Reconfigure default-builders

home-manager/roles/default.nix

@@ -1,8 +1,7 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
+{ pkgs
+, config
+, lib
+, ...
 }: {
   imports = [
     ./zsh
@@ -13,7 +12,7 @@
     ./neovim
     ./nvd.nix
   ];
-  nixpkgs.overlays = import ../../overlays {inherit lib;};
+  nixpkgs.overlays = import ../../overlays { inherit lib; };
 
   news.display = "silent";
 
@@ -64,7 +63,7 @@
       '';
     };
     password-store = {
-      package = pkgs.pass-wayland.withExtensions (exts: [exts.pass-update pkgs.pass-clip exts.pass-otp]);
+      package = pkgs.pass-wayland.withExtensions (exts: [ exts.pass-update pkgs.pass-clip exts.pass-otp ]);
       enable = true;
       settings.PASSWORD_STORE_DIR = "${config.home.homeDirectory}/git/password-store";
     };
@@ -124,48 +123,9 @@
       controlMaster = "auto";
       controlPersist = "120";
       enable = true;
-      matchBlocks = let
-        agHost = "fb04217.mathematik.tu-darmstadt.de";
-      in {
-        athene.hostname = "192.168.178.22";
-        git-auto = {
-          hostname = "hera.m-0.eu";
-          user = "git";
-          identityFile = "~/.ssh/id_auto_ed25519";
-        };
-        git = {
-          hostname = "hera.m-0.eu";
-          user = "git";
-        };
-        hera = {
-          hostname = "hera.m-0.eu";
-          user = "maralorn";
-        };
-        ag-forward = {
-          hostname = agHost;
-          proxyJump = "gw";
-          user = "brandy";
-        };
-        ag = {
-          hostname = agHost;
-          user = "brandy";
-        };
-        gw = {
-          hostname = "gwres4.mathematik.tu-darmstadt.de";
-          user = "brandy";
-        };
-        shells = {
-          hostname = "shells.darmstadt.ccc.de";
-          user = "maralorn";
-        };
-        whisky = {
-          hostname = "whisky.w17.io";
-          user = "chaos";
-        };
-        kitchen = {
-          hostname = "kitchen.w17.io";
-          user = "chaos";
-        };
+      matchBlocks = {
+        git-auto.
+        identityFile = "~/.ssh/id_auto_ed25519";
         "door.w17.io".identityFile = "~/.ssh/door_rsa";
       };
     };
@@ -182,11 +142,11 @@
         )
         (
           pkgs.writeShellScriptBin "print-radicle-pw"
-          "pass show etc/radicle/${config.m-0.hostName}"
+            "pass show etc/radicle/${config.m-0.hostName}"
         )
         (
           pkgs.writeShellScriptBin "print-ssh-pw"
-          "pass show eu/m-0/${config.m-0.hostName}.m-0.eu/ssh-key"
+            "pass show eu/m-0/${config.m-0.hostName}.m-0.eu/ssh-key"
         )
         (
           pkgs.writeShellScriptBin "dingdingding" (builtins.readFile ./signal.sh)
@@ -198,7 +158,7 @@
       EMAIL = "malte.brandy@maralorn.de";
       SUDO_ASKPASS = toString (
         pkgs.writeShellScript "print-sudo-pw"
-        "pass show eu/m-0/${config.m-0.hostName}.m-0.eu/${config.home.username}"
+          "pass show eu/m-0/${config.m-0.hostName}.m-0.eu/${config.home.username}"
       );
     };
   };
@@ -223,17 +183,17 @@
     mimeApps = {
       enable = true;
       defaultApplications = {
-        "application/pdf" = ["org.gnome.Evince.desktop"];
-        "x-scheme-handler/http" = ["firefox.desktop"];
-        "x-scheme-handler/https" = ["firefox.desktop"];
-        "x-scheme-handler/chrome" = ["firefox.desktop"];
-        "text/html" = ["firefox.desktop"];
-        "application/x-extension-htm" = ["firefox.desktop"];
-        "application/x-extension-html" = ["firefox.desktop"];
-        "application/x-extension-shtml" = ["firefox.desktop"];
-        "application/xhtml+xml" = ["firefox.desktop"];
-        "application/x-extension-xhtml" = ["firefox.desktop"];
-        "application/x-extension-xht" = ["firefox.desktop"];
+        "application/pdf" = [ "org.gnome.Evince.desktop" ];
+        "x-scheme-handler/http" = [ "firefox.desktop" ];
+        "x-scheme-handler/https" = [ "firefox.desktop" ];
+        "x-scheme-handler/chrome" = [ "firefox.desktop" ];
+        "text/html" = [ "firefox.desktop" ];
+        "application/x-extension-htm" = [ "firefox.desktop" ];
+        "application/x-extension-html" = [ "firefox.desktop" ];
+        "application/x-extension-shtml" = [ "firefox.desktop" ];
+        "application/xhtml+xml" = [ "firefox.desktop" ];
+        "application/x-extension-xhtml" = [ "firefox.desktop" ];
+        "application/x-extension-xht" = [ "firefox.desktop" ];
       };
     };
     userDirs = {

nixos/machines/apollo/configuration.nix

@@ -1,15 +1,16 @@
-{
-  lib,
-  config,
-  pkgs,
-  ...
-}: let
+{ lib
+, config
+, pkgs
+, ...
+}:
+let
   wireguard = import ../../../common/wireguard.nix;
   inherit (config.m-0) hosts prefix;
   inherit ((import ../../../nix/sources.nix)) nixos-hardware;
-  inherit (import ../../../common/common.nix {inherit pkgs;}) syncthing;
-  vpn = (import ../../../private.nix).privateValue (_: _: {}) "vpn";
-in {
+  inherit (import ../../../common/common.nix { inherit pkgs; }) syncthing;
+  vpn = (import ../../../private.nix).privateValue (_: _: { }) "vpn";
+in
+{
   imports = [
     "${nixos-hardware}/lenovo/thinkpad/t480s"
     ./hardware-configuration.nix
@@ -20,7 +21,7 @@ in {
     ../../roles/standalone
     (vpn "apollo")
   ];
-  systemd.services.lenovo_fix.path = [pkgs.kmod];
+  systemd.services.lenovo_fix.path = [ pkgs.kmod ];
 
   networking = {
     hostName = "apollo";
@@ -37,12 +38,12 @@ in {
     wireguard.interfaces = {
       m0wire = {
         allowedIPsAsRoutes = false;
-        ips = ["${hosts.apollo-wg}/112" "${hosts.vpn.apollo}/64"];
+        ips = [ "${hosts.apollo-wg}/112" "${hosts.vpn.apollo}/64" ];
         privateKeyFile = pkgs.privatePath "wireguard/apollo-private";
         peers = [
           {
             publicKey = wireguard.pub.hera;
-            allowedIPs = ["::/0"];
+            allowedIPs = [ "::/0" ];
             # endpoint =
             #  "[${hosts.hera-wg-host}]:${builtins.toString wireguard.port}";
             endpoint = "[${hosts.hera-v4}]:${builtins.toString wireguard.port}";
@@ -50,7 +51,7 @@ in {
             persistentKeepalive = 25;
           }
         ];
-        postSetup = ["${pkgs.iproute}/bin/ip route add ${prefix}::/96 dev m0wire"];
+        postSetup = [ "${pkgs.iproute}/bin/ip route add ${prefix}::/96 dev m0wire" ];
       };
     };
   };
@@ -58,13 +59,6 @@ in {
   programs = {
     adb.enable = true;
     sway.enable = true;
-    ssh = {
-      extraConfig = ''
-        Host fb04*.mathematik.tu-darmstadt.de
-          ProxyJump brandy@gwres1.mathematik.tu-darmstadt.de
-      '';
-      startAgent = true;
-    };
     seahorse.enable = lib.mkForce false;
     dconf.enable = true;
   };
@@ -85,7 +79,7 @@ in {
     upower.enable = true;
     printing = {
       enable = true;
-      drivers = [pkgs.gutenprint pkgs.hplip];
+      drivers = [ pkgs.gutenprint pkgs.hplip ];
     };
     udev.extraRules = ''
       ACTION=="add", SUBSYSTEM=="backlight", KERNEL=="intel_backlight", RUN+="${pkgs.coreutils}/bin/chgrp video /sys/class/backlight/%k/brightness"
@@ -121,7 +115,7 @@ in {
         cert = pkgs.privatePath "syncthing/apollo/cert.pem";
         key = pkgs.privatePath "syncthing/apollo/key.pem";
       }
-      // syncthing.declarativeWith ["hera" "zeus"] "/home/maralorn/media";
+      // syncthing.declarativeWith [ "hera" "zeus" ] "/home/maralorn/media";
     xserver = {
       enable = true;
       displayManager = {

nixos/roles/default.nix

@@ -1,17 +1,16 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
+{ pkgs
+, config
+, lib
+, ...
 }: {
-  imports = [../../common ./admin.nix ../../cachix.nix];
+  imports = [ ../../common ./admin.nix ../../cachix.nix ];
 
   i18n.defaultLocale = "en_US.UTF-8";
 
   # For nixos-rebuild
   nixpkgs.overlays =
-    [(_: _: (import ../../channels.nix)."${config.networking.hostName}")]
-    ++ import ../../overlays {inherit lib;};
+    [ (_: _: (import ../../channels.nix)."${config.networking.hostName}") ]
+    ++ import ../../overlays { inherit lib; };
 
   time.timeZone = "Europe/Berlin";
 
@@ -19,13 +18,14 @@
     firewall.allowPing = true;
     useDHCP = false;
     hosts = lib.zipAttrs
-    (
-      lib.mapAttrsToList (host: ip:
-        if builtins.typeOf ip == "set"
-        then {}
-        else {"${ip}" = "${host} ${host}.m-0.eu";})
-      config.m-0.hosts
-    );
+      (
+        lib.mapAttrsToList
+          (host: ip:
+            if builtins.typeOf ip == "set"
+            then { }
+            else { "${ip}" = "${host} ${host}.m-0.eu"; })
+          config.m-0.hosts
+      );
   };
 
   security.acme = {
@@ -41,8 +41,8 @@
   environment = {
     etc =
       lib.mapAttrs'
-      (name: value: lib.nameValuePair "nix-path/${name}" {source = value;})
-      (lib.filterAttrs (name: value: name != "__functor") pkgs.sources)
+        (name: value: lib.nameValuePair "nix-path/${name}" { source = value; })
+        (lib.filterAttrs (name: value: name != "__functor") pkgs.sources)
       // {
         "nix-path/nixos".source = pkgs.sources."${pkgs.nixpkgs-channel}";
         "nix-path/nixpkgs".source = pkgs.sources."${pkgs.nixpkgs-channel}";
@@ -50,16 +50,16 @@
           pkgs.sources."${pkgs.home-manager-channel}";
       };
     variables =
-      lib.genAttrs ["CURL_CA_BUNDLE" "GIT_SSL_CAINFO" "SSL_CERT_FILE"]
-      (_: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt");
+      lib.genAttrs [ "CURL_CA_BUNDLE" "GIT_SSL_CAINFO" "SSL_CERT_FILE" ]
+        (_: "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt");
   };
 
   system.activationScripts =
-    lib.mkIf (!pkgs.withSecrets) {text = "echo No secrets loaded!; exit 1;";};
+    lib.mkIf (!pkgs.withSecrets) { text = "echo No secrets loaded!; exit 1;"; };
 
   nix = {
     binaryCaches = lib.mkAfter (
-      pkgs.privateValue [] "binary-caches"
+      pkgs.privateValue [ ] "binary-caches"
       # ++ (
       #   if config.networking.hostName != "hera" then [ "ssh-ng://nix-ssh@hera.m-0.eu?trusted=true&priority=100" ] else [ ]
       # )
@@ -69,9 +69,9 @@
       "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ="
       "nixbuild.net/maralorn-1:cpqv21sJgRL+ROaKY1Gr0k7AKolAKaP3S3iemGxK/30="
     ];
-    nixPath = ["/etc/nix-path"];
-    trustedUsers = ["maralorn" "laminar"];
-    buildMachines = pkgs.privateValue [] "remote-builders";
+    nixPath = [ "/etc/nix-path" ];
+    trustedUsers = [ "maralorn" "laminar" ];
+    buildMachines = pkgs.privateValue [ ] "remote-builders";
     extraOptions = ''
       experimental-features = nix-command flakes
       fallback = true
@@ -79,28 +79,29 @@
       builders-use-substitutes = true
     '';
     optimise = {
-      dates = [];
+      dates = [ ];
       automatic = true;
     };
   };
 
-  systemd.services = let
-    hosts = builtins.attrNames config.services.nginx.virtualHosts;
-    makeConfig = host: {
-      name = "acme-${host}";
-      value = {
-        serviceConfig = {
-          Restart = "on-failure";
-          RestartSec = 600;
-        };
-        unitConfig = {
-          StartLimitIntervalSec = 2400;
-          StartLimitBurst = 3;
+  systemd.services =
+    let
+      hosts = builtins.attrNames config.services.nginx.virtualHosts;
+      makeConfig = host: {
+        name = "acme-${host}";
+        value = {
+          serviceConfig = {
+            Restart = "on-failure";
+            RestartSec = 600;
+          };
+          unitConfig = {
+            StartLimitIntervalSec = 2400;
+            StartLimitBurst = 3;
+          };
         };
       };
-    };
-  in
-    {nix-optimise.serviceConfig.Type = "oneshot";} // builtins.listToAttrs (map makeConfig hosts);
+    in
+    { nix-optimise.serviceConfig.Type = "oneshot"; } // builtins.listToAttrs (map makeConfig hosts);
 
   services = {
     logind.killUserProcesses = false;
@@ -108,8 +109,8 @@
     prometheus.exporters = {
       node = {
         enable = true;
-        enabledCollectors = ["systemd" "logind"];
-        disabledCollectors = ["timex"];
+        enabledCollectors = [ "systemd" "logind" ];
+        disabledCollectors = [ "timex" ];
       };
       nginx = {
         inherit (config.services.nginx) enable;
@@ -130,6 +131,10 @@
         url = "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz";
       }
     }/programs.sqlite";
+    ssh = {
+      extraConfig = pkgs.privateValue "" "ssh-config";
+      startAgent = true;
+    };
     zsh = {
       enable = true;
       autosuggestions.enable = true;

private

@@ -1 +1 @@
-Subproject commit 265d659498a76b5ad7f285c6bd9632c0b896df2c
+Subproject commit 2d999fbc8d86d6f671c3ef110affd12cf2278ae0