Compare commits

..

2 commits

Author SHA1 Message Date
2634f89d6f
updated README 2023-11-07 09:20:59 +01:00
6bcaca4bed
Code Linting and hooks to do so automatically 2023-11-07 09:20:59 +01:00
5 changed files with 90 additions and 72 deletions

View file

@ -146,7 +146,8 @@ machine. The only technically required file in there is `configuration.nix`. So
A good skeleton is probably: A good skeleton is probably:
``` ```
{config, pkgs, lib, flake-inputs, ... }: { flake-inputs:
{config, pkgs, lib, ... }: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
@ -281,29 +282,3 @@ something like this:
{lib, pkgs, config, ...} : {lib, pkgs, config, ...} :
<module code > <module code >
``` ```
# Contributing
Like with all FS projects, you are welcome to contribute. Work is done usually by the person that is most annoyed
by the circumstances or by the person that didn't run fast enough. So we are happy if we get help. That doesn't
mean that we don't need to have some level of quality, people after us needs to work with it. It is live infrastructure
and downtime hurts someone (and in the wrong moment even really bad (Matheball ticket sales for example).
So here are some Guidelines.
## Coding style and linting.
If you run `nix check` there are automated checks in place, please make sure to pass them.
There is also a code autoformatter (`alejandra`) incorporated into those. You can also install
them into your local git repository as pre-commit hooks, and setting up a shell that has
even more tooling by running `nix develop`. That will give you a bash in which you can run
all the checks manually `pre-commit run -a`. This will also run the autoformatter.
## Process for submitting changes
1. If it is something bigger, please open an issue first describing what and why you want to do something.
If it is just something small, skip this step.
2. Fork the repo and implement your changes in a branch on your fork. Afterwards open a pull request (possibly mentioning the issue).
Against the main branch.
- Your branch should be based on an up to date version of main, if it is not consider rebasing.
3. You will need to find someone with the proper rights to approve of your changes, but most of the time there will be request
for changes first.

View file

@ -18,30 +18,18 @@
pkgs, pkgs,
... ...
}: { }: {
devShells.default = config.pre-commit.devShell; devShells.default = pkgs.mkShell {
shellHook = config.pre-commit.installationScript;
};
pre-commit = let pre-commit = {
generatedFiles = [
"hardware-configuration\\.nix"
];
in {
check.enable = true; check.enable = true;
pkgs = inputs'.nixpkgs.legacyPackages; pkgs = inputs'.nixpkgs.legacyPackages;
settings = { settings.hooks = {
# for some reason statix takes it config differently than all the other hooks. nil.enable = true;
settings.statix = { statix.enable = true;
format = "stderr"; deadnix.enable = true;
ignore = generatedFiles; alejandra.enable = true;
};
hooks = {
nil.enable = true;
statix.enable = true;
deadnix = {
enable = true;
excludes = generatedFiles;
};
alejandra.enable = true;
};
}; };
}; };

View file

@ -33,6 +33,24 @@
"type": "indirect" "type": "indirect"
} }
}, },
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1685518550,
"narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1697303681, "lastModified": 1697303681,
@ -151,12 +169,35 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks": {
"inputs": {
"flake-compat": [],
"flake-utils": "flake-utils",
"gitignore": [],
"nixpkgs": [],
"nixpkgs-stable": []
},
"locked": {
"lastModified": 1699271226,
"narHash": "sha256-8Jt1KW3xTjolD6c6OjJm9USx/jmL+VVmbooADCkdDfU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "ea758da1a6dcde6dc36db348ed690d09b9864128",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"impermanence": "impermanence", "impermanence": "impermanence",
"nixos-mailserver": "nixos-mailserver", "nixos-mailserver": "nixos-mailserver",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"pre-commit-hooks": "pre-commit-hooks",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
@ -181,6 +222,21 @@
"type": "github" "type": "github"
} }
}, },
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"utils": { "utils": {
"locked": { "locked": {
"lastModified": 1605370193, "lastModified": 1605370193,

View file

@ -11,15 +11,15 @@
nixosConfigurations = withSystem "x86_64-linux" ({pkgs, ...}: let nixosConfigurations = withSystem "x86_64-linux" ({pkgs, ...}: let
machines = builtins.attrNames (builtins.readDir ./machines); machines = builtins.attrNames (builtins.readDir ./machines);
makeSystem = name: let makeSystem = name: let
importedConfig = import (./. + "/machines/${name}/configuration.nix"); importedModule = import (./. + "/machines/${name}/configuration.nix");
systemConfig = configModule =
if lib.isFunction importedConfig if lib.isFunction importedModule
then x: importedConfig (x // {flake-inputs = inputs;}) then importedModule inputs
else importedConfig; else importedModule;
in in
pkgs.nixos { pkgs.nixos {
imports = [ imports = [
systemConfig configModule
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
inputs.impermanence.nixosModules.impermanence inputs.impermanence.nixosModules.impermanence
]; ];

View file

@ -28,25 +28,18 @@ in {
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
services = { services.jitsi-meet = {
jitsi-meet = { enable = true;
enable = true; config = {
config = { defaultLang = "de";
defaultLang = "de";
};
inherit (cfg) hostName;
}; };
jitsi-videobridge = { inherit (cfg) hostName;
openFirewall = true; };
nat = { services.jitsi-videobridge = {
publicAddress = "130.83.2.184"; openFirewall = true;
inherit (cfg) localAddress; nat = {
}; publicAddress = "130.83.2.184";
}; inherit (cfg) localAddress;
#We are behind a reverse proxy that handles TLS
nginx.virtualHosts."${cfg.hostName}" = {
enableACME = false;
forceSSL = false;
}; };
}; };
environment.persistence.${config.impermanence.name} = { environment.persistence.${config.impermanence.name} = {
@ -55,6 +48,12 @@ in {
"/var/lib/prosody" "/var/lib/prosody"
]; ];
}; };
#We are behind a reverse proxy that handles TLS
services.nginx.virtualHosts."${cfg.hostName}" = {
enableACME = false;
forceSSL = false;
};
#The network ports for HTTP(S) are not opened automatically #The network ports for HTTP(S) are not opened automatically
networking.firewall.allowedTCPPorts = [80 443]; networking.firewall.allowedTCPPorts = [80 443];
}; };