diff --git a/default.nix b/default.nix index bfa8320..97fb88d 100644 --- a/default.nix +++ b/default.nix @@ -1,15 +1,13 @@ -{ sources ? import ./nix/sources.nix -, system ? builtins.currentSystem -, crossSystem ? null -, config ? {} -, cardanoNodeProject ? import sources.cardano-node {} -}@args: with import ./nix args; { +{ sources ? import ./nix/sources.nix, system ? builtins.currentSystem +, crossSystem ? null, config ? { } +, cardanoNodeProject ? import sources.cardano-node { } }@args: +with import ./nix args; { shell = mkShell { - inherit (import sources.niv {}) niv; + inherit (import sources.niv { }) niv; buildInputs = [ - cardanoNodeProject.cardano-cli # required for KES key rotation + cardanoNodeProject.cardano-cli # required for KES key rotation niv - nixopsUnstable # work around for issue #127423 + nixopsUnstable # work around for issue #127423 ]; NIX_PATH = "nixpkgs=${path}"; NIXOPS_DEPLOYMENT = "${globals.deploymentName}"; diff --git a/deployments/mio-ops.nix b/deployments/mio-ops.nix index 47d8d13..2d9691d 100644 --- a/deployments/mio-ops.nix +++ b/deployments/mio-ops.nix @@ -6,26 +6,25 @@ enableRollback = true; }; - resources.sshKeyPairs.ssh-key = {}; + resources.sshKeyPairs.ssh-key = { }; - defaults = - { config, pkgs, lib, ... }: + defaults = { config, pkgs, lib, ... }: { - system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps + system.autoUpgrade.enable = false; # Disabled as it conflicts with NixOps }; - airgead = import ../hosts/airgead.nix; - ceilidh = import ../hosts/ceilidh.nix; - cuallaidh = import ../hosts/cuallaidh.nix; - dhu = import ../hosts/dhu.nix; - dionach = import ../hosts/dionach.nix; - iolear-beag = import ../hosts/iolear-beag.nix; + airgead = import ../hosts/airgead.nix; + ceilidh = import ../hosts/ceilidh.nix; + cuallaidh = import ../hosts/cuallaidh.nix; + dhu = import ../hosts/dhu.nix; + dionach = import ../hosts/dionach.nix; + iolear-beag = import ../hosts/iolear-beag.nix; paidh-ceithir = import ../hosts/paidh-ceithir.nix; - paidh-coig = import ../hosts/paidh-coig.nix; - paidh-dha = import ../hosts/paidh-dha.nix; - paidh-tri = import ../hosts/paidh-tri.nix; + paidh-coig = import ../hosts/paidh-coig.nix; + paidh-dha = import ../hosts/paidh-dha.nix; + paidh-tri = import ../hosts/paidh-tri.nix; paidh-uachdar = import ../hosts/paidh-uachdar.nix; - sithlainnir = import ../hosts/sithlainnir.nix; - teintidh = import ../hosts/teintidh.nix; + sithlainnir = import ../hosts/sithlainnir.nix; + teintidh = import ../hosts/teintidh.nix; } diff --git a/globals-defaults.nix b/globals-defaults.nix index 2c63c08..ffcd441 100644 --- a/globals-defaults.nix +++ b/globals-defaults.nix @@ -1,2 +1 @@ -{ -} +{ } diff --git a/hardware/eeepc701.nix b/hardware/eeepc701.nix index 620fd07..0e0691b 100644 --- a/hardware/eeepc701.nix +++ b/hardware/eeepc701.nix @@ -15,9 +15,9 @@ availableKernelModules = [ "ata_piix" "ehci_pci" - "sd_mod" # SCSI disk support + "sd_mod" # SCSI disk support "uhci_hcd" - "usb_storage" # USB Mass Storage support + "usb_storage" # USB Mass Storage support ]; }; loader = { @@ -50,15 +50,13 @@ }; }; - fileSystems."/" = - { device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; - swapDevices = - [ { device = "/dev/disk/by-label/swap"; } - ]; + swapDevices = [{ device = "/dev/disk/by-label/swap"; }]; - networking.wireless.enable = true; # Enable wireless via wpa_supplicant. + networking.wireless.enable = true; # Enable wireless via wpa_supplicant. nix.maxJobs = lib.mkDefault 1; } diff --git a/hardware/lenovo_x201.nix b/hardware/lenovo_x201.nix index 4dc6a4d..bb65f2c 100644 --- a/hardware/lenovo_x201.nix +++ b/hardware/lenovo_x201.nix @@ -3,23 +3,20 @@ { config, lib, pkgs, ... }: { - imports = - [ - ]; + imports = [ ]; - boot.initrd.availableKernelModules = [ "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = + [ "ehci_pci" "ata_piix" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; - swapDevices = - [ { device = "/dev/disk/by-label/swap"; } - ]; + swapDevices = [{ device = "/dev/disk/by-label/swap"; }]; hardware.opengl.extraPackages = with pkgs; [ vaapiIntel ]; nix.maxJobs = lib.mkDefault 4; diff --git a/hardware/linode_vm-encrypted.nix b/hardware/linode_vm-encrypted.nix index d3af8ff..e032856 100644 --- a/hardware/linode_vm-encrypted.nix +++ b/hardware/linode_vm-encrypted.nix @@ -27,7 +27,7 @@ loader = { grub = { forceInstall = true; - version =1; + version = 1; extraPerEntryConfig = "root (hd0)"; extraConfig = '' serial --speed=19200 --unit=0 --word=8 --parity=no --stop=1; @@ -41,16 +41,12 @@ }; # File systems configuration for the Linode VMs - fileSystems."/" = - { device = "/dev/disk/by-label/nixos"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/nixos"; + fsType = "ext4"; + }; - swapDevices = [ - { - device = "/dev/disk/by-label/swap"; - } - ]; + swapDevices = [{ device = "/dev/disk/by-label/swap"; }]; nix.maxJobs = lib.mkDefault 8; } diff --git a/hardware/linode_vm.nix b/hardware/linode_vm.nix index d3d71f1..377f75e 100644 --- a/hardware/linode_vm.nix +++ b/hardware/linode_vm.nix @@ -26,16 +26,12 @@ }; # File systems configuration for the Linode VMs - fileSystems."/" = - { device = "/dev/sda"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/sda"; + fsType = "ext4"; + }; - swapDevices = [ - { - device = "/dev/sdb"; - } - ]; + swapDevices = [{ device = "/dev/sdb"; }]; nix.maxJobs = lib.mkDefault 4; } diff --git a/hardware/odroid-hc4/default.nix b/hardware/odroid-hc4/default.nix index d406af2..c6a9b3b 100644 --- a/hardware/odroid-hc4/default.nix +++ b/hardware/odroid-hc4/default.nix @@ -4,10 +4,9 @@ with lib; let sources = import ../../nix/sources.nix; - unstable = import sources.nixpkgsUnstable {}; -in + unstable = import sources.nixpkgsUnstable { }; -{ +in { imports = [ "${modulesPath}/profiles/base.nix" ./uboot/hardkernel-uboot.nix @@ -36,7 +35,6 @@ in (import ./overlays/uboot/overlay.nix) ]; - # DNS services.resolved.enable = true; services.resolved.dnssec = "false"; diff --git a/hardware/odroid-hc4/modules/sd-image/default.nix b/hardware/odroid-hc4/modules/sd-image/default.nix index e415307..7a6c7e5 100644 --- a/hardware/odroid-hc4/modules/sd-image/default.nix +++ b/hardware/odroid-hc4/modules/sd-image/default.nix @@ -1,5 +1,4 @@ -{ pkgs, lib, config, modulesPath, ... }: -{ +{ pkgs, lib, config, modulesPath, ... }: { imports = [ "${modulesPath}/installer/sd-card/sd-image.nix" # should we include this module or should we treat the SD @@ -18,7 +17,8 @@ # Remove zfs from supported filesystems as it fails when cross-compiling due # to not being able to build kernel module - boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; + boot.supportedFilesystems = + lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ]; sdImage = { compressImage = false; diff --git a/hardware/odroid-hc4/overlays/kernel/kernel.nix b/hardware/odroid-hc4/overlays/kernel/kernel.nix index c8e970e..e2aef92 100644 --- a/hardware/odroid-hc4/overlays/kernel/kernel.nix +++ b/hardware/odroid-hc4/overlays/kernel/kernel.nix @@ -1,13 +1,5 @@ -{ stdenv -, buildPackages -, fetchFromGitHub -, perl -, buildLinux -, libelf -, utillinux -, lib -, ... -}@args: +{ stdenv, buildPackages, fetchFromGitHub, perl, buildLinux, libelf, utillinux +, lib, ... }@args: buildLinux (args // rec { version = "4.9.241-107"; diff --git a/hardware/odroid-hc4/overlays/kernel/overlay.nix b/hardware/odroid-hc4/overlays/kernel/overlay.nix index 9c99392..2a2136a 100644 --- a/hardware/odroid-hc4/overlays/kernel/overlay.nix +++ b/hardware/odroid-hc4/overlays/kernel/overlay.nix @@ -7,7 +7,10 @@ final: prev: { # 3. The IRBLASTER module not registering syscalls correctly # The following patch makes the above warnings non-errors, decreases NR_CPUS to 4 and disables the IRBLASTER module. - ({ name = "hardkernel-patches"; patch = ./kernel.diff; }) + ({ + name = "hardkernel-patches"; + patch = ./kernel.diff; + }) ]; }; } diff --git a/hardware/odroid-hc4/overlays/uboot/hardkernel.nix b/hardware/odroid-hc4/overlays/uboot/hardkernel.nix index 7f2ad73..6fae66a 100644 --- a/hardware/odroid-hc4/overlays/uboot/hardkernel.nix +++ b/hardware/odroid-hc4/overlays/uboot/hardkernel.nix @@ -3,25 +3,14 @@ gcc49Stdenv.mkDerivation { name = "hardkernel-uboot"; src = builtins.fetchTarball { - url = "https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz"; + url = + "https://github.com/hardkernel/u-boot/archive/766167bbe787e494e47376b31cd017b897e9594c.tar.gz"; sha256 = "0hj49jf9w2w55r7fjpx8asb92r85lws8mvq4mvl1v309z7k56zwv"; }; patches = [ ./pwd.diff ./fip_create.diff ]; - nativeBuildInputs = [ - git - gcc49Stdenv.cc - bc - bison - flex - nettools - ]; - depsBuildBuild = [ - arm-gcc49 - buildPackages.gcc49Stdenv.cc - ]; - makeFlags = [ - "CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}" - ]; + nativeBuildInputs = [ git gcc49Stdenv.cc bc bison flex nettools ]; + depsBuildBuild = [ arm-gcc49 buildPackages.gcc49Stdenv.cc ]; + makeFlags = [ "CROSS_COMPILE=${gcc49Stdenv.cc.targetPrefix}" ]; configurePhase = '' make odroidc4_defconfig ''; diff --git a/hardware/odroid-hc4/overlays/uboot/meson64-tools.nix b/hardware/odroid-hc4/overlays/uboot/meson64-tools.nix index 0fc21d1..4344740 100644 --- a/hardware/odroid-hc4/overlays/uboot/meson64-tools.nix +++ b/hardware/odroid-hc4/overlays/uboot/meson64-tools.nix @@ -3,7 +3,8 @@ stdenv.mkDerivation { name = "meson64-tools"; nativeBuildInputs = [ python2 python3 ]; src = builtins.fetchTarball { - url = "https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz"; + url = + "https://github.com/angerman/meson64-tools/archive/a2d57d11fd8b4242b903c10dca9d25f7f99d8ff0.tar.gz"; sha256 = "1487cr7sv34yry8f0chaj6s2g3736dzq0aqw239ahdy30yg7hb2v"; }; diff --git a/hardware/odroid-hc4/overlays/uboot/overlay.nix b/hardware/odroid-hc4/overlays/uboot/overlay.nix index 8cdcd29..e4b92a4 100644 --- a/hardware/odroid-hc4/overlays/uboot/overlay.nix +++ b/hardware/odroid-hc4/overlays/uboot/overlay.nix @@ -1,25 +1,19 @@ final: prev: let platform = final.lib.systems.examples.aarch64-multiplatform // { - gcc = { - arch = "armv8-a+crypto"; - }; + gcc = { arch = "armv8-a+crypto"; }; }; arm64 = final.pkgsCross.aarch64-embedded; arm = final.pkgsCross.arm-embedded; - uboot-hardkernel = arm64.callPackage ./hardkernel.nix { - arm-gcc49 = arm.buildPackages.gcc49; - }; - with-crypto = import final.path { - crossSystem = platform; - }; + uboot-hardkernel = + arm64.callPackage ./hardkernel.nix { arm-gcc49 = arm.buildPackages.gcc49; }; + with-crypto = import final.path { crossSystem = platform; }; meson64-tools = with-crypto.buildPackages.callPackage ./meson64-tools.nix { }; blx_fix = arm64.buildPackages.callPackage ./blx_fix.nix { }; uboot = arm64.callPackage ./u-boot.nix { inherit uboot-hardkernel meson64-tools blx_fix; }; -in -{ +in { uboot-hardkernel = uboot; ubootTools-hardkernel = final.buildPackages.ubootTools; buildPackages = prev.buildPackages // { diff --git a/hardware/odroid-hc4/overlays/uboot/u-boot.nix b/hardware/odroid-hc4/overlays/uboot/u-boot.nix index 407fde8..30cbd70 100644 --- a/hardware/odroid-hc4/overlays/uboot/u-boot.nix +++ b/hardware/odroid-hc4/overlays/uboot/u-boot.nix @@ -1,21 +1,11 @@ -{ stdenv -, git -, bc -, bison -, flex -, nettools -, openssl -, buildPackages -, uboot-hardkernel -, meson64-tools -, blx_fix -}: +{ stdenv, git, bc, bison, flex, nettools, openssl, buildPackages +, uboot-hardkernel, meson64-tools, blx_fix }: let -in -stdenv.mkDerivation { +in stdenv.mkDerivation { name = "uboot"; src = builtins.fetchTarball { - url = "https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz"; + url = + "https://github.com/u-boot/u-boot/archive/15f7e0dc01d8a851fb1bfbf0e47eab5b67ed26b3.tar.gz"; sha256 = "1ardkap35pi2dsajag728fnvlvpfmdrsa0igj93wbkbf2ypzzhf6"; }; CROSS_COMPILE = stdenv.cc.targetPrefix; @@ -83,16 +73,7 @@ stdenv.mkDerivation { --ddrfw9 fip/lpddr3_1d.fw \ --level v3 ''; - nativeBuildInputs = [ - git - bc - bison - flex - nettools - ]; + nativeBuildInputs = [ git bc bison flex nettools ]; - depsBuildBuild = [ - buildPackages.stdenv.cc - buildPackages.openssl.dev - ]; + depsBuildBuild = [ buildPackages.stdenv.cc buildPackages.openssl.dev ]; } diff --git a/hardware/odroid-hc4/uboot/hardkernel-uboot.nix b/hardware/odroid-hc4/uboot/hardkernel-uboot.nix index f2541e5..982b390 100644 --- a/hardware/odroid-hc4/uboot/hardkernel-uboot.nix +++ b/hardware/odroid-hc4/uboot/hardkernel-uboot.nix @@ -11,9 +11,9 @@ let # The builder used to write during system activation builder = import ./boot-ini-builder.nix { inherit pkgs; }; # The builder exposed in populateCmd, which runs on the build architecture - populateBuilder = import ./boot-ini-builder.nix { pkgs = pkgs.buildPackages; }; -in -{ + populateBuilder = + import ./boot-ini-builder.nix { pkgs = pkgs.buildPackages; }; +in { options = { boot.loader.hardkernel-uboot = { enable = mkOption { @@ -42,13 +42,13 @@ in }; }; - config = - let - builderArgs = "-t ${timeoutStr}" + lib.optionalString (dtCfg.name != null) " -n ${dtCfg.name}"; - in - mkIf cfg.enable { - system.build.installBootLoader = "${builder} ${builderArgs} -c"; - system.boot.loader.id = "hardkernel-uboot"; - boot.loader.hardkernel-uboot.populateCmd = "${populateBuilder} ${builderArgs}"; - }; + config = let + builderArgs = "-t ${timeoutStr}" + + lib.optionalString (dtCfg.name != null) " -n ${dtCfg.name}"; + in mkIf cfg.enable { + system.build.installBootLoader = "${builder} ${builderArgs} -c"; + system.boot.loader.id = "hardkernel-uboot"; + boot.loader.hardkernel-uboot.populateCmd = + "${populateBuilder} ${builderArgs}"; + }; } diff --git a/hardware/purism_librem_15.nix b/hardware/purism_librem_15.nix index 06340e1..7cd035b 100644 --- a/hardware/purism_librem_15.nix +++ b/hardware/purism_librem_15.nix @@ -3,42 +3,39 @@ { config, lib, pkgs, ... }: { - imports = [ - - ]; + imports = [ ]; boot = { initrd = { availableKernelModules = [ - "xhci_pci" # xHCI host controller driver PCI Bus Glue - "ahci" # AHCI SATA support + "xhci_pci" # xHCI host controller driver PCI Bus Glue + "ahci" # AHCI SATA support "nvme" - "usbhid" # USB HID transport layer - "usb_storage" # USB Mass Storage support - "sd_mod" # SCSI disk support - "aesni_intel" # AES-NI + SSE2 implementation of AEGIS-128 - "cryptd" # Software async crypto daemon + "usbhid" # USB HID transport layer + "usb_storage" # USB Mass Storage support + "sd_mod" # SCSI disk support + "aesni_intel" # AES-NI + SSE2 implementation of AEGIS-128 + "cryptd" # Software async crypto daemon ]; kernelModules = [ "dm-snapshot" ]; - luks.devices."cryptroot".device = "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4"; + luks.devices."cryptroot".device = + "/dev/disk/by-uuid/52040288-dea9-4e74-9438-d0946b48a1f4"; }; - kernelModules = [ "kvm-intel" ]; # Enable kvm for libvirtd + kernelModules = [ "kvm-intel" ]; # Enable kvm for libvirtd }; - fileSystems."/" = - { device = "/dev/disk/by-uuid/848e15eb-992b-499f-89b1-be8bc59af41c"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/848e15eb-992b-499f-89b1-be8bc59af41c"; + fsType = "ext4"; + }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/a9d48855-edaf-40b9-9296-58e9b7c7eb96"; - fsType = "ext4"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/a9d48855-edaf-40b9-9296-58e9b7c7eb96"; + fsType = "ext4"; + }; swapDevices = - [ { device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e"; } - ]; + [{ device = "/dev/disk/by-uuid/ac308d76-cc12-4a73-83ee-64a2ad07b91e"; }]; nix.maxJobs = lib.mkDefault 4; } diff --git a/hardware/raspberry_pi_2_model_B.nix b/hardware/raspberry_pi_2_model_B.nix index f605c21..56d7b9e 100644 --- a/hardware/raspberry_pi_2_model_B.nix +++ b/hardware/raspberry_pi_2_model_B.nix @@ -8,25 +8,25 @@ consoleLogLevel = lib.mkDefault 7; initrd = { availableKernelModules = [ - "bcm2835_dma" # Allows early (earlier) mode setting - "i2c_bcm2835" # Allows early (earlier) mode setting + "bcm2835_dma" # Allows early (earlier) mode setting + "i2c_bcm2835" # Allows early (earlier) mode setting "usbhid" "usb_storage" - "vc4" # Allows early (earlier) mode setting + "vc4" # Allows early (earlier) mode setting ]; }; - kernelPackages = pkgs.linuxPackages_latest; # For a Raspberry Pi 2 or 3) + kernelPackages = pkgs.linuxPackages_latest; # For a Raspberry Pi 2 or 3) kernelParams = [ - "console=ttyS0,115200n8" # Enable the serial console + "console=ttyS0,115200n8" # Enable the serial console "console=ttyAMA0,115200n8" "console=tty0" ]; loader = { generic-extlinux-compatible = { - enable = true; # Enables the generation of /boot/extlinux/extlinux.conf + enable = true; # Enables the generation of /boot/extlinux/extlinux.conf }; grub = { - enable = false; # NixOS wants to enable GRUB by default. + enable = false; # NixOS wants to enable GRUB by default. }; raspberryPi = { enable = true; @@ -59,20 +59,24 @@ }; # !!! Adding a swap file is optional, but strongly recommended! - swapDevices = [ { device = "/swapfile"; size = 1024; } ]; + swapDevices = [{ + device = "/swapfile"; + size = 1024; + }]; hardware = { - enableRedistributableFirmware = true; # Enable support for Pi firmware blobs + enableRedistributableFirmware = true; # Enable support for Pi firmware blobs }; networking = { - enableB43Firmware = false; # If true, enable Pi wireless firmware + enableB43Firmware = false; # If true, enable Pi wireless firmware }; - sound.enable = false; # Disable sound. + sound.enable = false; # Disable sound. - environment.systemPackages = with pkgs; [ - libraspberrypi # Userland tools for the Raspberry Pi board - ]; + environment.systemPackages = with pkgs; + [ + libraspberrypi # Userland tools for the Raspberry Pi board + ]; } diff --git a/hardware/raspberry_pi_3_model_B.nix b/hardware/raspberry_pi_3_model_B.nix index d7e9909..498f87d 100644 --- a/hardware/raspberry_pi_3_model_B.nix +++ b/hardware/raspberry_pi_3_model_B.nix @@ -7,27 +7,27 @@ boot = { initrd = { availableKernelModules = [ - "bcm2835_dma" # Allows early (earlier) mode setting - "i2c_bcm2835" # Allows early (earlier) mode setting + "bcm2835_dma" # Allows early (earlier) mode setting + "i2c_bcm2835" # Allows early (earlier) mode setting "usbhid" "usb_storage" - "vc4" # Allows early (earlier) mode setting + "vc4" # Allows early (earlier) mode setting ]; }; # !!! Do select not latest (5.8 at the time) as it is currently broken # !!! (see https://github.com/NixOS/nixpkgs/issues/97064) - kernelPackages = pkgs.linuxPackages_5_4; # For a Raspberry Pi 2 or 3) + kernelPackages = pkgs.linuxPackages_5_4; # For a Raspberry Pi 2 or 3) kernelParams = [ - "cma=32M" # Needed for the virtual console to work on the RPi 3 - "console=ttyS0,115200n8" # Enable the serial console + "cma=32M" # Needed for the virtual console to work on the RPi 3 + "console=ttyS0,115200n8" # Enable the serial console "console=tty0" ]; loader = { generic-extlinux-compatible = { - enable = true; # Enables the generation of /boot/extlinux/extlinux.conf + enable = true; # Enables the generation of /boot/extlinux/extlinux.conf }; grub = { - enable = false; # NixOS wants to enable GRUB by default. + enable = false; # NixOS wants to enable GRUB by default. }; raspberryPi = { enable = true; @@ -62,18 +62,22 @@ }; # !!! Adding a swap file is optional, but strongly recommended! - swapDevices = [ { device = "/swapfile"; size = 1024; } ]; + swapDevices = [{ + device = "/swapfile"; + size = 1024; + }]; hardware = { - enableRedistributableFirmware = true; # Enable support for Pi firmware blobs + enableRedistributableFirmware = true; # Enable support for Pi firmware blobs }; networking = { - enableB43Firmware = false; # If true, enable Pi wireless firmware + enableB43Firmware = false; # If true, enable Pi wireless firmware }; - environment.systemPackages = with pkgs; [ - libraspberrypi # Userland tools for the Raspberry Pi board - ]; + environment.systemPackages = with pkgs; + [ + libraspberrypi # Userland tools for the Raspberry Pi board + ]; } diff --git a/hosts/airgead.nix b/hosts/airgead.nix index 88bf00c..d2aaa74 100644 --- a/hosts/airgead.nix +++ b/hosts/airgead.nix @@ -4,16 +4,15 @@ { - imports = - [ - ../networks/linode.nix - ../profiles/cardano-node.nix - ../secrets/airgead.nix - ]; + imports = [ + ../networks/linode.nix + ../profiles/cardano-node.nix + ../secrets/airgead.nix + ]; deployment.targetHost = "172.105.187.96"; - networking.hostName = "airgead"; # Define your hostname. + networking.hostName = "airgead"; # Define your hostname. - system.stateVersion = "20.03"; # The version of NixOS originally installed + system.stateVersion = "20.03"; # The version of NixOS originally installed } diff --git a/hosts/ceilidh.nix b/hosts/ceilidh.nix index 2a4ead7..052d530 100644 --- a/hosts/ceilidh.nix +++ b/hosts/ceilidh.nix @@ -3,13 +3,11 @@ { config, pkgs, lib, ... }: { - imports = [ - ../hardware/odroid-hc4 - ]; + imports = [ ../hardware/odroid-hc4 ]; # Comment out deployment when building the SD Image. deployment.targetHost = "10.42.0.121"; - networking.hostName = "ceilidh"; # Define your hostname. + networking.hostName = "ceilidh"; # Define your hostname. # Ensure the right package architecture is used nixpkgs = { @@ -23,9 +21,10 @@ }; }; - environment.systemPackages = with pkgs; [ - gnupg # GPL OpenPGP implementation - ]; + environment.systemPackages = with pkgs; + [ + gnupg # GPL OpenPGP implementation + ]; - system.stateVersion = "21.05"; # The version of NixOS originally installed + system.stateVersion = "21.05"; # The version of NixOS originally installed } diff --git a/hosts/cuallaidh.nix b/hosts/cuallaidh.nix index a6234c0..b27e36c 100644 --- a/hosts/cuallaidh.nix +++ b/hosts/cuallaidh.nix @@ -4,29 +4,28 @@ { - imports = - [ - ../networks/linode.nix - ../profiles/coturn.nix - ../profiles/cryptpad.nix - ../profiles/gitea.nix - #../profiles/hydra.nix - ../profiles/iohk.nix - ../profiles/matrix.nix - ../profiles/mcwhirter.io.nix - ../profiles/minecraftServer.nix - ../profiles/nextcloud.nix - ../profiles/nixpkgs-dev.nix - ../profiles/taskserver.nix - #../profiles/tmate-ssh-server.nix - ../profiles/tt-rss.nix - ../secrets/gitea.nix - ../secrets/tt-rss.nix - ]; + imports = [ + ../networks/linode.nix + ../profiles/coturn.nix + ../profiles/cryptpad.nix + ../profiles/gitea.nix + #../profiles/hydra.nix + ../profiles/iohk.nix + ../profiles/matrix.nix + ../profiles/mcwhirter.io.nix + ../profiles/minecraftServer.nix + ../profiles/nextcloud.nix + ../profiles/nixpkgs-dev.nix + ../profiles/taskserver.nix + #../profiles/tmate-ssh-server.nix + ../profiles/tt-rss.nix + ../secrets/gitea.nix + ../secrets/tt-rss.nix + ]; deployment.targetHost = "172.105.171.16"; - networking.hostName = "cuallaidh"; # Define your hostname. + networking.hostName = "cuallaidh"; # Define your hostname. - system.stateVersion = "19.03"; # The version of NixOS originally installed + system.stateVersion = "19.03"; # The version of NixOS originally installed } diff --git a/hosts/dhu.nix b/hosts/dhu.nix index 3f99522..c993f54 100644 --- a/hosts/dhu.nix +++ b/hosts/dhu.nix @@ -4,14 +4,14 @@ { imports = [ - ../hardware/eeepc701.nix # Include common configuration options + ../hardware/eeepc701.nix # Include common configuration options ../secrets/wireless.nix ../profiles/sway.nix ]; deployment.targetHost = "10.42.0.119"; - networking.hostName = "dhu"; # Define your hostname. + networking.hostName = "dhu"; # Define your hostname. - system.stateVersion = "20.09"; # The version of NixOS originally installed + system.stateVersion = "20.09"; # The version of NixOS originally installed } diff --git a/hosts/dionach.nix b/hosts/dionach.nix index 87603bb..60e0155 100644 --- a/hosts/dionach.nix +++ b/hosts/dionach.nix @@ -5,40 +5,37 @@ { imports = [ - ../hardware/purism_librem_15.nix # Include results of the hardware scan. - ../profiles/android.nix # Provide an Android dev environment - ../profiles/cron-craige.nix # Provide Craige's cron jobs - ../profiles/daedalus.nix # The open source cryptocurrency wallet for ADA - ../profiles/desktop-feeds.nix # Tools for news feeds and podcasts - ../profiles/desktopCraige.nix # Craige's desktop tools and apps - ../profiles/haskell-dev.nix # Haskel dev environment - ../profiles/host_common.nix # Common host configuration options - ../profiles/iohk.nix # IOHK environment + ../hardware/purism_librem_15.nix # Include results of the hardware scan. + ../profiles/android.nix # Provide an Android dev environment + ../profiles/cron-craige.nix # Provide Craige's cron jobs + ../profiles/daedalus.nix # The open source cryptocurrency wallet for ADA + ../profiles/desktop-feeds.nix # Tools for news feeds and podcasts + ../profiles/desktopCraige.nix # Craige's desktop tools and apps + ../profiles/haskell-dev.nix # Haskel dev environment + ../profiles/host_common.nix # Common host configuration options + ../profiles/iohk.nix # IOHK environment ../profiles/keyboard.nix - ../profiles/neomutt.nix # Neomutt email - ../profiles/nix-community.nix # Nix community aarch64 tooling - ../profiles/nix-mio-ops.nix # mio-ops Nix tooling - ../profiles/nixpkgs-dev.nix # Nix pkgs dev tools - ../profiles/openssh.nix # Enable and configure openssh - ../profiles/powerManagement.nix # Power management for laptops - ../profiles/qemu.nix # Qemu virtualisation - ../profiles/typingTutor.nix # Typing tutorials - ../profiles/weechat.nix # Weechat environment - ../profiles/xmonad.nix # Xmonad desktop environment - ../profiles/yubikey.nix # Yubikey tooling - ../secrets/craige.nix # Ssshhhhh! - ../secrets/root.nix # Ssshhhhh! - ../secrets/wireless.nix # Hey look! A squirrel! + ../profiles/neomutt.nix # Neomutt email + ../profiles/nix-community.nix # Nix community aarch64 tooling + ../profiles/nix-mio-ops.nix # mio-ops Nix tooling + ../profiles/nixpkgs-dev.nix # Nix pkgs dev tools + ../profiles/openssh.nix # Enable and configure openssh + ../profiles/powerManagement.nix # Power management for laptops + ../profiles/qemu.nix # Qemu virtualisation + ../profiles/typingTutor.nix # Typing tutorials + ../profiles/weechat.nix # Weechat environment + ../profiles/xmonad.nix # Xmonad desktop environment + ../profiles/yubikey.nix # Yubikey tooling + ../secrets/craige.nix # Ssshhhhh! + ../secrets/root.nix # Ssshhhhh! + ../secrets/wireless.nix # Hey look! A squirrel! ]; deployment.targetHost = "localhost"; nixpkgs.config = { allowUnfree = true; - permittedInsecurePackages = [ - "openssl-1.0.2u" - "minecraft" - ]; + permittedInsecurePackages = [ "openssl-1.0.2u" "minecraft" ]; }; # Use the GRUB 2 boot loader. @@ -49,15 +46,15 @@ boot.extraModprobeConfig = "options kvm_intel nested=1"; networking = { - hostName = "dionach"; # Define your hostname. + hostName = "dionach"; # Define your hostname. }; fonts.fonts = with pkgs; [ - dejavu_fonts # A typeface family based on the Bitstream Vera fonts - fira-code # Monospace font with programming ligatures + dejavu_fonts # A typeface family based on the Bitstream Vera fonts + fira-code # Monospace font with programming ligatures #monoid # Customisable coding font with alternates, ligatures and contextual positioning - nerdfonts # Iconic font aggregator, collection, & patcher - xkcd-font # Font based handwriting in xkcd comics + nerdfonts # Iconic font aggregator, collection, & patcher + xkcd-font # Font based handwriting in xkcd comics ]; # List packages installed in system profile. To search, run: @@ -65,17 +62,17 @@ bash binutils bluez-tools - brave # Privacy-oriented browser - bridge-utils # for brctl + brave # Privacy-oriented browser + bridge-utils # for brctl chromium clang ddrescue - docutils # Python Documentation Utilities - electrum # Bitcoin wallet - element-desktop # A feature-rich client for Matrix.org + docutils # Python Documentation Utilities + electrum # Bitcoin wallet + element-desktop # A feature-rich client for Matrix.org evince - exiftool # A tool to read, write and edit EXIF meta information - ffmpeg-full # record, convert and stream audio and video + exiftool # A tool to read, write and edit EXIF meta information + ffmpeg-full # record, convert and stream audio and video file firefox gcc @@ -83,69 +80,69 @@ gnome2.gvfs gnumake gnused - google-authenticator # 2FA - google-chrome # A freeware web browser developed by Google - googleearth # A world sphere viewer - graphviz # Graph visualization tools + google-authenticator # 2FA + google-chrome # A freeware web browser developed by Google + googleearth # A world sphere viewer + graphviz # Graph visualization tools gvfs imagemagick - inetutils # Common network utilies + inetutils # Common network utilies inotify-tools - iptables # iptables + iptables # iptables libmtp libgphoto2 - libreoffice-fresh # Libreoffice - fresh version + libreoffice-fresh # Libreoffice - fresh version lxmenu-data minecraft mkpasswd - mp3info # MP3 tag editor / query tool + mp3info # MP3 tag editor / query tool mpd mplayer mtpfs multimc ncmpcpp nextcloud-client - nvme-cli # NVM-Express user space tooling for Linux - obs-studio # Free and open source software for video recording and live streaming + nvme-cli # NVM-Express user space tooling for Linux + obs-studio # Free and open source software for video recording and live streaming openjdk8 - openssl # A cryptographic library that implements the SSL and TLS protocols + openssl # A cryptographic library that implements the SSL and TLS protocols p7zip pandoc pavucontrol pcmanfm - pstree # Show the set of running processes as a tree + pstree # Show the set of running processes as a tree pwgen python38Packages.pygments pythonFull - python38Packages.restview # ReStructuredText viewer - python38Packages.sphinx # A tool that makes it easy to create intelligent and beautifulul documentation for Python projects - radiotray-ng # Internet radio player - rdiff-backup # External backups + python38Packages.restview # ReStructuredText viewer + python38Packages.sphinx # A tool that makes it easy to create intelligent and beautifulul documentation for Python projects + radiotray-ng # Internet radio player + rdiff-backup # External backups shared_mime_info shotwell signal-desktop - smartmontools # Tools for monitoring the health of hard drives + smartmontools # Tools for monitoring the health of hard drives sshfs - taskwarrior # Highly flexible command-line tool to manage TODO lists - tcpdump # tcpdump + taskwarrior # Highly flexible command-line tool to manage TODO lists + tcpdump # tcpdump tectonic - tdesktop # Telegram Desktop messaging app + tdesktop # Telegram Desktop messaging app termonad-with-packages texlive.combined.scheme-full - tmate # Instant Terminal Sharing + tmate # Instant Terminal Sharing tpm-tools #tor-browser-bundle-bin - tree # Command to produce a depth indented directory listing + tree # Command to produce a depth indented directory listing udevil unrar unzip vcsh - vgo2nix # Required for packaging Golang applications + vgo2nix # Required for packaging Golang applications wget - wesnoth # Turn-based strategy game + wesnoth # Turn-based strategy game xorg.xev youtube-dl - zip # zip all the zip's + zip # zip all the zip's zlib zlib.dev ]; @@ -162,17 +159,17 @@ networking.firewall = { enable = true; - checkReversePath = false; # Needed for libvirtd + checkReversePath = false; # Needed for libvirtd allowedTCPPorts = [ 15000 ]; }; # Virtualisation configuration: virtualisation = { libvirtd = { - enable = true; # Enable libvirtd + enable = true; # Enable libvirtd #qemuPackage = pkgs.qemu_kvm; # Enable guest only for the same arch - qemuPackage = pkgs.qemu; # Enable full emulation - onShutdown = "shutdown"; # Set gust VMs to shutdown on host shutdown + qemuPackage = pkgs.qemu; # Enable full emulation + onShutdown = "shutdown"; # Set gust VMs to shutdown on host shutdown extraConfig = '' disk_bus = "virtio" ''; @@ -200,9 +197,7 @@ Enable = "Source,Sink,Media,Socket"; NoPlugin = "sap"; }; - Policy = { - AutoEnable = "true"; - }; + Policy = { AutoEnable = "true"; }; }; }; opengl.enable = true; @@ -216,11 +211,7 @@ TCPKeepAlive no ''; - users.groups = { - lp.members = [ - "messagebus" - ]; - }; + users.groups = { lp.members = [ "messagebus" ]; }; # This value determines the NixOS release with which your system is to be # compatible, in order to avoid breaking some software such as database diff --git a/hosts/iolear-beag.nix b/hosts/iolear-beag.nix index 431c000..c75f92f 100644 --- a/hosts/iolear-beag.nix +++ b/hosts/iolear-beag.nix @@ -3,12 +3,11 @@ { config, pkgs, ... }: { - imports = - [ - ../hardware/lenovo_x201.nix - ../profiles/desktop_common.nix - ../profiles/wine.nix - ]; + imports = [ + ../hardware/lenovo_x201.nix + ../profiles/desktop_common.nix + ../profiles/wine.nix + ]; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; @@ -16,8 +15,8 @@ boot.loader.grub.device = "/dev/sda"; deployment.targetHost = "10.42.0.116"; - networking.hostName = "iolear-beag"; # Define your hostname. + networking.hostName = "iolear-beag"; # Define your hostname. - system.stateVersion = "18.09"; # The version of NixOS originally installed + system.stateVersion = "18.09"; # The version of NixOS originally installed } diff --git a/hosts/paidh-aon.nix b/hosts/paidh-aon.nix index 188f636..79cce2f 100644 --- a/hosts/paidh-aon.nix +++ b/hosts/paidh-aon.nix @@ -3,13 +3,11 @@ { config, pkgs, lib, ... }: { - imports = [ - ../networks/pi2B_rack.nix - ]; + imports = [ ../networks/pi2B_rack.nix ]; # Comment out deployment when building the SD Image. #deployment.targetHost = "10.69.0.201"; - networking.hostName = "paidh-aon"; # Define your hostname. + networking.hostName = "paidh-aon"; # Define your hostname. - system.stateVersion = "20.03"; # The version of NixOS originally installed + system.stateVersion = "20.03"; # The version of NixOS originally installed } diff --git a/hosts/paidh-ceithir.nix b/hosts/paidh-ceithir.nix index eac1e6e..5c7d2c0 100644 --- a/hosts/paidh-ceithir.nix +++ b/hosts/paidh-ceithir.nix @@ -3,16 +3,13 @@ { config, pkgs, lib, ... }: { - imports = [ - ../networks/pi3B_rack.nix - ]; + imports = [ ../networks/pi3B_rack.nix ]; # Comment out deployment when building the SD Image. deployment.targetHost = "10.42.0.204"; - networking.hostName = "paidh-ceithir"; # Define your hostname. + networking.hostName = "paidh-ceithir"; # Define your hostname. - environment.systemPackages = with pkgs; [ - ]; + environment.systemPackages = with pkgs; [ ]; - system.stateVersion = "20.09"; # The version of NixOS originally installed + system.stateVersion = "20.09"; # The version of NixOS originally installed } diff --git a/hosts/paidh-coig.nix b/hosts/paidh-coig.nix index 76cda89..3d7f648 100644 --- a/hosts/paidh-coig.nix +++ b/hosts/paidh-coig.nix @@ -3,16 +3,13 @@ { config, pkgs, lib, ... }: { - imports = [ - ../networks/pi3B_rack.nix - ]; + imports = [ ../networks/pi3B_rack.nix ]; # Comment out deployment when building the SD Image. deployment.targetHost = "10.42.0.205"; - networking.hostName = "paidh-coig"; # Define your hostname. + networking.hostName = "paidh-coig"; # Define your hostname. - environment.systemPackages = with pkgs; [ - ]; + environment.systemPackages = with pkgs; [ ]; - system.stateVersion = "20.09"; # The version of NixOS originally installed + system.stateVersion = "20.09"; # The version of NixOS originally installed } diff --git a/hosts/paidh-dha.nix b/hosts/paidh-dha.nix index 4d71770..b2d7869 100644 --- a/hosts/paidh-dha.nix +++ b/hosts/paidh-dha.nix @@ -11,7 +11,7 @@ # Comment out deployment when building the SD Image. deployment.targetHost = "10.42.0.202"; - networking.hostName = "paidh-dha"; # Define your hostname. + networking.hostName = "paidh-dha"; # Define your hostname. - system.stateVersion = "20:09"; # The version of NixOS originally installed + system.stateVersion = "20:09"; # The version of NixOS originally installed } diff --git a/hosts/paidh-tri.nix b/hosts/paidh-tri.nix index 0c3b878..dda3811 100644 --- a/hosts/paidh-tri.nix +++ b/hosts/paidh-tri.nix @@ -3,18 +3,16 @@ { config, pkgs, lib, ... }: { - imports = [ - ../networks/pi3B_rack.nix - ../profiles/cyclone-ibis.nix - ]; + imports = [ ../networks/pi3B_rack.nix ../profiles/cyclone-ibis.nix ]; # Comment out deployment when building the SD Image. deployment.targetHost = "10.42.0.203"; - networking.hostName = "paidh-tri"; # Define your hostname. + networking.hostName = "paidh-tri"; # Define your hostname. - environment.systemPackages = with pkgs; [ - gnupg # GPL OpenPGP implementation - ]; + environment.systemPackages = with pkgs; + [ + gnupg # GPL OpenPGP implementation + ]; - system.stateVersion = "20.09"; # The version of NixOS originally installed + system.stateVersion = "20.09"; # The version of NixOS originally installed } diff --git a/hosts/paidh-uachdar.nix b/hosts/paidh-uachdar.nix index 69fc7a7..583aec1 100644 --- a/hosts/paidh-uachdar.nix +++ b/hosts/paidh-uachdar.nix @@ -9,14 +9,14 @@ ../profiles/openssh.nix ../profiles/pi_common.nix #../profiles/xmonad.nix - ../secrets/craige.nix # Ssshhhhh! - ../secrets/root.nix # Ssshhhhh! - ../secrets/wireless.nix # Hey look! A squirrel! + ../secrets/craige.nix # Ssshhhhh! + ../secrets/root.nix # Ssshhhhh! + ../secrets/wireless.nix # Hey look! A squirrel! ]; # Comment out deployment when building the SD Image. deployment.targetHost = "10.42.0.125"; - networking.hostName = "paidh-uachdar"; # Define your hostname. + networking.hostName = "paidh-uachdar"; # Define your hostname. # Ensure the right package architecture is used nixpkgs = { @@ -31,12 +31,13 @@ }; documentation = { - nixos.enable = false; # Save some space by disabling the manual + nixos.enable = false; # Save some space by disabling the manual }; - environment.systemPackages = with pkgs; [ - gnupg # GPL OpenPGP implementation - ]; + environment.systemPackages = with pkgs; + [ + gnupg # GPL OpenPGP implementation + ]; - system.stateVersion = "20.09"; # The version of NixOS originally installed + system.stateVersion = "20.09"; # The version of NixOS originally installed } diff --git a/hosts/sithlainnir.nix b/hosts/sithlainnir.nix index 0088a61..9ad2c00 100644 --- a/hosts/sithlainnir.nix +++ b/hosts/sithlainnir.nix @@ -3,12 +3,11 @@ { config, pkgs, ... }: { - imports = - [ - ../hardware/lenovo_x201.nix - ../profiles/desktopFiona.nix - ../profiles/desktop_common.nix - ]; + imports = [ + ../hardware/lenovo_x201.nix + ../profiles/desktopFiona.nix + ../profiles/desktop_common.nix + ]; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; @@ -16,8 +15,8 @@ boot.loader.grub.device = "/dev/sda"; deployment.targetHost = "10.42.0.125"; - networking.hostName = "sithlainnir"; # Define your hostname. + networking.hostName = "sithlainnir"; # Define your hostname. - system.stateVersion = "18.09"; # The version of NixOS originally installed + system.stateVersion = "18.09"; # The version of NixOS originally installed } diff --git a/hosts/teintidh.nix b/hosts/teintidh.nix index 4fb4060..02de9cc 100644 --- a/hosts/teintidh.nix +++ b/hosts/teintidh.nix @@ -3,13 +3,12 @@ { config, pkgs, ... }: { - imports = - [ - ../hardware/lenovo_x201.nix - ../profiles/desktop_common.nix - ../profiles/haskell-dev.nix - ../profiles/kids-dev.nix - ]; + imports = [ + ../hardware/lenovo_x201.nix + ../profiles/desktop_common.nix + ../profiles/haskell-dev.nix + ../profiles/kids-dev.nix + ]; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; @@ -17,8 +16,8 @@ boot.loader.grub.device = "/dev/sda"; deployment.targetHost = "10.42.0.127"; - networking.hostName = "teintidh"; # Define your hostname. + networking.hostName = "teintidh"; # Define your hostname. - system.stateVersion = "18.09"; # The version of NixOS originally installed + system.stateVersion = "18.09"; # The version of NixOS originally installed } diff --git a/images/sd-image_paidh-aarch64.nix b/images/sd-image_paidh-aarch64.nix index 6db9bb2..17eff34 100644 --- a/images/sd-image_paidh-aarch64.nix +++ b/images/sd-image_paidh-aarch64.nix @@ -6,12 +6,11 @@ { config, lib, pkgs, ... }: let - extlinux-conf-builder = - import { + extlinux-conf-builder = import + { pkgs = pkgs.buildPackages; }; -in -{ +in { imports = [ @@ -35,11 +34,11 @@ in # when attempting to show low-voltage or overtemperature warnings. avoid_warnings=1 ''; - in '' - (cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/) - cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin - cp ${configTxt} firmware/config.txt - ''; + in '' + (cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/) + cp ${pkgs.ubootRaspberryPi3_64bit}/u-boot.bin firmware/u-boot-rpi3.bin + cp ${configTxt} firmware/config.txt + ''; populateRootCommands = '' mkdir -p ./files/boot ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot diff --git a/images/sd-image_paidh-aon.nix b/images/sd-image_paidh-aon.nix index 62945c6..1937f51 100644 --- a/images/sd-image_paidh-aon.nix +++ b/images/sd-image_paidh-aon.nix @@ -11,9 +11,6 @@ { ... }: { - imports = [ - ./sd-image_paidh-armv7.nix - ../hosts/paidh-aon.nix - ]; + imports = [ ./sd-image_paidh-armv7.nix ../hosts/paidh-aon.nix ]; } diff --git a/images/sd-image_paidh-armv7.nix b/images/sd-image_paidh-armv7.nix index 4103b00..1a527fd 100644 --- a/images/sd-image_paidh-armv7.nix +++ b/images/sd-image_paidh-armv7.nix @@ -6,12 +6,11 @@ { config, lib, pkgs, ... }: let - extlinux-conf-builder = - import { + extlinux-conf-builder = import + { pkgs = pkgs.buildPackages; }; -in -{ +in { imports = [ @@ -33,11 +32,11 @@ in # TODO: check when/if this can be removed. enable_uart=1 ''; - in '' - (cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/) - cp ${pkgs.ubootRaspberryPi2}/u-boot.bin firmware/u-boot-rpi2.bin - cp ${configTxt} firmware/config.txt - ''; + in '' + (cd ${pkgs.raspberrypifw}/share/raspberrypi/boot && cp bootcode.bin fixup*.dat start*.elf $NIX_BUILD_TOP/firmware/) + cp ${pkgs.ubootRaspberryPi2}/u-boot.bin firmware/u-boot-rpi2.bin + cp ${configTxt} firmware/config.txt + ''; populateRootCommands = '' mkdir -p ./files/boot ${extlinux-conf-builder} -t 3 -c ${config.system.build.toplevel} -d ./files/boot diff --git a/images/sd-image_paidh-ceithir.nix b/images/sd-image_paidh-ceithir.nix index e85ca02..2dc3e85 100644 --- a/images/sd-image_paidh-ceithir.nix +++ b/images/sd-image_paidh-ceithir.nix @@ -11,9 +11,6 @@ { ... }: { - imports = [ - ./sd-image_paidh-aarch64.nix - ../hosts/paidh-ceithir.nix - ]; + imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-ceithir.nix ]; } diff --git a/images/sd-image_paidh-coig.nix b/images/sd-image_paidh-coig.nix index 24fc150..98a670e 100644 --- a/images/sd-image_paidh-coig.nix +++ b/images/sd-image_paidh-coig.nix @@ -11,9 +11,6 @@ { ... }: { - imports = [ - ./sd-image_paidh-aarch64.nix - ../hosts/paidh-coig.nix - ]; + imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-coig.nix ]; } diff --git a/images/sd-image_paidh-dha.nix b/images/sd-image_paidh-dha.nix index 9045b60..765dc2b 100644 --- a/images/sd-image_paidh-dha.nix +++ b/images/sd-image_paidh-dha.nix @@ -2,9 +2,6 @@ { ... }: { - imports = [ - ./sd-image_paidh-aarch64.nix - ../hosts/paidh-dha.nix - ]; + imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-dha.nix ]; } diff --git a/images/sd-image_paidh-tri.nix b/images/sd-image_paidh-tri.nix index d9c42ea..501188c 100644 --- a/images/sd-image_paidh-tri.nix +++ b/images/sd-image_paidh-tri.nix @@ -11,9 +11,6 @@ { ... }: { - imports = [ - ./sd-image_paidh-aarch64.nix - ../hosts/paidh-tri.nix - ]; + imports = [ ./sd-image_paidh-aarch64.nix ../hosts/paidh-tri.nix ]; } diff --git a/images/usb-yubikey.nix b/images/usb-yubikey.nix index c9b948d..be265b1 100644 --- a/images/usb-yubikey.nix +++ b/images/usb-yubikey.nix @@ -2,37 +2,36 @@ # # Usage: nix-build -A iso images/usb-yubikey.nix -{ nixpkgs? , system ? "x86_64-linux" }: +{ nixpkgs ? , system ? "x86_64-linux" }: let config = { pkgs, ... }: - with pkgs; { - imports = []; - boot.supportedFilesystems = [ "zfs" ]; - boot.kernelParams = [ "console=ttyS0,115200n8" ]; - programs = { - ssh.startAgent = false; - gnupg.agent = { - enable = true; - enableSSHSupport = true; + with pkgs; { + imports = [ + + ]; + boot.supportedFilesystems = [ "zfs" ]; + boot.kernelParams = [ "console=ttyS0,115200n8" ]; + programs = { + ssh.startAgent = false; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; }; + services.pcscd.enable = true; + services.udev.packages = [ yubikey-personalization ]; + environment.systemPackages = [ + curl # Tool for transferring files with URL syntax + gnupg # GNU Privacy Guard + paperkey # Store OpenPGP or GnuPG on paper + pinentry # GnuPG’s interface to passphrase input + wget # Retrieve files using HTTP, HTTPS, and FTP + ]; + nixpkgs.config.allowUnfree = true; + #services.openssh.enable = false; }; - services.pcscd.enable = true; - services.udev.packages = [ yubikey-personalization ]; - environment.systemPackages = [ - curl # Tool for transferring files with URL syntax - gnupg # GNU Privacy Guard - paperkey # Store OpenPGP or GnuPG on paper - pinentry # GnuPG’s interface to passphrase input - wget # Retrieve files using HTTP, HTTPS, and FTP - ]; - nixpkgs.config.allowUnfree = true; - #services.openssh.enable = false; - }; - evalNixos = configuration: import { - inherit system configuration; - }; + evalNixos = configuration: + import { inherit system configuration; }; -in { - iso = (evalNixos config).config.system.build.isoImage; - } +in { iso = (evalNixos config).config.system.build.isoImage; } diff --git a/networks/linode-common.nix b/networks/linode-common.nix index bf00bec..111dcf9 100644 --- a/networks/linode-common.nix +++ b/networks/linode-common.nix @@ -3,11 +3,7 @@ { config, pkgs, lib, ... }: { - imports = - [ - ../profiles/host_common.nix - ../profiles/server_common.nix - ]; + imports = [ ../profiles/host_common.nix ../profiles/server_common.nix ]; # Ensure the right package architecture is used nixpkgs.localSystem = { @@ -16,11 +12,7 @@ }; # Tools that Linode support like to have install if you need them. - environment.systemPackages = with pkgs; [ - inetutils - mtr - sysstat - ]; + environment.systemPackages = with pkgs; [ inetutils mtr sysstat ]; # Configure firewall defaults: networking = { diff --git a/networks/linode-encrypted.nix b/networks/linode-encrypted.nix index 027d99b..49cb218 100644 --- a/networks/linode-encrypted.nix +++ b/networks/linode-encrypted.nix @@ -3,9 +3,5 @@ { config, pkgs, lib, ... }: { - imports = - [ - ../hardware/linode_vm-encrypted.nix - ./linode-common.nix - ]; + imports = [ ../hardware/linode_vm-encrypted.nix ./linode-common.nix ]; } diff --git a/networks/linode.nix b/networks/linode.nix index 1be35e3..256f383 100644 --- a/networks/linode.nix +++ b/networks/linode.nix @@ -3,9 +3,5 @@ { config, pkgs, lib, ... }: { - imports = - [ - ../hardware/linode_vm.nix - ./linode-common.nix - ]; + imports = [ ../hardware/linode_vm.nix ./linode-common.nix ]; } diff --git a/networks/pi2B_rack.nix b/networks/pi2B_rack.nix index 6de1d60..c80c875 100644 --- a/networks/pi2B_rack.nix +++ b/networks/pi2B_rack.nix @@ -2,24 +2,22 @@ { - imports = - [ - - ../hardware/raspberry_pi_2_model_B.nix - ../profiles/host_common.nix - ../profiles/pi_common.nix - ../profiles/server_common.nix - ]; + imports = [ + + ../hardware/raspberry_pi_2_model_B.nix + ../profiles/host_common.nix + ../profiles/pi_common.nix + ../profiles/server_common.nix + ]; # Ensure the right package architecture is used - nixpkgs.crossSystem = { - system = "armv7l-linux"; - }; + nixpkgs.crossSystem = { system = "armv7l-linux"; }; - networking.wireless.enable = false; # Toggles wireless support via wpa_supplicant. + networking.wireless.enable = + false; # Toggles wireless support via wpa_supplicant. documentation = { - nixos.enable = false; # Save some space by disabling the manual + nixos.enable = false; # Save some space by disabling the manual }; users.users.root = { diff --git a/networks/pi3B_rack.nix b/networks/pi3B_rack.nix index a52f2fa..bc74580 100644 --- a/networks/pi3B_rack.nix +++ b/networks/pi3B_rack.nix @@ -2,14 +2,13 @@ { - imports = - [ - - ../hardware/raspberry_pi_3_model_B.nix - ../profiles/host_common.nix - ../profiles/pi_common.nix - ../profiles/server_common.nix - ]; + imports = [ + + ../hardware/raspberry_pi_3_model_B.nix + ../profiles/host_common.nix + ../profiles/pi_common.nix + ../profiles/server_common.nix + ]; # Ensure the right package architecture is used nixpkgs.localSystem = { @@ -18,10 +17,11 @@ allowUnfree = true; }; - networking.wireless.enable = false; # Toggles wireless support via wpa_supplicant. + networking.wireless.enable = + false; # Toggles wireless support via wpa_supplicant. documentation = { - nixos.enable = false; # Save some space by disabling the manual + nixos.enable = false; # Save some space by disabling the manual }; users.users.root = { diff --git a/nix/default.nix b/nix/default.nix index 9831bf2..0f9dca8 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -1,31 +1,22 @@ -{ sources ? import ./sources.nix -, system ? builtins.currentSystem -, crossSystem ? null -, config ? {} }: +{ sources ? import ./sources.nix, system ? builtins.currentSystem +, crossSystem ? null, config ? { } }: let # our own overlays: - local-overlays = [ - ]; + local-overlays = [ ]; - globals = - if builtins.pathExists ../globals.nix - then [(import ../globals.nix)] - else builtins.trace "globals.nix missing, please add symlink" []; + globals = if builtins.pathExists ../globals.nix then + [ (import ../globals.nix) ] + else + builtins.trace "globals.nix missing, please add symlink" [ ]; # merge upstream sources with our own: upstream-overlays = [ - ( _: super: { + (_: super: { - sources = (super.sources or {}) // sources; + sources = (super.sources or { }) // sources; }) ]; - overlays = - local-overlays ++ - globals ++ - upstream-overlays; -in - import sources.nixpkgs { - inherit overlays system crossSystem config; - } + overlays = local-overlays ++ globals ++ upstream-overlays; +in import sources.nixpkgs { inherit overlays system crossSystem config; } diff --git a/nix/sources.nix b/nix/sources.nix index 8a725cb..f69e4d9 100644 --- a/nix/sources.nix +++ b/nix/sources.nix @@ -19,29 +19,28 @@ let pkgs.fetchzip { inherit (spec) url sha256; }; fetch_git = spec: - builtins.fetchGit { url = spec.repo; inherit (spec) rev ref; }; + builtins.fetchGit { + url = spec.repo; + inherit (spec) rev ref; + }; fetch_builtin-tarball = spec: - builtins.trace - '' - WARNING: - The niv type "builtin-tarball" will soon be deprecated. You should - instead use `builtin = true`. + builtins.trace '' + WARNING: + The niv type "builtin-tarball" will soon be deprecated. You should + instead use `builtin = true`. - $ niv modify -a type=tarball -a builtin=true - '' - builtins_fetchTarball { inherit (spec) url sha256; }; + $ niv modify -a type=tarball -a builtin=true + '' builtins_fetchTarball { inherit (spec) url sha256; }; fetch_builtin-url = spec: - builtins.trace - '' - WARNING: - The niv type "builtin-url" will soon be deprecated. You should - instead use `builtin = true`. + builtins.trace '' + WARNING: + The niv type "builtin-url" will soon be deprecated. You should + instead use `builtin = true`. - $ niv modify -a type=file -a builtin=true - '' - (builtins_fetchurl { inherit (spec) url sha256; }); + $ niv modify -a type=file -a builtin=true + '' (builtins_fetchurl { inherit (spec) url sha256; }); # # Various helpers @@ -51,84 +50,84 @@ let mkPkgs = sources: let sourcesNixpkgs = - import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) {}; + import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) + { }; hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; hasThisAsNixpkgsPath = == ./.; - in - if builtins.hasAttr "nixpkgs" sources - then sourcesNixpkgs - else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then - import {} - else - abort - '' - Please specify either (through -I or NIX_PATH=nixpkgs=...) or - add a package called "nixpkgs" to your sources.json. - ''; + in if builtins.hasAttr "nixpkgs" sources then + sourcesNixpkgs + else if hasNixpkgsPath && !hasThisAsNixpkgsPath then + import { } + else + abort '' + Please specify either (through -I or NIX_PATH=nixpkgs=...) or + add a package called "nixpkgs" to your sources.json. + ''; # The actual fetching function. fetch = pkgs: name: spec: - if ! builtins.hasAttr "type" spec then + if !builtins.hasAttr "type" spec then abort "ERROR: niv spec ${name} does not have a 'type' attribute" - else if spec.type == "file" then fetch_file pkgs spec - else if spec.type == "tarball" then fetch_tarball pkgs spec - else if spec.type == "git" then fetch_git spec - else if spec.type == "builtin-tarball" then fetch_builtin-tarball spec - else if spec.type == "builtin-url" then fetch_builtin-url spec + else if spec.type == "file" then + fetch_file pkgs spec + else if spec.type == "tarball" then + fetch_tarball pkgs spec + else if spec.type == "git" then + fetch_git spec + else if spec.type == "builtin-tarball" then + fetch_builtin-tarball spec + else if spec.type == "builtin-url" then + fetch_builtin-url spec else - abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; + abort + "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; # Ports of functions for older nix versions # a Nix version of mapAttrs if the built-in doesn't exist - mapAttrs = builtins.mapAttrs or ( - f: set: with builtins; - listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) - ); + mapAttrs = builtins.mapAttrs or (f: set: + with builtins; + listToAttrs (map (attr: { + name = attr; + value = f attr set.${attr}; + }) (attrNames set))); # fetchTarball version that is compatible between all the versions of Nix builtins_fetchTarball = { url, sha256 }@attrs: - let - inherit (builtins) lessThan nixVersion fetchTarball; - in - if lessThan nixVersion "1.12" then - fetchTarball { inherit url; } - else - fetchTarball attrs; + let inherit (builtins) lessThan nixVersion fetchTarball; + in if lessThan nixVersion "1.12" then + fetchTarball { inherit url; } + else + fetchTarball attrs; # fetchurl version that is compatible between all the versions of Nix builtins_fetchurl = { url, sha256 }@attrs: - let - inherit (builtins) lessThan nixVersion fetchurl; - in - if lessThan nixVersion "1.12" then - fetchurl { inherit url; } - else - fetchurl attrs; + let inherit (builtins) lessThan nixVersion fetchurl; + in if lessThan nixVersion "1.12" then + fetchurl { inherit url; } + else + fetchurl attrs; # Create the final "sources" from the config mkSources = config: - mapAttrs ( - name: spec: - if builtins.hasAttr "outPath" spec - then abort - "The values in sources.json should not have an 'outPath' attribute" - else - spec // { outPath = fetch config.pkgs name spec; } - ) config.sources; + mapAttrs (name: spec: + if builtins.hasAttr "outPath" spec then + abort + "The values in sources.json should not have an 'outPath' attribute" + else + spec // { outPath = fetch config.pkgs name spec; }) config.sources; # The "config" used by the fetchers - mkConfig = - { sourcesFile ? ./sources.json + mkConfig = { sourcesFile ? ./sources.json , sources ? builtins.fromJSON (builtins.readFile sourcesFile) - , pkgs ? mkPkgs sources - }: rec { + , pkgs ? mkPkgs sources }: rec { # The sources, i.e. the attribute set of spec name to spec inherit sources; # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers inherit pkgs; }; -in -mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); } +in mkSources (mkConfig { }) // { + __functor = _: settings: mkSources (mkConfig settings); +} diff --git a/overlays/nixUnstable.nix b/overlays/nixUnstable.nix index ce36c62..b83f541 100644 --- a/overlays/nixUnstable.nix +++ b/overlays/nixUnstable.nix @@ -1,4 +1,4 @@ -let sources = import ../nix/sources.nix {}; in -final: prev: { - nixUnstable = (import sources.nixos-unstable {}).nixUnstable; +let sources = import ../nix/sources.nix { }; +in final: prev: { + nixUnstable = (import sources.nixos-unstable { }).nixUnstable; } diff --git a/overlays/qemu/default.nix b/overlays/qemu/default.nix index 3b655bb..3313b74 100644 --- a/overlays/qemu/default.nix +++ b/overlays/qemu/default.nix @@ -4,9 +4,10 @@ self: super: { - qemu-user-arm = if self.stdenv.system == "x86_64-linux" - then self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; } - else self.callPackage ./qemu { user_arch = "arm"; }; + qemu-user-arm = if self.stdenv.system == "x86_64-linux" then + self.pkgsi686Linux.callPackage ./qemu { user_arch = "arm"; } + else + self.callPackage ./qemu { user_arch = "arm"; }; qemu-user-x86 = self.callPackage ./qemu { user_arch = "x86_64"; }; qemu-user-arm64 = self.callPackage ./qemu { user_arch = "aarch64"; }; qemu-user-riscv32 = self.callPackage ./qemu { user_arch = "riscv32"; }; diff --git a/overlays/qemu/qemu/default.nix b/overlays/qemu/qemu/default.nix index 34a987d..3947862 100644 --- a/overlays/qemu/qemu/default.nix +++ b/overlays/qemu/qemu/default.nix @@ -1,13 +1,13 @@ # Based up original waokr by cleverca22 # https://raw.githubusercontent.com/cleverca22/nixos-configs/master/overlays/qemu/qemu/default.nix -{ stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison, -makeStaticLibraries, glibc, qemu, fetchFromGitHub }: +{ stdenv, fetchurl, python, pkgconfig, zlib, glib, user_arch, flex, bison +, makeStaticLibraries, glibc, qemu, fetchFromGitHub }: let env2 = makeStaticLibraries stdenv; myglib = (glib.override { stdenv = env2; }).overrideAttrs (drv: { - mesonFlags = (drv.mesonFlags or []) ++ [ "-Ddefault_library=both" ]; + mesonFlags = (drv.mesonFlags or [ ]) ++ [ "-Ddefault_library=both" ]; }); riscv_src = fetchFromGitHub { owner = "riscv"; @@ -22,18 +22,23 @@ let riscv64 = "x86_64"; x86_64 = "x86_64"; }; -in -stdenv.mkDerivation rec { +in stdenv.mkDerivation rec { name = "qemu-user-${user_arch}-${version}"; version = "3.1.0"; src = if is_riscv then riscv_src else qemu.src; buildInputs = [ python pkgconfig zlib.static myglib flex bison glibc.static ]; patches = [ ./qemu-stack.patch ]; configureFlags = [ - "--enable-linux-user" "--target-list=${user_arch}-linux-user" - "--disable-bsd-user" "--disable-system" "--disable-vnc" - "--disable-curses" "--disable-sdl" "--disable-vde" - "--disable-bluez" "--disable-kvm" + "--enable-linux-user" + "--target-list=${user_arch}-linux-user" + "--disable-bsd-user" + "--disable-system" + "--disable-vnc" + "--disable-curses" + "--disable-sdl" + "--disable-vde" + "--disable-bluez" + "--disable-kvm" "--static" "--disable-tools" "--cpu=${arch_map.${user_arch}}" @@ -41,6 +46,8 @@ stdenv.mkDerivation rec { NIX_LDFLAGS = [ "-lglib-2.0" ]; enableParallelBuilding = true; postInstall = '' - cc -static ${./qemu-wrap.c} -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap + cc -static ${ + ./qemu-wrap.c + } -D QEMU_ARM_BIN="\"qemu-${user_arch}"\" -o $out/bin/qemu-wrap ''; } diff --git a/profiles/android.nix b/profiles/android.nix index 0939c54..8ca6ced 100644 --- a/profiles/android.nix +++ b/profiles/android.nix @@ -5,20 +5,18 @@ { nixpkgs.config = { - android_sdk.accept_license = true; # Accept the Android SDK licence + android_sdk.accept_license = true; # Accept the Android SDK licence }; - programs.adb.enable = true; # Enable Android Debug Bridge + programs.adb.enable = true; # Enable Android Debug Bridge # Install other packages that I require to be used with Android. environment.systemPackages = with pkgs; [ - gitRepo # Android's repo management tool - heimdall # Needed to work with Samsung devices - kconfig-frontends # Linux kconfig infrastructure + gitRepo # Android's repo management tool + heimdall # Needed to work with Samsung devices + kconfig-frontends # Linux kconfig infrastructure ]; - users.groups.adbusers.members = [ - "craige" - ]; + users.groups.adbusers.members = [ "craige" ]; } diff --git a/profiles/cardano-node.nix b/profiles/cardano-node.nix index 248928f..cdfda66 100644 --- a/profiles/cardano-node.nix +++ b/profiles/cardano-node.nix @@ -5,21 +5,17 @@ let sources = import ../nix/sources.nix; - cardanoNodeProject = import (sources.cardano-node + "/nix") { gitrev = sources.cardano-node.rev; }; - iohkNix = import (sources.iohk-nix) {}; + cardanoNodeProject = import (sources.cardano-node + "/nix") { + gitrev = sources.cardano-node.rev; + }; + iohkNix = import (sources.iohk-nix) { }; -in +in { -{ + imports = + [ ../secrets/cardano/producers.nix "${sources.cardano-node}/nix/nixos" ]; - imports = [ - ../secrets/cardano/producers.nix - "${sources.cardano-node}/nix/nixos" - ]; - - environment.systemPackages = [ - cardanoNodeProject.cardano-cli - ]; + environment.systemPackages = [ cardanoNodeProject.cardano-cli ]; services = { cardano-node = { @@ -33,12 +29,7 @@ in scName = "cardano"; scFormat = "ScText"; }]; - defaultScribes = [ - [ - "JournalSK" - "cardano" - ] - ]; + defaultScribes = [[ "JournalSK" "cardano" ]]; }; kesKey = "/run/keys/cardano-kes"; vrfKey = "/run/keys/cardano-vrf"; @@ -49,11 +40,12 @@ in networking = { firewall = { allowedTCPPorts = [ - 3001 # cardano-node + 3001 # cardano-node ]; }; }; - users.groups.keys.members = [ "cardano-node" ]; # Required due to NixOps issue #1204 + users.groups.keys.members = + [ "cardano-node" ]; # Required due to NixOps issue #1204 } diff --git a/profiles/chrony.nix b/profiles/chrony.nix index 596b47d..56c4f24 100644 --- a/profiles/chrony.nix +++ b/profiles/chrony.nix @@ -5,7 +5,7 @@ { services.chrony = { - enable = true; # Enable Chrony + enable = true; # Enable Chrony }; } diff --git a/profiles/coturn.nix b/profiles/coturn.nix index 9828aa7..9815181 100644 --- a/profiles/coturn.nix +++ b/profiles/coturn.nix @@ -4,31 +4,26 @@ { - imports = [ - ../secrets/coturn.nix - ]; + imports = [ ../secrets/coturn.nix ]; services = { coturn = { - enable = true; # Enable the coturn server - lt-cred-mech = true; # Enable long-term credentials - use-auth-secret = true; # Enable TURN REST API - realm = "turn.mcwhirter.io"; # Default realm for users - relay-ips = [ # Relay addresses + enable = true; # Enable the coturn server + lt-cred-mech = true; # Enable long-term credentials + use-auth-secret = true; # Enable TURN REST API + realm = "turn.mcwhirter.io"; # Default realm for users + relay-ips = [ # Relay addresses "172.105.171.16" ]; - no-tcp-relay = true; # Disable TCP relay endpoints - extraConfig = " - cipher-list=\"HIGH\" - no-loopback-peers - no-multicast-peers - "; - secure-stun = true; # Require authentication of the STUN Binding request + no-tcp-relay = true; # Disable TCP relay endpoints + extraConfig = + "\n cipher-list=\"HIGH\"\n no-loopback-peers\n no-multicast-peers\n "; + secure-stun = true; # Require authentication of the STUN Binding request cert = "/var/lib/acme/turn.mcwhirter.io/fullchain.pem"; pkey = "/var/lib/acme/turn.mcwhirter.io/key.pem"; - min-port = 49152; # Lower bound of UDP relay endpoints - max-port = 49999; # Upper bound of UDP relay endpoints + min-port = 49152; # Lower bound of UDP relay endpoints + max-port = 49999; # Upper bound of UDP relay endpoints }; nginx = { @@ -53,15 +48,17 @@ networking.firewall = { enable = true; allowedTCPPorts = [ - 5349 # STUN tls - 5350 # STUN tls alt - 443 # HTTPS - ]; - allowedUDPPortRanges = [ - { from=49152; to=49999; } # TURN relay + 5349 # STUN tls + 5350 # STUN tls alt + 443 # HTTPS ]; + allowedUDPPortRanges = [{ + from = 49152; + to = 49999; + } # TURN relay + ]; }; - users.groups.turnserver.members = [ "nginx" ]; # Added for keys permissions + users.groups.turnserver.members = [ "nginx" ]; # Added for keys permissions } diff --git a/profiles/craige4rocky.nix b/profiles/craige4rocky.nix index e85960c..48dbcfc 100644 --- a/profiles/craige4rocky.nix +++ b/profiles/craige4rocky.nix @@ -1,13 +1,13 @@ # NixOps configuration for deploying the craige4rocky website -{ config, pkgs, ...}: +{ config, pkgs, ... }: let craige4rocky = import (pkgs.fetchgit { - name = "craige4rocky-src"; - url = "https://source.mcwhirter.io/craige/craige4rocky.git"; + name = "craige4rocky-src"; + url = "https://source.mcwhirter.io/craige/craige4rocky.git"; branchName = "master"; - sha256 = "1cammdgszclrhvp56af3c7vnanyn0gplvkhqi6jkg1ygy01ard4w"; + sha256 = "1cammdgszclrhvp56af3c7vnanyn0gplvkhqi6jkg1ygy01ard4w"; }) { nixpkgs = pkgs; }; webdomain = "craige4rocky.org"; @@ -18,21 +18,22 @@ in { }; services.nginx = { - enable = true; # Enable Nginx - recommendedGzipSettings = true; - recommendedOptimisation = true; + enable = true; # Enable Nginx + recommendedGzipSettings = true; + recommendedOptimisation = true; recommendedProxySettings = true; - recommendedTlsSettings = true; + recommendedTlsSettings = true; virtualHosts = { - "${webdomain}" = { # website hostname - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL - root = "${craige4rocky}"; # Wesbite root + "${webdomain}" = { # website hostname + enableACME = true; # Use ACME certs + forceSSL = true; # Force SSL + root = "${craige4rocky}"; # Wesbite root }; - "www.${webdomain}" = { # Respect our elders :-) + "www.${webdomain}" = { # Respect our elders :-) forceSSL = true; enableACME = true; - locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; + locations."/".extraConfig = + "return 301 $scheme://${webdomain}$request_uri;"; }; }; }; @@ -40,7 +41,7 @@ in { security.acme = { acceptTerms = true; certs = { - "${webdomain}".email = "admin@${webdomain}"; + "${webdomain}".email = "admin@${webdomain}"; "www.${webdomain}".email = "admin@${webdomain}"; }; }; diff --git a/profiles/cron-craige.nix b/profiles/cron-craige.nix index dff9e60..86100e3 100644 --- a/profiles/cron-craige.nix +++ b/profiles/cron-craige.nix @@ -5,7 +5,7 @@ { services.cron = { - enable = true; # Enable cron service + enable = true; # Enable cron service systemCronJobs = [ # Taskwarrior syncing "*/5 * * * * craige /run/current-system/sw/bin/task sync >> /home/craige/.tasksync.log 2>&1" diff --git a/profiles/cryptpad.nix b/profiles/cryptpad.nix index d28f960..8246a9e 100644 --- a/profiles/cryptpad.nix +++ b/profiles/cryptpad.nix @@ -5,18 +5,18 @@ { services.cryptpad = { - enable = true; # Enable Cryptpad server + enable = true; # Enable Cryptpad server }; services.nginx = { - enable = true; # Enable Nginx + enable = true; # Enable Nginx recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts."pad.mcwhirter.io" = { # Cryptpad hostname - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL + virtualHosts."pad.mcwhirter.io" = { # Cryptpad hostname + enableACME = true; # Use ACME certs + forceSSL = true; # Force SSL locations = { "/".proxyPass = "http://[::]:3000/"; "^~ /cryptpad_websocket" = { @@ -33,7 +33,7 @@ ''; }; "^~ /customize.dist/" = { - # This is needed in order to prevent infinite recursion between /customize/ and the root + # This is needed in order to prevent infinite recursion between /customize/ and the root }; "^~ /customize/" = { extraConfig = '' @@ -55,11 +55,12 @@ ''; tryFiles = "$uri =404"; }; - "~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" = { - extraConfig = '' - rewrite ^(.*)$ $1/ redirect; - ''; - }; + "~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard|file|media|profile|contacts|todo|filepicker|debug|kanban|sheet|support|admin|notifications|teams)$" = + { + extraConfig = '' + rewrite ^(.*)$ $1/ redirect; + ''; + }; }; #extraConfig = '' # try_files /www/$uri /www/$uri/index.html /customize/$uri; @@ -69,9 +70,7 @@ security.acme = { acceptTerms = true; - certs = { - "pad.mcwhirter.io".email = "craige@mcwhirter.io"; - }; + certs = { "pad.mcwhirter.io".email = "craige@mcwhirter.io"; }; }; } diff --git a/profiles/cyclone-ibis.nix b/profiles/cyclone-ibis.nix index f93bdd4..4d2c000 100644 --- a/profiles/cyclone-ibis.nix +++ b/profiles/cyclone-ibis.nix @@ -1,13 +1,13 @@ # NixOps configuration for deploying the Cyclone Ibis website -{ config, pkgs, ...}: +{ config, pkgs, ... }: let cyclone-ibis = import (pkgs.fetchgit { - name = "cyclone-ibis-src"; - url = "https://source.mcwhirter.io/craige/cyclone-ibis.git"; + name = "cyclone-ibis-src"; + url = "https://source.mcwhirter.io/craige/cyclone-ibis.git"; branchName = "consensus"; - sha256 = "sha256-EmPwVuyOHVFtE9Od8elgjXBAs/Pu76sYmChRsuZKo0I="; + sha256 = "sha256-EmPwVuyOHVFtE9Od8elgjXBAs/Pu76sYmChRsuZKo0I="; }) { nixpkgs = pkgs; }; webdomain = "cycloneibis.com"; @@ -17,24 +17,25 @@ in { LOCALE_ARCHIVE = "/run/current-system/sw/lib/locale/locale-archive"; }; - nixpkgs.config.allowBroken = true; # Hakyll is marked as broken in 20.09 + nixpkgs.config.allowBroken = true; # Hakyll is marked as broken in 20.09 services.nginx = { - enable = true; # Enable Nginx - recommendedGzipSettings = true; - recommendedOptimisation = true; + enable = true; # Enable Nginx + recommendedGzipSettings = true; + recommendedOptimisation = true; recommendedProxySettings = true; - recommendedTlsSettings = true; + recommendedTlsSettings = true; virtualHosts = { - "${webdomain}" = { # website hostname - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL - root = "${cyclone-ibis}"; # Wesbite root + "${webdomain}" = { # website hostname + enableACME = true; # Use ACME certs + forceSSL = true; # Force SSL + root = "${cyclone-ibis}"; # Wesbite root }; - "www.${webdomain}" = { # Respect our elders :-) + "www.${webdomain}" = { # Respect our elders :-) forceSSL = true; enableACME = true; - locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; + locations."/".extraConfig = + "return 301 $scheme://${webdomain}$request_uri;"; }; }; }; @@ -42,7 +43,7 @@ in { security.acme = { acceptTerms = true; certs = { - "${webdomain}".email = "admin@${webdomain}"; + "${webdomain}".email = "admin@${webdomain}"; "www.${webdomain}".email = "admin@${webdomain}"; }; }; diff --git a/profiles/daedalus.nix b/profiles/daedalus.nix index 64296c3..e25d91d 100644 --- a/profiles/daedalus.nix +++ b/profiles/daedalus.nix @@ -5,13 +5,11 @@ let sources = import ../nix/sources.nix; - daedalusProject = import sources.daedalus {}; + daedalusProject = import sources.daedalus { }; daedalusMainnet = daedalusProject.daedalus; #daedalusFlight = daedalusProject.daedalus {--argstr cluster mainnet_flight -o daedalusFlight}; -in - -{ +in { environment.systemPackages = [ daedalusMainnet diff --git a/profiles/desktop-feeds.nix b/profiles/desktop-feeds.nix index f99cfbc..b1e968f 100644 --- a/profiles/desktop-feeds.nix +++ b/profiles/desktop-feeds.nix @@ -9,8 +9,8 @@ systemPackages = with pkgs; [ #feedreader # desktop RSS reader, compatible with Tiny Tiny RSS #vocal # The podcast client for the modern free desktop - gnome_mplayer # Gnome MPlayer, a simple GUI for MPlayer - gpodder # A podcatcher written in python + gnome_mplayer # Gnome MPlayer, a simple GUI for MPlayer + gpodder # A podcatcher written in python ]; }; diff --git a/profiles/desktopCraige.nix b/profiles/desktopCraige.nix index 5c68f3e..0d8b2cd 100644 --- a/profiles/desktopCraige.nix +++ b/profiles/desktopCraige.nix @@ -4,12 +4,10 @@ { # Craige's Desktop Packages - imports = [ - ../profiles/ebooks.nix - ]; + imports = [ ../profiles/ebooks.nix ]; environment.systemPackages = with pkgs; [ - byobu # text-based window manager and terminal multiplexer. - gopass # password file manager + byobu # text-based window manager and terminal multiplexer. + gopass # password file manager ]; } diff --git a/profiles/desktopFiona.nix b/profiles/desktopFiona.nix index 0813e2b..aa86bdd 100644 --- a/profiles/desktopFiona.nix +++ b/profiles/desktopFiona.nix @@ -5,7 +5,7 @@ { # Fiona's Desktop Packages environment.systemPackages = with pkgs; [ - slack-dark # Slack desktop client - zoom-us # zoom.us video conferencing application + slack-dark # Slack desktop client + zoom-us # zoom.us video conferencing application ]; } diff --git a/profiles/desktop_common.nix b/profiles/desktop_common.nix index 1c08da8..b2d2ccb 100644 --- a/profiles/desktop_common.nix +++ b/profiles/desktop_common.nix @@ -3,65 +3,66 @@ { config, pkgs, ... }: { - imports = - [ - ../profiles/games-kids.nix - ../profiles/host_common.nix - ../profiles/daedalus.nix - ../profiles/openssh.nix - ../profiles/powerManagement.nix - ../secrets/user-craige.nix - ../secrets/user-fiona.nix - ../secrets/user-hamish.nix - ../secrets/user-logan.nix - ../secrets/user-root.nix - ../secrets/user-xander.nix - ]; + imports = [ + ../profiles/games-kids.nix + ../profiles/host_common.nix + ../profiles/daedalus.nix + ../profiles/openssh.nix + ../profiles/powerManagement.nix + ../secrets/user-craige.nix + ../secrets/user-fiona.nix + ../secrets/user-hamish.nix + ../secrets/user-logan.nix + ../secrets/user-root.nix + ../secrets/user-xander.nix + ]; # Common Desktop Packages environment.systemPackages = with pkgs; [ - brave # Privacy-oriented browser + brave # Privacy-oriented browser chromium - element-desktop # A feature-rich client for Matrix.org - firefoxWrapper # install Firefox with support for plugins - gnome.gnome-tweaks # A tool to customize advanced GNOME 3 options - google-chrome # A freeware web browser developed by Google + element-desktop # A feature-rich client for Matrix.org + firefoxWrapper # install Firefox with support for plugins + gnome.gnome-tweaks # A tool to customize advanced GNOME 3 options + google-chrome # A freeware web browser developed by Google libreoffice-fresh - mplayer # A movie player that supports many video formats - nextcloud-client # Nextcloud desktop client - pwgen # Password generator - shotwell # Photo organizer - signal-desktop # Private, simple, and secure messenger - usbutils # Tools for working with USB devices, such as lsusb - xorg.libxcb # X C binding + mplayer # A movie player that supports many video formats + nextcloud-client # Nextcloud desktop client + pwgen # Password generator + shotwell # Photo organizer + signal-desktop # Private, simple, and secure messenger + usbutils # Tools for working with USB devices, such as lsusb + xorg.libxcb # X C binding ]; - networking.networkmanager.enable = true; # Enables network support via NetworkManager. + networking.networkmanager.enable = + true; # Enables network support via NetworkManager. # Enable common desktop services services = { - acpid.enable = true; # A daemon for delivering ACPI events to userspace programs - blueman.enable = true; # GTK-based Bluetooth Manager - devmon.enable = true; # Enable external device automounting.` + acpid.enable = + true; # A daemon for delivering ACPI events to userspace programs + blueman.enable = true; # GTK-based Bluetooth Manager + devmon.enable = true; # Enable external device automounting.` udev.packages = [ - pkgs.android-udev-rules # Android udev rules list + pkgs.android-udev-rules # Android udev rules list ]; - udisks2.enable = true; # Enable udisks2 + udisks2.enable = true; # Enable udisks2 xserver = { enable = true; desktopManager = { - gnome.enable = true; # Enable GNOME desktop environment + gnome.enable = true; # Enable GNOME desktop environment }; displayManager = { - defaultSession = "gnome"; # Set GNOME as the default session - gdm.enable = true; # Enable the GNOME display manager + defaultSession = "gnome"; # Set GNOME as the default session + gdm.enable = true; # Enable the GNOME display manager }; - libinput.enable = true; # Enable touchpad support. + libinput.enable = true; # Enable touchpad support. }; }; - sound.enable = true; # Enable sound. + sound.enable = true; # Enable sound. # Configure common hardware settings hardware = { @@ -71,25 +72,21 @@ package = pkgs.pulseaudioFull; }; bluetooth = { - enable = true; # Enable bluetooth + enable = true; # Enable bluetooth hsphfpd.enable = true; settings = { General = { Enable = "Source,Sink,Media,Socket"; NoPlugin = "sap"; }; - Policy = { - AutoEnable = "true"; - }; + Policy = { AutoEnable = "true"; }; }; }; opengl.enable = true; }; # Configure Firefox and Chromium - nixpkgs.config = { - allowUnfree = true; - }; + nixpkgs.config = { allowUnfree = true; }; programs = { chromium = { @@ -100,27 +97,9 @@ # Groups to add users.groups = { - audio.members = [ - "craige" - "fiona" - "hamish" - "logan" - "xander" - ]; - libvirtd.members = [ - "craige" - "fiona" - "hamish" - "logan" - "xander" - ]; - networkmanager.members = [ - "craige" - "fiona" - "hamish" - "logan" - "xander" - ]; + audio.members = [ "craige" "fiona" "hamish" "logan" "xander" ]; + libvirtd.members = [ "craige" "fiona" "hamish" "logan" "xander" ]; + networkmanager.members = [ "craige" "fiona" "hamish" "logan" "xander" ]; }; } diff --git a/profiles/ebooks.nix b/profiles/ebooks.nix index 2a0a61d..906de1d 100644 --- a/profiles/ebooks.nix +++ b/profiles/ebooks.nix @@ -4,13 +4,11 @@ { - environment.variables = { - FOLIATE_TTS_LANG="en-gb"; - }; + environment.variables = { FOLIATE_TTS_LANG = "en-gb"; }; environment.systemPackages = with pkgs; [ #python39Packages.gtts # Speech synthesizer, required for text to speech. - foliate # A simple and modern GTK eBook reader + foliate # A simple and modern GTK eBook reader vlc ]; diff --git a/profiles/emacs.nix b/profiles/emacs.nix index b9101e0..e8ee2d2 100644 --- a/profiles/emacs.nix +++ b/profiles/emacs.nix @@ -1,33 +1,33 @@ -/* -This is a nix expression to build Emacs and some Emacs packages I like -from source on any distribution where Nix is installed. This will install -all the dependencies from the nixpkgs repository and build the binary files -without interfering with the host distribution. +/* This is a nix expression to build Emacs and some Emacs packages I like + from source on any distribution where Nix is installed. This will install + all the dependencies from the nixpkgs repository and build the binary files + without interfering with the host distribution. -To build the project, type the following from the current directory: + To build the project, type the following from the current directory: -$ nix-build emacs.nix + $ nix-build emacs.nix -To run the newly compiled executable: + To run the newly compiled executable: -$ ./result/bin/emacs + $ ./result/bin/emacs */ -{ pkgs ? import {} }: +{ pkgs ? import { } }: let - myEmacs = pkgs.emacs; - emacsWithPackages = (pkgs.emacsPackagesNgGen myEmacs).emacsWithPackages; -in - emacsWithPackages (epkgs: (with epkgs.melpaStablePackages; [ - magit # ; Integrate git + myEmacs = pkgs.emacs; + emacsWithPackages = (pkgs.emacsPackagesNgGen myEmacs).emacsWithPackages; +in emacsWithPackages (epkgs: + (with epkgs.melpaStablePackages; [ + magit # ; Integrate git zerodark-theme # ; Nicolas' theme - ]) ++ (with epkgs.melpaPackages; [ - #undo-tree # ; to show the undo tree - #zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+> - ]) ++ (with epkgs.elpaPackages; [ - auctex # ; LaTeX mode - beacon # ; highlight my cursor when scrolling - nameless # ; hide current package name everywhere in elisp code - ]) ++ [ - pkgs.notmuch # From main packages set - ]) + ]) ++ (with epkgs.melpaPackages; + [ + #undo-tree # ; to show the undo tree + #zoom-frm # ; increase/decrease font size for all buffers %lt;C-x C-+> + ]) ++ (with epkgs.elpaPackages; [ + auctex # ; LaTeX mode + beacon # ; highlight my cursor when scrolling + nameless # ; hide current package name everywhere in elisp code + ]) ++ [ + pkgs.notmuch # From main packages set + ]) diff --git a/profiles/games-kids.nix b/profiles/games-kids.nix index 0252945..91296be 100644 --- a/profiles/games-kids.nix +++ b/profiles/games-kids.nix @@ -2,42 +2,38 @@ { config, pkgs, ... }: - let sources = import ../nix/sources.nix; - unstable = import sources.nixpkgsUnstable {}; -in + unstable = import sources.nixpkgsUnstable { }; -{ +in { nixpkgs.config = { allowUnfree = true; - permittedInsecurePackages = [ - "minecraft" - ]; + permittedInsecurePackages = [ "minecraft" ]; }; # Retro Gaming Packages environment.systemPackages = with pkgs; [ - angband # A single-player roguelike dungeon exploration game - egoboo # 3D dungeon crawling adventure + angband # A single-player roguelike dungeon exploration game + egoboo # 3D dungeon crawling adventure extremetuxracer # High speed arctic racing game based on Tux Racer - freeciv # Multiplayer (or single player), turn-based strategy game - freedroidrpg # Isometric 3D RPG similar to game Diablo - gcompris # Educational software suite, kids aged 2 to 10 - unstable.grapejuice # Simple Wine+Roblox management tool - jre # Required by Minecraft (via multimc) + freeciv # Multiplayer (or single player), turn-based strategy game + freedroidrpg # Isometric 3D RPG similar to game Diablo + gcompris # Educational software suite, kids aged 2 to 10 + unstable.grapejuice # Simple Wine+Roblox management tool + jre # Required by Minecraft (via multimc) #lincity_ng # City building game - meritous # Action-adventure dungeon crawl game - minecraft # Official launcher for Minecraft - minetest # Infinite-world block sandbox game - nethack-x11 # Rogue-like game + meritous # Action-adventure dungeon crawl game + minecraft # Official launcher for Minecraft + minetest # Infinite-world block sandbox game + nethack-x11 # Rogue-like game #opendungeons # real time strategy game sharing game elements with the Dungeon Keeper series and Evil Genius - pingus # A puzzle game with mechanics similar to Lemmings - shattered-pixel-dungeon # Roguelike game with pixel-art graphics - superTux # Classic 2D jump'n run sidescroller game - superTuxKart # A Free 3D kart racing game - wesnoth # Battle for Wesnoth server and client + pingus # A puzzle game with mechanics similar to Lemmings + shattered-pixel-dungeon # Roguelike game with pixel-art graphics + superTux # Classic 2D jump'n run sidescroller game + superTuxKart # A Free 3D kart racing game + wesnoth # Battle for Wesnoth server and client ]; } diff --git a/profiles/gitea.nix b/profiles/gitea.nix index 69124c1..db84acb 100644 --- a/profiles/gitea.nix +++ b/profiles/gitea.nix @@ -5,33 +5,29 @@ { services.gitea = { - enable = true; # Enable Gitea - appName = "mcwhirter.io: Gitea Service"; # Give the site a name + enable = true; # Enable Gitea + appName = "mcwhirter.io: Gitea Service"; # Give the site a name database = { - type = "postgres"; # Database type - passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password + type = "postgres"; # Database type + passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password }; disableRegistration = true; - domain = "source.mcwhirter.io"; # Domain name - rootUrl = "https://source.mcwhirter.io/"; # Root web URL - httpPort = 3002; # Provided unique port + domain = "source.mcwhirter.io"; # Domain name + rootUrl = "https://source.mcwhirter.io/"; # Root web URL + httpPort = 3002; # Provided unique port settings = let - docutils = - pkgs.python37.withPackages (ps: with ps; [ - docutils # Provides rendering of ReStructured Text files - pygments # Provides syntax highlighting - ]); + docutils = pkgs.python37.withPackages (ps: + with ps; [ + docutils # Provides rendering of ReStructured Text files + pygments # Provides syntax highlighting + ]); in { mailer = { ENABLED = true; FROM = "gitea@mcwhirter.io"; }; - repository = { - DEFAULT_BRANCH = "consensus"; - }; - service = { - REGISTER_EMAIL_CONFIRM = true; - }; + repository = { DEFAULT_BRANCH = "consensus"; }; + service = { REGISTER_EMAIL_CONFIRM = true; }; "markup.restructuredtext" = { ENABLED = true; FILE_EXTENSIONS = ".rst"; @@ -39,66 +35,64 @@ IS_INPUT_FILE = false; }; ui = { - DEFAULT_THEME = "gitea"; # Set the default theme + DEFAULT_THEME = "gitea"; # Set the default theme }; }; }; services.postgresql = { - enable = true; # Ensure postgresql is enabled + enable = true; # Ensure postgresql is enabled authentication = '' local gitea all ident map=gitea-users ''; - identMap = # Map the gitea user to postgresql + identMap = # Map the gitea user to postgresql '' gitea-users gitea gitea ''; - ensureDatabases = [ "gitea" ]; # Ensure the database persists - ensureUsers = [ - { - name = "gitea"; # Ensure the database user persists - ensurePermissions = { # Ensure the database permissions persist - "DATABASE gitea" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; - } - ]; + ensureDatabases = [ "gitea" ]; # Ensure the database persists + ensureUsers = [{ + name = "gitea"; # Ensure the database user persists + ensurePermissions = { # Ensure the database permissions persist + "DATABASE gitea" = "ALL PRIVILEGES"; + "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + }; + }]; }; services.nginx = { - enable = true; # Enable Nginx + enable = true; # Enable Nginx recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts."source.mcwhirter.io" = { # Gitea hostname - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL - locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea + virtualHosts."source.mcwhirter.io" = { # Gitea hostname + enableACME = true; # Use ACME certs + forceSSL = true; # Force SSL + locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea }; - virtualHosts."git.mcwhirter.io" = { # Hostname to be redirected - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL - locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea - globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host + virtualHosts."git.mcwhirter.io" = { # Hostname to be redirected + enableACME = true; # Use ACME certs + forceSSL = true; # Force SSL + locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea + globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host }; - virtualHosts."code.mcwhirter.io" = { # Hostname to be redirected - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL - locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea - globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host + virtualHosts."code.mcwhirter.io" = { # Hostname to be redirected + enableACME = true; # Use ACME certs + forceSSL = true; # Force SSL + locations."/".proxyPass = "http://localhost:3002/"; # Proxy Gitea + globalRedirect = "source.mcwhirter.io"; # Redirect permanently to the host }; }; security.acme = { acceptTerms = true; certs = { - "code.mcwhirter.io".email = "craige@mcwhirter.io"; - "git.mcwhirter.io".email = "craige@mcwhirter.io"; + "code.mcwhirter.io".email = "craige@mcwhirter.io"; + "git.mcwhirter.io".email = "craige@mcwhirter.io"; "source.mcwhirter.io".email = "craige@mcwhirter.io"; }; }; - users.groups.keys.members = [ "gitea" ]; # Required due to NixOps issue #1204 + users.groups.keys.members = [ "gitea" ]; # Required due to NixOps issue #1204 } diff --git a/profiles/gitea_home.nix b/profiles/gitea_home.nix index 71d4b66..55a7acd 100644 --- a/profiles/gitea_home.nix +++ b/profiles/gitea_home.nix @@ -5,21 +5,21 @@ { services.gitea = { - enable = true; # Enable Gitea - appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name + enable = true; # Enable Gitea + appName = "taigh,mcwhirter.io: Gitea Service"; # Give the site a name database = { - type = "postgres"; # Database type - passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password + type = "postgres"; # Database type + passwordFile = "/run/keys/gitea-dbpass"; # Where to find the password }; - domain = "source.taigh.mcwhirter.io"; # Domain name - rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL - httpPort = 3001; # Provided unique port + domain = "source.taigh.mcwhirter.io"; # Domain name + rootUrl = "http://source.taigh.mcwhirter.io/"; # Root web URL + httpPort = 3001; # Provided unique port extraConfig = let - docutils = - pkgs.python37.withPackages (ps: with ps; [ - docutils # Provides rendering of ReStructured Text files - pygments # Provides syntax highlighting - ]); + docutils = pkgs.python37.withPackages (ps: + with ps; [ + docutils # Provides rendering of ReStructured Text files + pygments # Provides syntax highlighting + ]); in '' [mailer] ENABLED = true @@ -35,26 +35,26 @@ }; services.postgresql = { - enable = true; # Ensure postgresql is enabled + enable = true; # Ensure postgresql is enabled authentication = '' local gitea all ident map=gitea-users ''; - identMap = # Map the gitea user to postgresql + identMap = # Map the gitea user to postgresql '' gitea-users gitea gitea ''; }; services.nginx = { - enable = true; # Enable Nginx + enable = true; # Enable Nginx recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; #recommendedTlsSettings = true; - virtualHosts."source.taigh.mcwhirter.io" = { # Gitea hostname + virtualHosts."source.taigh.mcwhirter.io" = { # Gitea hostname #enableACME = true; # Use ACME certs #forceSSL = true; # Force SSL - locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea + locations."/".proxyPass = "http://localhost:3001/"; # Proxy Gitea }; }; diff --git a/profiles/grafana.nix b/profiles/grafana.nix index 9836e9d..efbec2e 100644 --- a/profiles/grafana.nix +++ b/profiles/grafana.nix @@ -4,9 +4,7 @@ { - imports = [ - ../secrets/cardano/grafana.nix - ]; + imports = [ ../secrets/cardano/grafana.nix ]; services = { grafana = { @@ -15,11 +13,12 @@ domain = "monitoring.mcwhirter.io"; rootUrl = "https://monitoring.mcwhirter.io/grafana"; security = { - adminPasswordFile = "/run/keys/grafana-apass"; # Where to find the password + adminPasswordFile = + "/run/keys/grafana-apass"; # Where to find the password }; auth = { anonymous = { - enable = true; # Allow anonymous access + enable = true; # Allow anonymous access }; }; provision = { @@ -31,17 +30,16 @@ # options.path = ../monitoring/NodeSystemDashboard.json; # } #]; - datasources = [ - { - type = "prometheus"; - name = "prometheus"; - url = "http://localhost:9090/prometheus"; - } - ]; + datasources = [{ + type = "prometheus"; + name = "prometheus"; + url = "http://localhost:9090/prometheus"; + }]; }; }; }; - users.groups.keys.members = [ "grafana" ]; # Required due to NixOps issue #1204 + users.groups.keys.members = + [ "grafana" ]; # Required due to NixOps issue #1204 } diff --git a/profiles/haskell-dev.nix b/profiles/haskell-dev.nix index 93e29fa..1b3f1ec 100644 --- a/profiles/haskell-dev.nix +++ b/profiles/haskell-dev.nix @@ -5,9 +5,9 @@ { environment.systemPackages = with pkgs.haskellPackages; [ - cabal-install # Haskell software automation - ghc # Glasgow Haskell Compiler - hlint # Haskell source linter + cabal-install # Haskell software automation + ghc # Glasgow Haskell Compiler + hlint # Haskell source linter ]; } diff --git a/profiles/host_common.nix b/profiles/host_common.nix index dc6d5e6..d8e8a1b 100644 --- a/profiles/host_common.nix +++ b/profiles/host_common.nix @@ -16,22 +16,22 @@ # Common boot settings boot = { - cleanTmpDir = true; # Clean /tmp on reboot + cleanTmpDir = true; # Clean /tmp on reboot }; # Select internationalisation properties. i18n = { - defaultLocale = "en_AU.UTF-8"; # Set the default locale + defaultLocale = "en_AU.UTF-8"; # Set the default locale }; # Set the defaul console properties console = { - keyMap = "us"; # Set the default console key map - font = "ter-powerline-v16Rv"; # Set the default console font + keyMap = "us"; # Set the default console key map + font = "ter-powerline-v16Rv"; # Set the default console font }; time.timeZone = "Australia/Brisbane"; # Set your preferred timezone: - documentation.nixos.enable = false; # Disable documentation, save space + documentation.nixos.enable = false; # Disable documentation, save space # Set security options: security.sudo.enable = true; @@ -40,9 +40,10 @@ # Configure and install required fonts fonts.enableDefaultFonts = true; fonts.fontDir.enable = true; - fonts.fonts = with pkgs; [ - powerline-fonts # Required for Powerline prompts - ]; + fonts.fonts = with pkgs; + [ + powerline-fonts # Required for Powerline prompts + ]; fonts.fontconfig.includeUserConf = false; # Adapted from gchristensen and clever @@ -51,18 +52,17 @@ # Ruin the config so we don't accidentally run # nixos-rebuild switch on the host (let - cfg = pkgs.writeText "configuration.nix" - '' - assert builtins.trace "This system is managed by NixOps." false; - {} - ''; + cfg = pkgs.writeText "configuration.nix" '' + assert builtins.trace "This system is managed by NixOps." false; + {} + ''; in "nixos-config=${cfg}") # Copy the channel version from the deploy host to the target "nixpkgs=/run/current-system/nixpkgs" ]; gc = { - automatic = true; # Enable Nix garbage collection: + automatic = true; # Enable Nix garbage collection: dates = "weekly"; options = "--delete-older-than 90d"; }; @@ -71,7 +71,7 @@ show-trace = true # Enable --show-trace by default for nix builders-use-substitutes = true # Set builders to use caches ''; - trustedUsers = ["craige"]; + trustedUsers = [ "craige" ]; }; system.extraSystemBuilderCmds = '' @@ -79,29 +79,30 @@ ''; environment.etc.host-nix-channel.source = pkgs.path; - environment.variables = { - BAT_THEME="Dracula"; - }; + environment.variables = { BAT_THEME = "Dracula"; }; # Set the system-wide environment environment = { systemPackages = with pkgs; [ - bat # cat clone with syntax highlighting & Git integration - dnsutils # Bind DNS utilities - fd # A simple, fast and user-friendly alternative to find - (if config.services.xserver.enable then gitAndTools.gitFull else git) # Distributed version control system - htop # interactive process viewer - hwinfo # Hardware detection tool - killall # kill processes by name - lshw # Detailed information on the hardware configuration - lsof # list open files - mosh # Mobile shell (ssh replacement) - ncdu # Disk usage analyzer with an ncurses interface - nix-index # A files database for nixpkgs - ripgrep # Utility that provides usability of The Silver Searcher with the raw speed of grep + bat # cat clone with syntax highlighting & Git integration + dnsutils # Bind DNS utilities + fd # A simple, fast and user-friendly alternative to find + (if config.services.xserver.enable then + gitAndTools.gitFull + else + git) # Distributed version control system + htop # interactive process viewer + hwinfo # Hardware detection tool + killall # kill processes by name + lshw # Detailed information on the hardware configuration + lsof # list open files + mosh # Mobile shell (ssh replacement) + ncdu # Disk usage analyzer with an ncurses interface + nix-index # A files database for nixpkgs + ripgrep # Utility that provides usability of The Silver Searcher with the raw speed of grep ]; }; # Users common across MIO Ops: - users.mutableUsers = false; # Remove any users not defined in here + users.mutableUsers = false; # Remove any users not defined in here } diff --git a/profiles/hydra-dev.nix b/profiles/hydra-dev.nix index a7da81e..762064f 100644 --- a/profiles/hydra-dev.nix +++ b/profiles/hydra-dev.nix @@ -9,14 +9,13 @@ let #sha256 = "1vs3lyfyafsl7wbpmycv7c3n9n2rkrswp65msb6q1iskgpvr96d5"; sha256 = "0i7szp04c873gfmj1h0dcl5rsbzzldc160pcls8z9v6iphils34i"; }; -in - pkgs.callPackage ./hydra-fork.nix { - nixpkgsPath = pkgs.path; - #patches = [ - # (pkgs.fetchpatch { - # url = "https://github.com/NixOS/hydra/pull/648/commits/4171ab4c4fd576c516dc03ba64d1c7945f769af0.patch"; - # sha256 = "1fxa2459kdws6qc419dv4084c1ssmys7kqg4ic7n643kybamsgrx"; - # }) - #]; - src = hydraSrc; - } +in pkgs.callPackage ./hydra-fork.nix { + nixpkgsPath = pkgs.path; + #patches = [ + # (pkgs.fetchpatch { + # url = "https://github.com/NixOS/hydra/pull/648/commits/4171ab4c4fd576c516dc03ba64d1c7945f769af0.patch"; + # sha256 = "1fxa2459kdws6qc419dv4084c1ssmys7kqg4ic7n643kybamsgrx"; + # }) + #]; + src = hydraSrc; +} diff --git a/profiles/hydra-fork.nix b/profiles/hydra-fork.nix index f4cb440..b63089f 100644 --- a/profiles/hydra-fork.nix +++ b/profiles/hydra-fork.nix @@ -2,7 +2,7 @@ let hydraRelease = (import (src + "/release.nix") { - #hydraRelease = (import src { + #hydraRelease = (import src { nixpkgs = nixpkgsPath; hydraSrc = { outPath = src; @@ -11,5 +11,4 @@ let }; }); -in - hydraRelease.build.x86_64-linux.overrideAttrs (drv: { }) +in hydraRelease.build.x86_64-linux.overrideAttrs (drv: { }) diff --git a/profiles/hydra.nix b/profiles/hydra.nix index 771e474..1a8be48 100644 --- a/profiles/hydra.nix +++ b/profiles/hydra.nix @@ -17,24 +17,21 @@ services.postgresql = { enable = true; package = pkgs.postgresql; - identMap = - '' - hydra-users hydra hydra - hydra-users hydra-queue-runner hydra - hydra-users hydra-www hydra - hydra-users root postgres - hydra-users postgres postgres - ''; - ensureDatabases = [ "hydra" ]; # Ensure the database persists - ensureUsers = [ - { - name = "hydra"; # Ensure the database user persists - ensurePermissions = { # Ensure the database permissions persist - "DATABASE hydra" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; - } - ]; + identMap = '' + hydra-users hydra hydra + hydra-users hydra-queue-runner hydra + hydra-users hydra-www hydra + hydra-users root postgres + hydra-users postgres postgres + ''; + ensureDatabases = [ "hydra" ]; # Ensure the database persists + ensureUsers = [{ + name = "hydra"; # Ensure the database user persists + ensurePermissions = { # Ensure the database permissions persist + "DATABASE hydra" = "ALL PRIVILEGES"; + "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + }; + }]; }; networking.firewall.allowedTCPPorts = [ config.services.hydra.port ]; @@ -62,9 +59,7 @@ }; }; - security.acme.certs = { - "hydra.mcwhirter.io".email = "craige@mcwhirter.io"; - }; + security.acme.certs = { "hydra.mcwhirter.io".email = "craige@mcwhirter.io"; }; systemd.services.hydra-manual-setup = { description = "Create Admin User for Hydra"; @@ -73,7 +68,9 @@ wantedBy = [ "multi-user.target" ]; requires = [ "hydra-init.service" ]; after = [ "hydra-init.service" ]; - environment = builtins.removeAttrs (config.systemd.services.hydra-init.environment) ["PATH"]; + environment = + builtins.removeAttrs (config.systemd.services.hydra-init.environment) + [ "PATH" ]; script = '' if [ ! -e ~hydra/.setup-is-complete ]; then # create signing keys @@ -90,15 +87,13 @@ fi ''; }; - nix.trustedUsers = ["hydra" "hydra-evaluator" "hydra-queue-runner"]; - nix.buildMachines = [ - { - hostName = "localhost"; - systems = [ "x86_64-linux" "i686-linux" ]; - maxJobs = 4; - # for building VirtualBox VMs as build artifacts, you might need other - # features depending on what you are doing - supportedFeatures = [ "big-parallel" "kvm" "nixos-test" ]; - } - ]; + nix.trustedUsers = [ "hydra" "hydra-evaluator" "hydra-queue-runner" ]; + nix.buildMachines = [{ + hostName = "localhost"; + systems = [ "x86_64-linux" "i686-linux" ]; + maxJobs = 4; + # for building VirtualBox VMs as build artifacts, you might need other + # features depending on what you are doing + supportedFeatures = [ "big-parallel" "kvm" "nixos-test" ]; + }]; } diff --git a/profiles/iohk.nix b/profiles/iohk.nix index a068b68..47f6bdc 100644 --- a/profiles/iohk.nix +++ b/profiles/iohk.nix @@ -4,10 +4,7 @@ { - imports = [ - ../profiles/terminal-recording.nix - ../profiles/nix-direnv.nix - ]; + imports = [ ../profiles/terminal-recording.nix ../profiles/nix-direnv.nix ]; nix = { package = pkgs.nixFlakes; @@ -35,27 +32,27 @@ # Set the system-wide environment environment = { systemPackages = with pkgs; [ - awscli # Unified tool to manage your AWS services - bitwarden-cli # CLI client for Bitwarden - buildkite-agent # Buildkite for IOHK - cue # A data constraint language - docker # Pack, ship and run any application as a lightweight container - docker-compose # Multi-container orchestration for Docker - freerdp # A Remote Desktop Protocol Client, xfreerdp - gist # Upload code to https://gist.github.com (or github enterprise) - gnupg # GNU Privacy Guard, a GPL OpenPGP implementation - go-jira # Simple command line client for Atlassian's Jira service written in Go - jq # A lightweight and flexible command-line JSON processor - keybase-gui # The Keybase official client - magic-wormhole # Securely transfer data between computers - python38Packages.grip # Preview GitHub Markdown files like locally - s3fs # Mount an S3 bucket as filesystem through FUSE - shellcheck # Shell script analysis tool - slack-dark # Slack desktop client - xxd # make a hexdump or do the reverse + awscli # Unified tool to manage your AWS services + bitwarden-cli # CLI client for Bitwarden + buildkite-agent # Buildkite for IOHK + cue # A data constraint language + docker # Pack, ship and run any application as a lightweight container + docker-compose # Multi-container orchestration for Docker + freerdp # A Remote Desktop Protocol Client, xfreerdp + gist # Upload code to https://gist.github.com (or github enterprise) + gnupg # GNU Privacy Guard, a GPL OpenPGP implementation + go-jira # Simple command line client for Atlassian's Jira service written in Go + jq # A lightweight and flexible command-line JSON processor + keybase-gui # The Keybase official client + magic-wormhole # Securely transfer data between computers + python38Packages.grip # Preview GitHub Markdown files like locally + s3fs # Mount an S3 bucket as filesystem through FUSE + shellcheck # Shell script analysis tool + slack-dark # Slack desktop client + xxd # make a hexdump or do the reverse ]; variables = { - NIX_SKIP_KEYBASE_CHECKS = "1"; # As per IOHK Keybase reqs + NIX_SKIP_KEYBASE_CHECKS = "1"; # As per IOHK Keybase reqs }; }; @@ -68,8 +65,6 @@ # package = pkgs.postgresql_10; # Set the required version, if needed }; - users.groups.docker.members = [ - "craige" - ]; + users.groups.docker.members = [ "craige" ]; } diff --git a/profiles/jormungandr-stake.nix b/profiles/jormungandr-stake.nix index cba9850..ade7f37 100644 --- a/profiles/jormungandr-stake.nix +++ b/profiles/jormungandr-stake.nix @@ -5,13 +5,13 @@ disabledModules = [ "services/networking/jormungandr.nix" ]; imports = let - jormungandrNixSrc = builtins.fetchTarball https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz; - in [ - (import (jormungandrNixSrc + "/nixos")) - ]; + jormungandrNixSrc = builtins.fetchTarball + "https://github.com/input-output-hk/jormungandr-nix/archive/master.tar.gz"; + in [ (import (jormungandrNixSrc + "/nixos")) ]; - environment.systemPackages = with pkgs; [ - jq # CLI JSON processor - ]; + environment.systemPackages = with pkgs; + [ + jq # CLI JSON processor + ]; } diff --git a/profiles/jormungandr.nix b/profiles/jormungandr.nix index 3ce77fa..1abcef3 100644 --- a/profiles/jormungandr.nix +++ b/profiles/jormungandr.nix @@ -1,11 +1,11 @@ -{ config, pkgs, ... }: -{ +{ config, pkgs, ... }: { imports = [ /home/craige/source/IOHK/jormungandr-nix/nixos/jormungandr.nix ]; services = { jormungandr = { enable = true; enableExplorer = false; - genesisBlockHash = "11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2"; + genesisBlockHash = + "11e340f9c20a4bcdc19103d9794413be81c9a713374997b574e9f9d66419a2b2"; trustedPeersAddresses = [ "/ip4/3.123.177.192/tcp/3000" "/ip4/52.57.157.167/tcp/3000" diff --git a/profiles/keyboard.nix b/profiles/keyboard.nix index c1b6f5e..3e54aa3 100644 --- a/profiles/keyboard.nix +++ b/profiles/keyboard.nix @@ -17,9 +17,10 @@ ''; environment = { - systemPackages = with pkgs; [ - wally-cli # Flash firmware to mechanical keyboard - ]; + systemPackages = with pkgs; + [ + wally-cli # Flash firmware to mechanical keyboard + ]; }; } diff --git a/profiles/kids-dev.nix b/profiles/kids-dev.nix index 95dfcf9..bd81867 100644 --- a/profiles/kids-dev.nix +++ b/profiles/kids-dev.nix @@ -4,8 +4,9 @@ { - environment.systemPackages = with pkgs; [ - kate # Multi-document editor with syntax highlighting - ]; + environment.systemPackages = with pkgs; + [ + kate # Multi-document editor with syntax highlighting + ]; } diff --git a/profiles/logrotate.nix b/profiles/logrotate.nix index f94ae59..9d34c14 100644 --- a/profiles/logrotate.nix +++ b/profiles/logrotate.nix @@ -5,7 +5,7 @@ { services.logrotate = { - enable = true; # Enable the logrotate service + enable = true; # Enable the logrotate service }; } diff --git a/profiles/matrix.nix b/profiles/matrix.nix index f57f6b5..6412c49 100644 --- a/profiles/matrix.nix +++ b/profiles/matrix.nix @@ -4,56 +4,63 @@ { - imports = [ - ../secrets/matrix.nix - ]; + imports = [ ../secrets/matrix.nix ]; i18n = { extraLocaleSettings = { - LC_COLLATE = "C"; # Ensure correct locale for postgres - LC_CTYPE = "C"; # Ensure correct locale for postgres + LC_COLLATE = "C"; # Ensure correct locale for postgres + LC_CTYPE = "C"; # Ensure correct locale for postgres }; }; services = { matrix-synapse = { - enable = true; # Enable the synapse server - server_name = "mcwhirter.io"; # Server's public domain name - public_baseurl = "https://synapse.mcwhirter.io:443/"; # Matrix target URL - enable_registration = true; # Toggle user registration + enable = true; # Enable the synapse server + server_name = "mcwhirter.io"; # Server's public domain name + public_baseurl = "https://synapse.mcwhirter.io:443/"; # Matrix target URL + enable_registration = true; # Toggle user registration listeners = [ { # federation bind_address = ""; port = 8448; resources = [ - { compress = true; names = [ "client" ]; } - { compress = false; names = [ "federation" ]; } + { + compress = true; + names = [ "client" ]; + } + { + compress = false; + names = [ "federation" ]; + } ]; tls = true; type = "http"; x_forwarded = false; } { # client - bind_address = "::1"; # Listen on localhost only - port = 8008; # Port to listen on + bind_address = "::1"; # Listen on localhost only + port = 8008; # Port to listen on resources = [ { compress = true; names = [ "client" ]; - } { + } + { compress = false; names = [ "federation" ]; - } ]; + } + ]; tls = true; type = "http"; x_forwarded = true; } ]; - max_upload_size = "200M"; # Also set client_max_body_size to at least this + max_upload_size = "200M"; # Also set client_max_body_size to at least this tls_certificate_path = "/var/lib/acme/mcwhirter.io/fullchain.pem"; tls_private_key_path = "/var/lib/acme/mcwhirter.io/key.pem"; - turn_shared_secret = "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6"; + turn_shared_secret = + "IZI43ylg6aJdMwy5MyhUPqT8SJD4C3P1vDcIFMzqGvTXJiCjAEvnPcDCBZfig5Q6"; turn_uris = [ "turn:turn.mcwhirter.io:5349?transport=udp" "turn:turn.mcwhirter.io:5350?transport=udp" @@ -77,30 +84,28 @@ forceSSL = true; enableACME = true; locations = { - "/_matrix" = { - proxyPass = "https://[::1]:8008"; - }; - "/.well-known/matrix/server".extraConfig = - let - # use 443 instead of the default 8448 port to unite - # the client-server and server-server port for simplicity - server = { "m.server" = "synapse.mcwhirter.io:443"; }; - in '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; - "= /.well-known/matrix/client".extraConfig = - let - client = { - "m.homeserver" = { "base_url" = "https://synapse.mcwhirter.io"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; + "/_matrix" = { proxyPass = "https://[::1]:8008"; }; + "/.well-known/matrix/server".extraConfig = let + # use 443 instead of the default 8448 port to unite + # the client-server and server-server port for simplicity + server = { "m.server" = "synapse.mcwhirter.io:443"; }; + in '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON server}'; + ''; + "= /.well-known/matrix/client".extraConfig = let + client = { + "m.homeserver" = { + "base_url" = "https://synapse.mcwhirter.io"; }; + "m.identity_server" = { "base_url" = "https://vector.im"; }; + }; # ACAO required to allow element-web on any URL to request this json file - in '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; + in '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON client}'; + ''; }; extraConfig = '' client_max_body_size 200M; # Needs to be no less than max_upload_size @@ -109,23 +114,21 @@ "chat.mcwhirter.io" = { forceSSL = true; enableACME = true; - root = pkgs.element-web; # Install RIOT web in the nginx root + root = pkgs.element-web; # Install RIOT web in the nginx root }; }; }; postgresql = { enable = true; - ensureDatabases = [ "matrix-synapse" ]; # Ensure the database persists - ensureUsers = [ - { - name = "matrix-synapse"; # Ensure the database user persists - ensurePermissions = { # Ensure the database permissions persist - "DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; - } - ]; + ensureDatabases = [ "matrix-synapse" ]; # Ensure the database persists + ensureUsers = [{ + name = "matrix-synapse"; # Ensure the database user persists + ensurePermissions = { # Ensure the database permissions persist + "DATABASE \"matrix-synapse\"" = "ALL PRIVILEGES"; + "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + }; + }]; # Initial database creation initialScript = pkgs.writeText "synapse-init.sql" '' CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; @@ -146,7 +149,8 @@ }; "synapse.mcwhirter.io" = { group = "matrix-synapse"; - postRun = "systemctl reload nginx.service; systemctl restart matrix-synapse.service"; + postRun = + "systemctl reload nginx.service; systemctl restart matrix-synapse.service"; email = "acme@mcwhirter.io"; }; }; @@ -155,11 +159,12 @@ networking.firewall = { enable = true; allowedTCPPorts = [ - 443 # HTTPS - 8448 # Matrix federation + 443 # HTTPS + 8448 # Matrix federation ]; }; - users.groups.matrix-synapse.members = [ "nginx" ]; # Added for keys permissions + users.groups.matrix-synapse.members = + [ "nginx" ]; # Added for keys permissions } diff --git a/profiles/mcwhirter.io.nix b/profiles/mcwhirter.io.nix index 8221b4c..659c44b 100644 --- a/profiles/mcwhirter.io.nix +++ b/profiles/mcwhirter.io.nix @@ -1,10 +1,10 @@ # NixOps configuration for deploying the mcwhirter.io website -{ config, pkgs, ...}: +{ config, pkgs, ... }: let sources = import ../nix/sources.nix; - mcwhirter-io = import sources.mcwhirter-io {}; + mcwhirter-io = import sources.mcwhirter-io { }; webdomain = "mcwhirter.io"; in { @@ -14,19 +14,20 @@ in { }; services.nginx = { - enable = true; # Enable Nginx - recommendedGzipSettings = true; - recommendedOptimisation = true; + enable = true; # Enable Nginx + recommendedGzipSettings = true; + recommendedOptimisation = true; recommendedProxySettings = true; - recommendedTlsSettings = true; + recommendedTlsSettings = true; virtualHosts = { - "${webdomain}" = { # website hostname - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL - root = "${mcwhirter-io}"; # Wesbite root + "${webdomain}" = { # website hostname + enableACME = true; # Use ACME certs + forceSSL = true; # Force SSL + root = "${mcwhirter-io}"; # Wesbite root }; - "www.${webdomain}" = { # Respect our elders :-) - locations."/".extraConfig = "return 301 $scheme://${webdomain}$request_uri;"; + "www.${webdomain}" = { # Respect our elders :-) + locations."/".extraConfig = + "return 301 $scheme://${webdomain}$request_uri;"; }; }; }; diff --git a/profiles/minecraftServer.nix b/profiles/minecraftServer.nix index 3b3d59a..597ed29 100644 --- a/profiles/minecraftServer.nix +++ b/profiles/minecraftServer.nix @@ -6,16 +6,12 @@ imports = [ ../secrets/minecraftServer.nix ]; - nixpkgs = { - config = { - allowUnfree = true; - }; - }; + nixpkgs = { config = { allowUnfree = true; }; }; services.minecraft-server = { - enable = true; # Enable the Minecraft server. + enable = true; # Enable the Minecraft server. declarative = true; - eula = true; # Answer Miecraft's EULA + eula = true; # Answer Miecraft's EULA openFirewall = true; serverProperties = { motd = "mcwhirter.io"; @@ -26,7 +22,8 @@ }; }; - environment.systemPackages = with pkgs; [ - mcron # Minecraft console client - ]; + environment.systemPackages = with pkgs; + [ + mcron # Minecraft console client + ]; } diff --git a/profiles/monitoring.nix b/profiles/monitoring.nix index b37f9a0..ec53539 100644 --- a/profiles/monitoring.nix +++ b/profiles/monitoring.nix @@ -4,23 +4,20 @@ { - imports = [ - ./grafana.nix - ./prometheus.nix - ]; + imports = [ ./grafana.nix ./prometheus.nix ]; services = { nginx = { - enable = true; # Enable Nginx + enable = true; # Enable Nginx recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts."monitoring.mcwhirter.io" = { # Monitoring hostname - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL + virtualHosts."monitoring.mcwhirter.io" = { # Monitoring hostname + enableACME = true; # Use ACME certs + forceSSL = true; # Force SSL locations = { - "/grafana/".proxyPass = "http://localhost:3000/"; # Proxy Grafana + "/grafana/".proxyPass = "http://localhost:3000/"; # Proxy Grafana "/prometheus/".extraConfig = '' proxy_pass http://localhost:9090/prometheus/; proxy_set_header Host $host; @@ -36,9 +33,7 @@ security.acme = { acceptTerms = true; - certs = { - "monitoring.mcwhirter.io".email = "craige@mcwhirter.io"; - }; + certs = { "monitoring.mcwhirter.io".email = "craige@mcwhirter.io"; }; }; } diff --git a/profiles/neomutt.nix b/profiles/neomutt.nix index 9375edd..cefd5e8 100644 --- a/profiles/neomutt.nix +++ b/profiles/neomutt.nix @@ -6,18 +6,18 @@ # Install other packages that I require to be used with neomutt. environment.systemPackages = with pkgs; [ - isync # My mail fetcher - khard # Console carddav client - lynx # My HTML email viewer - msmtp # My mail sender - neomutt # My MUA - notmuch # Search and indexing for neomutt - urlscan # Scanning for links neomutt - vdirsyncer # Synchronize calendars and contacts + isync # My mail fetcher + khard # Console carddav client + lynx # My HTML email viewer + msmtp # My mail sender + neomutt # My MUA + notmuch # Search and indexing for neomutt + urlscan # Scanning for links neomutt + vdirsyncer # Synchronize calendars and contacts ]; services.cron = { - enable = true; # Enable cron service + enable = true; # Enable cron service systemCronJobs = [ "*/10 * * * * craige /run/current-system/sw/bin/mbsync -q MCA >> /home/craige/.mailsync-MCA.log 2>&1" "*/5 * * * * craige /run/current-system/sw/bin/mbsync -q IOHK >> /home/craige/.mailsync-IOHK.log 2>&1" diff --git a/profiles/neovim.nix b/profiles/neovim.nix index 1d5110a..5a751c0 100644 --- a/profiles/neovim.nix +++ b/profiles/neovim.nix @@ -1,308 +1,308 @@ -{ pkgs, ... }: -{ +{ pkgs, ... }: { environment.variables = { EDITOR = "vim"; }; - environment.systemPackages = with pkgs; [ - (neovim.override { - vimAlias = true; - configure = { - packages.myPlugins = with pkgs.vimPlugins; { - start = [ - airline # Lean & mean status/tabline for vim that's light as air - dracula-vim # Dracula theme for vim - fugitive # Vim Git wrapper - fzf-vim # Full path fuzzy file, buffer, mru, tag, finder for Vim - haskell-vim # Syntax Highlighting and Indentation for Haskell - indentLine # Display thin vertical lines at each indentation level - neocomplete-vim # Keyword completion system - neoformat # A (Neo)vim plugin for formatting code. - nerdcommenter # Comment functions so powerful—no comment necessary - nerdtree # File system explorer - nerdtree-git-plugin # Plugin for nerdtree showing git status - #statix # Lints and suggestions for the nix programming language - supertab # Allows you to use for all your insert completion - syntastic # Syntax checking hacks - vim-addon-nix # Scripts assisting writing .nix files - vim-autoformat # Automatically format code - vim-cue # Cue filetype plugin for Vim - vim-lastplace - vim-markdown-toc # Generate table of contents for Markdown files - vim-nix # Support for writing Nix expressions in vim - vim-numbertoggle # Toggle between relative / absolute line numbers automatically - vim-one - ]; - opt = []; + environment.systemPackages = with pkgs; + [ + (neovim.override { + vimAlias = true; + configure = { + packages.myPlugins = with pkgs.vimPlugins; { + start = [ + airline # Lean & mean status/tabline for vim that's light as air + dracula-vim # Dracula theme for vim + fugitive # Vim Git wrapper + fzf-vim # Full path fuzzy file, buffer, mru, tag, finder for Vim + haskell-vim # Syntax Highlighting and Indentation for Haskell + indentLine # Display thin vertical lines at each indentation level + neocomplete-vim # Keyword completion system + neoformat # A (Neo)vim plugin for formatting code. + nerdcommenter # Comment functions so powerful—no comment necessary + nerdtree # File system explorer + nerdtree-git-plugin # Plugin for nerdtree showing git status + #statix # Lints and suggestions for the nix programming language + supertab # Allows you to use for all your insert completion + syntastic # Syntax checking hacks + vim-addon-nix # Scripts assisting writing .nix files + vim-autoformat # Automatically format code + vim-cue # Cue filetype plugin for Vim + vim-lastplace + vim-markdown-toc # Generate table of contents for Markdown files + vim-nix # Support for writing Nix expressions in vim + vim-numbertoggle # Toggle between relative / absolute line numbers automatically + vim-one + ]; + opt = [ ]; + }; + customRC = '' + " Preferred global default settings: + set nocompatible + set backspace=indent,eol,start + set number relativenumber " Enable relative line numbers by default + set cursorline " Highlight the current line number + set smartindent " Automatically insert extra level of indentation + set tabstop=4 " Default tabstop + set shiftwidth=4 " Default indent spacing + set expandtab " Expand [TABS] to spaces + packadd! dracula-vim + syntax on " Enable syntax highlighting + set t_Co=256 " Use 265 colors in vim + set background=dark " Set the default background scheme + colorscheme dracula " Set the default colour scheme + "let g:one_allow_italics = 1 " I love italic for comments + set spell spelllang=en_au " Defaul spell checking language + set spellfile=~/.vim-spell.en.utf-8.add " Add the spellfile + hi clear SpellBad " Clear any unwanted default settings + hi SpellBad cterm=underline " Set the spell checking highlight style + hi SpellBad ctermbg=NONE " Set the spell checking highlight background + match ErrorMsg '\s\+$' " + + nnoremap :Files + nnoremap f :Rg + set grepprg=rg\ --vimgrep\ --smart-case\ --follow + + let g:airline_powerline_fonts = 1 " Use powerline fonts + let g:airline_theme='dracula' " Set the airline theme + + "call togglebg#map("") " Toggle background colour between dark|light + + set laststatus=2 " Set up the status line so it's coloured and always on + + " Removes trailing spaces: + function! TrimWhiteSpace() + %s/\s\+$//e + endfunction + + " Trigger for numbertoggle to switch modes + nnoremap :set relativenumber! + + " Tab settings + let g:SuperTabDefaultCompletionType = 'context' + let g:SuperTabContextTextOmniPrecedence = ['&omnifunc','&completefunc'] + let g:SuperTabRetainCompletionType=2 + + inoremap pumvisible() ? "\" : "\" + inoremap pumvisible() ? "\" : "\" + + nnoremap RemoveTrailingWhiteSpace :call TrimWhiteSpace() + autocmd FileWritePre * :call TrimWhiteSpace() + autocmd FileAppendPre * :call TrimWhiteSpace() + autocmd FilterWritePre * :call TrimWhiteSpace() + autocmd BufWritePre * :call TrimWhiteSpace() + "autocmd BufWrite * :Autoformat + + " FIXME: Currently always set to dark due to issues with Termonad Solarized theme + " Light during the day, dark during the night + let hour = strftime("%H") + if 7 <= hour && hour < 17 + "set background=dark + "hi Normal ctermbg=none " Set a transparent background + "let g:airline_solarized_bg='dark' " Set the airline background + else + "set background=dark + "hi Normal ctermbg=none " Set a transparent background + "let g:airline_solarized_bg='dark' " Set the airline background + endif + + " Transparent editing of gpg encrypted files. + " By Wouter Hanegraaff + augroup encrypted + au! + + " First make sure nothing is written to ~/.viminfo while editing an encrypted file. + autocmd BufReadPre,FileReadPre *.gpg set viminfo= + " We don't want a swap file, as it writes unencrypted data to disk + autocmd BufReadPre,FileReadPre *.gpg set noswapfile + " Switch to binary mode to read the encrypted file + autocmd BufReadPre,FileReadPre *.gpg set bin + autocmd BufReadPre,FileReadPre *.gpg let ch_save = &ch|set ch=2 + autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg --decrypt 2> /dev/null + " Switch to normal mode for editing + autocmd BufReadPost,FileReadPost *.gpg set nobin + autocmd BufReadPost,FileReadPost *.gpg let &ch = ch_save|unlet ch_save + autocmd BufReadPost,FileReadPost *.gpg execute ":doautocmd BufReadPost " . expand("%:r") + + " Convert all text to encrypted text before writing + autocmd BufWritePre,FileWritePre *.gpg '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null + " Undo the encryption so we are back in the normal text, directly + " after the file has been written. + autocmd BufWritePost,FileWritePost *.gpg u + augroup END + + " Use Neoformat to automatically format files + augroup fmt + autocmd! + autocmd BufWritePre * undojoin | Neoformat + augroup END + + " Manage ISO files + augroup iso + au! + + " First make sure nothing is written to ~/.viminfo while editing an encrypted file. + autocmd BufReadPre,FileReadPre *.iso set viminfo= + " We don't want a swap file, as it writes unencrypted data to disk + autocmd BufReadPre,FileReadPre *.iso set noswapfile + " Switch to binary mode to read the encrypted file + autocmd BufReadPre,FileReadPre *.iso set bin + autocmd BufReadPre,FileReadPre *.iso let ch_save = &ch|set ch=2 + autocmd BufReadPost,FileReadPost *.iso '[,']!gpg --decrypt 2> /dev/null + " Switch to normal mode for editing + autocmd BufReadPost,FileReadPost *.iso set nobin + autocmd BufReadPost,FileReadPost *.iso let &ch = ch_save|unlet ch_save + autocmd BufReadPost,FileReadPost *.iso execute ":doautocmd BufReadPost " . expand("%:r") + + " Convert all text to encrypted text before writing + autocmd BufWritePre,FileWritePre *.iso '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null + " Undo the encryption so we are back in the normal text, directly + " after the file has been written. + autocmd BufWritePost,FileWritePost *.iso u + augroup END + + " Use persistent history. + if !isdirectory("/tmp/.vim-undo-dir") + call mkdir("/tmp/.vim-undo-dir", "", 0700) + endif + set undodir=/tmp/.vim-undo-dir + set undofile + + " My Markdown environment + function! MarkdownSettings() + set textwidth=79 + set spell spelllang=en_au + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.mdwn :call MarkdownSettings() + autocmd BufNewFile,BufFilePre,BufRead *.md :call MarkdownSettings() + + " My ReStructured Text environment + function! ReStructuredSettings() + set textwidth=79 + set spell spelllang=en_au + hi clear SpellBad " Clear any unwanted default settings + hi SpellBad cterm=underline " Set the spell checking highlight style + hi SpellBad ctermbg=NONE " Set the spell checking highlight background + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.rst :call ReStructuredSettings() + autocmd BufNewFile,BufFilePre,BufRead *.txt :call ReStructuredSettings() + + " My LaTeX environment: + function! LaTeXSettings() + set textwidth=79 + set spell spelllang=en_au + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.tex :call LaTeXSettings() + + " Settings for my Haskell environment: + function! HaskellSettings() + set tabstop=2 + set shiftwidth=2 + set expandtab + set textwidth=79 + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.hs :call HaskellSettings() + + " Settings for my Nix environment: + function! NixSettings() + set tabstop=2 + set shiftwidth=2 + set expandtab + set textwidth=79 + set filetype=nix + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.nix :call NixSettings() + + " Settings for my Cue environment: + function! CueSettings() + set noexpandtab + set tabstop=2 + set shiftwidth=2 + set textwidth=79 + let g:cue_fmt_on_save = 1 + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.cue :call CueSettings() + + " Settings for my Rust environment: + function! RustSettings() + set tabstop=4 + set shiftwidth=4 + set expandtab + set textwidth=79 + let g:rustfmt_autosave = 1 + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.rs :call RustSettings() + + " Settings for my Crystal environment: + function! CrystalSettings() + set tabstop=2 + set shiftwidth=2 + set expandtab + set textwidth=79 + set filetype=crystal + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.cr :call CrystalSettings() + + " Settings for my Golang environment: + function! GoSettings() + set tabstop=7 + set shiftwidth=7 + set noexpandtab + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.go :call GoSettings() + + " Settings for my Python environment: + function! PythonSettings() + set tabstop=4 + set shiftwidth=4 + set expandtab + set textwidth=79 + set spell! + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.py :call PythonSettings() + + " My Mutt environment + function! MuttSettings() + set textwidth=79 + set spell spelllang=en_au + hi clear SpellBad " Clear any unwanted default settings + hi SpellBad cterm=underline " Set the spell checking highlight style + hi SpellBad ctermbg=NONE " Set the spell checking highlight background + endfunction + autocmd BufNewFile,BufFilePre,BufRead mutt-* :call MuttSettings() + autocmd BufNewFile,BufFilePre,BufRead neomutt-* :call MuttSettings() + + " Settings for my C environment: + function! CSettings() + set tabstop=2 + set shiftwidth=2 + set expandtab + set textwidth=79 + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.c :call CSettings() + + " Settings for my YAML environment: + function! YAMLSettings() + set tabstop=2 + set shiftwidth=2 + set expandtab + set textwidth=79 + set spell spelllang=en_au + hi clear SpellBad " Clear any unwanted default settings + hi SpellBad cterm=underline " Set the spell checking highlight style + hi SpellBad ctermbg=NONE " Set the spell checking highlight background + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.yaml :call YAMLSettings() + autocmd BufNewFile,BufFilePre,BufRead *.yml :call YAMLSettings() + + " Settings for my Bash environment: + function! BashSettings() + set tabstop=4 + set shiftwidth=4 + set expandtab + set textwidth=79 + set spell! + endfunction + autocmd BufNewFile,BufFilePre,BufRead *.sh :call BashSettings() + ''; }; - customRC = '' - " Preferred global default settings: - set nocompatible - set backspace=indent,eol,start - set number relativenumber " Enable relative line numbers by default - set cursorline " Highlight the current line number - set smartindent " Automatically insert extra level of indentation - set tabstop=4 " Default tabstop - set shiftwidth=4 " Default indent spacing - set expandtab " Expand [TABS] to spaces - packadd! dracula-vim - syntax on " Enable syntax highlighting - set t_Co=256 " Use 265 colors in vim - set background=dark " Set the default background scheme - colorscheme dracula " Set the default colour scheme - "let g:one_allow_italics = 1 " I love italic for comments - set spell spelllang=en_au " Defaul spell checking language - set spellfile=~/.vim-spell.en.utf-8.add " Add the spellfile - hi clear SpellBad " Clear any unwanted default settings - hi SpellBad cterm=underline " Set the spell checking highlight style - hi SpellBad ctermbg=NONE " Set the spell checking highlight background - match ErrorMsg '\s\+$' " - - nnoremap :Files - nnoremap f :Rg - set grepprg=rg\ --vimgrep\ --smart-case\ --follow - - let g:airline_powerline_fonts = 1 " Use powerline fonts - let g:airline_theme='dracula' " Set the airline theme - - "call togglebg#map("") " Toggle background colour between dark|light - - set laststatus=2 " Set up the status line so it's coloured and always on - - " Removes trailing spaces: - function! TrimWhiteSpace() - %s/\s\+$//e - endfunction - - " Trigger for numbertoggle to switch modes - nnoremap :set relativenumber! - - " Tab settings - let g:SuperTabDefaultCompletionType = 'context' - let g:SuperTabContextTextOmniPrecedence = ['&omnifunc','&completefunc'] - let g:SuperTabRetainCompletionType=2 - - inoremap pumvisible() ? "\" : "\" - inoremap pumvisible() ? "\" : "\" - - nnoremap RemoveTrailingWhiteSpace :call TrimWhiteSpace() - autocmd FileWritePre * :call TrimWhiteSpace() - autocmd FileAppendPre * :call TrimWhiteSpace() - autocmd FilterWritePre * :call TrimWhiteSpace() - autocmd BufWritePre * :call TrimWhiteSpace() - "autocmd BufWrite * :Autoformat - - " FIXME: Currently always set to dark due to issues with Termonad Solarized theme - " Light during the day, dark during the night - let hour = strftime("%H") - if 7 <= hour && hour < 17 - "set background=dark - "hi Normal ctermbg=none " Set a transparent background - "let g:airline_solarized_bg='dark' " Set the airline background - else - "set background=dark - "hi Normal ctermbg=none " Set a transparent background - "let g:airline_solarized_bg='dark' " Set the airline background - endif - - " Transparent editing of gpg encrypted files. - " By Wouter Hanegraaff - augroup encrypted - au! - - " First make sure nothing is written to ~/.viminfo while editing an encrypted file. - autocmd BufReadPre,FileReadPre *.gpg set viminfo= - " We don't want a swap file, as it writes unencrypted data to disk - autocmd BufReadPre,FileReadPre *.gpg set noswapfile - " Switch to binary mode to read the encrypted file - autocmd BufReadPre,FileReadPre *.gpg set bin - autocmd BufReadPre,FileReadPre *.gpg let ch_save = &ch|set ch=2 - autocmd BufReadPost,FileReadPost *.gpg '[,']!gpg --decrypt 2> /dev/null - " Switch to normal mode for editing - autocmd BufReadPost,FileReadPost *.gpg set nobin - autocmd BufReadPost,FileReadPost *.gpg let &ch = ch_save|unlet ch_save - autocmd BufReadPost,FileReadPost *.gpg execute ":doautocmd BufReadPost " . expand("%:r") - - " Convert all text to encrypted text before writing - autocmd BufWritePre,FileWritePre *.gpg '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null - " Undo the encryption so we are back in the normal text, directly - " after the file has been written. - autocmd BufWritePost,FileWritePost *.gpg u - augroup END - - " Use Neoformat to automatically format files - augroup fmt - autocmd! - autocmd BufWritePre * undojoin | Neoformat - augroup END - - " Manage ISO files - augroup iso - au! - - " First make sure nothing is written to ~/.viminfo while editing an encrypted file. - autocmd BufReadPre,FileReadPre *.iso set viminfo= - " We don't want a swap file, as it writes unencrypted data to disk - autocmd BufReadPre,FileReadPre *.iso set noswapfile - " Switch to binary mode to read the encrypted file - autocmd BufReadPre,FileReadPre *.iso set bin - autocmd BufReadPre,FileReadPre *.iso let ch_save = &ch|set ch=2 - autocmd BufReadPost,FileReadPost *.iso '[,']!gpg --decrypt 2> /dev/null - " Switch to normal mode for editing - autocmd BufReadPost,FileReadPost *.iso set nobin - autocmd BufReadPost,FileReadPost *.iso let &ch = ch_save|unlet ch_save - autocmd BufReadPost,FileReadPost *.iso execute ":doautocmd BufReadPost " . expand("%:r") - - " Convert all text to encrypted text before writing - autocmd BufWritePre,FileWritePre *.iso '[,']!gpg --default-key=A4122FF3971B6865 --default-recipient-self -ae 2>/dev/null - " Undo the encryption so we are back in the normal text, directly - " after the file has been written. - autocmd BufWritePost,FileWritePost *.iso u - augroup END - - " Use persistent history. - if !isdirectory("/tmp/.vim-undo-dir") - call mkdir("/tmp/.vim-undo-dir", "", 0700) - endif - set undodir=/tmp/.vim-undo-dir - set undofile - - " My Markdown environment - function! MarkdownSettings() - set textwidth=79 - set spell spelllang=en_au - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.mdwn :call MarkdownSettings() - autocmd BufNewFile,BufFilePre,BufRead *.md :call MarkdownSettings() - - " My ReStructured Text environment - function! ReStructuredSettings() - set textwidth=79 - set spell spelllang=en_au - hi clear SpellBad " Clear any unwanted default settings - hi SpellBad cterm=underline " Set the spell checking highlight style - hi SpellBad ctermbg=NONE " Set the spell checking highlight background - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.rst :call ReStructuredSettings() - autocmd BufNewFile,BufFilePre,BufRead *.txt :call ReStructuredSettings() - - " My LaTeX environment: - function! LaTeXSettings() - set textwidth=79 - set spell spelllang=en_au - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.tex :call LaTeXSettings() - - " Settings for my Haskell environment: - function! HaskellSettings() - set tabstop=2 - set shiftwidth=2 - set expandtab - set textwidth=79 - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.hs :call HaskellSettings() - - " Settings for my Nix environment: - function! NixSettings() - set tabstop=2 - set shiftwidth=2 - set expandtab - set textwidth=79 - set filetype=nix - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.nix :call NixSettings() - - " Settings for my Cue environment: - function! CueSettings() - set noexpandtab - set tabstop=2 - set shiftwidth=2 - set textwidth=79 - let g:cue_fmt_on_save = 1 - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.cue :call CueSettings() - - " Settings for my Rust environment: - function! RustSettings() - set tabstop=4 - set shiftwidth=4 - set expandtab - set textwidth=79 - let g:rustfmt_autosave = 1 - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.rs :call RustSettings() - - " Settings for my Crystal environment: - function! CrystalSettings() - set tabstop=2 - set shiftwidth=2 - set expandtab - set textwidth=79 - set filetype=crystal - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.cr :call CrystalSettings() - - " Settings for my Golang environment: - function! GoSettings() - set tabstop=7 - set shiftwidth=7 - set noexpandtab - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.go :call GoSettings() - - " Settings for my Python environment: - function! PythonSettings() - set tabstop=4 - set shiftwidth=4 - set expandtab - set textwidth=79 - set spell! - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.py :call PythonSettings() - - " My Mutt environment - function! MuttSettings() - set textwidth=79 - set spell spelllang=en_au - hi clear SpellBad " Clear any unwanted default settings - hi SpellBad cterm=underline " Set the spell checking highlight style - hi SpellBad ctermbg=NONE " Set the spell checking highlight background - endfunction - autocmd BufNewFile,BufFilePre,BufRead mutt-* :call MuttSettings() - autocmd BufNewFile,BufFilePre,BufRead neomutt-* :call MuttSettings() - - " Settings for my C environment: - function! CSettings() - set tabstop=2 - set shiftwidth=2 - set expandtab - set textwidth=79 - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.c :call CSettings() - - " Settings for my YAML environment: - function! YAMLSettings() - set tabstop=2 - set shiftwidth=2 - set expandtab - set textwidth=79 - set spell spelllang=en_au - hi clear SpellBad " Clear any unwanted default settings - hi SpellBad cterm=underline " Set the spell checking highlight style - hi SpellBad ctermbg=NONE " Set the spell checking highlight background - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.yaml :call YAMLSettings() - autocmd BufNewFile,BufFilePre,BufRead *.yml :call YAMLSettings() - - " Settings for my Bash environment: - function! BashSettings() - set tabstop=4 - set shiftwidth=4 - set expandtab - set textwidth=79 - set spell! - endfunction - autocmd BufNewFile,BufFilePre,BufRead *.sh :call BashSettings() - ''; - }; - } - )]; + }) + ]; } diff --git a/profiles/nextcloud.nix b/profiles/nextcloud.nix index c4f4cdf..a3cc544 100644 --- a/profiles/nextcloud.nix +++ b/profiles/nextcloud.nix @@ -4,79 +4,75 @@ { - imports = - [ - ../secrets/nextcloud.nix - ]; + imports = [ ../secrets/nextcloud.nix ]; services.nextcloud = { - enable = true; # Enable Nextcloud - hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance - https = true; # Use HTTPS for links - config = { # Configure Nextcloud - dbtype = "pgsql"; # Set the database type - dbname = "nextcloud"; # Set the database name - dbhost = "/run/postgresql"; # Set the database connection - dbuser = "nextcloud"; # Set the database user - dbpassFile = "/run/keys/nextcloud-dbpass"; # Where to find the database password - adminpassFile = "/run/keys/nextcloud-admin"; # Where to find the admin password - adminuser = "root"; # Set the admin user name - overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS - defaultPhoneRegion = "AU"; # Country code for automatic phone-number detection + enable = true; # Enable Nextcloud + hostName = "cloud.mcwhirter.io"; # FQDN for the Nextcloud instance + https = true; # Use HTTPS for links + config = { # Configure Nextcloud + dbtype = "pgsql"; # Set the database type + dbname = "nextcloud"; # Set the database name + dbhost = "/run/postgresql"; # Set the database connection + dbuser = "nextcloud"; # Set the database user + dbpassFile = + "/run/keys/nextcloud-dbpass"; # Where to find the database password + adminpassFile = + "/run/keys/nextcloud-admin"; # Where to find the admin password + adminuser = "root"; # Set the admin user name + overwriteProtocol = "https"; # Force Nextcloud to always use HTTPS + defaultPhoneRegion = + "AU"; # Country code for automatic phone-number detection }; autoUpdateApps = { - enable = true; # Run regular auto update of all apps installed - startAt = "01:00:00"; # When to run the update + enable = true; # Run regular auto update of all apps installed + startAt = "01:00:00"; # When to run the update }; package = pkgs.nextcloud22; }; services.postgresql = { - enable = true; # Ensure postgresql is enabled - ensureDatabases = [ "nextcloud" ]; # Ensure the database persists - ensureUsers = [ - { - name = "nextcloud"; # Ensure the database user persists - ensurePermissions = { # Ensure the database permissions persist - "DATABASE nextcloud" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; - } - ]; + enable = true; # Ensure postgresql is enabled + ensureDatabases = [ "nextcloud" ]; # Ensure the database persists + ensureUsers = [{ + name = "nextcloud"; # Ensure the database user persists + ensurePermissions = { # Ensure the database permissions persist + "DATABASE nextcloud" = "ALL PRIVILEGES"; + "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + }; + }]; }; services.nginx = { - enable = true; # Enable Nginx + enable = true; # Enable Nginx recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts."cloud.mcwhirter.io" = { # Nextcloud hostname - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL + virtualHosts."cloud.mcwhirter.io" = { # Nextcloud hostname + enableACME = true; # Use ACME certs + forceSSL = true; # Force SSL }; - virtualHosts."owncloud.mcwhirter.io" = { # Hostname to be redirected - globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host + virtualHosts."owncloud.mcwhirter.io" = { # Hostname to be redirected + globalRedirect = "cloud.mcwhirter.io"; # Redirect permanently to the host }; }; - systemd.services."nextcloud-setup" = { # Ensure PostgreSQL is running first - requires = ["postgresql.service"]; - after = ["postgresql.service"]; + systemd.services."nextcloud-setup" = { # Ensure PostgreSQL is running first + requires = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; }; security.acme = { acceptTerms = true; - certs = { - "cloud.mcwhirter.io" = { - email = "craige@mcwhirter.io"; - }; - }; + certs = { "cloud.mcwhirter.io" = { email = "craige@mcwhirter.io"; }; }; }; - users.groups.keys.members = [ "nextcloud" ]; # Required due to NixOps issue #1204 - users.groups.nextcloud.members = [ "nextcloud" ]; # Added for keys permissions + users.groups.keys.members = + [ "nextcloud" ]; # Required due to NixOps issue #1204 + users.groups.nextcloud.members = [ "nextcloud" ]; # Added for keys permissions - networking.firewall.allowedTCPPorts = [ 80 443 ]; # Open the required firewall ports + networking.firewall.allowedTCPPorts = + [ 80 443 ]; # Open the required firewall ports } diff --git a/profiles/nix-community.nix b/profiles/nix-community.nix index f749450..863a640 100644 --- a/profiles/nix-community.nix +++ b/profiles/nix-community.nix @@ -4,15 +4,13 @@ { nix = { distributedBuilds = true; - buildMachines = [ - { - hostName = "aarch64.nixos.community"; - maxJobs = 64; - sshKey = "/root/.ssh/id_nixops_ed25519"; - sshUser = "craige"; - system = "aarch64-linux"; - supportedFeatures = [ "big-parallel" ]; - } - ]; + buildMachines = [{ + hostName = "aarch64.nixos.community"; + maxJobs = 64; + sshKey = "/root/.ssh/id_nixops_ed25519"; + sshUser = "craige"; + system = "aarch64-linux"; + supportedFeatures = [ "big-parallel" ]; + }]; }; } diff --git a/profiles/nix-direnv.nix b/profiles/nix-direnv.nix index cb1f3b0..589dd3d 100644 --- a/profiles/nix-direnv.nix +++ b/profiles/nix-direnv.nix @@ -14,16 +14,16 @@ # Set the environment environment = { systemPackages = with pkgs; [ - direnv # A shell extension that manages your environment - nix-direnv # A fast, persistent use_nix implementation for direnv - ]; - pathsToLink = [ - "/share/nix-direnv" + direnv # A shell extension that manages your environment + nix-direnv # A fast, persistent use_nix implementation for direnv ]; + pathsToLink = [ "/share/nix-direnv" ]; }; nixpkgs.overlays = [ - (self: super: { nix-direnv = super.nix-direnv.override { enableFlakes = true; }; } ) + (self: super: { + nix-direnv = super.nix-direnv.override { enableFlakes = true; }; + }) ]; } diff --git a/profiles/nix-mio-ops.nix b/profiles/nix-mio-ops.nix index bac074f..034f838 100644 --- a/profiles/nix-mio-ops.nix +++ b/profiles/nix-mio-ops.nix @@ -3,15 +3,13 @@ { nix = { distributedBuilds = true; - buildMachines = [ - { - hostName = "cuallaidh.mcwhirter.io"; - maxJobs = 64; - sshKey = "/root/.ssh/id_nixops_ed25519"; - sshUser = "craige"; - system = "x86_64-linux"; - supportedFeatures = [ "big-parallel" ]; - } - ]; + buildMachines = [{ + hostName = "cuallaidh.mcwhirter.io"; + maxJobs = 64; + sshKey = "/root/.ssh/id_nixops_ed25519"; + sshUser = "craige"; + system = "x86_64-linux"; + supportedFeatures = [ "big-parallel" ]; + }]; }; } diff --git a/profiles/nixpkgs-dev.nix b/profiles/nixpkgs-dev.nix index f643513..3893f9e 100644 --- a/profiles/nixpkgs-dev.nix +++ b/profiles/nixpkgs-dev.nix @@ -2,27 +2,29 @@ { config, pkgs, lib, ... }: +#let +# sources = import ../nix/sources.nix; +# unstable = import sources.nixpkgsUnstable {}; +#in + { - nixpkgs = { - config = { - allowUnfree = true; - }; - }; + nixpkgs = { config = { allowUnfree = true; }; }; environment = { systemPackages = with pkgs; [ - cabal2nix # Convert Cabal files into Nix build instructions - nixfmt # An opinionated formatter for Nix - nix-prefetch-github # Prefetch sources from github - nix-prefetch-git # Prefetch sources from git - nix-review # Review pull-requests on https://github.com/NixOS/nixpkgs - nix-top # Tracks what nix is building - nix-universal-prefetch # Uses nixpkgs fetchers to figure out hashes - nodePackages.node2nix # Generate Nix expressions to build NPM packages - nox # Tools to make Nix nicer - sqlite # To query the nixpkgs sqlite database - tig # Text-mode interface for git + cabal2nix # Convert Cabal files into Nix build instructions + nixfmt # An opinionated formatter for Nix + nix-prefetch-github # Prefetch sources from github + nix-prefetch-git # Prefetch sources from git + nix-review # Review pull-requests on https://github.com/NixOS/nixpkgs + nix-top # Tracks what nix is building + nix-universal-prefetch # Uses nixpkgs fetchers to figure out hashes + nodePackages.node2nix # Generate Nix expressions to build NPM packages + nox # Tools to make Nix nicer + sqlite # To query the nixpkgs sqlite database + tig # Text-mode interface for git + #unstable.statix # Lints and suggestions for the nix programming language ]; }; diff --git a/profiles/openssh.nix b/profiles/openssh.nix index 78a25a2..89543e0 100644 --- a/profiles/openssh.nix +++ b/profiles/openssh.nix @@ -5,17 +5,15 @@ { services.openssh = { - enable = true; # Enable the OpenSSH daemon. + enable = true; # Enable the OpenSSH daemon. permitRootLogin = "prohibit-password"; challengeResponseAuthentication = false; passwordAuthentication = false; openFirewall = true; - hostKeys = [ - { - path = "/etc/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - ]; + hostKeys = [{ + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + }]; }; } diff --git a/profiles/pi_common.nix b/profiles/pi_common.nix index 251d2cd..5514b4a 100644 --- a/profiles/pi_common.nix +++ b/profiles/pi_common.nix @@ -4,10 +4,11 @@ { - environment = { # Set the system-wide environment - systemPackages = with pkgs; [ - usbutils # Tools for working with USB devices, such as lsusb - ]; + environment = { # Set the system-wide environment + systemPackages = with pkgs; + [ + usbutils # Tools for working with USB devices, such as lsusb + ]; }; } diff --git a/profiles/powerManagement.nix b/profiles/powerManagement.nix index 8d74dea..f989c72 100644 --- a/profiles/powerManagement.nix +++ b/profiles/powerManagement.nix @@ -7,7 +7,7 @@ powerManagement = { enable = true; cpuFreqGovernor = lib.mkDefault "performance"; - powertop.enable = true; # Enable powertop auto tuning on startup + powertop.enable = true; # Enable powertop auto tuning on startup }; services = { @@ -17,7 +17,7 @@ }; tlp.enable = false; upower = { - enable = true; # Enable application power managemetn support + enable = true; # Enable application power managemetn support percentageCritical = 15; percentageAction = 15; }; diff --git a/profiles/prometheus.nix b/profiles/prometheus.nix index 48c5be6..d5417ca 100644 --- a/profiles/prometheus.nix +++ b/profiles/prometheus.nix @@ -8,9 +8,7 @@ prometheus = { enable = true; webExternalUrl = "https://monitoring.mcwhirter.io/prometheus/"; - extraFlags = [ - "--storage.tsdb.retention.time 8760h" - ]; + extraFlags = [ "--storage.tsdb.retention.time 8760h" ]; exporters = { node = { enable = true; @@ -52,171 +50,161 @@ # targets = [ "airgead.mcwhirter.io:9093" ]; # } ]; #} ]; - rules = [ (builtins.toJSON { - groups = [ - { + rules = [ + (builtins.toJSON { + groups = [{ name = "system"; rules = [ { alert = "node_down"; expr = "up == 0"; for = "5m"; - labels = { - severity = "page"; - }; + labels = { severity = "page"; }; annotations = { summary = "{{$labels.alias}}: Node is down."; - description = "{{$labels.alias}} has been down for more than 5 minutes."; + description = + "{{$labels.alias}} has been down for more than 5 minutes."; }; } { alert = "node_systemd_service_failed"; - expr = "node_systemd_unit_state{state=\"failed\"} == 1"; + expr = ''node_systemd_unit_state{state="failed"} == 1''; for = "4m"; - labels = { - severity = "page"; - }; + labels = { severity = "page"; }; annotations = { - summary = "{{$labels.alias}}: Service {{$labels.name}} failed to start."; - description = "{{$labels.alias}} failed to (re)start service {{$labels.name}}."; + summary = + "{{$labels.alias}}: Service {{$labels.name}} failed to start."; + description = + "{{$labels.alias}} failed to (re)start service {{$labels.name}}."; }; } { alert = "node_filesystem_full_90percent"; - expr = "sort(node_filesystem_free_bytes{device!=\"ramfs\"} < node_filesystem_size_bytes{device!=\"ramfs\"} * 0.1) / 1024^3"; + expr = '' + sort(node_filesystem_free_bytes{device!="ramfs"} < node_filesystem_size_bytes{device!="ramfs"} * 0.1) / 1024^3''; for = "5m"; - labels = { - severity = "page"; - }; + labels = { severity = "page"; }; annotations = { - summary = "{{$labels.alias}}: Filesystem is running out of space soon."; - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."; + summary = + "{{$labels.alias}}: Filesystem is running out of space soon."; + description = + "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} got less than 10% space left on its filesystem."; }; } { alert = "node_filesystem_full_in_4h"; - expr = "predict_linear(node_filesystem_free_bytes{device!=\"ramfs\",device!=\"tmpfs\",fstype!=\"autofs\",fstype!=\"cd9660\"}[4h], 4*3600) <= 0"; + expr = '' + predict_linear(node_filesystem_free_bytes{device!="ramfs",device!="tmpfs",fstype!="autofs",fstype!="cd9660"}[4h], 4*3600) <= 0''; for = "5m"; - labels = { - severity = "page"; - }; + labels = { severity = "page"; }; annotations = { - summary = "{{$labels.alias}}: Filesystem is running out of space in 4 hours."; - description = "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"; + summary = + "{{$labels.alias}}: Filesystem is running out of space in 4 hours."; + description = + "{{$labels.alias}} device {{$labels.device}} on {{$labels.mountpoint}} is running out of space of in approx. 4 hours"; }; } { alert = "node_filedescriptors_full_in_3h"; - expr = "predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum"; + expr = + "predict_linear(node_filefd_allocated[1h], 3*3600) >= node_filefd_maximum"; for = "20m"; - labels = { - severity = "page"; - }; + labels = { severity = "page"; }; annotations = { - summary = "{{$labels.alias}} is running out of available file descriptors in 3 hours."; - description = "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"; + summary = + "{{$labels.alias}} is running out of available file descriptors in 3 hours."; + description = + "{{$labels.alias}} is running out of available file descriptors in approx. 3 hours"; }; } { alert = "node_load1_90percent"; - expr = "node_load1 / on(alias) count(node_cpu_seconds_total{mode=\"system\"}) by (alias) >= 0.9"; + expr = '' + node_load1 / on(alias) count(node_cpu_seconds_total{mode="system"}) by (alias) >= 0.9''; for = "1h"; - labels = { - severity = "page"; - }; + labels = { severity = "page"; }; annotations = { summary = "{{$labels.alias}}: Running on high load."; - description = "{{$labels.alias}} is running with > 90% total load for at least 1h."; + description = + "{{$labels.alias}} is running with > 90% total load for at least 1h."; }; } { alert = "node_cpu_util_90percent"; - expr = "100 - (avg by (alias) (irate(node_cpu_seconds_total{mode=\"idle\"}[5m])) * 100) >= 90"; + expr = '' + 100 - (avg by (alias) (irate(node_cpu_seconds_total{mode="idle"}[5m])) * 100) >= 90''; for = "1h"; - labels = { - severity = "page"; - }; + labels = { severity = "page"; }; annotations = { summary = "{{$labels.alias}}: High CPU utilization."; - description = "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."; + description = + "{{$labels.alias}} has total CPU utilization over 90% for at least 1h."; }; } { alert = "node_ram_using_99percent"; - expr = "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01"; + expr = + "node_memory_MemFree_bytes + node_memory_Buffers_bytes + node_memory_Cached_bytes < node_memory_MemTotal_bytes * 0.01"; for = "30m"; - labels = { - severity = "page"; - }; + labels = { severity = "page"; }; annotations = { summary = "{{$labels.alias}}: Using lots of RAM."; - description = "{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now."; + description = + "{{$labels.alias}} is using at least 90% of its RAM for at least 30 minutes now."; }; } { alert = "node_swap_using_80percent"; - expr = "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8"; + expr = + "node_memory_SwapTotal_bytes - (node_memory_SwapFree_bytes + node_memory_SwapCached_bytes) > node_memory_SwapTotal_bytes * 0.8"; for = "10m"; - labels = { - severity = "page"; - }; + labels = { severity = "page"; }; annotations = { summary = "{{$labels.alias}}: Running out of swap soon."; - description = "{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."; + description = + "{{$labels.alias}} is using 80% of its swap space for at least 10 minutes now."; }; } { alert = "node_time_unsync"; - expr = "abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1"; + expr = + "abs(node_timex_offset_seconds) > 0.050 or node_timex_sync_status != 1"; for = "1m"; - labels = { - severity = "page"; - }; + labels = { severity = "page"; }; annotations = { summary = "{{$labels.alias}}: Clock out of sync with NTP"; - description = "{{$labels.alias}} Local clock offset is too large or out of sync with NTP"; + description = + "{{$labels.alias}} Local clock offset is too large or out of sync with NTP"; }; } ]; - } - ]; - })]; + }]; + }) + ]; scrapeConfigs = [ { job_name = "prometheus"; scrape_interval = "5s"; - static_configs = [ - { - targets = [ - "localhost:9090" - ]; - labels = { alias = "prometheus"; }; - } - ]; + static_configs = [{ + targets = [ "localhost:9090" ]; + labels = { alias = "prometheus"; }; + }]; } { job_name = "cardano-node"; scrape_interval = "10s"; - static_configs = [ - { - targets = [ "127.0.0.1:12798" ]; - labels = { alias = "airgead"; }; - } - ]; + static_configs = [{ + targets = [ "127.0.0.1:12798" ]; + labels = { alias = "airgead"; }; + }]; } { job_name = "node"; scrape_interval = "10s"; - static_configs = [ - { - targets = [ - "airgead.mcwhirter.io:9100" - ]; - labels = { - alias = "airgead.mcwhirter.io"; - }; - } - ]; + static_configs = [{ + targets = [ "airgead.mcwhirter.io:9100" ]; + labels = { alias = "airgead.mcwhirter.io"; }; + }]; } ]; }; diff --git a/profiles/qemu.nix b/profiles/qemu.nix index 89319cb..c620774 100644 --- a/profiles/qemu.nix +++ b/profiles/qemu.nix @@ -1,7 +1,6 @@ # Based up original work by cleverca22 # https://github.com/cleverca22/nixos-configs/blob/master/qemu.nix - { config, pkgs, lib, ... }: with lib; @@ -9,18 +8,24 @@ let cfg = config.qemu-user; arm = { interpreter = "${pkgs.qemu-user-arm}/bin/qemu-arm"; - magicOrExtension = ''\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00''; - mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; + magicOrExtension = + "\\x7fELF\\x01\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x28\\x00"; + mask = + "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff"; }; aarch64 = { interpreter = "${pkgs.qemu-user-arm64}/bin/qemu-aarch64"; - magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00''; - mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; + magicOrExtension = + "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xb7\\x00"; + mask = + "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff"; }; riscv64 = { interpreter = "${pkgs.qemu-riscv64}/bin/qemu-riscv64"; - magicOrExtension = ''\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xf3\x00''; - mask = ''\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\x00\xff\xfe\xff\xff\xff''; + magicOrExtension = + "\\x7fELF\\x02\\x01\\x01\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\xf3\\x00"; + mask = + "\\xff\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xff\\xff\\xff\\xff\\xff\\x00\\xff\\xfe\\xff\\xff\\xff"; }; in { options = { @@ -32,22 +37,22 @@ in { nix.supportedPlatforms = mkOption { type = types.listOf types.str; description = "extra platforms that nix will run binaries for"; - default = []; + default = [ ]; }; }; config = mkIf (cfg.arm || cfg.aarch64) { - nixpkgs = { - overlays = [ (import ../overlays/qemu) ]; - }; - boot.binfmt.registrations = - optionalAttrs cfg.arm { inherit arm; } // - optionalAttrs cfg.aarch64 { inherit aarch64; } // - optionalAttrs cfg.riscv64 { inherit riscv64; }; - nix.supportedPlatforms = (optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ]) + nixpkgs = { overlays = [ (import ../overlays/qemu) ]; }; + boot.binfmt.registrations = optionalAttrs cfg.arm { inherit arm; } + // optionalAttrs cfg.aarch64 { inherit aarch64; } + // optionalAttrs cfg.riscv64 { inherit riscv64; }; + nix.supportedPlatforms = + (optionals cfg.arm [ "armv6l-linux" "armv7l-linux" ]) ++ (optional cfg.aarch64 "aarch64-linux"); nix.extraOptions = '' extra-platforms = ${toString config.nix.supportedPlatforms} i686-linux ''; - nix.sandboxPaths = [ "/run/binfmt" ] ++ (optional cfg.arm "${pkgs.qemu-user-arm}") ++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}"); + nix.sandboxPaths = [ "/run/binfmt" ] + ++ (optional cfg.arm "${pkgs.qemu-user-arm}") + ++ (optional cfg.aarch64 "${pkgs.qemu-user-arm64}"); }; } diff --git a/profiles/retro-gaming.nix b/profiles/retro-gaming.nix index 9de2a68..4941283 100644 --- a/profiles/retro-gaming.nix +++ b/profiles/retro-gaming.nix @@ -1,4 +1,4 @@ -# Configuration for +# Configuration for { config, pkgs, ... }: diff --git a/profiles/server_common.nix b/profiles/server_common.nix index 5a48bdc..0eca6ff 100644 --- a/profiles/server_common.nix +++ b/profiles/server_common.nix @@ -4,12 +4,11 @@ { - imports = - [ - ../profiles/openssh.nix - ../secrets/user-craige.nix - ../secrets/user-root.nix - ]; + imports = [ + ../profiles/openssh.nix + ../secrets/user-craige.nix + ../secrets/user-root.nix + ]; programs.mosh = { enable = true; diff --git a/profiles/spotify.nix b/profiles/spotify.nix index e740300..748bcac 100644 --- a/profiles/spotify.nix +++ b/profiles/spotify.nix @@ -5,15 +5,11 @@ { services.spotifyd = { - enable = true; # Enable the Spotify daemon. - config = " - username = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/userName.gpg - password_cmd = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/passwd.gpg - "; + enable = true; # Enable the Spotify daemon. + config = + "\n username = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/userName.gpg\n password_cmd = ${pkgs.gnupg}/bin/gpg -q --for-your-eyes-only --no-tty -d ~/.spotify/passwd.gpg\n "; }; - environment.systemPackages = with pkgs; [ - spotify - ]; + environment.systemPackages = with pkgs; [ spotify ]; } diff --git a/profiles/starship.nix b/profiles/starship.nix index 797ed08..e2c9515 100644 --- a/profiles/starship.nix +++ b/profiles/starship.nix @@ -1,7 +1,8 @@ { pkgs, ... }: { - environment.systemPackages = with pkgs; [ - starship # A minimal, blazing fast, and extremely customizable prompt for any shell - ]; + environment.systemPackages = with pkgs; + [ + starship # A minimal, blazing fast, and extremely customizable prompt for any shell + ]; } diff --git a/profiles/sway.nix b/profiles/sway.nix index 0db7b28..c613e31 100644 --- a/profiles/sway.nix +++ b/profiles/sway.nix @@ -5,12 +5,6 @@ { programs.sway = { enable = true; - extraPackages = with pkgs; [ - alacritty - dmenu - swayidle - swaylock - xwayland - ]; + extraPackages = with pkgs; [ alacritty dmenu swayidle swaylock xwayland ]; }; } diff --git a/profiles/taskserver.nix b/profiles/taskserver.nix index f9b79a0..e47fd25 100644 --- a/profiles/taskserver.nix +++ b/profiles/taskserver.nix @@ -5,35 +5,21 @@ { services.taskserver = { - enable = true; # Enable Taskwarrior server - fqdn = "task.mcwhirter.io"; # Server's public domain name - listenHost = "task.mcwhirter.io"; # Sets listening IP & opens firewall + enable = true; # Enable Taskwarrior server + fqdn = "task.mcwhirter.io"; # Server's public domain name + listenHost = "task.mcwhirter.io"; # Sets listening IP & opens firewall organisations = { teaghlach = { - groups = [ - "teaghlach" - ]; - users = [ - "craige" - "fiona" - ]; + groups = [ "teaghlach" ]; + users = [ "craige" "fiona" ]; }; sgioba = { - groups = [ - "sgioba" - ]; - users = [ - "craige" - ]; + groups = [ "sgioba" ]; + users = [ "craige" ]; }; obair = { - groups = [ - "obair" - ]; - users = [ - "craige" - "disasm" - ]; + groups = [ "obair" ]; + users = [ "craige" "disasm" ]; }; }; pki.auto.expiration = { diff --git a/profiles/terminal-recording.nix b/profiles/terminal-recording.nix index 2da4cf5..cdc02f3 100644 --- a/profiles/terminal-recording.nix +++ b/profiles/terminal-recording.nix @@ -5,10 +5,10 @@ { environment.systemPackages = with pkgs; [ - asciinema # Terminal session recorder - asciinema-scenario # Create asciinema videos from a text file - image_optim # CLI tool to optimize images - termtosvg # Record terminal sessions as SVG animations + asciinema # Terminal session recorder + asciinema-scenario # Create asciinema videos from a text file + image_optim # CLI tool to optimize images + termtosvg # Record terminal sessions as SVG animations ]; } diff --git a/profiles/tmux.nix b/profiles/tmux.nix index e2c1aab..f1c4661 100644 --- a/profiles/tmux.nix +++ b/profiles/tmux.nix @@ -5,7 +5,7 @@ { programs = { - tmux = { # Terminal multiplexer required by byobu + tmux = { # Terminal multiplexer required by byobu enable = true; aggressiveResize = true; clock24 = true; @@ -28,10 +28,10 @@ bind-key -n Home send Escape "OH" bind-key -n End send Escape "OF" ''; - keyMode = "vi"; + keyMode = "vi"; newSession = true; - shortcut = "b"; - terminal = "screen-256color"; + shortcut = "b"; + terminal = "screen-256color"; }; }; diff --git a/profiles/tor-client.nix b/profiles/tor-client.nix index ef1d4d7..be03413 100644 --- a/profiles/tor-client.nix +++ b/profiles/tor-client.nix @@ -7,14 +7,10 @@ services = { tor = { enable = true; - client = { - enable = true; - }; + client = { enable = true; }; }; }; - environment.systemPackages = with pkgs; [ - torbrowser - ]; + environment.systemPackages = with pkgs; [ torbrowser ]; } diff --git a/profiles/transmission.nix b/profiles/transmission.nix index 5fb8b22..ef4d2f8 100644 --- a/profiles/transmission.nix +++ b/profiles/transmission.nix @@ -6,12 +6,12 @@ services = { transmission = { - enable = true; # Enable Transmission + enable = true; # Enable Transmission credentialsFile = "/run/keys/transmission"; # Authentication secrets settings = { - rpc-authentication-required = true; # Enforce authentication - rpc-bind-address = "0.0.0.0"; # Listen on all interfaces - rpc-whitelist = "127.0.0.1,10.42.0.*"; # Allow hosts on the LAN + rpc-authentication-required = true; # Enforce authentication + rpc-bind-address = "0.0.0.0"; # Listen on all interfaces + rpc-whitelist = "127.0.0.1,10.42.0.*"; # Allow hosts on the LAN }; }; cron = { @@ -26,7 +26,7 @@ }; }; - networking.firewall.allowedTCPPorts = [ 9091 ]; # Open the rpc firewall port + networking.firewall.allowedTCPPorts = [ 9091 ]; # Open the rpc firewall port # Allow transmission to read the secrets keys users.groups.keys.members = [ "transmission" ]; diff --git a/profiles/tt-rss.nix b/profiles/tt-rss.nix index cb3c555..9b81f63 100644 --- a/profiles/tt-rss.nix +++ b/profiles/tt-rss.nix @@ -5,56 +5,52 @@ { services.tt-rss = { - enable = true; # Enable TT-RSS - database = { # Configure the database - type = "pgsql"; # Database type - passwordFile = "/run/keys/tt-rss-dbpass"; # Where to find the password + enable = true; # Enable TT-RSS + database = { # Configure the database + type = "pgsql"; # Database type + passwordFile = "/run/keys/tt-rss-dbpass"; # Where to find the password }; email = { - fromAddress = "news@mcwhirter.io"; # Address for outgoing email - fromName = "News at mcwhirter.io"; # Display name for outgoing email + fromAddress = "news@mcwhirter.io"; # Address for outgoing email + fromName = "News at mcwhirter.io"; # Display name for outgoing email }; - selfUrlPath = "https://news.mcwhirter.io/"; # Root web URL - virtualHost = "news.mcwhirter.io"; # Setup a virtualhost + selfUrlPath = "https://news.mcwhirter.io/"; # Root web URL + virtualHost = "news.mcwhirter.io"; # Setup a virtualhost }; services.postgresql = { - enable = true; # Ensure postgresql is enabled + enable = true; # Ensure postgresql is enabled authentication = '' local tt_rss all ident map=tt_rss-users ''; - identMap = # Map the tt-rss user to postgresql + identMap = # Map the tt-rss user to postgresql '' tt_rss-users tt_rss tt_rss ''; - ensureDatabases = [ "tt_rss" ]; # Ensure the database persists - ensureUsers = [ - { - name = "tt_rss"; # Ensure the database user persists - ensurePermissions = { # Ensure the database permissions persist - "DATABASE tt_rss" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - }; - } - ]; + ensureDatabases = [ "tt_rss" ]; # Ensure the database persists + ensureUsers = [{ + name = "tt_rss"; # Ensure the database user persists + ensurePermissions = { # Ensure the database permissions persist + "DATABASE tt_rss" = "ALL PRIVILEGES"; + "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + }; + }]; }; services.nginx = { - enable = true; # Enable Nginx + enable = true; # Enable Nginx recommendedGzipSettings = true; recommendedOptimisation = true; recommendedProxySettings = true; recommendedTlsSettings = true; - virtualHosts."news.mcwhirter.io" = { # TT-RSS hostname - enableACME = true; # Use ACME certs - forceSSL = true; # Force SSL + virtualHosts."news.mcwhirter.io" = { # TT-RSS hostname + enableACME = true; # Use ACME certs + forceSSL = true; # Force SSL }; }; - security.acme.certs = { - "news.mcwhirter.io".email = "craige@mcwhirter.io"; - }; + security.acme.certs = { "news.mcwhirter.io".email = "craige@mcwhirter.io"; }; - users.groups.keys.members = [ "tt_rss" ]; # Required due to NixOps issue #1204 + users.groups.keys.members = [ "tt_rss" ]; # Required due to NixOps issue #1204 } diff --git a/profiles/typingTutor.nix b/profiles/typingTutor.nix index f982c02..f181be9 100644 --- a/profiles/typingTutor.nix +++ b/profiles/typingTutor.nix @@ -6,10 +6,10 @@ environment = { systemPackages = with pkgs; [ - gtypist # Universal typing tutor - klavaro # Free touch typing tutor program - tuxtype # Educational Typing Tutor Game Starring Tux, the Linux Penguin - terminal-typeracer # Terminal based version of Typeracer + gtypist # Universal typing tutor + klavaro # Free touch typing tutor program + tuxtype # Educational Typing Tutor Game Starring Tux, the Linux Penguin + terminal-typeracer # Terminal based version of Typeracer ]; }; diff --git a/profiles/vim.nix b/profiles/vim.nix index 54a20e5..af4663a 100644 --- a/profiles/vim.nix +++ b/profiles/vim.nix @@ -1,7 +1,7 @@ with import { overlays = [ (import ../overlays/vim-cue.nix) ]; }; vim_configurable.customize { - name = "vim"; # Specifies the vim binary name. + name = "vim"; # Specifies the vim binary name. # Below you can specify what usually goes into `~/.vimrc` vimrcConfig.customRC = '' " Preferred global default settings: @@ -262,32 +262,32 @@ vim_configurable.customize { # store your plugins in Vim packages vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; { - start = [ # Plugins loaded on launch - airline # Lean & mean status/tabline for vim that's light as air - ctrlp # Full path fuzzy file, buffer, mru, tag, ... finder for Vim - fugitive # Vim Git wrapper - gruvbox # Install the gruvbox theme - haskell-vim # Syntax Highlighting and Indentation for Haskell - indentLine # Display thin vertical lines at each indentation level - neocomplete-vim # Keyword completion system - nerdcommenter # Comment functions so powerful—no comment necessary - nerdtree # File system explorer - nerdtree-git-plugin # Plugin for nerdtree showing git status - nord-vim # Nord theme for ViM - papercolor-theme # Light & dark schemes inspired by Google's Material Design - snipmate # Concise vim script implementing TextMate's snippets features - solarized # Solarized colours for Vim - supertab # Allows you to use for all your insert completion - syntastic # Syntax checking hacks - tabular # Script for text filtering and alignment - vim-addon-nix # Scripts assisting writing .nix files - vim-airline-themes # Collection of themes for airline - vim-autoformat # Automatically format code - vim-colorschemes # Collection of ViM colour schemes - vim-cue # Cue filetype plugin for Vim - vim-nix # Support for writing Nix expressions in vim - vim-numbertoggle # Toggle between relative / absolute line numbers automatically - vim-polyglot # A solid language pack for Vim + start = [ # Plugins loaded on launch + airline # Lean & mean status/tabline for vim that's light as air + ctrlp # Full path fuzzy file, buffer, mru, tag, ... finder for Vim + fugitive # Vim Git wrapper + gruvbox # Install the gruvbox theme + haskell-vim # Syntax Highlighting and Indentation for Haskell + indentLine # Display thin vertical lines at each indentation level + neocomplete-vim # Keyword completion system + nerdcommenter # Comment functions so powerful—no comment necessary + nerdtree # File system explorer + nerdtree-git-plugin # Plugin for nerdtree showing git status + nord-vim # Nord theme for ViM + papercolor-theme # Light & dark schemes inspired by Google's Material Design + snipmate # Concise vim script implementing TextMate's snippets features + solarized # Solarized colours for Vim + supertab # Allows you to use for all your insert completion + syntastic # Syntax checking hacks + tabular # Script for text filtering and alignment + vim-addon-nix # Scripts assisting writing .nix files + vim-airline-themes # Collection of themes for airline + vim-autoformat # Automatically format code + vim-colorschemes # Collection of ViM colour schemes + vim-cue # Cue filetype plugin for Vim + vim-nix # Support for writing Nix expressions in vim + vim-numbertoggle # Toggle between relative / absolute line numbers automatically + vim-polyglot # A solid language pack for Vim ]; # manually loadable by calling `:packadd $plugin-name` # opt = [ phpCompletion elm-vim ]; diff --git a/profiles/weechat.nix b/profiles/weechat.nix index 62ec619..85ef8b4 100644 --- a/profiles/weechat.nix +++ b/profiles/weechat.nix @@ -5,30 +5,32 @@ { environment.systemPackages = with pkgs; [ - aspell # Required for spell checking in weechat - aspellDicts.en # Required for spell checking in weechat - aspellDicts.en-computers # Required for spell checking in weechat - aspellDicts.en-science # Required for spell checking in weechat + aspell # Required for spell checking in weechat + aspellDicts.en # Required for spell checking in weechat + aspellDicts.en-computers # Required for spell checking in weechat + aspellDicts.en-science # Required for spell checking in weechat (weechat.override { - configure = { availablePlugins, ... }: with weechatScripts; { - plugins = with availablePlugins; [ - lua - perl - (python.withPackages (ps: with ps; [ - dbus-python - websocket_client # Required by wee-slack - weechat-matrix # https://github.com/NixOS/nixpkgs/pull/79669#issuecomment-584249420 - ])) - ]; - scripts = [ - wee-slack # A WeeChat plugin for Slack.com - weechat-autosort # Automatically or manually keep your buffers sorted - weechat-matrix # Weechat communication over the Matrix protocol - weechat-otr # WeeChat script for Off-the-Record messaging - ]; - }; + configure = { availablePlugins, ... }: + with weechatScripts; { + plugins = with availablePlugins; [ + lua + perl + (python.withPackages (ps: + with ps; [ + dbus-python + websocket_client # Required by wee-slack + weechat-matrix # https://github.com/NixOS/nixpkgs/pull/79669#issuecomment-584249420 + ])) + ]; + scripts = [ + wee-slack # A WeeChat plugin for Slack.com + weechat-autosort # Automatically or manually keep your buffers sorted + weechat-matrix # Weechat communication over the Matrix protocol + weechat-otr # WeeChat script for Off-the-Record messaging + ]; + }; }) - weechatScripts.weechat-matrix # Weechat communication over the Matrix protocol + weechatScripts.weechat-matrix # Weechat communication over the Matrix protocol ]; } diff --git a/profiles/xmonad.nix b/profiles/xmonad.nix index 90c13c3..724466e 100644 --- a/profiles/xmonad.nix +++ b/profiles/xmonad.nix @@ -4,39 +4,36 @@ { - imports = [ - ../profiles/picom.nix - ]; + imports = [ ../profiles/picom.nix ]; services = { - devmon.enable = true; # Enable external device automounting. - udev = { - packages = with pkgs; [ - gnome3.gnome-settings-daemon - ]; - }; - udisks2.enable = true; # Enable udisks2. + devmon.enable = true; # Enable external device automounting. + udev = { packages = with pkgs; [ gnome3.gnome-settings-daemon ]; }; + udisks2.enable = true; # Enable udisks2. xserver = { - enable = true; # Enable the X11 windowing system. + enable = true; # Enable the X11 windowing system. desktopManager = { - xterm.enable = false; # Disable NixOS default desktop manager. - gnome.enable = true; # Enable GNOME desktop environment + xterm.enable = false; # Disable NixOS default desktop manager. + gnome.enable = true; # Enable GNOME desktop environment }; displayManager = { - defaultSession = "none+xmonad"; # Set xmonad as the default window manager. - gdm.enable = true; # Enable the GNOME display manager + defaultSession = + "none+xmonad"; # Set xmonad as the default window manager. + gdm.enable = true; # Enable the GNOME display manager }; - layout = "us"; # Set your preferred keyboard layout. - libinput.enable = true; # Enable touchpad support. - windowManager = { # Open configuration for the window manager. - xmonad.enable = true; # Enable xmonad. - xmonad.enableContribAndExtras = true; # Enable xmonad contrib and extras. - xmonad.extraPackages = hpkgs: [ # Open configuration for additional Haskell packages. - hpkgs.xmonad-contrib # Install xmonad-contrib. - hpkgs.xmonad-extras # Install xmonad-extras. - hpkgs.xmonad # Install xmonad itself. - ]; + layout = "us"; # Set your preferred keyboard layout. + libinput.enable = true; # Enable touchpad support. + windowManager = { # Open configuration for the window manager. + xmonad.enable = true; # Enable xmonad. + xmonad.enableContribAndExtras = + true; # Enable xmonad contrib and extras. + xmonad.extraPackages = + hpkgs: [ # Open configuration for additional Haskell packages. + hpkgs.xmonad-contrib # Install xmonad-contrib. + hpkgs.xmonad-extras # Install xmonad-extras. + hpkgs.xmonad # Install xmonad itself. + ]; }; }; }; @@ -49,30 +46,31 @@ }; # Install any additional fonts that I require to be used with xmonad - fonts.fonts = with pkgs; [ - opensans-ttf # Used in in my xmobar configuration - ]; + fonts.fonts = with pkgs; + [ + opensans-ttf # Used in in my xmobar configuration + ]; # Install other packages that I require to be used with xmonad. environment.systemPackages = with pkgs; [ - feh # A light-weight image viewer to set backgrounds - gnome-themes-extra # Provides Adwaita-dark - gnome3.gnome-tweaks # A tool to customize advanced GNOME 3 options - haskellPackages.libmpd # Shows MPD status in xmobar - haskellPackages.xmobar # A minimalistic text based status bar - haskellPackages.xmonad # Required for user rebuild with (ie: [alt]+Q) - haskellPackages.xmonad-extras # Required for user rebuild with (ie: [alt]+Q) - haskellPackages.xmonad-contrib # Required for user rebuild with (ie: [alt]+Q) - libnotify # Notification client for my Xmonad setup - lxqt.lxqt-notificationd # The notify daemon itself - mpc_cli # CLI for MPD, called from xmonad - scrot # CLI screen capture utility - trayer # A system tray for use with xmonad - xbrightness # X11 brigthness and gamma software control - xflux # Adjusts your screen to emit warmer light at night - xorg.xrandr # CLI to X11 RandR extension - xscreensaver # My preferred screensaver - xsettingsd # A lightweight desktop settings server + feh # A light-weight image viewer to set backgrounds + gnome-themes-extra # Provides Adwaita-dark + gnome3.gnome-tweaks # A tool to customize advanced GNOME 3 options + haskellPackages.libmpd # Shows MPD status in xmobar + haskellPackages.xmobar # A minimalistic text based status bar + haskellPackages.xmonad # Required for user rebuild with (ie: [alt]+Q) + haskellPackages.xmonad-extras # Required for user rebuild with (ie: [alt]+Q) + haskellPackages.xmonad-contrib # Required for user rebuild with (ie: [alt]+Q) + libnotify # Notification client for my Xmonad setup + lxqt.lxqt-notificationd # The notify daemon itself + mpc_cli # CLI for MPD, called from xmonad + scrot # CLI screen capture utility + trayer # A system tray for use with xmonad + xbrightness # X11 brigthness and gamma software control + xflux # Adjusts your screen to emit warmer light at night + xorg.xrandr # CLI to X11 RandR extension + xscreensaver # My preferred screensaver + xsettingsd # A lightweight desktop settings server ]; programs.dconf.enable = true; diff --git a/profiles/yubikey.nix b/profiles/yubikey.nix index a2d845a..4f722a6 100644 --- a/profiles/yubikey.nix +++ b/profiles/yubikey.nix @@ -7,8 +7,8 @@ services = { udev = { packages = [ - pkgs.yubikey-personalization # A library and command line tool to personalize YubiKeys - pkgs.libu2f-host # A C library and command-line tool that implements the host-side of the U2F protocol + pkgs.yubikey-personalization # A library and command line tool to personalize YubiKeys + pkgs.libu2f-host # A C library and command-line tool that implements the host-side of the U2F protocol ]; extraRules = let dependencies = with pkgs; [ coreutils gnupg gawk gnugrep ]; @@ -32,20 +32,20 @@ ACTION=="add|change", SUBSYSTEM=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0407", RUN+="${clearYubikeyUser}" ''; }; - pcscd.enable = true; # Enable PCSC-Lite daemon + pcscd.enable = true; # Enable PCSC-Lite daemon }; # Additional packages used with the Yubikey environment = { systemPackages = with pkgs; [ - paperkey # Store OpenPGP or GnuPG on paper - pinentry_curses # GnuPG’s interface to passphrase input - pinentry_qt # GnuPG’s interface to passphrase input - yubikey-manager # CLI tool for configuring any YubiKey over USB - yubikey-manager-qt # Configure any YubiKey over USB interfaces - yubikey-personalization # Lib & CLI tool to personalize YubiKeys - yubikey-personalization-gui # QT based utility to facilitate Yubikey reconfiguration - yubioath-desktop # Yubikey Desktop Authenticator + paperkey # Store OpenPGP or GnuPG on paper + pinentry_curses # GnuPG’s interface to passphrase input + pinentry_qt # GnuPG’s interface to passphrase input + yubikey-manager # CLI tool for configuring any YubiKey over USB + yubikey-manager-qt # Configure any YubiKey over USB interfaces + yubikey-personalization # Lib & CLI tool to personalize YubiKeys + yubikey-personalization-gui # QT based utility to facilitate Yubikey reconfiguration + yubioath-desktop # Yubikey Desktop Authenticator ]; shellInit = '' export GPG_TTY="$(tty)" @@ -55,10 +55,10 @@ }; programs = { - ssh.startAgent = false; # Disable the SSH Agent + ssh.startAgent = false; # Disable the SSH Agent gnupg.agent = { - enable = true; # Enable GPG Agent - enableSSHSupport = true; # Enable SSH agent support in GnuPG agent + enable = true; # Enable GPG Agent + enableSSHSupport = true; # Enable SSH agent support in GnuPG agent }; }; diff --git a/profiles/zsh.nix b/profiles/zsh.nix index b1251fe..ed416c0 100644 --- a/profiles/zsh.nix +++ b/profiles/zsh.nix @@ -6,7 +6,7 @@ # Program defaults for all hosts programs.zsh = { - enable = true; # Also enables & installs nix-zsh-completions + enable = true; # Also enables & installs nix-zsh-completions autosuggestions.enable = true; interactiveShellInit = '' export TERM="xterm-256color" @@ -22,10 +22,7 @@ ''; ohMyZsh = { enable = true; - plugins = [ - "fzf" - "git" - ]; + plugins = [ "fzf" "git" ]; }; promptInit = '' eval "$(starship init zsh)" @@ -33,10 +30,8 @@ vteIntegration = true; }; - environment.systemPackages = with pkgs; [ - fzf - ]; + environment.systemPackages = with pkgs; [ fzf ]; - users.defaultUserShell = pkgs.zsh; # Set the default shell for all users + users.defaultUserShell = pkgs.zsh; # Set the default shell for all users }