diff --git a/nix/os/containers/syncthing.nix b/nix/os/containers/syncthing.nix index a13e2ae..72aaab8 100644 --- a/nix/os/containers/syncthing.nix +++ b/nix/os/containers/syncthing.nix @@ -1,31 +1,31 @@ -{ hostAddress -, localAddress -, syncthingPort ? 22000 -, syncthingLocalAnnouncePort ? 21027 -, autoStart ? false -, +{ + hostAddress, + localAddress, + syncthingPort ? 22000, + syncthingLocalAnnouncePort ? 21027, + autoStart ? false, }: { - config = - { config - , pkgs - , ... - }: { - system.stateVersion = "20.05"; # Did you read the comment? + config = { + config, + pkgs, + ... + }: { + system.stateVersion = "20.05"; # Did you read the comment? - imports = [ ../profiles/containers/configuration.nix ]; + imports = [../profiles/containers/configuration.nix]; - networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ - # syncthing gui - 8384 - ]; + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ + # syncthing gui + 8384 + ]; - services.syncthing = { - enable = true; - openDefaultPorts = true; - guiAddress = "0.0.0.0:8384"; - }; + services.syncthing = { + enable = true; + openDefaultPorts = true; + guiAddress = "0.0.0.0:8384"; }; + }; inherit autoStart; @@ -36,7 +36,7 @@ }; }; - extraFlags = [ "--resolv-conf=bind-host" ]; + extraFlags = ["--resolv-conf=bind-host"]; privateNetwork = true; forwardPorts = [ diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index 86b7b83..80a714d 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -1,96 +1,94 @@ -{ hostAddress -, localAddress -, httpPort ? 80 -, httpsPort ? 443 -, autoStart ? false -, -}: -let - passwords = import ../../variables/passwords.crypt.nix; -in { - config = - { config - , pkgs - , lib - , ... - }: { - system.stateVersion = "22.05"; # Did you read the comment? + hostAddress, + localAddress, + httpPort ? 80, + httpsPort ? 443, + autoStart ? false, +}: let + passwords = import ../../variables/passwords.crypt.nix; +in { + config = { + config, + pkgs, + lib, + ... + }: { + system.stateVersion = "22.05"; # Did you read the comment? - imports = [ ../profiles/containers/configuration.nix ]; + imports = [../profiles/containers/configuration.nix]; - networking.firewall.enable = false; + networking.firewall.enable = false; - services.ddclientovh = { - enable = true; - domain = "www.stefanjunker.de"; - }; + services.ddclientovh = { + enable = true; + domain = "www.stefanjunker.de"; + }; - security.acme = { - acceptTerms = true; - certs."www.stefanjunker.de".email = "mail@stefanjunker.de"; - preliminarySelfsigned = true; + security.acme = { + acceptTerms = true; + certs."www.stefanjunker.de".email = "mail@stefanjunker.de"; + preliminarySelfsigned = true; - # can be used for debugging - # server = "https://acme-staging-v02.api.letsencrypt.org/directory"; - }; + # can be used for debugging + # server = "https://acme-staging-v02.api.letsencrypt.org/directory"; + }; - services.nginx.enable = true; - services.nginx.recommendedProxySettings = true; - services.nginx.virtualHosts."www.stefanjunker.de" = { - default = true; - addSSL = true; - listen = [ - { - addr = "0.0.0.0"; - port = httpPort; - ssl = false; - } - { - addr = "0.0.0.0"; - port = httpsPort; - ssl = true; - } - ]; + services.nginx.enable = true; + services.nginx.recommendedProxySettings = true; + services.nginx.virtualHosts."www.stefanjunker.de" = { + default = true; + addSSL = true; + listen = [ + { + addr = "0.0.0.0"; + port = httpPort; + ssl = false; + } + { + addr = "0.0.0.0"; + port = httpsPort; + ssl = true; + } + ]; - root = "/var/www/stefanjunker.de/htdocs"; + root = "/var/www/stefanjunker.de/htdocs"; - enableACME = true; + enableACME = true; - locations."/hedgedoc/" = { proxyPass = "http://[::1]:3000/"; }; + locations."/hedgedoc/" = {proxyPass = "http://[::1]:3000/";}; - locations."/hedgedoc/socket.io/" = { - proxyPass = "http://[::1]:3000/socket.io/"; - proxyWebsockets = true; - }; - }; - - services.hedgedoc = { - enable = true; - settings = { - domain = "www.stefanjunker.de"; - urlPath = "hedgedoc"; - protocolUseSSL = true; - db = { - dialect = "sqlite"; - storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite"; - }; - - allowAnonymous = false; - allowAnonymousEdits = false; - allowGravatar = false; - allowFreeURL = false; - defaultPermission = "private"; - allowEmailRegister = false; - - # oauth2 provider config - inherit (passwords.www_stefanjunker_de_hedgedoc) dropbox; - - uploadsPath = "/var/lib/hedgedoc/uploads"; - }; + locations."/hedgedoc/socket.io/" = { + proxyPass = "http://[::1]:3000/socket.io/"; + proxyWebsockets = true; }; }; + services.hedgedoc = { + enable = true; + settings = { + domain = "www.stefanjunker.de"; + urlPath = "hedgedoc"; + protocolUseSSL = true; + db = { + dialect = "sqlite"; + storage = "/var/lib/hedgedoc/db.hedgedoc.sqlite"; + }; + + allowAnonymous = false; + allowAnonymousEdits = false; + allowGravatar = false; + allowFreeURL = false; + defaultPermission = "private"; + allowEmailRegister = false; + + # oauth2 provider config + inherit (passwords.www_stefanjunker_de_hedgedoc) dropbox; + + uploadsPath = "/var/lib/hedgedoc/uploads"; + }; + }; + }; + inherit autoStart; bindMounts = { @@ -115,7 +113,7 @@ in }; }; - extraFlags = [ "--resolv-conf=bind-host" ]; + extraFlags = ["--resolv-conf=bind-host"]; privateNetwork = true; forwardPorts = [ diff --git a/nix/os/devices/167.233.1.14/configuration.nix b/nix/os/devices/167.233.1.14/configuration.nix index 1658e6c..28a63fb 100644 --- a/nix/os/devices/167.233.1.14/configuration.nix +++ b/nix/os/devices/167.233.1.14/configuration.nix @@ -1,5 +1,5 @@ -{ ... }: { - disabledModules = [ ]; +{...}: { + disabledModules = []; imports = [ ../../profiles/common/configuration.nix ../../modules/opinionatedDisk.nix diff --git a/nix/os/devices/167.233.1.14/hw.nix b/nix/os/devices/167.233.1.14/hw.nix index 9eb01fc..7566a02 100644 --- a/nix/os/devices/167.233.1.14/hw.nix +++ b/nix/os/devices/167.233.1.14/hw.nix @@ -1,5 +1,4 @@ -{ ... }: -let +{...}: let stage1Modules = [ "virtio_balloon" "virtio_scsi" @@ -15,8 +14,7 @@ let "pata_acpi" "ata_generic" ]; -in -{ +in { hardware.opinionatedDisk = { enable = true; encrypted = false; diff --git a/nix/os/devices/167.233.1.14/pkg.nix b/nix/os/devices/167.233.1.14/pkg.nix index 717b523..11d8bad 100644 --- a/nix/os/devices/167.233.1.14/pkg.nix +++ b/nix/os/devices/167.233.1.14/pkg.nix @@ -1,14 +1,16 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: { nixpkgs.config.packageOverrides = pkgs: with pkgs; { nixPath = (import ../../../default.nix { versionsPath = ./versions.nix; - }).nixPath; + }) + .nixPath; }; home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { inherit pkgs; diff --git a/nix/os/devices/167.233.1.14/system.nix b/nix/os/devices/167.233.1.14/system.nix index 735760d..d23085d 100644 --- a/nix/os/devices/167.233.1.14/system.nix +++ b/nix/os/devices/167.233.1.14/system.nix @@ -1,12 +1,11 @@ -{ pkgs -, lib -, config -, ... -}: -let - keys = import ../../../variables/keys.nix; -in { + pkgs, + lib, + config, + ... +}: let + keys = import ../../../variables/keys.nix; +in { # TASK: new device networking.hostName = "sj-pvehtz0"; # Define your hostname. # networking.domain = ""; @@ -31,7 +30,7 @@ in "prefixLength" = 29; } ]; - ipv6.addresses = [ ]; + ipv6.addresses = []; }; networking.defaultGateway = { @@ -44,11 +43,11 @@ in interface = "eth0"; }; - networking.nameservers = [ "1.1.1.1" ]; + networking.nameservers = ["1.1.1.1"]; networking.nat = { enable = true; - internalInterfaces = [ "ve-+" ]; + internalInterfaces = ["ve-+"]; externalInterface = "eth0"; }; @@ -56,12 +55,12 @@ in # services.kubernetes.roles = ["master" "node"]; # virtualization - virtualisation = { docker.enable = true; }; + virtualisation = {docker.enable = true;}; services.spice-vdagentd.enable = true; services.qemuGuest.enable = true; - nix.gc = { automatic = true; }; + nix.gc = {automatic = true;}; # networking.useHostResolvConf = true; @@ -78,7 +77,8 @@ in sievePort = 4190; }; - webserver = import ../../containers/webserver.nix + webserver = + import ../../containers/webserver.nix { autoStart = true; diff --git a/nix/os/devices/167.233.1.14/versions.nix b/nix/os/devices/167.233.1.14/versions.nix index b8df054..265e21a 100644 --- a/nix/os/devices/167.233.1.14/versions.nix +++ b/nix/os/devices/167.233.1.14/versions.nix @@ -5,10 +5,9 @@ let rev = '' a7cc81913bb3cd1ef05ed0ece048b773e1839e51''; }; -in -{ +in { inherit nixpkgs; - nixos = nixpkgs // { suffix = "/nixos"; }; + nixos = nixpkgs // {suffix = "/nixos";}; "channels-nixos-stable" = nixpkgs; "channels-nixos-unstable" = { url = "https://github.com/NixOS/nixpkgs/"; diff --git a/nix/os/devices/167.233.1.14/versions.tmpl.nix b/nix/os/devices/167.233.1.14/versions.tmpl.nix index 1fe5eb8..a0fa34a 100644 --- a/nix/os/devices/167.233.1.14/versions.tmpl.nix +++ b/nix/os/devices/167.233.1.14/versions.tmpl.nix @@ -6,10 +6,9 @@ let <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.11 | awk '{ print $1 }' | tr -d ' ' -%>''; }; -in -{ +in { inherit nixpkgs; - nixos = nixpkgs // { suffix = "/nixos"; }; + nixos = nixpkgs // {suffix = "/nixos";}; "channels-nixos-stable" = nixpkgs; "channels-nixos-unstable" = { url = "https://github.com/NixOS/nixpkgs/"; diff --git a/nix/os/devices/vmd102066.contaboserver.net/system.nix b/nix/os/devices/vmd102066.contaboserver.net/system.nix index a80129b..929874f 100644 --- a/nix/os/devices/vmd102066.contaboserver.net/system.nix +++ b/nix/os/devices/vmd102066.contaboserver.net/system.nix @@ -1,13 +1,12 @@ -{ pkgs -, lib -, config -, ... -}: -let +{ + pkgs, + lib, + config, + ... +}: let keys = import ../../../variables/keys.nix; passwords = import ../../../variables/passwords.crypt.nix; -in -{ +in { # TASK: new device networking.hostName = "vmd102066"; # Define your hostname. networking.domain = "contaboserver.net"; @@ -41,7 +40,7 @@ in networking.nat = { enable = true; - internalInterfaces = [ "ve-+" ]; + internalInterfaces = ["ve-+"]; externalInterface = "eth0"; }; @@ -49,7 +48,7 @@ in # services.kubernetes.roles = ["master" "node"]; # virtualization - virtualisation = { docker.enable = true; }; + virtualisation = {docker.enable = true;}; services.spice-vdagentd.enable = true; services.qemuGuest.enable = true; @@ -57,18 +56,18 @@ in systemd.services."sshd-status" = { enable = true; description = "sshd-status service"; - path = [ pkgs.systemd ]; + path = [pkgs.systemd]; script = '' systemctl status sshd | grep -i tasks ''; }; - systemd.services.sshd.serviceConfig = { TasksMax = 32; }; + systemd.services.sshd.serviceConfig = {TasksMax = 32;}; systemd.timers."sshd-status" = { description = "Timer to trigger sshd-status periodically"; enable = true; - wantedBy = [ "timer.target" "multi-user.target" ]; + wantedBy = ["timer.target" "multi-user.target"]; timerConfig = { OnActiveSec = "5s"; OnUnitActiveSec = "5s"; @@ -77,11 +76,11 @@ in }; }; - nix.gc = { automatic = true; }; + nix.gc = {automatic = true;}; boot.initrd.network = { enable = true; - udhcpc.extraArgs = [ "-x hostname:${config.networking.hostName}" ]; + udhcpc.extraArgs = ["-x hostname:${config.networking.hostName}"]; ssh = { enable = true; @@ -110,7 +109,7 @@ in inherit config; hostAddress = "192.168.100.16"; localAddress = "192.168.100.17"; - subvolumes = [ "mailserver" "webserver" "backup" "syncthing" ]; + subvolumes = ["mailserver" "webserver" "backup" "syncthing"]; }; bkpTarget = import ../../containers/backup-target.nix { diff --git a/nix/os/devices/vmd102066.contaboserver.net/versions.nix b/nix/os/devices/vmd102066.contaboserver.net/versions.nix index 0359b70..1a3a576 100644 --- a/nix/os/devices/vmd102066.contaboserver.net/versions.nix +++ b/nix/os/devices/vmd102066.contaboserver.net/versions.nix @@ -5,8 +5,7 @@ let rev = '' a7cc81913bb3cd1ef05ed0ece048b773e1839e51''; }; -in -{ +in { inherit nixpkgs; "channels-nixos-stable" = nixpkgs; "nixpkgs-master" = { diff --git a/nix/os/devices/vmd102066.contaboserver.net/versions.tmpl.nix b/nix/os/devices/vmd102066.contaboserver.net/versions.tmpl.nix index 273f449..51bfdff 100644 --- a/nix/os/devices/vmd102066.contaboserver.net/versions.tmpl.nix +++ b/nix/os/devices/vmd102066.contaboserver.net/versions.tmpl.nix @@ -6,8 +6,7 @@ let <% git ls-remote https://github.com/nixos/nixpkgs nixos-22.11 | awk '{ print $1 }' | tr -d ' ' -%>''; }; -in -{ +in { inherit nixpkgs; "channels-nixos-stable" = nixpkgs; "nixpkgs-master" = { diff --git a/nix/os/profiles/common/system.nix b/nix/os/profiles/common/system.nix index 058bd2e..e91180c 100644 --- a/nix/os/profiles/common/system.nix +++ b/nix/os/profiles/common/system.nix @@ -1,7 +1,8 @@ -{ config -, pkgs -, lib -, ... +{ + config, + pkgs, + lib, + ... }: { nix.settings.trusted-public-keys = [ # "hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs=" @@ -27,14 +28,14 @@ } ''; - environment.variables = { NIX_PATH = lib.mkForce pkgs.nixPath; }; + environment.variables = {NIX_PATH = lib.mkForce pkgs.nixPath;}; # Fonts, I18N, Date ... - fonts.fonts = [ pkgs.corefonts ]; + fonts.fonts = [pkgs.corefonts]; console.font = "lat9w-16"; - i18n = { defaultLocale = "en_US.UTF-8"; }; + i18n = {defaultLocale = "en_US.UTF-8";}; time.timeZone = "Etc/UTC"; services.gpm.enable = true; @@ -67,6 +68,6 @@ programs.zsh.enable = true; users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = [ "/share/zsh" ]; + environment.pathsToLink = ["/share/zsh"]; programs.fuse.userAllowOther = true; } diff --git a/nix/overlays/overrides.nix b/nix/overlays/overrides.nix index 1fba733..884b40c 100644 --- a/nix/overlays/overrides.nix +++ b/nix/overlays/overrides.nix @@ -1,20 +1,18 @@ # This overlay is used for overriding upstream packages. -self: super: -let +self: super: let sources = import ../../nix/sources.nix; - nixpkgs-master = import { inherit (super) config; }; + nixpkgs-master = import {inherit (super) config;}; nixpkgs-unstable = - import { inherit (super) config; }; -in -{ + import {inherit (super) config;}; +in { inherit nixpkgs-master; inherit nixpkgs-unstable; # alacritty = nixpkgs-master.alacritty; alacritty = super.stdenv.mkDerivation { name = "alacritty-custom"; - buildInputs = [ super.makeWrapper ]; + buildInputs = [super.makeWrapper]; phases = "installPhase"; installPhase = '' makeWrapper ${super.alacritty}/bin/alacritty $out/bin/alacritty \ diff --git a/nix/pkgs/default.nix b/nix/pkgs/default.nix index b60e7df..4a8dea3 100644 --- a/nix/pkgs/default.nix +++ b/nix/pkgs/default.nix @@ -1,7 +1,6 @@ -{ pkgs }: -let +{pkgs}: let in rec { - nixpkgs-master = import { }; + nixpkgs-master = import {}; busyboxStatic = pkgs.busybox.override { enableStatic = true; @@ -11,10 +10,10 @@ in rec { CONFIG_INSTALL_APPLET_SYMLINKS n ''; }; - dropbearStatic = pkgs.dropbear.override { enableStatic = true; }; + dropbearStatic = pkgs.dropbear.override {enableStatic = true;}; - duplicacy = pkgs.callPackage ../pkgs/duplicacy { }; - mfcl3770cdw = pkgs.callPackage ../pkgs/mfcl3770cdw.nix { }; + duplicacy = pkgs.callPackage ../pkgs/duplicacy {}; + mfcl3770cdw = pkgs.callPackage ../pkgs/mfcl3770cdw.nix {}; staruml = pkgs.callPackage ../pkgs/staruml.nix { inherit (pkgs.gnome2) GConf; libgcrypt = pkgs.libgcrypt_1_5; @@ -23,28 +22,28 @@ in rec { pythonPackages = myPython; myPython = pkgs.python310.withPackages (ps: with ps; - [ - pep8 - yapf - flake8 - # autopep8 (broken) - # pylint (broken) - ipython - llfuse - dugong - defusedxml - wheel - pip - virtualenv - cffi - pyopenssl - urllib3 - # mistune (insecure) - sympy + [ + pep8 + yapf + flake8 + # autopep8 (broken) + # pylint (broken) + ipython + llfuse + dugong + defusedxml + wheel + pip + virtualenv + cffi + pyopenssl + urllib3 + # mistune (insecure) + sympy - flask + flask - pyaml - ] - ++ [ pkgs.pypi2nix pkgs.libffi ]); + pyaml + ] + ++ [pkgs.pypi2nix pkgs.libffi]); }