diff --git a/config/default.nix b/config/default.nix index 20c53056..d107ff3a 100644 --- a/config/default.nix +++ b/config/default.nix @@ -1,4 +1,5 @@ -{nixos-config, ...}: { +{ nixos-config, ... }: +{ imports = [ "${nixos-config}/modules" "${nixos-config}/services/tailscale.nix" diff --git a/config/documentation.nix b/config/documentation.nix index 902ef60f..ae3f3c80 100644 --- a/config/documentation.nix +++ b/config/documentation.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ documentation.nixos.includeAllModules = true; documentation.nixos.options.warningsAreErrors = false; home-manager.users.darkkirb.manual = { diff --git a/config/graphical.nix b/config/graphical.nix index efdd3721..fa00160b 100644 --- a/config/graphical.nix +++ b/config/graphical.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ time.timeZone = "Etc/GMT-1"; isGraphical = true; imports = [ diff --git a/config/graphical/plymouth.nix b/config/graphical/plymouth.nix index 7c3e541f..74ea053e 100644 --- a/config/graphical/plymouth.nix +++ b/config/graphical/plymouth.nix @@ -1,6 +1,7 @@ # Unlike other modules in this directory, this one is not enabled by default # The default graphical configuration would enable this, the verbose configuration would not. -{config, ...}: { +{ config, ... }: +{ boot = { plymouth.enable = true; consoleLogLevel = 0; diff --git a/config/i18n.nix b/config/i18n.nix index b86426e9..d75f05a2 100644 --- a/config/i18n.nix +++ b/config/i18n.nix @@ -1,11 +1,12 @@ -{config, ...}: { +{ config, ... }: +{ console.keyMap = "neo"; i18n.extraLocaleSettings = { - LC_ADDRESS="de_DE.UTF-8"; - LC_MONETARY="de_DE.UTF-8"; - LC_NAME="de_DE.UTF-8"; - LC_PAPER="de_DE.UTF-8"; - LC_TELEPHONE="de_DE.UTF-8"; - LC_TIME="de_DE.UTF-8"; + LC_ADDRESS = "de_DE.UTF-8"; + LC_MONETARY = "de_DE.UTF-8"; + LC_NAME = "de_DE.UTF-8"; + LC_PAPER = "de_DE.UTF-8"; + LC_TELEPHONE = "de_DE.UTF-8"; + LC_TIME = "de_DE.UTF-8"; }; } diff --git a/config/kde/default.nix b/config/kde/default.nix index 020b1a8e..575bb833 100644 --- a/config/kde/default.nix +++ b/config/kde/default.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ services.xserver.enable = true; services.displayManager.sddm.enable = true; services.desktopManager.plasma6.enable = true; diff --git a/config/kde/home-manager.nix b/config/kde/home-manager.nix index ccde5fad..e7884abb 100644 --- a/config/kde/home-manager.nix +++ b/config/kde/home-manager.nix @@ -1,4 +1,5 @@ -{plasma-manager, ...}: { +{ plasma-manager, ... }: +{ programs.plasma.enable = true; programs.plasma.configFile.baloofilerc."Basic Settings"."Indexing-Enabled" = false; imports = [ diff --git a/config/kde/i18n.nix b/config/kde/i18n.nix index 4da40528..8d7c73fc 100644 --- a/config/kde/i18n.nix +++ b/config/kde/i18n.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ services.libinput.enable = true; services.xserver.xkb = { layout = "de"; diff --git a/config/kde/theming.nix b/config/kde/theming.nix index 75e1e398..1a587dc3 100644 --- a/config/kde/theming.nix +++ b/config/kde/theming.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ programs.plasma = { workspace.lookAndFeel = "org.kde.breezedark.desktop"; hotkeys.commands."launch-konsole" = { diff --git a/config/networkmanager.nix b/config/networkmanager.nix index 131abfe9..af4de78a 100644 --- a/config/networkmanager.nix +++ b/config/networkmanager.nix @@ -1,6 +1,7 @@ -{...}: { +{ ... }: +{ networking.networkmanager.enable = true; - users.users.darkkirb.extraGroups = ["networkmanager"]; + users.users.darkkirb.extraGroups = [ "networkmanager" ]; environment.persistence."/persistent".directories = [ "/var/lib/NetworkManager" "/etc/NetworkManager" diff --git a/config/systemd-boot.nix b/config/systemd-boot.nix index c72885fe..15b38426 100644 --- a/config/systemd-boot.nix +++ b/config/systemd-boot.nix @@ -1,6 +1,8 @@ -{system, ...}: let +{ system, ... }: +let isx86 = system == "x86_64-linux"; -in { +in +{ boot.loader.systemd-boot = { enable = true; memtest86.enable = isx86; diff --git a/containers/default-configuration.nix b/containers/default-configuration.nix index 0c2c6b3a..e1399577 100644 --- a/containers/default-configuration.nix +++ b/containers/default-configuration.nix @@ -1,4 +1,5 @@ -{system, ...}: { +{ system, ... }: +{ inherit system; config = import ./default.nix; autoStart = true; diff --git a/containers/default.nix b/containers/default.nix index 3d796d93..c9efd042 100644 --- a/containers/default.nix +++ b/containers/default.nix @@ -1,4 +1,5 @@ -{nixos-config, ...}: { +{ nixos-config, ... }: +{ imports = [ nixos-config.nixosModules.containers ]; diff --git a/default.nix b/default.nix index 2b625713..1d976a35 100644 --- a/default.nix +++ b/default.nix @@ -1,14 +1,11 @@ -( - import - ( - let - lock = builtins.fromJSON (builtins.readFile ./flake.lock); - in - fetchTarball { - url = lock.nodes.flake-compat.locked.url or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; - sha256 = lock.nodes.flake-compat.locked.narHash; - } - ) - {src = ./.;} -) -.defaultNix +(import ( + let + lock = builtins.fromJSON (builtins.readFile ./flake.lock); + in + fetchTarball { + url = + lock.nodes.flake-compat.locked.url + or "https://github.com/edolstra/flake-compat/archive/${lock.nodes.flake-compat.locked.rev}.tar.gz"; + sha256 = lock.nodes.flake-compat.locked.narHash; + } +) { src = ./.; }).defaultNix diff --git a/flake.nix b/flake.nix index 395f5850..2d159aac 100644 --- a/flake.nix +++ b/flake.nix @@ -78,134 +78,161 @@ }; }; - outputs = { - self, - nixpkgs, - ... - } @ inputs': let - inputs = - inputs' - // { + outputs = + { + self, + nixpkgs, + ... + }@inputs': + let + inputs = inputs' // { nixos-config = self; inherit inputs; inTester = false; pureInputs = inputs'; }; - pkgsFor = system: let - inputs' = - inputs - // { + pkgsFor = + system: + let + inputs' = inputs // { + inherit system; + inputs = inputs'; + }; + in + import nixpkgs { inherit system; - inputs = inputs'; - }; - in - import nixpkgs { - inherit system; - overlays = - [ - (_: _: - inputs' - // { - inputs = inputs'; - }) - ] - ++ ( - if system == "riscv64-linux" - then [ - inputs.riscv-overlay.overlays.default + overlays = + [ + ( + _: _: + inputs' + // { + inputs = inputs'; + } + ) ] - else [] + ++ ( + if system == "riscv64-linux" then + [ + inputs.riscv-overlay.overlays.default + ] + else + [ ] + ); + }; + in + { + checks.x86_64-linux = nixpkgs.lib.listToAttrs ( + map (testName: { + name = testName; + value = (pkgsFor "x86_64-linux").callPackage ./tests/${testName}.nix { }; + }) [ "containers-default" ] + ); + nixosModules = { + containers = import ./modules/containers/default.nix; + default = import ./modules/default.nix; + }; + nixosContainers = + with nixpkgs.lib; + let + containerNames = [ + "default" + ]; + containerArches = [ + "x86_64-linux" + "aarch64-linux" + "riscv64-linux" + ]; + containers = listToAttrs ( + flatten ( + map ( + system: + let + pkgs = pkgsFor system; + in + map (container: { + name = "container-${container}-${system}"; + value = pkgs.callPackage ./containers/${container}-configuration.nix { }; + }) containerNames + ) containerArches + ) ); + in + containers; + nixosConfigurations = + with nixpkgs.lib; + let + mkSystem = + args: + let + inputs' = inputs // { + inherit (args) system; + }; + in + nixosSystem ( + args + // { + specialArgs = args.specialArgs or { } // inputs'; + } + ); + systems' = { + not522 = { + config = ./machine/not522; + system = "riscv64-linux"; + }; + not522-installer = { + config = ./machine/not522/installer; + system = "riscv64-linux"; + }; + pc-installer = { + config = ./machine/pc-installer; + system = "x86_64-linux"; + }; + rainbow-resort = { + config = ./machine/rainbow-resort; + system = "x86_64-linux"; + }; + thinkrac = { + config = ./machine/thinkrac; + system = "x86_64-linux"; + }; + }; + containers = mapAttrs ( + _: container: + mkSystem { + inherit (container) system; + modules = [ + container.config + ]; + } + ) self.nixosContainers; + systems = mapAttrs ( + _: system: + mkSystem { + inherit (system) system; + modules = [ + system.config + ]; + } + ) systems'; + in + containers // systems; + hydraJobs = { + inherit (self) checks devShells; + nixosConfigurations = nixpkgs.lib.mapAttrs ( + _: v: v.config.system.build.toplevel + ) self.nixosConfigurations; }; - in { - checks.x86_64-linux = nixpkgs.lib.listToAttrs (map (testName: { - name = testName; - value = (pkgsFor "x86_64-linux").callPackage ./tests/${testName}.nix {}; - }) ["containers-default"]); - nixosModules = { - containers = import ./modules/containers/default.nix; - default = import ./modules/default.nix; - }; - nixosContainers = with nixpkgs.lib; let - containerNames = [ - "default" - ]; - containerArches = ["x86_64-linux" "aarch64-linux" "riscv64-linux"]; - containers = listToAttrs (flatten (map (system: let - pkgs = pkgsFor system; - in - map (container: { - name = "container-${container}-${system}"; - value = pkgs.callPackage ./containers/${container}-configuration.nix {}; - }) - containerNames) - containerArches)); - in - containers; - nixosConfigurations = with nixpkgs.lib; let - mkSystem = args: let - inputs' = inputs // {inherit (args) system;}; - in - nixosSystem (args - // { - specialArgs = - args.specialArgs - or {} - // inputs'; - }); - systems' = { - not522 = { - config = ./machine/not522; - system = "riscv64-linux"; - }; - not522-installer = { - config = ./machine/not522/installer; - system = "riscv64-linux"; - }; - pc-installer = { - config = ./machine/pc-installer; - system = "x86_64-linux"; - }; - rainbow-resort = { - config = ./machine/rainbow-resort; - system = "x86_64-linux"; - }; - thinkrac = { - config = ./machine/thinkrac; - system = "x86_64-linux"; - }; - }; - containers = mapAttrs (_: container: - mkSystem { - inherit (container) system; - modules = [ - container.config + devShells.x86_64-linux.default = + with pkgsFor "x86_64-linux"; + mkShell { + nativeBuildInputs = with pkgs; [ + age + sops + ssh-to-age + nixfmt-rfc-style ]; - }) - self.nixosContainers; - systems = mapAttrs (_: system: - mkSystem { - inherit (system) system; - modules = [ - system.config - ]; - }) - systems'; - in - containers // systems; - hydraJobs = { - inherit (self) checks devShells; - nixosConfigurations = nixpkgs.lib.mapAttrs (_: v: v.config.system.build.toplevel) self.nixosConfigurations; + }; + formatter.x86_64-linux = (pkgsFor "x86_64-linux").nixfmt-rfc-style; }; - devShells.x86_64-linux.default = with pkgsFor "x86_64-linux"; - mkShell { - nativeBuildInputs = with pkgs; [ - age - sops - ssh-to-age - nixfmt-rfc-style - ]; - }; - formatter.x86_64-linux = (pkgsFor "x86_64-linux").nixfmt-rfc-style; - }; } diff --git a/hydra/default.nix b/hydra/default.nix index 3601329c..8f19e212 100644 --- a/hydra/default.nix +++ b/hydra/default.nix @@ -1 +1 @@ -{nixos-config}: (import nixos-config).hydraJobs +{ nixos-config }: (import nixos-config).hydraJobs diff --git a/machine/not522/cross-packages.nix b/machine/not522/cross-packages.nix index fdb3a1d9..65d8ea38 100644 --- a/machine/not522/cross-packages.nix +++ b/machine/not522/cross-packages.nix @@ -3,13 +3,15 @@ nixpkgs, lix, ... -}: let +}: +let pkgs_x86_64 = import nixpkgs { system = "x86_64-linux"; crossSystem.system = "riscv64-linux"; - overlays = [lix.overlays.default]; + overlays = [ lix.overlays.default ]; }; -in { +in +{ nixpkgs.overlays = [ (self: super: { inherit (pkgs_x86_64) lix nixos-option; diff --git a/machine/not522/default.nix b/machine/not522/default.nix index 26369662..3913edf4 100644 --- a/machine/not522/default.nix +++ b/machine/not522/default.nix @@ -3,7 +3,8 @@ nixos-hardware, nixpkgs, ... -}: { +}: +{ networking.hostName = "not522"; imports = [ "${nixos-config}/config" @@ -14,5 +15,5 @@ ]; system.stateVersion = "24.11"; nixpkgs.config.allowUnsupportedSystem = true; - nix.settings.system-features = ["native-riscv"]; + nix.settings.system-features = [ "native-riscv" ]; } diff --git a/machine/not522/disko.nix b/machine/not522/disko.nix index fedfb32d..fd0e6db0 100644 --- a/machine/not522/disko.nix +++ b/machine/not522/disko.nix @@ -17,30 +17,33 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = ["umask=0077"]; + mountOptions = [ "umask=0077" ]; }; }; root = { end = "-8G"; content = { type = "btrfs"; - extraArgs = ["-f"]; # Override existing partition + extraArgs = [ "-f" ]; # Override existing partition # Subvolumes must set a mountpoint in order to be mounted, # unless their parent is mounted subvolumes = { # Subvolume name is different from mountpoint "/root" = { - mountOptions = ["compress=zstd"]; + mountOptions = [ "compress=zstd" ]; mountpoint = "/"; }; # Subvolume name is the same as the mountpoint "/persistent" = { - mountOptions = ["compress=zstd"]; + mountOptions = [ "compress=zstd" ]; mountpoint = "/persistent"; }; # Parent is not mounted so the mountpoint must be set "/nix" = { - mountOptions = ["compress=zstd" "noatime"]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; mountpoint = "/nix"; }; }; diff --git a/machine/not522/hardware.nix b/machine/not522/hardware.nix index 20dc04a5..c5a88b5c 100644 --- a/machine/not522/hardware.nix +++ b/machine/not522/hardware.nix @@ -3,7 +3,8 @@ nixos-hardware, config, ... -}: { +}: +{ imports = [ "${nixos-hardware}/starfive/visionfive/v2/default.nix" ]; diff --git a/machine/not522/installer/default.nix b/machine/not522/installer/default.nix index 9e19e927..20ccd674 100644 --- a/machine/not522/installer/default.nix +++ b/machine/not522/installer/default.nix @@ -7,19 +7,19 @@ lib, nixpkgs, ... -}: let - dependencies = - [ - nixos-config.nixosConfigurations.not522.config.system.build.toplevel - nixos-config.nixosConfigurations.not522.config.system.build.diskoScript - nixos-config.nixosConfigurations.not522.config.system.build.diskoScript.drvPath - nixos-config.nixosConfigurations.not522.pkgs.stdenv.drvPath - (nixos-config.nixosConfigurations.not522.pkgs.closureInfo {rootPaths = [];}).drvPath - ] - ++ map (i: i.outPath) (builtins.filter builtins.isAttrs (builtins.attrValues pureInputs)); +}: +let + dependencies = [ + nixos-config.nixosConfigurations.not522.config.system.build.toplevel + nixos-config.nixosConfigurations.not522.config.system.build.diskoScript + nixos-config.nixosConfigurations.not522.config.system.build.diskoScript.drvPath + nixos-config.nixosConfigurations.not522.pkgs.stdenv.drvPath + (nixos-config.nixosConfigurations.not522.pkgs.closureInfo { rootPaths = [ ]; }).drvPath + ] ++ map (i: i.outPath) (builtins.filter builtins.isAttrs (builtins.attrValues pureInputs)); - closureInfo = pkgs.closureInfo {rootPaths = dependencies;}; -in { + closureInfo = pkgs.closureInfo { rootPaths = dependencies; }; +in +{ networking.hostName = "not522-installer"; imports = [ "${nixos-config}/config" diff --git a/machine/not522/installer/disko.nix b/machine/not522/installer/disko.nix index 126f062b..0054a4ca 100644 --- a/machine/not522/installer/disko.nix +++ b/machine/not522/installer/disko.nix @@ -17,30 +17,33 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = ["umask=0077"]; + mountOptions = [ "umask=0077" ]; }; }; root = { size = "100%"; content = { type = "btrfs"; - extraArgs = ["-f"]; # Override existing partition + extraArgs = [ "-f" ]; # Override existing partition # Subvolumes must set a mountpoint in order to be mounted, # unless their parent is mounted subvolumes = { # Subvolume name is different from mountpoint "/root" = { - mountOptions = ["compress=zstd"]; + mountOptions = [ "compress=zstd" ]; mountpoint = "/"; }; # Subvolume name is the same as the mountpoint "/persistent" = { - mountOptions = ["compress=zstd"]; + mountOptions = [ "compress=zstd" ]; mountpoint = "/persistent"; }; # Parent is not mounted so the mountpoint must be set "/nix" = { - mountOptions = ["compress=zstd" "noatime"]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; mountpoint = "/nix"; }; }; diff --git a/machine/pc-installer/default.nix b/machine/pc-installer/default.nix index b8ac8186..2b4ae345 100644 --- a/machine/pc-installer/default.nix +++ b/machine/pc-installer/default.nix @@ -5,21 +5,23 @@ pkgs, pureInputs, ... -}: let +}: +let getDeps = name: [ nixos-config.nixosConfigurations.${name}.config.system.build.toplevel nixos-config.nixosConfigurations.${name}.config.system.build.diskoScript nixos-config.nixosConfigurations.${name}.config.system.build.diskoScript.drvPath nixos-config.nixosConfigurations.${name}.pkgs.stdenv.drvPath - (nixos-config.nixosConfigurations.${name}.pkgs.closureInfo {rootPaths = [];}).drvPath + (nixos-config.nixosConfigurations.${name}.pkgs.closureInfo { rootPaths = [ ]; }).drvPath ]; dependencies = (getDeps "rainbow-resort") ++ (getDeps "thinkrac") ++ map (i: i.outPath) (builtins.filter builtins.isAttrs (builtins.attrValues pureInputs)); - closureInfo = pkgs.closureInfo {rootPaths = dependencies;}; -in { + closureInfo = pkgs.closureInfo { rootPaths = dependencies; }; +in +{ networking.hostName = "pc-installer"; imports = [ "${nixos-config}/config" diff --git a/machine/pc-installer/disko.nix b/machine/pc-installer/disko.nix index adeab509..6214646d 100644 --- a/machine/pc-installer/disko.nix +++ b/machine/pc-installer/disko.nix @@ -18,30 +18,33 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = ["umask=0077"]; + mountOptions = [ "umask=0077" ]; }; }; root = { size = "100%"; content = { type = "btrfs"; - extraArgs = ["-f"]; # Override existing partition + extraArgs = [ "-f" ]; # Override existing partition # Subvolumes must set a mountpoint in order to be mounted, # unless their parent is mounted subvolumes = { # Subvolume name is different from mountpoint "/root" = { - mountOptions = ["compress=zstd"]; + mountOptions = [ "compress=zstd" ]; mountpoint = "/"; }; # Subvolume name is the same as the mountpoint "/persistent" = { - mountOptions = ["compress=zstd"]; + mountOptions = [ "compress=zstd" ]; mountpoint = "/persistent"; }; # Parent is not mounted so the mountpoint must be set "/nix" = { - mountOptions = ["compress=zstd" "noatime"]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; mountpoint = "/nix"; }; }; diff --git a/machine/pc-installer/graphical.nix b/machine/pc-installer/graphical.nix index c995f285..1135793b 100644 --- a/machine/pc-installer/graphical.nix +++ b/machine/pc-installer/graphical.nix @@ -2,7 +2,8 @@ config, nixos-config, ... -}: { +}: +{ imports = [ "${nixos-config}/config/graphical.nix" ]; diff --git a/machine/pc-installer/grub.nix b/machine/pc-installer/grub.nix index 505e525c..a178c3e9 100644 --- a/machine/pc-installer/grub.nix +++ b/machine/pc-installer/grub.nix @@ -2,7 +2,8 @@ config, lib, ... -}: { +}: +{ # For legacy pc reason, this needs to be grub boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.grub = { diff --git a/machine/pc-installer/hardware.nix b/machine/pc-installer/hardware.nix index e5f87e0b..c39b8d5e 100644 --- a/machine/pc-installer/hardware.nix +++ b/machine/pc-installer/hardware.nix @@ -1,5 +1,13 @@ -{...}: { - boot.initrd.availableKernelModules = ["nvme" "ahci" "xhci_pci" "usbhid" "uas" "sd_mod"]; +{ ... }: +{ + boot.initrd.availableKernelModules = [ + "nvme" + "ahci" + "xhci_pci" + "usbhid" + "uas" + "sd_mod" + ]; hardware.cpu.amd.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true; } diff --git a/machine/rainbow-resort/default.nix b/machine/rainbow-resort/default.nix index 803c93d6..3e5ee95a 100644 --- a/machine/rainbow-resort/default.nix +++ b/machine/rainbow-resort/default.nix @@ -3,7 +3,8 @@ nixos-config, lib, ... -}: { +}: +{ networking.hostName = "rainbow-resort"; imports = [ "${nixos-config}/config" @@ -21,5 +22,5 @@ } ]; }; - home-manager.users.darkkirb.imports = [./home-manager.nix]; + home-manager.users.darkkirb.imports = [ ./home-manager.nix ]; } diff --git a/machine/rainbow-resort/disko.nix b/machine/rainbow-resort/disko.nix index dc072289..8dc0a23d 100644 --- a/machine/rainbow-resort/disko.nix +++ b/machine/rainbow-resort/disko.nix @@ -17,30 +17,33 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = ["umask=0077"]; + mountOptions = [ "umask=0077" ]; }; }; root = { end = "-64G"; content = { type = "btrfs"; - extraArgs = ["-f"]; # Override existing partition + extraArgs = [ "-f" ]; # Override existing partition # Subvolumes must set a mountpoint in order to be mounted, # unless their parent is mounted subvolumes = { # Subvolume name is different from mountpoint "/root" = { - mountOptions = ["compress=zstd"]; + mountOptions = [ "compress=zstd" ]; mountpoint = "/"; }; # Subvolume name is the same as the mountpoint "/persistent" = { - mountOptions = ["compress=zstd"]; + mountOptions = [ "compress=zstd" ]; mountpoint = "/persistent"; }; # Parent is not mounted so the mountpoint must be set "/nix" = { - mountOptions = ["compress=zstd" "noatime"]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; mountpoint = "/nix"; }; }; diff --git a/machine/rainbow-resort/hardware.nix b/machine/rainbow-resort/hardware.nix index 605ced23..4dd1f8eb 100644 --- a/machine/rainbow-resort/hardware.nix +++ b/machine/rainbow-resort/hardware.nix @@ -2,7 +2,8 @@ modulesPath, nixos-hardware, ... -}: { +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") nixos-hardware.nixosModules.common-cpu-amd @@ -13,10 +14,23 @@ nixos-hardware.nixosModules.common-pc-ssd ]; hardware.cpu.amd.updateMicrocode = true; - boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "k10temp"]; - boot.initrd.kernelModules = ["amdgpu"]; - boot.kernelModules = ["kvm-amd" "i2c-dev" "i2c-piix4"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usb_storage" + "usbhid" + "sd_mod" + "sr_mod" + "k10temp" + ]; + boot.initrd.kernelModules = [ "amdgpu" ]; + boot.kernelModules = [ + "kvm-amd" + "i2c-dev" + "i2c-piix4" + ]; + boot.extraModulePackages = [ ]; nix.settings.cores = 16; boot.binfmt.emulatedSystems = [ "armv7l-linux" diff --git a/machine/rainbow-resort/home-manager.nix b/machine/rainbow-resort/home-manager.nix index f50a44f8..532d3a0f 100644 --- a/machine/rainbow-resort/home-manager.nix +++ b/machine/rainbow-resort/home-manager.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ xdg.configFile."kwinoutputconfig.json".text = lib.strings.toJSON [ { data = [ diff --git a/machine/thinkrac/default.nix b/machine/thinkrac/default.nix index caa49438..80b215bc 100644 --- a/machine/thinkrac/default.nix +++ b/machine/thinkrac/default.nix @@ -3,7 +3,8 @@ nixos-config, lib, ... -}: { +}: +{ networking.hostName = "thinkrac"; imports = [ "${nixos-config}/config" diff --git a/machine/thinkrac/disko.nix b/machine/thinkrac/disko.nix index e5941f83..eba4d6b3 100644 --- a/machine/thinkrac/disko.nix +++ b/machine/thinkrac/disko.nix @@ -17,30 +17,33 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = ["umask=0077"]; + mountOptions = [ "umask=0077" ]; }; }; root = { end = "-24G"; content = { type = "btrfs"; - extraArgs = ["-f"]; # Override existing partition + extraArgs = [ "-f" ]; # Override existing partition # Subvolumes must set a mountpoint in order to be mounted, # unless their parent is mounted subvolumes = { # Subvolume name is different from mountpoint "/root" = { - mountOptions = ["compress=zstd"]; + mountOptions = [ "compress=zstd" ]; mountpoint = "/"; }; # Subvolume name is the same as the mountpoint "/persistent" = { - mountOptions = ["compress=zstd"]; + mountOptions = [ "compress=zstd" ]; mountpoint = "/persistent"; }; # Parent is not mounted so the mountpoint must be set "/nix" = { - mountOptions = ["compress=zstd" "noatime"]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; mountpoint = "/nix"; }; }; diff --git a/machine/thinkrac/hardware.nix b/machine/thinkrac/hardware.nix index 199ff850..4039dc93 100644 --- a/machine/thinkrac/hardware.nix +++ b/machine/thinkrac/hardware.nix @@ -2,7 +2,8 @@ modulesPath, nixos-hardware, ... -}: { +}: +{ imports = [ (modulesPath + "/installer/scan/not-detected.nix") nixos-hardware.nixosModules.lenovo-thinkpad-t470s @@ -11,10 +12,15 @@ nixos-hardware.nixosModules.common-pc-laptop-ssd ]; hardware.cpu.intel.updateMicrocode = true; - boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = ["kvm-intel"]; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "nvme" + "usb_storage" + "sd_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; nix.settings.cores = 4; # use the lowest frequency possible, to save power powerManagement.cpuFreqGovernor = "powersave"; diff --git a/modules/containers/autoconfig.nix b/modules/containers/autoconfig.nix index f1792f85..30c2b67b 100644 --- a/modules/containers/autoconfig.nix +++ b/modules/containers/autoconfig.nix @@ -6,27 +6,28 @@ inputs, ... }: -with lib; let +with lib; +let badNames = [ "system" "override" "overrideDerivation" ]; filterBad = filterAttrs (n: _: lib.all (m: n != m) badNames); -in { +in +{ options.autoContainers = mkOption { - default = []; + default = [ ]; type = types.listOf types.str; }; config = { - containers = listToAttrs (map (container: { + containers = listToAttrs ( + map (container: { name = container; - value = - filterBad (pkgs.callPackage ../../containers/${container}-configuration.nix {}) - // { - specialArgs = inputs; - }; - }) - config.autoContainers); + value = filterBad (pkgs.callPackage ../../containers/${container}-configuration.nix { }) // { + specialArgs = inputs; + }; + }) config.autoContainers + ); }; } diff --git a/modules/containers/default.nix b/modules/containers/default.nix index 2b70cff9..22f96d68 100644 --- a/modules/containers/default.nix +++ b/modules/containers/default.nix @@ -2,7 +2,8 @@ nixos-config, lib, ... -}: { +}: +{ imports = [ nixos-config.nixosModules.default ./hostName.nix diff --git a/modules/containers/hostName.nix b/modules/containers/hostName.nix index 4a45371f..6b12a191 100644 --- a/modules/containers/hostName.nix +++ b/modules/containers/hostName.nix @@ -3,7 +3,8 @@ lib, ... }: -with lib; { +with lib; +{ options.networking = { rootHostName = mkOption { description = "Hostname of the running host"; @@ -26,9 +27,10 @@ with lib; { config = { networking = rec { fullHostName = - if config.networking.rootHostName == "" - then config.networking.hostName - else "${config.networking.rootHostName}-${config.networking.hostName}"; + if config.networking.rootHostName == "" then + config.networking.hostName + else + "${config.networking.rootHostName}-${config.networking.hostName}"; nodeID = lib.substring 0 8 (builtins.hashString "sha256" fullHostName); }; }; diff --git a/modules/containers/minimize.nix b/modules/containers/minimize.nix index 4f6cced8..661dc081 100644 --- a/modules/containers/minimize.nix +++ b/modules/containers/minimize.nix @@ -1,4 +1,5 @@ -{nixpkgs, ...}: { +{ nixpkgs, ... }: +{ imports = [ (nixpkgs.outPath + "/nixos/modules/profiles/minimal.nix") (nixpkgs.outPath + "/nixos/modules/profiles/headless.nix") diff --git a/modules/default.nix b/modules/default.nix index 66e28db4..ca73935e 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -5,7 +5,8 @@ nur, ... }: -with lib; { +with lib; +{ imports = [ ./riscv.nix ./containers/autoconfig.nix diff --git a/modules/environment/impermanence.nix b/modules/environment/impermanence.nix index de0ff570..6b788f04 100644 --- a/modules/environment/impermanence.nix +++ b/modules/environment/impermanence.nix @@ -6,7 +6,8 @@ inTester, ... }: -with lib; { +with lib; +{ imports = [ "${impermanence}/nixos.nix" ./user-impermanence.nix @@ -70,26 +71,23 @@ with lib; { } { assertion = - if hasAttr "/" config.fileSystems - then config.fileSystems."/".fsType == "btrfs" - else false; + if hasAttr "/" config.fileSystems then config.fileSystems."/".fsType == "btrfs" else false; message = "rootfs must be btrfs"; } { assertion = - if hasAttr "/" config.fileSystems - then any (t: t == "subvol=root" || t == "subvol=/root") config.fileSystems."/".options - else false; + if hasAttr "/" config.fileSystems then + any (t: t == "subvol=root" || t == "subvol=/root") config.fileSystems."/".options + else + false; message = "rootfs must mount subvolume root"; } ]; fileSystems."/persistent" = { device = - if hasAttr "/" config.fileSystems - then mkDefault config.fileSystems."/".device - else "/dev/null"; + if hasAttr "/" config.fileSystems then mkDefault config.fileSystems."/".device else "/dev/null"; fsType = "btrfs"; - options = ["subvol=persistent"]; + options = [ "subvol=persistent" ]; neededForBoot = true; }; environment.persistence."/persistent" = { diff --git a/modules/environment/user-impermanence.nix b/modules/environment/user-impermanence.nix index aafe3adc..9cc9b72c 100644 --- a/modules/environment/user-impermanence.nix +++ b/modules/environment/user-impermanence.nix @@ -5,107 +5,121 @@ inTester, ... }: -with lib; { +with lib; +{ options = { environment.impermanence.users = mkOption { description = "Which users to clean up the home directory for"; - default = []; + default = [ ]; type = types.listOf types.str; }; }; - config = mkIf (config.environment.impermanence.enable && config.environment.impermanence.users != []) { - programs.fuse.userAllowOther = true; - home-manager.users = listToAttrs (map (name: { - inherit name; - value = {config, ...}: { - home.file."${config.home.homeDirectory}/.cache/.keep" = { - enable = false; - }; - home.persistence.default = { - persistentStoragePath = "/persistent/home/${name}"; - allowOther = true; - directories = [ - "Downloads" - "Music" - "Pictures" - "Documents" - "Videos" + config = + mkIf (config.environment.impermanence.enable && config.environment.impermanence.users != [ ]) + { + programs.fuse.userAllowOther = true; + home-manager.users = listToAttrs ( + map (name: { + inherit name; + value = + { config, ... }: { - directory = ".cache"; - method = "symlink"; - } - "Data" - ]; - }; - }; - }) - config.environment.impermanence.users); - systemd.tmpfiles.rules = mkMerge (map (name: [ - "d /persistent/home/${name} 700 ${name} ${config.users.users.${name}.group} - -" - "d /persistent/home/${name}/.cache 700 ${name} ${config.users.users.${name}.group} 7d -" - ]) - config.environment.impermanence.users); - systemd.services = listToAttrs (flatten (map (name: let - cfg = config.users.users.${name}; - in [ - { - name = "cleanup-home-${name}"; - description = "Clean home directory for ${name}"; - value = { - before = [ - "user@${toString cfg.uid}.service" - "home-manager-${name}.service" - ]; - partOf = [ - "user@${toString cfg.uid}.service" - ]; - serviceConfig.Type = "oneshot"; - script = '' - if [[ -e ${cfg.home} ]]; then - timestamp=$(date --date="@$(stat -c %X ${cfg.home})" "+%Y-%m-%d_%H:%M:%S") - mkdir -p /persistent/old-homedirs/${name} - mv ${cfg.home} /persistent/old-homedirs/${name}/$timestamp - fi + home.file."${config.home.homeDirectory}/.cache/.keep" = { + enable = false; + }; + home.persistence.default = { + persistentStoragePath = "/persistent/home/${name}"; + allowOther = true; + directories = [ + "Downloads" + "Music" + "Pictures" + "Documents" + "Videos" + { + directory = ".cache"; + method = "symlink"; + } + "Data" + ]; + }; + }; + }) config.environment.impermanence.users + ); + systemd.tmpfiles.rules = mkMerge ( + map (name: [ + "d /persistent/home/${name} 700 ${name} ${config.users.users.${name}.group} - -" + "d /persistent/home/${name}/.cache 700 ${name} ${config.users.users.${name}.group} 7d -" + ]) config.environment.impermanence.users + ); + systemd.services = listToAttrs ( + flatten ( + map ( + name: + let + cfg = config.users.users.${name}; + in + [ + { + name = "cleanup-home-${name}"; + description = "Clean home directory for ${name}"; + value = { + before = [ + "user@${toString cfg.uid}.service" + "home-manager-${name}.service" + ]; + partOf = [ + "user@${toString cfg.uid}.service" + ]; + serviceConfig.Type = "oneshot"; + script = '' + if [[ -e ${cfg.home} ]]; then + timestamp=$(date --date="@$(stat -c %X ${cfg.home})" "+%Y-%m-%d_%H:%M:%S") + mkdir -p /persistent/old-homedirs/${name} + mv ${cfg.home} /persistent/old-homedirs/${name}/$timestamp + fi - delete_subvolume_recursively() { - IFS=$'\n' - for i in $(${pkgs.btrfs-progs}/bin/btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do - delete_subvolume_recursively "/persistent/old-homedirs/${name}/$i" - done - ${pkgs.btrfs-progs}/bin/btrfs subvolume delete "$1" || rm -rf "$1" - } + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(${pkgs.btrfs-progs}/bin/btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/persistent/old-homedirs/${name}/$i" + done + ${pkgs.btrfs-progs}/bin/btrfs subvolume delete "$1" || rm -rf "$1" + } - for i in $(find /persistent/old-homedirs/${name} -maxdepth 1 -atime +30); do - delete_subvolume_recursively "$i" - done + for i in $(find /persistent/old-homedirs/${name} -maxdepth 1 -atime +30); do + delete_subvolume_recursively "$i" + done - ${pkgs.btrfs-progs}/bin/btrfs subvolume create ${cfg.home} - chown -R ${name}:${cfg.group} ${cfg.home} + ${pkgs.btrfs-progs}/bin/btrfs subvolume create ${cfg.home} + chown -R ${name}:${cfg.group} ${cfg.home} - mkdir -p /persistent/home/${name} - chown -R ${name}:${cfg.group} /persistent/home/${name} - ''; - }; - } - { - name = "home-manager-${name}"; - value = { - wantedBy = mkForce [ - "user@${toString cfg.uid}.service" - ]; - after = [ - "cleanup-home-${name}.service" - ]; - before = [ - "user@${toString cfg.uid}.service" - ]; - partOf = [ - "user@${toString cfg.uid}.service" - ]; - }; - } - ]) - config.environment.impermanence.users)); - }; + mkdir -p /persistent/home/${name} + chown -R ${name}:${cfg.group} /persistent/home/${name} + ''; + }; + } + { + name = "home-manager-${name}"; + value = { + wantedBy = mkForce [ + "user@${toString cfg.uid}.service" + ]; + after = [ + "cleanup-home-${name}.service" + ]; + before = [ + "user@${toString cfg.uid}.service" + ]; + partOf = [ + "user@${toString cfg.uid}.service" + ]; + }; + } + ] + ) config.environment.impermanence.users + ) + ); + }; } diff --git a/modules/hydra/build-server.nix b/modules/hydra/build-server.nix index 8c794da2..2bb69d42 100644 --- a/modules/hydra/build-server.nix +++ b/modules/hydra/build-server.nix @@ -3,13 +3,15 @@ config, ... }: -with lib; { +with lib; +{ options.hydra.buildServer.enable = mkEnableOption "Make this device a build server"; imports = [ { - config.hydra.buildServer.enable = let - buildServers = import ./build-server-list.nix; - in + config.hydra.buildServer.enable = + let + buildServers = import ./build-server-list.nix; + in mkDefault (any (t: t == config.networking.hostName) buildServers); } ]; @@ -21,6 +23,6 @@ with lib; { "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN5Q/L2FyB3DIgdJRYnTGHW3naw5VQ9coOdwHYmv0aZ darkkirb@thinkrac" ]; }; - nix.settings.trusted-users = ["remote-build"]; + nix.settings.trusted-users = [ "remote-build" ]; }; } diff --git a/modules/nix/autoupdater.nix b/modules/nix/autoupdater.nix index 6ef28929..50fbe7b6 100644 --- a/modules/nix/autoupdater.nix +++ b/modules/nix/autoupdater.nix @@ -3,60 +3,62 @@ pkgs, lib, ... -}: let +}: +let cfg = config.nix.auto-update; in - with lib; { - options.nix.auto-update = { - enable = mkEnableOption "enable automatic updates"; - reboot = mkEnableOption "Reboot if kernel change"; - hydraServer = mkOption { - type = types.str; - description = "Location of hydra server"; - default = "https://hydra.chir.rs"; - }; - project = mkOption { - type = types.str; - description = "Project name to use"; - default = "nixos-config"; - }; - jobset = mkOption { - type = types.str; - description = "Jobset name to use"; - default = "pr618"; - }; - job = mkOption { - type = types.str; - description = "Job name to use"; - default = "nixosConfigurations.${config.networking.hostName}"; - defaultText = literalExpression ''"nixosConfigurations.''${config.networking.hostName}"''; - }; - specialisation = mkOption { - type = types.nullOr types.str; - description = "specialisation to switch into"; - default = null; - }; +with lib; +{ + options.nix.auto-update = { + enable = mkEnableOption "enable automatic updates"; + reboot = mkEnableOption "Reboot if kernel change"; + hydraServer = mkOption { + type = types.str; + description = "Location of hydra server"; + default = "https://hydra.chir.rs"; }; + project = mkOption { + type = types.str; + description = "Project name to use"; + default = "nixos-config"; + }; + jobset = mkOption { + type = types.str; + description = "Jobset name to use"; + default = "pr618"; + }; + job = mkOption { + type = types.str; + description = "Job name to use"; + default = "nixosConfigurations.${config.networking.hostName}"; + defaultText = literalExpression ''"nixosConfigurations.''${config.networking.hostName}"''; + }; + specialisation = mkOption { + type = types.nullOr types.str; + description = "specialisation to switch into"; + default = null; + }; + }; - config.nix.auto-update.enable = mkDefault config.nix.enable; - config.nix.auto-update.reboot = mkDefault true; - config.systemd.services.nixos-upgrade = mkIf config.nix.enable { - description = "NixOS Upgrade"; - restartIfChanged = false; - unitConfig.X-StopOnRemoval = false; + config.nix.auto-update.enable = mkDefault config.nix.enable; + config.nix.auto-update.reboot = mkDefault true; + config.systemd.services.nixos-upgrade = mkIf config.nix.enable { + description = "NixOS Upgrade"; + restartIfChanged = false; + unitConfig.X-StopOnRemoval = false; - wants = ["network-online.target"]; - after = ["network-online.target"]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; - serviceConfig.Type = "oneshot"; + serviceConfig.Type = "oneshot"; - script = let - output = - if cfg.specialisation == null - then "$output" - else "$output/specialisation/${cfg.specialisation}"; + script = + let + output = + if cfg.specialisation == null then "$output" else "$output/specialisation/${cfg.specialisation}"; switchToConfiguration = "${output}/bin/switch-to-configuration"; - in '' + in + '' #!${pkgs.bash}/bin/bash set -euxo pipefail build=$(${pkgs.curl}/bin/curl -H "accept: application/json" -G ${cfg.hydraServer}/api/latestbuilds -d "nr=10" -d "project=${cfg.project}" -d "jobset=${cfg.jobset}" -d "job=${cfg.job}" | ${pkgs.jq}/bin/jq -r '[.[]|select(.buildstatus==0)][0].id') @@ -65,49 +67,50 @@ in output=$(${pkgs.nix}/bin/nix-store -r $drvname) ${pkgs.nix}/bin/nix-env -p /nix/var/nix/profiles/system --set ${output} ${ - if cfg.reboot - then '' - ${switchToConfiguration} boot - booted="$(${pkgs.coreutils}/bin/readlink /run/booted-system/{initrd,kernel,kernel-modules})" - built="$(${pkgs.coreutils}/bin/readlink ${output}/{initrd,kernel,kernel-modules})" - if [ "$booted" = "$built" ]; then + if cfg.reboot then + '' + ${switchToConfiguration} boot + booted="$(${pkgs.coreutils}/bin/readlink /run/booted-system/{initrd,kernel,kernel-modules})" + built="$(${pkgs.coreutils}/bin/readlink ${output}/{initrd,kernel,kernel-modules})" + if [ "$booted" = "$built" ]; then + ${switchToConfiguration} switch + else + ${pkgs.systemd}/bin/shutdown -r +1 + fi + exit + '' + else + '' ${switchToConfiguration} switch - else - ${pkgs.systemd}/bin/shutdown -r +1 - fi - exit - '' - else '' - ${switchToConfiguration} switch - '' + '' } ''; - }; + }; - config.systemd.timers.nixos-upgrade = { - enable = cfg.enable; - description = "Automatically update nixos"; - requires = ["nixos-upgrade.service"]; - wants = ["network-online.target"]; - after = ["network-online.target"]; - wantedBy = ["multi-user.target"]; - timerConfig = { - OnUnitActiveSec = "30min"; - RandomizedDelaySec = "1h"; - }; + config.systemd.timers.nixos-upgrade = { + enable = cfg.enable; + description = "Automatically update nixos"; + requires = [ "nixos-upgrade.service" ]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; + timerConfig = { + OnUnitActiveSec = "30min"; + RandomizedDelaySec = "1h"; }; - config.assertions = [ - { - assertion = cfg.enable -> config.nix.enable; - message = "Auto updating will only work when nix itself is enabled."; - } - { - assertion = (cfg.specialisation != null) -> config.isSpecialisation; - message = "Automatic update switching to specialisation is only allowed in specialisations"; - } - { - assertion = config.isSpecialisation -> (cfg.specialisation != null); - message = "Specifying the specialization name is required for autoupdate to work!"; - } - ]; - } + }; + config.assertions = [ + { + assertion = cfg.enable -> config.nix.enable; + message = "Auto updating will only work when nix itself is enabled."; + } + { + assertion = (cfg.specialisation != null) -> config.isSpecialisation; + message = "Automatic update switching to specialisation is only allowed in specialisations"; + } + { + assertion = config.isSpecialisation -> (cfg.specialisation != null); + message = "Specifying the specialization name is required for autoupdate to work!"; + } + ]; +} diff --git a/modules/nix/build-server.nix b/modules/nix/build-server.nix index 24fe866e..acc42170 100644 --- a/modules/nix/build-server.nix +++ b/modules/nix/build-server.nix @@ -3,7 +3,8 @@ lib, ... }: -with lib; { +with lib; +{ config = mkIf (!config.isInstaller) { nix.distributedBuilds = true; nix.buildMachines = mkMerge [ @@ -17,7 +18,15 @@ with lib; { ]; maxJobs = 4; speedFactor = 1; - supportedFeatures = ["nixos-test" "benchmark" "ca-derivations" "gccarch-armv8-a" "gccarch-armv8.1-a" "gccarch-armv8.2-a" "big-parallel"]; + supportedFeatures = [ + "nixos-test" + "benchmark" + "ca-derivations" + "gccarch-armv8-a" + "gccarch-armv8.1-a" + "gccarch-armv8.2-a" + "big-parallel" + ]; } ] [ diff --git a/modules/nix/default.nix b/modules/nix/default.nix index 1811a4d3..3ded54cd 100644 --- a/modules/nix/default.nix +++ b/modules/nix/default.nix @@ -3,7 +3,8 @@ lib, ... }: -with lib; { +with lib; +{ imports = [ ./link-inputs.nix ./lix.nix @@ -12,9 +13,9 @@ with lib; { ]; nix.settings = { substituters = mkMerge [ - ["https://attic.chir.rs/chir-rs/"] - (mkIf (!config.isInstaller) ["https://hydra.int.chir.rs"]) - (mkIf config.isInstaller ["https://hydra.chir.rs"]) + [ "https://attic.chir.rs/chir-rs/" ] + (mkIf (!config.isInstaller) [ "https://hydra.int.chir.rs" ]) + (mkIf config.isInstaller [ "https://hydra.chir.rs" ]) ]; trusted-public-keys = [ "nixcache:8KKuGz95Pk4UJ5W/Ni+pN+v+LDTkMMFV4yrGmAYgkDg=" diff --git a/modules/nix/link-inputs.nix b/modules/nix/link-inputs.nix index adf35dc4..91387177 100644 --- a/modules/nix/link-inputs.nix +++ b/modules/nix/link-inputs.nix @@ -2,22 +2,20 @@ lib, inputs, ... -}: let +}: +let # Taken from https://github.com/gytis-ivaskevicius/flake-utils-plus/blob/master/lib/options.nix inherit (lib) filterAttrs mapAttrs'; flakes = filterAttrs (name: value: (value ? outputs)) inputs; - nixRegistry = - builtins.mapAttrs - (name: v: {flake = v;}) - flakes; -in { + nixRegistry = builtins.mapAttrs (name: v: { flake = v; }) flakes; +in +{ nix.registry = nixRegistry; - environment.etc = - mapAttrs' - (name: value: { - name = "nix/inputs/${name}"; - value = {source = value.outPath;}; - }) - flakes; - nix.nixPath = ["/etc/nix/inputs"]; + environment.etc = mapAttrs' (name: value: { + name = "nix/inputs/${name}"; + value = { + source = value.outPath; + }; + }) flakes; + nix.nixPath = [ "/etc/nix/inputs" ]; } diff --git a/modules/nix/lix.nix b/modules/nix/lix.nix index f74e7e1a..3db7d6d6 100644 --- a/modules/nix/lix.nix +++ b/modules/nix/lix.nix @@ -5,11 +5,9 @@ pkgs, lib, ... -}: { - imports = - if inTester - then [] - else [lix-module.nixosModules.default]; +}: +{ + imports = if inTester then [ ] else [ lix-module.nixosModules.default ]; environment.systemPackages = lib.mkIf config.nix.enable [ pkgs.git diff --git a/modules/riscv.nix b/modules/riscv.nix index d126f584..8043d997 100644 --- a/modules/riscv.nix +++ b/modules/riscv.nix @@ -3,10 +3,11 @@ riscv-overlay, ... }: -if system == "riscv64-linux" -then { - nixpkgs.overlays = [ - riscv-overlay.overlays.default - ]; -} -else {} +if system == "riscv64-linux" then + { + nixpkgs.overlays = [ + riscv-overlay.overlays.default + ]; + } +else + { } diff --git a/modules/secrets/sops.nix b/modules/secrets/sops.nix index e1ad6716..a631befe 100644 --- a/modules/secrets/sops.nix +++ b/modules/secrets/sops.nix @@ -2,7 +2,8 @@ sops-nix, config, ... -}: { +}: +{ imports = [ "${sops-nix}/modules/sops" ]; diff --git a/programs/desktop/audacious.nix b/programs/desktop/audacious.nix index a40087bc..9580eedf 100644 --- a/programs/desktop/audacious.nix +++ b/programs/desktop/audacious.nix @@ -1,5 +1,6 @@ -{pkgs, ...}: { - home.packages = with pkgs; [audacious]; +{ pkgs, ... }: +{ + home.packages = with pkgs; [ audacious ]; home.persistence.default.directories = [ ".config/audacious" ]; diff --git a/programs/desktop/default.nix b/programs/desktop/default.nix index 21d25098..49973bb2 100644 --- a/programs/desktop/default.nix +++ b/programs/desktop/default.nix @@ -1,13 +1,15 @@ -{config, pkgs, ...}: { +{ config, pkgs, ... }: +{ imports = [ ./steam ]; home-manager.users.darkkirb.imports = - if config.isGraphical - then [ - ./home-manager.nix - ] - else []; + if config.isGraphical then + [ + ./home-manager.nix + ] + else + [ ]; environment.plasma6.excludePackages = with pkgs.kdePackages; [ pkgs.elisa diff --git a/programs/desktop/firefox/default.nix b/programs/desktop/firefox/default.nix index c3a4e9b5..14b79f09 100644 --- a/programs/desktop/firefox/default.nix +++ b/programs/desktop/firefox/default.nix @@ -4,7 +4,8 @@ lib, nur, ... -}: let +}: +let extensions = { "ublock-origin" = [ "alarms" @@ -102,7 +103,8 @@ nurpkgs = pkgs; inherit pkgs; }; -in { +in +{ programs.firefox = { enable = true; nativeMessagingHosts = with pkgs; [ @@ -139,18 +141,16 @@ in { ''; }; }; - assertions = - lib.mapAttrsToList (k: v: let - unaccepted = - lib.subtractLists - v - nur'.repos.rycee.firefox-addons.${k}.meta.mozPermissions; - in { - assertion = unaccepted == []; - message = '' - Extension ${k} has unaccepted permissions: ${builtins.toJSON unaccepted}''; - }) - extensions; + assertions = lib.mapAttrsToList ( + k: v: + let + unaccepted = lib.subtractLists v nur'.repos.rycee.firefox-addons.${k}.meta.mozPermissions; + in + { + assertion = unaccepted == [ ]; + message = ''Extension ${k} has unaccepted permissions: ${builtins.toJSON unaccepted}''; + } + ) extensions; home.persistence.default.directories = [ ".mozilla" ]; diff --git a/programs/desktop/games/default.nix b/programs/desktop/games/default.nix index 85a7198e..49ca2472 100644 --- a/programs/desktop/games/default.nix +++ b/programs/desktop/games/default.nix @@ -1,6 +1,7 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ imports = [ ./ff14 ]; - home.packages = with pkgs; [factorio]; + home.packages = with pkgs; [ factorio ]; } diff --git a/programs/desktop/games/ff14/default.nix b/programs/desktop/games/ff14/default.nix index 06224b67..3779d014 100644 --- a/programs/desktop/games/ff14/default.nix +++ b/programs/desktop/games/ff14/default.nix @@ -1,6 +1,13 @@ -{ config, pkgs, lib, systemConfig, ... }: { +{ + config, + pkgs, + lib, + systemConfig, + ... +}: +{ config = lib.mkIf (systemConfig.networking.hostName == "rainbow-resort") { - home.packages = with pkgs; [xivlauncher]; + home.packages = with pkgs; [ xivlauncher ]; systemd.user.tmpfiles.rules = [ "L ${config.home.homeDirectory}/.xlcore - - - - ${config.home.homeDirectory}/Games/FF14/xlcore" ]; diff --git a/programs/desktop/home-manager.nix b/programs/desktop/home-manager.nix index 9a2fc693..6698f74a 100644 --- a/programs/desktop/home-manager.nix +++ b/programs/desktop/home-manager.nix @@ -1,4 +1,5 @@ -{pkgs, nixos-config, ...}: { +{ pkgs, nixos-config, ... }: +{ imports = [ ./firefox ./password-manager.nix diff --git a/programs/desktop/ims.nix b/programs/desktop/ims.nix index a3d8d39d..ac0aa356 100644 --- a/programs/desktop/ims.nix +++ b/programs/desktop/ims.nix @@ -1,8 +1,9 @@ -{config, pkgs, ...}: { +{ config, pkgs, ... }: +{ home.packages = with pkgs; [ telegram-desktop ]; - home.persistence.default.directories = [".local/share/TelegramDesktop"]; + home.persistence.default.directories = [ ".local/share/TelegramDesktop" ]; systemd.user.tmpfiles.rules = [ "d ${config.xdg.cacheHome}/TelegramDesktop/cache - - - - -" "d ${config.xdg.cacheHome}/TelegramDesktop/media_cache - - - - -" diff --git a/programs/desktop/password-manager.nix b/programs/desktop/password-manager.nix index 48309c64..9c07ecf6 100644 --- a/programs/desktop/password-manager.nix +++ b/programs/desktop/password-manager.nix @@ -1,8 +1,9 @@ -{ pkgs, lib, ... }: { +{ pkgs, lib, ... }: +{ home.packages = with pkgs; [ keepassxc ]; - xdg.configFile."keepassxc.ini".text = lib.generators.toINI {} { + xdg.configFile."keepassxc.ini".text = lib.generators.toINI { } { General.ConfigVersion = 2; Browser = { CustomProxyLocation = ""; diff --git a/programs/desktop/steam/default.nix b/programs/desktop/steam/default.nix index 87a0a88d..55943ca8 100644 --- a/programs/desktop/steam/default.nix +++ b/programs/desktop/steam/default.nix @@ -1,4 +1,5 @@ -{lib, config, ...}: { +{ lib, config, ... }: +{ programs.steam = lib.mkIf config.isGraphical { enable = !config.isInstaller; remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play @@ -7,5 +8,5 @@ }; nixpkgs.config.allowUnfree = true; - home-manager.users.darkkirb.imports = if config.isGraphical then [./home-manager.nix] else []; + home-manager.users.darkkirb.imports = if config.isGraphical then [ ./home-manager.nix ] else [ ]; } diff --git a/programs/desktop/steam/home-manager.nix b/programs/desktop/steam/home-manager.nix index 58615f04..bfa7d248 100644 --- a/programs/desktop/steam/home-manager.nix +++ b/programs/desktop/steam/home-manager.nix @@ -1,6 +1,9 @@ -{...}: { - home.persistence.default.directories = [{ - directory = ".local/share/Steam"; - method = "symlink"; - }]; +{ ... }: +{ + home.persistence.default.directories = [ + { + directory = ".local/share/Steam"; + method = "symlink"; + } + ]; } diff --git a/programs/desktop/syncthing/default.nix b/programs/desktop/syncthing/default.nix index c20f50b4..26ce06b0 100644 --- a/programs/desktop/syncthing/default.nix +++ b/programs/desktop/syncthing/default.nix @@ -1,7 +1,8 @@ -{config, systemConfig, ...}: { +{ config, systemConfig, ... }: +{ services.syncthing = { enable = true; tray.enable = true; }; - home.persistence.default.directories = [".local/state/syncthing"]; + home.persistence.default.directories = [ ".local/state/syncthing" ]; } diff --git a/programs/editors/default.nix b/programs/editors/default.nix index d3174098..882a0ae0 100644 --- a/programs/editors/default.nix +++ b/programs/editors/default.nix @@ -1,6 +1,7 @@ -{config, ...}: { +{ config, ... }: +{ imports = [ ./nvim ]; - home-manager.users.darkkirb.imports = if config.isGraphical then [./vscode] else []; + home-manager.users.darkkirb.imports = if config.isGraphical then [ ./vscode ] else [ ]; } diff --git a/programs/editors/nvim/globals.nix b/programs/editors/nvim/globals.nix index bbcc2d13..0194465e 100644 --- a/programs/editors/nvim/globals.nix +++ b/programs/editors/nvim/globals.nix @@ -3,16 +3,12 @@ pkgs, lib, ... -}: let - boolToStr = b: - if b - then "true" - else "false"; - boolToStr' = b: - if b - then "1" - else "0"; -in { +}: +let + boolToStr = b: if b then "true" else "false"; + boolToStr' = b: if b then "1" else "0"; +in +{ xdg.configFile."nvim/lua/globals.lua".text = '' local fn = vim.fn local api = vim.api diff --git a/programs/editors/nvim/home-manager.nix b/programs/editors/nvim/home-manager.nix index a32d3391..817ff813 100644 --- a/programs/editors/nvim/home-manager.nix +++ b/programs/editors/nvim/home-manager.nix @@ -2,13 +2,14 @@ pkgs, config, ... -}: { +}: +{ imports = [ ./globals.nix ./plugins/lazy-nvim.nix ]; programs.neovim = { - plugins = with pkgs.vimPlugins; [lazy-nvim]; + plugins = with pkgs.vimPlugins; [ lazy-nvim ]; enable = true; viAlias = true; vimAlias = true; diff --git a/programs/editors/nvim/plugins/lazy-nvim.nix b/programs/editors/nvim/plugins/lazy-nvim.nix index 14e28dd8..499bef83 100644 --- a/programs/editors/nvim/plugins/lazy-nvim.nix +++ b/programs/editors/nvim/plugins/lazy-nvim.nix @@ -2,11 +2,13 @@ pkgs, config, ... -}: { +}: +{ programs.neovim = { - plugins = with pkgs.vimPlugins; + plugins = + with pkgs.vimPlugins; [ - (nvim-treesitter.withPlugins (p: [])) + (nvim-treesitter.withPlugins (p: [ ])) (pkgs.vimUtils.buildVimPlugin { name = "vim-highlighturl"; src = pkgs.fetchFromGitHub { @@ -39,7 +41,10 @@ indent-blankline-nvim lazy-nvim (LeaderF.overrideAttrs (super: { - buildInputs = [pkgs.python3 pkgs.python3Packages.setuptools]; + buildInputs = [ + pkgs.python3 + pkgs.python3Packages.setuptools + ]; })) lspkind-nvim lualine-nvim @@ -84,12 +89,13 @@ zen-mode-nvim ] ++ ( - if pkgs.targetPlatform.system != "riscv64-linux" - then [ - diffview-nvim - vim-grammarous - ] - else [] + if pkgs.targetPlatform.system != "riscv64-linux" then + [ + diffview-nvim + vim-grammarous + ] + else + [ ] ); }; xdg.configFile."nvim/lua/config/lazy-nvim.lua".text = '' @@ -280,12 +286,14 @@ -- Better git commit experience { "rhysd/committia.vim", lazy = true }, ${ - if pkgs.targetPlatform.system != "riscv64-linux" - then '' { - "sindrets/diffview.nvim" - },'' - else "" - } + if pkgs.targetPlatform.system != "riscv64-linux" then + '' + { + "sindrets/diffview.nvim" + },'' + else + "" + } { "kevinhwang91/nvim-bqf", ft = "qf", @@ -310,13 +318,15 @@ end, }, ${ - if pkgs.targetPlatform.system != "riscv64-linux" - then '' { - "rhysd/vim-grammarous", - ft = { "markdown" }, - },'' - else "" - } + if pkgs.targetPlatform.system != "riscv64-linux" then + '' + { + "rhysd/vim-grammarous", + ft = { "markdown" }, + },'' + else + "" + } { "chrisbra/unicode.vim", event = "VeryLazy" }, -- Additional powerful text object for vim, this plugin should be studied -- carefully to use its full power diff --git a/programs/editors/vscode/default.nix b/programs/editors/vscode/default.nix index a49b505b..c2757fdc 100644 --- a/programs/editors/vscode/default.nix +++ b/programs/editors/vscode/default.nix @@ -1,4 +1,5 @@ -{vscode-server, pkgs, ...}: { +{ vscode-server, pkgs, ... }: +{ imports = [ "${vscode-server}/modules/vscode-server/home.nix" ]; diff --git a/programs/home-manager.nix b/programs/home-manager.nix index 82850829..6b91b5f7 100644 --- a/programs/home-manager.nix +++ b/programs/home-manager.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.eza.enable = true; programs.bat.enable = true; programs.fzf.enable = true; @@ -6,5 +7,8 @@ cat = "bat"; less = "bat"; }; - home.packages = with pkgs; [ripgrep fd]; + home.packages = with pkgs; [ + ripgrep + fd + ]; } diff --git a/programs/shell/fish/default.nix b/programs/shell/fish/default.nix index d5102015..7be5a6fe 100644 --- a/programs/shell/fish/default.nix +++ b/programs/shell/fish/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.fish.enable = true; home-manager.users.root.imports = [ ./home-manager.nix diff --git a/programs/shell/fish/home-manager.nix b/programs/shell/fish/home-manager.nix index f1089628..46571ac9 100644 --- a/programs/shell/fish/home-manager.nix +++ b/programs/shell/fish/home-manager.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ imports = [ ./tide.nix ./z.nix diff --git a/programs/shell/fish/tide.nix b/programs/shell/fish/tide.nix index d0ce68c8..efaf0c1f 100644 --- a/programs/shell/fish/tide.nix +++ b/programs/shell/fish/tide.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.fish.plugins = with pkgs.fishPlugins; [ { name = "tide"; diff --git a/programs/shell/fish/z.nix b/programs/shell/fish/z.nix index 4959ff2d..23d7e13e 100644 --- a/programs/shell/fish/z.nix +++ b/programs/shell/fish/z.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.fish.plugins = with pkgs.fishPlugins; [ { name = "z"; diff --git a/programs/shell/tmux/default.nix b/programs/shell/tmux/default.nix index 10d817f4..38c3ff94 100644 --- a/programs/shell/tmux/default.nix +++ b/programs/shell/tmux/default.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ home-manager.users.root.imports = [ ./home-manager.nix ]; diff --git a/programs/shell/tmux/home-manager.nix b/programs/shell/tmux/home-manager.nix index c8be5f65..f998a376 100644 --- a/programs/shell/tmux/home-manager.nix +++ b/programs/shell/tmux/home-manager.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ programs.tmux = { enable = true; baseIndex = 1; diff --git a/programs/ssh/builders.nix b/programs/ssh/builders.nix index 0c43551c..7574031b 100644 --- a/programs/ssh/builders.nix +++ b/programs/ssh/builders.nix @@ -3,12 +3,15 @@ systemConfig, lib, ... -}: let +}: +let identityFile = - if config.home.username == "root" - then systemConfig.sops.secrets.".ssh/builder_id_ed25519".path - else config.sops.secrets.".ssh/builder_id_ed25519".path; -in { + if config.home.username == "root" then + systemConfig.sops.secrets.".ssh/builder_id_ed25519".path + else + config.sops.secrets.".ssh/builder_id_ed25519".path; +in +{ programs.ssh = { enable = true; matchBlocks = { diff --git a/programs/ssh/home-manager.nix b/programs/ssh/home-manager.nix index b3dd0f9d..8d01f313 100644 --- a/programs/ssh/home-manager.nix +++ b/programs/ssh/home-manager.nix @@ -3,19 +3,29 @@ config, systemConfig, ... -}: { +}: +{ imports = [ ./builders.nix ]; programs.ssh = { controlMaster = "auto"; controlPersist = "10m"; - matchBlocks."*" = lib.hm.dag.entryAfter ["build-nas" "build-rainbow-resort" "build-aarch64" "build-riscv"] { - identityFile = - if config.home.username == "root" - then systemConfig.sops.secrets.".ssh/id_ed25519_sk".path - else config.sops.secrets.".ssh/id_ed25519_sk".path; - }; + matchBlocks."*" = + lib.hm.dag.entryAfter + [ + "build-nas" + "build-rainbow-resort" + "build-aarch64" + "build-riscv" + ] + { + identityFile = + if config.home.username == "root" then + systemConfig.sops.secrets.".ssh/id_ed25519_sk".path + else + config.sops.secrets.".ssh/id_ed25519_sk".path; + }; enable = true; }; sops.secrets = lib.mkIf (config.home.username != "root") { diff --git a/services/desktop/default.nix b/services/desktop/default.nix index a39b4c76..b6ba766e 100644 --- a/services/desktop/default.nix +++ b/services/desktop/default.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ./kdeconnect.nix ]; diff --git a/services/desktop/kdeconnect.nix b/services/desktop/kdeconnect.nix index 953ab608..2f3655e3 100644 --- a/services/desktop/kdeconnect.nix +++ b/services/desktop/kdeconnect.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ services.kdeconnect = { enable = true; indicator = true; diff --git a/services/openssh.nix b/services/openssh.nix index e6b254d8..c4e2d2d1 100644 --- a/services/openssh.nix +++ b/services/openssh.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ services.openssh.enable = true; services.openssh.settings = { PermitRootLogin = "yes"; @@ -9,5 +10,5 @@ "instance-20221213-1915.int.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+GanuiV1I08OP8+nNy24+zagQN08rtJnCoU/ixiQNn"; "not522.tailbab65.ts.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpOcmvVODaja3wDdnocb/k6MK7vsh5uH8gpeHR9+/rY"; }; - networking.firewall.allowedTCPPorts = [22]; + networking.firewall.allowedTCPPorts = [ 22 ]; } diff --git a/services/tailscale.nix b/services/tailscale.nix index 52c82fc8..6a7c8ef0 100644 --- a/services/tailscale.nix +++ b/services/tailscale.nix @@ -3,7 +3,8 @@ lib, ... }: -with lib; { +with lib; +{ config = mkIf (!config.isInstaller) { services.tailscale = { enable = true; diff --git a/tests/containers-default.nix b/tests/containers-default.nix index 3d8c8d78..c872f634 100644 --- a/tests/containers-default.nix +++ b/tests/containers-default.nix @@ -6,18 +6,22 @@ }: testers.runNixOSTest { name = "container-default-test"; - nodes.default = { - config, - pkgs, - nixos-config, - ... - }: { - imports = [ - nixos-config.nixosModules.default - ]; - autoContainers = ["default"]; + nodes.default = + { + config, + pkgs, + nixos-config, + ... + }: + { + imports = [ + nixos-config.nixosModules.default + ]; + autoContainers = [ "default" ]; + }; + node.specialArgs = inputs // { + inTester = true; }; - node.specialArgs = inputs // {inTester = true;}; testScript = '' machine.wait_for_unit("container@default.service") ''; diff --git a/users/common/default.nix b/users/common/default.nix index 06e725e4..564e9fde 100644 --- a/users/common/default.nix +++ b/users/common/default.nix @@ -1,3 +1,4 @@ -{...}: { +{ ... }: +{ home.stateVersion = "24.11"; } diff --git a/users/darkkirb/default.nix b/users/darkkirb/default.nix index 88672e0a..db50ab1a 100644 --- a/users/darkkirb/default.nix +++ b/users/darkkirb/default.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ users.users.darkkirb = { createHome = true; isNormalUser = true; @@ -6,7 +7,7 @@ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDXQlfvRUm/z6eP1EjsajIbMibkq9n+ymlbBi7NFiOuaAAAABHNzaDo= ssh:" ]; hashedPasswordFile = config.sops.secrets."users/users/darkkirb/hashedPassword".path; - extraGroups = ["wheel"]; + extraGroups = [ "wheel" ]; }; sops.secrets."users/users/darkkirb/hashedPassword" = { neededForUsers = true; @@ -16,7 +17,8 @@ owner = "darkkirb"; sopsFile = ./system.yaml; }; - home-manager.users.darkkirb.sops.age.keyFile = config.sops.secrets."users/users/darkkirb/age-key".path; + home-manager.users.darkkirb.sops.age.keyFile = + config.sops.secrets."users/users/darkkirb/age-key".path; home-manager.users.darkkirb.home.persistence.default.directories = [ "sources" { @@ -24,6 +26,6 @@ method = "symlink"; } ]; - home-manager.users.darkkirb.imports = [./home-manager]; - environment.impermanence.users = ["darkkirb"]; + home-manager.users.darkkirb.imports = [ ./home-manager ]; + environment.impermanence.users = [ "darkkirb" ]; } diff --git a/users/darkkirb/home-manager/default.nix b/users/darkkirb/home-manager/default.nix index 6add50f8..de194549 100644 --- a/users/darkkirb/home-manager/default.nix +++ b/users/darkkirb/home-manager/default.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ./git.nix ]; diff --git a/users/darkkirb/home-manager/git.nix b/users/darkkirb/home-manager/git.nix index 86bb9518..e87091b5 100644 --- a/users/darkkirb/home-manager/git.nix +++ b/users/darkkirb/home-manager/git.nix @@ -1,10 +1,8 @@ -{pkgs, systemConfig, ...}: { +{ pkgs, systemConfig, ... }: +{ programs.git = { enable = true; - package = - if systemConfig.isGraphical - then pkgs.gitAndTools.gitFull - else pkgs.git; + package = if systemConfig.isGraphical then pkgs.gitAndTools.gitFull else pkgs.git; lfs.enable = true; userEmail = "lotte@chir.rs"; userName = "Charlotte 🦝 Delenk"; @@ -17,4 +15,3 @@ delta.enable = true; }; } - diff --git a/users/default.nix b/users/default.nix index c41b121d..b241f262 100644 --- a/users/default.nix +++ b/users/default.nix @@ -1,4 +1,5 @@ -{...}: { +{ ... }: +{ imports = [ ./home-manager.nix ./root diff --git a/users/home-manager.nix b/users/home-manager.nix index f99c7ab1..1329bd84 100644 --- a/users/home-manager.nix +++ b/users/home-manager.nix @@ -5,17 +5,16 @@ config, sops-nix, ... -}: { +}: +{ home-manager = { useUserPackages = true; useGlobalPkgs = true; backupFileExtension = "backup"; - extraSpecialArgs = - inputs - // { - inherit inputs inputs'; - systemConfig = config; - }; + extraSpecialArgs = inputs // { + inherit inputs inputs'; + systemConfig = config; + }; sharedModules = [ ./common "${impermanence}/home-manager.nix" diff --git a/users/root/default.nix b/users/root/default.nix index 79b64489..f22a8077 100644 --- a/users/root/default.nix +++ b/users/root/default.nix @@ -3,7 +3,8 @@ config, lib, ... -}: { +}: +{ users.users.root = { createHome = true; openssh.authorizedKeys.keys = [ @@ -23,6 +24,6 @@ mode = "600"; sopsFile = "${nixos-config}/programs/ssh/shared-keys.yaml"; }; - home-manager.users.root.sops.secrets = lib.mkForce {}; - environment.impermanence.users = ["root"]; + home-manager.users.root.sops.secrets = lib.mkForce { }; + environment.impermanence.users = [ "root" ]; }