From f173b9d2361400a348af0a088775f807a9368368 Mon Sep 17 00:00:00 2001 From: Lorenzo Good Date: Tue, 24 Feb 2026 00:00:35 -0800 Subject: [PATCH] Nixfmt Tree --- common/backups/restic.nix | 19 +++-- common/caddy.nix | 11 ++- common/nix.nix | 18 ++++- common/nixos.nix | 16 +++- common/services/authelia.nix | 21 +++-- common/services/gitea.nix | 10 ++- common/services/goatcounter.nix | 8 +- common/services/lldap.nix | 15 +++- common/services/vaultwarden.nix | 6 +- common/sudo.nix | 3 +- common/tailscale.nix | 15 +++- common/users/admin.nix | 16 +++- flake.nix | 80 +++++++++++-------- lib/data.nix | 7 +- lib/nixos.nix | 39 ++++----- lib/packages.nix | 39 +++++---- lib/utils.nix | 79 +++++++++--------- machines/lebesgue/config/configuration.nix | 11 ++- .../config/hardware-configuration.nix | 53 +++++++++--- machines/lebesgue/config/routing.nix | 3 +- machines/lebesgue/config/secrets.nix | 59 ++++++++------ machines/lebesgue/config/state.nix | 12 ++- machines/lebesgue/flake.nix | 65 +++++++++------ 23 files changed, 381 insertions(+), 224 deletions(-) diff --git a/common/backups/restic.nix b/common/backups/restic.nix index 964e779..a7a235b 100644 --- a/common/backups/restic.nix +++ b/common/backups/restic.nix @@ -3,10 +3,17 @@ pkgs, lib, ... -}: let - inherit (lib) mkIf mkEnableOption mkOption types; +}: +let + inherit (lib) + mkIf + mkEnableOption + mkOption + types + ; cfg = config.foehammer.backups.restic; -in { +in +{ options.foehammer.backups.restic = { enable = mkEnableOption "Enable restic backups"; @@ -24,17 +31,17 @@ in { paths = mkOption { type = lib.types.nullOr (lib.types.listOf lib.types.str); - default = []; + default = [ ]; }; exclude = mkOption { type = lib.types.nullOr (lib.types.listOf lib.types.str); - default = []; + default = [ ]; }; }; config = mkIf cfg.enable { - users.groups.restic = {}; + users.groups.restic = { }; users.users.restic = { isSystemUser = true; group = "restic"; diff --git a/common/caddy.nix b/common/caddy.nix index 3d9332b..5ce94c0 100644 --- a/common/caddy.nix +++ b/common/caddy.nix @@ -2,10 +2,12 @@ config, lib, ... -}: let +}: +let inherit (lib) mkIf mkEnableOption; cfg = config.foehammer.caddy; -in { +in +{ options.foehammer.caddy.enable = mkEnableOption "Enable caddy with default configuration."; config = mkIf cfg.enable { services.caddy = { @@ -13,6 +15,9 @@ in { email = "foehammer127points+acme@gmail.com"; }; - networking.firewall.allowedTCPPorts = [80 443]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; }; } diff --git a/common/nix.nix b/common/nix.nix index d1e5a04..86e4362 100644 --- a/common/nix.nix +++ b/common/nix.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ nix = { extraOptions = '' experimental-features = nix-command flakes @@ -17,10 +18,19 @@ "nix-command" ]; - trusted-users = ["root" "@wheel"]; + trusted-users = [ + "root" + "@wheel" + ]; - substituters = ["https://cache.nixos.org" "https://cache.garnix.io"]; - trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="]; + substituters = [ + "https://cache.nixos.org" + "https://cache.garnix.io" + ]; + trusted-public-keys = [ + "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + ]; }; }; } diff --git a/common/nixos.nix b/common/nixos.nix index 4efd20e..4c1364e 100644 --- a/common/nixos.nix +++ b/common/nixos.nix @@ -3,20 +3,28 @@ lib, pkgs, ... -}: let +}: +let inherit (lib) mkIf; -in { +in +{ config = { users.mutableUsers = false; - environment.systemPackages = with pkgs; [neovim git]; + environment.systemPackages = with pkgs; [ + neovim + git + ]; networking = { firewall = { enable = true; }; - nameservers = ["1.1.1.1" "8.8.8.8"]; + nameservers = [ + "1.1.1.1" + "8.8.8.8" + ]; # If using dhcpcd: dhcpcd.extraConfig = mkIf config.networking.dhcpcd.enable "nohook resolv.conf"; # If using NetworkManager: diff --git a/common/services/authelia.nix b/common/services/authelia.nix index 03ad7bb..a4828cd 100644 --- a/common/services/authelia.nix +++ b/common/services/authelia.nix @@ -2,11 +2,18 @@ config, lib, ... -}: let - inherit (lib) mkIf types mkOption mkEnableOption; +}: +let + inherit (lib) + mkIf + types + mkOption + mkEnableOption + ; cfg = config.foehammer.services.authelia; -in { +in +{ options.foehammer.services.authelia = { enable = mkEnableOption "Enable authelia server component."; domain = mkOption { @@ -27,7 +34,6 @@ in { type = types.path; }; - # https://www.authelia.com/integration/ldap/lldap/ ldap = { addr = mkOption { @@ -102,7 +108,7 @@ in { settingsFiles = mkOption { type = types.listOf types.path; - default = []; + default = [ ]; example = [ "/etc/authelia/config.yml" "/etc/authelia/access-control.yml" @@ -124,7 +130,7 @@ in { If you provide the raw secret rather than the location of a secret file that secret will be preserved in the nix store. For more details: https://www.authelia.com/configuration/methods/secrets/ ''; - default = {}; + default = { }; }; }; @@ -190,8 +196,7 @@ in { }; secrets = { - inherit - (cfg) + inherit (cfg) jwtSecretFile oidcIssuerPrivateKeyFile oidcHmacSecretFile diff --git a/common/services/gitea.nix b/common/services/gitea.nix index b60a41a..a52c91d 100644 --- a/common/services/gitea.nix +++ b/common/services/gitea.nix @@ -3,11 +3,13 @@ lib, pkgs, ... -}: let +}: +let inherit (lib) mkEnableOption mkIf mkOption; cfg = config.foehammer.services.forgejo; -in { +in +{ options.foehammer.services.forgejo = { enable = mkEnableOption "Enable Gitea Server"; @@ -44,8 +46,8 @@ in { settings = { service = { - DISABLE_REGISTRATION = true; - SHOW_REGISTRATION_BUTTON = false; + DISABLE_REGISTRATION = true; + SHOW_REGISTRATION_BUTTON = false; }; ui = { SHOW_USER_EMAIL = false; diff --git a/common/services/goatcounter.nix b/common/services/goatcounter.nix index 21a1c32..b47931d 100644 --- a/common/services/goatcounter.nix +++ b/common/services/goatcounter.nix @@ -3,11 +3,13 @@ lib, pkgs, ... -}: let +}: +let inherit (lib) mkEnableOption mkIf mkOption; cfg = config.foehammer.services.goatcounter; -in { +in +{ options.foehammer.services.goatcounter = { enable = mkEnableOption "Enable goatcounter server"; @@ -26,7 +28,7 @@ in { createHome = true; group = "goatcounter"; }; - users.groups.goatcounter = {}; + users.groups.goatcounter = { }; systemd.services.goatcounter = { serviceConfig = { diff --git a/common/services/lldap.nix b/common/services/lldap.nix index a72f258..3d7699b 100644 --- a/common/services/lldap.nix +++ b/common/services/lldap.nix @@ -3,11 +3,18 @@ lib, pkgs, ... -}: let - inherit (lib) mkEnableOption types mkIf mkOption; +}: +let + inherit (lib) + mkEnableOption + types + mkIf + mkOption + ; cfg = config.foehammer.services.lldap; -in { +in +{ options.foehammer.services.lldap = { enable = mkEnableOption "Enable LLDAP Server"; @@ -77,7 +84,7 @@ in { createHome = true; group = "lldap"; }; - users.groups.lldap = {}; + users.groups.lldap = { }; systemd.services.lldap.serviceConfig.DynamicUser = lib.mkForce false; }; diff --git a/common/services/vaultwarden.nix b/common/services/vaultwarden.nix index 2fbe7aa..ac7f306 100644 --- a/common/services/vaultwarden.nix +++ b/common/services/vaultwarden.nix @@ -3,11 +3,13 @@ lib, pkgs, ... -}: let +}: +let inherit (lib) mkEnableOption mkIf mkOption; cfg = config.foehammer.services.vaultwarden; -in { +in +{ options.foehammer.services.vaultwarden = { enable = mkEnableOption "Enable Vaultwarden Server"; diff --git a/common/sudo.nix b/common/sudo.nix index fe3c1da..cd65307 100644 --- a/common/sudo.nix +++ b/common/sudo.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ security.sudo = { enable = true; execWheelOnly = true; diff --git a/common/tailscale.nix b/common/tailscale.nix index 0cb3ff1..746c925 100644 --- a/common/tailscale.nix +++ b/common/tailscale.nix @@ -2,10 +2,17 @@ config, lib, ... -}: let - inherit (lib) mkEnableOption mkOption types mkIf; +}: +let + inherit (lib) + mkEnableOption + mkOption + types + mkIf + ; cfg = config.foehammer.tailscale; -in { +in +{ options.foehammer.tailscale = { enable = mkEnableOption "Enable tailscale"; authKeyFile = mkOption { @@ -20,6 +27,6 @@ in { openFirewall = true; }; - networking.firewall.trustedInterfaces = ["tailscale0"]; + networking.firewall.trustedInterfaces = [ "tailscale0" ]; }; } diff --git a/common/users/admin.nix b/common/users/admin.nix index 31a3094..0e588ec 100644 --- a/common/users/admin.nix +++ b/common/users/admin.nix @@ -3,10 +3,18 @@ lib, foelib, ... -}: let - inherit (lib) mkIf mkOption mkEnableOption optionals types; +}: +let + inherit (lib) + mkIf + mkOption + mkEnableOption + optionals + types + ; cfg = config.foehammer.users.admin; -in { +in +{ options.foehammer.users.admin = { enable = mkEnableOption "Enable a wheel admin user."; hashedPasswordFile = mkOption { @@ -20,7 +28,7 @@ in { description = "SSH Admin User."; group = "admin"; - extraGroups = ["wheel"] ++ optionals config.virtualisation.docker.enable ["docker"]; + extraGroups = [ "wheel" ] ++ optionals config.virtualisation.docker.enable [ "docker" ]; isNormalUser = true; uid = 9999; diff --git a/flake.nix b/flake.nix index 70eae05..fa3d65a 100644 --- a/flake.nix +++ b/flake.nix @@ -5,38 +5,54 @@ flake-parts.url = "github:hercules-ci/flake-parts"; }; - outputs = inputs @ {self, ...}: - inputs.flake-parts.lib.mkFlake {inherit inputs;} (toplevel @ {withSystem, ...}: { - systems = ["aarch64-darwin" "aarch64-linux" "x86_64-linux"]; + outputs = + inputs@{ self, ... }: + inputs.flake-parts.lib.mkFlake { inherit inputs; } ( + toplevel@{ withSystem, ... }: + { + systems = [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-linux" + ]; - perSystem = { - config, - self', - inputs', - pkgs, - system, - ... - }: { - _module.args.pkgs = import inputs.nixpkgs { - localSystem = system; - config = { - allowUnfree = true; - allowAliases = true; + perSystem = + { + config, + self', + inputs', + pkgs, + system, + ... + }: + { + _module.args.pkgs = import inputs.nixpkgs { + localSystem = system; + config = { + allowUnfree = true; + allowAliases = true; + }; + # overlays = [self.overlays.default]; + }; + + devShells.default = pkgs.mkShell { + buildInputs = with pkgs; [ nixfmt-tree ]; + }; + + # packages = import ./lib/packages.nix pkgs; + }; + + flake = { + lib = import ./lib inputs.nixpkgs withSystem; + + # overlays.default = final: prev: (import ./lib/packages.nix prev); + + nixosModules.default = + { ... }: + { + imports = self.lib.utils.findNixFiles ./common; + }; }; - # overlays = [self.overlays.default]; - }; - - # packages = import ./lib/packages.nix pkgs; - }; - - flake = { - lib = import ./lib inputs.nixpkgs withSystem; - - # overlays.default = final: prev: (import ./lib/packages.nix prev); - - nixosModules.default = {...}: { - imports = self.lib.utils.findNixFiles ./common; - }; - }; - }); + } + ); } diff --git a/lib/data.nix b/lib/data.nix index d0aec59..3ef9b77 100644 --- a/lib/data.nix +++ b/lib/data.nix @@ -1,6 +1,7 @@ rec { - getSSHKeys = let - sshKeys = builtins.fromTOML (builtins.readFile ../data/ssh-keys.toml); - in + getSSHKeys = + let + sshKeys = builtins.fromTOML (builtins.readFile ../data/ssh-keys.toml); + in name: (builtins.mapAttrs (_: value: builtins.attrValues value) sshKeys)."${name}"; } diff --git a/lib/nixos.nix b/lib/nixos.nix index b919731..e943a2f 100644 --- a/lib/nixos.nix +++ b/lib/nixos.nix @@ -1,25 +1,28 @@ -nixpkgs: withSystem: let +nixpkgs: withSystem: +let foelib = import ./default.nix nixpkgs withSystem; -in { - mkSystem = hostname: host-platform: modules: - withSystem host-platform - ({pkgs, ...}: +in +{ + mkSystem = + hostname: host-platform: modules: + withSystem host-platform ( + { pkgs, ... }: nixpkgs.lib.nixosSystem { - modules = - [ - { - nix.registry = { - nixpkgs.flake = nixpkgs; - p.flake = nixpkgs; - }; - nixpkgs.pkgs = pkgs; + modules = [ + { + nix.registry = { + nixpkgs.flake = nixpkgs; + p.flake = nixpkgs; + }; + nixpkgs.pkgs = pkgs; - networking.hostName = hostname; - } - ] - ++ modules; + networking.hostName = hostname; + } + ] + ++ modules; specialArgs = { inherit hostname foelib; }; - }); + } + ); } diff --git a/lib/packages.nix b/lib/packages.nix index 1aee83b..0f59e7f 100644 --- a/lib/packages.nix +++ b/lib/packages.nix @@ -1,28 +1,25 @@ -pkgs: let - getPackages = dir: let - entries = builtins.readDir dir; +pkgs: +let + getPackages = + dir: + let + entries = builtins.readDir dir; - procEntry = name: type: let - path = dir + "/${name}"; + procEntry = + name: type: + let + path = dir + "/${name}"; + in + if type == "directory" then + (if builtins.pathExists (path + "/default.nix") then [ path ] else [ ]) + else + [ ]; in - if type == "directory" - then - ( - if builtins.pathExists (path + "/default.nix") - then [path] - else [] - ) - else []; - in - builtins.concatLists ( - builtins.attrValues ( - builtins.mapAttrs procEntry entries - ) - ); + builtins.concatLists (builtins.attrValues (builtins.mapAttrs procEntry entries)); buildPackage = path: { name = builtins.baseNameOf (toString path); - value = pkgs.callPackage (path + "/default.nix") {}; + value = pkgs.callPackage (path + "/default.nix") { }; }; in - builtins.listToAttrs (builtins.map buildPackage (getPackages ../packages)) +builtins.listToAttrs (builtins.map buildPackage (getPackages ../packages)) diff --git a/lib/utils.nix b/lib/utils.nix index aa06bc0..2856cbd 100644 --- a/lib/utils.nix +++ b/lib/utils.nix @@ -1,47 +1,54 @@ rec { - findNixFiles = dir: let - inherit (builtins) attrNames readDir pathExists concatMap; + findNixFiles = + dir: + let + inherit (builtins) + attrNames + readDir + pathExists + concatMap + ; - # Helper function to build full paths - fullPath = name: dir + "/${name}"; + # Helper function to build full paths + fullPath = name: dir + "/${name}"; - # Get directory contents - contents = readDir dir; + # Get directory contents + contents = readDir dir; - # Convert contents attrset to list of names - names = attrNames contents; + # Convert contents attrset to list of names + names = attrNames contents; - # Filter and process each item - processItem = name: let - path = fullPath name; - type = contents.${name}; + # Filter and process each item + processItem = + name: + let + path = fullPath name; + type = contents.${name}; + in + if type == "regular" && hasSuffix "nix" name then + [ path ] + else if type == "directory" && pathExists path then + findNixFiles path + else + [ ]; in - if type == "regular" && hasSuffix "nix" name - then [path] - else if type == "directory" && pathExists path - then findNixFiles path - else []; - in concatMap processItem names; - getName = filename: let - parts = builtins.split "\\." filename; - base = builtins.head (builtins.split "\\." filename); - in - if builtins.length parts == 1 - then filename - else base; + getName = + filename: + let + parts = builtins.split "\\." filename; + base = builtins.head (builtins.split "\\." filename); + in + if builtins.length parts == 1 then filename else base; - getSuffix = filename: let - parts = builtins.split "\\." filename; - end = builtins.tail (builtins.split "\\." filename); - in - if builtins.length parts == 1 - then filename - else builtins.elemAt end (builtins.length end - 1); + getSuffix = + filename: + let + parts = builtins.split "\\." filename; + end = builtins.tail (builtins.split "\\." filename); + in + if builtins.length parts == 1 then filename else builtins.elemAt end (builtins.length end - 1); - hasSuffix = suffix: filename: - if (getSuffix filename) == suffix - then true - else false; + hasSuffix = suffix: filename: if (getSuffix filename) == suffix then true else false; } diff --git a/machines/lebesgue/config/configuration.nix b/machines/lebesgue/config/configuration.nix index 97eeee5..ad4205e 100644 --- a/machines/lebesgue/config/configuration.nix +++ b/machines/lebesgue/config/configuration.nix @@ -3,7 +3,8 @@ lib, pkgs, ... -}: { +}: +{ foehammer = { users.admin = { enable = true; @@ -62,7 +63,11 @@ environmentFile = config.sops.secrets.restic-env.path; passwordFile = config.sops.secrets.restic-password.path; - paths = ["/var/lib/vaultwarden" "/var/lib/authelia" "/var/lib/forgejo"]; + paths = [ + "/var/lib/vaultwarden" + "/var/lib/authelia" + "/var/lib/forgejo" + ]; }; tailscale = { @@ -76,7 +81,7 @@ i18n.defaultLocale = "en_US.UTF-8"; - networking.firewall.allowedTCPPorts = [22]; + networking.firewall.allowedTCPPorts = [ 22 ]; system.stateVersion = "24.11"; } diff --git a/machines/lebesgue/config/hardware-configuration.nix b/machines/lebesgue/config/hardware-configuration.nix index ccaa0e2..6f2dd93 100644 --- a/machines/lebesgue/config/hardware-configuration.nix +++ b/machines/lebesgue/config/hardware-configuration.nix @@ -4,18 +4,25 @@ pkgs, modulesPath, ... -}: { +}: +{ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; services.qemuGuest.enable = true; - boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; - boot.supportedFilesystems = ["btrfs"]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "sr_mod" + "virtio_blk" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + boot.supportedFilesystems = [ "btrfs" ]; boot.initrd.postDeviceCommands = lib.mkAfter '' mkdir /btrfs_tmp @@ -45,30 +52,54 @@ fileSystems."/" = { device = "/dev/disk/by-label/NIXROOT"; fsType = "btrfs"; - options = ["subvol=root" "defaults" "noatime" "compress=zstd:1" "discard=async" "nodatacow"]; + options = [ + "subvol=root" + "defaults" + "noatime" + "compress=zstd:1" + "discard=async" + "nodatacow" + ]; }; fileSystems."/nix" = { device = "/dev/disk/by-label/NIXROOT"; fsType = "btrfs"; neededForBoot = true; - options = ["subvol=nix" "defaults" "noatime" "compress=zstd:3" "discard=async" "nodatacow"]; + options = [ + "subvol=nix" + "defaults" + "noatime" + "compress=zstd:3" + "discard=async" + "nodatacow" + ]; }; fileSystems."/persist" = { device = "/dev/disk/by-label/NIXROOT"; fsType = "btrfs"; neededForBoot = true; - options = ["subvol=persist" "defaults" "noatime" "compress=zstd:1" "discard=async" "nodatacow"]; + options = [ + "subvol=persist" + "defaults" + "noatime" + "compress=zstd:1" + "discard=async" + "nodatacow" + ]; }; fileSystems."/boot" = { device = "/dev/disk/by-label/NIXBOOT"; fsType = "vfat"; - options = ["fmask=0077" "dmask=0077"]; + options = [ + "fmask=0077" + "dmask=0077" + ]; }; - swapDevices = []; + swapDevices = [ ]; networking.useDHCP = lib.mkDefault true; diff --git a/machines/lebesgue/config/routing.nix b/machines/lebesgue/config/routing.nix index 068b5d3..90c5887 100644 --- a/machines/lebesgue/config/routing.nix +++ b/machines/lebesgue/config/routing.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ foehammer.caddy.enable = true; services.caddy = { diff --git a/machines/lebesgue/config/secrets.nix b/machines/lebesgue/config/secrets.nix index 695c2b8..efe5b3f 100644 --- a/machines/lebesgue/config/secrets.nix +++ b/machines/lebesgue/config/secrets.nix @@ -1,31 +1,40 @@ -{...}: { +{ ... }: +{ sops = { defaultSopsFile = ../secrets/main.yaml; - secrets = let - autheliaSecret = { - owner = "authelia-main"; - sopsFile = ../secrets/authelia/secrets.yaml; + secrets = + let + autheliaSecret = { + owner = "authelia-main"; + sopsFile = ../secrets/authelia/secrets.yaml; + }; + in + { + admin-password.neededForUsers = true; + + tskey = { }; + + vaultwarden-env = { }; + + restic-env = { + owner = "restic"; + }; + restic-password = { + owner = "restic"; + }; + restic-repository = { + owner = "restic"; + }; + + lldap-admin-password.owner = "lldap"; + + authelia-jwtsecret = autheliaSecret; + authelia-oidc-privkey = autheliaSecret; + authelia-oidc-hmac = autheliaSecret; + authelia-session-secret = autheliaSecret; + authelia-storage-encryption = autheliaSecret; + authelia-lldap-password = autheliaSecret; }; - in { - admin-password.neededForUsers = true; - - tskey = {}; - - vaultwarden-env = {}; - - restic-env = {owner = "restic";}; - restic-password = {owner = "restic";}; - restic-repository = {owner = "restic";}; - - lldap-admin-password.owner = "lldap"; - - authelia-jwtsecret = autheliaSecret; - authelia-oidc-privkey = autheliaSecret; - authelia-oidc-hmac = autheliaSecret; - authelia-session-secret = autheliaSecret; - authelia-storage-encryption = autheliaSecret; - authelia-lldap-password = autheliaSecret; - }; }; } diff --git a/machines/lebesgue/config/state.nix b/machines/lebesgue/config/state.nix index 165e375..c456e56 100644 --- a/machines/lebesgue/config/state.nix +++ b/machines/lebesgue/config/state.nix @@ -1,5 +1,6 @@ -{config, ...}: { - sops.age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; +{ config, ... }: +{ + sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; environment.persistence."/persist" = { directories = [ @@ -14,7 +15,12 @@ "/var/lib/caddy/.local/share/caddy" "/var/lib/vaultwarden" - { directory = "/var/lib/lldap"; user = "lldap"; group = "lldap"; mode = "0700"; } + { + directory = "/var/lib/lldap"; + user = "lldap"; + group = "lldap"; + mode = "0700"; + } ]; files = [ diff --git a/machines/lebesgue/flake.nix b/machines/lebesgue/flake.nix index 9c6748f..8db4701 100644 --- a/machines/lebesgue/flake.nix +++ b/machines/lebesgue/flake.nix @@ -12,31 +12,48 @@ url = "github:nix-community/impermanence"; }; }; - outputs = inputs @ {common, ...}: let - supportedSystems = ["x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin"]; - forAllSystems = inputs.nixpkgs.lib.genAttrs supportedSystems; - buildNixpkgs = system: - import inputs.nixpkgs { - inherit system; - overlays = []; - }; - in { - nixosConfigurations.default = let - config = common.lib.utils.findNixFiles ./config; - modules = [ - inputs.sops-nix.nixosModules.sops - inputs.common.nixosModules.default - inputs.impermanence.nixosModules.impermanence + outputs = + inputs@{ common, ... }: + let + supportedSystems = [ + "x86_64-linux" + "aarch64-linux" + "x86_64-darwin" + "aarch64-darwin" ]; + forAllSystems = inputs.nixpkgs.lib.genAttrs supportedSystems; + buildNixpkgs = + system: + import inputs.nixpkgs { + inherit system; + overlays = [ ]; + }; in - common.lib.mkSystem "lebesgue" "x86_64-linux" (config ++ modules); + { + nixosConfigurations.default = + let + config = common.lib.utils.findNixFiles ./config; + modules = [ + inputs.sops-nix.nixosModules.sops + inputs.common.nixosModules.default + inputs.impermanence.nixosModules.impermanence + ]; + in + common.lib.mkSystem "lebesgue" "x86_64-linux" (config ++ modules); - devShells = forAllSystems (system: let - pkgs = buildNixpkgs system; - in { - default = pkgs.mkShell { - buildInputs = with pkgs; [sops nixos-rebuild]; - }; - }); - }; + devShells = forAllSystems ( + system: + let + pkgs = buildNixpkgs system; + in + { + default = pkgs.mkShell { + buildInputs = with pkgs; [ + sops + nixos-rebuild + ]; + }; + } + ); + }; }