autoformat nix files

change formatter alejandra -> nixfmt
reformat whole project
This commit is contained in:
Pim Kunis 2023-11-10 11:33:41 +01:00
parent 8772f38aed
commit bffcb3c95c
15 changed files with 143 additions and 211 deletions

View file

@ -5,7 +5,8 @@
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
home-manager = { home-manager = {
url = "https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz"; url =
"https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
homeage = { homeage = {
@ -20,36 +21,26 @@
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
}; };
outputs = { outputs =
nixpkgs, { nixpkgs, home-manager, homeage, agenix, nur, nixos-hardware, ... }: {
home-manager, formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;
homeage,
agenix,
nur,
nixos-hardware,
...
}: {
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
nixosConfigurations.pim = nixpkgs.lib.nixosSystem { nixosConfigurations.pim = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
{nixpkgs.overlays = [nur.overlay];} { nixpkgs.overlays = [ nur.overlay ]; }
./nixos ./nixos
agenix.nixosModules.default agenix.nixosModules.default
nixos-hardware.nixosModules.lenovo-thinkpad-x260 nixos-hardware.nixosModules.lenovo-thinkpad-x260
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
{ {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.users.pim = { home-manager.users.pim = {
imports = [ imports = [ ./home-manager homeage.homeManagerModules.homeage ];
./home-manager };
homeage.homeManagerModules.homeage }
]; ];
}; };
}
];
}; };
};
} }

View file

@ -1,9 +1,4 @@
{ { pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}: {
imports = [ imports = [
./bash ./bash
./neovim ./neovim
@ -33,7 +28,7 @@
strawberry strawberry
gimp gimp
libreoffice libreoffice
(pkgs.nerdfonts.override {fonts = ["Hack"];}) (pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
virt-manager virt-manager
gnome.gnome-tweaks gnome.gnome-tweaks
]; ];
@ -51,7 +46,8 @@
background_color = "#282828"; background_color = "#282828";
cursor_color = "#7c6f64"; cursor_color = "#7c6f64";
foreground_color = "#ebdbb2"; foreground_color = "#ebdbb2";
palette = "#181818:#cc241d:#98971a:#d79921:#458588:#b16286:#689d6a:#a89984:#928374:#fb4934:#b8bb26:#fabd2f:#83a598:#d3869b:#8ec07c:#ebdbb2"; palette =
"#181818:#cc241d:#98971a:#d79921:#458588:#b16286:#689d6a:#a89984:#928374:#fb4934:#b8bb26:#fabd2f:#83a598:#d3869b:#8ec07c:#ebdbb2";
}; };
keybindings = { keybindings = {
@ -78,29 +74,27 @@
}; };
# Let home-manager manage the X session # Let home-manager manage the X session
xsession = { xsession = { enable = true; };
enable = true;
};
xdg.userDirs.enable = true; xdg.userDirs.enable = true;
homeage = { homeage = {
identityPaths = ["/home/pim/.ssh/age_ed25519"]; identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
installationType = "systemd"; installationType = "systemd";
file."common-pg-tfbackend" = { file."common-pg-tfbackend" = {
source = ../secrets/common-pg-tfbackend.age; source = ../secrets/common-pg-tfbackend.age;
symlinks = ["${config.xdg.configHome}/home/common.pg.tfbackend"]; symlinks = [ "${config.xdg.configHome}/home/common.pg.tfbackend" ];
}; };
file."ansible-vault-secret" = { file."ansible-vault-secret" = {
source = ../secrets/ansible-vault-secret.age; source = ../secrets/ansible-vault-secret.age;
symlinks = ["${config.xdg.configHome}/home/ansible-vault-secret"]; symlinks = [ "${config.xdg.configHome}/home/ansible-vault-secret" ];
}; };
file."powerdns-api-key" = { file."powerdns-api-key" = {
source = ../secrets/powerdns-api-key.json.age; source = ../secrets/powerdns-api-key.json.age;
symlinks = ["${config.xdg.configHome}/home/powerdns-api-key.json"]; symlinks = [ "${config.xdg.configHome}/home/powerdns-api-key.json" ];
}; };
}; };
@ -108,8 +102,8 @@
dconf.settings = with lib.hm.gvariant; { dconf.settings = with lib.hm.gvariant; {
"org/gnome/desktop/input-sources" = { "org/gnome/desktop/input-sources" = {
sources = [(mkTuple ["xkb" "us"])]; sources = [ (mkTuple [ "xkb" "us" ]) ];
xkb-options = ["terminate:ctrl_alt_bksp" "caps:escape"]; xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ];
}; };
"org/gnome/desktop/interface" = { "org/gnome/desktop/interface" = {

View file

@ -1,4 +1,5 @@
pkgs: lib: let pkgs: lib:
let
rycee-addons = pkgs.nur.repos.rycee.firefox-addons; rycee-addons = pkgs.nur.repos.rycee.firefox-addons;
custom-addons = import ./custom-addons.nix pkgs lib; custom-addons = import ./custom-addons.nix pkgs lib;
in { in {
@ -16,11 +17,7 @@ in {
boring-rss boring-rss
# rycee.bypass-paywalls-clean # rycee.bypass-paywalls-clean
]) ])
(with custom-addons; [ (with custom-addons; [ http-version-indicator indicatetls sixindicator ])
http-version-indicator
indicatetls
sixindicator
])
]; ];
sue = with rycee-addons; [ sue = with rycee-addons; [
ublock-origin ublock-origin

View file

@ -1,22 +1,15 @@
pkgs: lib: let pkgs: lib:
let
# Stolen from: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/default.nix # Stolen from: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/default.nix
buildFirefoxXpiAddon = lib.makeOverridable ({ buildFirefoxXpiAddon = lib.makeOverridable ({ stdenv ? pkgs.stdenv
stdenv ? pkgs.stdenv, , fetchurl ? pkgs.fetchurl, pname, version, addonId, url, sha256, meta, ...
fetchurl ? pkgs.fetchurl, }:
pname,
version,
addonId,
url,
sha256,
meta,
...
}:
stdenv.mkDerivation { stdenv.mkDerivation {
name = "${pname}-${version}"; name = "${pname}-${version}";
inherit meta; inherit meta;
src = fetchurl {inherit url sha256;}; src = fetchurl { inherit url sha256; };
preferLocalBuild = true; preferLocalBuild = true;
allowSubstitutes = true; allowSubstitutes = true;
@ -32,12 +25,14 @@ in {
pname = "http-version-indicator"; pname = "http-version-indicator";
version = "3.2.1"; version = "3.2.1";
addonId = "spdyindicator@chengsun.github.com"; addonId = "spdyindicator@chengsun.github.com";
url = "https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi"; url =
"https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8"; sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8";
meta = with lib; { meta = with lib; {
homepage = "https://github.com/bsiegel/http-version-indicator"; homepage = "https://github.com/bsiegel/http-version-indicator";
description = "An indicator showing the HTTP version used to load the page in the address bar."; description =
mozPermissions = ["<all_urls>" "tabs" "webNavigation" "webRequest"]; "An indicator showing the HTTP version used to load the page in the address bar.";
mozPermissions = [ "<all_urls>" "tabs" "webNavigation" "webRequest" ];
platforms = platforms.all; platforms = platforms.all;
}; };
}; };
@ -45,11 +40,13 @@ in {
pname = "indicatetls"; pname = "indicatetls";
version = "0.3.0"; version = "0.3.0";
addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}"; addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}";
url = "https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi"; url =
"https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465"; sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465";
meta = with lib; { meta = with lib; {
homepage = "https://github.com/jannispinter/indicatetls"; homepage = "https://github.com/jannispinter/indicatetls";
description = "Displays negotiated SSL/TLS protocol version and additional security information in the address bar"; description =
"Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
license = licenses.mpl20; license = licenses.mpl20;
mozPermissions = [ mozPermissions = [
"tabs" "tabs"
@ -66,13 +63,15 @@ in {
pname = "sixindicator"; pname = "sixindicator";
version = "1.3.0"; version = "1.3.0";
addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}"; addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}";
url = "https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi"; url =
"https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d"; sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d";
meta = with lib; { meta = with lib; {
homepage = "https://github.com/HostedDinner/SixIndicator"; homepage = "https://github.com/HostedDinner/SixIndicator";
description = "Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4."; description =
"Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
license = licenses.mit; license = licenses.mit;
mozPermissions = ["tabs" "webRequest" "<all_urls>"]; mozPermissions = [ "tabs" "webRequest" "<all_urls>" ];
platforms = platforms.all; platforms = platforms.all;
}; };
}; };
@ -80,12 +79,13 @@ in {
pname = "simple-style-fox-2"; pname = "simple-style-fox-2";
version = "10.0"; version = "10.0";
addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}"; addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}";
url = "https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi"; url =
"https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d"; sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d";
meta = with lib; { meta = with lib; {
description = "Simple style fox 2"; description = "Simple style fox 2";
license = licenses.cc-by-30; license = licenses.cc-by-30;
mozPermissions = []; mozPermissions = [ ];
platforms = platforms.all; platforms = platforms.all;
}; };
}; };

View file

@ -1,8 +1,5 @@
{ { pkgs, lib, ... }:
pkgs, let
lib,
...
}: let
firefoxAddons = import ./addons.nix pkgs lib; firefoxAddons = import ./addons.nix pkgs lib;
firefoxSettings = { firefoxSettings = {
"browser.aboutConfig.showWarning" = false; "browser.aboutConfig.showWarning" = false;
@ -35,7 +32,7 @@ in {
}; };
xdg.desktopEntries.firefox-sue = { xdg.desktopEntries.firefox-sue = {
categories = ["Network" "WebBrowser"]; categories = [ "Network" "WebBrowser" ];
exec = "firefox -P sue --name firefox %U"; exec = "firefox -P sue --name firefox %U";
genericName = "Web Browser"; genericName = "Web Browser";
icon = "firefox"; icon = "firefox";
@ -54,7 +51,7 @@ in {
}; };
xdg.desktopEntries.firefox = lib.mkForce { xdg.desktopEntries.firefox = lib.mkForce {
categories = ["Network" "WebBrowser"]; categories = [ "Network" "WebBrowser" ];
exec = "firefox --new-window --name firefox %U"; exec = "firefox --new-window --name firefox %U";
genericName = "Web Browser"; genericName = "Web Browser";
icon = "firefox"; icon = "firefox";

View file

@ -9,12 +9,10 @@
commit.verbose = true; commit.verbose = true;
pull.rebase = true; pull.rebase = true;
}; };
includes = [ includes = [{
{ path = "~/git/suecode/.gitconfig";
path = "~/git/suecode/.gitconfig"; condition = "gitdir:~/git/suecode/**";
condition = "gitdir:~/git/suecode/**"; }];
}
];
}; };
}; };
} }

View file

@ -1,13 +1,9 @@
{ { pkgs, config, ... }: {
pkgs,
config,
...
}: {
config = { config = {
home.packages = [pkgs.keepassxc]; home.packages = [ pkgs.keepassxc ];
homeage.file."keepassxc.ini" = { homeage.file."keepassxc.ini" = {
source = ../../secrets/keepassxc.ini.age; source = ../../secrets/keepassxc.ini.age;
symlinks = ["${config.xdg.configHome}/keepassxc/keepassxc.ini"]; symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
}; };
}; };
} }

View file

@ -1,4 +1,4 @@
{pkgs, ...}: { { pkgs, ... }: {
config = { config = {
programs.neovim = { programs.neovim = {
enable = true; enable = true;
@ -16,6 +16,7 @@
terraform-ls terraform-ls
luaformatter luaformatter
efm-langserver efm-langserver
nixfmt
]; ];
plugins = with pkgs.vimPlugins; [ plugins = with pkgs.vimPlugins; [
@ -44,7 +45,7 @@
{ {
plugin = gitsigns-nvim; plugin = gitsigns-nvim;
type = "lua"; type = "lua";
config = "require(\"gitsigns\").setup()"; config = ''require("gitsigns").setup()'';
} }
{ {
plugin = nvim-cmp; plugin = nvim-cmp;

View file

@ -46,10 +46,14 @@ require'lspconfig'.terraformls.setup {
capabilities = capabilities capabilities = capabilities
} }
local luaformat = {formatCommand = "lua-format -i", formatStdin = true}
require'lspconfig'.efm.setup { require'lspconfig'.efm.setup {
on_attach = require("lsp-format").on_attach, on_attach = require("lsp-format").on_attach,
init_options = {documentFormatting = true}, init_options = {documentFormatting = true},
settings = {languages = {lua = {luaformat}}}, settings = {
filetypes = {"lua"} languages = {
lua = {{formatCommand = "lua-format -i", formatStdin = true}},
nix = {{formatCommand = "nixfmt", formatStdin = true}}
}
},
filetypes = {"lua", "nix"}
} }

View file

@ -1,51 +1,35 @@
{ { config, lib, ... }: {
config,
lib,
...
}: {
config = { config = {
programs.ssh = { programs.ssh = {
enable = true; enable = true;
extraConfig = "User root"; extraConfig = "User root";
matchBlocks = { matchBlocks = {
github = lib.hm.dag.entryBefore ["*"] { github = lib.hm.dag.entryBefore [ "*" ] {
hostname = "github.com"; hostname = "github.com";
user = "pizzapim"; user = "pizzapim";
identitiesOnly = true; identitiesOnly = true;
}; };
lewis = lib.hm.dag.entryBefore ["*"] { lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.hyp"; };
hostname = "lewis.hyp"; atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.hyp"; };
}; jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.hyp"; };
atlas = lib.hm.dag.entryBefore ["*"] { hermes = lib.hm.dag.entryBefore [ "*" ] { hostname = "hermes.dmz"; };
hostname = "atlas.hyp"; maestro = lib.hm.dag.entryBefore [ "*" ] { hostname = "maestro.dmz"; };
}; bancomart =
jefke = lib.hm.dag.entryBefore ["*"] { lib.hm.dag.entryBefore [ "*" ] { hostname = "bancomart.dmz"; };
hostname = "jefke.hyp"; handjecontantje =
}; lib.hm.dag.entryBefore [ "*" ] { hostname = "handjecontantje.dmz"; };
hermes = lib.hm.dag.entryBefore ["*"] {
hostname = "hermes.dmz";
};
maestro = lib.hm.dag.entryBefore ["*"] {
hostname = "maestro.dmz";
};
bancomart = lib.hm.dag.entryBefore ["*"] {
hostname = "bancomart.dmz";
};
handjecontantje = lib.hm.dag.entryBefore ["*"] {
hostname = "handjecontantje.dmz";
};
}; };
}; };
homeage.file."sue_ed25519" = { homeage.file."sue_ed25519" = {
source = ../../secrets/sue_ed25519.age; source = ../../secrets/sue_ed25519.age;
symlinks = ["${config.home.homeDirectory}/.ssh/sue_ed25519"]; symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ];
}; };
homeage.file."sue_azure_rsa" = { homeage.file."sue_azure_rsa" = {
source = ../../secrets/sue_azure_rsa.age; source = ../../secrets/sue_azure_rsa.age;
symlinks = ["${config.home.homeDirectory}/.ssh/sue_azure_rsa"]; symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ];
}; };
}; };
} }

View file

@ -1,4 +1,4 @@
{config, ...}: { { config, ... }: {
config = { config = {
services.syncthing.enable = true; services.syncthing.enable = true;
xdg.configFile."syncthing/config.xml".source = ./syncthing.xml; xdg.configFile."syncthing/config.xml".source = ./syncthing.xml;
@ -6,12 +6,12 @@
homeage.file."syncthing-key.pem" = { homeage.file."syncthing-key.pem" = {
source = ../../secrets/syncthing-key.pem.age; source = ../../secrets/syncthing-key.pem.age;
symlinks = ["${config.xdg.configHome}/syncthing/key.pem"]; symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ];
}; };
homeage.file."syncthing-cert.pem" = { homeage.file."syncthing-cert.pem" = {
source = ../../secrets/syncthing-cert.pem.age; source = ../../secrets/syncthing-cert.pem.age;
symlinks = ["${config.xdg.configHome}/syncthing/cert.pem"]; symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ];
}; };
}; };
} }

View file

@ -2,9 +2,7 @@
config = { config = {
programs.thunderbird = { programs.thunderbird = {
enable = true; enable = true;
profiles.default = { profiles.default = { isDefault = true; };
isDefault = true;
};
}; };
}; };
} }

View file

@ -1,16 +1,7 @@
{ { pkgs, config, lib, ... }: {
pkgs, imports = [ ./hardware-configuration.nix ];
config,
lib,
...
}: {
imports = [
./hardware-configuration.nix
];
boot = { boot = { loader.systemd-boot.enable = true; };
loader.systemd-boot.enable = true;
};
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
@ -20,16 +11,14 @@
services = { services = {
xserver = { xserver = {
enable = true; enable = true;
displayManager.gdm = { displayManager.gdm = { enable = true; };
enable = true;
};
desktopManager.gnome.enable = true; desktopManager.gnome.enable = true;
excludePackages = with pkgs; [xterm]; excludePackages = with pkgs; [ xterm ];
}; };
printing = { printing = {
enable = true; enable = true;
drivers = [pkgs.hplip pkgs.gutenprint]; drivers = [ pkgs.hplip pkgs.gutenprint ];
}; };
fprintd = { fprintd = {
@ -45,21 +34,12 @@
users = { users = {
users.pim = { users.pim = {
isNormalUser = true; isNormalUser = true;
extraGroups = ["wheel" "docker" "input"]; extraGroups = [ "wheel" "docker" "input" ];
}; };
}; };
environment = { environment = {
systemPackages = with pkgs; [ systemPackages = with pkgs; [ wget curl git btop ripgrep vim dogdns tree ];
wget
curl
git
btop
ripgrep
vim
dogdns
tree
];
gnome.excludePackages = with pkgs; [ gnome.excludePackages = with pkgs; [
gnome.totem gnome.totem
gnome-tour gnome-tour
@ -77,14 +57,16 @@
knownHosts = { knownHosts = {
dmz = { dmz = {
hostNames = ["*.dmz"]; hostNames = [ "*.dmz" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x"; publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
certAuthority = true; certAuthority = true;
}; };
hypervisors = { hypervisors = {
hostNames = ["*.hyp"]; hostNames = [ "*.hyp" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb"; publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
certAuthority = true; certAuthority = true;
}; };
}; };
@ -109,11 +91,12 @@
}; };
age = { age = {
identityPaths = ["/home/pim/.ssh/age_ed25519"]; identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
secrets = { secrets = {
wg-quick-home-privkey.file = ../secrets/wg-quick-home-privkey.age; wg-quick-home-privkey.file = ../secrets/wg-quick-home-privkey.age;
wg-quick-home-preshared-key.file = ../secrets/wg-quick-home-preshared-key.age; wg-quick-home-preshared-key.file =
../secrets/wg-quick-home-preshared-key.age;
}; };
}; };
@ -122,22 +105,14 @@
wg-quick.interfaces.home = { wg-quick.interfaces.home = {
privateKeyFile = config.age.secrets.wg-quick-home-privkey.path; privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
address = [ address = [ "10.225.191.4/24" "fd11:5ee:bad:c0de::4/64" ];
"10.225.191.4/24" dns = [ "192.168.30.8" ];
"fd11:5ee:bad:c0de::4/64" peers = [{
]; presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
dns = ["192.168.30.8"]; endpoint = "84.245.14.149:51820";
peers = [ publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
{ allowedIPs = [ "0.0.0.0/0" "::0/0" ];
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path; }];
endpoint = "84.245.14.149:51820";
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
allowedIPs = [
"0.0.0.0/0"
"::0/0"
];
}
];
}; };
}; };

View file

@ -1,37 +1,30 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }: {
config, imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc"]; boot.initrd.availableKernelModules =
boot.initrd.kernelModules = []; [ "xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelModules = ["kvm-intel"]; boot.initrd.kernelModules = [ ];
boot.extraModulePackages = []; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" = {
device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa"; device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa";
fsType = "ext4"; fsType = "ext4";
}; };
boot.initrd.luks.devices."luks-cd1139a7-0c1b-4459-b586-29b577825ee9".device = "/dev/disk/by-uuid/cd1139a7-0c1b-4459-b586-29b577825ee9"; boot.initrd.luks.devices."luks-cd1139a7-0c1b-4459-b586-29b577825ee9".device =
"/dev/disk/by-uuid/cd1139a7-0c1b-4459-b586-29b577825ee9";
fileSystems."/boot" = { fileSystems."/boot" = {
device = "/dev/disk/by-uuid/87DA-B083"; device = "/dev/disk/by-uuid/87DA-B083";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = [ swapDevices =
{device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa";} [{ device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa"; }];
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
@ -43,5 +36,6 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

View file

@ -1,8 +1,10 @@
let let
pkgs = import <nixpkgs> {}; pkgs = import <nixpkgs> { };
publicKeysURL = "https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys publicKeysURL =
publicKeysFile = builtins.fetchurl {url = publicKeysURL;}; "https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys
publicKeys = pkgs.lib.strings.splitString "\n" (pkgs.lib.strings.fileContents publicKeysFile); publicKeysFile = builtins.fetchurl { url = publicKeysURL; };
publicKeys = pkgs.lib.strings.splitString "\n"
(pkgs.lib.strings.fileContents publicKeysFile);
in { in {
"wg-quick-home-privkey.age".publicKeys = publicKeys; "wg-quick-home-privkey.age".publicKeys = publicKeys;
"wg-quick-home-preshared-key.age".publicKeys = publicKeys; "wg-quick-home-preshared-key.age".publicKeys = publicKeys;
@ -13,5 +15,6 @@ in {
"common-pg-tfbackend.age".publicKeys = publicKeys; "common-pg-tfbackend.age".publicKeys = publicKeys;
"ansible-vault-secret.age".publicKeys = publicKeys; "ansible-vault-secret.age".publicKeys = publicKeys;
"powerdns-api-key.json.age".publicKeys = publicKeys; "powerdns-api-key.json.age".publicKeys = publicKeys;
"keepassxc.ini.age".publicKeys = publicKeys; # Secret agent causes private keys in config file. "keepassxc.ini.age".publicKeys =
publicKeys; # Secret agent causes private keys in config file.
} }