diff --git a/flake.nix b/flake.nix index 7887373..df3f6a8 100644 --- a/flake.nix +++ b/flake.nix @@ -2,13 +2,19 @@ inputs.nixpkgs.url = "nixpkgs/nixos-unstable"; inputs.impermanence.url = "github:nix-community/impermanence"; - outputs = { self, nixpkgs, impermanence }: + outputs = + { + self, + nixpkgs, + impermanence, + }: let inherit (nixpkgs) lib; - mypkgs = pkgs: - self.lib.dirToAttrs ./pkgs (x: pkgs.callPackage x { }) // - { + mypkgs = + pkgs: + self.lib.dirToAttrs ./pkgs (x: pkgs.callPackage x { }) + // { iso = import lib/gen-iso.nix lib pkgs.system; }; @@ -35,35 +41,34 @@ gen-ssh-config = import lib/gen-ssh-config.nix lib; ssh-keys = import lib/ssh-keys.nix; - dirToAttrs = dir: f: lib.mapAttrs' - (name: _: { + dirToAttrs = + dir: f: + lib.mapAttrs' (name: _: { name = lib.removeSuffix ".nix" name; value = f "${toString dir}/${name}"; - }) - (builtins.readDir dir); + }) (builtins.readDir dir); }; - nixosModules = - { - inherit pins; - inherit (impermanence.nixosModules) impermanence; - pkgs.nixpkgs.overlays = [ (_: mypkgs) ]; - } // - self.lib.dirToAttrs ./modules import; + nixosModules = { + inherit pins; + inherit (impermanence.nixosModules) impermanence; + pkgs.nixpkgs.overlays = [ (_: mypkgs) ]; + } // self.lib.dirToAttrs ./modules import; - nixosConfigurations = self.lib.dirToAttrs ./hosts - (dir: - let cfg = import dir; - in lib.nixosSystem { - inherit (cfg) system; - modules = - cfg.modules ++ - [{ networking.hostName = builtins.baseNameOf dir; }] ++ - (builtins.attrValues self.nixosModules); - } - ); + nixosConfigurations = self.lib.dirToAttrs ./hosts ( + dir: + let + cfg = import dir; + in + lib.nixosSystem { + inherit (cfg) system; + modules = + cfg.modules + ++ [ { networking.hostName = builtins.baseNameOf dir; } ] + ++ (builtins.attrValues self.nixosModules); + } + ); - packages = forAllSystems (system: - mypkgs nixpkgs.legacyPackages.${system}); + packages = forAllSystems (system: mypkgs nixpkgs.legacyPackages.${system}); }; } diff --git a/hosts/hp/configuration.nix b/hosts/hp/configuration.nix index 48eda11..cce9045 100644 --- a/hosts/hp/configuration.nix +++ b/hosts/hp/configuration.nix @@ -20,7 +20,10 @@ in ]; services.openssh.hostKeys = [ - { type = "ed25519"; path = "${persist}/ssh_host_ed25519_key"; } + { + type = "ed25519"; + path = "${persist}/ssh_host_ed25519_key"; + } ]; users.mutableUsers = false; @@ -36,11 +39,27 @@ in hardware.enableRedistributableFirmware = true; fileSystems = { - "/" = { device = "tmpfs"; fsType = "tmpfs"; options = [ "mode=755" ]; }; - "/boot" = { device = "/dev/disk/by-partlabel/EFI\\x20system\\x20partition"; fsType = "vfat"; }; - "/home" = { device = "zroot/locker/home"; fsType = "zfs"; }; - "/nix" = { device = "zroot/locker/nix"; fsType = "zfs"; }; - "/var/log" = { device = "zroot/locker/log"; fsType = "zfs"; }; + "/" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "mode=755" ]; + }; + "/boot" = { + device = "/dev/disk/by-partlabel/EFI\\x20system\\x20partition"; + fsType = "vfat"; + }; + "/home" = { + device = "zroot/locker/home"; + fsType = "zfs"; + }; + "/nix" = { + device = "zroot/locker/nix"; + fsType = "zfs"; + }; + "/var/log" = { + device = "zroot/locker/log"; + fsType = "zfs"; + }; }; system.stateVersion = "22.05"; diff --git a/hosts/levi/configuration.nix b/hosts/levi/configuration.nix index 95077e2..84cc7d2 100644 --- a/hosts/levi/configuration.nix +++ b/hosts/levi/configuration.nix @@ -8,7 +8,10 @@ in }; services.openssh.hostKeys = [ - { type = "ed25519"; path = "${persist}/ssh_host_ed25519_key"; } + { + type = "ed25519"; + path = "${persist}/ssh_host_ed25519_key"; + } ]; # services.ollama = { @@ -22,7 +25,10 @@ in sconfig = { gnome = true; desktop.enable = true; - wg-home = { enable = true; path = "${persist}/wireguard_home.conf"; }; + wg-home = { + enable = true; + path = "${persist}/wireguard_home.conf"; + }; }; environment.persistence."${persist}/system".directories = [ @@ -49,14 +55,32 @@ in boot = { loader.systemd-boot.enable = true; loader.efi.canTouchEfiVariables = true; - initrd.availableKernelModules = [ "xhci_pci" "vmd" "nvme" "sd_mod" ]; + initrd.availableKernelModules = [ + "xhci_pci" + "vmd" + "nvme" + "sd_mod" + ]; }; fileSystems = { - "/" = { device = "tmpfs"; fsType = "tmpfs"; options = [ "mode=755" ]; }; - "/boot" = { fsType = "vfat"; device = "/dev/nvme0n1p1"; }; - "/nix" = { device = "levi/nix"; fsType = "zfs"; }; - "/home" = { device = "levi/home"; fsType = "zfs"; }; + "/" = { + device = "tmpfs"; + fsType = "tmpfs"; + options = [ "mode=755" ]; + }; + "/boot" = { + fsType = "vfat"; + device = "/dev/nvme0n1p1"; + }; + "/nix" = { + device = "levi/nix"; + fsType = "zfs"; + }; + "/home" = { + device = "levi/home"; + fsType = "zfs"; + }; }; users.mutableUsers = false; diff --git a/lib/base64.nix b/lib/base64.nix index 0ac9803..cd64ca9 100644 --- a/lib/base64.nix +++ b/lib/base64.nix @@ -1,15 +1,20 @@ -{ runCommand }: { +{ runCommand }: +{ - b64decode = input: - builtins.readFile - (runCommand "b64decode" { } '' + b64decode = + input: + builtins.readFile ( + runCommand "b64decode" { } '' base64 -d >$out <${builtins.toFile "input" input} - ''); + '' + ); - b64encode = input: - builtins.readFile - (runCommand "b64encode" { } '' + b64encode = + input: + builtins.readFile ( + runCommand "b64encode" { } '' base64 -w0 >$out <${builtins.toFile "input" input} - ''); + '' + ); } diff --git a/lib/gen-iso.nix b/lib/gen-iso.nix index 7b67d06..0e76fbb 100644 --- a/lib/gen-iso.nix +++ b/lib/gen-iso.nix @@ -1,16 +1,18 @@ -lib: -system: +lib: system: let sys = lib.nixosSystem { inherit system; modules = [ - ({ modulesPath, ... }: { - imports = [ - "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" - ]; - isoImage.squashfsCompression = "gzip -Xcompression-level 1"; - }) + ( + { modulesPath, ... }: + { + imports = [ + "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" + ]; + isoImage.squashfsCompression = "gzip -Xcompression-level 1"; + } + ) ]; }; diff --git a/lib/gen-ssh-config.nix b/lib/gen-ssh-config.nix index c2164fc..da70efd 100644 --- a/lib/gen-ssh-config.nix +++ b/lib/gen-ssh-config.nix @@ -1,23 +1,22 @@ -lib: -nixosConfigurations: +lib: nixosConfigurations: let - sshKnownHostsTxt = builtins.toFile "known_hosts" (lib.concatMapStrings - (hostName: - let d = nixosConfigurations.${hostName}.config.deploy; - in lib.concatMapStrings (key: "${d.ssh.HostName} ${key}\n") d.sshPublicKeys - ) - (builtins.attrNames nixosConfigurations) + sshKnownHostsTxt = builtins.toFile "known_hosts" ( + lib.concatMapStrings ( + hostName: + let + d = nixosConfigurations.${hostName}.config.deploy; + in + lib.concatMapStrings (key: "${d.ssh.HostName} ${key}\n") d.sshPublicKeys + ) (builtins.attrNames nixosConfigurations) ); attrsToList = lib.mapAttrsToList (n: v: "${n} ${v}"); attrsToLines = a: lib.concatLines (attrsToList a); in -lib.concatMapStrings - (host: '' - Host ${host} - UserKnownHostsFile ${sshKnownHostsTxt} - ${attrsToLines nixosConfigurations.${host}.config.deploy.ssh} - '') - (builtins.attrNames nixosConfigurations) +lib.concatMapStrings (host: '' + Host ${host} + UserKnownHostsFile ${sshKnownHostsTxt} + ${attrsToLines nixosConfigurations.${host}.config.deploy.ssh} +'') (builtins.attrNames nixosConfigurations) diff --git a/modules/ad-domain.nix b/modules/ad-domain.nix index 8576767..5383cde 100644 --- a/modules/ad-domain.nix +++ b/modules/ad-domain.nix @@ -1,10 +1,17 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.sconfig.ad-domain; in { - options.sconfig.ad-domain = with lib; with types; + options.sconfig.ad-domain = + with lib; + with types; { enable = mkEnableOption "Join Domain with SSSD"; longname = mkOption { @@ -17,58 +24,57 @@ in }; }; - config = lib.mkIf cfg.enable - { - networking.domain = cfg.longname; - networking.search = [ (cfg.longname) ]; - security.pam.services.sshd.makeHomeDir = true; - security.krb5 = { - # These settings have been updated for NixOS 24.05. - # Breaking changes happenned since 23.11. - enable = true; - settings.libdefaults.default_realm = lib.toUpper cfg.longname; - }; - services.sssd = { - enable = true; - sshAuthorizedKeysIntegration = true; - config = '' - [sssd] - services = nss, pam, ssh - config_file_version = 2 - domains = ${cfg.longname} - [domain/${cfg.longname}] - id_provider = ad - ldap_sasl_mech = gssapi - access_provider = ad - override_homedir = /home/%u.%d - override_shell = /run/current-system/sw/bin/bash - ad_gpo_access_control = permissive - ad_gpo_ignore_unreadable = True - ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities - ldap_user_ssh_public_key = altSecurityIdentities - ldap_use_tokengroups = True - ''; - }; - # Samba is configured, but just for the "net" command, to - # join the domain. A better join method probably exists. - # `net ads join -U Administrator` - environment.systemPackages = [ pkgs.samba4Full ]; - systemd.services.samba-smbd.enable = lib.mkDefault false; - services.samba = { - enable = true; - enableNmbd = lib.mkDefault false; - enableWinbindd = lib.mkDefault false; - package = pkgs.samba4Full; - securityType = "ads"; - extraConfig = '' - realm = ${lib.toUpper cfg.longname} - workgroup = ${lib.toUpper cfg.shortname} - client use spnego = yes - restrict anonymous = 2 - server signing = mandatory - client signing = mandatory - kerberos method = secrets and keytab - ''; - }; + config = lib.mkIf cfg.enable { + networking.domain = cfg.longname; + networking.search = [ (cfg.longname) ]; + security.pam.services.sshd.makeHomeDir = true; + security.krb5 = { + # These settings have been updated for NixOS 24.05. + # Breaking changes happenned since 23.11. + enable = true; + settings.libdefaults.default_realm = lib.toUpper cfg.longname; }; + services.sssd = { + enable = true; + sshAuthorizedKeysIntegration = true; + config = '' + [sssd] + services = nss, pam, ssh + config_file_version = 2 + domains = ${cfg.longname} + [domain/${cfg.longname}] + id_provider = ad + ldap_sasl_mech = gssapi + access_provider = ad + override_homedir = /home/%u.%d + override_shell = /run/current-system/sw/bin/bash + ad_gpo_access_control = permissive + ad_gpo_ignore_unreadable = True + ldap_user_extra_attrs = altSecurityIdentities:altSecurityIdentities + ldap_user_ssh_public_key = altSecurityIdentities + ldap_use_tokengroups = True + ''; + }; + # Samba is configured, but just for the "net" command, to + # join the domain. A better join method probably exists. + # `net ads join -U Administrator` + environment.systemPackages = [ pkgs.samba4Full ]; + systemd.services.samba-smbd.enable = lib.mkDefault false; + services.samba = { + enable = true; + enableNmbd = lib.mkDefault false; + enableWinbindd = lib.mkDefault false; + package = pkgs.samba4Full; + securityType = "ads"; + extraConfig = '' + realm = ${lib.toUpper cfg.longname} + workgroup = ${lib.toUpper cfg.shortname} + client use spnego = yes + restrict anonymous = 2 + server signing = mandatory + client signing = mandatory + kerberos method = secrets and keytab + ''; + }; + }; } diff --git a/modules/backport.nix b/modules/backport.nix index d97942c..2cae525 100644 --- a/modules/backport.nix +++ b/modules/backport.nix @@ -1,24 +1,24 @@ let - brave = (final: prev: { - brave = - let - # updates to the newer version before it hits the channels - version = "1"; - hash = ""; - in - if - prev.lib.versionAtLeast prev.brave.version version - then - prev.brave - else - prev.brave.overrideAttrs { - src = prev.fetchurl { - inherit hash; - url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb"; + brave = ( + final: prev: { + brave = + let + # updates to the newer version before it hits the channels + version = "1"; + hash = ""; + in + if prev.lib.versionAtLeast prev.brave.version version then + prev.brave + else + prev.brave.overrideAttrs { + src = prev.fetchurl { + inherit hash; + url = "https://github.com/brave/brave-browser/releases/download/v${version}/brave-browser_${version}_amd64.deb"; + }; }; - }; - }); + } + ); in { diff --git a/modules/cli/default.nix b/modules/cli/default.nix index 16d8106..e3d068e 100644 --- a/modules/cli/default.nix +++ b/modules/cli/default.nix @@ -42,9 +42,11 @@ (writeShellScriptBin "dirt" "while sleep 1; do grep '^Dirty:' /proc/meminfo ; done") - (lib.hiPrio (writeShellScriptBin "iftop" '' - exec ${iftop}/bin/iftop -P -m100M "$@" - '')) + (lib.hiPrio ( + writeShellScriptBin "iftop" '' + exec ${iftop}/bin/iftop -P -m100M "$@" + '' + )) (writeShellScriptBin "bat" '' ${bat}/bin/bat --pager=never --color=always --wrap=never --terminal-width=80 "$@" @@ -85,7 +87,11 @@ update_process_names = 1; }; package = pkgs.htop.overrideAttrs ( - { patches ? [ ], ... }: { + { + patches ? [ ], + ... + }: + { patches = patches ++ [ # This patch fixes process sort order while in tree view. # Started in 3.3.0. Should be fixed in 3.4.0. diff --git a/modules/cli/powerline.nix b/modules/cli/powerline.nix index d3663e2..8d59857 100644 --- a/modules/cli/powerline.nix +++ b/modules/cli/powerline.nix @@ -1,7 +1,7 @@ { pkgs, ... }: let - left_hard_divider = builtins.fromJSON '' "\uE0B0" ''; - upper_left_triangle = builtins.fromJSON '' "\uE0BC" ''; + left_hard_divider = builtins.fromJSON ''"\uE0B0" ''; + upper_left_triangle = builtins.fromJSON ''"\uE0BC" ''; theme = { BoldForeground = true; @@ -11,16 +11,20 @@ let SeparatorFg = 16; }; - customEnd = [{ - Content = "$"; - Foreground = 231; - Background = 102; - Separator = left_hard_divider; - }]; + customEnd = [ + { + Content = "$"; + Foreground = 231; + Background = 102; + Separator = left_hard_divider; + } + ]; - plconfig = builtins.toFile "powerline-config.json" (builtins.toJSON { - modes.patched.Separator = upper_left_triangle; - }); + plconfig = builtins.toFile "powerline-config.json" ( + builtins.toJSON { + modes.patched.Separator = upper_left_triangle; + } + ); args = [ "-modules=\${remote:+'user,host,'}nix-shell,git,jobs,cwd,newline,customend" @@ -37,9 +41,7 @@ in environment.systemPackages = [ pkgs.powerline-go - (pkgs.writeShellScriptBin - "powerline-go-customend" - "echo '${builtins.toJSON customEnd}'") + (pkgs.writeShellScriptBin "powerline-go-customend" "echo '${builtins.toJSON customEnd}'") ]; environment.etc."powerline-theme.json".text = builtins.toJSON theme; diff --git a/modules/desktop/alacritty.nix b/modules/desktop/alacritty.nix index d40eae3..617063c 100644 --- a/modules/desktop/alacritty.nix +++ b/modules/desktop/alacritty.nix @@ -1,27 +1,50 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let - aconfig = (pkgs.formats.toml { }).generate "alacritty.toml" - { - env.TERM = "xterm-256color"; - font.size = 12; - window = { - dynamic_padding = true; - resize_increments = true; - dimensions = { columns = 120; lines = 40; }; + aconfig = (pkgs.formats.toml { }).generate "alacritty.toml" { + env.TERM = "xterm-256color"; + font.size = 12; + window = { + dynamic_padding = true; + resize_increments = true; + dimensions = { + columns = 120; + lines = 40; }; - keyboard.bindings = [ - { action = "ScrollHalfPageDown"; mods = "Shift"; key = "PageDown"; } - { action = "ScrollHalfPageUp"; mods = "Shift"; key = "PageUp"; } - { action = "SpawnNewInstance"; mods = "Control|Shift"; key = "N"; } - { action = "SpawnNewInstance"; mods = "Control|Shift"; key = "T"; } - ]; - colors = { - primary.background = "0x1e1e1e"; - primary.foreground = "0xffffff"; - }; - general.import = [ "${pkgs.alacritty-theme}/tango_dark.toml" ]; }; + keyboard.bindings = [ + { + action = "ScrollHalfPageDown"; + mods = "Shift"; + key = "PageDown"; + } + { + action = "ScrollHalfPageUp"; + mods = "Shift"; + key = "PageUp"; + } + { + action = "SpawnNewInstance"; + mods = "Control|Shift"; + key = "N"; + } + { + action = "SpawnNewInstance"; + mods = "Control|Shift"; + key = "T"; + } + ]; + colors = { + primary.background = "0x1e1e1e"; + primary.foreground = "0xffffff"; + }; + general.import = [ "${pkgs.alacritty-theme}/tango_dark.toml" ]; + }; # Alacritty seems to not communicate well with gnome-shell. Quick fix: notify-fix = pkgs.runCommand "alacritty-fix" { } '' diff --git a/modules/desktop/chromium.nix b/modules/desktop/chromium.nix index 5e4c163..3f3bf90 100644 --- a/modules/desktop/chromium.nix +++ b/modules/desktop/chromium.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { config = lib.mkIf (config.sconfig.desktop.enable) { environment.systemPackages = [ @@ -26,8 +31,14 @@ ShowFullUrlsInAddressBar = true; SyncDisabled = true; # required for BrowsingDataLifetime BrowsingDataLifetime = [ - { data_types = [ "browsing_history" ]; time_to_live_in_hours = 24 * 7; } - { data_types = [ "download_history" ]; time_to_live_in_hours = 6; } + { + data_types = [ "browsing_history" ]; + time_to_live_in_hours = 24 * 7; + } + { + data_types = [ "download_history" ]; + time_to_live_in_hours = 6; + } ]; }; }; diff --git a/modules/desktop/default.nix b/modules/desktop/default.nix index 0633ebe..a279ccc 100644 --- a/modules/desktop/default.nix +++ b/modules/desktop/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: with lib; { options.sconfig.desktop = { diff --git a/modules/desktop/firefox.nix b/modules/desktop/firefox.nix index 3da0f35..161a94f 100644 --- a/modules/desktop/firefox.nix +++ b/modules/desktop/firefox.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { config = lib.mkIf (config.sconfig.desktop.enable) { environment.systemPackages = [ @@ -12,25 +17,31 @@ OfferToSaveLogins = false; DisableFormHistory = true; SearchSuggestEnabled = false; - Preferences = builtins.mapAttrs - (n: v: { Value = v; Status = "locked"; }) - { - "accessibility.force_disabled" = 1; - "browser.aboutConfig.showWarning" = false; - "browser.contentblocking.category" = "strict"; - "browser.tabs.firefox-view" = false; - "browser.uitour.enabled" = false; - "browser.zoom.siteSpecific" = false; - "extensions.formautofill.addresses.enabled" = false; - "extensions.formautofill.creditCards.enabled" = false; - "extensions.formautofill.heuristics.enabled" = false; - "network.IDN_show_punycode" = true; - "places.history.expiration.max_pages" = 2048; - "ui.key.menuAccessKeyFocuses" = false; - }; - ExtensionSettings = - { "*".installation_mode = "blocked"; } // + Preferences = builtins.mapAttrs + (n: v: { + Value = v; + Status = "locked"; + }) + { + "accessibility.force_disabled" = 1; + "browser.aboutConfig.showWarning" = false; + "browser.contentblocking.category" = "strict"; + "browser.tabs.firefox-view" = false; + "browser.uitour.enabled" = false; + "browser.zoom.siteSpecific" = false; + "extensions.formautofill.addresses.enabled" = false; + "extensions.formautofill.creditCards.enabled" = false; + "extensions.formautofill.heuristics.enabled" = false; + "network.IDN_show_punycode" = true; + "places.history.expiration.max_pages" = 2048; + "ui.key.menuAccessKeyFocuses" = false; + }; + ExtensionSettings = + { + "*".installation_mode = "blocked"; + } + // builtins.mapAttrs (n: v: { installation_mode = "force_installed"; install_url = "https://addons.mozilla.org/firefox/downloads/latest/${v}/latest.xpi"; diff --git a/modules/desktop/vscode.nix b/modules/desktop/vscode.nix index f3f6784..d233bed 100644 --- a/modules/desktop/vscode.nix +++ b/modules/desktop/vscode.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: { config = lib.mkIf (config.sconfig.desktop.enable) { environment.systemPackages = with pkgs; [ @@ -22,9 +27,8 @@ environment.etc."vscode-keybindings.json".source = ./vscode-keybindings.json; environment.etc."vscode-settings.json".text = builtins.toJSON ( - ( - builtins.fromJSON (builtins.readFile ./vscode-settings.json) - ) // { + (builtins.fromJSON (builtins.readFile ./vscode-settings.json)) + // { # NixOS-specific vscode settings: "extensions.autoCheckUpdates" = false; "extensions.autoUpdate" = false; diff --git a/modules/devtools.nix b/modules/devtools.nix index 5d981db..92fbf65 100644 --- a/modules/devtools.nix +++ b/modules/devtools.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let cfg = config.sconfig.devtools; in @@ -6,37 +11,35 @@ in options.sconfig.devtools.enable = lib.mkEnableOption "Development Tools"; config = lib.mkIf cfg.enable { - environment.systemPackages = with pkgs; - [ - black - cargo - efm-langserver - errcheck - go - gopls - kubectl - kubernetes-helm - lua-language-server - nil - nodePackages.prettier - nodePackages.typescript-language-server - pyright - rust-analyzer - rustc - rustc.llvmPackages.lld - rustfmt - stern - terraform - terraform-ls - vscode-langservers-extracted - yaml-language-server + environment.systemPackages = with pkgs; [ + black + cargo + efm-langserver + errcheck + go + gopls + kubectl + kubernetes-helm + lua-language-server + nil + nodePackages.prettier + nodePackages.typescript-language-server + pyright + rust-analyzer + rustc + rustc.llvmPackages.lld + rustfmt + stern + terraform + terraform-ls + vscode-langservers-extracted + yaml-language-server - # dedicated script, because bash aliases dont work with `watch` - (writeShellScriptBin "k" "exec kubectl \"$@\"") + # dedicated script, because bash aliases dont work with `watch` + (writeShellScriptBin "k" "exec kubectl \"$@\"") - (google-cloud-sdk.withExtraComponents - [ google-cloud-sdk.components.gke-gcloud-auth-plugin ]) - ]; + (google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ]) + ]; programs.bash.interactiveShellInit = '' alias t=terraform complete -C terraform t diff --git a/modules/gnome.nix b/modules/gnome.nix index 579766b..a974850 100644 --- a/modules/gnome.nix +++ b/modules/gnome.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let cfg = config.sconfig.gnome; in diff --git a/modules/helix/default.nix b/modules/helix/default.nix index 0365633..85900b6 100644 --- a/modules/helix/default.nix +++ b/modules/helix/default.nix @@ -4,90 +4,115 @@ let exec prettier --stdin-filepath "$HX_FILE" ''; - prettier-formats = map - (name: { - inherit name; - auto-format = true; - indent = { tab-width = 4; unit = "\t"; }; - formatter.command = hx-pretty; - }) - [ - "css" - "html" - "javascript" - "json" - "typescript" - ]; + prettier-formats = + map + (name: { + inherit name; + auto-format = true; + indent = { + tab-width = 4; + unit = "\t"; + }; + formatter.command = hx-pretty; + }) + [ + "css" + "html" + "javascript" + "json" + "typescript" + ]; in { - environment.etc."bck-helix/config.toml".source = - (pkgs.formats.toml { }).generate "config.toml" { - theme = "dark_plus"; - editor = { - auto-format = true; - bufferline = "multiple"; - indent-guides.render = true; - line-number = "relative"; - mouse = false; - scrolloff = 10; - true-color = true; - }; - keys = { - normal.A-j = ":buffer-previous"; - normal.A-k = ":buffer-next"; - normal.space.e = ":w"; - normal.space.x = ":q"; - normal.space.backspace = ":reset-diff-change"; - }; + environment.etc."bck-helix/config.toml".source = (pkgs.formats.toml { }).generate "config.toml" { + theme = "dark_plus"; + editor = { + auto-format = true; + bufferline = "multiple"; + indent-guides.render = true; + line-number = "relative"; + mouse = false; + scrolloff = 10; + true-color = true; }; + keys = { + normal.A-j = ":buffer-previous"; + normal.A-k = ":buffer-next"; + normal.space.e = ":w"; + normal.space.x = ":q"; + normal.space.backspace = ":reset-diff-change"; + }; + }; environment.etc."bck-helix/languages.toml".source = - (pkgs.formats.toml { }).generate "languages.toml" { - language = prettier-formats ++ [ - { - name = "bash"; - auto-format = true; - indent = { tab-width = 4; unit = "\t"; }; - } - { - name = "lua"; - auto-format = true; - indent = { tab-width = 4; unit = "\t"; }; - } - { - name = "nix"; - auto-format = true; - formatter = { command = "nixfmt"; args = [ "--verify" ]; }; - } - { - name = "python"; - auto-format = true; - language-servers = [ "pyright" ]; - formatter = { command = "black"; args = [ "--quiet" "-" ]; }; - } - { - name = "yaml"; - auto-format = true; - formatter.command = hx-pretty; - } - ]; - language-server = { - pyright = { - command = "pyright-langserver"; - args = [ "--stdio" ]; + (pkgs.formats.toml { }).generate "languages.toml" + { + language = prettier-formats ++ [ + { + name = "bash"; + auto-format = true; + indent = { + tab-width = 4; + unit = "\t"; + }; + } + { + name = "lua"; + auto-format = true; + indent = { + tab-width = 4; + unit = "\t"; + }; + } + { + name = "nix"; + auto-format = true; + formatter = { + command = "nixfmt"; + args = [ "--verify" ]; + }; + } + { + name = "python"; + auto-format = true; + language-servers = [ "pyright" ]; + formatter = { + command = "black"; + args = [ + "--quiet" + "-" + ]; + }; + } + { + name = "yaml"; + auto-format = true; + formatter.command = hx-pretty; + } + ]; + language-server = { + pyright = { + command = "pyright-langserver"; + args = [ "--stdio" ]; + }; }; }; - }; environment.systemPackages = with pkgs; [ - (helix.overrideAttrs ({ patches ? [ ], ... }: { - # Patch required for .editorconfig to work properly with formatters - patches = patches ++ [ ./format-filepath.patch ]; - postPatch = '' - sed 's/tab-width = .,/tab-width = 4,/' -i languages.toml - ''; - })) + (helix.overrideAttrs ( + { + patches ? [ ], + ... + }: + { + # Patch required for .editorconfig to work properly with formatters + patches = patches ++ [ ./format-filepath.patch ]; + postPatch = '' + sed 's/tab-width = .,/tab-width = 4,/' -i languages.toml + ''; + } + )) ]; environment.etc."bck-settings.sh".text = '' diff --git a/modules/plasma.nix b/modules/plasma.nix index d3ec47b..068046c 100644 --- a/modules/plasma.nix +++ b/modules/plasma.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let cfg = config.sconfig.plasma; in diff --git a/modules/security-tools.nix b/modules/security-tools.nix index 9540648..b61adce 100644 --- a/modules/security-tools.nix +++ b/modules/security-tools.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.sconfig.security-tools; diff --git a/modules/swapspace.nix b/modules/swapspace.nix index 2272547..28eb9ff 100644 --- a/modules/swapspace.nix +++ b/modules/swapspace.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.sconfig.swapspace; in diff --git a/modules/wg-home.nix b/modules/wg-home.nix index ace6d10..daca5bf 100644 --- a/modules/wg-home.nix +++ b/modules/wg-home.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.sconfig.wg-home; in diff --git a/pkgs/bck-authorized-keys.nix b/pkgs/bck-authorized-keys.nix index a7e3101..b565cbc 100644 --- a/pkgs/bck-authorized-keys.nix +++ b/pkgs/bck-authorized-keys.nix @@ -1,5 +1,6 @@ -{ lib -, writeTextDir +{ + lib, + writeTextDir, }: writeTextDir "authorized_keys" (lib.concatLines (import ../lib/ssh-keys.nix)) diff --git a/pkgs/bck-nvim/default.nix b/pkgs/bck-nvim/default.nix index 1d3d5d2..980c97f 100644 --- a/pkgs/bck-nvim/default.nix +++ b/pkgs/bck-nvim/default.nix @@ -1,20 +1,17 @@ -{ lib -, extraBinPaths ? [ ] -, neovim-unwrapped -, vimPlugins -, wrapNeovim +{ + lib, + extraBinPaths ? [ ], + neovim-unwrapped, + vimPlugins, + wrapNeovim, }: let - luafiles = lib.concatLines (map - (x: "luafile ${./lua}/${x}") - (builtins.attrNames (builtins.readDir ./lua)) + luafiles = lib.concatLines ( + map (x: "luafile ${./lua}/${x}") (builtins.attrNames (builtins.readDir ./lua)) ); - extraPath = lib.concatLines (map - (p: "let $PATH .= ':${p}/bin'") - (extraBinPaths) - ); + extraPath = lib.concatLines (map (p: "let $PATH .= ':${p}/bin'") (extraBinPaths)); in wrapNeovim neovim-unwrapped { diff --git a/pkgs/binaryninja/default.nix b/pkgs/binaryninja/default.nix index 9db20fb..e66aed3 100644 --- a/pkgs/binaryninja/default.nix +++ b/pkgs/binaryninja/default.nix @@ -1,11 +1,12 @@ -{ stdenv -, autoPatchelfHook -, libglvnd -, makeWrapper -, python3 -, qt6 -, requireFile -, unzip +{ + stdenv, + autoPatchelfHook, + libglvnd, + makeWrapper, + python3, + qt6, + requireFile, + unzip, }: let diff --git a/pkgs/deploy/default.nix b/pkgs/deploy/default.nix index 094972b..a1ab5b2 100644 --- a/pkgs/deploy/default.nix +++ b/pkgs/deploy/default.nix @@ -1,6 +1,7 @@ -{ nixos-rebuild -, python3 -, writeShellScriptBin +{ + nixos-rebuild, + python3, + writeShellScriptBin, }: writeShellScriptBin "deploy" '' diff --git a/pkgs/firecracker-vm/default.nix b/pkgs/firecracker-vm/default.nix index 739dcf8..ecd19f6 100644 --- a/pkgs/firecracker-vm/default.nix +++ b/pkgs/firecracker-vm/default.nix @@ -1,34 +1,39 @@ -{ callPackage -, firecracker -, writeShellApplication -, writeText +{ + callPackage, + firecracker, + writeShellApplication, + writeText, }: let kernel = callPackage ./kernel.nix { }; rootfs = callPackage ./rootfs.nix { }; - vmconfig = writeText "vmconfig.json" (builtins.toJSON { - boot-source = { - kernel_image_path = "${kernel}/vmlinux"; - boot_args = "panic=1 console=ttyS0 ro"; - }; - drives = [ - { - drive_id = "rootfs"; - path_on_host = rootfs; - is_root_device = true; - is_read_only = true; - } - ]; - machine-config.vcpu_count = 2; - machine-config.mem_size_mib = 1024; - network-interfaces = [ ]; - }); + vmconfig = writeText "vmconfig.json" ( + builtins.toJSON { + boot-source = { + kernel_image_path = "${kernel}/vmlinux"; + boot_args = "panic=1 console=ttyS0 ro"; + }; + drives = [ + { + drive_id = "rootfs"; + path_on_host = rootfs; + is_root_device = true; + is_read_only = true; + } + ]; + machine-config.vcpu_count = 2; + machine-config.mem_size_mib = 1024; + network-interfaces = [ ]; + } + ); in writeShellApplication { name = "firecracker-vm"; text = "${firecracker}/bin/firecracker --no-api --config-file ${vmconfig}"; - derivationArgs.passthru = { inherit kernel rootfs; }; + derivationArgs.passthru = { + inherit kernel rootfs; + }; } diff --git a/pkgs/firecracker-vm/kernel.nix b/pkgs/firecracker-vm/kernel.nix index 74cd326..1563cc5 100644 --- a/pkgs/firecracker-vm/kernel.nix +++ b/pkgs/firecracker-vm/kernel.nix @@ -1,7 +1,8 @@ -{ fetchFromGitHub -, linuxManualConfig -, linux_6_1 -, kernel ? linux_6_1 +{ + fetchFromGitHub, + linuxManualConfig, + linux_6_1, + kernel ? linux_6_1, }: let @@ -12,23 +13,21 @@ let hash = "sha256-NuVH12cy38uu+8oms66p9k0xoMOJSl5AvY5pD1FCKkI="; }; - shortVer = builtins.head ( - builtins.match - "([0-9]+\.[0-9]+).*" - kernel.version - ); + shortVer = builtins.head (builtins.match "([0-9]+\.[0-9]+).*" kernel.version); in (linuxManualConfig { inherit (kernel) src version; - configfile = - "${fcsrc}/resources/guest_configs/microvm-kernel-ci-x86_64-${shortVer}.config"; + configfile = "${fcsrc}/resources/guest_configs/microvm-kernel-ci-x86_64-${shortVer}.config"; -}).overrideAttrs (o: { +}).overrideAttrs + (o: { - postInstall = (o.postInstall or "") + '' - cp vmlinux $out/ - ''; + postInstall = + (o.postInstall or "") + + '' + cp vmlinux $out/ + ''; -}) + }) diff --git a/pkgs/firecracker-vm/rootfs.nix b/pkgs/firecracker-vm/rootfs.nix index 81adba8..02544c1 100644 --- a/pkgs/firecracker-vm/rootfs.nix +++ b/pkgs/firecracker-vm/rootfs.nix @@ -1,8 +1,9 @@ -{ e2fsprogs -, pkgsStatic -, runCommand -, util-linux -, writeShellScript +{ + e2fsprogs, + pkgsStatic, + runCommand, + util-linux, + writeShellScript, }: let diff --git a/pkgs/ftb.nix b/pkgs/ftb.nix index 8425d2c..8b7673e 100644 --- a/pkgs/ftb.nix +++ b/pkgs/ftb.nix @@ -1,8 +1,9 @@ -{ lib -, dpkg -, fetchurl -, stdenv -, steam-run +{ + lib, + dpkg, + fetchurl, + stdenv, + steam-run, }: stdenv.mkDerivation rec { diff --git a/pkgs/mp4grep.nix b/pkgs/mp4grep.nix index bd0f6aa..a3ce523 100644 --- a/pkgs/mp4grep.nix +++ b/pkgs/mp4grep.nix @@ -1,11 +1,12 @@ -{ stdenv -, autoPatchelfHook -, fetchFromGitHub -, fetchzip -, gcc-unwrapped -, makeWrapper -, ocamlPackages -, model ? "small" +{ + stdenv, + autoPatchelfHook, + fetchFromGitHub, + fetchzip, + gcc-unwrapped, + makeWrapper, + ocamlPackages, + model ? "small", }: let @@ -30,8 +31,7 @@ let ''; in -stdenv.mkDerivation rec -{ +stdenv.mkDerivation rec { pname = "mp4grep"; version = "0.1.4"; diff --git a/pkgs/weevely.nix b/pkgs/weevely.nix index 2078c11..c9f8b71 100644 --- a/pkgs/weevely.nix +++ b/pkgs/weevely.nix @@ -1,4 +1,9 @@ -{ stdenv, python3, fetchFromGitHub, makeWrapper }: +{ + stdenv, + python3, + fetchFromGitHub, + makeWrapper, +}: stdenv.mkDerivation rec { pname = "weevely"; @@ -11,14 +16,16 @@ stdenv.mkDerivation rec { sha256 = "0sgjf7ihgipb33k73d84dcx7snv2fvbzyd0f4468k1w5w6zqm9xj"; }; - pythonWithPkgs = python3.withPackages (ps: with ps; [ - Mako - prettytable - pyopenssl - pysocks - python-dateutil - pyyaml - ]); + pythonWithPkgs = python3.withPackages ( + ps: with ps; [ + Mako + prettytable + pyopenssl + pysocks + python-dateutil + pyyaml + ] + ); buildInputs = [ makeWrapper ];