autoformat nix files
change formatter alejandra -> nixfmt reformat whole project
This commit is contained in:
parent
8772f38aed
commit
bffcb3c95c
15 changed files with 143 additions and 211 deletions
53
flake.nix
53
flake.nix
|
@ -5,7 +5,8 @@
|
||||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
|
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.05";
|
||||||
nur.url = "github:nix-community/NUR";
|
nur.url = "github:nix-community/NUR";
|
||||||
home-manager = {
|
home-manager = {
|
||||||
url = "https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz";
|
url =
|
||||||
|
"https://github.com/nix-community/home-manager/archive/release-23.05.tar.gz";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
homeage = {
|
homeage = {
|
||||||
|
@ -20,36 +21,26 @@
|
||||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = {
|
outputs =
|
||||||
nixpkgs,
|
{ nixpkgs, home-manager, homeage, agenix, nur, nixos-hardware, ... }: {
|
||||||
home-manager,
|
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt;
|
||||||
homeage,
|
|
||||||
agenix,
|
|
||||||
nur,
|
|
||||||
nixos-hardware,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.alejandra;
|
|
||||||
|
|
||||||
nixosConfigurations.pim = nixpkgs.lib.nixosSystem {
|
nixosConfigurations.pim = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = [
|
||||||
{nixpkgs.overlays = [nur.overlay];}
|
{ nixpkgs.overlays = [ nur.overlay ]; }
|
||||||
./nixos
|
./nixos
|
||||||
agenix.nixosModules.default
|
agenix.nixosModules.default
|
||||||
nixos-hardware.nixosModules.lenovo-thinkpad-x260
|
nixos-hardware.nixosModules.lenovo-thinkpad-x260
|
||||||
home-manager.nixosModules.home-manager
|
home-manager.nixosModules.home-manager
|
||||||
{
|
{
|
||||||
home-manager.useGlobalPkgs = true;
|
home-manager.useGlobalPkgs = true;
|
||||||
home-manager.useUserPackages = true;
|
home-manager.useUserPackages = true;
|
||||||
home-manager.users.pim = {
|
home-manager.users.pim = {
|
||||||
imports = [
|
imports = [ ./home-manager homeage.homeManagerModules.homeage ];
|
||||||
./home-manager
|
};
|
||||||
homeage.homeManagerModules.homeage
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,4 @@
|
||||||
{
|
{ pkgs, lib, config, ... }: {
|
||||||
pkgs,
|
|
||||||
lib,
|
|
||||||
config,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
imports = [
|
imports = [
|
||||||
./bash
|
./bash
|
||||||
./neovim
|
./neovim
|
||||||
|
@ -33,7 +28,7 @@
|
||||||
strawberry
|
strawberry
|
||||||
gimp
|
gimp
|
||||||
libreoffice
|
libreoffice
|
||||||
(pkgs.nerdfonts.override {fonts = ["Hack"];})
|
(pkgs.nerdfonts.override { fonts = [ "Hack" ]; })
|
||||||
virt-manager
|
virt-manager
|
||||||
gnome.gnome-tweaks
|
gnome.gnome-tweaks
|
||||||
];
|
];
|
||||||
|
@ -51,7 +46,8 @@
|
||||||
background_color = "#282828";
|
background_color = "#282828";
|
||||||
cursor_color = "#7c6f64";
|
cursor_color = "#7c6f64";
|
||||||
foreground_color = "#ebdbb2";
|
foreground_color = "#ebdbb2";
|
||||||
palette = "#181818:#cc241d:#98971a:#d79921:#458588:#b16286:#689d6a:#a89984:#928374:#fb4934:#b8bb26:#fabd2f:#83a598:#d3869b:#8ec07c:#ebdbb2";
|
palette =
|
||||||
|
"#181818:#cc241d:#98971a:#d79921:#458588:#b16286:#689d6a:#a89984:#928374:#fb4934:#b8bb26:#fabd2f:#83a598:#d3869b:#8ec07c:#ebdbb2";
|
||||||
};
|
};
|
||||||
|
|
||||||
keybindings = {
|
keybindings = {
|
||||||
|
@ -78,29 +74,27 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
# Let home-manager manage the X session
|
# Let home-manager manage the X session
|
||||||
xsession = {
|
xsession = { enable = true; };
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
xdg.userDirs.enable = true;
|
xdg.userDirs.enable = true;
|
||||||
|
|
||||||
homeage = {
|
homeage = {
|
||||||
identityPaths = ["/home/pim/.ssh/age_ed25519"];
|
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
|
||||||
installationType = "systemd";
|
installationType = "systemd";
|
||||||
|
|
||||||
file."common-pg-tfbackend" = {
|
file."common-pg-tfbackend" = {
|
||||||
source = ../secrets/common-pg-tfbackend.age;
|
source = ../secrets/common-pg-tfbackend.age;
|
||||||
symlinks = ["${config.xdg.configHome}/home/common.pg.tfbackend"];
|
symlinks = [ "${config.xdg.configHome}/home/common.pg.tfbackend" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
file."ansible-vault-secret" = {
|
file."ansible-vault-secret" = {
|
||||||
source = ../secrets/ansible-vault-secret.age;
|
source = ../secrets/ansible-vault-secret.age;
|
||||||
symlinks = ["${config.xdg.configHome}/home/ansible-vault-secret"];
|
symlinks = [ "${config.xdg.configHome}/home/ansible-vault-secret" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
file."powerdns-api-key" = {
|
file."powerdns-api-key" = {
|
||||||
source = ../secrets/powerdns-api-key.json.age;
|
source = ../secrets/powerdns-api-key.json.age;
|
||||||
symlinks = ["${config.xdg.configHome}/home/powerdns-api-key.json"];
|
symlinks = [ "${config.xdg.configHome}/home/powerdns-api-key.json" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -108,8 +102,8 @@
|
||||||
|
|
||||||
dconf.settings = with lib.hm.gvariant; {
|
dconf.settings = with lib.hm.gvariant; {
|
||||||
"org/gnome/desktop/input-sources" = {
|
"org/gnome/desktop/input-sources" = {
|
||||||
sources = [(mkTuple ["xkb" "us"])];
|
sources = [ (mkTuple [ "xkb" "us" ]) ];
|
||||||
xkb-options = ["terminate:ctrl_alt_bksp" "caps:escape"];
|
xkb-options = [ "terminate:ctrl_alt_bksp" "caps:escape" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
"org/gnome/desktop/interface" = {
|
"org/gnome/desktop/interface" = {
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
pkgs: lib: let
|
pkgs: lib:
|
||||||
|
let
|
||||||
rycee-addons = pkgs.nur.repos.rycee.firefox-addons;
|
rycee-addons = pkgs.nur.repos.rycee.firefox-addons;
|
||||||
custom-addons = import ./custom-addons.nix pkgs lib;
|
custom-addons = import ./custom-addons.nix pkgs lib;
|
||||||
in {
|
in {
|
||||||
|
@ -16,11 +17,7 @@ in {
|
||||||
boring-rss
|
boring-rss
|
||||||
# rycee.bypass-paywalls-clean
|
# rycee.bypass-paywalls-clean
|
||||||
])
|
])
|
||||||
(with custom-addons; [
|
(with custom-addons; [ http-version-indicator indicatetls sixindicator ])
|
||||||
http-version-indicator
|
|
||||||
indicatetls
|
|
||||||
sixindicator
|
|
||||||
])
|
|
||||||
];
|
];
|
||||||
sue = with rycee-addons; [
|
sue = with rycee-addons; [
|
||||||
ublock-origin
|
ublock-origin
|
||||||
|
|
|
@ -1,22 +1,15 @@
|
||||||
pkgs: lib: let
|
pkgs: lib:
|
||||||
|
let
|
||||||
# Stolen from: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/default.nix
|
# Stolen from: https://github.com/nix-community/nur-combined/blob/master/repos/rycee/pkgs/firefox-addons/default.nix
|
||||||
buildFirefoxXpiAddon = lib.makeOverridable ({
|
buildFirefoxXpiAddon = lib.makeOverridable ({ stdenv ? pkgs.stdenv
|
||||||
stdenv ? pkgs.stdenv,
|
, fetchurl ? pkgs.fetchurl, pname, version, addonId, url, sha256, meta, ...
|
||||||
fetchurl ? pkgs.fetchurl,
|
}:
|
||||||
pname,
|
|
||||||
version,
|
|
||||||
addonId,
|
|
||||||
url,
|
|
||||||
sha256,
|
|
||||||
meta,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
stdenv.mkDerivation {
|
stdenv.mkDerivation {
|
||||||
name = "${pname}-${version}";
|
name = "${pname}-${version}";
|
||||||
|
|
||||||
inherit meta;
|
inherit meta;
|
||||||
|
|
||||||
src = fetchurl {inherit url sha256;};
|
src = fetchurl { inherit url sha256; };
|
||||||
|
|
||||||
preferLocalBuild = true;
|
preferLocalBuild = true;
|
||||||
allowSubstitutes = true;
|
allowSubstitutes = true;
|
||||||
|
@ -32,12 +25,14 @@ in {
|
||||||
pname = "http-version-indicator";
|
pname = "http-version-indicator";
|
||||||
version = "3.2.1";
|
version = "3.2.1";
|
||||||
addonId = "spdyindicator@chengsun.github.com";
|
addonId = "spdyindicator@chengsun.github.com";
|
||||||
url = "https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
|
url =
|
||||||
|
"https://addons.mozilla.org/firefox/downloads/file/3767224/http2_indicator-3.2.1.xpi";
|
||||||
sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8";
|
sha256 = "be9518017334ce502a1da514542c2ca4f974217d0c8e6c7c31d518aba57c09a8";
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
homepage = "https://github.com/bsiegel/http-version-indicator";
|
homepage = "https://github.com/bsiegel/http-version-indicator";
|
||||||
description = "An indicator showing the HTTP version used to load the page in the address bar.";
|
description =
|
||||||
mozPermissions = ["<all_urls>" "tabs" "webNavigation" "webRequest"];
|
"An indicator showing the HTTP version used to load the page in the address bar.";
|
||||||
|
mozPermissions = [ "<all_urls>" "tabs" "webNavigation" "webRequest" ];
|
||||||
platforms = platforms.all;
|
platforms = platforms.all;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -45,11 +40,13 @@ in {
|
||||||
pname = "indicatetls";
|
pname = "indicatetls";
|
||||||
version = "0.3.0";
|
version = "0.3.0";
|
||||||
addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}";
|
addonId = "{252ee273-8c8d-4609-b54d-62ae345be0a1}";
|
||||||
url = "https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
|
url =
|
||||||
|
"https://addons.mozilla.org/firefox/downloads/file/3608595/indicatetls-0.3.0.xpi";
|
||||||
sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465";
|
sha256 = "7a3b7edb1085f7b15d279c1013fac1d68f5247cfd6312d5275cb053e24a79465";
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
homepage = "https://github.com/jannispinter/indicatetls";
|
homepage = "https://github.com/jannispinter/indicatetls";
|
||||||
description = "Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
|
description =
|
||||||
|
"Displays negotiated SSL/TLS protocol version and additional security information in the address bar";
|
||||||
license = licenses.mpl20;
|
license = licenses.mpl20;
|
||||||
mozPermissions = [
|
mozPermissions = [
|
||||||
"tabs"
|
"tabs"
|
||||||
|
@ -66,13 +63,15 @@ in {
|
||||||
pname = "sixindicator";
|
pname = "sixindicator";
|
||||||
version = "1.3.0";
|
version = "1.3.0";
|
||||||
addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}";
|
addonId = "{8c9cad02-c069-4e93-909d-d874da819c49}";
|
||||||
url = "https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
|
url =
|
||||||
|
"https://addons.mozilla.org/firefox/downloads/file/3493442/sixindicator-1.3.0.xpi";
|
||||||
sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d";
|
sha256 = "415ab83ed4ac94d1efe114752a09df29536d1bd54cc9b7e5ce5d9ee55a84226d";
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
homepage = "https://github.com/HostedDinner/SixIndicator";
|
homepage = "https://github.com/HostedDinner/SixIndicator";
|
||||||
description = "Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
|
description =
|
||||||
|
"Shows a simple icon, if IPv6 or IPv4 was used for the request of the site. When clicking on the icon, more information is shown, like the number of requests per domain and if these requests were made via IPv6 or IPv4.";
|
||||||
license = licenses.mit;
|
license = licenses.mit;
|
||||||
mozPermissions = ["tabs" "webRequest" "<all_urls>"];
|
mozPermissions = [ "tabs" "webRequest" "<all_urls>" ];
|
||||||
platforms = platforms.all;
|
platforms = platforms.all;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -80,12 +79,13 @@ in {
|
||||||
pname = "simple-style-fox-2";
|
pname = "simple-style-fox-2";
|
||||||
version = "10.0";
|
version = "10.0";
|
||||||
addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}";
|
addonId = "{317526c6-ff2b-49c9-822e-d77b4a3da1d1}";
|
||||||
url = "https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
|
url =
|
||||||
|
"https://addons.mozilla.org/firefox/downloads/file/3934220/simple_style_fox_2-10.0.xpi";
|
||||||
sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d";
|
sha256 = "1aaac3ba08d21086d7087015f92a27661940df45a97bf5680588c883f799a97d";
|
||||||
meta = with lib; {
|
meta = with lib; {
|
||||||
description = "Simple style fox 2";
|
description = "Simple style fox 2";
|
||||||
license = licenses.cc-by-30;
|
license = licenses.cc-by-30;
|
||||||
mozPermissions = [];
|
mozPermissions = [ ];
|
||||||
platforms = platforms.all;
|
platforms = platforms.all;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,8 +1,5 @@
|
||||||
{
|
{ pkgs, lib, ... }:
|
||||||
pkgs,
|
let
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
firefoxAddons = import ./addons.nix pkgs lib;
|
firefoxAddons = import ./addons.nix pkgs lib;
|
||||||
firefoxSettings = {
|
firefoxSettings = {
|
||||||
"browser.aboutConfig.showWarning" = false;
|
"browser.aboutConfig.showWarning" = false;
|
||||||
|
@ -35,7 +32,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
xdg.desktopEntries.firefox-sue = {
|
xdg.desktopEntries.firefox-sue = {
|
||||||
categories = ["Network" "WebBrowser"];
|
categories = [ "Network" "WebBrowser" ];
|
||||||
exec = "firefox -P sue --name firefox %U";
|
exec = "firefox -P sue --name firefox %U";
|
||||||
genericName = "Web Browser";
|
genericName = "Web Browser";
|
||||||
icon = "firefox";
|
icon = "firefox";
|
||||||
|
@ -54,7 +51,7 @@ in {
|
||||||
};
|
};
|
||||||
|
|
||||||
xdg.desktopEntries.firefox = lib.mkForce {
|
xdg.desktopEntries.firefox = lib.mkForce {
|
||||||
categories = ["Network" "WebBrowser"];
|
categories = [ "Network" "WebBrowser" ];
|
||||||
exec = "firefox --new-window --name firefox %U";
|
exec = "firefox --new-window --name firefox %U";
|
||||||
genericName = "Web Browser";
|
genericName = "Web Browser";
|
||||||
icon = "firefox";
|
icon = "firefox";
|
||||||
|
|
|
@ -9,12 +9,10 @@
|
||||||
commit.verbose = true;
|
commit.verbose = true;
|
||||||
pull.rebase = true;
|
pull.rebase = true;
|
||||||
};
|
};
|
||||||
includes = [
|
includes = [{
|
||||||
{
|
path = "~/git/suecode/.gitconfig";
|
||||||
path = "~/git/suecode/.gitconfig";
|
condition = "gitdir:~/git/suecode/**";
|
||||||
condition = "gitdir:~/git/suecode/**";
|
}];
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,13 +1,9 @@
|
||||||
{
|
{ pkgs, config, ... }: {
|
||||||
pkgs,
|
|
||||||
config,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
config = {
|
config = {
|
||||||
home.packages = [pkgs.keepassxc];
|
home.packages = [ pkgs.keepassxc ];
|
||||||
homeage.file."keepassxc.ini" = {
|
homeage.file."keepassxc.ini" = {
|
||||||
source = ../../secrets/keepassxc.ini.age;
|
source = ../../secrets/keepassxc.ini.age;
|
||||||
symlinks = ["${config.xdg.configHome}/keepassxc/keepassxc.ini"];
|
symlinks = [ "${config.xdg.configHome}/keepassxc/keepassxc.ini" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{pkgs, ...}: {
|
{ pkgs, ... }: {
|
||||||
config = {
|
config = {
|
||||||
programs.neovim = {
|
programs.neovim = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -16,6 +16,7 @@
|
||||||
terraform-ls
|
terraform-ls
|
||||||
luaformatter
|
luaformatter
|
||||||
efm-langserver
|
efm-langserver
|
||||||
|
nixfmt
|
||||||
];
|
];
|
||||||
|
|
||||||
plugins = with pkgs.vimPlugins; [
|
plugins = with pkgs.vimPlugins; [
|
||||||
|
@ -44,7 +45,7 @@
|
||||||
{
|
{
|
||||||
plugin = gitsigns-nvim;
|
plugin = gitsigns-nvim;
|
||||||
type = "lua";
|
type = "lua";
|
||||||
config = "require(\"gitsigns\").setup()";
|
config = ''require("gitsigns").setup()'';
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
plugin = nvim-cmp;
|
plugin = nvim-cmp;
|
||||||
|
|
|
@ -46,10 +46,14 @@ require'lspconfig'.terraformls.setup {
|
||||||
capabilities = capabilities
|
capabilities = capabilities
|
||||||
}
|
}
|
||||||
|
|
||||||
local luaformat = {formatCommand = "lua-format -i", formatStdin = true}
|
|
||||||
require'lspconfig'.efm.setup {
|
require'lspconfig'.efm.setup {
|
||||||
on_attach = require("lsp-format").on_attach,
|
on_attach = require("lsp-format").on_attach,
|
||||||
init_options = {documentFormatting = true},
|
init_options = {documentFormatting = true},
|
||||||
settings = {languages = {lua = {luaformat}}},
|
settings = {
|
||||||
filetypes = {"lua"}
|
languages = {
|
||||||
|
lua = {{formatCommand = "lua-format -i", formatStdin = true}},
|
||||||
|
nix = {{formatCommand = "nixfmt", formatStdin = true}}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
filetypes = {"lua", "nix"}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,51 +1,35 @@
|
||||||
{
|
{ config, lib, ... }: {
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
config = {
|
config = {
|
||||||
programs.ssh = {
|
programs.ssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraConfig = "User root";
|
extraConfig = "User root";
|
||||||
|
|
||||||
matchBlocks = {
|
matchBlocks = {
|
||||||
github = lib.hm.dag.entryBefore ["*"] {
|
github = lib.hm.dag.entryBefore [ "*" ] {
|
||||||
hostname = "github.com";
|
hostname = "github.com";
|
||||||
user = "pizzapim";
|
user = "pizzapim";
|
||||||
identitiesOnly = true;
|
identitiesOnly = true;
|
||||||
};
|
};
|
||||||
lewis = lib.hm.dag.entryBefore ["*"] {
|
lewis = lib.hm.dag.entryBefore [ "*" ] { hostname = "lewis.hyp"; };
|
||||||
hostname = "lewis.hyp";
|
atlas = lib.hm.dag.entryBefore [ "*" ] { hostname = "atlas.hyp"; };
|
||||||
};
|
jefke = lib.hm.dag.entryBefore [ "*" ] { hostname = "jefke.hyp"; };
|
||||||
atlas = lib.hm.dag.entryBefore ["*"] {
|
hermes = lib.hm.dag.entryBefore [ "*" ] { hostname = "hermes.dmz"; };
|
||||||
hostname = "atlas.hyp";
|
maestro = lib.hm.dag.entryBefore [ "*" ] { hostname = "maestro.dmz"; };
|
||||||
};
|
bancomart =
|
||||||
jefke = lib.hm.dag.entryBefore ["*"] {
|
lib.hm.dag.entryBefore [ "*" ] { hostname = "bancomart.dmz"; };
|
||||||
hostname = "jefke.hyp";
|
handjecontantje =
|
||||||
};
|
lib.hm.dag.entryBefore [ "*" ] { hostname = "handjecontantje.dmz"; };
|
||||||
hermes = lib.hm.dag.entryBefore ["*"] {
|
|
||||||
hostname = "hermes.dmz";
|
|
||||||
};
|
|
||||||
maestro = lib.hm.dag.entryBefore ["*"] {
|
|
||||||
hostname = "maestro.dmz";
|
|
||||||
};
|
|
||||||
bancomart = lib.hm.dag.entryBefore ["*"] {
|
|
||||||
hostname = "bancomart.dmz";
|
|
||||||
};
|
|
||||||
handjecontantje = lib.hm.dag.entryBefore ["*"] {
|
|
||||||
hostname = "handjecontantje.dmz";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
homeage.file."sue_ed25519" = {
|
homeage.file."sue_ed25519" = {
|
||||||
source = ../../secrets/sue_ed25519.age;
|
source = ../../secrets/sue_ed25519.age;
|
||||||
symlinks = ["${config.home.homeDirectory}/.ssh/sue_ed25519"];
|
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_ed25519" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
homeage.file."sue_azure_rsa" = {
|
homeage.file."sue_azure_rsa" = {
|
||||||
source = ../../secrets/sue_azure_rsa.age;
|
source = ../../secrets/sue_azure_rsa.age;
|
||||||
symlinks = ["${config.home.homeDirectory}/.ssh/sue_azure_rsa"];
|
symlinks = [ "${config.home.homeDirectory}/.ssh/sue_azure_rsa" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{config, ...}: {
|
{ config, ... }: {
|
||||||
config = {
|
config = {
|
||||||
services.syncthing.enable = true;
|
services.syncthing.enable = true;
|
||||||
xdg.configFile."syncthing/config.xml".source = ./syncthing.xml;
|
xdg.configFile."syncthing/config.xml".source = ./syncthing.xml;
|
||||||
|
@ -6,12 +6,12 @@
|
||||||
|
|
||||||
homeage.file."syncthing-key.pem" = {
|
homeage.file."syncthing-key.pem" = {
|
||||||
source = ../../secrets/syncthing-key.pem.age;
|
source = ../../secrets/syncthing-key.pem.age;
|
||||||
symlinks = ["${config.xdg.configHome}/syncthing/key.pem"];
|
symlinks = [ "${config.xdg.configHome}/syncthing/key.pem" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
homeage.file."syncthing-cert.pem" = {
|
homeage.file."syncthing-cert.pem" = {
|
||||||
source = ../../secrets/syncthing-cert.pem.age;
|
source = ../../secrets/syncthing-cert.pem.age;
|
||||||
symlinks = ["${config.xdg.configHome}/syncthing/cert.pem"];
|
symlinks = [ "${config.xdg.configHome}/syncthing/cert.pem" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,9 +2,7 @@
|
||||||
config = {
|
config = {
|
||||||
programs.thunderbird = {
|
programs.thunderbird = {
|
||||||
enable = true;
|
enable = true;
|
||||||
profiles.default = {
|
profiles.default = { isDefault = true; };
|
||||||
isDefault = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,16 +1,7 @@
|
||||||
{
|
{ pkgs, config, lib, ... }: {
|
||||||
pkgs,
|
imports = [ ./hardware-configuration.nix ];
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
imports = [
|
|
||||||
./hardware-configuration.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
boot = {
|
boot = { loader.systemd-boot.enable = true; };
|
||||||
loader.systemd-boot.enable = true;
|
|
||||||
};
|
|
||||||
|
|
||||||
time.timeZone = "Europe/Amsterdam";
|
time.timeZone = "Europe/Amsterdam";
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
@ -20,16 +11,14 @@
|
||||||
services = {
|
services = {
|
||||||
xserver = {
|
xserver = {
|
||||||
enable = true;
|
enable = true;
|
||||||
displayManager.gdm = {
|
displayManager.gdm = { enable = true; };
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
desktopManager.gnome.enable = true;
|
desktopManager.gnome.enable = true;
|
||||||
excludePackages = with pkgs; [xterm];
|
excludePackages = with pkgs; [ xterm ];
|
||||||
};
|
};
|
||||||
|
|
||||||
printing = {
|
printing = {
|
||||||
enable = true;
|
enable = true;
|
||||||
drivers = [pkgs.hplip pkgs.gutenprint];
|
drivers = [ pkgs.hplip pkgs.gutenprint ];
|
||||||
};
|
};
|
||||||
|
|
||||||
fprintd = {
|
fprintd = {
|
||||||
|
@ -45,21 +34,12 @@
|
||||||
users = {
|
users = {
|
||||||
users.pim = {
|
users.pim = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
extraGroups = ["wheel" "docker" "input"];
|
extraGroups = [ "wheel" "docker" "input" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
environment = {
|
environment = {
|
||||||
systemPackages = with pkgs; [
|
systemPackages = with pkgs; [ wget curl git btop ripgrep vim dogdns tree ];
|
||||||
wget
|
|
||||||
curl
|
|
||||||
git
|
|
||||||
btop
|
|
||||||
ripgrep
|
|
||||||
vim
|
|
||||||
dogdns
|
|
||||||
tree
|
|
||||||
];
|
|
||||||
gnome.excludePackages = with pkgs; [
|
gnome.excludePackages = with pkgs; [
|
||||||
gnome.totem
|
gnome.totem
|
||||||
gnome-tour
|
gnome-tour
|
||||||
|
@ -77,14 +57,16 @@
|
||||||
|
|
||||||
knownHosts = {
|
knownHosts = {
|
||||||
dmz = {
|
dmz = {
|
||||||
hostNames = ["*.dmz"];
|
hostNames = [ "*.dmz" ];
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
|
publicKey =
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAX2IhgHNxC6JTvLu9cej+iWuG+uJFMXn4AiRro9533x";
|
||||||
certAuthority = true;
|
certAuthority = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
hypervisors = {
|
hypervisors = {
|
||||||
hostNames = ["*.hyp"];
|
hostNames = [ "*.hyp" ];
|
||||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
|
publicKey =
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzRkH3d/KVJQouswY/DMpenWbDFVOnI3Vut0xR0e1tb";
|
||||||
certAuthority = true;
|
certAuthority = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -109,11 +91,12 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
age = {
|
age = {
|
||||||
identityPaths = ["/home/pim/.ssh/age_ed25519"];
|
identityPaths = [ "/home/pim/.ssh/age_ed25519" ];
|
||||||
|
|
||||||
secrets = {
|
secrets = {
|
||||||
wg-quick-home-privkey.file = ../secrets/wg-quick-home-privkey.age;
|
wg-quick-home-privkey.file = ../secrets/wg-quick-home-privkey.age;
|
||||||
wg-quick-home-preshared-key.file = ../secrets/wg-quick-home-preshared-key.age;
|
wg-quick-home-preshared-key.file =
|
||||||
|
../secrets/wg-quick-home-preshared-key.age;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -122,22 +105,14 @@
|
||||||
|
|
||||||
wg-quick.interfaces.home = {
|
wg-quick.interfaces.home = {
|
||||||
privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
|
privateKeyFile = config.age.secrets.wg-quick-home-privkey.path;
|
||||||
address = [
|
address = [ "10.225.191.4/24" "fd11:5ee:bad:c0de::4/64" ];
|
||||||
"10.225.191.4/24"
|
dns = [ "192.168.30.8" ];
|
||||||
"fd11:5ee:bad:c0de::4/64"
|
peers = [{
|
||||||
];
|
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
|
||||||
dns = ["192.168.30.8"];
|
endpoint = "84.245.14.149:51820";
|
||||||
peers = [
|
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
|
||||||
{
|
allowedIPs = [ "0.0.0.0/0" "::0/0" ];
|
||||||
presharedKeyFile = config.age.secrets.wg-quick-home-preshared-key.path;
|
}];
|
||||||
endpoint = "84.245.14.149:51820";
|
|
||||||
publicKey = "fa3mQ7ximJbH7cu2ZbWidto5xBGxEEfWvCCiUDk00Hg=";
|
|
||||||
allowedIPs = [
|
|
||||||
"0.0.0.0/0"
|
|
||||||
"::0/0"
|
|
||||||
];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,37 +1,30 @@
|
||||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
# and may be overwritten by future invocations. Please make changes
|
# and may be overwritten by future invocations. Please make changes
|
||||||
# to /etc/nixos/configuration.nix instead.
|
# to /etc/nixos/configuration.nix instead.
|
||||||
{
|
{ config, lib, pkgs, modulesPath, ... }: {
|
||||||
config,
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
modulesPath,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
imports = [
|
|
||||||
(modulesPath + "/installer/scan/not-detected.nix")
|
|
||||||
];
|
|
||||||
|
|
||||||
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc"];
|
boot.initrd.availableKernelModules =
|
||||||
boot.initrd.kernelModules = [];
|
[ "xhci_pci" "ahci" "sd_mod" "rtsx_pci_sdmmc" ];
|
||||||
boot.kernelModules = ["kvm-intel"];
|
boot.initrd.kernelModules = [ ];
|
||||||
boot.extraModulePackages = [];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" = {
|
fileSystems."/" = {
|
||||||
device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa";
|
device = "/dev/disk/by-uuid/33e4587b-fba3-4a9d-82d2-a9e49a8e75fa";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
};
|
};
|
||||||
|
|
||||||
boot.initrd.luks.devices."luks-cd1139a7-0c1b-4459-b586-29b577825ee9".device = "/dev/disk/by-uuid/cd1139a7-0c1b-4459-b586-29b577825ee9";
|
boot.initrd.luks.devices."luks-cd1139a7-0c1b-4459-b586-29b577825ee9".device =
|
||||||
|
"/dev/disk/by-uuid/cd1139a7-0c1b-4459-b586-29b577825ee9";
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
fileSystems."/boot" = {
|
||||||
device = "/dev/disk/by-uuid/87DA-B083";
|
device = "/dev/disk/by-uuid/87DA-B083";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [
|
swapDevices =
|
||||||
{device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa";}
|
[{ device = "/dev/disk/by-uuid/908399cd-2f4f-4555-8805-80c9faf190aa"; }];
|
||||||
];
|
|
||||||
|
|
||||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
@ -43,5 +36,6 @@
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
hardware.cpu.intel.updateMicrocode =
|
||||||
|
lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,10 @@
|
||||||
let
|
let
|
||||||
pkgs = import <nixpkgs> {};
|
pkgs = import <nixpkgs> { };
|
||||||
publicKeysURL = "https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys
|
publicKeysURL =
|
||||||
publicKeysFile = builtins.fetchurl {url = publicKeysURL;};
|
"https://git.kun.is/pim.keys"; # https://github.com/pizzapim.keys
|
||||||
publicKeys = pkgs.lib.strings.splitString "\n" (pkgs.lib.strings.fileContents publicKeysFile);
|
publicKeysFile = builtins.fetchurl { url = publicKeysURL; };
|
||||||
|
publicKeys = pkgs.lib.strings.splitString "\n"
|
||||||
|
(pkgs.lib.strings.fileContents publicKeysFile);
|
||||||
in {
|
in {
|
||||||
"wg-quick-home-privkey.age".publicKeys = publicKeys;
|
"wg-quick-home-privkey.age".publicKeys = publicKeys;
|
||||||
"wg-quick-home-preshared-key.age".publicKeys = publicKeys;
|
"wg-quick-home-preshared-key.age".publicKeys = publicKeys;
|
||||||
|
@ -13,5 +15,6 @@ in {
|
||||||
"common-pg-tfbackend.age".publicKeys = publicKeys;
|
"common-pg-tfbackend.age".publicKeys = publicKeys;
|
||||||
"ansible-vault-secret.age".publicKeys = publicKeys;
|
"ansible-vault-secret.age".publicKeys = publicKeys;
|
||||||
"powerdns-api-key.json.age".publicKeys = publicKeys;
|
"powerdns-api-key.json.age".publicKeys = publicKeys;
|
||||||
"keepassxc.ini.age".publicKeys = publicKeys; # Secret agent causes private keys in config file.
|
"keepassxc.ini.age".publicKeys =
|
||||||
|
publicKeys; # Secret agent causes private keys in config file.
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue