maralorn/nixos-config
1
0
Fork 0
Code Wiki Activity

Fix formattig

Browse source
This commit is contained in:
Malte Brandy 2022-03-08 15:02:04 +01:00
parent 97399ca9e6
commit 962d1af8f6
3 changed files with 80 additions and 81 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
home-manager/roles/default.nix
View file

@ -1,7 +1,8 @@
{ pkgs
, config
, lib
, ...
{
pkgs,
config,
lib,
...
}: {
imports = [
./zsh
@ -12,7 +13,7 @@
./neovim
./nvd.nix
];
nixpkgs.overlays = import ../../overlays { inherit lib; };
nixpkgs.overlays = import ../../overlays {inherit lib;};
news.display = "silent";
@ -63,7 +64,7 @@
'';
};
password-store = {
package = pkgs.pass-wayland.withExtensions (exts: [ exts.pass-update pkgs.pass-clip exts.pass-otp ]);
package = pkgs.pass-wayland.withExtensions (exts: [exts.pass-update pkgs.pass-clip exts.pass-otp]);
enable = true;
settings.PASSWORD_STORE_DIR = "${config.home.homeDirectory}/git/password-store";
};
@ -124,8 +125,7 @@
controlPersist = "120";
enable = true;
matchBlocks = {
git-auto.
identityFile = "~/.ssh/id_auto_ed25519";
git-auto.identityFile = "~/.ssh/id_auto_ed25519";
"door.w17.io".identityFile = "~/.ssh/door_rsa";
};
};
@ -142,11 +142,11 @@
)
(
pkgs.writeShellScriptBin "print-radicle-pw"
"pass show etc/radicle/${config.m-0.hostName}"
"pass show etc/radicle/${config.m-0.hostName}"
)
(
pkgs.writeShellScriptBin "print-ssh-pw"
"pass show eu/m-0/${config.m-0.hostName}.m-0.eu/ssh-key"
"pass show eu/m-0/${config.m-0.hostName}.m-0.eu/ssh-key"
)
(
pkgs.writeShellScriptBin "dingdingding" (builtins.readFile ./signal.sh)
@ -158,7 +158,7 @@
EMAIL = "malte.brandy@maralorn.de";
SUDO_ASKPASS = toString (
pkgs.writeShellScript "print-sudo-pw"
"pass show eu/m-0/${config.m-0.hostName}.m-0.eu/${config.home.username}"
"pass show eu/m-0/${config.m-0.hostName}.m-0.eu/${config.home.username}"
);
};
};
@ -183,17 +183,17 @@
mimeApps = {
enable = true;
defaultApplications = {
"application/pdf" = [ "org.gnome.Evince.desktop" ];
"x-scheme-handler/http" = [ "firefox.desktop" ];
"x-scheme-handler/https" = [ "firefox.desktop" ];
"x-scheme-handler/chrome" = [ "firefox.desktop" ];
"text/html" = [ "firefox.desktop" ];
"application/x-extension-htm" = [ "firefox.desktop" ];
"application/x-extension-html" = [ "firefox.desktop" ];
"application/x-extension-shtml" = [ "firefox.desktop" ];
"application/xhtml+xml" = [ "firefox.desktop" ];
"application/x-extension-xhtml" = [ "firefox.desktop" ];
"application/x-extension-xht" = [ "firefox.desktop" ];
"application/pdf" = ["org.gnome.Evince.desktop"];
"x-scheme-handler/http" = ["firefox.desktop"];
"x-scheme-handler/https" = ["firefox.desktop"];
"x-scheme-handler/chrome" = ["firefox.desktop"];
"text/html" = ["firefox.desktop"];
"application/x-extension-htm" = ["firefox.desktop"];
"application/x-extension-html" = ["firefox.desktop"];
"application/x-extension-shtml" = ["firefox.desktop"];
"application/xhtml+xml" = ["firefox.desktop"];
"application/x-extension-xhtml" = ["firefox.desktop"];
"application/x-extension-xht" = ["firefox.desktop"];
};
};
userDirs = {

31
nixos/machines/apollo/configuration.nix
View file

@ -1,16 +1,15 @@
{ lib
, config
, pkgs
, ...
}:
let
{
lib,
config,
pkgs,
...
}: let
wireguard = import ../../../common/wireguard.nix;
inherit (config.m-0) hosts prefix;
inherit ((import ../../../nix/sources.nix)) nixos-hardware;
inherit (import ../../../common/common.nix { inherit pkgs; }) syncthing;
vpn = (import ../../../private.nix).privateValue (_: _: { }) "vpn";
in
{
inherit (import ../../../common/common.nix {inherit pkgs;}) syncthing;
vpn = (import ../../../private.nix).privateValue (_: _: {}) "vpn";
in {
imports = [
"${nixos-hardware}/lenovo/thinkpad/t480s"
./hardware-configuration.nix
@ -21,7 +20,7 @@ in
../../roles/standalone
(vpn "apollo")
];
systemd.services.lenovo_fix.path = [ pkgs.kmod ];
systemd.services.lenovo_fix.path = [pkgs.kmod];
networking = {
hostName = "apollo";
@ -38,12 +37,12 @@ in
wireguard.interfaces = {
m0wire = {
allowedIPsAsRoutes = false;
ips = [ "${hosts.apollo-wg}/112" "${hosts.vpn.apollo}/64" ];
ips = ["${hosts.apollo-wg}/112" "${hosts.vpn.apollo}/64"];
privateKeyFile = pkgs.privatePath "wireguard/apollo-private";
peers = [
{
publicKey = wireguard.pub.hera;
allowedIPs = [ "::/0" ];
allowedIPs = ["::/0"];
# endpoint =
# "[${hosts.hera-wg-host}]:${builtins.toString wireguard.port}";
endpoint = "[${hosts.hera-v4}]:${builtins.toString wireguard.port}";
@ -51,7 +50,7 @@ in
persistentKeepalive = 25;
}
];
postSetup = [ "${pkgs.iproute}/bin/ip route add ${prefix}::/96 dev m0wire" ];
postSetup = ["${pkgs.iproute}/bin/ip route add ${prefix}::/96 dev m0wire"];
};
};
};
@ -79,7 +78,7 @@ in
upower.enable = true;
printing = {
enable = true;
drivers = [ pkgs.gutenprint pkgs.hplip ];
drivers = [pkgs.gutenprint pkgs.hplip];
};
udev.extraRules = ''
ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
@ -115,7 +114,7 @@ in
cert = pkgs.privatePath "syncthing/apollo/cert.pem";
key = pkgs.privatePath "syncthing/apollo/key.pem";
}
// syncthing.declarativeWith [ "hera" "zeus" ] "/home/maralorn/media";
// syncthing.declarativeWith ["hera" "zeus"] "/home/maralorn/media";
xserver = {
enable = true;
displayManager = {

86
nixos/roles/default.nix
View file

@ -1,16 +1,17 @@
{ pkgs
, config
, lib
, ...
{
pkgs,
config,
lib,
...
}: {
imports = [ ../../common ./admin.nix ../../cachix.nix ];
imports = [../../common ./admin.nix ../../cachix.nix];
i18n.defaultLocale = "en_US.UTF-8";
# For nixos-rebuild
nixpkgs.overlays =
[ (_: _: (import ../../channels.nix)."${config.networking.hostName}") ]
++ import ../../overlays { inherit lib; };
[(_: _: (import ../../channels.nix)."${config.networking.hostName}")]
++ import ../../overlays {inherit lib;};
time.timeZone = "Europe/Berlin";
@ -18,14 +19,14 @@
firewall.allowPing = true;
useDHCP = false;
hosts = lib.zipAttrs
(
lib.mapAttrsToList
(host: ip:
if builtins.typeOf ip == "set"
then { }
else { "${ip}" = "${host} ${host}.m-0.eu"; })
config.m-0.hosts
);
(
lib.mapAttrsToList
(host: ip:
if builtins.typeOf ip == "set"
then {}
else {"${ip}" = "${host} ${host}.m-0.eu";})
config.m-0.hosts
);
};
security.acme = {
@ -41,8 +42,8 @@
environment = {
etc =
lib.mapAttrs'
(name: value: lib.nameValuePair "nix-path/${name}" { source = value; })
(lib.filterAttrs (name: value: name != "__functor") pkgs.sources)
(name: value: lib.nameValuePair "nix-path/${name}" {source = value;})
(lib.filterAttrs (name: value: name != "__functor") pkgs.sources)
// {
"nix-path/nixos".source = pkgs.sources."${pkgs.nixpkgs-channel}";
"nix-path/nixpkgs".source = pkgs.sources."${pkgs.nixpkgs-channel}";
@ -50,16 +51,16 @@
pkgs.sources."${pkgs.home-manager-channel}";
};
variables =
lib.genAttrs [ "CURL_CA_BUNDLE" "GIT_SSL_CAINFO" "SSL_CERT_FILE" ]
(_: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt");
lib.genAttrs ["CURL_CA_BUNDLE" "GIT_SSL_CAINFO" "SSL_CERT_FILE"]
(_: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt");
};
system.activationScripts =
lib.mkIf (!pkgs.withSecrets) { text = "echo No secrets loaded!; exit 1;"; };
lib.mkIf (!pkgs.withSecrets) {text = "echo No secrets loaded!; exit 1;";};
nix = {
binaryCaches = lib.mkAfter (
pkgs.privateValue [ ] "binary-caches"
pkgs.privateValue [] "binary-caches"
# ++ (
# if config.networking.hostName != "hera" then [ "ssh-ng://nix-ssh@hera.m-0.eu?trusted=true&priority=100" ] else [ ]
# )
@ -69,9 +70,9 @@
"hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
"nixbuild.net/maralorn-1:cpqv21sJgRL+ROaKY1Gr0k7AKolAKaP3S3iemGxK/30="
];
nixPath = [ "/etc/nix-path" ];
trustedUsers = [ "maralorn" "laminar" ];
buildMachines = pkgs.privateValue [ ] "remote-builders";
nixPath = ["/etc/nix-path"];
trustedUsers = ["maralorn" "laminar"];
buildMachines = pkgs.privateValue [] "remote-builders";
extraOptions = ''
experimental-features = nix-command flakes
fallback = true
@ -79,29 +80,28 @@
builders-use-substitutes = true
'';
optimise = {
dates = [ ];
dates = [];
automatic = true;
};
};
systemd.services =
let
hosts = builtins.attrNames config.services.nginx.virtualHosts;
makeConfig = host: {
name = "acme-${host}";
value = {
serviceConfig = {
Restart = "on-failure";
RestartSec = 600;
};
unitConfig = {
StartLimitIntervalSec = 2400;
StartLimitBurst = 3;
};
systemd.services = let
hosts = builtins.attrNames config.services.nginx.virtualHosts;
makeConfig = host: {
name = "acme-${host}";
value = {
serviceConfig = {
Restart = "on-failure";
RestartSec = 600;
};
unitConfig = {
StartLimitIntervalSec = 2400;
StartLimitBurst = 3;
};
};
in
{ nix-optimise.serviceConfig.Type = "oneshot"; } // builtins.listToAttrs (map makeConfig hosts);
};
in
{nix-optimise.serviceConfig.Type = "oneshot";} // builtins.listToAttrs (map makeConfig hosts);
services = {
logind.killUserProcesses = false;
@ -109,8 +109,8 @@
prometheus.exporters = {
node = {
enable = true;
enabledCollectors = [ "systemd" "logind" ];
disabledCollectors = [ "timex" ];
enabledCollectors = ["systemd" "logind"];
disabledCollectors = ["timex"];
};
nginx = {
inherit (config.services.nginx) enable;