diff --git a/default.nix b/default.nix index 873ece4..cb27f93 100644 --- a/default.nix +++ b/default.nix @@ -10,4 +10,5 @@ ) { src = ./.; - }).defaultNix + } +).defaultNix diff --git a/flake.lock b/flake.lock index 0ba7754..cf14e7b 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1732603785, - "narHash": "sha256-AEjWTJwOmSnVYsSJCojKgoguGfFfwel6z/6ud6UFMU8=", + "lastModified": 1733570843, + "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "6ab87b7c84d4ee873e937108c4ff80c015a40c7a", + "rev": "a35b08d09efda83625bef267eb24347b446c80b8", "type": "github" }, "original": { @@ -62,11 +62,11 @@ "flake-compat_2": { "flake": false, "locked": { - "lastModified": 1732722421, - "narHash": "sha256-HRJ/18p+WoXpWJkcdsk9St5ZiukCqSDgbOGFa8Okehg=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "9ed2ac151eada2306ca8c418ebd97807bb08f6ac", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -137,11 +137,11 @@ ] }, "locked": { - "lastModified": 1732884235, - "narHash": "sha256-r8j6R3nrvwbT1aUp4EPQ1KC7gm0pu9VcV1aNaB+XG6Q=", + "lastModified": 1733484277, + "narHash": "sha256-i5ay20XsvpW91N4URET/nOc0VQWOAd4c4vbqYtcH8Rc=", "owner": "nix-community", "repo": "home-manager", - "rev": "819f682269f4e002884702b87e445c82840c68f2", + "rev": "d00c6f6d0ad16d598bf7e2956f52c1d9d5de3c3a", "type": "github" }, "original": { @@ -186,11 +186,11 @@ }, "nixlib": { "locked": { - "lastModified": 1732410305, - "narHash": "sha256-/hxIKRTBsdrnudJWDGaBN8wIjHovqVAVxXdi8ByVtck=", + "lastModified": 1733015484, + "narHash": "sha256-qiyO0GrTvbp869U4VGX5GhAZ00fSiPXszvosY1AgKQ8=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "87b6978992e2eb605732fba842cad0a7e14b2047", + "rev": "0e4fdd4a0ab733276b6d2274ff84ae353f17129e", "type": "github" }, "original": { @@ -207,11 +207,11 @@ ] }, "locked": { - "lastModified": 1732496924, - "narHash": "sha256-/MNhZLR0eh9z/d3l+ammq+F5XxHln0RHgO4Bhtjr0IM=", + "lastModified": 1733360821, + "narHash": "sha256-bNXO+OGxrOjAxv/Lnyj84tNDicJ/FdLyLJHzOKSzYU8=", "owner": "nix-community", "repo": "nixos-generators", - "rev": "098e8b6ff72c86944a8d54b64ddd7b7e6635830a", + "rev": "8cdaf8885c9c85d9d27b594dbe882406aadfe00e", "type": "github" }, "original": { @@ -222,11 +222,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1732937961, - "narHash": "sha256-B5pYT+IVaqcrfOekkwKvx/iToDnuQWzc2oyDxzzBDc4=", + "lastModified": 1733376361, + "narHash": "sha256-aLJxoTDDSqB+/3orsulE6/qdlX6MzDLIITLZqdgMpqo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4703b8d2c708e13a8cab03d865f90973536dcdf5", + "rev": "929116e316068c7318c54eb4d827f7d9756d5e9c", "type": "github" }, "original": { @@ -278,11 +278,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1732021966, - "narHash": "sha256-mnTbjpdqF0luOkou8ZFi2asa1N3AA2CchR/RqCNmsGE=", + "lastModified": 1733318908, + "narHash": "sha256-SVQVsbafSM1dJ4fpgyBqLZ+Lft+jcQuMtEL3lQWx2Sk=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "3308484d1a443fc5bc92012435d79e80458fe43c", + "rev": "6f4e2a2112050951a314d2733a994fbab94864c6", "type": "github" }, "original": { @@ -441,11 +441,11 @@ ] }, "locked": { - "lastModified": 1732575825, - "narHash": "sha256-xtt95+c7OUMoqZf4OvA/7AemiH3aVuWHQbErYQoPwFk=", + "lastModified": 1733128155, + "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=", "owner": "Mic92", "repo": "sops-nix", - "rev": "3433ea14fbd9e6671d0ff0dd45ed15ee4c156ffa", + "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index cf6e314..66e9ed4 100644 --- a/flake.nix +++ b/flake.nix @@ -42,20 +42,37 @@ }; }; - outputs = { self, nixpkgs, flake-utils, deploy-rs, pre-commit-hooks, ... }@inputs: - flake-utils.lib.eachDefaultSystem - (system: - let - pkgs = import nixpkgs { - inherit system; - overlays = [ self.overlays.default ]; - }; - in - { - checks = import ./nix/checks.nix { inherit self pkgs deploy-rs system pre-commit-hooks; }; - devShells = import ./nix/shells.nix { inherit self pkgs system; }; - formatter = pkgs.nixpkgs-fmt; - }) + outputs = + { + self, + nixpkgs, + flake-utils, + deploy-rs, + pre-commit-hooks, + ... + }@inputs: + flake-utils.lib.eachDefaultSystem ( + system: + let + pkgs = import nixpkgs { + inherit system; + overlays = [ self.overlays.default ]; + }; + in + { + checks = import ./nix/checks.nix { + inherit + self + pkgs + deploy-rs + system + pre-commit-hooks + ; + }; + devShells = import ./nix/shells.nix { inherit self pkgs system; }; + formatter = pkgs.nixfmt-rfc-style; + } + ) // { hosts = import ./nix/hosts.nix; overlays.default = nixpkgs.lib.composeManyExtensions [ ]; diff --git a/nix/checks.nix b/nix/checks.nix index e39b0cf..5ab895d 100644 --- a/nix/checks.nix +++ b/nix/checks.nix @@ -1,11 +1,18 @@ -{ self, system, deploy-rs, pre-commit-hooks, ... }: +{ + self, + system, + deploy-rs, + pre-commit-hooks, + ... +}: { pre-commit-check = pre-commit-hooks.lib.${system}.run { src = ./.; hooks = { deadnix.enable = true; - nixpkgs-fmt.enable = true; + nixfmt-rfc-style.enable = true; statix.enable = true; }; }; -} // (deploy-rs.lib.${system}.deployChecks self.deploy) +} +// (deploy-rs.lib.${system}.deployChecks self.deploy) diff --git a/nix/darwin.nix b/nix/darwin.nix index fb027a2..7a3b7e8 100644 --- a/nix/darwin.nix +++ b/nix/darwin.nix @@ -1,6 +1,12 @@ -{ self, darwin, home-manager, ... }: +{ + self, + darwin, + home-manager, + ... +}: let - mkDarwin = hostName: modules: + mkDarwin = + hostName: modules: let hostSystem = self.hosts.${hostName}.system; in diff --git a/nix/deploy.nix b/nix/deploy.nix index 6f842d7..485c939 100644 --- a/nix/deploy.nix +++ b/nix/deploy.nix @@ -1,8 +1,19 @@ -{ self, nixpkgs, deploy-rs, ... }: +{ + self, + nixpkgs, + deploy-rs, + ... +}: let - mkDeploy = hostName: + mkDeploy = + hostName: let - inherit (self.hosts.${hostName}) type address system sshUser; + inherit (self.hosts.${hostName}) + type + address + system + sshUser + ; pkgs = import nixpkgs { inherit system; }; deployPkgs = import nixpkgs { inherit system; @@ -10,7 +21,8 @@ let deploy-rs.overlays.default (_self: super: { deploy-rs = { - inherit (pkgs) deploy-rs; inherit (super.deploy-rs) lib; + inherit (pkgs) deploy-rs; + inherit (super.deploy-rs) lib; }; }) ]; diff --git a/nix/hosts/aristotle/configuration.nix b/nix/hosts/aristotle/configuration.nix index 4a59f57..8a04e76 100644 --- a/nix/hosts/aristotle/configuration.nix +++ b/nix/hosts/aristotle/configuration.nix @@ -60,6 +60,9 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net" ]; - environment.systemPackages = with pkgs; [ libraspberrypi raspberrypi-eeprom ]; + environment.systemPackages = with pkgs; [ + libraspberrypi + raspberrypi-eeprom + ]; security.sudo.wheelNeedsPassword = false; } diff --git a/nix/hosts/epicurus/homebrew.nix b/nix/hosts/epicurus/homebrew.nix index 9df67db..8f89f41 100644 --- a/nix/hosts/epicurus/homebrew.nix +++ b/nix/hosts/epicurus/homebrew.nix @@ -8,7 +8,11 @@ _: "homebrew/services" ]; - brews = [ "code-server" "coreutils" "mosh" ]; + brews = [ + "code-server" + "coreutils" + "mosh" + ]; casks = [ "1password" diff --git a/nix/hosts/plato/configuration.nix b/nix/hosts/plato/configuration.nix index 54737ad..3c6662e 100644 --- a/nix/hosts/plato/configuration.nix +++ b/nix/hosts/plato/configuration.nix @@ -56,7 +56,11 @@ in "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5spf4diguK+w7iYLFr565++6DjHukWfvpN2ru9dCRk nixbuild" ]; - environment.systemPackages = with pkgs; [ cifs-utils pinentry weechat ]; + environment.systemPackages = with pkgs; [ + cifs-utils + pinentry + weechat + ]; fileSystems = { "/mnt/downloads" = { device = "//parthenon/Downloads"; @@ -82,7 +86,6 @@ in }; }; - power.ups = { enable = true; mode = "netserver"; @@ -144,27 +147,36 @@ in scrapeConfigs = [ { job_name = "node"; - static_configs = [{ - targets = [ - "plato:9100" - "agent:9100" - "form:9100" - "matter:9100" - "purpose:9100" - "socrates:9100" - ]; - }]; + static_configs = [ + { + targets = [ + "plato:9100" + "agent:9100" + "form:9100" + "matter:9100" + "purpose:9100" + "socrates:9100" + ]; + } + ]; } { job_name = "coredns"; - static_configs = [{ targets = [ "plato:9153" ]; }]; + static_configs = [ { targets = [ "plato:9153" ]; } ]; } { job_name = "ipfs"; metrics_path = "/debug/metrics/prometheus"; - static_configs = [{ - targets = [ "agent:5001" "form:5001" "matter:5001" "purpose:5001" ]; - }]; + static_configs = [ + { + targets = [ + "agent:5001" + "form:5001" + "matter:5001" + "purpose:5001" + ]; + } + ]; } ]; }; @@ -173,7 +185,9 @@ in }; }; - walkah.coredns = { enable = true; }; + walkah.coredns = { + enable = true; + }; virtualisation.docker = { enable = true; diff --git a/nix/hosts/plato/hardware-configuration.nix b/nix/hosts/plato/hardware-configuration.nix index bb9e810..43ebaa3 100644 --- a/nix/hosts/plato/hardware-configuration.nix +++ b/nix/hosts/plato/hardware-configuration.nix @@ -18,7 +18,10 @@ "sr_mod" ]; initrd.kernelModules = [ ]; - kernelModules = [ "kvm-intel" "wl" ]; + kernelModules = [ + "kvm-intel" + "wl" + ]; extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; }; @@ -32,7 +35,6 @@ fsType = "vfat"; }; - swapDevices = - [{ device = "/dev/disk/by-uuid/3a812874-3def-4e46-b20d-cd55fa7bdd5f"; }]; + swapDevices = [ { device = "/dev/disk/by-uuid/3a812874-3def-4e46-b20d-cd55fa7bdd5f"; } ]; } diff --git a/nix/hosts/socrates/configuration.nix b/nix/hosts/socrates/configuration.nix index 177921e..703e71d 100644 --- a/nix/hosts/socrates/configuration.nix +++ b/nix/hosts/socrates/configuration.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ imports = [ ./hardware-configuration.nix ./networking.nix # generated at runtime by nixos-infect @@ -26,14 +27,20 @@ hostName = "socrates"; firewall = { allowPing = true; - allowedTCPPorts = [ 80 443 ]; + allowedTCPPorts = [ + 80 + 443 + ]; trustedInterfaces = [ "tailscale0" ]; checkReversePath = "loose"; }; }; nix = { - settings.trusted-users = [ "@wheel" "root" ]; + settings.trusted-users = [ + "@wheel" + "root" + ]; }; security = { diff --git a/nix/hosts/socrates/hardware-configuration.nix b/nix/hosts/socrates/hardware-configuration.nix index 484eb7c..0461cf3 100644 --- a/nix/hosts/socrates/hardware-configuration.nix +++ b/nix/hosts/socrates/hardware-configuration.nix @@ -2,5 +2,8 @@ { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.loader.grub.device = "/dev/vda"; - fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; }; + fileSystems."/" = { + device = "/dev/vda1"; + fsType = "ext4"; + }; } diff --git a/nix/hosts/socrates/networking.nix b/nix/hosts/socrates/networking.nix index f7329c5..d6a9151 100644 --- a/nix/hosts/socrates/networking.nix +++ b/nix/hosts/socrates/networking.nix @@ -1,4 +1,5 @@ -{ lib, ... }: { +{ lib, ... }: +{ # This file was populated at runtime with the networking # details gathered from the active system. networking = { @@ -28,14 +29,18 @@ prefixLength = 64; } ]; - ipv4.routes = [{ - address = "167.99.176.1"; - prefixLength = 32; - }]; - ipv6.routes = [{ - address = "2604:a880:cad:d0::1"; - prefixLength = 32; - }]; + ipv4.routes = [ + { + address = "167.99.176.1"; + prefixLength = 32; + } + ]; + ipv6.routes = [ + { + address = "2604:a880:cad:d0::1"; + prefixLength = 32; + } + ]; }; }; diff --git a/nix/modules/akkoma/default.nix b/nix/modules/akkoma/default.nix index 23396eb..cc09063 100644 --- a/nix/modules/akkoma/default.nix +++ b/nix/modules/akkoma/default.nix @@ -41,9 +41,15 @@ in }; "Pleroma.Web.Endpoint" = { - secret_key_base = { _secret = secrets.akkoma-secret-key-base.path; }; - signing_salt = { _secret = secrets.akkoma-signing-salt.path; }; - live_view.signing_salt = { _secret = secrets.akkoma-signing-salt.path; }; + secret_key_base = { + _secret = secrets.akkoma-secret-key-base.path; + }; + signing_salt = { + _secret = secrets.akkoma-signing-salt.path; + }; + live_view.signing_salt = { + _secret = secrets.akkoma-signing-salt.path; + }; url = { host = "walkah.social"; scheme = "https"; @@ -57,12 +63,18 @@ in }; ":web_push_encryption" = { ":vapid_details" = { - private_key = { _secret = secrets.akkoma-vapid-private-key.path; }; - public_key = { _secret = secrets.akkoma-vapid-public-key.path; }; + private_key = { + _secret = secrets.akkoma-vapid-private-key.path; + }; + public_key = { + _secret = secrets.akkoma-vapid-public-key.path; + }; }; }; ":joken" = { - ":default_signer" = { _secret = secrets.akkoma-joken-signer.path; }; + ":default_signer" = { + _secret = secrets.akkoma-joken-signer.path; + }; }; }; nginx = null; # doing this manually diff --git a/nix/modules/akkoma/nginx.nix b/nix/modules/akkoma/nginx.nix index 765e129..23cf820 100644 --- a/nix/modules/akkoma/nginx.nix +++ b/nix/modules/akkoma/nginx.nix @@ -1,5 +1,4 @@ -_: -{ +_: { services.nginx = { enable = true; virtualHosts = { diff --git a/nix/modules/base/darwin.nix b/nix/modules/base/darwin.nix index 27eb111..8141bee 100644 --- a/nix/modules/base/darwin.nix +++ b/nix/modules/base/darwin.nix @@ -1,6 +1,10 @@ -{ ... }: { +{ ... }: +{ - imports = [ ./common.nix ../../users ]; + imports = [ + ./common.nix + ../../users + ]; nix = { configureBuildUsers = true; @@ -18,7 +22,10 @@ options = "--delete-older-than 30d"; }; settings = { - trusted-users = [ "root" "@admin" ]; + trusted-users = [ + "root" + "@admin" + ]; }; }; diff --git a/nix/modules/base/nixos.nix b/nix/modules/base/nixos.nix index 47ce09f..d561a39 100644 --- a/nix/modules/base/nixos.nix +++ b/nix/modules/base/nixos.nix @@ -1,6 +1,11 @@ -{ config, pkgs, ... }: { +{ config, pkgs, ... }: +{ - imports = [ ./common.nix ../monitoring ../../users ]; + imports = [ + ./common.nix + ../monitoring + ../../users + ]; documentation = { enable = false; @@ -22,7 +27,10 @@ settings = { auto-optimise-store = true; - trusted-users = [ "root" "walkah" ]; + trusted-users = [ + "root" + "walkah" + ]; }; }; @@ -40,7 +48,11 @@ enable = true; flake = "github:walkah/athens#${config.networking.hostName}"; dates = "hourly"; - flags = [ "--option" "tarball-ttl" "0" ]; + flags = [ + "--option" + "tarball-ttl" + "0" + ]; }; stateVersion = "23.05"; }; diff --git a/nix/modules/builder/default.nix b/nix/modules/builder/default.nix index 1183902..4c18991 100644 --- a/nix/modules/builder/default.nix +++ b/nix/modules/builder/default.nix @@ -4,9 +4,16 @@ _: { buildMachines = [ { hostName = "plato"; - systems = [ "x86_64-linux" "aarch64-linux" ]; + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; maxJobs = 6; - supportedFeatures = [ "benchmark" "big-parallel" "kvm" ]; + supportedFeatures = [ + "benchmark" + "big-parallel" + "kvm" + ]; } ]; extraOptions = '' diff --git a/nix/modules/coredns/default.nix b/nix/modules/coredns/default.nix index a5b4229..50d79cb 100644 --- a/nix/modules/coredns/default.nix +++ b/nix/modules/coredns/default.nix @@ -1,7 +1,8 @@ { config, lib, ... }: with lib; -let cfg = config.walkah.coredns; +let + cfg = config.walkah.coredns; in { options.walkah.coredns = { diff --git a/nix/modules/dev/default.nix b/nix/modules/dev/default.nix index bf729e3..51f41ed 100644 --- a/nix/modules/dev/default.nix +++ b/nix/modules/dev/default.nix @@ -6,6 +6,6 @@ cachix nixd nixf - nixpkgs-fmt + nixfmt-rfc-style ]; } diff --git a/nix/modules/drone/default.nix b/nix/modules/drone/default.nix index a33807c..6cd9c6d 100644 --- a/nix/modules/drone/default.nix +++ b/nix/modules/drone/default.nix @@ -1,4 +1,5 @@ -{ pkgs, config, ... }: { +{ pkgs, config, ... }: +{ sops.secrets.drone = { owner = "drone"; }; diff --git a/nix/modules/drone/runner-docker.nix b/nix/modules/drone/runner-docker.nix index 6f9c35c..1cdc24b 100644 --- a/nix/modules/drone/runner-docker.nix +++ b/nix/modules/drone/runner-docker.nix @@ -1,4 +1,5 @@ -{ pkgs, config, ... }: { +{ pkgs, config, ... }: +{ systemd.services.drone-runner-docker = { wantedBy = [ "multi-user.target" ]; serviceConfig = { diff --git a/nix/modules/drone/runner-exec.nix b/nix/modules/drone/runner-exec.nix index c3d8aff..d60d926 100644 --- a/nix/modules/drone/runner-exec.nix +++ b/nix/modules/drone/runner-exec.nix @@ -36,14 +36,14 @@ "/etc/passwd:/etc/passwd" "/etc/group:/etc/group" "/nix/var/nix/profiles/system/etc/nix:/etc/nix" - "${config.environment.etc."ssl/certs/ca-certificates.crt".source}:/etc/ssl/certs/ca-certificates.crt" - "${config.environment.etc."ssh/ssh_known_hosts".source}:/etc/ssh/ssh_known_hosts" "${ - builtins.toFile "ssh_config" '' - Host eve.thalheim.io - ForwardAgent yes - '' - }:/etc/ssh/ssh_config" + config.environment.etc."ssl/certs/ca-certificates.crt".source + }:/etc/ssl/certs/ca-certificates.crt" + "${config.environment.etc."ssh/ssh_known_hosts".source}:/etc/ssh/ssh_known_hosts" + "${builtins.toFile "ssh_config" '' + Host eve.thalheim.io + ForwardAgent yes + ''}:/etc/ssh/ssh_config" "/etc/machine-id" # channels are dynamic paths in the nix store, therefore we need to bind mount the whole thing "/nix/" diff --git a/nix/modules/gitea/default.nix b/nix/modules/gitea/default.nix index 93b33da..ffef37f 100644 --- a/nix/modules/gitea/default.nix +++ b/nix/modules/gitea/default.nix @@ -1,6 +1,7 @@ { config, ... }: -let cfg = config.services.gitea; +let + cfg = config.services.gitea; in { users.users.git = { @@ -20,9 +21,15 @@ in lfs.enable = true; settings = { - log = { LEVEL = "Error"; }; - other = { SHOW_FOOTER_VERSION = false; }; - repository = { DEFAULT_BRANCH = "main"; }; + log = { + LEVEL = "Error"; + }; + other = { + SHOW_FOOTER_VERSION = false; + }; + repository = { + DEFAULT_BRANCH = "main"; + }; server = { DOMAIN = "walkah.dev"; HTTP_ADDR = "0.0.0.0"; @@ -30,8 +37,12 @@ in ROOT_URL = "https://walkah.dev/"; SSH_DOMAIN = "git.walkah.dev"; }; - service = { DISABLE_REGISTRATION = true; }; - session = { COOKIE_SECURE = true; }; + service = { + DISABLE_REGISTRATION = true; + }; + session = { + COOKIE_SECURE = true; + }; }; dump.enable = false; diff --git a/nix/modules/ipfs/cluster.nix b/nix/modules/ipfs/cluster.nix index 5438c4f..98a3ae2 100644 --- a/nix/modules/ipfs/cluster.nix +++ b/nix/modules/ipfs/cluster.nix @@ -10,7 +10,11 @@ kubo = { enable = true; settings = { - Discovery = { MDNS = { Enabled = true; }; }; + Discovery = { + MDNS = { + Enabled = true; + }; + }; Swarm = { AddrFilters = null; ConnMgr = { diff --git a/nix/modules/ipfs/default.nix b/nix/modules/ipfs/default.nix index 2fb8e3e..e0795de 100644 --- a/nix/modules/ipfs/default.nix +++ b/nix/modules/ipfs/default.nix @@ -17,8 +17,14 @@ _: "/ip6/::/udp/4001/quic" ]; }; - API = { HTTPHeaders = { Access-Control-Allow-Origin = [ "*" ]; }; }; - Routing = { Type = "dht"; }; + API = { + HTTPHeaders = { + Access-Control-Allow-Origin = [ "*" ]; + }; + }; + Routing = { + Type = "dht"; + }; }; }; }; diff --git a/nix/modules/ipfs/gateway.nix b/nix/modules/ipfs/gateway.nix index 3969df4..e2f40ff 100644 --- a/nix/modules/ipfs/gateway.nix +++ b/nix/modules/ipfs/gateway.nix @@ -40,9 +40,17 @@ in kubo = { enable = true; settings = { - Discovery = { MDNS = { Enabled = false; }; }; - Peering = { Peers = peers; }; - Swarm = { AddrFilters = null; }; + Discovery = { + MDNS = { + Enabled = false; + }; + }; + Peering = { + Peers = peers; + }; + Swarm = { + AddrFilters = null; + }; }; }; nginx = { @@ -50,14 +58,18 @@ in virtualHosts."walkah.cloud" = { forceSSL = true; enableACME = true; - locations."/" = { proxyPass = "http://127.0.0.1:8080"; }; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + }; }; # Hosted Sites virtualHosts."walkah.net" = { forceSSL = true; enableACME = true; - locations."/" = { proxyPass = "http://127.0.0.1:8080"; }; + locations."/" = { + proxyPass = "http://127.0.0.1:8080"; + }; serverAliases = [ "www.walkah.net" ]; diff --git a/nix/modules/matrix/default.nix b/nix/modules/matrix/default.nix index 16b8658..4ea5241 100644 --- a/nix/modules/matrix/default.nix +++ b/nix/modules/matrix/default.nix @@ -17,7 +17,10 @@ LC_CTYPE = "C"; ''; }; - postgresqlBackup.databases = [ "matrix" "matrix-syncv3" ]; + postgresqlBackup.databases = [ + "matrix" + "matrix-syncv3" + ]; matrix-synapse = { enable = true; @@ -28,21 +31,30 @@ enable_registration = false; database = { name = "psycopg2"; - args = { database = "matrix"; }; + args = { + database = "matrix"; + }; }; - listeners = [{ - bind_addresses = [ - "0.0.0.0" - ]; - port = 8008; - type = "http"; - tls = false; - x_forwarded = true; - resources = [{ - compress = false; - names = [ "client" "federation" ]; - }]; - }]; + listeners = [ + { + bind_addresses = [ + "0.0.0.0" + ]; + port = 8008; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + compress = false; + names = [ + "client" + "federation" + ]; + } + ]; + } + ]; }; extraConfigFiles = [ config.sops.secrets.matrix-registration-secret.path diff --git a/nix/modules/matrix/nginx.nix b/nix/modules/matrix/nginx.nix index e2e85cf..ca95d9b 100644 --- a/nix/modules/matrix/nginx.nix +++ b/nix/modules/matrix/nginx.nix @@ -7,13 +7,17 @@ "matrix.walkah.chat" = { forceSSL = true; enableACME = true; - locations."/" = { proxyPass = "http://100.111.208.75:8008"; }; + locations."/" = { + proxyPass = "http://100.111.208.75:8008"; + }; }; "syncv3.walkah.chat" = { forceSSL = true; enableACME = true; - locations."/" = { proxyPass = "http://100.111.208.75:8088"; }; + locations."/" = { + proxyPass = "http://100.111.208.75:8088"; + }; }; "walkah.chat" = { @@ -21,7 +25,10 @@ enableACME = true; locations = { "= /.well-known/matrix/server".extraConfig = - let server = { "m.server" = "matrix.walkah.chat:443"; }; + let + server = { + "m.server" = "matrix.walkah.chat:443"; + }; in '' default_type application/json; @@ -31,8 +38,12 @@ "= /.well-known/matrix/client".extraConfig = let client = { - "m.homeserver" = { "base_url" = "https://matrix.walkah.chat"; }; - "org.matrix.msc3575.proxy" = { "url" = "https://syncv3.walkah.chat"; }; + "m.homeserver" = { + "base_url" = "https://matrix.walkah.chat"; + }; + "org.matrix.msc3575.proxy" = { + "url" = "https://syncv3.walkah.chat"; + }; }; in '' @@ -40,7 +51,9 @@ add_header Access-Control-Allow-Origin *; return 200 '${builtins.toJSON client}'; ''; - "/" = { root = pkgs.element-web; }; + "/" = { + root = pkgs.element-web; + }; }; }; }; diff --git a/nix/modules/postgresql/default.nix b/nix/modules/postgresql/default.nix index 6dd0629..382df11 100644 --- a/nix/modules/postgresql/default.nix +++ b/nix/modules/postgresql/default.nix @@ -1,4 +1,5 @@ -{ pkgs, config, ... }: { +{ pkgs, config, ... }: +{ services = { postgresql = { enable = true; diff --git a/nix/nixos.nix b/nix/nixos.nix index 92cbe2f..1524a19 100644 --- a/nix/nixos.nix +++ b/nix/nixos.nix @@ -1,6 +1,14 @@ -{ self, nixpkgs, home-manager, raspberry-pi-nix, sops-nix, ... }: +{ + self, + nixpkgs, + home-manager, + raspberry-pi-nix, + sops-nix, + ... +}: let - mkSystem = hostName: modules: + mkSystem = + hostName: modules: let hostSystem = self.hosts.${hostName}.system; in diff --git a/nix/services/ipfs-cluster.nix b/nix/services/ipfs-cluster.nix index adede50..9a1180f 100644 --- a/nix/services/ipfs-cluster.nix +++ b/nix/services/ipfs-cluster.nix @@ -1,5 +1,10 @@ ## From https://github.com/NixOS/nixpkgs/pull/100871 -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; let cfg = config.services.ipfs-cluster; @@ -14,8 +19,7 @@ in ###### interface options = { services.ipfs-cluster = { - enable = mkEnableOption - "Pinset orchestration for IPFS - requires ipfs daemon to be useful"; + enable = mkEnableOption "Pinset orchestration for IPFS - requires ipfs daemon to be useful"; user = mkOption { type = types.str; @@ -30,7 +34,10 @@ in }; consensus = mkOption { - type = types.enum [ "raft" "crdt" ]; + type = types.enum [ + "raft" + "crdt" + ]; description = "Consensus protocol - 'raft' or 'crdt'. https://cluster.ipfs.io/documentation/guides/consensus/"; }; @@ -74,27 +81,31 @@ in config = mkIf cfg.enable { environment.systemPackages = [ pkgs.ipfs-cluster ]; systemd = { - tmpfiles.rules = - [ "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -" ]; + tmpfiles.rules = [ "d '${cfg.dataDir}' - ${cfg.user} ${cfg.group} - -" ]; services.ipfs-cluster-init = { - path = [ "/run/wrappers" pkgs.ipfs-cluster ]; + path = [ + "/run/wrappers" + pkgs.ipfs-cluster + ]; environment.IPFS_CLUSTER_PATH = cfg.dataDir; wantedBy = [ "default.target" ]; - serviceConfig = { - # "" clears exec list (man systemd.service -> execStart) - ExecStart = [ - "" - "${pkgs.ipfs-cluster}/bin/ipfs-cluster-service init --consensus ${cfg.consensus} ${initFlags}" - ]; - Type = "oneshot"; - RemainAfterExit = true; - User = cfg.user; - Group = cfg.group; - } // optionalAttrs (cfg.secretFile != null) { - EnvironmentFile = cfg.secretFile; - }; + serviceConfig = + { + # "" clears exec list (man systemd.service -> execStart) + ExecStart = [ + "" + "${pkgs.ipfs-cluster}/bin/ipfs-cluster-service init --consensus ${cfg.consensus} ${initFlags}" + ]; + Type = "oneshot"; + RemainAfterExit = true; + User = cfg.user; + Group = cfg.group; + } + // optionalAttrs (cfg.secretFile != null) { + EnvironmentFile = cfg.secretFile; + }; unitConfig.ConditionDirectoryNotEmpty = "!${cfg.dataDir}"; }; @@ -105,16 +116,23 @@ in wants = [ "ipfs-cluster-init.service" ]; after = [ "ipfs-cluster-init.service" ]; - serviceConfig = { - ExecStart = - [ "" "${pkgs.ipfs-cluster}/bin/ipfs-cluster-service daemon" ]; - User = cfg.user; - Group = cfg.group; - } // optionalAttrs (cfg.secretFile != null) { - EnvironmentFile = cfg.secretFile; - }; + serviceConfig = + { + ExecStart = [ + "" + "${pkgs.ipfs-cluster}/bin/ipfs-cluster-service daemon" + ]; + User = cfg.user; + Group = cfg.group; + } + // optionalAttrs (cfg.secretFile != null) { + EnvironmentFile = cfg.secretFile; + }; }; }; - networking.firewall.allowedTCPPorts = mkIf cfg.openSwarmPort [ 9094 9096 ]; + networking.firewall.allowedTCPPorts = mkIf cfg.openSwarmPort [ + 9094 + 9096 + ]; }; } diff --git a/nix/shells.nix b/nix/shells.nix index c00aef6..1a1cf27 100644 --- a/nix/shells.nix +++ b/nix/shells.nix @@ -1,4 +1,10 @@ -{ system, pkgs, self, ... }: { +{ + system, + pkgs, + self, + ... +}: +{ default = pkgs.mkShell { name = "athens"; buildInputs = with pkgs; [ diff --git a/nix/users/walkah/default.nix b/nix/users/walkah/default.nix index be065d2..37ff87f 100644 --- a/nix/users/walkah/default.nix +++ b/nix/users/walkah/default.nix @@ -1,18 +1,23 @@ { lib, pkgs, ... }: { - users.users.walkah = { - home = if pkgs.stdenv.isDarwin then "/Users/walkah" else "/home/walkah"; - shell = pkgs.zsh; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11" - ]; - } // lib.optionalAttrs pkgs.stdenv.isLinux { - extraGroups = [ "wheel" "docker" ]; - group = "walkah"; - isNormalUser = true; - }; + users.users.walkah = + { + home = if pkgs.stdenv.isDarwin then "/Users/walkah" else "/home/walkah"; + shell = pkgs.zsh; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ0mE4MyMnfd1b2nlBJT7kpZ6Vov+ILuGNfzdp5ZBNQe walkah@walkah.net" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM8YMax7PGIrcPNIHkpuNRFgn3HJK6Wepm+ycZWO6jfR walkah@walkah-ipadpro11" + ]; + } + // lib.optionalAttrs pkgs.stdenv.isLinux { + extraGroups = [ + "wheel" + "docker" + ]; + group = "walkah"; + isNormalUser = true; + }; users.groups.walkah = { }; home-manager = { diff --git a/nix/users/walkah/home.nix b/nix/users/walkah/home.nix index 5a72944..9aa1a7d 100644 --- a/nix/users/walkah/home.nix +++ b/nix/users/walkah/home.nix @@ -1,4 +1,5 @@ -{ lib, pkgs, ... }: { +{ lib, pkgs, ... }: +{ home = { packages = with pkgs; [ chezmoi diff --git a/shell.nix b/shell.nix index 9eb132a..ed7286c 100644 --- a/shell.nix +++ b/shell.nix @@ -10,4 +10,5 @@ ) { src = ./.; - }).shellNix + } +).shellNix