Nixfmt Tree

2026-02-24 00:00:35 -08:00 · 2026-02-24 00:00:35 -08:00 · f173b9d236
commit f173b9d236
parent d6bcf1a468
23 changed files with 381 additions and 224 deletions
--- a/machines/lebesgue/config/configuration.nix
+++ b/machines/lebesgue/config/configuration.nix
@ -3,7 +3,8 @@
  lib,
  pkgs,
  ...
-}: {
+}:
+{
  foehammer = {
    users.admin = {
      enable = true;
@ -62,7 +63,11 @@
      environmentFile = config.sops.secrets.restic-env.path;
      passwordFile = config.sops.secrets.restic-password.path;

-      paths = ["/var/lib/vaultwarden" "/var/lib/authelia" "/var/lib/forgejo"];
+      paths = [
+        "/var/lib/vaultwarden"
+        "/var/lib/authelia"
+        "/var/lib/forgejo"
+      ];
    };

    tailscale = {
@ -76,7 +81,7 @@

  i18n.defaultLocale = "en_US.UTF-8";

-  networking.firewall.allowedTCPPorts = [22];
+  networking.firewall.allowedTCPPorts = [ 22 ];

  system.stateVersion = "24.11";
 }
--- a/machines/lebesgue/config/hardware-configuration.nix
+++ b/machines/lebesgue/config/hardware-configuration.nix
@ -4,18 +4,25 @@
  pkgs,
  modulesPath,
  ...
-}: {
+}:
+{
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];

  services.qemuGuest.enable = true;

-  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
-  boot.initrd.kernelModules = [];
-  boot.kernelModules = [];
-  boot.extraModulePackages = [];
-  boot.supportedFilesystems = ["btrfs"];
+  boot.initrd.availableKernelModules = [
+    "ata_piix"
+    "uhci_hcd"
+    "virtio_pci"
+    "sr_mod"
+    "virtio_blk"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+  boot.supportedFilesystems = [ "btrfs" ];

  boot.initrd.postDeviceCommands = lib.mkAfter ''
    mkdir /btrfs_tmp
@ -45,30 +52,54 @@
  fileSystems."/" = {
    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
-    options = ["subvol=root" "defaults" "noatime" "compress=zstd:1" "discard=async" "nodatacow"];
+    options = [
+      "subvol=root"
+      "defaults"
+      "noatime"
+      "compress=zstd:1"
+      "discard=async"
+      "nodatacow"
+    ];
  };

  fileSystems."/nix" = {
    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    neededForBoot = true;
-    options = ["subvol=nix" "defaults" "noatime" "compress=zstd:3" "discard=async" "nodatacow"];
+    options = [
+      "subvol=nix"
+      "defaults"
+      "noatime"
+      "compress=zstd:3"
+      "discard=async"
+      "nodatacow"
+    ];
  };

  fileSystems."/persist" = {
    device = "/dev/disk/by-label/NIXROOT";
    fsType = "btrfs";
    neededForBoot = true;
-    options = ["subvol=persist" "defaults" "noatime" "compress=zstd:1" "discard=async" "nodatacow"];
+    options = [
+      "subvol=persist"
+      "defaults"
+      "noatime"
+      "compress=zstd:1"
+      "discard=async"
+      "nodatacow"
+    ];
  };

  fileSystems."/boot" = {
    device = "/dev/disk/by-label/NIXBOOT";
    fsType = "vfat";
-    options = ["fmask=0077" "dmask=0077"];
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
  };

-  swapDevices = [];
+  swapDevices = [ ];

  networking.useDHCP = lib.mkDefault true;

--- a/machines/lebesgue/config/routing.nix
+++ b/machines/lebesgue/config/routing.nix
@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
+{
  foehammer.caddy.enable = true;

  services.caddy = {
--- a/machines/lebesgue/config/secrets.nix
+++ b/machines/lebesgue/config/secrets.nix
@ -1,31 +1,40 @@
-{...}: {
+{ ... }:
+{
  sops = {
    defaultSopsFile = ../secrets/main.yaml;

-    secrets = let
-      autheliaSecret = {
-        owner = "authelia-main";
-        sopsFile = ../secrets/authelia/secrets.yaml;
+    secrets =
+      let
+        autheliaSecret = {
+          owner = "authelia-main";
+          sopsFile = ../secrets/authelia/secrets.yaml;
+        };
+      in
+      {
+        admin-password.neededForUsers = true;
+
+        tskey = { };
+
+        vaultwarden-env = { };
+
+        restic-env = {
+          owner = "restic";
+        };
+        restic-password = {
+          owner = "restic";
+        };
+        restic-repository = {
+          owner = "restic";
+        };
+
+        lldap-admin-password.owner = "lldap";
+
+        authelia-jwtsecret = autheliaSecret;
+        authelia-oidc-privkey = autheliaSecret;
+        authelia-oidc-hmac = autheliaSecret;
+        authelia-session-secret = autheliaSecret;
+        authelia-storage-encryption = autheliaSecret;
+        authelia-lldap-password = autheliaSecret;
      };
-    in {
-      admin-password.neededForUsers = true;
-
-      tskey = {};
-
-      vaultwarden-env = {};
-
-      restic-env = {owner = "restic";};
-      restic-password = {owner = "restic";};
-      restic-repository = {owner = "restic";};
-
-      lldap-admin-password.owner = "lldap";
-
-      authelia-jwtsecret = autheliaSecret;
-      authelia-oidc-privkey = autheliaSecret;
-      authelia-oidc-hmac = autheliaSecret;
-      authelia-session-secret = autheliaSecret;
-      authelia-storage-encryption = autheliaSecret;
-      authelia-lldap-password = autheliaSecret;
-    };
  };
 }
--- a/machines/lebesgue/config/state.nix
+++ b/machines/lebesgue/config/state.nix
@ -1,5 +1,6 @@
-{config, ...}: {
-  sops.age.sshKeyPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
+{ config, ... }:
+{
+  sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];

  environment.persistence."/persist" = {
    directories = [
@ -14,7 +15,12 @@
      "/var/lib/caddy/.local/share/caddy"
      "/var/lib/vaultwarden"

-      { directory = "/var/lib/lldap"; user = "lldap"; group = "lldap"; mode = "0700"; }
+      {
+        directory = "/var/lib/lldap";
+        user = "lldap";
+        group = "lldap";
+        mode = "0700";
+      }
    ];

    files = [