diff --git a/flake.nix b/flake.nix index 3ae99ce..f55f794 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,8 @@ nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; nur.url = "github:nix-community/NUR"; home-manager = { - url = "https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz"; + url = + "https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz"; inputs.nixpkgs.follows = "nixpkgs"; }; homeage = { @@ -20,36 +21,26 @@ nixos-hardware.url = "github:NixOS/nixos-hardware/master"; }; - outputs = { - nixpkgs, - home-manager, - homeage, - agenix, - nur, - nixos-hardware, - ... - }: { - formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra; + outputs = + { nixpkgs, home-manager, homeage, agenix, nur, nixos-hardware, ... }: { + formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt; - nixosConfigurations.pim = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - {nixpkgs.overlays = [nur.overlay];} - ./nixos - agenix.nixosModules.default - nixos-hardware.nixosModules.lenovo-thinkpad-x260 - home-manager.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.pim = { - imports = [ - ./home-manager - homeage.homeManagerModules.homeage - ]; - }; - } - ]; + nixosConfigurations.pim = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + { nixpkgs.overlays = [ nur.overlay ]; } + ./nixos + agenix.nixosModules.default + nixos-hardware.nixosModules.lenovo-thinkpad-x260 + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.pim = { + imports = [ ./home-manager homeage.homeManagerModules.homeage ]; + }; + } + ]; + }; }; - }; } diff --git a/home-manager/default.nix b/home-manager/default.nix index 07e15e8..093bb4e 100644 --- a/home-manager/default.nix +++ b/home-manager/default.nix @@ -1,9 +1,4 @@ -{ - pkgs, - lib, - config, - ... -}: { +{ pkgs, lib, config, ... }: { imports = [ ./bash ./neovim @@ -33,7 +28,7 @@ strawberry gimp libreoffice - (pkgs.nerdfonts.override {fonts = ["Hack"];}) + (pkgs.nerdfonts.override { fonts = [ "Hack" ]; }) virt-manager gnome.gnome-tweaks ]; @@ -51,7 +46,8 @@ background_color = "#282828"; cursor_color = "#7c6f64"; foreground_color = "#ebdbb2"; - palette = "#181818:#cc241d:#98971a:#d79921:#458588:#b16286:#689d6a:#a89984:#928374:#fb4934:#b8bb26:#fabd2f:#83a598:#d3869b:#8ec07c:#ebdbb2"; + palette = + "#181818:#cc241d:#98971a:#d79921:#458588:#b16286:#689d6a:#a89984:#928374:#fb4934:#b8bb26:#fabd2f:#83a598:#d3869b:#8ec07c:#ebdbb2"; }; keybindings = { @@ -78,29 +74,27 @@ }; # Let home-manager manage the X session - xsession = { - enable = true; - }; + xsession = { enable = true; }; xdg.userDirs.enable = true; homeage = { - identityPaths = ["/home/pim/.ssh/age_ed25519"]; + identityPaths = [ "/home/pim/.ssh/age_ed25519" ]; installationType = "systemd"; file."common-pg-tfbackend" = { source = ../secrets/common-pg-tfbackend.age; - symlinks = ["${config.xdg.configHome}/home/common.pg.tfbackend"]; + symlinks = [ "${config.xdg.configHome}/home/common.pg.tfbackend" ]; }; file."ansible-vault-secret" = { source = ../secrets/ansible-vault-secret.age; - symlinks = ["${config.xdg.configHome}/home/ansible-vault-secret"]; + symlinks = [ "${config.xdg.configHome}/home/ansible-vault-secret" ]; }; file."powerdns-api-key" = { source = ../secrets/powerdns-api-key.json.age; - symlinks = ["${config.xdg.configHome}/home/powerdns-api-key.json"]; + symlinks = [ "${config.xdg.configHome}/home/powerdns-api-key.json" ]; }; }; @@ -108,8 +102,8 @@ dconf.settings = with lib.hm.gvariant; { "org/gnome/desktop/input-sources" = { - sources = [(mkTuple ["xkb" "us"])]; - xkb-options = ["terminate:ctrl_alt_bksp" "caps:escape"]; + sources = [ (mkTuple [ "xkb" "us" ]) ]; + xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ]; }; "org/gnome/desktop/interface" = { diff --git a/home-manager/firefox/addons.nix b/home-manager/firefox/addons.nix index 4d7f21c..a8af538 100644 --- a/home-manager/firefox/addons.nix +++ b/home-manager/firefox/addons.nix @@ -1,4 +1,5 @@ -pkgs: lib: let +pkgs: lib: +let rycee-addons = pkgs.nur.repos.rycee.firefox-addons; custom-addons = import ./custom-addons.nix pkgs lib; in { @@ -16,11 +17,7 @@ in { boring-rss # rycee.bypass-paywalls-clean ]) - (with custom-addons; [ - http-version-indicator - indicatetls - sixindicator - ]) + (with custom-addons; [ http-version-indicator indicatetls sixindicator ]) ]; sue = with rycee-addons; [ ublock-origin diff --git a/home-manager/firefox/custom-addons.nix b/home-manager/firefox/custom-addons.nix index 3d3c4a0..eda4d17 100644 --- a/home-manager/firefox/custom-addons.nix +++ b/home-manager/firefox/custom-addons.nix @@ -1,22 +1,15 @@ -pkgs: lib: let +pkgs: lib: +let # Stolen from: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/default.nix - buildFirefoxXpiAddon = lib.makeOverridable ({ - stdenv ? pkgs.stdenv, - fetchurl ? pkgs.fetchurl, - pname, - version, - addonId, - url, - sha256, - meta, - ... - }: + buildFirefoxXpiAddon = lib.makeOverridable ({ stdenv ? pkgs.stdenv + , fetchurl ? pkgs.fetchurl, pname, version, addonId, url, sha256, meta, ... + }: stdenv.mkDerivation { name = "${pname}-${version}"; inherit meta; - src = fetchurl {inherit url sha256;}; + src = fetchurl { inherit url sha256; }; preferLocalBuild = true; allowSubstitutes = true; @@ -32,12 +25,14 @@ in { pname = "http-version-indicator"; version = "3.2.1"; addonId = "spdyindicator@chengsun.github.com"; - url = "https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi"; + url = + "https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi"; sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8"; meta = with lib; { homepage = "https://github.com/bsiegel/http-version-indicator"; - description = "An indicator showing the HTTP version used to load the page in the address bar."; - mozPermissions = ["" "tabs" "webNavigation" "webRequest"]; + description = + "An indicator showing the HTTP version used to load the page in the address bar."; + mozPermissions = [ "" "tabs" "webNavigation" "webRequest" ]; platforms = platforms.all; }; }; @@ -45,11 +40,13 @@ in { pname = "indicatetls"; version = "0.3.0"; addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}"; - url = "https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi"; + url = + "https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi"; sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465"; meta = with lib; { homepage = "https://github.com/jannispinter/indicatetls"; - description = "Displays negotiated SSL/TLS protocol version and additional security information in the address bar"; + description = + "Displays negotiated SSL/TLS protocol version and additional security information in the address bar"; license = licenses.mpl20; mozPermissions = [ "tabs" @@ -66,13 +63,15 @@ in { pname = "sixindicator"; version = "1.3.0"; addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}"; - url = "https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi"; + url = + "https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi"; sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d"; meta = with lib; { homepage = "https://github.com/HostedDinner/SixIndicator"; - description = "Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4."; + description = + "Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4."; license = licenses.mit; - mozPermissions = ["tabs" "webRequest" ""]; + mozPermissions = [ "tabs" "webRequest" "" ]; platforms = platforms.all; }; }; @@ -80,12 +79,13 @@ in { pname = "simple-style-fox-2"; version = "10.0"; addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}"; - url = "https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi"; + url = + "https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi"; sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d"; meta = with lib; { description = "Simple style fox 2"; license = licenses.cc-by-30; - mozPermissions = []; + mozPermissions = [ ]; platforms = platforms.all; }; }; diff --git a/home-manager/firefox/default.nix b/home-manager/firefox/default.nix index a057abc..86c36b2 100644 --- a/home-manager/firefox/default.nix +++ b/home-manager/firefox/default.nix @@ -1,8 +1,5 @@ -{ - pkgs, - lib, - ... -}: let +{ pkgs, lib, ... }: +let firefoxAddons = import ./addons.nix pkgs lib; firefoxSettings = { "browser.aboutConfig.showWarning" = false; @@ -35,7 +32,7 @@ in { }; xdg.desktopEntries.firefox-sue = { - categories = ["Network" "WebBrowser"]; + categories = [ "Network" "WebBrowser" ]; exec = "firefox -P sue --name firefox %U"; genericName = "Web Browser"; icon = "firefox"; @@ -54,7 +51,7 @@ in { }; xdg.desktopEntries.firefox = lib.mkForce { - categories = ["Network" "WebBrowser"]; + categories = [ "Network" "WebBrowser" ]; exec = "firefox --new-window --name firefox %U"; genericName = "Web Browser"; icon = "firefox"; diff --git a/home-manager/git/default.nix b/home-manager/git/default.nix index 25c0dcf..cf6c930 100644 --- a/home-manager/git/default.nix +++ b/home-manager/git/default.nix @@ -9,12 +9,10 @@ commit.verbose = true; pull.rebase = true; }; - includes = [ - { - path = "~/git/suecode/.gitconfig"; - condition = "gitdir:~/git/suecode/**"; - } - ]; + includes = [{ + path = "~/git/suecode/.gitconfig"; + condition = "gitdir:~/git/suecode/**"; + }]; }; }; } diff --git a/home-manager/keepassxc/default.nix b/home-manager/keepassxc/default.nix index 8f99b37..15f4342 100644 --- a/home-manager/keepassxc/default.nix +++ b/home-manager/keepassxc/default.nix @@ -1,13 +1,9 @@ -{ - pkgs, - config, - ... -}: { +{ pkgs, config, ... }: { config = { - home.packages = [pkgs.keepassxc]; + home.packages = [ pkgs.keepassxc ]; homeage.file."keepassxc.ini" = { source = ../../secrets/keepassxc.ini.age; - symlinks = ["${config.xdg.configHome}/keepassxc/keepassxc.ini"]; + symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ]; }; }; } diff --git a/home-manager/neovim/default.nix b/home-manager/neovim/default.nix index 35130f3..08351b5 100644 --- a/home-manager/neovim/default.nix +++ b/home-manager/neovim/default.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{ pkgs, ... }: { config = { programs.neovim = { enable = true; @@ -16,6 +16,7 @@ terraform-ls luaformatter efm-langserver + nixfmt ]; plugins = with pkgs.vimPlugins; [ @@ -44,7 +45,7 @@ { plugin = gitsigns-nvim; type = "lua"; - config = "require(\"gitsigns\").setup()"; + config = ''require("gitsigns").setup()''; } { plugin = nvim-cmp; diff --git a/home-manager/neovim/lspconfig.lua b/home-manager/neovim/lspconfig.lua index 40a5b70..f4cadb3 100644 --- a/home-manager/neovim/lspconfig.lua +++ b/home-manager/neovim/lspconfig.lua @@ -46,10 +46,14 @@ require'lspconfig'.terraformls.setup { capabilities = capabilities } -local luaformat = {formatCommand = "lua-format -i", formatStdin = true} require'lspconfig'.efm.setup { on_attach = require("lsp-format").on_attach, init_options = {documentFormatting = true}, - settings = {languages = {lua = {luaformat}}}, - filetypes = {"lua"} + settings = { + languages = { + lua = {{formatCommand = "lua-format -i", formatStdin = true}}, + nix = {{formatCommand = "nixfmt", formatStdin = true}} + } + }, + filetypes = {"lua", "nix"} } diff --git a/home-manager/ssh/default.nix b/home-manager/ssh/default.nix index 5931c82..757a754 100644 --- a/home-manager/ssh/default.nix +++ b/home-manager/ssh/default.nix @@ -1,51 +1,35 @@ -{ - config, - lib, - ... -}: { +{ config, lib, ... }: { config = { programs.ssh = { enable = true; extraConfig = "User root"; matchBlocks = { - github = lib.hm.dag.entryBefore ["*"] { + github = lib.hm.dag.entryBefore [ "*" ] { hostname = "github.com"; user = "pizzapim"; identitiesOnly = true; }; - lewis = lib.hm.dag.entryBefore ["*"] { - hostname = "lewis.hyp"; - }; - atlas = lib.hm.dag.entryBefore ["*"] { - hostname = "atlas.hyp"; - }; - jefke = lib.hm.dag.entryBefore ["*"] { - hostname = "jefke.hyp"; - }; - hermes = lib.hm.dag.entryBefore ["*"] { - hostname = "hermes.dmz"; - }; - maestro = lib.hm.dag.entryBefore ["*"] { - hostname = "maestro.dmz"; - }; - bancomart = lib.hm.dag.entryBefore ["*"] { - hostname = "bancomart.dmz"; - }; - handjecontantje = lib.hm.dag.entryBefore ["*"] { - hostname = "handjecontantje.dmz"; - }; + lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.hyp"; }; + atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.hyp"; }; + jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.hyp"; }; + hermes = lib.hm.dag.entryBefore [ "*" ] { hostname = "hermes.dmz"; }; + maestro = lib.hm.dag.entryBefore [ "*" ] { hostname = "maestro.dmz"; }; + bancomart = + lib.hm.dag.entryBefore [ "*" ] { hostname = "bancomart.dmz"; }; + handjecontantje = + lib.hm.dag.entryBefore [ "*" ] { hostname = "handjecontantje.dmz"; }; }; }; homeage.file."sue_ed25519" = { source = ../../secrets/sue_ed25519.age; - symlinks = ["${config.home.homeDirectory}/.ssh/sue_ed25519"]; + symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ]; }; homeage.file."sue_azure_rsa" = { source = ../../secrets/sue_azure_rsa.age; - symlinks = ["${config.home.homeDirectory}/.ssh/sue_azure_rsa"]; + symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ]; }; }; } diff --git a/home-manager/syncthing/default.nix b/home-manager/syncthing/default.nix index fd9aa04..29f8f93 100644 --- a/home-manager/syncthing/default.nix +++ b/home-manager/syncthing/default.nix @@ -1,4 +1,4 @@ -{config, ...}: { +{ config, ... }: { config = { services.syncthing.enable = true; xdg.configFile."syncthing/config.xml".source = ./syncthing.xml; @@ -6,12 +6,12 @@ homeage.file."syncthing-key.pem" = { source = ../../secrets/syncthing-key.pem.age; - symlinks = ["${config.xdg.configHome}/syncthing/key.pem"]; + symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ]; }; homeage.file."syncthing-cert.pem" = { source = ../../secrets/syncthing-cert.pem.age; - symlinks = ["${config.xdg.configHome}/syncthing/cert.pem"]; + symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ]; }; }; } diff --git a/home-manager/thunderbird/default.nix b/home-manager/thunderbird/default.nix index c3d1be6..fb96bca 100644 --- a/home-manager/thunderbird/default.nix +++ b/home-manager/thunderbird/default.nix @@ -2,9 +2,7 @@ config = { programs.thunderbird = { enable = true; - profiles.default = { - isDefault = true; - }; + profiles.default = { isDefault = true; }; }; }; } diff --git a/nixos/default.nix b/nixos/default.nix index 3094601..df0743d 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -1,16 +1,7 @@ -{ - pkgs, - config, - lib, - ... -}: { - imports = [ - ./hardware-configuration.nix - ]; +{ pkgs, config, lib, ... }: { + imports = [ ./hardware-configuration.nix ]; - boot = { - loader.systemd-boot.enable = true; - }; + boot = { loader.systemd-boot.enable = true; }; time.timeZone = "Europe/Amsterdam"; i18n.defaultLocale = "en_US.UTF-8"; @@ -20,16 +11,14 @@ services = { xserver = { enable = true; - displayManager.gdm = { - enable = true; - }; + displayManager.gdm = { enable = true; }; desktopManager.gnome.enable = true; - excludePackages = with pkgs; [xterm]; + excludePackages = with pkgs; [ xterm ]; }; printing = { enable = true; - drivers = [pkgs.hplip pkgs.gutenprint]; + drivers = [ pkgs.hplip pkgs.gutenprint ]; }; fprintd = { @@ -45,21 +34,12 @@ users = { users.pim = { isNormalUser = true; - extraGroups = ["wheel" "docker" "input"]; + extraGroups = [ "wheel" "docker" "input" ]; }; }; environment = { - systemPackages = with pkgs; [ - wget - curl - git - btop - ripgrep - vim - dogdns - tree - ]; + systemPackages = with pkgs; [ wget curl git btop ripgrep vim dogdns tree ]; gnome.excludePackages = with pkgs; [ gnome.totem gnome-tour @@ -77,14 +57,16 @@ knownHosts = { dmz = { - hostNames = ["*.dmz"]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x"; + hostNames = [ "*.dmz" ]; + publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x"; certAuthority = true; }; hypervisors = { - hostNames = ["*.hyp"]; - publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb"; + hostNames = [ "*.hyp" ]; + publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb"; certAuthority = true; }; }; @@ -109,11 +91,12 @@ }; age = { - identityPaths = ["/home/pim/.ssh/age_ed25519"]; + identityPaths = [ "/home/pim/.ssh/age_ed25519" ]; secrets = { wg-quick-home-privkey.file = ../secrets/wg-quick-home-privkey.age; - wg-quick-home-preshared-key.file = ../secrets/wg-quick-home-preshared-key.age; + wg-quick-home-preshared-key.file = + ../secrets/wg-quick-home-preshared-key.age; }; }; @@ -122,22 +105,14 @@ wg-quick.interfaces.home = { privateKeyFile = config.age.secrets.wg-quick-home-privkey.path; - address = [ - "10.225.191.4/24" - "fd11:5ee:bad:c0de::4/64" - ]; - dns = ["192.168.30.8"]; - peers = [ - { - presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path; - endpoint = "84.245.14.149:51820"; - publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg="; - allowedIPs = [ - "0.0.0.0/0" - "::0/0" - ]; - } - ]; + address = [ "10.225.191.4/24" "fd11:5ee:bad:c0de::4/64" ]; + dns = [ "192.168.30.8" ]; + peers = [{ + presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path; + endpoint = "84.245.14.149:51820"; + publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg="; + allowedIPs = [ "0.0.0.0/0" "::0/0" ]; + }]; }; }; diff --git a/nixos/hardware-configuration.nix b/nixos/hardware-configuration.nix index cb338f2..4ada200 100644 --- a/nixos/hardware-configuration.nix +++ b/nixos/hardware-configuration.nix @@ -1,37 +1,30 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ - config, - lib, - pkgs, - modulesPath, - ... -}: { - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; +{ config, lib, pkgs, modulesPath, ... }: { + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = + [ "xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa"; fsType = "ext4"; }; - boot.initrd.luks.devices."luks-cd1139a7-0c1b-4459-b586-29b577825ee9".device = "/dev/disk/by-uuid/cd1139a7-0c1b-4459-b586-29b577825ee9"; + boot.initrd.luks.devices."luks-cd1139a7-0c1b-4459-b586-29b577825ee9".device = + "/dev/disk/by-uuid/cd1139a7-0c1b-4459-b586-29b577825ee9"; fileSystems."/boot" = { device = "/dev/disk/by-uuid/87DA-B083"; fsType = "vfat"; }; - swapDevices = [ - {device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa";} - ]; + swapDevices = + [{ device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa"; }]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's @@ -43,5 +36,6 @@ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + hardware.cpu.intel.updateMicrocode = + lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 523f6e6..9edefb4 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,8 +1,10 @@ let - pkgs = import {}; - publicKeysURL = "https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys - publicKeysFile = builtins.fetchurl {url = publicKeysURL;}; - publicKeys = pkgs.lib.strings.splitString "\n" (pkgs.lib.strings.fileContents publicKeysFile); + pkgs = import { }; + publicKeysURL = + "https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys + publicKeysFile = builtins.fetchurl { url = publicKeysURL; }; + publicKeys = pkgs.lib.strings.splitString "\n" + (pkgs.lib.strings.fileContents publicKeysFile); in { "wg-quick-home-privkey.age".publicKeys = publicKeys; "wg-quick-home-preshared-key.age".publicKeys = publicKeys; @@ -13,5 +15,6 @@ in { "common-pg-tfbackend.age".publicKeys = publicKeys; "ansible-vault-secret.age".publicKeys = publicKeys; "powerdns-api-key.json.age".publicKeys = publicKeys; - "keepassxc.ini.age".publicKeys = publicKeys; # Secret agent causes private keys in config file. + "keepassxc.ini.age".publicKeys = + publicKeys; # Secret agent causes private keys in config file. }