updated README

Code Linting and hooks to do so automatically
2023-11-07 09:19:13 +01:00 · 2023-11-07 09:12:43 +01:00
15 changed files with 296 additions and 188 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,4 +2,4 @@
 # Ignore build outputs from performing a nix-build or `nix build` command
 result
 result-*
-
+.pre-commit-config.yaml
--- a/README.md
+++ b/README.md
@ -170,6 +170,10 @@ In your hardware
 configuration you should basically only write you filesystem layout and your hostPlatform. The bootloading stuff
 is already taken care of by `../../roles`.
 The `flake-inputs` argument is optional, but you can use it if you need to get a hold of the flake inputs,
 else this is a complete normal nixos system configuration module (with a lot of settings already imorted
 from `../../roles`).
 As of moment of writing `network.nix` should contain ip, nameserver and default gateway setup. As parts of
 this is constant across all systems and will undergo refactor soon.
--- a/flake-module.nix
+++ b/flake-module.nix
@ -1,24 +1,44 @@
-{inputs, ...}:
+{inputs, ...}: {
 {
  # debug = true;
  # We only define machines config in this flake yet, so we only include
  # the module that builds these. This file might get fuller, if we need to
  # build our own packages, that are not flakes.
-  imports = [ ./nixos/flake-module.nix
+  imports = [
    ./nixos/flake-module.nix
    inputs.pre-commit-hooks.flakeModule
    # To import a flake module
    # 1. Add foo to inputs
    # 2. Add foo as a parameter to the outputs function
    # 3. Add here: foo.flakeModule
  ];
  systems = ["x86_64-linux"];
-#  perSystem = { config, self', inputs', pkgs, system, ... }: {
+  perSystem = {
    config,
    inputs',
    pkgs,
    ...
  }: {
    devShells.default = pkgs.mkShell {
      shellHook = config.pre-commit.installationScript;
    };
    pre-commit = {
      check.enable = true;
      pkgs = inputs'.nixpkgs.legacyPackages;
      settings.hooks = {
        nil.enable = true;
        statix.enable = true;
        deadnix.enable = true;
        alejandra.enable = true;
      };
    };
    # Per-system attributes can be defined here. The self' and inputs'
    # module parameters provide easy access to attributes of the same
    # system.
  };
  # Equivalent to  inputs'.nixpkgs.legacyPackages.hello;
 #  };
  #      flake = {
  # The usual flake attributes can be defined here, including system-
  # agnostic ones like nixosModule and system-enumerating ones, although
--- a/flake.lock
+++ b/flake.lock
@ -33,6 +33,24 @@
        "type": "indirect"
      }
    },
    "flake-utils": {
      "inputs": {
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1685518550,
        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
        "owner": "numtide",
        "repo": "flake-utils",
        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "flake-utils",
        "type": "github"
      }
    },
    "impermanence": {
      "locked": {
        "lastModified": 1694622745,
@ -135,12 +153,35 @@
        "type": "github"
      }
    },
    "pre-commit-hooks": {
      "inputs": {
        "flake-compat": [],
        "flake-utils": "flake-utils",
        "gitignore": [],
        "nixpkgs": [],
        "nixpkgs-stable": []
      },
      "locked": {
        "lastModified": 1699271226,
        "narHash": "sha256-8Jt1KW3xTjolD6c6OjJm9USx/jmL+VVmbooADCkdDfU=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "rev": "ea758da1a6dcde6dc36db348ed690d09b9864128",
        "type": "github"
      },
      "original": {
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
        "type": "github"
      }
    },
    "root": {
      "inputs": {
        "flake-parts": "flake-parts",
        "impermanence": "impermanence",
        "nixos-mailserver": "nixos-mailserver",
        "nixpkgs": "nixpkgs",
        "pre-commit-hooks": "pre-commit-hooks",
        "sops-nix": "sops-nix"
      }
    },
@ -165,6 +206,21 @@
        "type": "github"
      }
    },
    "systems": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "utils": {
      "locked": {
        "lastModified": 1605370193,
--- a/flake.nix
+++ b/flake.nix
@ -17,6 +17,15 @@
    impermanence = {
      url = "github:nix-community/impermanence";
    };
    pre-commit-hooks = {
      url = "github:cachix/pre-commit-hooks.nix";
      inputs = {
        flake-compat.follows = "";
        gitignore.follows = "";
        nixpkgs-stable.follows = "";
        nixpkgs.follows = "";
      };
    };
  };
  outputs = inputs @ {flake-parts, ...}:
--- a/nixos/flake-module.nix
+++ b/nixos/flake-module.nix
@ -1,20 +1,30 @@
 # copied and adopted from maralorns config
 # This automatically searches for nixos configs in ./machines/${name}/configuration.nix
 # and exposes them as outputs.nixosConfigurations.${name}
-{ withSystem, lib, inputs, ... }: {
+{
  withSystem,
  lib,
  inputs,
  ...
 }: {
  flake = {
-    nixosConfigurations = withSystem "x86_64-linux" ({ pkgs, ... }:
+    nixosConfigurations = withSystem "x86_64-linux" ({pkgs, ...}: let
    let
      machines = builtins.attrNames (builtins.readDir ./machines);
-      makeSystem = name:
+      makeSystem = name: let
        importedModule = import (./. + "/machines/${name}/configuration.nix");
        configModule =
          if lib.isFunction importedModule
          then importedModule inputs
          else importedModule;
      in
        pkgs.nixos {
          imports = [
-            (import (./. + "/machines/${name}/configuration.nix") inputs)
+            configModule
            inputs.sops-nix.nixosModules.sops
            inputs.impermanence.nixosModules.impermanence
          ];
        };
-    in lib.genAttrs machines makeSystem);
+    in
      lib.genAttrs machines makeSystem);
  };
 }
--- a/nixos/machines/ghatanothoa/configuration.nix
+++ b/nixos/machines/ghatanothoa/configuration.nix
@ -1,6 +1,4 @@
-flake-inputs:
+{
 {config, pkgs, lib, ... }: {
  imports = [
    ./hardware-configuration.nix
    ../../modules/jitsi.nix
--- a/nixos/machines/ghatanothoa/hardware-configuration.nix
+++ b/nixos/machines/ghatanothoa/hardware-configuration.nix
@ -1,4 +1,4 @@
-{config, lib, pkgs, modulesPath, ...}: {
+{lib, ...}: {
  imports = [];
  fileSystems."/" = {
@ -22,8 +22,7 @@
    options = ["subvol=nix"];
  };
-  swapDevices =
+  swapDevices = [{device = "/dev/disk/by-uuid/e6e3ba6b-c9f5-4960-b56d-f49760d76a4a";}];
    [{ device = "/dev/disk/by-uuid/e6e3ba6b-c9f5-4960-b56d-f49760d76a4a"; }];
  nix.settings.max-jobs = lib.mkDefault 4;
--- a/nixos/machines/ghatanothoa/network.nix
+++ b/nixos/machines/ghatanothoa/network.nix
@ -4,12 +4,13 @@
 {
  imports = [];
  networking = {
-    interfaces.enX0.ipv4.addresses = [ {
+    interfaces.enX0.ipv4.addresses = [
      {
        address = "192.168.0.25";
        prefixLength = 16;
-    } ];
+      }
    ];
    defaultGateway = "192.168.0.152";
    nameservers = ["130.83.2.22" "130.83.56.60" "130.83.22.60" "130.82.22.63"];
  };
 }
--- a/nixos/modules/impermanence.nix
+++ b/nixos/modules/impermanence.nix
@ -1,16 +1,17 @@
-{lib, config, ...} :
+{
-
+  lib,
-let 
+  config,
-  inherit (lib)
+  ...
 }: let
  inherit
    (lib)
    mkEnableOption
    mkIf
    mkOption
    types
    ;
  cfg = config.impermanence;
-in
+in {
 {
  imports = [];
  options.impermanence = {
@ -43,5 +44,4 @@ config = mkIf cfg.enable {
    };
    environment.etc.machine-id.source = "${cfg.storagePath}/machine-id";
  };
 }
--- a/nixos/modules/jitsi.nix
+++ b/nixos/modules/jitsi.nix
@ -1,14 +1,19 @@
-{pkgs, config, lib, modulesPath, ...}:
+{
-let 
+  config,
-  inherit (lib)
+  lib,
  modulesPath,
  ...
 }: let
  inherit
    (lib)
    mkIf
    mkEnableOption
    mkOption
-    head;
+    head
    ;
  inherit (lib.types) str;
  cfg = config.services.mathebau-jitsi;
-in
+in {
 {
  imports = [(modulesPath + "/services/web-apps/jitsi-meet.nix")];
  options.services.mathebau-jitsi = {
@ -25,16 +30,16 @@ in
  config = mkIf cfg.enable {
    services.jitsi-meet = {
      enable = true;
      hostName = cfg.hostName;
      config = {
        defaultLang = "de";
      };
      inherit (cfg) hostName;
    };
    services.jitsi-videobridge = {
      openFirewall = true;
      nat = {
        publicAddress = "130.83.2.184";
-        localAddress = cfg.localAddress;
+        inherit (cfg) localAddress;
      };
    };
    environment.persistence.${config.impermanence.name} = {
--- a/nixos/roles/admins.nix
+++ b/nixos/roles/admins.nix
@ -1,26 +1,24 @@
 {lib, ...}:
-with lib;
+with lib; let
 let
  admins = {
    nerf = {
-      hashedPassword =
+      hashedPassword = "$y$j9T$SJcjUIcs3JYuM5oyxfEQa/$tUBQT07FK4cb9xm.A6ZKVnFIPNOYMOKC6Dt6hadCuJ7";
        "$y$j9T$SJcjUIcs3JYuM5oyxfEQa/$tUBQT07FK4cb9xm.A6ZKVnFIPNOYMOKC6Dt6hadCuJ7";
      keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEdA4LpEGUUmN8esFyrNZXFb2GiBID9/S6zzhcnofQuP nerf@nerflap2"
      ];
    };
    gonne = {
-      hashedPassword =
+      hashedPassword = "$6$EtGpHEcFkOi0yUWp$slXf0CvIUrhdqaoCrQ5YwtYu2IVuE1RGGst4fnDPRLWVm.lYx0ruvSAF2/vw/sLbW37ORJjlb0NHQ.kSG7cVY/";
        "$6$EtGpHEcFkOi0yUWp$slXf0CvIUrhdqaoCrQ5YwtYu2IVuE1RGGst4fnDPRLWVm.lYx0ruvSAF2/vw/sLbW37ORJjlb0NHQ.kSG7cVY/";
      keys = [
        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFopCUadohY3wg9AoEup9TDRDMyEPSLsQoCnN4lsKCrr gonne@mathebau.de NixOS"
      ];
    };
  };
-  mkAdmin = name :
+  mkAdmin = name: {
-  {hashedPassword, keys}: {
+    hashedPassword,
    keys,
  }: {
    "${name}" = {
      isNormalUser = true;
      createHome = true;
@ -31,7 +29,6 @@ let
      inherit hashedPassword;
    };
  };
 in {
  users.users = mkMerge (mapAttrsToList mkAdmin admins);
 }
--- a/nixos/roles/default.nix
+++ b/nixos/roles/default.nix
@ -1,5 +1,9 @@
-{pkgs, config, lib, modulesPath, ...} : {
+{
-
+  pkgs,
  lib,
  modulesPath,
  ...
 }: {
  imports = [
    ./admins.nix
    ./nix_keys.nix
@ -15,7 +19,8 @@ nix = {
  };
  networking = {
-  firewall = { # these shoud be default, but better make sure!
+    firewall = {
      # these shoud be default, but better make sure!
      enable = true;
      allowPing = true;
    };
@ -35,8 +40,13 @@ sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
  environment = {
    systemPackages = builtins.attrValues {
-    inherit (pkgs)
+      inherit
-      htop lsof tmux btop;
+        (pkgs)
        htop
        lsof
        tmux
        btop
        ;
    };
  };
--- a/nixos/roles/prometheusNodeExporter.nix
+++ b/nixos/roles/prometheusNodeExporter.nix
@ -1,5 +1,4 @@
-{config, ...}:
+{config, ...}: {
 {
  imports = [];
  services.prometheus.exporters.node = {
    enable = true;
Author	SHA1	Message	Date
Dennis Frieberg	145d2aee96	updated README	2023-11-07 09:19:13 +01:00
Dennis Frieberg	bba8135ce2	Code Linting and hooks to do so automatically	2023-11-07 09:12:43 +01:00