Get hera running

hosts/apollo/configuration.nix

@@ -15,6 +15,7 @@ in {
     ./hardware-configuration.nix
     ../../system
     ../../system/fonts.nix
+    ../../system/boot-key.nix
     ../../system/standalone
   ];
 
@@ -36,11 +37,11 @@ in {
         }];
         postSetup =
           [ "${pkgs.iproute}/bin/ip route add ${prefix}::/64 dev m0wire" ];
+        };
       };
     };
-  };
 
-  m-0 = { laptop.enable = true; };
+    m-0 = { laptop.enable = true; };
 
   # Use the systemd-boot EFI boot loader.
   boot = {
@@ -65,30 +66,30 @@ in {
   services = {
     prometheus.exporters.node.firewallFilter =
       "-i m0wire -p tcp -m tcp --dport 9100";
-    autorandr.enable = true;
-    borgbackup.jobs.data = {
-      doInit = false;
-      startAt = [ ];
-      exclude = [
-        "/home/${me.user}/data/aktuell/media"
-        "/home/${me.user}/data/.stversions"
-      ];
-      encryption.mode = "none";
-      paths = "/home/${me.user}/data";
-      repo = "borg@borg:.";
-      compression = "zstd,5";
+      autorandr.enable = true;
+      borgbackup.jobs.data = {
+        doInit = false;
+        startAt = [ ];
+        exclude = [
+          "/home/${me.user}/data/aktuell/media"
+          "/home/${me.user}/data/.stversions"
+        ];
+        encryption.mode = "none";
+        paths = "/home/${me.user}/data";
+        repo = "borg@borg:.";
+        compression = "zstd,5";
+      };
     };
-  };
 
-  cdark_net = {
-    enable = true;
-    hostName = "${me.user}_${config.networking.hostName}";
-    ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}"
+    cdark_net = {
+      enable = true;
+      hostName = "${me.user}_${config.networking.hostName}";
+      ed25519PrivateKeyFile = /etc/nixos/hosts + "/${config.networking.hostName}"
       + /secret/tinc/ed25519_key.priv;
-    hostsDirectory =
-      (builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
-    ip6address = "fd23:42:cda:4342::2";
-    ip4address = "172.20.71.2";
-  };
+      hostsDirectory =
+        (builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
+        ip6address = "fd23:42:cda:4342::2";
+        ip4address = "172.20.71.2";
+      };
 
-}
+    }

lib/test.nix

@@ -1,7 +1,7 @@
 let
   inherit (import ../pkgs) niv;
   inherit (import ../lib)
-    pkgs writeHaskellScript get-niv-path home-manager unstable haskellList;
+  pkgs writeHaskellScript get-niv-path home-manager unstable haskellList;
 in rec {
   haskellBody = commandline: ''
     getNivPath dir = readTrim . get_niv_path ([i|#{dir :: String}/nix/sources.nix|] :: String)
@@ -53,11 +53,11 @@ in rec {
 
     main = do
       path <- readTrim pwd
-      bump <- fmap ((== "bump") . listToMaybe) getArgs
+      bump <- (maybe False (== "bump") . listToMaybe) <$> getArgs
       bracket checkout (rm "-rf") $ \dir -> do
         withCurrentDirectory dir $ do
           mapM_ (\x -> git_crypt "unlock" ([i|${configPath}/.git/git-crypt/keys/#{x}|] :: String)) ${
-      haskellList keys
+            haskellList keys
           }
           when bump $ ignoreFailure $ niv "update"
         mapM_ (test_system_config dir) ${haskellList systems}

pkgs/default.nix

@@ -1,6 +1,6 @@
 let
   my-lib = import ../lib;
-  inherit (my-lib) pkgs unstable sources writeHaskellScript;
+  inherit (my-lib) pkgs unstable sources writeHaskellScript gcRetentionDays;
 in rec {
   tasktree = pkgs.callPackage ./tasktree { };
   neovim = pkgs.neovim.override {
@@ -18,8 +18,8 @@ in rec {
   core-system-pkgs = {
     inherit neovim;
     inherit (pkgs)
-      gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
-      liboping psmisc unzip rename whois lsof;
+    gitFull gnumake python3 mkpasswd file wget curl wireguard gnupg mutt bind
+    liboping psmisc unzip rename whois lsof;
   };
 
   extra-system-pkgs = {
@@ -28,8 +28,8 @@ in rec {
     inherit (pkgs.rxvt_unicode) terminfo;
     inherit (pkgs.pythonPackages) qrcode;
     inherit (pkgs)
-      git-crypt htop tree pwgen borgbackup inotifyTools direnv socat nmap
-      tcpdump tmux tig exa fzf ag fd bat ripgrep ranger pass sshuttle;
+    git-crypt htop tree pwgen borgbackup inotifyTools direnv socat nmap
+    tcpdump tmux tig exa fzf ag fd bat ripgrep ranger pass sshuttle;
   };
   gw2wrapper = writeHaskellScript {
     name = "gw2wrapper";
@@ -37,35 +37,35 @@ in rec {
     imports =
       [ "System.Directory (withCurrentDirectory)" "Control.Monad (when)" ];
 
-  } ''
-    waitForExit = do
+    } ''
+      waitForExit = do
       sleep "5s"
       processes <- readTrim $ ps "aux"
       when
         (BSC.isInfixOf (BSC.pack "GW2.exe") (LBSC.toStrict processes))
         waitForExit
-    main = do
+      main = do
       withCurrentDirectory "/home/maralorn/GW2" $ exe "./play.sh"
       waitForExit
-  '';
+    '';
 
-  laptop-home-pkgs = {
-    maintenance = pkgs.writeShellScriptBin "maintenance" ''
-      git -C ~/git/nixos/config pull
-      update-home
-      sudo -A update-system
-      sudo -A nix_collect_garbage --delete-older-than ${toString gcRetentionDays}d
-      nix optimise-store
-    '';
-    rewlan = pkgs.writeShellScriptBin "rewlan" ''
-      nmcli r wifi off;
-      sleep 0.1s;
-      nmcli r wifi on;
-    '';
-    gw2 = pkgs.buildFHSUserEnv {
-      name = "gw2";
-      targetPkgs = pkgs: (with pkgs; [ sambaFull ]);
-      multiPkgs = pkgs:
+    laptop-home-pkgs = {
+      maintenance = pkgs.writeShellScriptBin "maintenance" ''
+        git -C ~/git/nixos/config pull
+        update-home
+        sudo -A update-system
+        sudo -A nix_collect_garbage --delete-older-than ${toString gcRetentionDays}d
+        nix optimise-store
+      '';
+      rewlan = pkgs.writeShellScriptBin "rewlan" ''
+        nmcli r wifi off;
+        sleep 0.1s;
+        nmcli r wifi on;
+      '';
+      gw2 = pkgs.buildFHSUserEnv {
+        name = "gw2";
+        targetPkgs = pkgs: (with pkgs; [ sambaFull ]);
+        multiPkgs = pkgs:
         (with pkgs;
         with xorg; [
           file
@@ -93,15 +93,15 @@ in rec {
           gnutls
           krb5Full
         ]);
-      runScript = "${gw2wrapper}/bin/gw2wrapper";
-    };
-    cachix = import sources.cachix { };
-    nixfmt = import sources.nixfmt { };
-    inherit (pkgs.gnome3) nautilus;
-    inherit (pkgs.xorg) xev xbacklight;
-    inherit (pkgs)
+        runScript = "${gw2wrapper}/bin/gw2wrapper";
+      };
+      cachix = import sources.cachix { };
+      nixfmt = import sources.nixfmt { };
+      inherit (pkgs.gnome3) nautilus;
+      inherit (pkgs.xorg) xev xbacklight;
+      inherit (pkgs)
     # web
-      chromium
+    chromium
 
       # communication
       signal-desktop tdesktop acpi dino mumble
@@ -124,47 +124,47 @@ in rec {
 
       # games
       minetest;
-  };
+    };
 
-  my-home-pkgs = {
-    print215 = pkgs.writeShellScriptBin "print215" ''
-      scp "$@" ag-forward:
-      ssh ag-forward lpr -Zduplex -r "$@"
-    '';
-    print215single = pkgs.writeShellScriptBin "print215single" ''
-      scp "$@" ag-forward:
-      ssh ag-forward lpr -r "$@"
-    '';
-  };
-  urxvt = pkgs.rxvt_unicode-with-plugins;
-  terminal = pkgs.writeShellScriptBin "terminal" ''
-    ${urxvt}/bin/urxvtc "$@"
-    if [ $? -eq 2 ]; then
+    my-home-pkgs = {
+      print215 = pkgs.writeShellScriptBin "print215" ''
+        scp "$@" ag-forward:
+        ssh ag-forward lpr -Zduplex -r "$@"
+      '';
+      print215single = pkgs.writeShellScriptBin "print215single" ''
+        scp "$@" ag-forward:
+        ssh ag-forward lpr -r "$@"
+      '';
+    };
+    urxvt = pkgs.rxvt_unicode-with-plugins;
+    terminal = pkgs.writeShellScriptBin "terminal" ''
+      ${urxvt}/bin/urxvtc "$@"
+      if [ $? -eq 2 ]; then
      ${urxvt}/bin/urxvtd -q -o -f
      ${urxvt}/bin/urxvtc "$@"
-    fi
-  '';
-  desktop-pkgs = {
-    inherit urxvt tasktree terminal;
-    inherit (pkgs) xautolock;
-    inherit (pkgs.gnome3) dconf;
-  };
-  home-pkgs = {
-    inherit (pkgs.pythonPackages) yapf jsbeautifier;
-    inherit (pkgs) ncmpcpp shfmt htmlTidy astyle;
-    inherit (my-lib) ghc;
-    inherit home-neovim;
-  };
-  accounting-pkgs = {
-    jali = pkgs.callPackage ./jali { };
-    inherit (pkgs.haskellPackages) hledger hledger-ui;
-    inherit (pkgs) ledger;
-  };
-  system-pkgs = core-system-pkgs // extra-system-pkgs // {
-    inherit (import ../lib/test.nix)
-      test-system-config test-home-config test-and-bump-config;
-    inherit (my-lib) home-manager;
-  };
-  foreign-home-pkgs = extra-system-pkgs;
-  eventd = pkgs.callPackage ./eventd { };
-}
+      fi
+    '';
+    desktop-pkgs = {
+      inherit urxvt tasktree terminal;
+      inherit (pkgs) xautolock;
+      inherit (pkgs.gnome3) dconf;
+    };
+    home-pkgs = {
+      inherit (pkgs.pythonPackages) yapf jsbeautifier;
+      inherit (pkgs) ncmpcpp shfmt htmlTidy astyle;
+      inherit (my-lib) ghc;
+      inherit home-neovim;
+    };
+    accounting-pkgs = {
+      jali = pkgs.callPackage ./jali { };
+      inherit (pkgs.haskellPackages) hledger hledger-ui;
+      inherit (pkgs) ledger;
+    };
+    system-pkgs = core-system-pkgs // extra-system-pkgs // {
+      inherit (import ../lib/test.nix)
+      test-system-config test-home-config test-config;
+      inherit (my-lib) home-manager;
+    };
+    foreign-home-pkgs = extra-system-pkgs;
+    eventd = pkgs.callPackage ./eventd { };
+  }

system/server/default.nix

@@ -1,4 +1,6 @@
-{ config, pkgs, lib, ... }: {
+{ config, pkgs, lib, ... }:
+
+{
 
   imports = [ ./init_ssh.nix ];
 
@@ -6,25 +8,26 @@
     startAt = "2:45";
     environment.NIX_PATH =
       "/etc/nix-path:nixos-config=/etc/nixos/configuration.nix";
-    path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ];
-    WorkingDirectory = "/var/cache/gc-links";
-    restartIfChanged = false;
-    unitConfig.X-StopOnRemoval = false;
-    serviceConfig = {
-      Type = "oneshot";
+      path = [ pkgs.nix pkgs.gnutar pkgs.gzip pkgs.git pkgs.git-crypt ];
+      restartIfChanged = false;
+      unitConfig.X-StopOnRemoval = false;
+      serviceConfig = {
+        Type = "oneshot";
+        WorkingDirectory = "/var/cache/gc-links";
+      };
       script = ''
-        ${(import ../lib/test.nix).test-config}/bin/test-config
+        ${(import ../../lib/test.nix).test-config}/bin/test-config
         sudo -u maralorn git -C /home/maralorn/git/nixos/config pull
         ${
-          (import ../lib/update-system.nix
+          (import ../../lib/update-system.nix
           config.system.build.nixos-rebuild).update-system
         }/bin/update-system
+        sudo -u maralorn update-home
       '';
     };
-  };
-  nix = {
-    gc.automatic = true;
-    optimise.automatic = true;
-  };
+    nix = {
+      gc.automatic = true;
+      optimise.automatic = true;
+    };
 
-}
+  }

system/standalone/default.nix

@@ -1,7 +1,7 @@
 { pkgs, config, lib, ... }:
-with lib; {
+{
 
-  imports = [ ./admin.nix ./boot-key.nix ];
+  imports = [ ./admin.nix  ];
 
   # So that boot does not fill up with old kernels
   boot.loader.grub.configurationLimit = 5;
@@ -14,16 +14,16 @@ with lib; {
   security.sudo.extraConfig =
     "\n    Defaults timestamp_type=global, timestamp_timeout=15\n  ";
 
-  services = { sshd.enable = true; };
+    services = { sshd.enable = true; };
 
-  nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
+    nix.nixPath = [ "nixos-config=/etc/nixos/configuration.nix" ];
 
-  environment = {
+    environment = {
     # Put these into an extra file so the essential packages can also be included on non selfadminstrated systems from home-manager
     systemPackages = builtins.attrValues ({
       inherit (import ../../lib/update-system.nix
       config.system.build.nixos-rebuild)
-        update-system system-maintenance;
+      update-system;
     } // (import ../../pkgs).system-pkgs);
     sessionVariables = { TERMINFO = "/run/current-system/sw/share/terminfo"; };
   };