From 9b6f86b598a8fa6d17c27ad8b4156dffbb501a04 Mon Sep 17 00:00:00 2001 From: Justin Rubek <25621857+justinrubek@users.noreply.github.com> Date: Mon, 15 Apr 2024 19:21:19 -0500 Subject: [PATCH] style: nixfmt --- containers/default.nix | 92 +-- deploy/default.nix | 50 +- flake-parts/ci.nix | 46 +- flake-parts/formatting.nix | 46 +- flake-parts/home_configurations.nix | 282 ++++---- flake-parts/nixos_configurations.nix | 118 ++-- flake-parts/pre-commit.nix | 29 +- flake-parts/shells.nix | 76 ++- flake-parts/terraform.nix | 267 ++++---- flake-parts/terraformConfiguration.nix | 37 +- flake.nix | 14 +- home/configurations/justin@alex/default.nix | 6 +- home/configurations/justin@bunky/default.nix | 6 +- home/configurations/justin@ceylon/default.nix | 6 +- .../configurations/justin@eunomia/default.nix | 22 +- home/configurations/justin@huginn/default.nix | 6 +- .../configurations/justin@manusya/default.nix | 18 +- home/configurations/justin@pyxis/default.nix | 6 +- home/modules/misc/home/default.nix | 6 +- home/modules/profiles/base/default.nix | 9 +- home/modules/profiles/browsing/default.nix | 13 +- home/modules/profiles/default.nix | 22 +- home/modules/profiles/design/default.nix | 9 +- home/modules/profiles/development/default.nix | 20 +- home/modules/profiles/gaming/default.nix | 9 +- home/modules/profiles/graphical/default.nix | 9 +- home/modules/profiles/media/default.nix | 9 +- home/modules/profiles/work/default.nix | 15 +- home/modules/programs/eww/default.nix | 13 +- home/modules/programs/firefox/config.nix | 4 +- home/modules/programs/firefox/default.nix | 9 +- home/modules/programs/pijul/default.nix | 13 +- home/modules/wayland/common/default.nix | 11 +- home/modules/wayland/swaylock/default.nix | 9 +- home/modules/windowing/hyprland/default.nix | 43 +- home/modules/windowing/waybar/default.nix | 40 +- home/modules/windowing/xmonad/default.nix | 9 +- lib/nixos_system.nix | 22 +- modules/default.nix | 11 +- nixos/configurations/alex/default.nix | 24 +- nixos/configurations/alex/hardware.nix | 47 +- nixos/configurations/bunky/default.nix | 18 +- nixos/configurations/bunky/hardware.nix | 7 +- nixos/configurations/ceylon/default.nix | 18 +- nixos/configurations/ceylon/hardware.nix | 7 +- nixos/configurations/default.nix | 18 +- nixos/configurations/eunomia/bootloader.nix | 16 +- nixos/configurations/eunomia/default.nix | 94 +-- nixos/configurations/eunomia/hardware.nix | 11 +- nixos/configurations/hetzner-base/default.nix | 22 +- .../configurations/hetzner-base/hardware.nix | 7 +- nixos/configurations/huginn/default.nix | 28 +- nixos/configurations/huginn/hardware.nix | 7 +- nixos/configurations/manusya/bootloader.nix | 16 +- nixos/configurations/manusya/default.nix | 16 +- nixos/configurations/manusya/hardware.nix | 16 +- nixos/configurations/pyxis/default.nix | 18 +- nixos/configurations/pyxis/hardware.nix | 7 +- nixos/modules/admin_ssh.nix | 13 +- nixos/modules/cachix/caches/hyprland.nix | 9 +- .../cachix/caches/justinrubek-garnix.nix | 9 +- nixos/modules/cachix/caches/justinrubek.nix | 11 +- nixos/modules/cachix/caches/nix-community.nix | 11 +- nixos/modules/cachix/default.nix | 15 +- nixos/modules/cloudhost/hetzner/default.nix | 22 +- nixos/modules/consul/default.nix | 20 +- nixos/modules/containers.nix | 46 +- nixos/modules/data/postgres/default.nix | 620 +++++++++-------- nixos/modules/default.nix | 5 +- nixos/modules/filesystem/zfs/default.nix | 9 +- nixos/modules/flake.nix | 19 +- nixos/modules/graphical/fonts/default.nix | 26 +- nixos/modules/haproxy/default.nix | 41 +- nixos/modules/matrix/conduit.nix | 26 +- nixos/modules/media/default.nix | 38 +- nixos/modules/nix.nix | 10 +- nixos/modules/nomad/default.nix | 48 +- nixos/modules/sound.nix | 9 +- nixos/modules/tailscale/default.nix | 38 +- nixos/modules/vault/default.nix | 37 +- nixos/modules/windowing/hyprland/default.nix | 11 +- nixos/modules/windowing/plasma/default.nix | 9 +- nixos/modules/windowing/xmonad/default.nix | 9 +- nomad/default.nix | 61 +- nomad/jobs/annapurna.nix | 30 +- nomad/jobs/conduit.nix | 19 +- nomad/jobs/dummy-api-nix.nix | 12 +- nomad/jobs/dummy-api.nix | 10 +- nomad/jobs/factorio.nix | 63 +- nomad/jobs/flake-builder.nix | 14 +- nomad/jobs/jellyfin.nix | 2 +- nomad/jobs/key-test.nix | 11 +- nomad/jobs/lockpad.nix | 23 +- nomad/jobs/nix-cache.nix | 113 +-- nomad/jobs/paperless.nix | 8 +- nomad/jobs/postgres.nix | 10 +- nomad/jobs/rubek-site-nix.nix | 35 +- nomad/jobs/rubek-site.nix | 34 +- nomad/jobs/storage.nix | 4 +- nomad/jobs/valheim.nix | 2 +- packages/default.nix | 36 +- packages/installer-image.nix | 50 +- packages/material-symbols.nix | 4 +- packages/neovim/config.nix | 26 +- packages/neovim/default.nix | 29 +- packages/neovim/which-key.nix | 59 +- packages/nomad/default.nix | 9 +- packages/vault-bin/default.nix | 17 +- terraform/configurations/apps/main.nix | 33 +- terraform/configurations/consul/main.nix | 14 +- terraform/configurations/dns/main.nix | 2 +- terraform/configurations/github/main.nix | 645 ++++++++++++------ terraform/configurations/hetzner/main.nix | 10 +- terraform/configurations/minio/main.nix | 13 +- terraform/configurations/test/main.nix | 9 +- terraform/configurations/vault/main.nix | 17 +- terraform/modules/default.nix | 5 +- .../modules/github_repository/default.nix | 519 +++++++------- terraform/modules/nomadjob/default.nix | 70 +- terraform/modules/nomadvolumes/default.nix | 121 ++-- 120 files changed, 2804 insertions(+), 2275 deletions(-) diff --git a/containers/default.nix b/containers/default.nix index 50633d7..fd74433 100644 --- a/containers/default.nix +++ b/containers/default.nix @@ -3,58 +3,62 @@ self, lib, ... -}: { - imports = []; +}: +{ + imports = [ ]; - perSystem = { - self', - pkgs, - lib, - system, - inputs', - ... - }: let - skopeo-push = pkgs.writeShellScriptBin "skopeo-push" '' - set -euo pipefail - # copy an image to a docker registry - # 1. image - Given as a path to an image archive - # 2. registry - The registry to push to - ${pkgs.skopeo}/bin/skopeo copy --insecure-policy "docker-archive:$1" "docker://$2" - ''; + perSystem = + { + self', + pkgs, + lib, + system, + inputs', + ... + }: + let + skopeo-push = pkgs.writeShellScriptBin "skopeo-push" '' + set -euo pipefail + # copy an image to a docker registry + # 1. image - Given as a path to an image archive + # 2. registry - The registry to push to + ${pkgs.skopeo}/bin/skopeo copy --insecure-policy "docker-archive:$1" "docker://$2" + ''; - paperless-base = pkgs.dockerTools.pullImage { - imageName = "paperlessngx/paperless-ngx"; - imageDigest = "sha256:9948208107c66a63ca6ea987197a20a3d49bddd28cebf768be53b191dc54a9b7"; - sha256 = "sha256-w8189iaojdptL4JItHhCFVdTEX+A02TrKpzqCxXOB60="; - finalImageTag = "paperless-base"; - finalImageName = "paperless"; - }; - in { - apps = { - skopeo-push = { - type = "app"; - program = "${skopeo-push}/bin/skopeo-push"; + paperless-base = pkgs.dockerTools.pullImage { + imageName = "paperlessngx/paperless-ngx"; + imageDigest = "sha256:9948208107c66a63ca6ea987197a20a3d49bddd28cebf768be53b191dc54a9b7"; + sha256 = "sha256-w8189iaojdptL4JItHhCFVdTEX+A02TrKpzqCxXOB60="; + finalImageTag = "paperless-base"; + finalImageName = "paperless"; }; - }; - packages = { - "scripts/skopeo-push" = skopeo-push; + in + { + apps = { + skopeo-push = { + type = "app"; + program = "${skopeo-push}/bin/skopeo-push"; + }; + }; + packages = { + "scripts/skopeo-push" = skopeo-push; + + "image/paperless" = pkgs.dockerTools.buildImage { + name = "paperless"; + tag = "latest"; - "image/paperless" = pkgs.dockerTools.buildImage { - name = "paperless"; - tag = "latest"; + fromImage = paperless-base; - fromImage = paperless-base; + copyToRoot = pkgs.buildEnv { + name = "image-root"; + paths = [ pkgs.redis ]; + pathsToLink = [ "/bin" ]; + }; - copyToRoot = pkgs.buildEnv { - name = "image-root"; - paths = [pkgs.redis]; - pathsToLink = ["/bin"]; + config.Cmd = [ "/usr/local/bin/paperless_cmd.sh" ]; }; - config.Cmd = ["/usr/local/bin/paperless_cmd.sh"]; + "image/conduit" = inputs'.conduit.packages."image/conduit"; }; - - "image/conduit" = inputs'.conduit.packages."image/conduit"; }; - }; } diff --git a/deploy/default.nix b/deploy/default.nix index 4c47984..b39c696 100644 --- a/deploy/default.nix +++ b/deploy/default.nix @@ -3,31 +3,37 @@ inputs, config, ... -}: let - mkDeployNode = { - hostname, - address ? hostname, - }: { - hostname = address; - profiles.system = { - sshUser = "admin"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${hostname}; - user = "root"; +}: +let + mkDeployNode = + { + hostname, + address ? hostname, + }: + { + hostname = address; + profiles.system = { + sshUser = "admin"; + path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.${hostname}; + user = "root"; + }; + profiles.justin = { + sshUser = "admin"; + path = + inputs.deploy-rs.lib.x86_64-linux.activate.home-manager + self.homeConfigurations."justin@${hostname}"; + user = "justin"; + }; }; - profiles.justin = { - sshUser = "admin"; - path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations."justin@${hostname}"; - user = "justin"; - }; - }; -in { +in +{ flake.deploy = { nodes = { - bunky = mkDeployNode {hostname = "bunky";}; - pyxis = mkDeployNode {hostname = "pyxis";}; - ceylon = mkDeployNode {hostname = "ceylon";}; - huginn = mkDeployNode {hostname = "huginn";}; - alex = mkDeployNode {hostname = "alex";}; + bunky = mkDeployNode { hostname = "bunky"; }; + pyxis = mkDeployNode { hostname = "pyxis"; }; + ceylon = mkDeployNode { hostname = "ceylon"; }; + huginn = mkDeployNode { hostname = "huginn"; }; + alex = mkDeployNode { hostname = "alex"; }; }; }; } diff --git a/flake-parts/ci.nix b/flake-parts/ci.nix index 44adfb6..d62978d 100644 --- a/flake-parts/ci.nix +++ b/flake-parts/ci.nix @@ -1,28 +1,30 @@ -{inputs, ...}: { - perSystem = { - config, - pkgs, - system, - inputs', - self', - ... - }: let - ciPackages = [ - pkgs.skopeo - ]; +{ inputs, ... }: +{ + perSystem = + { + config, + pkgs, + system, + inputs', + self', + ... + }: + let + ciPackages = [ pkgs.skopeo ]; - devShells = { - ci = pkgs.mkShell rec { - packages = ciPackages; + devShells = { + ci = pkgs.mkShell rec { + packages = ciPackages; - LD_LIBRARY_PATH = pkgs.lib.makeLibraryPath packages; + LD_LIBRARY_PATH = pkgs.lib.makeLibraryPath packages; + }; }; - }; - in rec { - inherit devShells; + in + rec { + inherit devShells; - legacyPackages = { - inherit ciPackages; + legacyPackages = { + inherit ciPackages; + }; }; - }; } diff --git a/flake-parts/formatting.nix b/flake-parts/formatting.nix index 1dbf216..f3270aa 100644 --- a/flake-parts/formatting.nix +++ b/flake-parts/formatting.nix @@ -1,31 +1,25 @@ +{ inputs, self, ... }: { - inputs, - self, - ... -}: { - perSystem = { - pkgs, - lib, - ... - }: let - formatters = [ - pkgs.alejandra - ]; + perSystem = + { pkgs, lib, ... }: + let + formatters = [ pkgs.alejandra ]; - treefmt = pkgs.writeShellApplication { - name = "treefmt"; - runtimeInputs = [pkgs.treefmt] ++ formatters; - text = '' - exec treefmt "$@" - ''; - }; - in { - packages = { - inherit treefmt; - }; + treefmt = pkgs.writeShellApplication { + name = "treefmt"; + runtimeInputs = [ pkgs.treefmt ] ++ formatters; + text = '' + exec treefmt "$@" + ''; + }; + in + { + packages = { + inherit treefmt; + }; - legacyPackages = { - inherit formatters; + legacyPackages = { + inherit formatters; + }; }; - }; } diff --git a/flake-parts/home_configurations.nix b/flake-parts/home_configurations.nix index 4378fc2..0571f77 100644 --- a/flake-parts/home_configurations.nix +++ b/flake-parts/home_configurations.nix @@ -5,152 +5,168 @@ config, lib, ... -}: let +}: +let cfg = config.justinrubek.homeConfigurations; # collect all homeConfigurations so they can be exposed as flake outputs configs = builtins.mapAttrs (_: config: config.homeConfig) cfg; # TODO: determine if these are useful and where to expose them from - packages = builtins.attrValues (builtins.mapAttrs (_: config: let - # collect the configurations under an attribute set so they can be used - # as flake.packages outputs - namespaced = {${config.system}.${config.packageName} = config.homePackage;}; - in - namespaced) - cfg); -in { + packages = builtins.attrValues ( + builtins.mapAttrs ( + _: config: + let + # collect the configurations under an attribute set so they can be used + # as flake.packages outputs + namespaced = { + ${config.system}.${config.packageName} = config.homePackage; + }; + in + namespaced + ) cfg + ); +in +{ options = { justinrubek.homeConfigurations = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({ - name, - config, - ... - }: let - # determine the username and hostname from the name - splitName = builtins.split "@" name; - username = builtins.elemAt splitName 0; - hostname = builtins.elemAt splitName 2; - in { - options = { - system = lib.mkOption { - type = lib.types.enum ["x86_64-linux" "aarch64-linux"]; - }; - - username = lib.mkOption { - type = lib.types.str; - default = username; - }; - - hostname = lib.mkOption { - type = lib.types.str; - default = hostname; - }; - - modules = lib.mkOption { - type = lib.types.listOf lib.types.unspecified; - default = []; - description = "List of modules to include for the home-manager configuration."; - }; - - # outputs - homeDirectory = lib.mkOption { - type = lib.types.str; - readOnly = true; - description = "The path to the home directory of the user."; - }; - - homeConfig = lib.mkOption { - type = lib.types.unspecified; - readOnly = true; - description = "The home-manager configuration."; - }; - - homePackage = lib.mkOption { - type = lib.types.package; - readOnly = true; - description = "The home-manager activation package."; - }; - - finalModules = lib.mkOption { - type = lib.types.listOf lib.types.unspecified; - readOnly = true; - description = "All modules that are included in the home-manager configuration."; - }; - - entryPoint = lib.mkOption { - type = lib.types.unspecified; - readOnly = true; - description = "The entry point module of the home-manager configuration."; - }; - - packageName = lib.mkOption { - type = lib.types.str; - readOnly = true; - description = "The name of the exported package output that contains the home-manager activation package."; - }; - }; - - config = let - pkgs = inputs.nixpkgs.legacyPackages.${config.system}; + type = lib.types.attrsOf ( + lib.types.submodule ( + { name, config, ... }: + let + # determine the username and hostname from the name + splitName = builtins.split "@" name; + username = builtins.elemAt splitName 0; + hostname = builtins.elemAt splitName 2; + in + { + options = { + system = lib.mkOption { + type = lib.types.enum [ + "x86_64-linux" + "aarch64-linux" + ]; + }; + + username = lib.mkOption { + type = lib.types.str; + default = username; + }; + + hostname = lib.mkOption { + type = lib.types.str; + default = hostname; + }; + + modules = lib.mkOption { + type = lib.types.listOf lib.types.unspecified; + default = [ ]; + description = "List of modules to include for the home-manager configuration."; + }; + + # outputs + homeDirectory = lib.mkOption { + type = lib.types.str; + readOnly = true; + description = "The path to the home directory of the user."; + }; + + homeConfig = lib.mkOption { + type = lib.types.unspecified; + readOnly = true; + description = "The home-manager configuration."; + }; + + homePackage = lib.mkOption { + type = lib.types.package; + readOnly = true; + description = "The home-manager activation package."; + }; + + finalModules = lib.mkOption { + type = lib.types.listOf lib.types.unspecified; + readOnly = true; + description = "All modules that are included in the home-manager configuration."; + }; + + entryPoint = lib.mkOption { + type = lib.types.unspecified; + readOnly = true; + description = "The entry point module of the home-manager configuration."; + }; + + packageName = lib.mkOption { + type = lib.types.str; + readOnly = true; + description = "The name of the exported package output that contains the home-manager activation package."; + }; + }; - homeDirectory = - if !pkgs.stdenv.isDarwin - then "/home/${config.username}" - else "/Users/${config.username}"; - in { - entryPoint = import "${self}/home/configurations/${config.username}@${config.hostname}" (inputs // {inherit self;}); - inherit homeDirectory; + config = + let + pkgs = inputs.nixpkgs.legacyPackages.${config.system}; - finalModules = - [ - config.entryPoint + homeDirectory = + if !pkgs.stdenv.isDarwin then "/home/${config.username}" else "/Users/${config.username}"; + in { - home = { - inherit (config) username homeDirectory; + entryPoint = import "${self}/home/configurations/${config.username}@${config.hostname}" ( + inputs // { inherit self; } + ); + inherit homeDirectory; + + finalModules = + [ + config.entryPoint + { + home = { + inherit (config) username homeDirectory; + }; + } + { + nixpkgs = { + # config.allowUnfree = true; + config.allowUnfreePredicate = + pkg: + builtins.elem (lib.getName pkg) [ + "discord" + "dwarf-fortress" + "slack" + "steam" + "steam-original" + "steam-run" + "teamspeak-client" + "teamspeak5-client" + ]; + config.xdg.configHome = "${config.homeDirectory}/.config"; + }; + } + ] + ++ config.modules + ++ [ + inputs.hyprland.homeManagerModules.default + inputs.global-keybind.homeModules.global-keybind + inputs.nixvim.homeManagerModules.nixvim + ] + # include this flake's modules + ++ builtins.attrValues self.homeModules + ++ builtins.attrValues self.modules; + + homeConfig = inputs.home-manager.lib.homeManagerConfiguration { + inherit pkgs; + modules = config.finalModules; + extraSpecialArgs = { + inherit (config) username; + inherit homeDirectory; + }; }; - } - { - nixpkgs = { - # config.allowUnfree = true; - config.allowUnfreePredicate = pkg: - builtins.elem (lib.getName pkg) [ - "discord" - "dwarf-fortress" - "slack" - "steam" - "steam-original" - "steam-run" - "teamspeak-client" - "teamspeak5-client" - ]; - config.xdg.configHome = "${config.homeDirectory}/.config"; - }; - } - ] - ++ config.modules - ++ [ - inputs.hyprland.homeManagerModules.default - inputs.global-keybind.homeModules.global-keybind - inputs.nixvim.homeManagerModules.nixvim - ] - # include this flake's modules - ++ builtins.attrValues self.homeModules - ++ builtins.attrValues self.modules; - - homeConfig = inputs.home-manager.lib.homeManagerConfiguration { - inherit pkgs; - modules = config.finalModules; - extraSpecialArgs = { - inherit (config) username; - inherit homeDirectory; - }; - }; - homePackage = config.homeConfig.activationPackage; - packageName = "home/configuration/${name}"; - }; - })); + homePackage = config.homeConfig.activationPackage; + packageName = "home/configuration/${name}"; + }; + } + ) + ); }; }; diff --git a/flake-parts/nixos_configurations.nix b/flake-parts/nixos_configurations.nix index 7f24d3d..c3d9c90 100644 --- a/flake-parts/nixos_configurations.nix +++ b/flake-parts/nixos_configurations.nix @@ -5,72 +5,86 @@ config, lib, ... -}: let +}: +let cfg = config.justinrubek.nixosConfigurations; # collect all nixosConfigurations so they can be exposed as flake outputs configs = builtins.mapAttrs (_: config: config.nixosConfig) cfg; # TODO: determine if these are useful and where to expose them from - packages = builtins.attrValues (builtins.mapAttrs (_: config: let - # collect the configurations under an attribute set so they can be used - # as flake.packages outputs - namespaced = {${config.system}.${config.packageName} = config.nixosPackage;}; - in - namespaced) - cfg); -in { + packages = builtins.attrValues ( + builtins.mapAttrs ( + _: config: + let + # collect the configurations under an attribute set so they can be used + # as flake.packages outputs + namespaced = { + ${config.system}.${config.packageName} = config.nixosPackage; + }; + in + namespaced + ) cfg + ); +in +{ options = { justinrubek.nixosConfigurations = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule ({ - name, - config, - ... - }: { - options = { - system = lib.mkOption { - type = lib.types.enum ["x86_64-linux" "aarch64-linux"]; - }; + type = lib.types.attrsOf ( + lib.types.submodule ( + { name, config, ... }: + { + options = { + system = lib.mkOption { + type = lib.types.enum [ + "x86_64-linux" + "aarch64-linux" + ]; + }; - modules = lib.mkOption { - type = lib.types.listOf lib.types.unspecified; - default = []; - description = "List of modules to include for the nixos configuration."; - }; + modules = lib.mkOption { + type = lib.types.listOf lib.types.unspecified; + default = [ ]; + description = "List of modules to include for the nixos configuration."; + }; - nixosConfig = lib.mkOption { - type = lib.types.unspecified; - readOnly = true; - description = "The nixos configuration."; - }; + nixosConfig = lib.mkOption { + type = lib.types.unspecified; + readOnly = true; + description = "The nixos configuration."; + }; - packageName = lib.mkOption { - type = lib.types.str; - readOnly = true; - description = "The name of the exported package."; - }; + packageName = lib.mkOption { + type = lib.types.str; + readOnly = true; + description = "The name of the exported package."; + }; - nixosPackage = lib.mkOption { - type = lib.types.package; - readOnly = true; - description = "The package output that contains the system's build.toplevel."; - }; - }; + nixosPackage = lib.mkOption { + type = lib.types.package; + readOnly = true; + description = "The package output that contains the system's build.toplevel."; + }; + }; - config = let - configDir = "${self}/nixos/configurations/${name}"; - entryPoint = import configDir (inputs // {inherit self;}); - in { - nixosConfig = self.lib.nixosSystem { - inherit name; - inherit (config) system; - modules = config.modules ++ [entryPoint]; - }; + config = + let + configDir = "${self}/nixos/configurations/${name}"; + entryPoint = import configDir (inputs // { inherit self; }); + in + { + nixosConfig = self.lib.nixosSystem { + inherit name; + inherit (config) system; + modules = config.modules ++ [ entryPoint ]; + }; - nixosPackage = config.nixosConfig.config.system.build.toplevel; - packageName = "nixos/configuration/${name}"; - }; - })); + nixosPackage = config.nixosConfig.config.system.build.toplevel; + packageName = "nixos/configuration/${name}"; + }; + } + ) + ); }; }; diff --git a/flake-parts/pre-commit.nix b/flake-parts/pre-commit.nix index 1cf0a7c..1ff1bae 100644 --- a/flake-parts/pre-commit.nix +++ b/flake-parts/pre-commit.nix @@ -1,21 +1,20 @@ +{ inputs, self, ... }: { - inputs, - self, - ... -}: { - perSystem = {self', ...}: { - pre-commit = { - check.enable = true; + perSystem = + { self', ... }: + { + pre-commit = { + check.enable = true; - settings = { - src = ../.; - hooks = { - treefmt.enable = true; - statix.enable = true; - }; + settings = { + src = ../.; + hooks = { + treefmt.enable = true; + statix.enable = true; + }; - settings.treefmt.package = self'.packages.treefmt; + settings.treefmt.package = self'.packages.treefmt; + }; }; }; - }; } diff --git a/flake-parts/shells.nix b/flake-parts/shells.nix index 98687cc..988291b 100644 --- a/flake-parts/shells.nix +++ b/flake-parts/shells.nix @@ -4,49 +4,53 @@ lib, self, ... -}: { - perSystem = { - config, - pkgs, - system, - inputs', - self', - ... - }: let - hashicorp-pkgs = inputs.hashicorp_nixpkgs.legacyPackages.${system}; - in { - devShells = { - default = pkgs.mkShell { - buildInputs = with pkgs; [ - alejandra - inputs.home-manager.packages.${system}.home-manager - hcloud - hashicorp-pkgs.packer - inputs'.deploy-rs.packages.deploy-rs +}: +{ + perSystem = + { + config, + pkgs, + system, + inputs', + self', + ... + }: + let + hashicorp-pkgs = inputs.hashicorp_nixpkgs.legacyPackages.${system}; + in + { + devShells = { + default = pkgs.mkShell { + buildInputs = with pkgs; [ + alejandra + inputs.home-manager.packages.${system}.home-manager + hcloud + hashicorp-pkgs.packer + inputs'.deploy-rs.packages.deploy-rs - pkgs.age - pkgs.ssh-to-age - pkgs.sops + pkgs.age + pkgs.ssh-to-age + pkgs.sops - self'.packages.push-configuration - inputs'.thoenix.packages.cli - self'.packages.terraform + self'.packages.push-configuration + inputs'.thoenix.packages.cli + self'.packages.terraform - self'.packages.vault-bin + self'.packages.vault-bin - self'.packages.nomad + self'.packages.nomad - pkgs.skopeo - self'.packages."scripts/skopeo-push" + pkgs.skopeo + self'.packages."scripts/skopeo-push" - inputs'.lockpad.packages.cli - inputs'.nix-postgres.packages."psql_15/bin" - ]; + inputs'.lockpad.packages.cli + inputs'.nix-postgres.packages."psql_15/bin" + ]; - shellHook = '' - ${config.pre-commit.installationScript} - ''; + shellHook = '' + ${config.pre-commit.installationScript} + ''; + }; }; }; - }; } diff --git a/flake-parts/terraform.nix b/flake-parts/terraform.nix index b621fcf..283bfb4 100644 --- a/flake-parts/terraform.nix +++ b/flake-parts/terraform.nix @@ -1,137 +1,140 @@ +{ inputs, self, ... }@part-inputs: { - inputs, - self, - ... -} @ part-inputs: { - imports = []; - - perSystem = { - self', - pkgs, - lib, - system, - inputs', - ... - }: let - # the providers to be available for terraform - # see "nixpkgs/pkgs/applications/networking/cluster/terraform-providers/providers.json" - terraformPluginsPredicate = p: [ - p.hcloud - # p.kubernetes - # p.nomad - # p.null - # p.local - p.random - # p.template - # p.tls - # p.tfe - p.vault - p.sops - p.github - ]; - # terraform = pkgs.terraform.withPlugins terraformPluginsPredicate; - terraform = pkgs.opentofu; - - # push the current configuration to terraform cloud - # https://developer.hashicorp.com/terraform/cloud-docs/run/api#pushing-a-new-configuration-version - push-configuration = let - jq = "${pkgs.jq}/bin/jq"; - curl = "${pkgs.curl}/bin/curl"; - terraform-cli = "${self'.packages.terraform}/bin/terraform"; + imports = [ ]; + + perSystem = + { + self', + pkgs, + lib, + system, + inputs', + ... + }: + let + # the providers to be available for terraform + # see "nixpkgs/pkgs/applications/networking/cluster/terraform-providers/providers.json" + terraformPluginsPredicate = p: [ + p.hcloud + # p.kubernetes + # p.nomad + # p.null + # p.local + p.random + # p.template + # p.tls + # p.tfe + p.vault + p.sops + p.github + ]; + # terraform = pkgs.terraform.withPlugins terraformPluginsPredicate; + terraform = pkgs.opentofu; + + # push the current configuration to terraform cloud + # https://developer.hashicorp.com/terraform/cloud-docs/run/api#pushing-a-new-configuration-version + push-configuration = + let + jq = "${pkgs.jq}/bin/jq"; + curl = "${pkgs.curl}/bin/curl"; + terraform-cli = "${self'.packages.terraform}/bin/terraform"; + in + pkgs.writeShellScriptBin "tfcloud-push" '' + set -euo pipefail + # accept the configuration name as the first argument + + # get the configuration name + configurationName="$1" + shift + # get the workspace name + workspaceName="$1" + shift + + # organization name (from env) + : ''${TFE_ORG?"TFE_ORG must be set"} + # tfcloud token (from env) + : ''${TFE_TOKEN?"TFE_TOKEN must be set"} + # tfcloud url (from env, defaults to app.terraform.io) + if [ -z "''${TFE_URL:-}" ]; then + TFE_URL="app.terraform.io" + fi + + echo "TFE_ORG: $TFE_ORG" + echo "TFE_URL: $TFE_URL" + + # the configuration will be pushed inside a tarball + file_name="./content-$(date +%s).tar.gz" + + # settings for the configuration version to be created + echo '{"data":{"type":"configuration-versions"}}' > ./create_config_version.json + + __cleanup () + { + # remove the tarball + rm $file_name + # remove the json file + rm ./create_config_version.json + # return to the original directory + popd + } + + # navigate to the top-level directory before executing the terraform command + pushd $(git rev-parse --show-toplevel) + + # trap cleanup on exit + trap __cleanup EXIT + + # place the configuration's directory into a tarball + nix build .#terraformConfiguration/$configurationName + tar -zcvf $file_name -C ./result . + + # lookup the workspace id + workspace_id=($(curl \ + --header "Authorization: Bearer $TFE_TOKEN" \ + --header "Content-Type: application/vnd.api+json" \ + https://''$TFE_URL/api/v2/organizations/$TFE_ORG/workspaces/''$workspaceName \ + | ${jq} -r '.data.id')) + + # create a new configuration version + upload_url=($(curl \ + --header "Authorization: Bearer $TFE_TOKEN" \ + --header "Content-Type: application/vnd.api+json" \ + --request POST \ + --data @create_config_version.json \ + https://''$TFE_URL/api/v2/workspaces/$workspace_id/configuration-versions \ + | ${jq} -r '.data.attributes."upload-url"')) + + # finally, upload the configuration content to the newly created configuration version + echo "upload_url: $upload_url" + curl \ + --header "Content-Type: application/octet-stream" \ + --request PUT \ + --data-binary @"$file_name" \ + $upload_url + + ''; in - pkgs.writeShellScriptBin "tfcloud-push" '' - set -euo pipefail - # accept the configuration name as the first argument - - # get the configuration name - configurationName="$1" - shift - # get the workspace name - workspaceName="$1" - shift - - # organization name (from env) - : ''${TFE_ORG?"TFE_ORG must be set"} - # tfcloud token (from env) - : ''${TFE_TOKEN?"TFE_TOKEN must be set"} - # tfcloud url (from env, defaults to app.terraform.io) - if [ -z "''${TFE_URL:-}" ]; then - TFE_URL="app.terraform.io" - fi - - echo "TFE_ORG: $TFE_ORG" - echo "TFE_URL: $TFE_URL" - - # the configuration will be pushed inside a tarball - file_name="./content-$(date +%s).tar.gz" - - # settings for the configuration version to be created - echo '{"data":{"type":"configuration-versions"}}' > ./create_config_version.json - - __cleanup () - { - # remove the tarball - rm $file_name - # remove the json file - rm ./create_config_version.json - # return to the original directory - popd - } - - # navigate to the top-level directory before executing the terraform command - pushd $(git rev-parse --show-toplevel) - - # trap cleanup on exit - trap __cleanup EXIT - - # place the configuration's directory into a tarball - nix build .#terraformConfiguration/$configurationName - tar -zcvf $file_name -C ./result . - - # lookup the workspace id - workspace_id=($(curl \ - --header "Authorization: Bearer $TFE_TOKEN" \ - --header "Content-Type: application/vnd.api+json" \ - https://''$TFE_URL/api/v2/organizations/$TFE_ORG/workspaces/''$workspaceName \ - | ${jq} -r '.data.id')) - - # create a new configuration version - upload_url=($(curl \ - --header "Authorization: Bearer $TFE_TOKEN" \ - --header "Content-Type: application/vnd.api+json" \ - --request POST \ - --data @create_config_version.json \ - https://''$TFE_URL/api/v2/workspaces/$workspace_id/configuration-versions \ - | ${jq} -r '.data.attributes."upload-url"')) - - # finally, upload the configuration content to the newly created configuration version - echo "upload_url: $upload_url" - curl \ - --header "Content-Type: application/octet-stream" \ - --request PUT \ - --data-binary @"$file_name" \ - $upload_url - - ''; - in rec { - packages = { - # expose terraform with the pinned providers - inherit terraform; - inherit push-configuration; - }; - - apps = let - jq = "${pkgs.jq}/bin/jq"; - - # print the list of pinnable terraform providers from nixpkgs - terraform-provider-pins = pkgs.writeShellScriptBin "terraform-provider-pins" '' - cat ${inputs.nixpkgs}/pkgs/applications/networking/cluster/terraform-providers/providers.json - ''; - in { - printTerraformProviders = { - type = "app"; - program = pkgs.lib.getExe terraform-provider-pins; + rec { + packages = { + # expose terraform with the pinned providers + inherit terraform; + inherit push-configuration; }; + + apps = + let + jq = "${pkgs.jq}/bin/jq"; + + # print the list of pinnable terraform providers from nixpkgs + terraform-provider-pins = pkgs.writeShellScriptBin "terraform-provider-pins" '' + cat ${inputs.nixpkgs}/pkgs/applications/networking/cluster/terraform-providers/providers.json + ''; + in + { + printTerraformProviders = { + type = "app"; + program = pkgs.lib.getExe terraform-provider-pins; + }; + }; }; - }; } diff --git a/flake-parts/terraformConfiguration.nix b/flake-parts/terraformConfiguration.nix index 5328ab3..337f171 100644 --- a/flake-parts/terraformConfiguration.nix +++ b/flake-parts/terraformConfiguration.nix @@ -3,24 +3,29 @@ self, lib, ... -}: { - imports = []; +}: +{ + imports = [ ]; - perSystem = { - self', - pkgs, - lib, - system, - inputs', - ... - }: { - thoenix.terraformConfigurations = { - enable = true; + perSystem = + { + self', + pkgs, + lib, + system, + inputs', + ... + }: + { + thoenix.terraformConfigurations = { + enable = true; - configDirectory = ../terraform/configurations; - extraArgs = {inherit (self'.packages) nomadJobs;}; + configDirectory = ../terraform/configurations; + extraArgs = { + inherit (self'.packages) nomadJobs; + }; - terranixModules = lib.mapAttrsToList (name: value: value) self.terraformModules; + terranixModules = lib.mapAttrsToList (name: value: value) self.terraformModules; + }; }; - }; } diff --git a/flake.nix b/flake.nix index 587abcf..cf2df3d 100644 --- a/flake.nix +++ b/flake.nix @@ -118,16 +118,16 @@ }; }; - outputs = { - self, - flake-parts, - ... - } @ inputs: - flake-parts.lib.mkFlake {inherit inputs;} { + outputs = + { self, flake-parts, ... }@inputs: + flake-parts.lib.mkFlake { inherit inputs; } { flake = { homeModules = import ./home/modules inputs; }; - systems = ["x86_64-linux" "aarch64-linux"]; + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; imports = [ inputs.thoenix.flakeModule inputs.thoenix.customOutputModule diff --git a/home/configurations/justin@alex/default.nix b/home/configurations/justin@alex/default.nix index 23b2623..a5ac938 100644 --- a/home/configurations/justin@alex/default.nix +++ b/home/configurations/justin@alex/default.nix @@ -1,6 +1,8 @@ -_inputs: {pkgs, ...}: { +_inputs: +{ pkgs, ... }: +{ config = { - activeProfiles = ["development"]; + activeProfiles = [ "development" ]; home.stateVersion = "21.11"; }; } diff --git a/home/configurations/justin@bunky/default.nix b/home/configurations/justin@bunky/default.nix index 23b2623..a5ac938 100644 --- a/home/configurations/justin@bunky/default.nix +++ b/home/configurations/justin@bunky/default.nix @@ -1,6 +1,8 @@ -_inputs: {pkgs, ...}: { +_inputs: +{ pkgs, ... }: +{ config = { - activeProfiles = ["development"]; + activeProfiles = [ "development" ]; home.stateVersion = "21.11"; }; } diff --git a/home/configurations/justin@ceylon/default.nix b/home/configurations/justin@ceylon/default.nix index 23b2623..a5ac938 100644 --- a/home/configurations/justin@ceylon/default.nix +++ b/home/configurations/justin@ceylon/default.nix @@ -1,6 +1,8 @@ -_inputs: {pkgs, ...}: { +_inputs: +{ pkgs, ... }: +{ config = { - activeProfiles = ["development"]; + activeProfiles = [ "development" ]; home.stateVersion = "21.11"; }; } diff --git a/home/configurations/justin@eunomia/default.nix b/home/configurations/justin@eunomia/default.nix index cf6c847..b9c44e6 100644 --- a/home/configurations/justin@eunomia/default.nix +++ b/home/configurations/justin@eunomia/default.nix @@ -1,6 +1,16 @@ -{comma, ...} @ inputs: {pkgs, ...}: { +{ comma, ... }@inputs: +{ pkgs, ... }: +{ config = { - activeProfiles = ["development" "browsing" "gaming" "graphical" "design" "work" "media"]; + activeProfiles = [ + "development" + "browsing" + "gaming" + "graphical" + "design" + "work" + "media" + ]; programs = { obs-studio.enable = true; @@ -70,9 +80,7 @@ packages = with pkgs; [ rofi - (dwarf-fortress-packages.dwarf-fortress-full.override { - enableIntro = false; - }) + (dwarf-fortress-packages.dwarf-fortress-full.override { enableIntro = false; }) comma.packages.x86_64-linux.default alejandra prismlauncher @@ -91,9 +99,7 @@ pkgs.pavucontrol pkgs.tokei - (pkgs.lutris.override { - extraLibraries = pkgs: []; - }) + (pkgs.lutris.override { extraLibraries = pkgs: [ ]; }) ]; stateVersion = "22.11"; diff --git a/home/configurations/justin@huginn/default.nix b/home/configurations/justin@huginn/default.nix index 23b2623..a5ac938 100644 --- a/home/configurations/justin@huginn/default.nix +++ b/home/configurations/justin@huginn/default.nix @@ -1,6 +1,8 @@ -_inputs: {pkgs, ...}: { +_inputs: +{ pkgs, ... }: +{ config = { - activeProfiles = ["development"]; + activeProfiles = [ "development" ]; home.stateVersion = "21.11"; }; } diff --git a/home/configurations/justin@manusya/default.nix b/home/configurations/justin@manusya/default.nix index 42817a5..2a6eff5 100644 --- a/home/configurations/justin@manusya/default.nix +++ b/home/configurations/justin@manusya/default.nix @@ -1,13 +1,21 @@ -_: {pkgs, ...}: { +_: +{ pkgs, ... }: +{ config = { - activeProfiles = ["development" "browsing" "gaming" "graphical" "design" "work" "media"]; + activeProfiles = [ + "development" + "browsing" + "gaming" + "graphical" + "design" + "work" + "media" + ]; home = { packages = with pkgs; [ rofi - (dwarf-fortress-packages.dwarf-fortress-full.override { - enableIntro = false; - }) + (dwarf-fortress-packages.dwarf-fortress-full.override { enableIntro = false; }) ]; stateVersion = "22.05"; }; diff --git a/home/configurations/justin@pyxis/default.nix b/home/configurations/justin@pyxis/default.nix index 23b2623..a5ac938 100644 --- a/home/configurations/justin@pyxis/default.nix +++ b/home/configurations/justin@pyxis/default.nix @@ -1,6 +1,8 @@ -_inputs: {pkgs, ...}: { +_inputs: +{ pkgs, ... }: +{ config = { - activeProfiles = ["development"]; + activeProfiles = [ "development" ]; home.stateVersion = "21.11"; }; } diff --git a/home/modules/misc/home/default.nix b/home/modules/misc/home/default.nix index eec752f..1ab3002 100644 --- a/home/modules/misc/home/default.nix +++ b/home/modules/misc/home/default.nix @@ -1,9 +1,11 @@ -{nixpkgs, ...}: { +{ nixpkgs, ... }: +{ config, pkgs, lib, ... -}: { +}: +{ profiles.base.enable = true; fonts.fontconfig.enable = true; } diff --git a/home/modules/profiles/base/default.nix b/home/modules/profiles/base/default.nix index 6791f73..641f38a 100644 --- a/home/modules/profiles/base/default.nix +++ b/home/modules/profiles/base/default.nix @@ -1,9 +1,11 @@ -{self, ...}: { +{ self, ... }: +{ config, lib, pkgs, ... -}: let +}: +let cfg = config.profiles.base; shellAliases = { @@ -16,7 +18,8 @@ VISUAL = "nvim"; SHELL = "${pkgs.zsh}/bin/zsh"; }; -in { +in +{ options.profiles.base = { enable = lib.mkEnableOption "base profile"; }; diff --git a/home/modules/profiles/browsing/default.nix b/home/modules/profiles/browsing/default.nix index d38ca80..33ada5e 100644 --- a/home/modules/profiles/browsing/default.nix +++ b/home/modules/profiles/browsing/default.nix @@ -1,13 +1,16 @@ -{self, ...}: { +{ self, ... }: +{ config, lib, pkgs, ... -}: let +}: +let cfg = config.profiles.browsing; inherit (config.home) username; -in { +in +{ options.profiles.browsing = { enable = lib.mkEnableOption "browsing profile"; }; @@ -18,8 +21,6 @@ in { inherit username; }; - home.packages = with pkgs; [ - brave - ]; + home.packages = with pkgs; [ brave ]; }; } diff --git a/home/modules/profiles/default.nix b/home/modules/profiles/default.nix index 3ac77e2..4612608 100644 --- a/home/modules/profiles/default.nix +++ b/home/modules/profiles/default.nix @@ -1,14 +1,14 @@ -_: { - config, - lib, - ... -}: let - profileEnabler = let - reducer = l: r: {"${r}".enable = true;} // l; - in - builtins.foldl' reducer {} config.activeProfiles; -in { - options.activeProfiles = lib.mkOption {type = lib.types.listOf lib.types.str;}; +_: +{ config, lib, ... }: +let + profileEnabler = + let + reducer = l: r: { "${r}".enable = true; } // l; + in + builtins.foldl' reducer { } config.activeProfiles; +in +{ + options.activeProfiles = lib.mkOption { type = lib.types.listOf lib.types.str; }; config.profiles = profileEnabler; } diff --git a/home/modules/profiles/design/default.nix b/home/modules/profiles/design/default.nix index ed5c28a..647d270 100644 --- a/home/modules/profiles/design/default.nix +++ b/home/modules/profiles/design/default.nix @@ -1,11 +1,14 @@ -{self, ...}: { +{ self, ... }: +{ config, lib, pkgs, ... -}: let +}: +let cfg = config.profiles.design; -in { +in +{ options.profiles.design = { enable = lib.mkEnableOption "design profile"; }; diff --git a/home/modules/profiles/development/default.nix b/home/modules/profiles/development/default.nix index bdb983a..8d6a294 100644 --- a/home/modules/profiles/development/default.nix +++ b/home/modules/profiles/development/default.nix @@ -1,21 +1,25 @@ -{self, ...} @ inputs: { +{ self, ... }@inputs: +{ config, lib, pkgs, specialArgs, ... -}: let +}: +let cfg = config.profiles.development; -in { +in +{ options.profiles.development = { enable = lib.mkEnableOption "development profile"; }; - config = let - full_name = "Justin Rubek"; - email = "25621857+justinrubek@users.noreply.github.com"; - name = specialArgs.username; - in + config = + let + full_name = "Justin Rubek"; + email = "25621857+justinrubek@users.noreply.github.com"; + name = specialArgs.username; + in lib.mkIf cfg.enable { programs = { git = { diff --git a/home/modules/profiles/gaming/default.nix b/home/modules/profiles/gaming/default.nix index 8cdb593..3e79c2e 100644 --- a/home/modules/profiles/gaming/default.nix +++ b/home/modules/profiles/gaming/default.nix @@ -1,11 +1,14 @@ -{self, ...}: { +{ self, ... }: +{ config, lib, pkgs, ... -}: let +}: +let cfg = config.profiles.gaming; -in { +in +{ options.profiles.gaming = { enable = lib.mkEnableOption "gaming profile"; }; diff --git a/home/modules/profiles/graphical/default.nix b/home/modules/profiles/graphical/default.nix index db33ee6..ef8c2b4 100644 --- a/home/modules/profiles/graphical/default.nix +++ b/home/modules/profiles/graphical/default.nix @@ -1,11 +1,14 @@ -{self, ...}: { +{ self, ... }: +{ config, lib, pkgs, ... -}: let +}: +let cfg = config.profiles.graphical; -in { +in +{ options.profiles.graphical = { enable = lib.mkEnableOption "graphical profile"; }; diff --git a/home/modules/profiles/media/default.nix b/home/modules/profiles/media/default.nix index a2ffb9a..8c2bd42 100644 --- a/home/modules/profiles/media/default.nix +++ b/home/modules/profiles/media/default.nix @@ -1,11 +1,14 @@ -{self, ...}: { +{ self, ... }: +{ config, lib, pkgs, ... -}: let +}: +let cfg = config.profiles.media; -in { +in +{ options.profiles.media = { enable = lib.mkEnableOption "media profile"; }; diff --git a/home/modules/profiles/work/default.nix b/home/modules/profiles/work/default.nix index 60aac41..af8c8dc 100644 --- a/home/modules/profiles/work/default.nix +++ b/home/modules/profiles/work/default.nix @@ -1,18 +1,17 @@ -{self, ...}: { +{ self, ... }: +{ config, lib, pkgs, ... -}: let +}: +let cfg = config.profiles.work; -in { +in +{ options.profiles.work = { enable = lib.mkEnableOption "work profile"; }; - config = lib.mkIf cfg.enable { - home.packages = with pkgs; [ - slack - ]; - }; + config = lib.mkIf cfg.enable { home.packages = with pkgs; [ slack ]; }; } diff --git a/home/modules/programs/eww/default.nix b/home/modules/programs/eww/default.nix index 08a6d33..5d36eae 100644 --- a/home/modules/programs/eww/default.nix +++ b/home/modules/programs/eww/default.nix @@ -1,9 +1,11 @@ -inputs: { +inputs: +{ config, lib, pkgs, ... -}: let +}: +let cfg = config.justinrubek.programs.eww; dependencies = [ @@ -40,7 +42,8 @@ inputs: { pkgs.wlogout pkgs.wofi ]; -in { +in +{ options.justinrubek.programs.eww = { enable = lib.mkEnableOption "Enable eww bars"; }; @@ -55,14 +58,14 @@ in { systemd.user.services.eww = { Unit = { Description = "Eww Daemon"; - PartOf = ["graphical-session.target"]; + PartOf = [ "graphical-session.target" ]; }; Service = { Environment = "PATH=/run/wrappers/bin:${lib.makeBinPath dependencies}"; ExecStart = "${config.programs.eww.package}/bin/eww daemon --no-daemonize"; Restart = "on-failure"; }; - Install.WantedBy = ["graphical-session.target"]; + Install.WantedBy = [ "graphical-session.target" ]; }; }; } diff --git a/home/modules/programs/firefox/config.nix b/home/modules/programs/firefox/config.nix index 8a59299..2fc8986 100644 --- a/home/modules/programs/firefox/config.nix +++ b/home/modules/programs/firefox/config.nix @@ -1,4 +1,6 @@ -flake-inputs: {pkgs, ...}: username: { +flake-inputs: +{ pkgs, ... }: +username: { enable = true; profiles.${username} = { diff --git a/home/modules/programs/firefox/default.nix b/home/modules/programs/firefox/default.nix index 94b0323..388dd5d 100644 --- a/home/modules/programs/firefox/default.nix +++ b/home/modules/programs/firefox/default.nix @@ -1,13 +1,16 @@ -flake-inputs: { +flake-inputs: +{ config, lib, pkgs, ... -} @ inputs: let +}@inputs: +let firefoxEnabled = config.programs.ufirefox.enable; inherit (config.programs.ufirefox) username; -in { +in +{ options.programs.ufirefox = { enable = lib.mkEnableOption "Enable firefox"; diff --git a/home/modules/programs/pijul/default.nix b/home/modules/programs/pijul/default.nix index 62bfbcb..d0ef383 100644 --- a/home/modules/programs/pijul/default.nix +++ b/home/modules/programs/pijul/default.nix @@ -1,11 +1,14 @@ -inputs: { +inputs: +{ config, lib, pkgs, ... -}: let +}: +let cfg = config.justinrubek.programs.pijul; -in { +in +{ options.justinrubek.programs.pijul = { enable = lib.mkEnableOption "Enable pijul"; @@ -34,9 +37,7 @@ in { }; config = lib.mkIf cfg.enable { - home.packages = [ - cfg.package - ]; + home.packages = [ cfg.package ]; xdg.configFile."pijul/config.toml".source = pkgs.writeText "pijul-config" '' [author] diff --git a/home/modules/wayland/common/default.nix b/home/modules/wayland/common/default.nix index 49139e0..ace0537 100644 --- a/home/modules/wayland/common/default.nix +++ b/home/modules/wayland/common/default.nix @@ -1,11 +1,14 @@ -_: { +_: +{ config, lib, pkgs, ... -} @ inputs: let +}@inputs: +let cfg = config.justinrubek.wayland.common; -in { +in +{ options.justinrubek.wayland.common = { enable = lib.mkEnableOption "Enable common wayland configuration"; @@ -27,7 +30,7 @@ in { systemd.user.targets.tray = lib.mkIf cfg.faketray.enable { Unit = { Description = "Home Manager System Tray"; - Requires = ["graphical-session-pre.target"]; + Requires = [ "graphical-session-pre.target" ]; }; }; }; diff --git a/home/modules/wayland/swaylock/default.nix b/home/modules/wayland/swaylock/default.nix index 740972b..d11719e 100644 --- a/home/modules/wayland/swaylock/default.nix +++ b/home/modules/wayland/swaylock/default.nix @@ -1,11 +1,14 @@ -_: { +_: +{ config, lib, pkgs, ... -} @ inputs: let +}@inputs: +let cfg = config.justinrubek.wayland.swaylock; -in { +in +{ options.justinrubek.wayland.swaylock = { enable = lib.mkEnableOption "Enable swaylock"; diff --git a/home/modules/windowing/hyprland/default.nix b/home/modules/windowing/hyprland/default.nix index bb0d02d..b71d838 100644 --- a/home/modules/windowing/hyprland/default.nix +++ b/home/modules/windowing/hyprland/default.nix @@ -1,9 +1,11 @@ -_: { +_: +{ config, lib, pkgs, ... -} @ inputs: let +}@inputs: +let cfg = config.justinrubek.windowing.hyprland; colors = { @@ -20,7 +22,8 @@ _: { launcher = "wofi --show drun --style ${./wofi-style.css}"; emoji = "${pkgs.wofi-emoji}/bin/wofi-emoji"; }; -in { +in +{ options.justinrubek.windowing.hyprland = { enable = lib.mkEnableOption "Enable hyprland configuration"; }; @@ -115,21 +118,23 @@ in { "$mod SHIFT, bracketright, focusmonitor, r" ] ++ (builtins.genList ( - x: let - s = toString x; - in '' - bind = $mod, ${s}, workspace, ${s} - '' - ) - 10) + x: + let + s = toString x; + in + '' + bind = $mod, ${s}, workspace, ${s} + '' + ) 10) ++ (builtins.genList ( - x: let - s = toString x; - in '' - bind = $mod SHIFT, ${s}, movetoworkspace, ${s} - '' - ) - 10); + x: + let + s = toString x; + in + '' + bind = $mod SHIFT, ${s}, movetoworkspace, ${s} + '' + ) 10); bindl = [ ", XF86AudioPlay, exec, playerctl play-pause" ", XF86AudioStop, exec, playerctl stop" @@ -165,9 +170,7 @@ in { pseudotile = true; preserve_split = true; }; - exec-once = [ - "waybar" - ]; + exec-once = [ "waybar" ]; general = { border_size = 2; gaps_in = 5; diff --git a/home/modules/windowing/waybar/default.nix b/home/modules/windowing/waybar/default.nix index da0a073..d491b30 100644 --- a/home/modules/windowing/waybar/default.nix +++ b/home/modules/windowing/waybar/default.nix @@ -1,11 +1,14 @@ -_: { +_: +{ config, lib, pkgs, ... -} @ inputs: let +}@inputs: +let cfg = config.justinrubek.windowing.waybar; -in { +in +{ options.justinrubek.windowing.waybar = { enable = lib.mkEnableOption "Enable waybar configuration"; }; @@ -22,9 +25,18 @@ in { "HDMI-A-1" "DP-1" ]; - modules-left = ["hyprland/workspaces" "tray"]; - modules-center = ["hyprland/window"]; - modules-right = ["temperature" "memory" "pulseaudio" "clock#date" "clock#time"]; + modules-left = [ + "hyprland/workspaces" + "tray" + ]; + modules-center = [ "hyprland/window" ]; + modules-right = [ + "temperature" + "memory" + "pulseaudio" + "clock#date" + "clock#time" + ]; "clock#date" = { format = "{:%Y-%m-%d}"; @@ -53,8 +65,20 @@ in { all-outputs = true; on-click = "activate"; persistent-workspaces = { - "DP-1" = [1 2 3 4 5]; - "HDMI-A-1" = [6 7 8 9 10]; + "DP-1" = [ + 1 + 2 + 3 + 4 + 5 + ]; + "HDMI-A-1" = [ + 6 + 7 + 8 + 9 + 10 + ]; }; window-rewrite = { "class" = ""; diff --git a/home/modules/windowing/xmonad/default.nix b/home/modules/windowing/xmonad/default.nix index 8ef944f..ea0241d 100644 --- a/home/modules/windowing/xmonad/default.nix +++ b/home/modules/windowing/xmonad/default.nix @@ -1,11 +1,14 @@ -_: { +_: +{ config, lib, pkgs, ... -} @ inputs: let +}@inputs: +let cfg = config.justinrubek.windowing.xmonad; -in { +in +{ options.justinrubek.windowing.xmonad = { enable = lib.mkEnableOption "Enable xmonad"; }; diff --git a/lib/nixos_system.nix b/lib/nixos_system.nix index a7779aa..0ec5a8c 100644 --- a/lib/nixos_system.nix +++ b/lib/nixos_system.nix @@ -1,15 +1,17 @@ -input @ { +input@{ self, inputs, config, ... -}: { +}: +{ # The input to the custom nixosSystem function modules, name, system, ... -}: let +}: +let ### ### Configure a nixosSystem call with default values ### including this flake's custom modules, modules specified, @@ -41,10 +43,10 @@ input @ { ++ builtins.attrValues self.nixosModules ++ builtins.attrValues self.modules; in - inputs.nixpkgs.lib.nixosSystem { - inherit system; - modules = finalModules; - specialArgs = { - flakeRootPath = ../.; - }; - } +inputs.nixpkgs.lib.nixosSystem { + inherit system; + modules = finalModules; + specialArgs = { + flakeRootPath = ../.; + }; +} diff --git a/modules/default.nix b/modules/default.nix index 967991a..401c7b8 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,11 +1,6 @@ +{ inputs, self, ... }: { - inputs, - self, - ... -}: { - imports = [ - ]; + imports = [ ]; - flake.modules = { - }; + flake.modules = { }; } diff --git a/nixos/configurations/alex/default.nix b/nixos/configurations/alex/default.nix index db94e02..1e6360a 100644 --- a/nixos/configurations/alex/default.nix +++ b/nixos/configurations/alex/default.nix @@ -1,19 +1,22 @@ -{nixpkgs, ...} @ inputs: { +{ nixpkgs, ... }@inputs: +{ config, pkgs, lib, ... -}: { - imports = [ - ./hardware.nix - ]; +}: +{ + imports = [ ./hardware.nix ]; services.justinrubek.postgresql = { enable = true; package = inputs.nix-postgres.packages.${pkgs.system}."psql_15/bin"; port = 5435; - ensureDatabases = ["lockpad" "annapurna"]; + ensureDatabases = [ + "lockpad" + "annapurna" + ]; ensureUsers = [ { name = "annapurna"; @@ -61,7 +64,10 @@ justin = { isNormalUser = true; description = "Justin"; - extraGroups = ["networkmanager" "wheel"]; + extraGroups = [ + "networkmanager" + "wheel" + ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ @@ -91,9 +97,7 @@ # networking.firewall.allowedUDPPorts = [ ... ]; networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { - allowedTCPPorts = [ - config.services.justinrubek.postgresql.port - ]; + allowedTCPPorts = [ config.services.justinrubek.postgresql.port ]; }; # Or disable the firewall altogether. diff --git a/nixos/configurations/alex/hardware.nix b/nixos/configurations/alex/hardware.nix index df61b5b..d13a576 100644 --- a/nixos/configurations/alex/hardware.nix +++ b/nixos/configurations/alex/hardware.nix @@ -5,7 +5,8 @@ modulesPath, flakeRootPath, ... -}: { +}: +{ imports = [ "${modulesPath}/profiles/minimal.nix" "${modulesPath}/profiles/qemu-guest.nix" @@ -31,7 +32,7 @@ enable = true; browser = true; - dataDir = ["/var/nfs/minio"]; + dataDir = [ "/var/nfs/minio" ]; rootCredentialsFile = config.sops.secrets."minio_env".path; listenAddress = "0.0.0.0:9000"; @@ -41,7 +42,7 @@ sops.secrets.minio_env = { sopsFile = "${flakeRootPath}/secrets/minio.yaml"; owner = config.systemd.services.serviceConfig.User or "root"; - restartUnits = ["minio.service"]; + restartUnits = [ "minio.service" ]; }; services.nfs.server = { @@ -54,27 +55,27 @@ ''; }; - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let - ports = [ - # NFS - 111 - 2049 - 4000 - 4001 - 4002 - 20048 - # minio - 9000 - 9001 - ]; - in { - allowedTCPPorts = ports; - allowedUDPPorts = ports; - }; + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = + let + ports = [ + # NFS + 111 + 2049 + 4000 + 4001 + 4002 + 20048 + # minio + 9000 + 9001 + ]; + in + { + allowedTCPPorts = ports; + allowedUDPPorts = ports; + }; - swapDevices = [ - {device = "/dev/disk/by-label/SWAP";} - ]; + swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/nixos/configurations/bunky/default.nix b/nixos/configurations/bunky/default.nix index 8843aff..9d5b5e4 100644 --- a/nixos/configurations/bunky/default.nix +++ b/nixos/configurations/bunky/default.nix @@ -1,12 +1,12 @@ -{nixpkgs, ...} @ inputs: { +{ nixpkgs, ... }@inputs: +{ config, pkgs, lib, ... -}: { - imports = [ - ./hardware.nix - ]; +}: +{ + imports = [ ./hardware.nix ]; # Linux kernel @@ -58,7 +58,10 @@ justin = { isNormalUser = true; description = "Justin"; - extraGroups = ["networkmanager" "wheel"]; + extraGroups = [ + "networkmanager" + "wheel" + ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ @@ -74,8 +77,7 @@ # List packages installed in system profile. To search, run: # $ nix search wget - environment.systemPackages = with pkgs; [ - ]; + environment.systemPackages = with pkgs; [ ]; # services.openssh = { # enable = true; diff --git a/nixos/configurations/bunky/hardware.nix b/nixos/configurations/bunky/hardware.nix index ce16151..0b739a6 100644 --- a/nixos/configurations/bunky/hardware.nix +++ b/nixos/configurations/bunky/hardware.nix @@ -4,7 +4,8 @@ pkgs, modulesPath, ... -}: { +}: +{ imports = [ "${modulesPath}/profiles/minimal.nix" "${modulesPath}/profiles/qemu-guest.nix" @@ -18,9 +19,7 @@ }; }; - swapDevices = [ - {device = "/dev/disk/by-label/SWAP";} - ]; + swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/nixos/configurations/ceylon/default.nix b/nixos/configurations/ceylon/default.nix index e771c81..b7d168e 100644 --- a/nixos/configurations/ceylon/default.nix +++ b/nixos/configurations/ceylon/default.nix @@ -1,12 +1,12 @@ -{nixpkgs, ...} @ inputs: { +{ nixpkgs, ... }@inputs: +{ config, pkgs, lib, ... -}: { - imports = [ - ./hardware.nix - ]; +}: +{ + imports = [ ./hardware.nix ]; # Linux kernel @@ -58,7 +58,10 @@ justin = { isNormalUser = true; description = "Justin"; - extraGroups = ["networkmanager" "wheel"]; + extraGroups = [ + "networkmanager" + "wheel" + ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ @@ -74,8 +77,7 @@ # List packages installed in system profile. To search, run: # $ nix search wget - environment.systemPackages = with pkgs; [ - ]; + environment.systemPackages = with pkgs; [ ]; # services.openssh = { # enable = true; diff --git a/nixos/configurations/ceylon/hardware.nix b/nixos/configurations/ceylon/hardware.nix index ce16151..0b739a6 100644 --- a/nixos/configurations/ceylon/hardware.nix +++ b/nixos/configurations/ceylon/hardware.nix @@ -4,7 +4,8 @@ pkgs, modulesPath, ... -}: { +}: +{ imports = [ "${modulesPath}/profiles/minimal.nix" "${modulesPath}/profiles/qemu-guest.nix" @@ -18,9 +19,7 @@ }; }; - swapDevices = [ - {device = "/dev/disk/by-label/SWAP";} - ]; + swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/nixos/configurations/default.nix b/nixos/configurations/default.nix index bc370f3..61a3990 100644 --- a/nixos/configurations/default.nix +++ b/nixos/configurations/default.nix @@ -1,10 +1,12 @@ -_: let +_: +let sshModule = { justinrubek.administration = { enable = true; }; }; -in { +in +{ justinrubek.nixosConfigurations = { # physical machines manusya.system = "x86_64-linux"; @@ -13,29 +15,29 @@ in { # cloud servers bunky = { system = "x86_64-linux"; - modules = [sshModule]; + modules = [ sshModule ]; }; pyxis = { system = "x86_64-linux"; - modules = [sshModule]; + modules = [ sshModule ]; }; ceylon = { system = "x86_64-linux"; - modules = [sshModule]; + modules = [ sshModule ]; }; huginn = { system = "x86_64-linux"; - modules = [sshModule]; + modules = [ sshModule ]; }; alex = { system = "x86_64-linux"; - modules = [sshModule]; + modules = [ sshModule ]; }; # other hetzner-base = { system = "x86_64-linux"; - modules = [sshModule]; + modules = [ sshModule ]; }; }; } diff --git a/nixos/configurations/eunomia/bootloader.nix b/nixos/configurations/eunomia/bootloader.nix index 2d9bc7e..823eea9 100644 --- a/nixos/configurations/eunomia/bootloader.nix +++ b/nixos/configurations/eunomia/bootloader.nix @@ -5,10 +5,18 @@ # loader.efi.efiSysMountPoint = "/boot/efi"; initrd = { - availableKernelModules = ["nvme" "ahci" "thunderbolt" "xhci_pci" "usb_storage" "usbhid" "sd_mod"]; - kernelModules = ["amdgpu"]; + availableKernelModules = [ + "nvme" + "ahci" + "thunderbolt" + "xhci_pci" + "usb_storage" + "usbhid" + "sd_mod" + ]; + kernelModules = [ "amdgpu" ]; }; - kernelModules = ["kvm-amd"]; - extraModulePackages = []; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; }; } diff --git a/nixos/configurations/eunomia/default.nix b/nixos/configurations/eunomia/default.nix index cd0dd8a..7ef75c0 100644 --- a/nixos/configurations/eunomia/default.nix +++ b/nixos/configurations/eunomia/default.nix @@ -1,9 +1,11 @@ -{nixpkgs, ...} @ inputs: { +{ nixpkgs, ... }@inputs: +{ config, pkgs, lib, ... -}: { +}: +{ imports = [ ./bootloader.nix ./hardware.nix @@ -17,7 +19,10 @@ # kernelPackages = pkgs.linuxKernel.packages.linux_xanmod_latest; kernelPackages = pkgs.linuxKernel.packages.linux_xanmod; # kernelPackages = pkgs.zfs.latestCompatibleLinuxPackages; - supportedFilesystems = ["zfs" "ext4"]; + supportedFilesystems = [ + "zfs" + "ext4" + ]; zfs.package = pkgs.zfs_unstable; }; @@ -46,40 +51,43 @@ enable = false; # openFirewall = true; }; - pixiecore = let - netSystem = inputs.nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ({ - config, - pkgs, - lib, - modulesPath, - ... - }: { - imports = [ - "${inputs.nixpkgs}/nixos/modules/installer/netboot/netboot-minimal.nix" - ]; - config = { - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsUQZGQOH2kmQNeG/Ezmsv6A/70JUO8nLh9WaZ/o7DlmpYeEyUdloTazxpP9FjuRv7d7nzRqtQFOF74TBaDEAxR9/eHxX9zc5RfyE1RYeGWPGgnuHpxoTijh70ncTlU6sr0oqP7e24qeIy7pqWKQmV8RDOkr2etbnb5OpCHEsZJ0l0sPYQpYi0Ud8cM/HFCCVPeg21wVuxBX2rA4ze8+YgnPJZRnhtHZg7rAapvhiIfDAJ3xIweauCoz0vZdmANlUsg2AoOx9b2Ym6rGNmRrJUNZYcsNxmUHc1/oc1g9NZ7GoaMhfw0BHVJ0kyfE2glpJX9iu6WHWjbL+XM0QnCFrc3hbQc41zYQsMHcY/N/P5MW9Gj77Q9P/qRDbwlVOdoFw1bUpIoMgsJ95o5gv5mClHuBLZD3ZO5cyRfnjH4w0pt6EnWtbkORsT5A7ULOQOG8AOuBL3ok/yVTVAFV2yMbaEg1BM2By0U6hn9M6SGWuOiM1oMwvVFJWdmZsvPeTZqaU= justin" - ]; - }; - }) - ]; + pixiecore = + let + netSystem = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ( + { + config, + pkgs, + lib, + modulesPath, + ... + }: + { + imports = [ "${inputs.nixpkgs}/nixos/modules/installer/netboot/netboot-minimal.nix" ]; + config = { + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsUQZGQOH2kmQNeG/Ezmsv6A/70JUO8nLh9WaZ/o7DlmpYeEyUdloTazxpP9FjuRv7d7nzRqtQFOF74TBaDEAxR9/eHxX9zc5RfyE1RYeGWPGgnuHpxoTijh70ncTlU6sr0oqP7e24qeIy7pqWKQmV8RDOkr2etbnb5OpCHEsZJ0l0sPYQpYi0Ud8cM/HFCCVPeg21wVuxBX2rA4ze8+YgnPJZRnhtHZg7rAapvhiIfDAJ3xIweauCoz0vZdmANlUsg2AoOx9b2Ym6rGNmRrJUNZYcsNxmUHc1/oc1g9NZ7GoaMhfw0BHVJ0kyfE2glpJX9iu6WHWjbL+XM0QnCFrc3hbQc41zYQsMHcY/N/P5MW9Gj77Q9P/qRDbwlVOdoFw1bUpIoMgsJ95o5gv5mClHuBLZD3ZO5cyRfnjH4w0pt6EnWtbkORsT5A7ULOQOG8AOuBL3ok/yVTVAFV2yMbaEg1BM2By0U6hn9M6SGWuOiM1oMwvVFJWdmZsvPeTZqaU= justin" + ]; + }; + } + ) + ]; + }; + + inherit (netSystem.config.system) build; + in + { + enable = true; + mode = "boot"; + openFirewall = true; + kernel = "${build.kernel}/bzImage"; + initrd = "${build.netbootRamdisk}/initrd"; + cmdLine = "init=${build.toplevel}/init loglevel=4"; + debug = true; + dhcpNoBind = true; }; - - inherit (netSystem.config.system) build; - in { - enable = true; - mode = "boot"; - openFirewall = true; - kernel = "${build.kernel}/bzImage"; - initrd = "${build.netbootRamdisk}/initrd"; - cmdLine = "init=${build.toplevel}/init loglevel=4"; - debug = true; - dhcpNoBind = true; - }; }; # personal modules @@ -101,13 +109,19 @@ mediahost.enable = true; }; - users.groups.mediahost = {}; + users.groups.mediahost = { }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users = { justin = { isNormalUser = true; description = "Justin"; - extraGroups = ["networkmanager" "wheel" "docker" "input" "systemd-journal"]; + extraGroups = [ + "networkmanager" + "wheel" + "docker" + "input" + "systemd-journal" + ]; shell = pkgs.zsh; }; }; @@ -135,7 +149,7 @@ enable = true; wifi.scanRandMacAddress = false; }; - firewall.allowedTCPPorts = [8000]; + firewall.allowedTCPPorts = [ 8000 ]; firewall.interfaces.${config.services.tailscale.interfaceName} = { allowedTCPPorts = [ 3000 @@ -208,7 +222,7 @@ # enable fix for steam issues with xdg-desktop-portal xdg.portal = { enable = true; - extraPortals = [pkgs.xdg-desktop-portal-gtk]; + extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; }; hardware.ckb-next.enable = true; diff --git a/nixos/configurations/eunomia/hardware.nix b/nixos/configurations/eunomia/hardware.nix index 58cf014..e736907 100644 --- a/nixos/configurations/eunomia/hardware.nix +++ b/nixos/configurations/eunomia/hardware.nix @@ -4,10 +4,9 @@ pkgs, modulesPath, ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; +}: +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; fileSystems = { "/" = { @@ -32,7 +31,7 @@ }; }; - swapDevices = []; + swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -59,6 +58,6 @@ services = { blueman.enable = true; - xserver.videoDrivers = ["amdgpu"]; + xserver.videoDrivers = [ "amdgpu" ]; }; } diff --git a/nixos/configurations/hetzner-base/default.nix b/nixos/configurations/hetzner-base/default.nix index 509eeab..f39d1d8 100644 --- a/nixos/configurations/hetzner-base/default.nix +++ b/nixos/configurations/hetzner-base/default.nix @@ -1,12 +1,12 @@ -{nixpkgs, ...} @ inputs: { +{ nixpkgs, ... }@inputs: +{ config, pkgs, lib, ... -}: { - imports = [ - ./hardware.nix - ]; +}: +{ + imports = [ ./hardware.nix ]; # Linux kernel @@ -22,15 +22,18 @@ }; # personal modules - justinrubek = { - }; + justinrubek = { }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users = { justin = { isNormalUser = true; description = "Justin"; - extraGroups = ["networkmanager" "wheel" "docker"]; + extraGroups = [ + "networkmanager" + "wheel" + "docker" + ]; shell = pkgs.zsh; }; }; @@ -42,8 +45,7 @@ # List packages installed in system profile. To search, run: # $ nix search wget - environment.systemPackages = with pkgs; [ - ]; + environment.systemPackages = with pkgs; [ ]; # services.openssh = { # enable = true; diff --git a/nixos/configurations/hetzner-base/hardware.nix b/nixos/configurations/hetzner-base/hardware.nix index ce16151..0b739a6 100644 --- a/nixos/configurations/hetzner-base/hardware.nix +++ b/nixos/configurations/hetzner-base/hardware.nix @@ -4,7 +4,8 @@ pkgs, modulesPath, ... -}: { +}: +{ imports = [ "${modulesPath}/profiles/minimal.nix" "${modulesPath}/profiles/qemu-guest.nix" @@ -18,9 +19,7 @@ }; }; - swapDevices = [ - {device = "/dev/disk/by-label/SWAP";} - ]; + swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/nixos/configurations/huginn/default.nix b/nixos/configurations/huginn/default.nix index 724210b..7bdf790 100644 --- a/nixos/configurations/huginn/default.nix +++ b/nixos/configurations/huginn/default.nix @@ -1,12 +1,12 @@ -{nixpkgs, ...} @ inputs: { +{ nixpkgs, ... }@inputs: +{ config, pkgs, lib, ... -}: { - imports = [ - ./hardware.nix - ]; +}: +{ + imports = [ ./hardware.nix ]; # Linux kernel @@ -28,14 +28,8 @@ networks."10-wan" = { matchConfig.Name = "enp1s0"; networkConfig.DHCP = "ipv4"; - address = [ - "2a01:4ff:1f0:ad0a::1/64" - ]; - routes = [ - { - routeConfig.Gateway = "fe80::1"; - } - ]; + address = [ "2a01:4ff:1f0:ad0a::1/64" ]; + routes = [ { routeConfig.Gateway = "fe80::1"; } ]; }; }; @@ -57,7 +51,10 @@ justin = { isNormalUser = true; description = "Justin"; - extraGroups = ["networkmanager" "wheel"]; + extraGroups = [ + "networkmanager" + "wheel" + ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ @@ -73,8 +70,7 @@ # List packages installed in system profile. To search, run: # $ nix search wget - environment.systemPackages = with pkgs; [ - ]; + environment.systemPackages = with pkgs; [ ]; # services.openssh = { # enable = true; diff --git a/nixos/configurations/huginn/hardware.nix b/nixos/configurations/huginn/hardware.nix index ce16151..0b739a6 100644 --- a/nixos/configurations/huginn/hardware.nix +++ b/nixos/configurations/huginn/hardware.nix @@ -4,7 +4,8 @@ pkgs, modulesPath, ... -}: { +}: +{ imports = [ "${modulesPath}/profiles/minimal.nix" "${modulesPath}/profiles/qemu-guest.nix" @@ -18,9 +19,7 @@ }; }; - swapDevices = [ - {device = "/dev/disk/by-label/SWAP";} - ]; + swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/nixos/configurations/manusya/bootloader.nix b/nixos/configurations/manusya/bootloader.nix index 3b97f89..5d30207 100644 --- a/nixos/configurations/manusya/bootloader.nix +++ b/nixos/configurations/manusya/bootloader.nix @@ -8,10 +8,18 @@ }; }; initrd = { - availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod"]; - kernelModules = []; + availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + "sr_mod" + ]; + kernelModules = [ ]; }; - kernelModules = ["kvm-intel"]; - extraModulePackages = []; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; }; } diff --git a/nixos/configurations/manusya/default.nix b/nixos/configurations/manusya/default.nix index 12d5cde..e0b7998 100644 --- a/nixos/configurations/manusya/default.nix +++ b/nixos/configurations/manusya/default.nix @@ -1,9 +1,11 @@ -{nixpkgs, ...} @ inputs: { +{ nixpkgs, ... }@inputs: +{ config, pkgs, lib, ... -}: { +}: +{ imports = [ ./bootloader.nix ./hardware.nix @@ -41,7 +43,10 @@ justin = { isNormalUser = true; description = "Justin"; - extraGroups = ["networkmanager" "wheel"]; + extraGroups = [ + "networkmanager" + "wheel" + ]; }; }; @@ -90,7 +95,10 @@ networking = { networkmanager.enable = true; - nameservers = ["1.1.1.1" "9.9.9.9"]; + nameservers = [ + "1.1.1.1" + "9.9.9.9" + ]; firewall.allowedTCPPorts = [ 8080 8081 diff --git a/nixos/configurations/manusya/hardware.nix b/nixos/configurations/manusya/hardware.nix index ad4986c..88bb3ab 100644 --- a/nixos/configurations/manusya/hardware.nix +++ b/nixos/configurations/manusya/hardware.nix @@ -4,10 +4,9 @@ pkgs, modulesPath, ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; +}: +{ + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; fileSystems."/" = { device = "/dev/disk/by-uuid/8cebcf74-68af-4d6e-b8e1-16a63cef5c6c"; @@ -19,9 +18,7 @@ fsType = "vfat"; }; - swapDevices = [ - {device = "/dev/disk/by-uuid/46fcc499-a282-4cd0-b3ba-b78c94cf593b";} - ]; + swapDevices = [ { device = "/dev/disk/by-uuid/46fcc499-a282-4cd0-b3ba-b78c94cf593b"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -43,5 +40,8 @@ modesetting.enable = true; }; }; - services.xserver.videoDrivers = ["nvidia" "intel"]; + services.xserver.videoDrivers = [ + "nvidia" + "intel" + ]; } diff --git a/nixos/configurations/pyxis/default.nix b/nixos/configurations/pyxis/default.nix index 7b5612a..e14a359 100644 --- a/nixos/configurations/pyxis/default.nix +++ b/nixos/configurations/pyxis/default.nix @@ -1,12 +1,12 @@ -{nixpkgs, ...} @ inputs: { +{ nixpkgs, ... }@inputs: +{ config, pkgs, lib, ... -}: { - imports = [ - ./hardware.nix - ]; +}: +{ + imports = [ ./hardware.nix ]; # Linux kernel @@ -58,7 +58,10 @@ justin = { isNormalUser = true; description = "Justin"; - extraGroups = ["networkmanager" "wheel"]; + extraGroups = [ + "networkmanager" + "wheel" + ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ @@ -74,8 +77,7 @@ # List packages installed in system profile. To search, run: # $ nix search wget - environment.systemPackages = with pkgs; [ - ]; + environment.systemPackages = with pkgs; [ ]; # services.openssh = { # enable = true; diff --git a/nixos/configurations/pyxis/hardware.nix b/nixos/configurations/pyxis/hardware.nix index ce16151..0b739a6 100644 --- a/nixos/configurations/pyxis/hardware.nix +++ b/nixos/configurations/pyxis/hardware.nix @@ -4,7 +4,8 @@ pkgs, modulesPath, ... -}: { +}: +{ imports = [ "${modulesPath}/profiles/minimal.nix" "${modulesPath}/profiles/qemu-guest.nix" @@ -18,9 +19,7 @@ }; }; - swapDevices = [ - {device = "/dev/disk/by-label/SWAP";} - ]; + swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/nixos/modules/admin_ssh.nix b/nixos/modules/admin_ssh.nix index f7a0219..d4d8fc4 100644 --- a/nixos/modules/admin_ssh.nix +++ b/nixos/modules/admin_ssh.nix @@ -1,13 +1,16 @@ -_: { +_: +{ config, pkgs, lib, ... -}: let +}: +let cfg = config.justinrubek.administration; inherit (config.networking) hostName; -in { +in +{ options.justinrubek.administration = { enable = lib.mkEnableOption "enable admin related services"; }; @@ -17,7 +20,7 @@ in { users.users.admin = { name = "admin"; isNormalUser = true; - extraGroups = ["wheel"]; + extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCsUQZGQOH2kmQNeG/Ezmsv6A/70JUO8nLh9WaZ/o7DlmpYeEyUdloTazxpP9FjuRv7d7nzRqtQFOF74TBaDEAxR9/eHxX9zc5RfyE1RYeGWPGgnuHpxoTijh70ncTlU6sr0oqP7e24qeIy7pqWKQmV8RDOkr2etbnb5OpCHEsZJ0l0sPYQpYi0Ud8cM/HFCCVPeg21wVuxBX2rA4ze8+YgnPJZRnhtHZg7rAapvhiIfDAJ3xIweauCoz0vZdmANlUsg2AoOx9b2Ym6rGNmRrJUNZYcsNxmUHc1/oc1g9NZ7GoaMhfw0BHVJ0kyfE2glpJX9iu6WHWjbL+XM0QnCFrc3hbQc41zYQsMHcY/N/P5MW9Gj77Q9P/qRDbwlVOdoFw1bUpIoMgsJ95o5gv5mClHuBLZD3ZO5cyRfnjH4w0pt6EnWtbkORsT5A7ULOQOG8AOuBL3ok/yVTVAFV2yMbaEg1BM2By0U6hn9M6SGWuOiM1oMwvVFJWdmZsvPeTZqaU= justin" @@ -25,7 +28,7 @@ in { }; security.sudo.wheelNeedsPassword = false; - nix.settings.trusted-users = ["@wheel"]; + nix.settings.trusted-users = [ "@wheel" ]; services.getty.autologinUser = "admin"; diff --git a/nixos/modules/cachix/caches/hyprland.nix b/nixos/modules/cachix/caches/hyprland.nix index 7710d27..8149b03 100644 --- a/nixos/modules/cachix/caches/hyprland.nix +++ b/nixos/modules/cachix/caches/hyprland.nix @@ -1,10 +1,7 @@ +{ config, lib, ... }: { - config, - lib, - ... -}: { nix.settings = { - substituters = ["https://hyprland.cachix.org"]; - trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="]; + substituters = [ "https://hyprland.cachix.org" ]; + trusted-public-keys = [ "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ]; }; } diff --git a/nixos/modules/cachix/caches/justinrubek-garnix.nix b/nixos/modules/cachix/caches/justinrubek-garnix.nix index e2eaec7..21c8dbc 100644 --- a/nixos/modules/cachix/caches/justinrubek-garnix.nix +++ b/nixos/modules/cachix/caches/justinrubek-garnix.nix @@ -1,10 +1,7 @@ +{ config, lib, ... }: { - config, - lib, - ... -}: { nix = { - settings.substituters = ["https://cache.garnix.io"]; - settings.trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="]; + settings.substituters = [ "https://cache.garnix.io" ]; + settings.trusted-public-keys = [ "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" ]; }; } diff --git a/nixos/modules/cachix/caches/justinrubek.nix b/nixos/modules/cachix/caches/justinrubek.nix index ac660d1..8b55b84 100644 --- a/nixos/modules/cachix/caches/justinrubek.nix +++ b/nixos/modules/cachix/caches/justinrubek.nix @@ -1,10 +1,9 @@ +{ config, lib, ... }: { - config, - lib, - ... -}: { nix = { - settings.substituters = ["https://justinrubek.cachix.org"]; - settings.trusted-public-keys = ["justinrubek.cachix.org-1:rncFMMXairb7cvGWQVEKxyonhedpZw6smsFW2hARz0U="]; + settings.substituters = [ "https://justinrubek.cachix.org" ]; + settings.trusted-public-keys = [ + "justinrubek.cachix.org-1:rncFMMXairb7cvGWQVEKxyonhedpZw6smsFW2hARz0U=" + ]; }; } diff --git a/nixos/modules/cachix/caches/nix-community.nix b/nixos/modules/cachix/caches/nix-community.nix index 19bb2c5..f90dd1e 100644 --- a/nixos/modules/cachix/caches/nix-community.nix +++ b/nixos/modules/cachix/caches/nix-community.nix @@ -1,10 +1,9 @@ +{ config, lib, ... }: { - config, - lib, - ... -}: { nix = { - settings.substituters = ["https://nix-community.cachix.org"]; - settings.trusted-public-keys = ["nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="]; + settings.substituters = [ "https://nix-community.cachix.org" ]; + settings.trusted-public-keys = [ + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + ]; }; } diff --git a/nixos/modules/cachix/default.nix b/nixos/modules/cachix/default.nix index c419466..e806dbf 100644 --- a/nixos/modules/cachix/default.nix +++ b/nixos/modules/cachix/default.nix @@ -1,16 +1,19 @@ -_: { +_: +{ config, pkgs, lib, ... -}: let +}: +let folder = ./caches; toImport = name: value: folder + ("/" + name); filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key; imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder)); cfg = config.caches; -in { +in +{ options = { caches = { enable = lib.mkEnableOption "cache configuration"; @@ -18,11 +21,9 @@ in { }; config = lib.mkIf config.caches.enable { - nix.settings.substituters = ["https://cache.nixos.org/"]; + nix.settings.substituters = [ "https://cache.nixos.org/" ]; - environment.systemPackages = [ - pkgs.cachix - ]; + environment.systemPackages = [ pkgs.cachix ]; }; inherit imports; diff --git a/nixos/modules/cloudhost/hetzner/default.nix b/nixos/modules/cloudhost/hetzner/default.nix index dc98889..66d5435 100644 --- a/nixos/modules/cloudhost/hetzner/default.nix +++ b/nixos/modules/cloudhost/hetzner/default.nix @@ -1,14 +1,17 @@ -inputs: { +inputs: +{ config, pkgs, lib, ... -}: let +}: +let cfg = config.justinrubek.cloudhost.hetzner; # nixpkgs modules modulesPath = "${inputs.nixpkgs}/nixos/modules"; -in { +in +{ options.justinrubek.cloudhost.hetzner = { enable = lib.mkEnableOption "enable hetzner cloud modules"; }; @@ -27,10 +30,10 @@ in { # postDeviceCommands for systemd in stage-1 services.rollback = { description = "Rollback to empty snapshot"; - wantedBy = ["initrd.target"]; - after = ["zfs-import.target"]; - before = ["sysroot.mount"]; - path = [pkgs.zfs]; + wantedBy = [ "initrd.target" ]; + after = [ "zfs-import.target" ]; + before = [ "sysroot.mount" ]; + path = [ pkgs.zfs ]; unitConfig.DefaultDependencies = "no"; serviceConfig = { Type = "oneshot"; @@ -53,7 +56,10 @@ in { "vm.swappiness" = 10; }; - supportedFilesystems = ["zfs" "ext4"]; + supportedFilesystems = [ + "zfs" + "ext4" + ]; zfs.package = pkgs.zfs_unstable; tmp.useTmpfs = true; diff --git a/nixos/modules/consul/default.nix b/nixos/modules/consul/default.nix index d7c541d..f91b936 100644 --- a/nixos/modules/consul/default.nix +++ b/nixos/modules/consul/default.nix @@ -1,11 +1,14 @@ -{self, ...}: { +{ self, ... }: +{ config, pkgs, lib, ... -}: let +}: +let cfg = config.justinrubek.consul; -in { +in +{ options.justinrubek.consul = { enable = lib.mkEnableOption "run consul"; @@ -17,7 +20,7 @@ in { retry_join = lib.mkOption { type = lib.types.listOf lib.types.str; - default = []; + default = [ ]; description = "A list of nodes to join"; }; @@ -28,9 +31,10 @@ in { }; }; - config = let - tailscaleInterface = config.services.tailscale.interfaceName; - in + config = + let + tailscaleInterface = config.services.tailscale.interfaceName; + in lib.mkIf cfg.enable { services.consul = { enable = true; @@ -97,6 +101,6 @@ in { ]; }; - environment.systemPackages = [pkgs.consul]; + environment.systemPackages = [ pkgs.consul ]; }; } diff --git a/nixos/modules/containers.nix b/nixos/modules/containers.nix index ddcbc27..5e89a17 100644 --- a/nixos/modules/containers.nix +++ b/nixos/modules/containers.nix @@ -1,11 +1,14 @@ -_: { +_: +{ config, pkgs, lib, ... -}: let +}: +let cfg = config.justinrubek.development.containers; -in { +in +{ options.justinrubek.development.containers = { enable = lib.mkEnableOption "enable container tools"; @@ -16,27 +19,28 @@ in { }; }; - config = let - podmanConfig = lib.mkIf (!cfg.useDocker) { - virtualisation = { - podman = { - enable = true; - dockerCompat = true; + config = + let + podmanConfig = lib.mkIf (!cfg.useDocker) { + virtualisation = { + podman = { + enable = true; + dockerCompat = true; + }; }; }; - }; - dockerConfig = lib.mkIf cfg.useDocker { - virtualisation = { - docker = lib.mkIf cfg.useDocker { - enable = true; - autoPrune.enable = true; + dockerConfig = lib.mkIf cfg.useDocker { + virtualisation = { + docker = lib.mkIf cfg.useDocker { + enable = true; + autoPrune.enable = true; + }; }; - }; - # give docker access to all wheels - users.groups.docker.members = config.users.groups.wheel.members; - }; - in - lib.mkIf cfg.enable ({} // podmanConfig // dockerConfig); + # give docker access to all wheels + users.groups.docker.members = config.users.groups.wheel.members; + }; + in + lib.mkIf cfg.enable ({ } // podmanConfig // dockerConfig); } diff --git a/nixos/modules/data/postgres/default.nix b/nixos/modules/data/postgres/default.nix index 538e136..61d740a 100644 --- a/nixos/modules/data/postgres/default.nix +++ b/nixos/modules/data/postgres/default.nix @@ -1,35 +1,42 @@ -{self, ...}: { +{ self, ... }: +{ config, pkgs, lib, flakeRootPath, ... }: -with lib; let +with lib; +let cfg = config.services.justinrubek.postgresql; postgresql = cfg.package; - toStr = value: - if builtins.isBool value && value - then "yes" - else if builtins.isBool value && !value - then "no" - else if isString value - then "'${lib.replaceStrings ["'"] ["''"] value}'" - else toString value; + toStr = + value: + if builtins.isBool value && value then + "yes" + else if builtins.isBool value && !value then + "no" + else if isString value then + "'${lib.replaceStrings [ "'" ] [ "''" ] value}'" + else + toString value; # The main PostgreSQL configuration file. - configFile = pkgs.writeTextDir "postgresql.conf" (concatStringsSep "\n" (mapAttrsToList (n: v: "${n} = ${toStr v}") cfg.settings)); + configFile = pkgs.writeTextDir "postgresql.conf" ( + concatStringsSep "\n" (mapAttrsToList (n: v: "${n} = ${toStr v}") cfg.settings) + ); - configFileCheck = pkgs.runCommand "postgresql-configfile-check" {} '' + configFileCheck = pkgs.runCommand "postgresql-configfile-check" { } '' ${cfg.package}/bin/postgres -D${configFile} -C config_file >/dev/null touch $out ''; groupAccessAvailable = versionAtLeast postgresql.version "11.0"; -in { - imports = []; +in +{ + imports = [ ]; ###### interface @@ -105,8 +112,11 @@ in { initdbArgs = mkOption { type = with types; listOf str; - default = []; - example = ["--data-checksums" "--allow-group-access"]; + default = [ ]; + example = [ + "--data-checksums" + "--allow-group-access" + ]; description = lib.mdDoc '' Additional arguments passed to `initdb` during data dir initialisation. @@ -128,7 +138,7 @@ in { ensureDatabases = mkOption { type = types.listOf types.str; - default = []; + default = [ ]; description = lib.mdDoc '' Ensures that the specified databases exist. This option will never delete existing databases, especially not when the value of this @@ -142,202 +152,206 @@ in { }; ensureUsers = mkOption { - type = types.listOf (types.submodule { - options = { - name = mkOption { - type = types.str; - description = lib.mdDoc '' - Name of the user to ensure. - ''; - }; + type = types.listOf ( + types.submodule { + options = { + name = mkOption { + type = types.str; + description = lib.mdDoc '' + Name of the user to ensure. + ''; + }; - ensurePermissions = mkOption { - type = types.attrsOf types.str; - default = {}; - visible = false; # This option has been deprecated. - description = lib.mdDoc '' - This option is DEPRECATED and should not be used in nixpkgs anymore, - use `ensureDBOwnership` instead. It can also break with newer - versions of PostgreSQL (≥ 15). - - Permissions to ensure for the user, specified as an attribute set. - The attribute names specify the database and tables to grant the permissions for. - The attribute values specify the permissions to grant. You may specify one or - multiple comma-separated SQL privileges here. - - For more information on how to specify the target - and on which privileges exist, see the - [GRANT syntax](https://www.postgresql.org/docs/current/sql-grant.html). - The attributes are used as `GRANT ''${attrValue} ON ''${attrName}`. - ''; - example = literalExpression '' - { - "DATABASE \"nextcloud\"" = "ALL PRIVILEGES"; - "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; - } - ''; - }; + ensurePermissions = mkOption { + type = types.attrsOf types.str; + default = { }; + visible = false; # This option has been deprecated. + description = lib.mdDoc '' + This option is DEPRECATED and should not be used in nixpkgs anymore, + use `ensureDBOwnership` instead. It can also break with newer + versions of PostgreSQL (≥ 15). + + Permissions to ensure for the user, specified as an attribute set. + The attribute names specify the database and tables to grant the permissions for. + The attribute values specify the permissions to grant. You may specify one or + multiple comma-separated SQL privileges here. + + For more information on how to specify the target + and on which privileges exist, see the + [GRANT syntax](https://www.postgresql.org/docs/current/sql-grant.html). + The attributes are used as `GRANT ''${attrValue} ON ''${attrName}`. + ''; + example = literalExpression '' + { + "DATABASE \"nextcloud\"" = "ALL PRIVILEGES"; + "ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES"; + } + ''; + }; - ensureDBOwnership = mkOption { - type = types.bool; - default = false; - description = mdDoc '' - Grants the user ownership to a database with the same name. - This database must be defined manually in - [](#opt-services.justinrubek.postgresql.ensureDatabases). - ''; - }; + ensureDBOwnership = mkOption { + type = types.bool; + default = false; + description = mdDoc '' + Grants the user ownership to a database with the same name. + This database must be defined manually in + [](#opt-services.justinrubek.postgresql.ensureDatabases). + ''; + }; - ensureClauses = mkOption { - description = lib.mdDoc '' - An attrset of clauses to grant to the user. Under the hood this uses the - [ALTER USER syntax](https://www.postgresql.org/docs/current/sql-alteruser.html) for each attrName where - the attrValue is true in the attrSet: - `ALTER USER user.name WITH attrName` - ''; - example = literalExpression '' - { - superuser = true; - createrole = true; - createdb = true; - } - ''; - default = {}; - defaultText = lib.literalMD '' - The default, `null`, means that the user created will have the default permissions assigned by PostgreSQL. Subsequent server starts will not set or unset the clause, so imperative changes are preserved. - ''; - type = types.submodule { - options = let - defaultText = lib.literalMD '' - `null`: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause. - ''; - in { - superuser = mkOption { - type = types.nullOr types.bool; - description = lib.mdDoc '' - Grants the user, created by the ensureUser attr, superuser permissions. From the postgres docs: - - A database superuser bypasses all permission checks, - except the right to log in. This is a dangerous privilege - and should not be used carelessly; it is best to do most - of your work as a role that is not a superuser. To create - a new database superuser, use CREATE ROLE name SUPERUSER. - You must do this as a role that is already a superuser. - - More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html) - ''; - default = null; - inherit defaultText; - }; - createrole = mkOption { - type = types.nullOr types.bool; - description = lib.mdDoc '' - Grants the user, created by the ensureUser attr, createrole permissions. From the postgres docs: - - A role must be explicitly given permission to create more - roles (except for superusers, since those bypass all - permission checks). To create such a role, use CREATE - ROLE name CREATEROLE. A role with CREATEROLE privilege - can alter and drop other roles, too, as well as grant or - revoke membership in them. However, to create, alter, - drop, or change membership of a superuser role, superuser - status is required; CREATEROLE is insufficient for that. - - More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html) - ''; - default = null; - inherit defaultText; - }; - createdb = mkOption { - type = types.nullOr types.bool; - description = lib.mdDoc '' - Grants the user, created by the ensureUser attr, createdb permissions. From the postgres docs: - - A role must be explicitly given permission to create - databases (except for superusers, since those bypass all - permission checks). To create such a role, use CREATE - ROLE name CREATEDB. - - More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html) - ''; - default = null; - inherit defaultText; - }; - "inherit" = mkOption { - type = types.nullOr types.bool; - description = lib.mdDoc '' - Grants the user created inherit permissions. From the postgres docs: - - A role is given permission to inherit the privileges of - roles it is a member of, by default. However, to create a - role without the permission, use CREATE ROLE name - NOINHERIT. - - More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html) - ''; - default = null; - inherit defaultText; - }; - login = mkOption { - type = types.nullOr types.bool; - description = lib.mdDoc '' - Grants the user, created by the ensureUser attr, login permissions. From the postgres docs: - - Only roles that have the LOGIN attribute can be used as - the initial role name for a database connection. A role - with the LOGIN attribute can be considered the same as a - “database user”. To create a role with login privilege, - use either: - - CREATE ROLE name LOGIN; CREATE USER name; - - (CREATE USER is equivalent to CREATE ROLE except that - CREATE USER includes LOGIN by default, while CREATE ROLE - does not.) - - More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html) - ''; - default = null; - inherit defaultText; - }; - replication = mkOption { - type = types.nullOr types.bool; - description = lib.mdDoc '' - Grants the user, created by the ensureUser attr, replication permissions. From the postgres docs: - - A role must explicitly be given permission to initiate - streaming replication (except for superusers, since those - bypass all permission checks). A role used for streaming - replication must have LOGIN permission as well. To create - such a role, use CREATE ROLE name REPLICATION LOGIN. - - More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html) - ''; - default = null; - inherit defaultText; - }; - bypassrls = mkOption { - type = types.nullOr types.bool; - description = lib.mdDoc '' - Grants the user, created by the ensureUser attr, replication permissions. From the postgres docs: - - A role must be explicitly given permission to bypass - every row-level security (RLS) policy (except for - superusers, since those bypass all permission checks). To - create such a role, use CREATE ROLE name BYPASSRLS as a - superuser. - - More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html) - ''; - default = null; - inherit defaultText; - }; + ensureClauses = mkOption { + description = lib.mdDoc '' + An attrset of clauses to grant to the user. Under the hood this uses the + [ALTER USER syntax](https://www.postgresql.org/docs/current/sql-alteruser.html) for each attrName where + the attrValue is true in the attrSet: + `ALTER USER user.name WITH attrName` + ''; + example = literalExpression '' + { + superuser = true; + createrole = true; + createdb = true; + } + ''; + default = { }; + defaultText = lib.literalMD '' + The default, `null`, means that the user created will have the default permissions assigned by PostgreSQL. Subsequent server starts will not set or unset the clause, so imperative changes are preserved. + ''; + type = types.submodule { + options = + let + defaultText = lib.literalMD '' + `null`: do not set. For newly created roles, use PostgreSQL's default. For existing roles, do not touch this clause. + ''; + in + { + superuser = mkOption { + type = types.nullOr types.bool; + description = lib.mdDoc '' + Grants the user, created by the ensureUser attr, superuser permissions. From the postgres docs: + + A database superuser bypasses all permission checks, + except the right to log in. This is a dangerous privilege + and should not be used carelessly; it is best to do most + of your work as a role that is not a superuser. To create + a new database superuser, use CREATE ROLE name SUPERUSER. + You must do this as a role that is already a superuser. + + More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html) + ''; + default = null; + inherit defaultText; + }; + createrole = mkOption { + type = types.nullOr types.bool; + description = lib.mdDoc '' + Grants the user, created by the ensureUser attr, createrole permissions. From the postgres docs: + + A role must be explicitly given permission to create more + roles (except for superusers, since those bypass all + permission checks). To create such a role, use CREATE + ROLE name CREATEROLE. A role with CREATEROLE privilege + can alter and drop other roles, too, as well as grant or + revoke membership in them. However, to create, alter, + drop, or change membership of a superuser role, superuser + status is required; CREATEROLE is insufficient for that. + + More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html) + ''; + default = null; + inherit defaultText; + }; + createdb = mkOption { + type = types.nullOr types.bool; + description = lib.mdDoc '' + Grants the user, created by the ensureUser attr, createdb permissions. From the postgres docs: + + A role must be explicitly given permission to create + databases (except for superusers, since those bypass all + permission checks). To create such a role, use CREATE + ROLE name CREATEDB. + + More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html) + ''; + default = null; + inherit defaultText; + }; + "inherit" = mkOption { + type = types.nullOr types.bool; + description = lib.mdDoc '' + Grants the user created inherit permissions. From the postgres docs: + + A role is given permission to inherit the privileges of + roles it is a member of, by default. However, to create a + role without the permission, use CREATE ROLE name + NOINHERIT. + + More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html) + ''; + default = null; + inherit defaultText; + }; + login = mkOption { + type = types.nullOr types.bool; + description = lib.mdDoc '' + Grants the user, created by the ensureUser attr, login permissions. From the postgres docs: + + Only roles that have the LOGIN attribute can be used as + the initial role name for a database connection. A role + with the LOGIN attribute can be considered the same as a + “database user”. To create a role with login privilege, + use either: + + CREATE ROLE name LOGIN; CREATE USER name; + + (CREATE USER is equivalent to CREATE ROLE except that + CREATE USER includes LOGIN by default, while CREATE ROLE + does not.) + + More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html) + ''; + default = null; + inherit defaultText; + }; + replication = mkOption { + type = types.nullOr types.bool; + description = lib.mdDoc '' + Grants the user, created by the ensureUser attr, replication permissions. From the postgres docs: + + A role must explicitly be given permission to initiate + streaming replication (except for superusers, since those + bypass all permission checks). A role used for streaming + replication must have LOGIN permission as well. To create + such a role, use CREATE ROLE name REPLICATION LOGIN. + + More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html) + ''; + default = null; + inherit defaultText; + }; + bypassrls = mkOption { + type = types.nullOr types.bool; + description = lib.mdDoc '' + Grants the user, created by the ensureUser attr, replication permissions. From the postgres docs: + + A role must be explicitly given permission to bypass + every row-level security (RLS) policy (except for + superusers, since those bypass all permission checks). To + create such a role, use CREATE ROLE name BYPASSRLS as a + superuser. + + More information on postgres roles can be found [here](https://www.postgresql.org/docs/current/role-attributes.html) + ''; + default = null; + inherit defaultText; + }; + }; }; }; }; - }; - }); - default = []; + } + ); + default = [ ]; description = lib.mdDoc '' Ensures that the specified users exist. The PostgreSQL users will be identified using peer authentication. This authenticates the Unix user with the @@ -382,7 +396,7 @@ in { extraPlugins = mkOption { type = types.listOf types.path; - default = []; + default = [ ]; example = literalExpression "with pkgs.postgresql_15.pkgs; [ postgis pg_repack ]"; description = lib.mdDoc '' List of PostgreSQL plugins. PostgreSQL version for each plugin should @@ -391,8 +405,15 @@ in { }; settings = mkOption { - type = with types; attrsOf (oneOf [bool float int str]); - default = {}; + type = + with types; + attrsOf (oneOf [ + bool + float + int + str + ]); + default = { }; description = lib.mdDoc '' PostgreSQL configuration. Refer to @@ -438,12 +459,9 @@ in { ###### implementation config = mkIf cfg.enable { - assertions = - map ({ - name, - ensureDBOwnership, - ... - }: { + assertions = map ( + { name, ensureDBOwnership, ... }: + { assertion = ensureDBOwnership -> builtins.elem name cfg.ensureDatabases; message = '' For each database user defined with `services.justinrubek.postgresql.ensureUsers` and @@ -452,10 +470,12 @@ in { Offender: ${name} has not been found among databases. ''; - }) - cfg.ensureUsers; + } + ) cfg.ensureUsers; # `ensurePermissions` is now deprecated, let's avoid it. - warnings = lib.optional (any ({ensurePermissions, ...}: ensurePermissions != {}) cfg.ensureUsers) " + warnings = + lib.optional (any ({ ensurePermissions, ... }: ensurePermissions != { }) cfg.ensureUsers) + " `services.justinrubek.postgresql.ensureUsers.*.ensurePermissions` is used in your expressions, this option is known to be broken with newer PostgreSQL versions, consider migrating to `services.justinrubek.postgresql.ensureUsers.*.ensureDBOwnership` or @@ -471,53 +491,43 @@ in { ident_file = "${pkgs.writeText "pg_ident.conf" cfg.identMap}"; log_destination = "stderr"; log_line_prefix = cfg.logLinePrefix; - listen_addresses = - if cfg.enableTCPIP - then "*" - else "localhost"; + listen_addresses = if cfg.enableTCPIP then "*" else "localhost"; inherit (cfg) port; - jit = mkDefault ( - if cfg.enableJIT - then "on" - else "off" - ); + jit = mkDefault (if cfg.enableJIT then "on" else "off"); }; - package = let - mkThrow = ver: throw "postgresql_${ver} was removed, please upgrade your postgresql version."; - base = - if versionAtLeast config.system.stateVersion "23.11" - then pkgs.postgresql_15 - else if versionAtLeast config.system.stateVersion "22.05" - then pkgs.postgresql_14 - else if versionAtLeast config.system.stateVersion "21.11" - then pkgs.postgresql_13 - else if versionAtLeast config.system.stateVersion "20.03" - then mkThrow "11" - else if versionAtLeast config.system.stateVersion "17.09" - then mkThrow "9_6" - else mkThrow "9_5"; - in + package = + let + mkThrow = ver: throw "postgresql_${ver} was removed, please upgrade your postgresql version."; + base = + if versionAtLeast config.system.stateVersion "23.11" then + pkgs.postgresql_15 + else if versionAtLeast config.system.stateVersion "22.05" then + pkgs.postgresql_14 + else if versionAtLeast config.system.stateVersion "21.11" then + pkgs.postgresql_13 + else if versionAtLeast config.system.stateVersion "20.03" then + mkThrow "11" + else if versionAtLeast config.system.stateVersion "17.09" then + mkThrow "9_6" + else + mkThrow "9_5"; + in # Note: when changing the default, make it conditional on # ‘system.stateVersion’ to maintain compatibility with existing # systems! - mkDefault ( - if cfg.enableJIT - then base.withJIT - else base - ); + mkDefault (if cfg.enableJIT then base.withJIT else base); dataDir = mkDefault "/var/lib/postgresql/${cfg.package.psqlSchema}"; authentication = mkMerge [ (mkBefore "# Generated file; do not edit!") - (mkAfter - '' - # default value of services.justinrubek.postgresql.authentication - local all all peer - host all all 127.0.0.1/32 md5 - host all all ::1/128 md5 - '') + (mkAfter '' + # default value of services.justinrubek.postgresql.authentication + local all all peer + host all all 127.0.0.1/32 md5 + host all all ::1/128 md5 + '') ]; }; @@ -532,23 +542,23 @@ in { users.groups.postgres.gid = config.ids.gids.postgres; - environment.systemPackages = [postgresql]; + environment.systemPackages = [ postgresql ]; - environment.pathsToLink = [ - "/share/postgresql" - ]; + environment.pathsToLink = [ "/share/postgresql" ]; - system.checks = lib.optional (cfg.checkConfig && pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform) configFileCheck; + system.checks = lib.optional ( + cfg.checkConfig && pkgs.stdenv.hostPlatform == pkgs.stdenv.buildPlatform + ) configFileCheck; systemd.services.postgresql = { description = "PostgreSQL Server"; - wantedBy = ["multi-user.target"]; - after = ["network.target"]; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; environment.PGDATA = cfg.dataDir; - path = [postgresql]; + path = [ postgresql ]; preStart = '' if ! test -e ${cfg.dataDir}/PG_VERSION; then @@ -580,54 +590,44 @@ in { done if test -e "${cfg.dataDir}/.first_startup"; then - ${optionalString (cfg.initialScript != null) '' - $PSQL -f "${cfg.initialScript}" -d postgres - ''} + ${ + optionalString (cfg.initialScript != null) '' + $PSQL -f "${cfg.initialScript}" -d postgres + '' + } rm -f "${cfg.dataDir}/.first_startup" fi '' - + optionalString (cfg.ensureDatabases != []) '' + + optionalString (cfg.ensureDatabases != [ ]) '' ${concatMapStrings (database: '' - $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${database}"' - '') - cfg.ensureDatabases} + $PSQL -tAc "SELECT 1 FROM pg_database WHERE datname = '${database}'" | grep -q 1 || $PSQL -tAc 'CREATE DATABASE "${database}"' + '') cfg.ensureDatabases} '' + '' - ${ - concatMapStrings - ( - user: let - userPermissions = - concatStringsSep "\n" - ( - mapAttrsToList - (database: permission: ''$PSQL -tAc 'GRANT ${permission} ON ${database} TO "${user.name}"' '') - user.ensurePermissions - ); - dbOwnershipStmt = - optionalString - user.ensureDBOwnership - ''$PSQL -tAc 'ALTER DATABASE "${user.name}" OWNER TO "${user.name}";' ''; - - filteredClauses = filterAttrs (name: value: value != null) user.ensureClauses; - - clauseSqlStatements = attrValues (mapAttrs (n: v: - if v - then n - else "no${n}") - filteredClauses); - - userClauses = ''$PSQL -tAc 'ALTER ROLE "${user.name}" ${concatStringsSep " " clauseSqlStatements}' ''; - in '' - $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"' - ${userPermissions} - ${userClauses} - - ${dbOwnershipStmt} - '' - ) - cfg.ensureUsers - } + ${concatMapStrings ( + user: + let + userPermissions = concatStringsSep "\n" ( + mapAttrsToList ( + database: permission: ''$PSQL -tAc 'GRANT ${permission} ON ${database} TO "${user.name}"' '' + ) user.ensurePermissions + ); + dbOwnershipStmt = optionalString user.ensureDBOwnership ''$PSQL -tAc 'ALTER DATABASE "${user.name}" OWNER TO "${user.name}";' ''; + + filteredClauses = filterAttrs (name: value: value != null) user.ensureClauses; + + clauseSqlStatements = attrValues (mapAttrs (n: v: if v then n else "no${n}") filteredClauses); + + userClauses = ''$PSQL -tAc 'ALTER ROLE "${user.name}" ${concatStringsSep " " clauseSqlStatements}' ''; + in + '' + $PSQL -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user.name}'" | grep -q 1 || $PSQL -tAc 'CREATE USER "${user.name}"' + ${userPermissions} + ${userClauses} + + ${dbOwnershipStmt} + '' + ) cfg.ensureUsers} ''; serviceConfig = mkMerge [ @@ -636,10 +636,7 @@ in { User = "postgres"; Group = "postgres"; RuntimeDirectory = "postgresql"; - Type = - if versionAtLeast cfg.package.version "9.6" - then "notify" - else "simple"; + Type = if versionAtLeast cfg.package.version "9.6" then "notify" else "simple"; # Shut down Postgres using SIGINT ("Fast Shutdown mode"). See # https://www.postgresql.org/docs/current/server-shutdown.html @@ -654,10 +651,7 @@ in { } (mkIf (cfg.dataDir == "/var/lib/postgresql/${cfg.package.psqlSchema}") { StateDirectory = "postgresql postgresql/${cfg.package.psqlSchema}"; - StateDirectoryMode = - if groupAccessAvailable - then "0750" - else "0700"; + StateDirectoryMode = if groupAccessAvailable then "0750" else "0700"; }) ]; diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index f82cfad..f232739 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,8 +1,5 @@ +{ inputs, self, ... }@moduleInput: { - inputs, - self, - ... -} @ moduleInput: { # TODO: Rewrite modules to have better inputs flake.nixosModules = { cachix = import ./cachix inputs; diff --git a/nixos/modules/filesystem/zfs/default.nix b/nixos/modules/filesystem/zfs/default.nix index 315e579..beb4da2 100644 --- a/nixos/modules/filesystem/zfs/default.nix +++ b/nixos/modules/filesystem/zfs/default.nix @@ -1,11 +1,14 @@ -_: { +_: +{ config, pkgs, lib, ... -}: let +}: +let cfg = config.justinrubek.filesystem.zfs; -in { +in +{ options.justinrubek.filesystem.zfs = { enable = lib.mkEnableOption "enable zfs filesystem"; }; diff --git a/nixos/modules/flake.nix b/nixos/modules/flake.nix index d2eb43a..d1e0a3d 100644 --- a/nixos/modules/flake.nix +++ b/nixos/modules/flake.nix @@ -1,14 +1,17 @@ -{nixpkgs, ...}: { +{ nixpkgs, ... }: +{ config, pkgs, lib, ... -}: let +}: +let cfg = config.nix.flakes; channelBase = "/etc/nixpkgs/channels"; nixpkgsChannel = "${channelBase}/nixpkgs"; -in { +in +{ options.nix.flakes.enable = lib.mkEnableOption "nix flakes"; config = lib.mkIf cfg.enable { @@ -17,15 +20,13 @@ in { registry.nixpkgs.flake = nixpkgs; - nixPath = [ - "nixpkgs=${nixpkgs}" - ]; + nixPath = [ "nixpkgs=${nixpkgs}" ]; }; /* - systemd.tmpfiles.rules = [ - "L+ ${nixpkgsChannel} - - - - ${nixpkgs}" - ]; + systemd.tmpfiles.rules = [ + "L+ ${nixpkgsChannel} - - - - ${nixpkgs}" + ]; */ }; } diff --git a/nixos/modules/graphical/fonts/default.nix b/nixos/modules/graphical/fonts/default.nix index 641c74f..dd7971b 100644 --- a/nixos/modules/graphical/fonts/default.nix +++ b/nixos/modules/graphical/fonts/default.nix @@ -1,11 +1,14 @@ -inputs @ {self, ...}: { +inputs@{ self, ... }: +{ config, pkgs, lib, ... -}: let +}: +let cfg = config.justinrubek.graphical.fonts; -in { +in +{ options.justinrubek.graphical.fonts = { enable = lib.mkEnableOption "enable fonts"; }; @@ -26,10 +29,19 @@ in { ]; fontconfig.defaultFonts = { - serif = ["Noto Serif" "Noto Color Emoji"]; - sansSerif = ["Noto Sans" "Noto Color Emoji"]; - monospace = ["JetBrainsMono Nerd Font" "Noto Color Emoji"]; - emoji = ["Noto Color Emoji"]; + serif = [ + "Noto Serif" + "Noto Color Emoji" + ]; + sansSerif = [ + "Noto Sans" + "Noto Color Emoji" + ]; + monospace = [ + "JetBrainsMono Nerd Font" + "Noto Color Emoji" + ]; + emoji = [ "Noto Color Emoji" ]; }; }; }; diff --git a/nixos/modules/haproxy/default.nix b/nixos/modules/haproxy/default.nix index 3f38a3c..8187da5 100644 --- a/nixos/modules/haproxy/default.nix +++ b/nixos/modules/haproxy/default.nix @@ -1,12 +1,15 @@ -{self, ...}: { +{ self, ... }: +{ config, pkgs, lib, flakeRootPath, ... -}: let +}: +let cfg = config.justinrubek.haproxy; -in { +in +{ options.justinrubek.haproxy = { enable = lib.mkEnableOption "run haproxy"; @@ -38,11 +41,10 @@ in { resolvers consul ${ - lib.concatMapStringsSep "\n" (node: '' - nameserver ${node} ${node}:8600 - '') - cfg.nodes - } + lib.concatMapStringsSep "\n" (node: '' + nameserver ${node} ${node}:8600 + '') cfg.nodes + } accepted_payload_size 8192 hold valid 5s @@ -50,15 +52,16 @@ in { bind 0.0.0.0:80 bind [::]:80 ${ - if cfg.ssl.enable - then '' - # require SSL for all requests using the wildcard certificate - bind 0.0.0.0:443 ssl crt /var/lib/acme/rubek.cloud/full.pem - bind [::]:443 ssl crt /var/lib/acme/rubek.cloud/full.pem - http-request redirect scheme https code 301 unless { ssl_fc } - '' - else "" - } + if cfg.ssl.enable then + '' + # require SSL for all requests using the wildcard certificate + bind 0.0.0.0:443 ssl crt /var/lib/acme/rubek.cloud/full.pem + bind [::]:443 ssl crt /var/lib/acme/rubek.cloud/full.pem + http-request redirect scheme https code 301 unless { ssl_fc } + '' + else + "" + } acl host_nix_cache hdr(host) -i nix-cache.rubek.cloud use_backend nix-cache if host_nix_cache @@ -146,9 +149,7 @@ in { defaults = { email = "justintrubek@protonmail.com"; - reloadServices = [ - "haproxy.service" - ]; + reloadServices = [ "haproxy.service" ]; }; certs = { "rubek.cloud" = { diff --git a/nixos/modules/matrix/conduit.nix b/nixos/modules/matrix/conduit.nix index ebbf1e8..0b8ea0d 100644 --- a/nixos/modules/matrix/conduit.nix +++ b/nixos/modules/matrix/conduit.nix @@ -1,11 +1,14 @@ -_: { +_: +{ config, pkgs, lib, ... -}: let +}: +let cfg = config.justinrubek.matrix.conduit; -in { +in +{ options.justinrubek.matrix.conduit = { enable = lib.mkEnableOption "enable conduit matrix homeserver"; @@ -26,12 +29,13 @@ in { }; }; - config = let - well_known_server = pkgs.writeText "well-known-matrix-server" '' - { - "m.server": "${cfg.matrix_hostname}" - } - ''; - in - lib.mkIf cfg.enable ({} // podmanConfig // dockerConfig); + config = + let + well_known_server = pkgs.writeText "well-known-matrix-server" '' + { + "m.server": "${cfg.matrix_hostname}" + } + ''; + in + lib.mkIf cfg.enable ({ } // podmanConfig // dockerConfig); } diff --git a/nixos/modules/media/default.nix b/nixos/modules/media/default.nix index c316e5e..a956fbe 100644 --- a/nixos/modules/media/default.nix +++ b/nixos/modules/media/default.nix @@ -1,20 +1,24 @@ -{self, ...}: { +{ self, ... }: +{ config, pkgs, lib, ... -}: let +}: +let # Mediahost module # Provides Jellyfin, Sonarr, Radarr, and Jackett cfg = config.justinrubek.mediahost; -in { +in +{ options.justinrubek.mediahost = { enable = lib.mkEnableOption "run consul"; }; - config = let - user = "mediahost"; - in + config = + let + user = "mediahost"; + in lib.mkIf cfg.enable { # home directory for "mediahost" user users.users.mediahost = { @@ -22,7 +26,7 @@ in { home = "/home/${user}"; createHome = true; group = "${user}"; - extraGroups = ["jellyfin"]; + extraGroups = [ "jellyfin" ]; }; services = { @@ -47,15 +51,17 @@ in { }; # open service ports to the tailnet - networking.firewall.interfaces.${config.services.tailscale.interfaceName} = let - ports = { - jellyfin = [8096]; - }; + networking.firewall.interfaces.${config.services.tailscale.interfaceName} = + let + ports = { + jellyfin = [ 8096 ]; + }; - allPorts = lib.flatten (lib.attrValues ports); - in { - allowedTCPPorts = allPorts; - allowedUDPPorts = allPorts; - }; + allPorts = lib.flatten (lib.attrValues ports); + in + { + allowedTCPPorts = allPorts; + allowedUDPPorts = allPorts; + }; }; } diff --git a/nixos/modules/nix.nix b/nixos/modules/nix.nix index 0f3d2c5..0840fe5 100644 --- a/nixos/modules/nix.nix +++ b/nixos/modules/nix.nix @@ -1,10 +1,8 @@ -_: { - config, - lib, - ... -}: { +_: +{ config, lib, ... }: +{ config = lib.mkMerge [ - {nix.settings.auto-optimise-store = lib.mkDefault true;} + { nix.settings.auto-optimise-store = lib.mkDefault true; } { nix.gc.automatic = lib.mkDefault true; nix.gc.options = lib.mkDefault "--delete-older-than 8d"; diff --git a/nixos/modules/nomad/default.nix b/nixos/modules/nomad/default.nix index 8212414..1efd4a6 100644 --- a/nixos/modules/nomad/default.nix +++ b/nixos/modules/nomad/default.nix @@ -1,21 +1,25 @@ -{self, ...}: { +{ self, ... }: +{ config, pkgs, lib, flakeRootPath, ... -}: let +}: +let cfg = config.justinrubek.nomad; -in { +in +{ options.justinrubek.nomad = { enable = lib.mkEnableOption "run nomad"; }; - config = let - inherit (config.networking) hostName; + config = + let + inherit (config.networking) hostName; - tailscaleInterface = config.services.tailscale.interfaceName; - in + tailscaleInterface = config.services.tailscale.interfaceName; + in lib.mkIf cfg.enable { services.nomad = { enable = true; @@ -27,20 +31,22 @@ in { # use patched nomad for flake support package = self.packages.${pkgs.system}.nomad; - extraPackages = [config.nix.package]; + extraPackages = [ config.nix.package ]; settings = { bind_addr = "0.0.0.0"; # bind_addr = ''{{ GetInterfaceIP "${tailscaleInterface}" }}''; datacenter = "dc1"; - advertise = let - address = "{{ GetInterfaceIP \"${tailscaleInterface}\" }}"; - in { - http = address; - rpc = address; - serf = address; - }; + advertise = + let + address = "{{ GetInterfaceIP \"${tailscaleInterface}\" }}"; + in + { + http = address; + rpc = address; + serf = address; + }; server = { enabled = true; @@ -75,19 +81,23 @@ in { sops.secrets.nomad_env = { sopsFile = "${flakeRootPath}/secrets/nomad.yaml"; owner = config.systemd.services.serviceConfig.User or "root"; - restartUnits = ["nomad.service"]; + restartUnits = [ "nomad.service" ]; }; systemd.services.nomad = { serviceConfig = { - EnvironmentFile = [config.sops.secrets."nomad_env".path]; + EnvironmentFile = [ config.sops.secrets."nomad_env".path ]; }; }; networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { # nomad ports - allowedTCPPorts = [4646 4647 4648]; - allowedUDPPorts = [4648]; + allowedTCPPorts = [ + 4646 + 4647 + 4648 + ]; + allowedUDPPorts = [ 4648 ]; # ephemeral ports allowedTCPPortRanges = [ diff --git a/nixos/modules/sound.nix b/nixos/modules/sound.nix index 5904add..dd58577 100644 --- a/nixos/modules/sound.nix +++ b/nixos/modules/sound.nix @@ -1,11 +1,14 @@ -{nixpkgs, ...}: { +{ nixpkgs, ... }: +{ config, pkgs, lib, ... -}: let +}: +let cfg = config.justinrubek.sound; -in { +in +{ options.justinrubek.sound = { enable = lib.mkEnableOption "enable sound"; }; diff --git a/nixos/modules/tailscale/default.nix b/nixos/modules/tailscale/default.nix index 00557dd..bd8d0d5 100644 --- a/nixos/modules/tailscale/default.nix +++ b/nixos/modules/tailscale/default.nix @@ -1,12 +1,15 @@ -{self, ...}: { +{ self, ... }: +{ config, pkgs, lib, flakeRootPath, ... -}: let +}: +let cfg = config.justinrubek.tailscale; -in { +in +{ options.justinrubek.tailscale = { enable = lib.mkEnableOption "configure tailscale"; @@ -17,23 +20,34 @@ in { services.tailscale.enable = true; networking = { firewall.checkReversePath = "loose"; - nameservers = ["100.100.100.100" "1.1.1.1" "8.8.8.8"]; - search = ["tailfef00.ts.net"]; + nameservers = [ + "100.100.100.100" + "1.1.1.1" + "8.8.8.8" + ]; + search = [ "tailfef00.ts.net" ]; }; sops.secrets."tailscale_key" = lib.mkIf cfg.autoconnect.enable { sopsFile = "${flakeRootPath}/secrets/tailscale/server.yaml"; }; - systemd.services.tailscale-autoconnect = let - tailscale = pkgs.lib.getExe pkgs.tailscale; - jq = pkgs.lib.getExe pkgs.jq; - in + systemd.services.tailscale-autoconnect = + let + tailscale = pkgs.lib.getExe pkgs.tailscale; + jq = pkgs.lib.getExe pkgs.jq; + in lib.mkIf cfg.autoconnect.enable { description = "Automatically connect to tailscale"; - after = ["network-pre.target" "tailscale.service"]; - wants = ["network-pre.target" "tailscale.service"]; - wantedBy = ["multi-user.target"]; + after = [ + "network-pre.target" + "tailscale.service" + ]; + wants = [ + "network-pre.target" + "tailscale.service" + ]; + wantedBy = [ "multi-user.target" ]; serviceConfig.Type = "oneshot"; script = '' # wait for tailscale to be ready diff --git a/nixos/modules/vault/default.nix b/nixos/modules/vault/default.nix index 916648c..d235414 100644 --- a/nixos/modules/vault/default.nix +++ b/nixos/modules/vault/default.nix @@ -1,12 +1,15 @@ -{self, ...}: { +{ self, ... }: +{ config, pkgs, lib, flakeRootPath, ... -}: let +}: +let cfg = config.justinrubek.vault; -in { +in +{ options.justinrubek.vault = { enable = lib.mkEnableOption "configure vault"; @@ -18,7 +21,7 @@ in { retry_join = lib.mkOption { type = lib.types.listOf lib.types.str; - default = []; + default = [ ]; description = "The list of nodes to join."; }; @@ -29,15 +32,18 @@ in { }; }; - config = let - retry_join = lib.concatStringsSep "\n" (lib.lists.forEach cfg.retry_join (value: '' - retry_join { - leader_api_addr = "${value}" - } - '')); + config = + let + retry_join = lib.concatStringsSep "\n" ( + lib.lists.forEach cfg.retry_join (value: '' + retry_join { + leader_api_addr = "${value}" + } + '') + ); - inherit (config.networking) hostName; - in + inherit (config.networking) hostName; + in lib.mkIf cfg.enable { services.vault = { enable = true; @@ -68,9 +74,12 @@ in { }; networking.firewall.interfaces.${config.services.tailscale.interfaceName} = { - allowedTCPPorts = [8200 8201]; + allowedTCPPorts = [ + 8200 + 8201 + ]; }; - environment.systemPackages = lib.mkIf cfg.include_package [pkgs.vault]; + environment.systemPackages = lib.mkIf cfg.include_package [ pkgs.vault ]; }; } diff --git a/nixos/modules/windowing/hyprland/default.nix b/nixos/modules/windowing/hyprland/default.nix index 6d55c29..2fa7da1 100644 --- a/nixos/modules/windowing/hyprland/default.nix +++ b/nixos/modules/windowing/hyprland/default.nix @@ -1,18 +1,21 @@ -inputs: { +inputs: +{ config, pkgs, lib, ... -}: let +}: +let cfg = config.justinrubek.windowing.hyprland; -in { +in +{ options.justinrubek.windowing.hyprland = { enable = lib.mkEnableOption "enable hyprland"; }; config = lib.mkIf cfg.enable { programs.hyprland.enable = true; - services.displayManager.sessionPackages = [inputs.hyprland.packages.${pkgs.system}.default]; + services.displayManager.sessionPackages = [ inputs.hyprland.packages.${pkgs.system}.default ]; # Configure keymap in X11 services.xserver = { diff --git a/nixos/modules/windowing/plasma/default.nix b/nixos/modules/windowing/plasma/default.nix index 491d87d..96c1572 100644 --- a/nixos/modules/windowing/plasma/default.nix +++ b/nixos/modules/windowing/plasma/default.nix @@ -1,11 +1,14 @@ -_: { +_: +{ config, pkgs, lib, ... -}: let +}: +let cfg = config.justinrubek.windowing.plasma; -in { +in +{ options.justinrubek.windowing.plasma = { enable = lib.mkEnableOption "enable kde plasma"; }; diff --git a/nixos/modules/windowing/xmonad/default.nix b/nixos/modules/windowing/xmonad/default.nix index 2f6ae00..7c09be4 100644 --- a/nixos/modules/windowing/xmonad/default.nix +++ b/nixos/modules/windowing/xmonad/default.nix @@ -1,11 +1,14 @@ -_: { +_: +{ config, pkgs, lib, ... -}: let +}: +let cfg = config.justinrubek.windowing.xmonad; -in { +in +{ options.justinrubek.windowing.xmonad = { enable = lib.mkEnableOption "enable xmonad"; }; diff --git a/nomad/default.nix b/nomad/default.nix index c83a162..23700d4 100644 --- a/nomad/default.nix +++ b/nomad/default.nix @@ -4,35 +4,38 @@ lib, self, ... -}: { - perSystem = { - config, - pkgs, - system, - ... - }: { - packages = { - nomadJobs = inputs.nix-nomad.lib.mkNomadJobs { - inherit system; - config = [ - ./jobs/dummy-api.nix - ./jobs/dummy-api-nix.nix - ./jobs/rubek-site.nix - ./jobs/rubek-site-nix.nix - ./jobs/storage.nix - ./jobs/valheim.nix - ./jobs/jellyfin.nix - ./jobs/paperless.nix - ./jobs/postgres.nix - ./jobs/key-test.nix - ./jobs/conduit.nix - ./jobs/factorio.nix - ./jobs/flake-builder.nix - ./jobs/nix-cache.nix - ./jobs/lockpad.nix - ./jobs/annapurna.nix - ]; +}: +{ + perSystem = + { + config, + pkgs, + system, + ... + }: + { + packages = { + nomadJobs = inputs.nix-nomad.lib.mkNomadJobs { + inherit system; + config = [ + ./jobs/dummy-api.nix + ./jobs/dummy-api-nix.nix + ./jobs/rubek-site.nix + ./jobs/rubek-site-nix.nix + ./jobs/storage.nix + ./jobs/valheim.nix + ./jobs/jellyfin.nix + ./jobs/paperless.nix + ./jobs/postgres.nix + ./jobs/key-test.nix + ./jobs/conduit.nix + ./jobs/factorio.nix + ./jobs/flake-builder.nix + ./jobs/nix-cache.nix + ./jobs/lockpad.nix + ./jobs/annapurna.nix + ]; + }; }; }; - }; } diff --git a/nomad/jobs/annapurna.nix b/nomad/jobs/annapurna.nix index 83a57a9..6c17cc5 100644 --- a/nomad/jobs/annapurna.nix +++ b/nomad/jobs/annapurna.nix @@ -1,23 +1,24 @@ -_: let +_: +let annapurna-image = "ghcr.io/justinrubek/annapurna:e5e48732bf6c2c2ea4e8144a9a3b2bbce6905ba9"; - lockpadSecret = name: ''{{ with secret "kv-v2/data/annapurna/lockpad" }}{{ .Data.data.${name} | toJSON }}{{ end }}''; + lockpadSecret = + name: + ''{{ with secret "kv-v2/data/annapurna/lockpad" }}{{ .Data.data.${name} | toJSON }}{{ end }}''; postgresKey = "annapurna/postgres"; - postgresSecret = name: ''{{ with secret "kv-v2/data/${postgresKey}" }}{{ .Data.data.${name} }}{{ end }}''; + postgresSecret = + name: ''{{ with secret "kv-v2/data/${postgresKey}" }}{{ .Data.data.${name} }}{{ end }}''; postgresUrl = ''postgres://${postgresSecret "username"}:${postgresSecret "password"}@alex:5435/${postgresSecret "database"}''; -in { +in +{ job.annapurna = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; group.annapurna = { count = 1; - networks = [ - { - port.http.to = 3000; - } - ]; + networks = [ { port.http.to = 3000; } ]; task.database_migration = { lifecycle = { @@ -40,7 +41,7 @@ in { }; vault = { - policies = ["annapurna-postgres"]; + policies = [ "annapurna-postgres" ]; }; templates = [ @@ -60,7 +61,7 @@ in { config = { image = annapurna-image; - ports = ["http"]; + ports = [ "http" ]; command = "annapurna-cli"; args = [ "server" @@ -69,7 +70,10 @@ in { }; vault = { - policies = ["annapurna" "annapurna-postgres"]; + policies = [ + "annapurna" + "annapurna-postgres" + ]; }; templates = [ diff --git a/nomad/jobs/conduit.nix b/nomad/jobs/conduit.nix index 8a8ad1c..4dc9adc 100644 --- a/nomad/jobs/conduit.nix +++ b/nomad/jobs/conduit.nix @@ -1,6 +1,6 @@ _: { job.conduit = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; group.matrix = { count = 1; @@ -16,11 +16,7 @@ _: { }; }; - networks = [ - { - port.http.to = 6167; - } - ]; + networks = [ { port.http.to = 6167; } ]; task.backend = { driver = "docker"; @@ -28,11 +24,9 @@ _: { config = { image = "justinrubek/conduit:c56d3b54f32207644e5619123ffff93e79396bc7"; - ports = ["http"]; + ports = [ "http" ]; - volumes = [ - "local/conduit.toml:/etc/conduit.toml" - ]; + volumes = [ "local/conduit.toml:/etc/conduit.toml" ]; }; volumeMounts = [ @@ -44,7 +38,7 @@ _: { ]; vault = { - policies = ["matrix-homeserver-conduit"]; + policies = [ "matrix-homeserver-conduit" ]; }; env = { @@ -82,8 +76,7 @@ _: { { name = "matrix-conduit"; port = "http"; - checks = [ - ]; + checks = [ ]; } ]; diff --git a/nomad/jobs/dummy-api-nix.nix b/nomad/jobs/dummy-api-nix.nix index 3d5c4cc..dfd1a13 100644 --- a/nomad/jobs/dummy-api-nix.nix +++ b/nomad/jobs/dummy-api-nix.nix @@ -1,15 +1,11 @@ _: { job.dummy_api_nix = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; group.api = { count = 1; - networks = [ - { - port.http.to = 8000; - } - ]; + networks = [ { port.http.to = 8000; } ]; task.backend = { driver = "docker"; @@ -17,9 +13,9 @@ _: { config = { nix_flake_ref = "github:justinrubek/axum-dummy-api#packages.x86_64-linux.api"; nix_flake_sha = "sha256-ypid10gYPAeGneUy5l9S3MNxHBOKCXnlhH9no40XqVs="; - entrypoint = ["bin/dummy_api"]; + entrypoint = [ "bin/dummy_api" ]; - ports = ["http"]; + ports = [ "http" ]; mount = [ { diff --git a/nomad/jobs/dummy-api.nix b/nomad/jobs/dummy-api.nix index 668a4e4..8bc256c 100644 --- a/nomad/jobs/dummy-api.nix +++ b/nomad/jobs/dummy-api.nix @@ -1,22 +1,18 @@ _: { job.dummy_api = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; group.api = { count = 1; - networks = [ - { - port.http.to = 8000; - } - ]; + networks = [ { port.http.to = 8000; } ]; task.backend = { driver = "docker"; config = { image = "justinrubek/axum-dummy-api:0.2.1"; - ports = ["http"]; + ports = [ "http" ]; }; }; diff --git a/nomad/jobs/factorio.nix b/nomad/jobs/factorio.nix index c612213..d3e532f 100644 --- a/nomad/jobs/factorio.nix +++ b/nomad/jobs/factorio.nix @@ -1,6 +1,6 @@ _: { job.factorio = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; group.factorio = { count = 1; @@ -27,8 +27,7 @@ _: { task.factorio-server = { driver = "docker"; - env = { - }; + env = { }; volumeMounts = [ { @@ -72,37 +71,40 @@ _: { }; vault = { - policies = ["factorio-server"]; + policies = [ "factorio-server" ]; }; templates = [ { - data = let - secretKey = "factorio"; - envSecret = name: ''{{ with secret "kv-v2/data/${secretKey}" }}{{ .Data.data.${name} }}{{ end }}''; - in '' - FACTORIO_USERNAME=${envSecret "username"} - FACTORIO_TOKEN=${envSecret "token"} - ''; + data = + let + secretKey = "factorio"; + envSecret = name: ''{{ with secret "kv-v2/data/${secretKey}" }}{{ .Data.data.${name} }}{{ end }}''; + in + '' + FACTORIO_USERNAME=${envSecret "username"} + FACTORIO_TOKEN=${envSecret "token"} + ''; destination = "secrets/env"; env = true; } { destination = "local/server-settings.json"; - data = let - server-settings = { - name = "The Factory Must Grow."; - description = "I used to have a family, but now I have a factory."; - visibility.lan = true; + data = + let + server-settings = { + name = "The Factory Must Grow."; + description = "I used to have a family, but now I have a factory."; + visibility.lan = true; - autosave_interval = 1; - autosave_slots = 10; - non_blocking_saving = true; + autosave_interval = 1; + autosave_slots = 10; + non_blocking_saving = true; - auto_pause = true; - }; - json = builtins.toJSON server-settings; - in + auto_pause = true; + }; + json = builtins.toJSON server-settings; + in json; } { @@ -116,13 +118,14 @@ _: { } { destination = "local/server-adminlist.json"; - data = let - server-adminlist = [ - "justinkingr" - "sinnyen" - ]; - json = builtins.toJSON server-adminlist; - in + data = + let + server-adminlist = [ + "justinkingr" + "sinnyen" + ]; + json = builtins.toJSON server-adminlist; + in json; } { diff --git a/nomad/jobs/flake-builder.nix b/nomad/jobs/flake-builder.nix index b0f4e5d..f5ddd74 100644 --- a/nomad/jobs/flake-builder.nix +++ b/nomad/jobs/flake-builder.nix @@ -1,15 +1,11 @@ _: { job.flake_builder = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; group.api = { count = 1; - networks = [ - { - port.http.to = 3000; - } - ]; + networks = [ { port.http.to = 3000; } ]; task.backend = { driver = "docker"; @@ -18,7 +14,7 @@ _: { # image = "justinrubek/flake-builder:69c2cbe5d0c3d7cafb7f0e67355d84ad1f98cbdf"; image = "justinrubek/flake-builder:latest"; - ports = ["http"]; + ports = [ "http" ]; command = "flake-builder-cli"; args = [ @@ -26,9 +22,7 @@ _: { "http" ]; - volumes = [ - "local/nix.conf:/etc/nix/nix.conf" - ]; + volumes = [ "local/nix.conf:/etc/nix/nix.conf" ]; }; templates = [ diff --git a/nomad/jobs/jellyfin.nix b/nomad/jobs/jellyfin.nix index bff35fd..5244133 100644 --- a/nomad/jobs/jellyfin.nix +++ b/nomad/jobs/jellyfin.nix @@ -1,6 +1,6 @@ _: { job.jellyfin = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; group.jellyfin = { count = 1; diff --git a/nomad/jobs/key-test.nix b/nomad/jobs/key-test.nix index 808cd54..22681a8 100644 --- a/nomad/jobs/key-test.nix +++ b/nomad/jobs/key-test.nix @@ -1,6 +1,6 @@ _: { job.vault-key-test = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; type = "batch"; @@ -13,8 +13,11 @@ _: { config = { nix_flake_ref = "github:nixos/nixpkgs#legacyPackages.x86_64-linux.hello"; nix_flake_sha = "sha256-2BbZN9OC+6KdEVMQnkLEnXi5f/XNGKAM37S2OBs8xeQ="; - entrypoint = ["bin/hello"]; - args = ["-g" "hello \${MESSAGE}"]; + entrypoint = [ "bin/hello" ]; + args = [ + "-g" + "hello \${MESSAGE}" + ]; mount = [ { @@ -30,7 +33,7 @@ _: { }; vault = { - policies = ["hello"]; + policies = [ "hello" ]; }; templates = [ diff --git a/nomad/jobs/lockpad.nix b/nomad/jobs/lockpad.nix index 83595b0..673b671 100644 --- a/nomad/jobs/lockpad.nix +++ b/nomad/jobs/lockpad.nix @@ -1,16 +1,20 @@ -_: let +_: +let lockpad-image = "ghcr.io/justinrubek/lockpad:2a0fe04952ec76d05e0b50ba6c2a3fc60a620762"; postgres_image = "docker.io/justinrubek/postgres@sha256:d00c2e7a63d66d74188bfa3351870de5197a3442d53a155db6182a561387924a"; envKey = "lockpad/env"; - envSecret = name: ''{{ with secret "kv-v2/data/${envKey}" }}{{ .Data.data.${name} | toJSON }}{{ end }}''; + envSecret = + name: ''{{ with secret "kv-v2/data/${envKey}" }}{{ .Data.data.${name} | toJSON }}{{ end }}''; postgresKey = "lockpad/postgres"; - postgresSecret = name: ''{{ with secret "kv-v2/data/${postgresKey}" }}{{ .Data.data.${name} }}{{ end }}''; + postgresSecret = + name: ''{{ with secret "kv-v2/data/${postgresKey}" }}{{ .Data.data.${name} }}{{ end }}''; postgresUrl = ''postgres://${postgresSecret "username"}:${postgresSecret "password"}@alex:5435/${postgresSecret "database"}''; -in { +in +{ job.lockpad = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; group.lockpad = { count = 1; @@ -43,7 +47,7 @@ in { }; vault = { - policies = ["lockpad-postgres"]; + policies = [ "lockpad-postgres" ]; }; templates = [ @@ -63,7 +67,7 @@ in { config = { image = lockpad-image; - ports = ["http"]; + ports = [ "http" ]; command = "lockpad-cli"; args = [ "server" @@ -72,7 +76,10 @@ in { }; vault = { - policies = ["lockpad" "lockpad-postgres"]; + policies = [ + "lockpad" + "lockpad-postgres" + ]; }; templates = [ diff --git a/nomad/jobs/nix-cache.nix b/nomad/jobs/nix-cache.nix index de69179..60b3fb9 100644 --- a/nomad/jobs/nix-cache.nix +++ b/nomad/jobs/nix-cache.nix @@ -1,6 +1,6 @@ _: { job.nix_cache = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; group.cache = { count = 1; @@ -30,7 +30,7 @@ _: { config = { image = "docker.io/postgres@sha256:2e89ed90224245851ea2b01e0b20c4b893e69141eb36e7a1cece7fb9e19f21f0"; - ports = ["database"]; + ports = [ "database" ]; }; volumeMounts = [ @@ -42,18 +42,20 @@ _: { ]; vault = { - policies = ["nix-cache-postgres"]; + policies = [ "nix-cache-postgres" ]; }; templates = [ { - data = let - secretKey = "nix-cache/postgres"; - envSecret = name: ''{{ with secret "kv-v2/data/${secretKey}" }}{{ .Data.data.${name} }}{{ end }}''; - in '' - POSTGRES_USER=${envSecret "username"} - POSTGRES_PASSWORD=${envSecret "password"} - ''; + data = + let + secretKey = "nix-cache/postgres"; + envSecret = name: ''{{ with secret "kv-v2/data/${secretKey}" }}{{ .Data.data.${name} }}{{ end }}''; + in + '' + POSTGRES_USER=${envSecret "username"} + POSTGRES_PASSWORD=${envSecret "password"} + ''; destination = "secrets/env"; env = true; } @@ -71,53 +73,57 @@ _: { "secrets/attic.toml" ]; - ports = ["http"]; + ports = [ "http" ]; }; vault = { - policies = ["nix-cache-attic"]; + policies = [ "nix-cache-attic" ]; }; - templates = let - databaseSecret = name: ''{{ with secret "kv-v2/data/nix-cache/database" }}{{ .Data.data.${name} }}{{ end }}''; - minioSecret = name: ''{{ with secret "kv-v2/data/nix-cache/minio" }}{{ .Data.data.${name} }}{{ end }}''; - - postgresUrl = ''postgres://${databaseSecret "username"}:${databaseSecret "password"}@localhost:5432/${databaseSecret "database"}''; - in [ - { - changeMode = "restart"; - destination = "secrets/attic.toml"; - data = '' - listen = "[::]:8080" - allowed-hosts = [] - api-endpoint = "https://nix-cache.rubek.cloud/" - require-proof-of-possession = false - token-hs256-secret-base64 = '${databaseSecret "token_secret"}' - - [database] - url = '${postgresUrl}' - - [storage] - type = "s3" - region = "us-east-1" - bucket = '${minioSecret "bucket"}' - endpoint = "http://alex:9000" - - [storage.credentials] - access_key_id = '${minioSecret "access_key"}' - secret_access_key = '${minioSecret "secret_key"}' - - [chunking] - nar-size-threshold = 65536 - min-size = 16384 - avg-size = 65536 - max-size = 262144 - - [compression] - type = "zstd" - ''; - } - ]; + templates = + let + databaseSecret = + name: ''{{ with secret "kv-v2/data/nix-cache/database" }}{{ .Data.data.${name} }}{{ end }}''; + minioSecret = + name: ''{{ with secret "kv-v2/data/nix-cache/minio" }}{{ .Data.data.${name} }}{{ end }}''; + + postgresUrl = ''postgres://${databaseSecret "username"}:${databaseSecret "password"}@localhost:5432/${databaseSecret "database"}''; + in + [ + { + changeMode = "restart"; + destination = "secrets/attic.toml"; + data = '' + listen = "[::]:8080" + allowed-hosts = [] + api-endpoint = "https://nix-cache.rubek.cloud/" + require-proof-of-possession = false + token-hs256-secret-base64 = '${databaseSecret "token_secret"}' + + [database] + url = '${postgresUrl}' + + [storage] + type = "s3" + region = "us-east-1" + bucket = '${minioSecret "bucket"}' + endpoint = "http://alex:9000" + + [storage.credentials] + access_key_id = '${minioSecret "access_key"}' + secret_access_key = '${minioSecret "secret_key"}' + + [chunking] + nar-size-threshold = 65536 + min-size = 16384 + avg-size = 65536 + max-size = 262144 + + [compression] + type = "zstd" + ''; + } + ]; resources = { cpu = 500; @@ -129,8 +135,7 @@ _: { { name = "nix-cache"; port = "http"; - checks = [ - ]; + checks = [ ]; } ]; }; diff --git a/nomad/jobs/paperless.nix b/nomad/jobs/paperless.nix index 417f6fa..fc7bcd4 100644 --- a/nomad/jobs/paperless.nix +++ b/nomad/jobs/paperless.nix @@ -1,6 +1,6 @@ _: { job.paperless = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; group.paperless = { count = 1; @@ -45,7 +45,7 @@ _: { config = { image = "redis:6"; - ports = ["redis"]; + ports = [ "redis" ]; }; resources = { @@ -64,11 +64,11 @@ _: { config = { image = "justinrubek/paperless:latest"; - entrypoint = ["/sbin/docker-entrypoint.sh"]; + entrypoint = [ "/sbin/docker-entrypoint.sh" ]; command = "/usr/local/bin/paperless_cmd.sh"; work_dir = "/usr/src/paperless/src"; # image = "paperlessngx/paperless-ngx:latest"; - ports = ["http"]; + ports = [ "http" ]; }; volumeMounts = [ diff --git a/nomad/jobs/postgres.nix b/nomad/jobs/postgres.nix index ad0d315..adf4173 100644 --- a/nomad/jobs/postgres.nix +++ b/nomad/jobs/postgres.nix @@ -1,22 +1,18 @@ _: { job.postgres = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; group.db = { count = 1; - networks = [ - { - port.db.to = 5432; - } - ]; + networks = [ { port.db.to = 5432; } ]; task.server = { driver = "docker"; config = { image = "hashicorp/postgres-nomad-demo:latest"; - ports = ["db"]; + ports = [ "db" ]; }; }; diff --git a/nomad/jobs/rubek-site-nix.nix b/nomad/jobs/rubek-site-nix.nix index a759ef2..d8d0873 100644 --- a/nomad/jobs/rubek-site-nix.nix +++ b/nomad/jobs/rubek-site-nix.nix @@ -1,15 +1,11 @@ _: { job.rubek_site_nix = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; group.api = { count = 1; - networks = [ - { - port.http.to = 8000; - } - ]; + networks = [ { port.http.to = 8000; } ]; task.backend = { driver = "docker"; @@ -17,10 +13,10 @@ _: { config = { nix_flake_ref = "github:justinrubek/rubek.dev#packages.x86_64-linux.server/script"; nix_flake_sha = "sha256-hAX/bmafN+Yn0n6y1lGGQOfkNfIHrb7g8IBJqcoT/y8="; - entrypoint = ["bin/start_server"]; + entrypoint = [ "bin/start_server" ]; # image = "justinrubek/rubek.dev:0.1.5"; - ports = ["http"]; + ports = [ "http" ]; mount = [ { @@ -36,20 +32,23 @@ _: { }; vault = { - policies = ["calendar-client"]; + policies = [ "calendar-client" ]; }; templates = [ { - data = let - envSecret = name: ''{{ with secret "kv-v2/data/calendar/rubek-site" }}{{ .Data.data.${name} }}{{ end }}''; - in '' - CALDAV_USERNAME=${envSecret "username"} - CALDAV_PASSWORD=${envSecret "password"} - CALDAV_URL=${envSecret "url"} - AVAILABLE_CALENDAR=${envSecret "available_calendar"} - BOOKED_CALENDAR=${envSecret "booked_calendar"} - ''; + data = + let + envSecret = + name: ''{{ with secret "kv-v2/data/calendar/rubek-site" }}{{ .Data.data.${name} }}{{ end }}''; + in + '' + CALDAV_USERNAME=${envSecret "username"} + CALDAV_PASSWORD=${envSecret "password"} + CALDAV_URL=${envSecret "url"} + AVAILABLE_CALENDAR=${envSecret "available_calendar"} + BOOKED_CALENDAR=${envSecret "booked_calendar"} + ''; destination = "secrets/env"; env = true; } diff --git a/nomad/jobs/rubek-site.nix b/nomad/jobs/rubek-site.nix index 3fa7c1d..21120ba 100644 --- a/nomad/jobs/rubek-site.nix +++ b/nomad/jobs/rubek-site.nix @@ -1,15 +1,11 @@ _: { job.rubek_site = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; group.api = { count = 1; - networks = [ - { - port.http.to = 8000; - } - ]; + networks = [ { port.http.to = 8000; } ]; task.backend = { driver = "docker"; @@ -20,7 +16,7 @@ _: { # entrypoint = ["bin/start_server"]; image = "justinrubek/rubek.dev:0.4.1"; - ports = ["http"]; + ports = [ "http" ]; # mount = [ # { @@ -36,21 +32,23 @@ _: { }; vault = { - policies = ["calendar-client"]; + policies = [ "calendar-client" ]; }; templates = [ { - data = let - secretKey = "calendar/rubek-site"; - envSecret = name: ''{{ with secret "kv-v2/data/${secretKey}" }}{{ .Data.data.${name} }}{{ end }}''; - in '' - CALDAV_USERNAME=${envSecret "username"} - CALDAV_PASSWORD=${envSecret "password"} - CALDAV_URL=${envSecret "url"} - AVAILABLE_CALENDAR=${envSecret "available_calendar"} - BOOKED_CALENDAR=${envSecret "booked_calendar"} - ''; + data = + let + secretKey = "calendar/rubek-site"; + envSecret = name: ''{{ with secret "kv-v2/data/${secretKey}" }}{{ .Data.data.${name} }}{{ end }}''; + in + '' + CALDAV_USERNAME=${envSecret "username"} + CALDAV_PASSWORD=${envSecret "password"} + CALDAV_URL=${envSecret "url"} + AVAILABLE_CALENDAR=${envSecret "available_calendar"} + BOOKED_CALENDAR=${envSecret "booked_calendar"} + ''; destination = "secrets/env"; env = true; } diff --git a/nomad/jobs/storage.nix b/nomad/jobs/storage.nix index 2cf009f..6609551 100644 --- a/nomad/jobs/storage.nix +++ b/nomad/jobs/storage.nix @@ -1,6 +1,6 @@ _: { job.storage_controller = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; group.controller.task.plugin = { driver = "docker"; @@ -41,7 +41,7 @@ _: { }; job.storage_node = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; type = "system"; diff --git a/nomad/jobs/valheim.nix b/nomad/jobs/valheim.nix index 37afc77..f3f0843 100644 --- a/nomad/jobs/valheim.nix +++ b/nomad/jobs/valheim.nix @@ -1,6 +1,6 @@ _: { job.valheim = { - datacenters = ["dc1"]; + datacenters = [ "dc1" ]; group.valheim = { count = 1; diff --git a/packages/default.nix b/packages/default.nix index 1b1e29f..058d094 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -4,27 +4,31 @@ lib, self, ... -}: { +}: +{ imports = [ ./installer-image.nix ./neovim ]; - perSystem = { - config, - pkgs, - system, - inputs', - self', - ... - }: let - hashicorp_pkgs = inputs.hashicorp_nixpkgs.legacyPackages.${system}; - in rec { - packages = { - nomad = hashicorp_pkgs.callPackage ./nomad {}; - vault-bin = hashicorp_pkgs.callPackage ./vault-bin {}; + perSystem = + { + config, + pkgs, + system, + inputs', + self', + ... + }: + let + hashicorp_pkgs = inputs.hashicorp_nixpkgs.legacyPackages.${system}; + in + rec { + packages = { + nomad = hashicorp_pkgs.callPackage ./nomad { }; + vault-bin = hashicorp_pkgs.callPackage ./vault-bin { }; - material-symbols = pkgs.callPackage ./material-symbols.nix {}; + material-symbols = pkgs.callPackage ./material-symbols.nix { }; + }; }; - }; } diff --git a/packages/installer-image.nix b/packages/installer-image.nix index 2644d77..da8b3b9 100644 --- a/packages/installer-image.nix +++ b/packages/installer-image.nix @@ -1,26 +1,28 @@ -{inputs, ...}: { - perSystem = { - config, - pkgs, - system, - ... - }: let - graphical = inputs.nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma5.nix" - ]; +{ inputs, ... }: +{ + perSystem = + { + config, + pkgs, + system, + ... + }: + let + graphical = inputs.nixpkgs.lib.nixosSystem { + inherit system; + modules = [ + "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-calamares-plasma5.nix" + ]; + }; + minimal = inputs.nixpkgs.lib.nixosSystem { + inherit system; + modules = [ "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" ]; + }; + in + rec { + packages = { + "installer/graphical" = graphical.config.system.build.isoImage; + "installer/minimal" = minimal.config.system.build.isoImage; + }; }; - minimal = inputs.nixpkgs.lib.nixosSystem { - inherit system; - modules = [ - "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" - ]; - }; - in rec { - packages = { - "installer/graphical" = graphical.config.system.build.isoImage; - "installer/minimal" = minimal.config.system.build.isoImage; - }; - }; } diff --git a/packages/material-symbols.nix b/packages/material-symbols.nix index c401ceb..eb0dcfc 100644 --- a/packages/material-symbols.nix +++ b/packages/material-symbols.nix @@ -13,10 +13,10 @@ stdenvNoCC.mkDerivation { repo = "material-design-icons"; rev = "511eea577b20d2b02ad77477750da1e44c66a52c"; sha256 = "sha256-ENoWeyV9Dw26pgjy0Xst+qpxJ/mjgfqrY2Du2VwzwCE="; - sparseCheckout = ["variablefont"]; + sparseCheckout = [ "variablefont" ]; }; - nativeBuildInputs = [util-linux]; + nativeBuildInputs = [ util-linux ]; installPhase = '' runHook preInstall diff --git a/packages/neovim/config.nix b/packages/neovim/config.nix index ea5c815..597552b 100644 --- a/packages/neovim/config.nix +++ b/packages/neovim/config.nix @@ -1,11 +1,6 @@ +{ pkgs, inputs', ... }: { - pkgs, - inputs', - ... -}: { - imports = [ - ./which-key.nix - ]; + imports = [ ./which-key.nix ]; clipboard = { register = "unnamedplus"; @@ -62,7 +57,7 @@ }; snippet.expand = "function(args) require('luasnip').lsp_expand(args.body) end"; sources = [ - {name = "nvim_lsp";} + { name = "nvim_lsp"; } { name = "nvim_lsp"; keywordLength = 3; @@ -75,7 +70,7 @@ name = "treesitter"; keywordLength = 2; } - {name = "path";} + { name = "path"; } { name = "buffer"; keywordLength = 3; @@ -196,7 +191,14 @@ moduleConfig = { autotag = { enable = true; - filetypes = ["html" "xml" "astro" "javascriptreact" "typescriptreact" "svelte"]; + filetypes = [ + "html" + "xml" + "astro" + "javascriptreact" + "typescriptreact" + "svelte" + ]; }; highlight = { enable = true; @@ -216,9 +218,7 @@ luafile ${./lua/keymaps.lua} ''; - extraPlugins = with pkgs.vimPlugins; [ - vim-abolish - ]; + extraPlugins = with pkgs.vimPlugins; [ vim-abolish ]; extraPackages = [ pkgs.nodejs diff --git a/packages/neovim/default.nix b/packages/neovim/default.nix index b7a6ff7..14beb31 100644 --- a/packages/neovim/default.nix +++ b/packages/neovim/default.nix @@ -1,16 +1,19 @@ -{inputs, ...}: { - perSystem = { - config, - pkgs, - system, - inputs', - self', - ... - }: { - packages = { - neovim = inputs.nixvim.legacyPackages.${pkgs.system}.makeNixvimWithModule { - module = import ./config.nix {inherit pkgs inputs';}; +{ inputs, ... }: +{ + perSystem = + { + config, + pkgs, + system, + inputs', + self', + ... + }: + { + packages = { + neovim = inputs.nixvim.legacyPackages.${pkgs.system}.makeNixvimWithModule { + module = import ./config.nix { inherit pkgs inputs'; }; + }; }; }; - }; } diff --git a/packages/neovim/which-key.nix b/packages/neovim/which-key.nix index ee12776..046f7f1 100644 --- a/packages/neovim/which-key.nix +++ b/packages/neovim/which-key.nix @@ -1,23 +1,21 @@ -{ - helpers, - pkgs, - ... -}: let - mkRequireBind = { - module, - cmd, - desc, - }: [ - (helpers.mkRaw "require(\"${module}\").${cmd}") - desc - ]; - mkCmdBind = { - cmd, - desc, - }: [ - "${cmd}" - desc - ]; +{ helpers, pkgs, ... }: +let + mkRequireBind = + { + module, + cmd, + desc, + }: + [ + (helpers.mkRaw "require(\"${module}\").${cmd}") + desc + ]; + mkCmdBind = + { cmd, desc }: + [ + "${cmd}" + desc + ]; bindings = { normal = { @@ -194,14 +192,19 @@ }; }; }; -in { - extraConfigLua = let - names = builtins.attrNames bindings; - generateRegistrations = name: let - inherit (bindings.${name}) registrations opts; - in "require(\"which-key\").register(${helpers.toLuaObject registrations}, ${helpers.toLuaObject opts})"; - in +in +{ + extraConfigLua = + let + names = builtins.attrNames bindings; + generateRegistrations = + name: + let + inherit (bindings.${name}) registrations opts; + in + "require(\"which-key\").register(${helpers.toLuaObject registrations}, ${helpers.toLuaObject opts})"; + in builtins.concatStringsSep "\n" (builtins.map generateRegistrations names); - extraPlugins = [pkgs.vimPlugins.which-key-nvim]; + extraPlugins = [ pkgs.vimPlugins.which-key-nvim ]; } diff --git a/packages/nomad/default.nix b/packages/nomad/default.nix index 8fc581f..3fa3437 100644 --- a/packages/nomad/default.nix +++ b/packages/nomad/default.nix @@ -1,8 +1,7 @@ -{nomad}: let +{ nomad }: +let patched = nomad.overrideAttrs (old: { - patches = - (old.patches or []) - ++ [./0001-Add-Nix-integration.patch]; + patches = (old.patches or [ ]) ++ [ ./0001-Add-Nix-integration.patch ]; }); in - nomad +nomad diff --git a/packages/vault-bin/default.nix b/packages/vault-bin/default.nix index cf1ef7d..2f625a3 100644 --- a/packages/vault-bin/default.nix +++ b/packages/vault-bin/default.nix @@ -2,7 +2,8 @@ vault-bin, fetchzip, system, -}: let +}: +let suffix = { x86_64-linux = "linux_amd64"; @@ -13,10 +14,10 @@ } .${system}; in - vault-bin.overrideAttrs (old: rec { - version = "1.11.6"; - src = fetchzip { - url = "https://releases.hashicorp.com/vault/${version}/vault_${version}_${suffix}.zip"; - hash = "sha256-ppqlPvMIc3luhCs4V83K0J9IuUw9f9zLF5iYvo6amVE="; - }; - }) +vault-bin.overrideAttrs (old: rec { + version = "1.11.6"; + src = fetchzip { + url = "https://releases.hashicorp.com/vault/${version}/vault_${version}_${suffix}.zip"; + hash = "sha256-ppqlPvMIc3luhCs4V83K0J9IuUw9f9zLF5iYvo6amVE="; + }; +}) diff --git a/terraform/configurations/apps/main.nix b/terraform/configurations/apps/main.nix index 9c05a52..bf846b1 100644 --- a/terraform/configurations/apps/main.nix +++ b/terraform/configurations/apps/main.nix @@ -1,9 +1,11 @@ -{nomadJobs, ...}: let +{ nomadJobs, ... }: +let nomad_jobs = nomadJobs; -in { +in +{ # configure hcloud provider = { - nomad = {}; + nomad = { }; }; justinrubek.nomadVolumes = { @@ -102,7 +104,10 @@ in { enable = false; jobspec = "${nomad_jobs}/valheim.json"; extraArgs = { - depends_on = ["resource.nomad_volume.valheim_data" "resource.nomad_volume.valheim_config"]; + depends_on = [ + "resource.nomad_volume.valheim_data" + "resource.nomad_volume.valheim_config" + ]; }; }; @@ -135,7 +140,11 @@ in { enable = false; jobspec = "${nomad_jobs}/jellyfin.json"; extraArgs = { - depends_on = ["resource.nomad_volume.jellyfin_cache" "resource.nomad_volume.jellyfin_config" "resource.nomad_volume.jellyfin_media"]; + depends_on = [ + "resource.nomad_volume.jellyfin_cache" + "resource.nomad_volume.jellyfin_config" + "resource.nomad_volume.jellyfin_media" + ]; }; }; @@ -143,7 +152,11 @@ in { enable = false; jobspec = "${nomad_jobs}/paperless.json"; extraArgs = { - depends_on = ["resource.nomad_volume.paperless_consume" "resource.nomad_volume.paperless_data" "resource.nomad_volume.paperless_media"]; + depends_on = [ + "resource.nomad_volume.paperless_consume" + "resource.nomad_volume.paperless_data" + "resource.nomad_volume.paperless_media" + ]; }; }; @@ -156,7 +169,7 @@ in { enable = true; jobspec = "${nomad_jobs}/conduit.json"; extraArgs = { - depends_on = ["resource.nomad_volume.conduit_data"]; + depends_on = [ "resource.nomad_volume.conduit_data" ]; }; }; @@ -164,7 +177,7 @@ in { enable = false; jobspec = "${nomad_jobs}/factorio.json"; extraArgs = { - depends_on = ["resource.nomad_volume.factorio_data"]; + depends_on = [ "resource.nomad_volume.factorio_data" ]; }; }; @@ -177,7 +190,7 @@ in { enable = true; jobspec = "${nomad_jobs}/nix_cache.json"; extraArgs = { - depends_on = ["resource.nomad_volume.nix_cache_postgres"]; + depends_on = [ "resource.nomad_volume.nix_cache_postgres" ]; }; }; @@ -185,7 +198,7 @@ in { enable = true; jobspec = "${nomad_jobs}/lockpad.json"; extraArgs = { - depends_on = ["resource.nomad_volume.lockpad_postgres"]; + depends_on = [ "resource.nomad_volume.lockpad_postgres" ]; }; }; diff --git a/terraform/configurations/consul/main.nix b/terraform/configurations/consul/main.nix index 03c7a76..afff4d4 100644 --- a/terraform/configurations/consul/main.nix +++ b/terraform/configurations/consul/main.nix @@ -1,7 +1,7 @@ _: { # configure hcloud provider = { - vault = {}; + vault = { }; consul = { datacenter = "dc1"; }; @@ -17,9 +17,7 @@ _: { resource = { consul_acl_token.vault = { description = "ACL token for Consul secrets engine in Vault"; - policies = [ - "\${data.consul_acl_policy.management.name}" - ]; + policies = [ "\${data.consul_acl_policy.management.name}" ]; local = true; }; @@ -73,17 +71,13 @@ _: { vault_github_team.app_team = { backend = "\${vault_github_auth_backend.org.id}"; team = "app-team"; - policies = [ - "\${vault_policy.app_team.name}" - ]; + policies = [ "\${vault_policy.app_team.name}" ]; }; vault_github_user.justin = { backend = "\${vault_github_auth_backend.org.id}"; user = "justinrubek"; - policies = [ - "\${vault_policy.app_team.name}" - ]; + policies = [ "\${vault_policy.app_team.name}" ]; }; }; } diff --git a/terraform/configurations/dns/main.nix b/terraform/configurations/dns/main.nix index a4bad7a..59aaf8e 100644 --- a/terraform/configurations/dns/main.nix +++ b/terraform/configurations/dns/main.nix @@ -1,7 +1,7 @@ _: { # configure hcloud provider = { - vault = {}; + vault = { }; porkbun = { api_key = "\${data.vault_kv_secret_v2.porkbun_key.data.api_key}"; secret_key = "\${data.vault_kv_secret_v2.porkbun_key.data.secret_key}"; diff --git a/terraform/configurations/github/main.nix b/terraform/configurations/github/main.nix index ef8b77c..fb64135 100644 --- a/terraform/configurations/github/main.nix +++ b/terraform/configurations/github/main.nix @@ -1,11 +1,8 @@ +{ nomadJobs, pkgs, ... }: { - nomadJobs, - pkgs, - ... -}: { provider = { - github = {}; - vault = {}; + github = { }; + vault = { }; }; # TODO: retrieve kvv2_path from the vault configuration @@ -22,245 +19,483 @@ }; }; - justinrubek.githubRepositories = let - prevent_deletion = [ - "main" - ]; - - # quick short-hand for frequently used topics - topics = { - nix = ["nix"]; - flake = ["nix-flake" "flake"]; - rust = ["rust"]; - terraform = ["terraform"]; - bevy = ["bevy" "bevyengine" "game"]; - }; - - # Given a list of attr keys into `topics`, return a list of topic values. - # e.g. mkTopic ["nix" "rust"] -> ["nix" "nix-flake" "rust"] - mkTopic = groups: builtins.concatLists (builtins.map (group: topics.${group}) groups); - in { - annapurna = { - description = "Recipe, cooking, and shopping helper featuring logical programming"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["ascent"]; - - inherit prevent_deletion; - - homepage_url = "https://annapurna.rubek.cloud"; - }; - - async-watcher = { - description = "A file notification library for tokio"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["async" "file-watcher"]; - - inherit prevent_deletion; - - secrets = { - CRATES_IO_TOKEN = {value = "\${data.vault_kv_secret_v2.crates_io.data.token}";}; + justinrubek.githubRepositories = + let + prevent_deletion = [ "main" ]; + + # quick short-hand for frequently used topics + topics = { + nix = [ "nix" ]; + flake = [ + "nix-flake" + "flake" + ]; + rust = [ "rust" ]; + terraform = [ "terraform" ]; + bevy = [ + "bevy" + "bevyengine" + "game" + ]; }; - }; - - ayysee = { - description = "A custom programming language for Stationeers integrated circuits"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["stationeers" "language" "compiler"]; - inherit prevent_deletion; + # Given a list of attr keys into `topics`, return a list of topic values. + # e.g. mkTopic ["nix" "rust"] -> ["nix" "nix-flake" "rust"] + mkTopic = groups: builtins.concatLists (builtins.map (group: topics.${group}) groups); + in + { + annapurna = { + description = "Recipe, cooking, and shopping helper featuring logical programming"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ "ascent" ]; + + inherit prevent_deletion; + + homepage_url = "https://annapurna.rubek.cloud"; + }; - pages = { - source = { - branch = "gh-pages"; - path = "/"; + async-watcher = { + description = "A file notification library for tokio"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ + "async" + "file-watcher" + ]; + + inherit prevent_deletion; + + secrets = { + CRATES_IO_TOKEN = { + value = "\${data.vault_kv_secret_v2.crates_io.data.token}"; + }; }; }; - homepage_url = "https://justinrubek.github.io/ayysee/"; - }; - - bevy-template = { - description = "A template for bevy games"; - topics = (mkTopic ["nix" "rust" "flake" "bevy"]) ++ ["template"]; - is_template = true; - - prevent_deletion = []; # ensure main has no protection - }; - bomper = { - description = "bump version strings in your files"; - topics = mkTopic ["rust" "flake"]; - - inherit prevent_deletion; - }; - - calendar-scheduler = { - description = "CalDav utility library and axum API for scheduling based on availability stored in a calendar"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["caldav" "calendar" "scheduler"]; - - inherit prevent_deletion; - }; - - cheesecalc = { - description = "Calculates ratios used for my mac and cheese"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["cooking" "recipe" "wasm"]; - - inherit prevent_deletion; - - pages = { - source = { - branch = "gh-pages"; - path = "/"; + ayysee = { + description = "A custom programming language for Stationeers integrated circuits"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ + "stationeers" + "language" + "compiler" + ]; + + inherit prevent_deletion; + + pages = { + source = { + branch = "gh-pages"; + path = "/"; + }; }; + homepage_url = "https://justinrubek.github.io/ayysee/"; }; - homepage_url = "https://justinrubek.github.io/cheesecalc/"; - }; - - factorio-server = { - description = "Factorio server container image"; - topics = (mkTopic ["nix" "flake"]) ++ ["factorio" "game" "game-server"]; - inherit prevent_deletion; - - secrets = { - DOCKER_HUB_TOKEN = {value = "\${data.vault_kv_secret_v2.docker_io.data.token}";}; - DOCKER_HUB_USERNAME = {value = "\${data.vault_kv_secret_v2.docker_io.data.username}";}; + bevy-template = { + description = "A template for bevy games"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + "bevy" + ]) + ++ [ "template" ]; + is_template = true; + + prevent_deletion = [ ]; # ensure main has no protection }; - homepage_url = "https://hub.docker.com/repository/docker/justinrubek/factorio-server/"; - }; - - generation-toolkit = { - description = "A collection of tools for working with generative models. This is a work in progress as I need more tools for my own use cases"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["openai" "gpt" "llm" "stable-diffusion" "image-generation" "text2image" "diffusion" "libtorch"]; - - inherit prevent_deletion; - }; - - git-prune-branches = { - description = "A command-line application that cleans local git branches from remote repositories"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["git" "gix" "gitoxide"]; - - inherit prevent_deletion; - }; - - global-keybind = { - description = "Use evdev to send a specific input event to X windows when using Wayland"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["wayland" "x11" "evdev" "input" "keybind"]; - - inherit prevent_deletion; - }; - - inkmlrs = { - description = "Create and render InkML documents"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["inkml"]; - - prevent_deletion = ["master"]; - }; + bomper = { + description = "bump version strings in your files"; + topics = mkTopic [ + "rust" + "flake" + ]; - lockpad = { - description = "Simplistic login system"; + inherit prevent_deletion; + }; - inherit prevent_deletion; + calendar-scheduler = { + description = "CalDav utility library and axum API for scheduling based on availability stored in a calendar"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ + "caldav" + "calendar" + "scheduler" + ]; + + inherit prevent_deletion; + }; - secrets = { - CRATES_IO_TOKEN = {value = "\${data.vault_kv_secret_v2.crates_io.data.token}";}; + cheesecalc = { + description = "Calculates ratios used for my mac and cheese"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ + "cooking" + "recipe" + "wasm" + ]; + + inherit prevent_deletion; + + pages = { + source = { + branch = "gh-pages"; + path = "/"; + }; + }; + homepage_url = "https://justinrubek.github.io/cheesecalc/"; }; - }; - matrix-bot = { - description = "A work-in-progress matrix bot for my personal matrix server. I am using this to learn how to interact with matrix and to build a bot that can help me with my personal technology infrastructure"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["matrix" "chatbot"]; + factorio-server = { + description = "Factorio server container image"; + topics = + (mkTopic [ + "nix" + "flake" + ]) + ++ [ + "factorio" + "game" + "game-server" + ]; + + inherit prevent_deletion; + + secrets = { + DOCKER_HUB_TOKEN = { + value = "\${data.vault_kv_secret_v2.docker_io.data.token}"; + }; + DOCKER_HUB_USERNAME = { + value = "\${data.vault_kv_secret_v2.docker_io.data.username}"; + }; + }; - inherit prevent_deletion; - }; + homepage_url = "https://hub.docker.com/repository/docker/justinrubek/factorio-server/"; + }; - nix-postgres = { - description = "An opinionated postgresql"; - topics = (mkTopic ["nix" "flake"]) ++ ["postgres" "postgresql"]; - }; + generation-toolkit = { + description = "A collection of tools for working with generative models. This is a work in progress as I need more tools for my own use cases"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ + "openai" + "gpt" + "llm" + "stable-diffusion" + "image-generation" + "text2image" + "diffusion" + "libtorch" + ]; + + inherit prevent_deletion; + }; - nixos-configs = { - description = "My 'dotfiles'. A collection of nixos configurations and other declarative infrastructure for my personal computing infrastructure"; - topics = (mkTopic ["nix" "flake"]) ++ ["dotfiles" "nixos"]; + git-prune-branches = { + description = "A command-line application that cleans local git branches from remote repositories"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ + "git" + "gix" + "gitoxide" + ]; + + inherit prevent_deletion; + }; - inherit prevent_deletion; + global-keybind = { + description = "Use evdev to send a specific input event to X windows when using Wayland"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ + "wayland" + "x11" + "evdev" + "input" + "keybind" + ]; + + inherit prevent_deletion; + }; - secrets = { - DOCKER_HUB_TOKEN = {value = "\${data.vault_kv_secret_v2.docker_io.data.token}";}; - DOCKER_HUB_USERNAME = {value = "\${data.vault_kv_secret_v2.docker_io.data.username}";}; + inkmlrs = { + description = "Create and render InkML documents"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ "inkml" ]; + + prevent_deletion = [ "master" ]; }; - }; - nutmeg = { - description = "A game proof of concept. This is an unfinished game originally intended for bevy jam 2"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["game" "bevy" "jam" "bevy-jam"]; + lockpad = { + description = "Simplistic login system"; - inherit prevent_deletion; + inherit prevent_deletion; - pages = { - source = { - branch = "gh-pages"; - path = "/"; + secrets = { + CRATES_IO_TOKEN = { + value = "\${data.vault_kv_secret_v2.crates_io.data.token}"; + }; }; }; - homepage_url = "https://justinrubek.github.io/nutmeg/"; - }; - - project-runner = { - description = "A tool/library that detects and describes details about a project. This is a work in progress and is intended to be used as a library for other tools to build on top of and provide a consistent experience for interactions."; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["project" "runner" "prj"]; - - inherit prevent_deletion; - secrets = { - CRATES_IO_TOKEN = {value = "\${data.vault_kv_secret_v2.crates_io.data.token}";}; + matrix-bot = { + description = "A work-in-progress matrix bot for my personal matrix server. I am using this to learn how to interact with matrix and to build a bot that can help me with my personal technology infrastructure"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ + "matrix" + "chatbot" + ]; + + inherit prevent_deletion; }; - }; - - templates = { - description = "Quick start project templates. My common boilerplate goes here"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["templates"]; - - inherit prevent_deletion; - }; - thoenix = { - description = "Manage terraform configurations using terranix"; - topics = mkTopic ["nix" "rust" "flake" "terraform"]; - - inherit prevent_deletion; - }; + nix-postgres = { + description = "An opinionated postgresql"; + topics = + (mkTopic [ + "nix" + "flake" + ]) + ++ [ + "postgres" + "postgresql" + ]; + }; - nix-sqlx-example = { - description = "Example of using sqlx in a nix flake, with pre-commit hooks"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["sqlx" "pre-commit" "example"]; + nixos-configs = { + description = "My 'dotfiles'. A collection of nixos configurations and other declarative infrastructure for my personal computing infrastructure"; + topics = + (mkTopic [ + "nix" + "flake" + ]) + ++ [ + "dotfiles" + "nixos" + ]; + + inherit prevent_deletion; + + secrets = { + DOCKER_HUB_TOKEN = { + value = "\${data.vault_kv_secret_v2.docker_io.data.token}"; + }; + DOCKER_HUB_USERNAME = { + value = "\${data.vault_kv_secret_v2.docker_io.data.username}"; + }; + }; + }; - inherit prevent_deletion; - }; + nutmeg = { + description = "A game proof of concept. This is an unfinished game originally intended for bevy jam 2"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ + "game" + "bevy" + "jam" + "bevy-jam" + ]; + + inherit prevent_deletion; + + pages = { + source = { + branch = "gh-pages"; + path = "/"; + }; + }; + homepage_url = "https://justinrubek.github.io/nutmeg/"; + }; - "rubek.dev" = { - description = "My personal website"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["website" "astro" "svelte" "tailwind" "github-actions" "yarn" "dream2nix" "crane" "typescript"]; + project-runner = { + description = "A tool/library that detects and describes details about a project. This is a work in progress and is intended to be used as a library for other tools to build on top of and provide a consistent experience for interactions."; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ + "project" + "runner" + "prj" + ]; + + inherit prevent_deletion; + + secrets = { + CRATES_IO_TOKEN = { + value = "\${data.vault_kv_secret_v2.crates_io.data.token}"; + }; + }; + }; - inherit prevent_deletion; + templates = { + description = "Quick start project templates. My common boilerplate goes here"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ "templates" ]; + + inherit prevent_deletion; + }; - homepage_url = "https://rubek.dev"; + thoenix = { + description = "Manage terraform configurations using terranix"; + topics = mkTopic [ + "nix" + "rust" + "flake" + "terraform" + ]; - secrets = { - DOCKER_HUB_TOKEN = {value = "\${data.vault_kv_secret_v2.docker_io.data.token}";}; - DOCKER_HUB_USERNAME = {value = "\${data.vault_kv_secret_v2.docker_io.data.username}";}; + inherit prevent_deletion; }; - }; - wasm-bindgen-service-worker = { - description = "A web service worker implementation using wasm_bindgen. This is a proof of concept using rust to initialize and manage a service worker"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["wasm-bindgen" "service-worker" "wasm" "web" "worker" "poc"]; + nix-sqlx-example = { + description = "Example of using sqlx in a nix flake, with pre-commit hooks"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ + "sqlx" + "pre-commit" + "example" + ]; + + inherit prevent_deletion; + }; - inherit prevent_deletion; - }; + "rubek.dev" = { + description = "My personal website"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ + "website" + "astro" + "svelte" + "tailwind" + "github-actions" + "yarn" + "dream2nix" + "crane" + "typescript" + ]; + + inherit prevent_deletion; + + homepage_url = "https://rubek.dev"; + + secrets = { + DOCKER_HUB_TOKEN = { + value = "\${data.vault_kv_secret_v2.docker_io.data.token}"; + }; + DOCKER_HUB_USERNAME = { + value = "\${data.vault_kv_secret_v2.docker_io.data.username}"; + }; + }; + }; - wayland-playground = { - description = "My space for experimenting with wayland"; - topics = (mkTopic ["nix" "rust" "flake"]) ++ ["wayland" "smithay" "smithay-client-toolkit"]; + wasm-bindgen-service-worker = { + description = "A web service worker implementation using wasm_bindgen. This is a proof of concept using rust to initialize and manage a service worker"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ + "wasm-bindgen" + "service-worker" + "wasm" + "web" + "worker" + "poc" + ]; + + inherit prevent_deletion; + }; - inherit prevent_deletion; + wayland-playground = { + description = "My space for experimenting with wayland"; + topics = + (mkTopic [ + "nix" + "rust" + "flake" + ]) + ++ [ + "wayland" + "smithay" + "smithay-client-toolkit" + ]; + + inherit prevent_deletion; + }; }; - }; } diff --git a/terraform/configurations/hetzner/main.nix b/terraform/configurations/hetzner/main.nix index 20128f8..886d2c8 100644 --- a/terraform/configurations/hetzner/main.nix +++ b/terraform/configurations/hetzner/main.nix @@ -1,4 +1,5 @@ -_: let +_: +let server_type = "cpx11"; location = "hil"; image = "\${data.hcloud_image.nixos_base.id}"; @@ -7,7 +8,8 @@ _: let ipv4_enabled = true; ipv6_enabled = true; }; -in { +in +{ # configure hcloud variable.hcloud_token.sensitive = true; provider.hcloud.token = "\${var.hcloud_token}"; @@ -81,9 +83,7 @@ in { hcloud_firewall_attachment.http_firewall = { firewall_id = "\${hcloud_firewall.load_balancer.id}"; - server_ids = [ - "\${hcloud_server.huginn.id}" - ]; + server_ids = [ "\${hcloud_server.huginn.id}" ]; }; ### NFS diff --git a/terraform/configurations/minio/main.nix b/terraform/configurations/minio/main.nix index 79bf3f5..23b2373 100644 --- a/terraform/configurations/minio/main.nix +++ b/terraform/configurations/minio/main.nix @@ -1,10 +1,9 @@ _: { provider = { - minio = {}; + minio = { }; }; - locals = { - }; + locals = { }; resource = { minio_s3_bucket = { @@ -52,17 +51,13 @@ _: { nix-cache = { name = "nix-cache"; group = "\${minio_iam_group.nix-cache.name}"; - users = [ - "\${minio_iam_user.nix_cache.name}" - ]; + users = [ "\${minio_iam_user.nix_cache.name}" ]; }; justin = { name = "justin"; group = "\${minio_iam_group.justin.name}"; - users = [ - "\${minio_iam_user.justin.name}" - ]; + users = [ "\${minio_iam_user.justin.name}" ]; }; }; diff --git a/terraform/configurations/test/main.nix b/terraform/configurations/test/main.nix index 1dcfaf6..7617671 100644 --- a/terraform/configurations/test/main.nix +++ b/terraform/configurations/test/main.nix @@ -1,8 +1,5 @@ +{ nomadJobs, pkgs, ... }: { - nomadJobs, - pkgs, - ... -}: { # TODO: determine how to handle workspace/config name in address backend.http = { address = "http://localhost:4646/tf/state/test"; @@ -13,12 +10,12 @@ }; provider = { - null = {}; + null = { }; }; resource = { null_resource = { - "foo" = {}; + "foo" = { }; }; }; } diff --git a/terraform/configurations/vault/main.nix b/terraform/configurations/vault/main.nix index 32fcca7..45109cf 100644 --- a/terraform/configurations/vault/main.nix +++ b/terraform/configurations/vault/main.nix @@ -1,11 +1,13 @@ -_: let +_: +let kv_v2_path = "kv-v2"; -in { +in +{ # configure hcloud provider = { - vault = {}; + vault = { }; - sops = {}; + sops = { }; }; data.sops_file.vault_admin = { @@ -89,11 +91,12 @@ in { }; vault_generic_endpoint.admin = { - depends_on = ["vault_auth_backend.userpass"]; + depends_on = [ "vault_auth_backend.userpass" ]; path = "auth/userpass/users/admin"; ignore_absent_fields = true; - data_json = '' { + data_json = '' + { "password": "''${local.vault_admin}", "policies": ["admins", "eaas-client"] }''; @@ -121,7 +124,7 @@ in { vault_token_auth_backend_role.nomad_cluster = { role_name = "nomad-cluster"; - disallowed_policies = ["nomad-server"]; + disallowed_policies = [ "nomad-server" ]; token_explicit_max_ttl = "0"; orphan = true; token_period = "259200"; diff --git a/terraform/modules/default.nix b/terraform/modules/default.nix index 4482f57..ced626e 100644 --- a/terraform/modules/default.nix +++ b/terraform/modules/default.nix @@ -1,8 +1,5 @@ +{ inputs, self, ... }@module-input: { - inputs, - self, - ... -} @ module-input: { flake.terraformModules = { nomadjob = import ./nomadjob module-input; nomadvolumes = import ./nomadvolumes module-input; diff --git a/terraform/modules/github_repository/default.nix b/terraform/modules/github_repository/default.nix index 6bd06b7..6d1f169 100644 --- a/terraform/modules/github_repository/default.nix +++ b/terraform/modules/github_repository/default.nix @@ -1,275 +1,302 @@ -{self, ...}: { +{ self, ... }: +{ self, nixpkgs, inputs, config, lib, ... -}: let +}: +let cfg = config.justinrubek.githubRepositories; -in { +in +{ options = { justinrubek.githubRepositories = lib.mkOption { - default = {}; - type = lib.types.attrsOf (lib.types.submodule ({ - name, - config, - ... - }: { - options = { - description = lib.mkOption { - description = "Description of the repository."; - type = lib.types.str; - }; - - visibility = lib.mkOption { - description = "Visibility of the repository."; - type = lib.types.enum ["public" "private"]; - default = "public"; - }; - - has_issues = lib.mkOption { - description = "Whether the repository has issues enabled."; - type = lib.types.bool; - default = true; - }; - - has_discussions = lib.mkOption { - description = "Whether the repository has discussions enabled."; - type = lib.types.bool; - default = true; - }; - - has_wiki = lib.mkOption { - description = "Whether the repository has wiki enabled."; - type = lib.types.bool; - default = false; - }; - - has_projects = lib.mkOption { - description = "Whether the repository has projects enabled."; - type = lib.types.bool; - default = false; - }; - - is_template = lib.mkOption { - description = "Whether the repository is a template."; - type = lib.types.bool; - default = false; - }; - - has_downloads = lib.mkOption { - description = "Whether the repository has downloads enabled."; - type = lib.types.bool; - default = false; - }; - - allow_merge_commit = lib.mkOption { - description = "Whether the repository allows merge commits."; - type = lib.types.bool; - default = false; - }; - - allow_squash_merge = lib.mkOption { - description = "Whether the repository allows squash merging."; - type = lib.types.bool; - default = false; - }; - - allow_rebase_merge = lib.mkOption { - description = "Whether the repository allows rebase merging."; - type = lib.types.bool; - default = true; - }; - - allow_auto_merge = lib.mkOption { - description = "Whether the repository allows auto merging."; - type = lib.types.bool; - default = true; - }; - - delete_branch_on_merge = lib.mkOption { - description = "Whether the repository deletes branches on merge."; - type = lib.types.bool; - default = true; - }; - - topics = lib.mkOption { - description = "A list of topics for the repository."; - default = null; - type = lib.types.nullOr (lib.types.listOf lib.types.str); - }; - - name = lib.mkOption { - description = "Name of the repository."; - type = lib.types.str; - readOnly = true; - }; - - terraformName = lib.mkOption { - description = "Name of the repository terraform resource."; - type = lib.types.str; - readOnly = true; - }; - - prevent_deletion = lib.mkOption { - description = "A list of branches to prevent deletion of."; - type = lib.types.listOf lib.types.str; - default = ["main"]; - }; - - vulnerability_alerts = lib.mkOption { - description = "Whether vulnerability alerts are enabled."; - type = lib.types.bool; - default = true; - }; - - homepage_url = lib.mkOption { - description = "The URL of a page describing the project."; - type = lib.types.nullOr lib.types.str; - default = null; - }; - - pages = lib.mkOption { - description = "GitHub Pages configuration."; - default = null; - type = lib.types.nullOr (lib.types.submodule ({ - branch, - path, - ... - }: { - options = { - source.branch = lib.mkOption { - description = "The branch to publish."; - type = lib.types.str; - }; + default = { }; + type = lib.types.attrsOf ( + lib.types.submodule ( + { name, config, ... }: + { + options = { + description = lib.mkOption { + description = "Description of the repository."; + type = lib.types.str; + }; - source.path = lib.mkOption { - description = "The path to publish."; - type = lib.types.str; - default = "/"; - }; + visibility = lib.mkOption { + description = "Visibility of the repository."; + type = lib.types.enum [ + "public" + "private" + ]; + default = "public"; }; - })); - }; - - secrets = lib.mkOption { - description = "Secrets to create."; - default = {}; - type = lib.types.attrsOf (lib.types.submodule ({ - name, - config, - ... - }: { - options = { - value = lib.mkOption { - description = "Value of the secret."; - type = lib.types.str; - }; - encrypted = lib.mkOption { - description = "Whether or not the value is encrypted with GitHub's public key in base64."; - type = lib.types.bool; - default = false; - }; + has_issues = lib.mkOption { + description = "Whether the repository has issues enabled."; + type = lib.types.bool; + default = true; + }; + + has_discussions = lib.mkOption { + description = "Whether the repository has discussions enabled."; + type = lib.types.bool; + default = true; + }; + + has_wiki = lib.mkOption { + description = "Whether the repository has wiki enabled."; + type = lib.types.bool; + default = false; + }; + + has_projects = lib.mkOption { + description = "Whether the repository has projects enabled."; + type = lib.types.bool; + default = false; + }; + + is_template = lib.mkOption { + description = "Whether the repository is a template."; + type = lib.types.bool; + default = false; + }; + + has_downloads = lib.mkOption { + description = "Whether the repository has downloads enabled."; + type = lib.types.bool; + default = false; + }; + + allow_merge_commit = lib.mkOption { + description = "Whether the repository allows merge commits."; + type = lib.types.bool; + default = false; + }; + + allow_squash_merge = lib.mkOption { + description = "Whether the repository allows squash merging."; + type = lib.types.bool; + default = false; + }; + + allow_rebase_merge = lib.mkOption { + description = "Whether the repository allows rebase merging."; + type = lib.types.bool; + default = true; + }; + + allow_auto_merge = lib.mkOption { + description = "Whether the repository allows auto merging."; + type = lib.types.bool; + default = true; + }; + + delete_branch_on_merge = lib.mkOption { + description = "Whether the repository deletes branches on merge."; + type = lib.types.bool; + default = true; }; - })); - }; - - repositoryResource = lib.mkOption { - type = lib.types.unspecified; - readOnly = true; - description = "The repository configuration"; - }; - - branchProtection = lib.mkOption { - type = lib.types.listOf lib.types.unspecified; - readOnly = true; - description = "The branch protection configuration"; - }; - - secretResources = lib.mkOption { - type = lib.types.listOf lib.types.unspecified; - readOnly = true; - description = "The repository secret configuration terraform values"; - }; - }; - - config = { - inherit name; - terraformName = builtins.replaceStrings ["."] ["-"] name; - - repositoryResource = { - inherit name; - inherit (config) description visibility has_issues has_discussions has_wiki has_projects has_downloads is_template allow_merge_commit allow_squash_merge allow_rebase_merge allow_auto_merge delete_branch_on_merge topics vulnerability_alerts homepage_url pages; - }; - - branchProtection = - builtins.map (branch: { - name = "${config.terraformName}-${branch}"; - value = { - repository_id = "\${github_repository.${config.terraformName}.id}"; - pattern = branch; - allows_deletions = false; - force_push_bypassers = ["/justinrubek"]; + + topics = lib.mkOption { + description = "A list of topics for the repository."; + default = null; + type = lib.types.nullOr (lib.types.listOf lib.types.str); + }; + + name = lib.mkOption { + description = "Name of the repository."; + type = lib.types.str; + readOnly = true; }; - }) - config.prevent_deletion; - - # map the nix modules to the format that terraform expects - # the mapped `name` is used to create a unique name for the resource - # the mapped `value` contains the values as they will be given to the resource - secretResources = let - inherit (config) terraformName; - repoName = name; - in - lib.mapAttrsToList (name: config: { - name = "${terraformName}-${name}"; - value = { - repository = repoName; - secret_name = name; - plaintext_value = lib.mkIf (!config.encrypted) config.value; - encrypted_value = lib.mkIf config.encrypted config.value; + + terraformName = lib.mkOption { + description = "Name of the repository terraform resource."; + type = lib.types.str; + readOnly = true; }; - }) - config.secrets; - }; - })); + + prevent_deletion = lib.mkOption { + description = "A list of branches to prevent deletion of."; + type = lib.types.listOf lib.types.str; + default = [ "main" ]; + }; + + vulnerability_alerts = lib.mkOption { + description = "Whether vulnerability alerts are enabled."; + type = lib.types.bool; + default = true; + }; + + homepage_url = lib.mkOption { + description = "The URL of a page describing the project."; + type = lib.types.nullOr lib.types.str; + default = null; + }; + + pages = lib.mkOption { + description = "GitHub Pages configuration."; + default = null; + type = lib.types.nullOr ( + lib.types.submodule ( + { branch, path, ... }: + { + options = { + source.branch = lib.mkOption { + description = "The branch to publish."; + type = lib.types.str; + }; + + source.path = lib.mkOption { + description = "The path to publish."; + type = lib.types.str; + default = "/"; + }; + }; + } + ) + ); + }; + + secrets = lib.mkOption { + description = "Secrets to create."; + default = { }; + type = lib.types.attrsOf ( + lib.types.submodule ( + { name, config, ... }: + { + options = { + value = lib.mkOption { + description = "Value of the secret."; + type = lib.types.str; + }; + + encrypted = lib.mkOption { + description = "Whether or not the value is encrypted with GitHub's public key in base64."; + type = lib.types.bool; + default = false; + }; + }; + } + ) + ); + }; + + repositoryResource = lib.mkOption { + type = lib.types.unspecified; + readOnly = true; + description = "The repository configuration"; + }; + + branchProtection = lib.mkOption { + type = lib.types.listOf lib.types.unspecified; + readOnly = true; + description = "The branch protection configuration"; + }; + + secretResources = lib.mkOption { + type = lib.types.listOf lib.types.unspecified; + readOnly = true; + description = "The repository secret configuration terraform values"; + }; + }; + + config = { + inherit name; + terraformName = builtins.replaceStrings [ "." ] [ "-" ] name; + + repositoryResource = { + inherit name; + inherit (config) + description + visibility + has_issues + has_discussions + has_wiki + has_projects + has_downloads + is_template + allow_merge_commit + allow_squash_merge + allow_rebase_merge + allow_auto_merge + delete_branch_on_merge + topics + vulnerability_alerts + homepage_url + pages + ; + }; + + branchProtection = builtins.map (branch: { + name = "${config.terraformName}-${branch}"; + value = { + repository_id = "\${github_repository.${config.terraformName}.id}"; + pattern = branch; + allows_deletions = false; + force_push_bypassers = [ "/justinrubek" ]; + }; + }) config.prevent_deletion; + + # map the nix modules to the format that terraform expects + # the mapped `name` is used to create a unique name for the resource + # the mapped `value` contains the values as they will be given to the resource + secretResources = + let + inherit (config) terraformName; + repoName = name; + in + lib.mapAttrsToList (name: config: { + name = "${terraformName}-${name}"; + value = { + repository = repoName; + secret_name = name; + plaintext_value = lib.mkIf (!config.encrypted) config.value; + encrypted_value = lib.mkIf config.encrypted config.value; + }; + }) config.secrets; + }; + } + ) + ); }; }; - config = let - # repositories = builtins.mapAttrs (name: config: config.repositoryResource) cfg; - repositories = - lib.mapAttrs' (name: config: { + config = + let + # repositories = builtins.mapAttrs (name: config: config.repositoryResource) cfg; + repositories = lib.mapAttrs' (name: config: { name = config.terraformName; value = config.repositoryResource; - }) - cfg; + }) cfg; - branchProtections = let - branchProtection = builtins.mapAttrs (name: config: config.branchProtection) cfg; + branchProtections = + let + branchProtection = builtins.mapAttrs (name: config: config.branchProtection) cfg; - values = builtins.attrValues branchProtection; + values = builtins.attrValues branchProtection; - allValues = builtins.foldl' (acc: value: acc ++ value) [] values; - in - builtins.listToAttrs allValues; + allValues = builtins.foldl' (acc: value: acc ++ value) [ ] values; + in + builtins.listToAttrs allValues; - # This maps the nameValuePairs into an attribute set that can be used in the terraform resource - secrets = let - secretResources = builtins.mapAttrs (name: config: config.secretResources) cfg; + # This maps the nameValuePairs into an attribute set that can be used in the terraform resource + secrets = + let + secretResources = builtins.mapAttrs (name: config: config.secretResources) cfg; - values = builtins.attrValues secretResources; + values = builtins.attrValues secretResources; - allValues = builtins.foldl' (acc: value: acc ++ value) [] values; + allValues = builtins.foldl' (acc: value: acc ++ value) [ ] values; + in + builtins.listToAttrs allValues; in - builtins.listToAttrs allValues; - in { - resource = { - github_repository = repositories; - github_branch_protection = branchProtections; - github_actions_secret = secrets; + { + resource = { + github_repository = repositories; + github_branch_protection = branchProtections; + github_actions_secret = secrets; + }; }; - }; } diff --git a/terraform/modules/nomadjob/default.nix b/terraform/modules/nomadjob/default.nix index ce7acb3..b35deee 100644 --- a/terraform/modules/nomadjob/default.nix +++ b/terraform/modules/nomadjob/default.nix @@ -1,11 +1,13 @@ -{self, ...}: { +{ self, ... }: +{ self, nixpkgs, inputs, config, lib, ... -}: let +}: +let cfg = config.justinrubek.nomadJobs; jobs = builtins.mapAttrs (_: config: config.jobResource) cfg; @@ -13,44 +15,44 @@ # do the same as `jobs`, except only include jobs that are enabled enabled = lib.attrsets.filterAttrs (_: config: config.enable) cfg; enabledJobs = builtins.mapAttrs (_: config: config.jobResource) enabled; -in { +in +{ options = { justinrubek.nomadJobs = lib.mkOption { - default = {}; - type = lib.types.attrsOf (lib.types.submodule ({ - name, - config, - ... - }: { - options = { - enable = lib.mkEnableOption "Nomad job ${name}"; + default = { }; + type = lib.types.attrsOf ( + lib.types.submodule ( + { name, config, ... }: + { + options = { + enable = lib.mkEnableOption "Nomad job ${name}"; - jobspec = lib.mkOption { - description = "Path to jobspec file"; - type = lib.types.str; - }; + jobspec = lib.mkOption { + description = "Path to jobspec file"; + type = lib.types.str; + }; - extraArgs = lib.mkOption { - type = lib.types.attrsOf lib.types.unspecified; - default = {}; - }; + extraArgs = lib.mkOption { + type = lib.types.attrsOf lib.types.unspecified; + default = { }; + }; - jobResource = lib.mkOption { - type = lib.types.unspecified; - readOnly = true; - description = "The terraform nomad_job resource"; - }; - }; + jobResource = lib.mkOption { + type = lib.types.unspecified; + readOnly = true; + description = "The terraform nomad_job resource"; + }; + }; - config = { - jobResource = - { - jobspec = ''''${file("${config.jobspec}")}''; - json = true; - } - // config.extraArgs; - }; - })); + config = { + jobResource = { + jobspec = ''''${file("${config.jobspec}")}''; + json = true; + } // config.extraArgs; + }; + } + ) + ); }; }; diff --git a/terraform/modules/nomadvolumes/default.nix b/terraform/modules/nomadvolumes/default.nix index 16bcab3..d527e2c 100644 --- a/terraform/modules/nomadvolumes/default.nix +++ b/terraform/modules/nomadvolumes/default.nix @@ -1,80 +1,89 @@ -{self, ...}: { +{ self, ... }: +{ self, nixpkgs, inputs, config, lib, ... -}: let +}: +let cfg = config.justinrubek.nomadVolumes; enabled = lib.attrsets.filterAttrs (_: config: config.enable) cfg; enabledResources = builtins.mapAttrs (_: config: config.volumeResource) enabled; -in { +in +{ options = { justinrubek.nomadVolumes = lib.mkOption { - default = {}; - type = lib.types.attrsOf (lib.types.submodule ({ - name, - config, - ... - }: { - options = { - enable = lib.mkEnableOption "Nomad volume ${name}"; + default = { }; + type = lib.types.attrsOf ( + lib.types.submodule ( + { name, config, ... }: + { + options = { + enable = lib.mkEnableOption "Nomad volume ${name}"; - server = lib.mkOption { - description = "address of NFS server"; - type = lib.types.str; - }; + server = lib.mkOption { + description = "address of NFS server"; + type = lib.types.str; + }; - path = lib.mkOption { - description = "path on NFS server"; - type = lib.types.str; - }; + path = lib.mkOption { + description = "path on NFS server"; + type = lib.types.str; + }; - extraArgs = lib.mkOption { - type = lib.types.attrsOf lib.types.unspecified; - default = {}; - }; + extraArgs = lib.mkOption { + type = lib.types.attrsOf lib.types.unspecified; + default = { }; + }; - volumeResource = lib.mkOption { - type = lib.types.unspecified; - readOnly = true; - description = "The terraform nomad_volume resource"; - }; - }; + volumeResource = lib.mkOption { + type = lib.types.unspecified; + readOnly = true; + description = "The terraform nomad_volume resource"; + }; + }; - config = { - volumeResource = - { - depends_on = ["resource.nomad_job.storage_controller" "resource.nomad_job.storage_node"]; + config = { + volumeResource = { + depends_on = [ + "resource.nomad_job.storage_controller" + "resource.nomad_job.storage_node" + ]; - type = "csi"; - plugin_id = "org.democratic-csi.nfs"; - volume_id = name; - inherit name; - external_id = name; + type = "csi"; + plugin_id = "org.democratic-csi.nfs"; + volume_id = name; + inherit name; + external_id = name; - capability = { - access_mode = "single-node-writer"; - attachment_mode = "file-system"; - }; + capability = { + access_mode = "single-node-writer"; + attachment_mode = "file-system"; + }; - context = { - inherit (config) server; - share = config.path; - node_attach_driver = "nfs"; - provisioner_driver = "node-manual"; - }; + context = { + inherit (config) server; + share = config.path; + node_attach_driver = "nfs"; + provisioner_driver = "node-manual"; + }; - mount_options = { - fs_type = "nfs"; - mount_flags = ["nfsvers=3" "hard" "async"]; - }; - } - // config.extraArgs; - }; - })); + mount_options = { + fs_type = "nfs"; + mount_flags = [ + "nfsvers=3" + "hard" + "async" + ]; + }; + } // config.extraArgs; + }; + } + ) + ); }; };