diff options
30 files changed, 382 insertions, 200 deletions
diff --git a/flake.nix b/flake.nix index b65a7dd..b71d627 100644 --- a/flake.nix +++ b/flake.nix @@ -38,24 +38,40 @@ }; # Output config, or config for NixOS system - outputs = { self, nixpkgs, darwin, flake-utils, pre-commit-hooks, devshell - , treefmt-nix, agenix, ... }@inputs: - flake-utils.lib.eachDefaultSystem (system: + outputs = + { + self, + nixpkgs, + darwin, + flake-utils, + pre-commit-hooks, + devshell, + treefmt-nix, + agenix, + ... + }@inputs: + flake-utils.lib.eachDefaultSystem ( + system: let pkgs = import nixpkgs { inherit system; overlays = [ devshell.overlays.default ]; }; - treefmt = (treefmt-nix.lib.mkWrapper pkgs { - projectRootFile = "flake.nix"; - programs = { nixfmt-classic.enable = true; }; - settings.formatter.deadnix = { - command = "${pkgs.deadnix}/bin/deadnix"; - options = [ "--edit" ]; - includes = [ "*.nix" ]; - }; - }); - in { + treefmt = ( + treefmt-nix.lib.mkWrapper pkgs { + projectRootFile = "flake.nix"; + programs = { + nixfmt.enable = true; + }; + settings.formatter.deadnix = { + command = "${pkgs.deadnix}/bin/deadnix"; + options = [ "--edit" ]; + includes = [ "*.nix" ]; + }; + } + ); + in + { checks = { pre-commit-check = pre-commit-hooks.lib.${system}.run { src = ./.; @@ -80,49 +96,55 @@ treefmt inputs.agenix.packages."${system}".default ]; - devshell.startup.pre-commit.text = - self.checks.${system}.pre-commit-check.shellHook; - env = [{ - name = "DEVSHELL_NO_MOTD"; - value = "1"; - }]; + devshell.startup.pre-commit.text = self.checks.${system}.pre-commit-check.shellHook; + env = [ + { + name = "DEVSHELL_NO_MOTD"; + value = "1"; + } + ]; }; - }) // (flake-utils.lib.eachDefaultSystemPassThrough (system: - let - mkSystem = import ./nix/lib/mkSystem.nix { inherit nixpkgs inputs; }; - in { - - # a VM running on the MacBook Air - nixosConfigurations.vm-aarch64 = mkSystem "vm-aarch64" { - system = "aarch64-linux"; - user = "fcuny"; - }; + } + ) + // (flake-utils.lib.eachDefaultSystemPassThrough ( + system: + let + mkSystem = import ./nix/lib/mkSystem.nix { inherit nixpkgs inputs; }; + in + { + + # a VM running on the MacBook Air + nixosConfigurations.vm-aarch64 = mkSystem "vm-aarch64" { + system = "aarch64-linux"; + user = "fcuny"; + }; - # a VM running on the synology DS923+ - nixosConfigurations.vm-synology = mkSystem "vm-synology" { - system = "x86_64-linux"; - user = "fcuny"; - }; + # a VM running on the synology DS923+ + nixosConfigurations.vm-synology = mkSystem "vm-synology" { + system = "x86_64-linux"; + user = "fcuny"; + }; - # a VM running on hetzner cloud - nixosConfigurations.vm-hetzner = mkSystem "vm-hetzner" { - system = "x86_64-linux"; - user = "fcuny"; - }; + # a VM running on hetzner cloud + nixosConfigurations.vm-hetzner = mkSystem "vm-hetzner" { + system = "x86_64-linux"; + user = "fcuny"; + }; - # my personal MacBook Air - darwinConfigurations.mba-m2 = mkSystem "mba-m2" { - system = "aarch64-darwin"; - user = "fcuny"; - darwin = true; - }; + # my personal MacBook Air + darwinConfigurations.mba-m2 = mkSystem "mba-m2" { + system = "aarch64-darwin"; + user = "fcuny"; + darwin = true; + }; - # my work MacBook Pro - darwinConfigurations.hq-c02fk3q7md6t = mkSystem "hq-c02fk3q7md6t" { - system = "x86_64-darwin"; - user = "fcuny"; - darwin = true; - }; - })); + # my work MacBook Pro + darwinConfigurations.hq-c02fk3q7md6t = mkSystem "hq-c02fk3q7md6t" { + system = "x86_64-darwin"; + user = "fcuny"; + darwin = true; + }; + } + )); } diff --git a/nix/lib/mkSystem.nix b/nix/lib/mkSystem.nix index c9c8074..b54a4f4 100644 --- a/nix/lib/mkSystem.nix +++ b/nix/lib/mkSystem.nix @@ -3,7 +3,11 @@ { nixpkgs, inputs }: name: -{ system, user, darwin ? false, }: +{ + system, + user, + darwin ? false, +}: let # The config files for this system. @@ -12,13 +16,11 @@ let userHMConfig = ../users/${user}/home-manager.nix; # NixOS vs nix-darwin functionst - systemFunc = - if darwin then inputs.darwin.lib.darwinSystem else nixpkgs.lib.nixosSystem; - home-manager = if darwin then - inputs.home-manager.darwinModules - else - inputs.home-manager.nixosModules; -in systemFunc rec { + systemFunc = if darwin then inputs.darwin.lib.darwinSystem else nixpkgs.lib.nixosSystem; + home-manager = + if darwin then inputs.home-manager.darwinModules else inputs.home-manager.nixosModules; +in +systemFunc rec { inherit system; modules = [ diff --git a/nix/lib/overlays.nix b/nix/lib/overlays.nix index 531c725..7b338c6 100644 --- a/nix/lib/overlays.nix +++ b/nix/lib/overlays.nix @@ -1,5 +1,9 @@ -let path = ../../overlays; -in with builtins; -map (n: import (path + ("/" + n))) (filter (n: - match ".*\\.nix" n != null || pathExists (path + ("/" + n + "/default.nix"))) - (attrNames (readDir path))) +let + path = ../../overlays; +in +with builtins; +map (n: import (path + ("/" + n))) ( + filter (n: match ".*\\.nix" n != null || pathExists (path + ("/" + n + "/default.nix"))) ( + attrNames (readDir path) + ) +) diff --git a/nix/machines/darwin-shared.nix b/nix/machines/darwin-shared.nix index 344ff00..b56670d 100644 --- a/nix/machines/darwin-shared.nix +++ b/nix/machines/darwin-shared.nix @@ -1,9 +1,16 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ nix = { package = pkgs.nixVersions.stable; settings = { - trusted-users = [ "@admin" "fcuny" ]; - experimental-features = [ "nix-command" "flakes" ]; + trusted-users = [ + "@admin" + "fcuny" + ]; + experimental-features = [ + "nix-command" + "flakes" + ]; }; }; @@ -58,7 +65,10 @@ ''; # Required for homebrew on aarch64 - environment.systemPath = [ "/opt/homebrew/bin" "/opt/homebrew/sbin" ]; + environment.systemPath = [ + "/opt/homebrew/bin" + "/opt/homebrew/sbin" + ]; homebrew = { enable = true; diff --git a/nix/machines/hq-c02fk3q7md6t/default.nix b/nix/machines/hq-c02fk3q7md6t/default.nix index 001f3d5..5910d09 100644 --- a/nix/machines/hq-c02fk3q7md6t/default.nix +++ b/nix/machines/hq-c02fk3q7md6t/default.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ imports = [ ../darwin-shared.nix ]; system.stateVersion = 5; diff --git a/nix/machines/mba-m2/default.nix b/nix/machines/mba-m2/default.nix index 72a4e8b..04c5780 100644 --- a/nix/machines/mba-m2/default.nix +++ b/nix/machines/mba-m2/default.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ imports = [ ../darwin-shared.nix ]; system.stateVersion = 5; diff --git a/nix/machines/vm-aarch64/default.nix b/nix/machines/vm-aarch64/default.nix index b1444cc..86382af 100644 --- a/nix/machines/vm-aarch64/default.nix +++ b/nix/machines/vm-aarch64/default.nix @@ -1,5 +1,9 @@ -{ ... }: { - imports = [ ./hardware.nix ../vm-shared.nix ]; +{ ... }: +{ + imports = [ + ./hardware.nix + ../vm-shared.nix + ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; diff --git a/nix/machines/vm-aarch64/hardware.nix b/nix/machines/vm-aarch64/hardware.nix index 084cc74..67dc249 100644 --- a/nix/machines/vm-aarch64/hardware.nix +++ b/nix/machines/vm-aarch64/hardware.nix @@ -1,10 +1,14 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ lib, modulesPath, ... }: { +{ lib, modulesPath, ... }: +{ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "sr_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; @@ -17,7 +21,10 @@ fileSystems."/boot" = { device = "/dev/disk/by-label/boot"; fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; + options = [ + "fmask=0022" + "dmask=0022" + ]; }; swapDevices = [ ]; diff --git a/nix/machines/vm-hetzner/default.nix b/nix/machines/vm-hetzner/default.nix index 889b00d..c7ab4c8 100644 --- a/nix/machines/vm-hetzner/default.nix +++ b/nix/machines/vm-hetzner/default.nix @@ -1,5 +1,9 @@ -{ pkgs, lib, ... }: { - imports = [ ./hardware.nix ../vm-shared.nix ]; +{ pkgs, lib, ... }: +{ + imports = [ + ./hardware.nix + ../vm-shared.nix + ]; boot.tmp.cleanOnBoot = true; zramSwap.enable = true; @@ -14,8 +18,11 @@ # This file was populated at runtime with the networking # details gathered from the active system. networking = { - nameservers = - [ "2a01:4ff:ff00::add:2" "2a01:4ff:ff00::add:1" "185.12.64.1" ]; + nameservers = [ + "2a01:4ff:ff00::add:2" + "2a01:4ff:ff00::add:1" + "185.12.64.1" + ]; defaultGateway = "172.31.1.1"; defaultGateway6 = { address = "fe80::1"; @@ -25,10 +32,12 @@ usePredictableInterfaceNames = lib.mkForce false; interfaces = { eth0 = { - ipv4.addresses = [{ - address = "5.78.87.68"; - prefixLength = 32; - }]; + ipv4.addresses = [ + { + address = "5.78.87.68"; + prefixLength = 32; + } + ]; ipv6.addresses = [ { address = "2a01:4ff:1f0:d1a3::1"; @@ -39,14 +48,18 @@ prefixLength = 64; } ]; - ipv4.routes = [{ - address = "172.31.1.1"; - prefixLength = 32; - }]; - ipv6.routes = [{ - address = "fe80::1"; - prefixLength = 128; - }]; + ipv4.routes = [ + { + address = "172.31.1.1"; + prefixLength = 32; + } + ]; + ipv6.routes = [ + { + address = "fe80::1"; + prefixLength = 128; + } + ]; }; }; @@ -73,8 +86,7 @@ # TODO(fcuny): I could create the configuration file to set the default branch services.gitolite = { enable = true; - adminPubkey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"; + adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"; user = "git"; group = "git"; extraGitoliteRc = '' @@ -102,10 +114,8 @@ readme = ":README.md"; project-list = "/var/lib/gitolite/projects.list"; about-filter = "${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh"; - source-filter = - "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py"; - clone-url = - (lib.concatStringsSep " " [ "https://git.fcuny.net/$CGIT_REPO_URL" ]); + source-filter = "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py"; + clone-url = (lib.concatStringsSep " " [ "https://git.fcuny.net/$CGIT_REPO_URL" ]); enable-log-filecount = 1; enable-log-linecount = 1; enable-git-config = 1; @@ -129,7 +139,9 @@ virtualisation.oci-containers.containers.excalidraw = { autoStart = true; image = "excalidraw/excalidraw:latest"; - environment = { TZ = "America/Los_Angeles"; }; + environment = { + TZ = "America/Los_Angeles"; + }; ports = [ "127.0.0.1:3030:80" ]; extraOptions = [ "--pull=always" ]; }; @@ -151,7 +163,9 @@ forceSSL = true; enableACME = true; locations = { - "/" = { root = "/srv/www/fcuny.net"; }; + "/" = { + root = "/srv/www/fcuny.net"; + }; "/.well-known/acme-challenge" = { root = "/var/lib/acme/acme-challenges"; }; @@ -190,8 +204,13 @@ "/var/lib/gitolite/.ssh" "/var/lib/gitolite/.viminfo" ]; - extraBackupArgs = [ "--exclude-caches" "--compression=max" ]; - timerConfig = { OnCalendar = "*:0/30"; }; + extraBackupArgs = [ + "--exclude-caches" + "--compression=max" + ]; + timerConfig = { + OnCalendar = "*:0/30"; + }; pruneOpts = [ "--keep-hourly 36" "--keep-daily 7" diff --git a/nix/machines/vm-hetzner/hardware.nix b/nix/machines/vm-hetzner/hardware.nix index 89a92a9..351c991 100644 --- a/nix/machines/vm-hetzner/hardware.nix +++ b/nix/machines/vm-hetzner/hardware.nix @@ -1,8 +1,13 @@ -{ modulesPath, ... }: { +{ modulesPath, ... }: +{ imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = - [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "xen_blkfront" + "vmw_pvscsi" + ]; boot.loader.grub = { enable = true; diff --git a/nix/machines/vm-shared.nix b/nix/machines/vm-shared.nix index 01dbaac..7586987 100644 --- a/nix/machines/vm-shared.nix +++ b/nix/machines/vm-shared.nix @@ -1,11 +1,18 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ boot.kernelPackages = pkgs.linuxPackages_latest; nix = { package = pkgs.nixVersions.latest; settings = { - trusted-users = [ "@admin" "fcuny" ]; - experimental-features = [ "nix-command" "flakes" ]; + trusted-users = [ + "@admin" + "fcuny" + ]; + experimental-features = [ + "nix-command" + "flakes" + ]; }; }; @@ -18,14 +25,21 @@ virtualisation.docker.enable = true; # Select internationalisation properties. - i18n = { defaultLocale = "en_US.UTF-8"; }; + i18n = { + defaultLocale = "en_US.UTF-8"; + }; # Define a user account. Don't forget to set a password with ‘passwd’. users.mutableUsers = false; # List packages installed in system profile. To search, run: # $ nix search wget - environment.systemPackages = with pkgs; [ curl git vim jq ]; + environment.systemPackages = with pkgs; [ + curl + git + vim + jq + ]; # Enable the OpenSSH daemon. services.openssh.enable = true; diff --git a/nix/machines/vm-synology/ddns.nix b/nix/machines/vm-synology/ddns.nix index df59793..837bfa7 100644 --- a/nix/machines/vm-synology/ddns.nix +++ b/nix/machines/vm-synology/ddns.nix @@ -1,4 +1,5 @@ -{ ... }: { +{ ... }: +{ age.secrets.ddns-updater = { file = ../../../secrets/ddns-updater.age; owner = "root"; @@ -16,6 +17,5 @@ }; # https://systemd.io/CREDENTIALS/ - systemd.services.ddns-updater.serviceConfig.LoadCredential = - "config.json:/run/agenix/ddns-updater"; + systemd.services.ddns-updater.serviceConfig.LoadCredential = "config.json:/run/agenix/ddns-updater"; } diff --git a/nix/machines/vm-synology/default.nix b/nix/machines/vm-synology/default.nix index 68952c6..8e8dfc5 100644 --- a/nix/machines/vm-synology/default.nix +++ b/nix/machines/vm-synology/default.nix @@ -1,5 +1,12 @@ -{ ... }: { - imports = [ ./hardware.nix ../vm-shared.nix ./ddns.nix ./web.nix ./git.nix ]; +{ ... }: +{ + imports = [ + ./hardware.nix + ../vm-shared.nix + ./ddns.nix + ./web.nix + ./git.nix + ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; diff --git a/nix/machines/vm-synology/git.nix b/nix/machines/vm-synology/git.nix index 698f375..1e6a9e6 100644 --- a/nix/machines/vm-synology/git.nix +++ b/nix/machines/vm-synology/git.nix @@ -1,10 +1,10 @@ -{ pkgs, lib, ... }: { +{ pkgs, lib, ... }: +{ # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/services/misc/gitolite.nix services.gitolite = { enable = true; - adminPubkey = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"; + adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"; user = "git"; group = "git"; extraGitoliteRc = '' @@ -19,12 +19,10 @@ # let's make sure the default branch is `main'. systemd.tmpfiles.rules = [ - "C /var/lib/gitolite/.gitconfig - git git 0644 ${ - pkgs.writeText "gitolite-gitconfig" '' - [init] - defaultBranch = main - '' - }" + "C /var/lib/gitolite/.gitconfig - git git 0644 ${pkgs.writeText "gitolite-gitconfig" '' + [init] + defaultBranch = main + ''}" ]; services.cgit.main = { @@ -43,10 +41,8 @@ readme = ":README.md"; project-list = "/var/lib/gitolite/projects.list"; about-filter = "${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh"; - source-filter = - "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py"; - clone-url = - (lib.concatStringsSep " " [ "https://git.fcuny.net/$CGIT_REPO_URL" ]); + source-filter = "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py"; + clone-url = (lib.concatStringsSep " " [ "https://git.fcuny.net/$CGIT_REPO_URL" ]); enable-log-filecount = 1; enable-log-linecount = 1; enable-git-config = 1; @@ -88,8 +84,17 @@ "/var/lib/gitolite/.ssh" "/var/lib/gitolite/.viminfo" ]; - extraBackupArgs = [ "--exclude-caches" "--compression=max" ]; - timerConfig = { OnCalendar = "daily"; }; - pruneOpts = [ "--keep-daily 7" "--keep-weekly 4" "--keep-monthly 3" ]; + extraBackupArgs = [ + "--exclude-caches" + "--compression=max" + ]; + timerConfig = { + OnCalendar = "daily"; + }; + pruneOpts = [ + "--keep-daily 7" + "--keep-weekly 4" + "--keep-monthly 3" + ]; }; } diff --git a/nix/machines/vm-synology/hardware.nix b/nix/machines/vm-synology/hardware.nix index 5511e98..cd1d5e7 100644 --- a/nix/machines/vm-synology/hardware.nix +++ b/nix/machines/vm-synology/hardware.nix @@ -6,8 +6,14 @@ { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = - [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-amd" ]; boot.extraModulePackages = [ ]; @@ -20,7 +26,10 @@ fileSystems."/boot" = { device = "/dev/disk/by-label/boot"; fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; + options = [ + "fmask=0022" + "dmask=0022" + ]; }; swapDevices = [ ]; diff --git a/nix/machines/vm-synology/web.nix b/nix/machines/vm-synology/web.nix index f9c34cc..03fe831 100644 --- a/nix/machines/vm-synology/web.nix +++ b/nix/machines/vm-synology/web.nix @@ -1,9 +1,12 @@ -{ ... }: { +{ ... }: +{ # container for excalidraw virtualisation.oci-containers.containers.excalidraw = { autoStart = true; image = "excalidraw/excalidraw:latest"; - environment = { TZ = "America/Los_Angeles"; }; + environment = { + TZ = "America/Los_Angeles"; + }; ports = [ "127.0.0.1:3030:80" ]; extraOptions = [ "--pull=always" ]; }; @@ -30,7 +33,9 @@ forceSSL = true; enableACME = true; locations = { - "/" = { root = "/srv/www/fcuny.net"; }; + "/" = { + root = "/srv/www/fcuny.net"; + }; "/.well-known/acme-challenge" = { root = "/var/lib/acme/acme-challenges"; }; diff --git a/nix/users/fcuny/1password.nix b/nix/users/fcuny/1password.nix index fd1dfbe..bf8133f 100644 --- a/nix/users/fcuny/1password.nix +++ b/nix/users/fcuny/1password.nix @@ -1,11 +1,13 @@ { config, ... }: let home = config.home.homeDirectory; - darwinSockPath = - "${home}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"; + darwinSockPath = "${home}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"; sockPath = ".1password/agent.sock"; -in { - home.sessionVariables = { SSH_AUTH_SOCK = "${home}/${sockPath}"; }; +in +{ + home.sessionVariables = { + SSH_AUTH_SOCK = "${home}/${sockPath}"; + }; home.file.sock = { source = config.lib.file.mkOutOfStoreSymlink darwinSockPath; @@ -18,7 +20,9 @@ in { ''; }; - programs.ssh = { extraConfig = "IdentityAgent ~/${sockPath}"; }; + programs.ssh = { + extraConfig = "IdentityAgent ~/${sockPath}"; + }; # Generate ssh agent config for 1Password # I want both my personal and work keys diff --git a/nix/users/fcuny/darwin.nix b/nix/users/fcuny/darwin.nix index b882bc5..1291031 100644 --- a/nix/users/fcuny/darwin.nix +++ b/nix/users/fcuny/darwin.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ nixpkgs.overlays = import ../../../nix/lib/overlays.nix; # The user should already exist, but we need to set this up so Nix knows diff --git a/nix/users/fcuny/git.nix b/nix/users/fcuny/git.nix index c89454b..9f7023a 100644 --- a/nix/users/fcuny/git.nix +++ b/nix/users/fcuny/git.nix @@ -1,4 +1,5 @@ -{ lib, pkgs, ... }: { +{ lib, pkgs, ... }: +{ home.packages = with pkgs; [ gitAndTools.pre-commit git-credential-manager @@ -10,7 +11,9 @@ userName = "Franck Cuny"; userEmail = "franck@fcuny.net"; - aliases = { amend = "commit --amend"; }; + aliases = { + amend = "commit --amend"; + }; # https://stackoverflow.com/questions/74012449/git-includeif-hasconfigremote-url-not-working # to test it's working as expected: @@ -19,17 +22,18 @@ includes = [ { condition = "hasconfig:remote.*.url:git@github.rbx.com:*/**"; - path = pkgs.writeText "username.cfg" - (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); + path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); } { condition = "hasconfig:remote.*.url:git@github.com:Roblox/**"; - path = pkgs.writeText "username.cfg" - (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); + path = pkgs.writeText "username.cfg" (lib.generators.toGitINI { user.email = "fcuny@roblox.com"; }); } ]; - ignores = [ ".envrc" ".direnv" ]; + ignores = [ + ".envrc" + ".direnv" + ]; extraConfig = { core.whitespace = "trailing-space,space-before-tab"; diff --git a/nix/users/fcuny/go.nix b/nix/users/fcuny/go.nix index b52f89e..401abe3 100644 --- a/nix/users/fcuny/go.nix +++ b/nix/users/fcuny/go.nix @@ -1,11 +1,21 @@ -{ config, pkgs, ... }: { - home.packages = with pkgs; [ go-tools golangci-lint gopls delve ]; +{ config, pkgs, ... }: +{ + home.packages = with pkgs; [ + go-tools + golangci-lint + gopls + delve + ]; programs.go = { enable = true; goPath = ".local/share/pkg.go"; goBin = ".local/bin.go"; - goPrivate = [ "github.rbx.com/*" "github.com/fcuny/*" "git.fcuny.net/*" ]; + goPrivate = [ + "github.rbx.com/*" + "github.com/fcuny/*" + "git.fcuny.net/*" + ]; }; home.sessionPath = [ config.home.sessionVariables.GOBIN ]; diff --git a/nix/users/fcuny/home-manager.nix b/nix/users/fcuny/home-manager.nix index e975c37..e450c24 100644 --- a/nix/users/fcuny/home-manager.nix +++ b/nix/users/fcuny/home-manager.nix @@ -1,26 +1,34 @@ { darwin, systemName, ... }: -{ lib, pkgs, ... }: { +{ lib, pkgs, ... }: +{ home.stateVersion = "23.05"; xdg.enable = true; - imports = [ ./shell.nix ./ssh.nix ./git.nix ] - ++ lib.optionals darwin [ ./1password.nix ./go.nix ] + imports = + [ + ./shell.nix + ./ssh.nix + ./git.nix + ] + ++ lib.optionals darwin [ + ./1password.nix + ./go.nix + ] ++ lib.optionals (systemName == "hq-c02fk3q7md6t") [ ./work.nix ]; - home.packages = with pkgs; + home.packages = + with pkgs; [ # encryption age - # nix nil # nix lsp - nix-direnv - nixd - nixfmt-classic - nixpkgs-fmt - ] ++ (lib.optionals (darwin) [ + nix-direnv # integration with direnv + nixfmt-rfc-style # new formatter + ] + ++ (lib.optionals (darwin) [ # media mpv ffmpeg diff --git a/nix/users/fcuny/k8s.nix b/nix/users/fcuny/k8s.nix index 88a7350..cbc04ef 100644 --- a/nix/users/fcuny/k8s.nix +++ b/nix/users/fcuny/k8s.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ home.packages = with pkgs; [ kind # k8s in docker kubebuilder # generate controller @@ -31,8 +32,7 @@ klogs = "kubectl logs"; }; shellAliases = { - ukctx = - "${pkgs.gh}/bin/gh api --hostname github.rbx.com repos/Roblox/cell-lifecycle/contents/rks/kubeconfig --jq '.content' | base64 -d > ~/.kube/rksconfig"; + ukctx = "${pkgs.gh}/bin/gh api --hostname github.rbx.com repos/Roblox/cell-lifecycle/contents/rks/kubeconfig --jq '.content' | base64 -d > ~/.kube/rksconfig"; }; }; } diff --git a/nix/users/fcuny/nixos.nix b/nix/users/fcuny/nixos.nix index 4cc80bd..a6c302f 100644 --- a/nix/users/fcuny/nixos.nix +++ b/nix/users/fcuny/nixos.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ # add ~/.local/bin to PATH environment.localBinInPath = true; @@ -8,10 +9,13 @@ users.users.fcuny = { isNormalUser = true; home = "/home/fcuny"; - extraGroups = [ "docker" "wheel" "podman" ]; + extraGroups = [ + "docker" + "wheel" + "podman" + ]; shell = pkgs.fish; - hashedPassword = - "$6$U4GoqhuHgdr.h0JP$C/BKslQfOpPJ5lUzrTeQh6i859R/jEKYSF9MaRhWYo5VG6aCDKsvb5xKSifH4nQt6okJixG9ceFh..Mnt93Jt/"; + hashedPassword = "$6$U4GoqhuHgdr.h0JP$C/BKslQfOpPJ5lUzrTeQh6i859R/jEKYSF9MaRhWYo5VG6aCDKsvb5xKSifH4nQt6okJixG9ceFh..Mnt93Jt/"; openssh.authorizedKeys.keys = [ # key `nixos` in 1password "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" diff --git a/nix/users/fcuny/shell.nix b/nix/users/fcuny/shell.nix index d95c74d..e690437 100644 --- a/nix/users/fcuny/shell.nix +++ b/nix/users/fcuny/shell.nix @@ -1,7 +1,10 @@ { config, pkgs, ... }: -let isLinux = pkgs.stdenv.isLinux; -in { - home.packages = with pkgs; +let + isLinux = pkgs.stdenv.isLinux; +in +{ + home.packages = + with pkgs; [ # shell shellcheck @@ -28,7 +31,8 @@ in { aspellDicts.en aspellDicts.en-computers aspellDicts.en-science - ] ++ (lib.optionals (isLinux) [ htop ]); + ] + ++ (lib.optionals (isLinux) [ htop ]); # https://github.com/nix-community/home-manager/blob/master/modules/programs/fish.nix programs.fish = { @@ -65,7 +69,10 @@ in { programs.fd = { enable = true; hidden = true; - ignores = [ ".git/" ".direnv/" ]; + ignores = [ + ".git/" + ".direnv/" + ]; }; programs.direnv = { diff --git a/nix/users/fcuny/ssh.nix b/nix/users/fcuny/ssh.nix index 2129650..004d44f 100644 --- a/nix/users/fcuny/ssh.nix +++ b/nix/users/fcuny/ssh.nix @@ -1,4 +1,5 @@ -{ ... }: { +{ ... }: +{ # https://github.com/nix-community/home-manager/blob/master/modules/programs/ssh.nix programs.ssh = { enable = true; @@ -12,26 +13,34 @@ hostname = "github.com"; user = "git"; forwardAgent = false; - extraOptions = { preferredAuthentications = "publickey"; }; + extraOptions = { + preferredAuthentications = "publickey"; + }; }; "github.rbx.com" = { hostname = "github.rbx.com"; user = "git"; forwardAgent = false; - extraOptions = { preferredAuthentications = "publickey"; }; + extraOptions = { + preferredAuthentications = "publickey"; + }; }; "git" = { hostname = "git.fcuny.net"; port = 422; user = "git"; forwardAgent = false; - extraOptions = { preferredAuthentications = "publickey"; }; + extraOptions = { + preferredAuthentications = "publickey"; + }; }; "home" = { hostname = "fcuny.net"; port = 422; user = "fcuny"; - extraOptions = { preferredAuthentications = "publickey"; }; + extraOptions = { + preferredAuthentications = "publickey"; + }; }; }; }; diff --git a/nix/users/fcuny/work.nix b/nix/users/fcuny/work.nix index 67d7bdb..04cf7dc 100644 --- a/nix/users/fcuny/work.nix +++ b/nix/users/fcuny/work.nix @@ -1,4 +1,5 @@ -{ pkgs, ... }: { +{ pkgs, ... }: +{ imports = [ ./k8s.nix ]; home.packages = with pkgs; [ @@ -16,8 +17,7 @@ programs.fish = { shellAbbrs = { - "ssh-sign-chi" = - "${pkgs.hashi}/bin/hashi -e chi1 sign --key=(op read 'op://employee/default rbx ssh key/public key'|psub) key"; + "ssh-sign-chi" = "${pkgs.hashi}/bin/hashi -e chi1 sign --key=(op read 'op://employee/default rbx ssh key/public key'|psub) key"; }; }; } diff --git a/packages/hashi/default.nix b/packages/hashi/default.nix index bfe01d5..97de12a 100644 --- a/packages/hashi/default.nix +++ b/packages/hashi/default.nix @@ -1,8 +1,13 @@ -{ stdenv, fetchurl, lib, ... }: +{ + stdenv, + fetchurl, + lib, + ... +}: let - url = - "https://artifactory.rbx.com:443/artifactory/generic-rbx-local/hashi/0.1.4/bin/hashi_darwin-amd64"; -in stdenv.mkDerivation rec { + url = "https://artifactory.rbx.com:443/artifactory/generic-rbx-local/hashi/0.1.4/bin/hashi_darwin-amd64"; +in +stdenv.mkDerivation rec { pname = "hashi"; version = "0.1.4"; src = fetchurl { diff --git a/packages/perf-flamegraph-pid/default.nix b/packages/perf-flamegraph-pid/default.nix index 0cd0a1b..9b3789b 100644 --- a/packages/perf-flamegraph-pid/default.nix +++ b/packages/perf-flamegraph-pid/default.nix @@ -1,12 +1,22 @@ -{ lib, stdenvNoCC, pkgs }: +{ + lib, + stdenvNoCC, + pkgs, +}: stdenvNoCC.mkDerivation rec { pname = "perf-flamegraph-pid"; src = ./perf-flamegraph-pid.sh; version = "0.1.0"; - nativeBuildInputs = with pkgs; [ flamegraph linuxPackages_latest.perf ]; - propagatedBuildInputs = with pkgs; [ flamegraph linuxPackages_latest.perf ]; + nativeBuildInputs = with pkgs; [ + flamegraph + linuxPackages_latest.perf + ]; + propagatedBuildInputs = with pkgs; [ + flamegraph + linuxPackages_latest.perf + ]; dontUnpack = true; dontBuild = true; diff --git a/packages/sapi/default.nix b/packages/sapi/default.nix index 66df5c0..8a7adbd 100644 --- a/packages/sapi/default.nix +++ b/packages/sapi/default.nix @@ -1,11 +1,15 @@ -{ stdenv, fetchurl, lib, ... }: +{ + stdenv, + fetchurl, + lib, + ... +}: stdenv.mkDerivation rec { pname = "sapi"; version = "1.2.4"; src = fetchurl { - url = - "https://artifactory.rbx.com:443/artifactory/generic-rbx-local/sapi-cli/darwin-amd64/v${version}/sapi"; + url = "https://artifactory.rbx.com:443/artifactory/generic-rbx-local/sapi-cli/darwin-amd64/v${version}/sapi"; sha256 = "sha256-Il/aqGzxtI84TdUAz4Fvw8RbAgGBZQPN3MZrOitrpVk="; }; @@ -25,4 +29,3 @@ stdenv.mkDerivation rec { platforms = [ "x86_64-darwin" ]; }; } - diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 98e8dd4..34439cd 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,10 +1,12 @@ let - fcuny = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"; + fcuny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"; users = [ fcuny ]; - vm-synology = - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHf5gXGbOjaoqdpCDnHjBMhikuM0smLKhUo7J83+by+K"; -in { - "restic-backups.age".publicKeys = [ fcuny vm-synology ]; + vm-synology = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHf5gXGbOjaoqdpCDnHjBMhikuM0smLKhUo7J83+by+K"; +in +{ + "restic-backups.age".publicKeys = [ + fcuny + vm-synology + ]; "ddns-updater.age".publicKeys = users ++ [ vm-synology ]; } |