraPackages = with pkgs; [alacritty dmenu swayidle swaylock xwayland]; }; } diff --git a/profiles/taskserver.nix b/profiles/taskserver.nix index e47fd25..b46b423 100644 --- a/profiles/taskserver.nix +++ b/profiles/taskserver.nix @@ -1,25 +1,26 @@ # NixOps configuration for the hosts running a Taskwarrior server (taskd) - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { services.taskserver = { enable = true; # Enable Taskwarrior server fqdn = "task.mcwhirter.io"; # Server's public domain name listenHost = "task.mcwhirter.io"; # Sets listening IP & opens firewall organisations = { teaghlach = { - groups = [ "teaghlach" ]; - users = [ "craige" "fiona" ]; + groups = ["teaghlach"]; + users = ["craige" "fiona"]; }; sgioba = { - groups = [ "sgioba" ]; - users = [ "craige" ]; + groups = ["sgioba"]; + users = ["craige"]; }; obair = { - groups = [ "obair" ]; - users = [ "craige" "disasm" ]; + groups = ["obair"]; + users = ["craige" "disasm"]; }; }; pki.auto.expiration = { @@ -28,5 +29,4 @@ server = 365; }; }; - } diff --git a/profiles/terminal-recording.nix b/profiles/terminal-recording.nix index cdc02f3..3c9a2b9 100644 --- a/profiles/terminal-recording.nix +++ b/profiles/terminal-recording.nix @@ -1,14 +1,14 @@ # Terminal recording tools and configuration - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { environment.systemPackages = with pkgs; [ asciinema # Terminal session recorder asciinema-scenario # Create asciinema videos from a text file image_optim # CLI tool to optimize images termtosvg # Record terminal sessions as SVG animations ]; - } diff --git a/profiles/tmux.nix b/profiles/tmux.nix index f1c4661..af32d0a 100644 --- a/profiles/tmux.nix +++ b/profiles/tmux.nix @@ -1,11 +1,12 @@ # Common configuration for Tmux users - -{ config, pkgs, ... }: - { - + config, + pkgs, + ... +}: { programs = { - tmux = { # Terminal multiplexer required by byobu + tmux = { + # Terminal multiplexer required by byobu enable = true; aggressiveResize = true; clock24 = true; @@ -43,5 +44,4 @@ tmuxPlugins.tmux-fzf tmuxPlugins.yank ]; - } diff --git a/profiles/tor-client.nix b/profiles/tor-client.nix index be03413..89ec9f6 100644 --- a/profiles/tor-client.nix +++ b/profiles/tor-client.nix @@ -1,16 +1,16 @@ # NixOps configuration for the hosts running TOR clients - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { services = { tor = { enable = true; - client = { enable = true; }; + client = {enable = true;}; }; }; - environment.systemPackages = with pkgs; [ torbrowser ]; - + environment.systemPackages = with pkgs; [torbrowser]; } diff --git a/profiles/transmission.nix b/profiles/transmission.nix index ef4d2f8..f1f03dd 100644 --- a/profiles/transmission.nix +++ b/profiles/transmission.nix @@ -1,9 +1,10 @@ # NixOps configuration for the hosts running Transmission - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { services = { transmission = { enable = true; # Enable Transmission @@ -26,9 +27,8 @@ }; }; - networking.firewall.allowedTCPPorts = [ 9091 ]; # Open the rpc firewall port + networking.firewall.allowedTCPPorts = [9091]; # Open the rpc firewall port # Allow transmission to read the secrets keys - users.groups.keys.members = [ "transmission" ]; - + users.groups.keys.members = ["transmission"]; } diff --git a/profiles/tt-rss.nix b/profiles/tt-rss.nix index 9b81f63..249cdde 100644 --- a/profiles/tt-rss.nix +++ b/profiles/tt-rss.nix @@ -1,12 +1,14 @@ # NixOps configuration for the hosts running Tiny Tiny RSS (TT-RSS) - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { services.tt-rss = { enable = true; # Enable TT-RSS - database = { # Configure the database + database = { + # Configure the database type = "pgsql"; # Database type passwordFile = "/run/keys/tt-rss-dbpass"; # Where to find the password }; @@ -23,18 +25,22 @@ authentication = '' local tt_rss all ident map=tt_rss-users ''; - identMap = # Map the tt-rss user to postgresql + identMap = + # Map the tt-rss user to postgresql '' tt_rss-users tt_rss tt_rss ''; - ensureDatabases = [ "tt_rss" ]; # Ensure the database persists - ensureUsers = [{ - name = "tt_rss"; # Ensure the database user persists - ensurePermissions = { # Ensure the database permissions persist - "DATABASE tt_rss" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; - }]; + ensureDatabases = ["tt_rss"]; # Ensure the database persists + ensureUsers = [ + { + name = "tt_rss"; # Ensure the database user persists + ensurePermissions = { + # Ensure the database permissions persist + "DATABASE tt_rss" = "ALL PRIVILEGES"; + "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + }; + } + ]; }; services.nginx = { @@ -43,14 +49,14 @@ recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts."news.mcwhirter.io" = { # TT-RSS hostname + virtualHosts."news.mcwhirter.io" = { + # TT-RSS hostname enableACME = true; # Use ACME certs forceSSL = true; # Force SSL }; }; - security.acme.certs = { "news.mcwhirter.io".email = "craige@mcwhirter.io"; }; - - users.groups.keys.members = [ "tt_rss" ]; # Required due to NixOps issue #1204 + security.acme.certs = {"news.mcwhirter.io".email = "craige@mcwhirter.io";}; + users.groups.keys.members = ["tt_rss"]; # Required due to NixOps issue #1204 } diff --git a/profiles/typingTutor.nix b/profiles/typingTutor.nix index f181be9..7796f34 100644 --- a/profiles/typingTutor.nix +++ b/profiles/typingTutor.nix @@ -1,9 +1,5 @@ # NixOps typing tutorials - -{ pkgs, ... }: - -{ - +{pkgs, ...}: { environment = { systemPackages = with pkgs; [ gtypist # Universal typing tutor @@ -12,5 +8,4 @@ terminal-typeracer # Terminal based version of Typeracer ]; }; - } diff --git a/profiles/vim.nix b/profiles/vim.nix index af4663a..5329ecd 100644 --- a/profiles/vim.nix +++ b/profiles/vim.nix @@ -1,297 +1,297 @@ -with import { overlays = [ (import ../overlays/vim-cue.nix) ]; }; +with import {overlays = [(import ../overlays/vim-cue.nix)];}; + vim_configurable.customize { + name = "vim"; # Specifies the vim binary name. + # Below you can specify what usually goes into `~/.vimrc` + vimrcConfig.customRC = '' + " Preferred global default settings: + set number relativenumber " Enable relative line numbers by default + set cursorline " Highlight the current line number + set smartindent " Automatically insert extra level of indentation + set tabstop=4 " Default tabstop + set shiftwidth=4 " Default indent spacing + set expandtab " Expand [TABS] to spaces + syntax on " Enable syntax highlighting + set t_Co=256 " Use 265 colors in vim + set background=light " Set the default background scheme + colorscheme PaperColor " Set the default colour scheme + set spell spelllang=en_au " Defaul spell checking language + set spellfile=~/.vim-spell.en.utf-8.add " Add the spellfile + hi clear SpellBad " Clear any unwanted default settings + hi SpellBad cterm=underline " Set the spell checking highlight style + hi SpellBad ctermbg=NONE " Set the spell checking highlight background + match ErrorMsg '\s\+$' " -vim_configurable.customize { - name = "vim"; # Specifies the vim binary name. - # Below you can specify what usually goes into `~/.vimrc` - vimrcConfig.customRC = '' - " Preferred global default settings: - set number relativenumber " Enable relative line numbers by default - set cursorline " Highlight the current line number - set smartindent " Automatically insert extra level of indentation - set tabstop=4 " Default tabstop - set shiftwidth=4 " Default indent spacing - set expandtab " Expand [TABS] to spaces - syntax on " Enable syntax highlighting - set t_Co=256 " Use 265 colors in vim - set background=light " Set the default background scheme - colorscheme PaperColor " Set the default colour scheme - set spell spelllang=en_au " Defaul spell checking language - set spellfile=~/.vim-spell.en.utf-8.add " Add the spellfile - hi clear SpellBad " Clear any unwanted default settings - hi SpellBad cterm=underline " Set the spell checking highlight style - hi SpellBad ctermbg=NONE " Set the spell checking highlight background - match ErrorMsg '\s\+$' " + let g:airline_powerline_fonts = 1 " Use powerline fonts + let g:airline_theme='papercolor' " Set the airline theme - let g:airline_powerline_fonts = 1 " Use powerline fonts - let g:airline_theme='papercolor' " Set the airline theme + "call togglebg#map("") " Toggle background colour between dark|light - "call togglebg#map("") " Toggle background colour between dark|light + set laststatus=2 " Set up the status line so it's coloured and always on - set laststatus=2 " Set up the status line so it's coloured and always on + " Removes trailing spaces: + function! TrimWhiteSpace() + %s/\s\+$//e + endfunction - " Removes trailing spaces: - function! TrimWhiteSpace() - %s/\s\+$//e - endfunction + " Trigger for numbertoggle to switch modes + nnoremap :set relativenumber! - " Trigger for numbertoggle to switch modes - nnoremap :set relativenumber! + nnoremap RemoveTrailingWhiteSpace :call TrimWhiteSpace() + autocmd FileWritePre * :call TrimWhiteSpace() + autocmd FileAppendPre * :call TrimWhiteSpace() + autocmd FilterWritePre * :call TrimWhiteSpace() + autocmd BufWritePre * :call TrimWhiteSpace() + "autocmd BufWrite * :Autoformat - nnoremap RemoveTrailingWhiteSpace :call TrimWhiteSpace() - autocmd FileWritePre * :call TrimWhiteSpace() - autocmd FileAppendPre * :call TrimWhiteSpace() - autocmd FilterWritePre * :call TrimWhiteSpace() - autocmd BufWritePre * :call TrimWhiteSpace() - "autocmd BufWrite * :Autoformat + " FIXME: Currently always set to dark due to issues with Termonad Solarized theme + " Light during the day, dark during the night + let hour = strftime("%H") + if 7 <= hour && hour < 17 + set background=light + "hi Normal ctermbg=none " Set a transparent background + "let g:airline_solarized_bg='dark' " Set the airline background + else + set background=light + "hi Normal ctermbg=none " Set a transparent background + "let g:airline_solarized_bg='dark' " Set the airline background + endif - " FIXME: Currently always set to dark due to issues with Termonad Solarized theme - " Light during the day, dark during the night - let hour = strftime("%H") - if 7 <= hour && hour < 17 - set background=light - "hi Normal ctermbg=none " Set a transparent background - "let g:airline_solarized_bg='dark' " Set the airline background - else - set background=light - "hi Normal ctermbg=none " Set a transparent background - "let g:airline_solarized_bg='dark' " Set the airline background - endif + " Transparent editing of gpg encrypted files. + " By Wouter Hanegraaff + augroup encrypted + au! - " Transparent editing of gpg encrypted files. - " By Wouter Hanegraaff - augroup encrypted - au! + " First make sure nothing is written to ~/.viminfo while editing an encrypted file. + autocmd BufReadPre,FileReadPre *.gpg set viminfo= + " We don't want a swap file, as it writes unencrypted data to disk + autocmd BufReadPre,FileReadPre *.gpg set noswapfile + " Switch to binary mode to read the encrypted file + autocmd BufReadPre,FileReadPre *.gpg set bin + autocmd BufReadPre,FileReadPre *.gpg let ch_save = &ch|set ch=2 + autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg --decrypt 2> /dev/null + " Switch to normal mode for editing + autocmd BufReadPost,FileReadPost *.gpg set nobin + autocmd BufReadPost,FileReadPost *.gpg let &ch = ch_save|unlet ch_save + autocmd BufReadPost,FileReadPost *.gpg execute ":doautocmd BufReadPost " . expand("%:r") - " First make sure nothing is written to ~/.viminfo while editing an encrypted file. - autocmd BufReadPre,FileReadPre *.gpg set viminfo= - " We don't want a swap file, as it writes unencrypted data to disk - autocmd BufReadPre,FileReadPre *.gpg set noswapfile - " Switch to binary mode to read the encrypted file - autocmd BufReadPre,FileReadPre *.gpg set bin - autocmd BufReadPre,FileReadPre *.gpg let ch_save = &ch|set ch=2 - autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg --decrypt 2> /dev/null - " Switch to normal mode for editing - autocmd BufReadPost,FileReadPost *.gpg set nobin - autocmd BufReadPost,FileReadPost *.gpg let &ch = ch_save|unlet ch_save - autocmd BufReadPost,FileReadPost *.gpg execute ":doautocmd BufReadPost " . expand("%:r") + " Convert all text to encrypted text before writing + autocmd BufWritePre,FileWritePre *.gpg '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null + " Undo the encryption so we are back in the normal text, directly + " after the file has been written. + autocmd BufWritePost,FileWritePost *.gpg u + augroup END - " Convert all text to encrypted text before writing - autocmd BufWritePre,FileWritePre *.gpg '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null - " Undo the encryption so we are back in the normal text, directly - " after the file has been written. - autocmd BufWritePost,FileWritePost *.gpg u - augroup END + " Manage ISO files + augroup iso + au! - " Manage ISO files - augroup iso - au! + " First make sure nothing is written to ~/.viminfo while editing an encrypted file. + autocmd BufReadPre,FileReadPre *.iso set viminfo= + " We don't want a swap file, as it writes unencrypted data to disk + autocmd BufReadPre,FileReadPre *.iso set noswapfile + " Switch to binary mode to read the encrypted file + autocmd BufReadPre,FileReadPre *.iso set bin + autocmd BufReadPre,FileReadPre *.iso let ch_save = &ch|set ch=2 + autocmd BufReadPost,FileReadPost *.iso '[,']!gpg --decrypt 2> /dev/null + " Switch to normal mode for editing + autocmd BufReadPost,FileReadPost *.iso set nobin + autocmd BufReadPost,FileReadPost *.iso let &ch = ch_save|unlet ch_save + autocmd BufReadPost,FileReadPost *.iso execute ":doautocmd BufReadPost " . expand("%:r") - " First make sure nothing is written to ~/.viminfo while editing an encrypted file. - autocmd BufReadPre,FileReadPre *.iso set viminfo= - " We don't want a swap file, as it writes unencrypted data to disk - autocmd BufReadPre,FileReadPre *.iso set noswapfile - " Switch to binary mode to read the encrypted file - autocmd BufReadPre,FileReadPre *.iso set bin - autocmd BufReadPre,FileReadPre *.iso let ch_save = &ch|set ch=2 - autocmd BufReadPost,FileReadPost *.iso '[,']!gpg --decrypt 2> /dev/null - " Switch to normal mode for editing - autocmd BufReadPost,FileReadPost *.iso set nobin - autocmd BufReadPost,FileReadPost *.iso let &ch = ch_save|unlet ch_save - autocmd BufReadPost,FileReadPost *.iso execute ":doautocmd BufReadPost " . expand("%:r") + " Convert all text to encrypted text before writing + autocmd BufWritePre,FileWritePre *.iso '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null + " Undo the encryption so we are back in the normal text, directly + " after the file has been written. + autocmd BufWritePost,FileWritePost *.iso u + augroup END - " Convert all text to encrypted text before writing - autocmd BufWritePre,FileWritePre *.iso '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null - " Undo the encryption so we are back in the normal text, directly - " after the file has been written. - autocmd BufWritePost,FileWritePost *.iso u - augroup END + " Use persistent history. + if !isdirectory("/tmp/.vim-undo-dir") + call mkdir("/tmp/.vim-undo-dir", "", 0700) + endif + set undodir=/tmp/.vim-undo-dir + set undofile - " Use persistent history. - if !isdirectory("/tmp/.vim-undo-dir") - call mkdir("/tmp/.vim-undo-dir", "", 0700) - endif - set undodir=/tmp/.vim-undo-dir - set undofile + " My Markdown environment + function! MarkdownSettings() + set textwidth=79 + set spell spelllang=en_au + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.mdwn :call MarkdownSettings() + autocmd BufNewFile,BufFilePre,BufRead *.md :call MarkdownSettings() - " My Markdown environment - function! MarkdownSettings() - set textwidth=79 - set spell spelllang=en_au - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.mdwn :call MarkdownSettings() - autocmd BufNewFile,BufFilePre,BufRead *.md :call MarkdownSettings() + " My ReStructured Text environment + function! ReStructuredSettings() + set textwidth=79 + set spell spelllang=en_au + hi clear SpellBad " Clear any unwanted default settings + hi SpellBad cterm=underline " Set the spell checking highlight style + hi SpellBad ctermbg=NONE " Set the spell checking highlight background + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.rst :call ReStructuredSettings() + autocmd BufNewFile,BufFilePre,BufRead *.txt :call ReStructuredSettings() - " My ReStructured Text environment - function! ReStructuredSettings() - set textwidth=79 - set spell spelllang=en_au - hi clear SpellBad " Clear any unwanted default settings - hi SpellBad cterm=underline " Set the spell checking highlight style - hi SpellBad ctermbg=NONE " Set the spell checking highlight background - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.rst :call ReStructuredSettings() - autocmd BufNewFile,BufFilePre,BufRead *.txt :call ReStructuredSettings() + " My LaTeX environment: + function! LaTeXSettings() + set textwidth=79 + set spell spelllang=en_au + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.tex :call LaTeXSettings() - " My LaTeX environment: - function! LaTeXSettings() - set textwidth=79 - set spell spelllang=en_au - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.tex :call LaTeXSettings() + " Settings for my Haskell environment: + function! HaskellSettings() + set tabstop=2 + set shiftwidth=2 + set expandtab + set textwidth=79 + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.hs :call HaskellSettings() - " Settings for my Haskell environment: - function! HaskellSettings() - set tabstop=2 - set shiftwidth=2 - set expandtab - set textwidth=79 - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.hs :call HaskellSettings() + " Settings for my Nix environment: + function! NixSettings() + set tabstop=2 + set shiftwidth=2 + set expandtab + set textwidth=79 + set filetype=nix + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.nix :call NixSettings() - " Settings for my Nix environment: - function! NixSettings() - set tabstop=2 - set shiftwidth=2 - set expandtab - set textwidth=79 - set filetype=nix - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.nix :call NixSettings() + " Settings for my Cue environment: + function! CueSettings() + set tabstop=2 + set shiftwidth=2 + set textwidth=79 + let g:cue_fmt_on_save = 1 + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.cue :call CueSettings() - " Settings for my Cue environment: - function! CueSettings() - set tabstop=2 - set shiftwidth=2 - set textwidth=79 - let g:cue_fmt_on_save = 1 - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.cue :call CueSettings() + " Settings for my Rust environment: + function! RustSettings() + set tabstop=4 + set shiftwidth=4 + set expandtab + set textwidth=79 + let g:rustfmt_autosave = 1 + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.rs :call RustSettings() - " Settings for my Rust environment: - function! RustSettings() - set tabstop=4 - set shiftwidth=4 - set expandtab - set textwidth=79 - let g:rustfmt_autosave = 1 - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.rs :call RustSettings() + " Settings for my Crystal environment: + function! CrystalSettings() + set tabstop=2 + set shiftwidth=2 + set expandtab + set textwidth=79 + set filetype=crystal + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.cr :call CrystalSettings() - " Settings for my Crystal environment: - function! CrystalSettings() - set tabstop=2 - set shiftwidth=2 - set expandtab - set textwidth=79 - set filetype=crystal - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.cr :call CrystalSettings() + " Settings for my Golang environment: + function! GoSettings() + set tabstop=7 + set shiftwidth=7 + set noexpandtab + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.go :call GoSettings() - " Settings for my Golang environment: - function! GoSettings() - set tabstop=7 - set shiftwidth=7 - set noexpandtab - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.go :call GoSettings() + " Settings for my Python environment: + function! PythonSettings() + set tabstop=4 + set shiftwidth=4 + set expandtab + set textwidth=79 + set spell! + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.py :call PythonSettings() - " Settings for my Python environment: - function! PythonSettings() - set tabstop=4 - set shiftwidth=4 - set expandtab - set textwidth=79 - set spell! - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.py :call PythonSettings() + " My Mutt environment + function! MuttSettings() + set textwidth=79 + set spell spelllang=en_au + hi clear SpellBad " Clear any unwanted default settings + hi SpellBad cterm=underline " Set the spell checking highlight style + hi SpellBad ctermbg=NONE " Set the spell checking highlight background + endfunction + autocmd BufNewFile,BufFilePre,BufRead mutt-* :call MuttSettings() + autocmd BufNewFile,BufFilePre,BufRead neomutt-* :call MuttSettings() - " My Mutt environment - function! MuttSettings() - set textwidth=79 - set spell spelllang=en_au - hi clear SpellBad " Clear any unwanted default settings - hi SpellBad cterm=underline " Set the spell checking highlight style - hi SpellBad ctermbg=NONE " Set the spell checking highlight background - endfunction - autocmd BufNewFile,BufFilePre,BufRead mutt-* :call MuttSettings() - autocmd BufNewFile,BufFilePre,BufRead neomutt-* :call MuttSettings() + " Settings for my C environment: + function! CSettings() + set tabstop=2 + set shiftwidth=2 + set expandtab + set textwidth=79 + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.c :call CSettings() - " Settings for my C environment: - function! CSettings() - set tabstop=2 - set shiftwidth=2 - set expandtab - set textwidth=79 - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.c :call CSettings() + " Settings for my YAML environment: + function! YAMLSettings() + set tabstop=2 + set shiftwidth=2 + set expandtab + set textwidth=79 + set spell spelllang=en_au + hi clear SpellBad " Clear any unwanted default settings + hi SpellBad cterm=underline " Set the spell checking highlight style + hi SpellBad ctermbg=NONE " Set the spell checking highlight background + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.yaml :call YAMLSettings() + autocmd BufNewFile,BufFilePre,BufRead *.yml :call YAMLSettings() - " Settings for my YAML environment: - function! YAMLSettings() - set tabstop=2 - set shiftwidth=2 - set expandtab - set textwidth=79 - set spell spelllang=en_au - hi clear SpellBad " Clear any unwanted default settings - hi SpellBad cterm=underline " Set the spell checking highlight style - hi SpellBad ctermbg=NONE " Set the spell checking highlight background - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.yaml :call YAMLSettings() - autocmd BufNewFile,BufFilePre,BufRead *.yml :call YAMLSettings() + " Settings for my Bash environment: + function! BashSettings() + set tabstop=4 + set shiftwidth=4 + set expandtab + set textwidth=79 + set spell! + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.sh :call BashSettings() - " Settings for my Bash environment: - function! BashSettings() - set tabstop=4 - set shiftwidth=4 - set expandtab - set textwidth=79 - set spell! - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.sh :call BashSettings() + " My Bzr commit environment + function! BzrSettings() + set textwidth=79 + set spell spelllang=en_au + set tabstop=4 + set shiftwidth=4 + set expandtab + endfunction + autocmd BufNewFile,BufFilePre,BufRead bzr_* :call BzrSettings() + ''; - " My Bzr commit environment - function! BzrSettings() - set textwidth=79 - set spell spelllang=en_au - set tabstop=4 - set shiftwidth=4 - set expandtab - endfunction - autocmd BufNewFile,BufFilePre,BufRead bzr_* :call BzrSettings() - ''; - - # store your plugins in Vim packages - vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; { - start = [ # Plugins loaded on launch - airline # Lean & mean status/tabline for vim that's light as air - ctrlp # Full path fuzzy file, buffer, mru, tag, ... finder for Vim - fugitive # Vim Git wrapper - gruvbox # Install the gruvbox theme - haskell-vim # Syntax Highlighting and Indentation for Haskell - indentLine # Display thin vertical lines at each indentation level - neocomplete-vim # Keyword completion system - nerdcommenter # Comment functions so powerful—no comment necessary - nerdtree # File system explorer - nerdtree-git-plugin # Plugin for nerdtree showing git status - nord-vim # Nord theme for ViM - papercolor-theme # Light & dark schemes inspired by Google's Material Design - snipmate # Concise vim script implementing TextMate's snippets features - solarized # Solarized colours for Vim - supertab # Allows you to use for all your insert completion - syntastic # Syntax checking hacks - tabular # Script for text filtering and alignment - vim-addon-nix # Scripts assisting writing .nix files - vim-airline-themes # Collection of themes for airline - vim-autoformat # Automatically format code - vim-colorschemes # Collection of ViM colour schemes - vim-cue # Cue filetype plugin for Vim - vim-nix # Support for writing Nix expressions in vim - vim-numbertoggle # Toggle between relative / absolute line numbers automatically - vim-polyglot # A solid language pack for Vim - ]; - # manually loadable by calling `:packadd $plugin-name` - # opt = [ phpCompletion elm-vim ]; - # To automatically load a plugin when opening a filetype, add vimrc lines like: - # autocmd FileType php :packadd phpCompletion - }; -} + # store your plugins in Vim packages + vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; { + start = [ + # Plugins loaded on launch + airline # Lean & mean status/tabline for vim that's light as air + ctrlp # Full path fuzzy file, buffer, mru, tag, ... finder for Vim + fugitive # Vim Git wrapper + gruvbox # Install the gruvbox theme + haskell-vim # Syntax Highlighting and Indentation for Haskell + indentLine # Display thin vertical lines at each indentation level + neocomplete-vim # Keyword completion system + nerdcommenter # Comment functions so powerful—no comment necessary + nerdtree # File system explorer + nerdtree-git-plugin # Plugin for nerdtree showing git status + nord-vim # Nord theme for ViM + papercolor-theme # Light & dark schemes inspired by Google's Material Design + snipmate # Concise vim script implementing TextMate's snippets features + solarized # Solarized colours for Vim + supertab # Allows you to use for all your insert completion + syntastic # Syntax checking hacks + tabular # Script for text filtering and alignment + vim-addon-nix # Scripts assisting writing .nix files + vim-airline-themes # Collection of themes for airline + vim-autoformat # Automatically format code + vim-colorschemes # Collection of ViM colour schemes + vim-cue # Cue filetype plugin for Vim + vim-nix # Support for writing Nix expressions in vim + vim-numbertoggle # Toggle between relative / absolute line numbers automatically + vim-polyglot # A solid language pack for Vim + ]; + # manually loadable by calling `:packadd $plugin-name` + # opt = [ phpCompletion elm-vim ]; + # To automatically load a plugin when opening a filetype, add vimrc lines like: + # autocmd FileType php :packadd phpCompletion + }; + } diff --git a/profiles/weechat.nix b/profiles/weechat.nix index 85ef8b4..f8ff90b 100644 --- a/profiles/weechat.nix +++ b/profiles/weechat.nix @@ -1,16 +1,17 @@ # Weechat application configuration common to all hosts - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { environment.systemPackages = with pkgs; [ aspell # Required for spell checking in weechat aspellDicts.en # Required for spell checking in weechat aspellDicts.en-computers # Required for spell checking in weechat aspellDicts.en-science # Required for spell checking in weechat (weechat.override { - configure = { availablePlugins, ... }: + configure = {availablePlugins, ...}: with weechatScripts; { plugins = with availablePlugins; [ lua @@ -32,5 +33,4 @@ }) weechatScripts.weechat-matrix # Weechat communication over the Matrix protocol ]; - } diff --git a/profiles/wine.nix b/profiles/wine.nix index 9264954..8ac6e50 100644 --- a/profiles/wine.nix +++ b/profiles/wine.nix @@ -1,6 +1,4 @@ -{ pkgs, ... }: - -{ +{pkgs, ...}: { environment.systemPackages = with pkgs; [ # ... @@ -11,7 +9,7 @@ wine # support 64-bit only - (wine.override { wineBuild = "wine64"; }) + (wine.override {wineBuild = "wine64";}) # wine-staging (version with experimental features) wineWowPackages.staging diff --git a/profiles/xmonad.nix b/profiles/xmonad.nix index 724466e..4a26057 100644 --- a/profiles/xmonad.nix +++ b/profiles/xmonad.nix @@ -1,39 +1,42 @@ # Configuration for my xmonad desktop requirements - -{ config, pkgs, ... }: - { - - imports = [ ../profiles/picom.nix ]; + config, + pkgs, + ... +}: { + imports = [../profiles/picom.nix]; services = { devmon.enable = true; # Enable external device automounting. - udev = { packages = with pkgs; [ gnome3.gnome-settings-daemon ]; }; + udev = {packages = with pkgs; [gnome3.gnome-settings-daemon];}; udisks2.enable = true; # Enable udisks2. xserver = { enable = true; # Enable the X11 windowing system. desktopManager = { xterm.enable = false; # Disable NixOS default desktop manager. - gnome.enable = true; # Enable GNOME desktop environment + gnome.enable = false; # Enable GNOME desktop environment + plasma5.enable = true; # Enable Plasma desktop environment }; displayManager = { - defaultSession = - "none+xmonad"; # Set xmonad as the default window manager. - gdm.enable = true; # Enable the GNOME display manager + defaultSession = "none+xmonad"; # Set xmonad as the default window manager. + gdm.enable = false; # Enable the GNOME display manager + sddm.enable = true; # Enable the Plasma display manager }; layout = "us"; # Set your preferred keyboard layout. libinput.enable = true; # Enable touchpad support. - windowManager = { # Open configuration for the window manager. + windowManager = { + # Open configuration for the window manager. xmonad.enable = true; # Enable xmonad. xmonad.enableContribAndExtras = true; # Enable xmonad contrib and extras. - xmonad.extraPackages = - hpkgs: [ # Open configuration for additional Haskell packages. - hpkgs.xmonad-contrib # Install xmonad-contrib. - hpkgs.xmonad-extras # Install xmonad-extras. - hpkgs.xmonad # Install xmonad itself. - ]; + xmonad.extraPackages = haskellPackages: [ + # Open configuration for additional Haskell packages. + haskellPackages.dbus + haskellPackages.xmonad-contrib # Install xmonad-contrib. + haskellPackages.xmonad-extras # Install xmonad-extras. + haskellPackages.xmonad + ]; }; }; }; @@ -46,10 +49,9 @@ }; # Install any additional fonts that I require to be used with xmonad - fonts.fonts = with pkgs; - [ - opensans-ttf # Used in in my xmobar configuration - ]; + fonts.fonts = with pkgs; [ + opensans-ttf # Used in in my xmobar configuration + ]; # Install other packages that I require to be used with xmonad. environment.systemPackages = with pkgs; [ @@ -58,9 +60,6 @@ gnome3.gnome-tweaks # A tool to customize advanced GNOME 3 options haskellPackages.libmpd # Shows MPD status in xmobar haskellPackages.xmobar # A minimalistic text based status bar - haskellPackages.xmonad # Required for user rebuild with (ie: [alt]+Q) - haskellPackages.xmonad-extras # Required for user rebuild with (ie: [alt]+Q) - haskellPackages.xmonad-contrib # Required for user rebuild with (ie: [alt]+Q) libnotify # Notification client for my Xmonad setup lxqt.lxqt-notificationd # The notify daemon itself mpc_cli # CLI for MPD, called from xmonad @@ -74,5 +73,4 @@ ]; programs.dconf.enable = true; - } diff --git a/profiles/yubikey.nix b/profiles/yubikey.nix index d98cddb..9228d80 100644 --- a/profiles/yubikey.nix +++ b/profiles/yubikey.nix @@ -1,9 +1,10 @@ # NixOps configuration for the hosts using Yubikeys - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { services = { udev = { packages = [ @@ -11,7 +12,7 @@ pkgs.libu2f-host # A C library and command-line tool that implements the host-side of the U2F protocol ]; extraRules = let - dependencies = with pkgs; [ coreutils gnupg gawk gnugrep ]; + dependencies = with pkgs; [coreutils gnupg gawk gnugrep]; clearYubikey = pkgs.writeScript "clear-yubikey" '' #!${pkgs.stdenv.shell} export PATH=${pkgs.lib.makeBinPath dependencies}; @@ -62,5 +63,4 @@ pinentryFlavor = "qt"; }; }; - } diff --git a/profiles/zsh.nix b/profiles/zsh.nix index ed416c0..0529ed7 100644 --- a/profiles/zsh.nix +++ b/profiles/zsh.nix @@ -1,9 +1,10 @@ # Configuration common to all my servers - -{ config, pkgs, lib, ... }: - { - + config, + pkgs, + lib, + ... +}: { # Program defaults for all hosts programs.zsh = { enable = true; # Also enables & installs nix-zsh-completions @@ -22,7 +23,7 @@ ''; ohMyZsh = { enable = true; - plugins = [ "fzf" "git" ]; + plugins = ["fzf" "git"]; }; promptInit = '' eval "$(starship init zsh)" @@ -30,8 +31,7 @@ vteIntegration = true; }; - environment.systemPackages = with pkgs; [ fzf ]; + environment.systemPackages = with pkgs; [fzf]; users.defaultUserShell = pkgs.zsh; # Set the default shell for all users - }