diff --git a/flake.nix b/flake.nix index f5851b6..e0e83e6 100644 --- a/flake.nix +++ b/flake.nix @@ -25,11 +25,11 @@ nixosConfigurations = { distrust = lib.nixosSystem { system = "x86_64-linux"; - modules = [./system/distrust ./services/distrust ./helpers/services.nix nixos-mailserver.nixosModules.default agenix.nixosModules.default { networking.hostName = "distrust"; }]; + modules = [./system/distrust ./services/distrust ./helpers/services.nix nixos-mailserver.nixosModules.default agenix.nixosModules.default {networking.hostName = "distrust";}]; }; distrust-mini = lib.nixosSystem { system = "x86_64-linux"; - modules = [./system/distrust-mini ./services/distrust-mini ./helpers/services.nix { networking.hostName = "distrust-mini"; }]; + modules = [./system/distrust-mini ./services/distrust-mini ./helpers/services.nix {networking.hostName = "distrust-mini";}]; }; }; }; diff --git a/helpers/services.nix b/helpers/services.nix index e3a0501..4898ac7 100644 --- a/helpers/services.nix +++ b/helpers/services.nix @@ -140,7 +140,7 @@ in { else [] ) ]; - readWritePaths = lib.mkIf (dump != null) [ "/var/backup/postgres/" ]; + readWritePaths = lib.mkIf (dump != null) ["/var/backup/postgres/"]; preHook = lib.mkIf (dump != null) '' mkdir -p /var/backup/postgres ${pkgs.sudo}/bin/sudo -u postgres ${pkgs.postgresql}/bin/pg_dump ${dump} > /var/backup/postgres/${key}.sql diff --git a/services/distrust-mini/default.nix b/services/distrust-mini/default.nix index 1b4c13c..37dd0f2 100644 --- a/services/distrust-mini/default.nix +++ b/services/distrust-mini/default.nix @@ -1,10 +1,10 @@ { - imports = [ - ../shared + imports = [ + ../shared - # TOR bridge - ./tor.nix - # Status page in diff. data center for redundancy/resilience - ./uptime-kuma.nix - ] -} \ No newline at end of file + # TOR bridge + ./tor.nix + # Status page in diff. data center for redundancy/resilience + ./uptime-kuma.nix + ]; +} diff --git a/services/distrust-mini/uptime-kuma.nix b/services/distrust-mini/uptime-kuma.nix index dc9d31a..644f6fa 100644 --- a/services/distrust-mini/uptime-kuma.nix +++ b/services/distrust-mini/uptime-kuma.nix @@ -1,7 +1,6 @@ let kumaPort = 3001; -in -{ +in { services.uptime-kuma = { enable = true; settings = { @@ -25,4 +24,4 @@ in ]; }; }; -} \ No newline at end of file +} diff --git a/services/distrust/forgejo.nix b/services/distrust/forgejo.nix index aad5f29..ad92d31 100644 --- a/services/distrust/forgejo.nix +++ b/services/distrust/forgejo.nix @@ -8,7 +8,7 @@ in { services.forgejo = { enable = true; lfs.enable = false; - settings = { + settings = { server = { DOMAIN = "git.distrust.network"; HTTP_PORT = forgejoPort; diff --git a/services/distrust/lldap.nix b/services/distrust/lldap.nix index 4b46e62..249df2b 100644 --- a/services/distrust/lldap.nix +++ b/services/distrust/lldap.nix @@ -9,7 +9,7 @@ in { group = "lldap-secrets"; }; }; - + services.lldap = { enable = true; settings = { @@ -39,10 +39,10 @@ in { ]; }; }; - + # Creates a group for the LLDAP DynamicUser to read the secret users.groups.lldap-secrets = {}; systemd.services.lldap.serviceConfig = { - SupplementaryGroups = [ "lldap-secrets" ]; + SupplementaryGroups = ["lldap-secrets"]; }; } diff --git a/services/shared/default.nix b/services/shared/default.nix index 49dc657..2f50db6 100644 --- a/services/shared/default.nix +++ b/services/shared/default.nix @@ -1,5 +1,5 @@ { - imports = [ - ./borg.nix - ]; -} \ No newline at end of file + imports = [ + ./borg.nix + ]; +} diff --git a/system/distrust/hardware-configuration.nix b/system/distrust/hardware-configuration.nix index 5e7b44e..329ed8a 100644 --- a/system/distrust/hardware-configuration.nix +++ b/system/distrust/hardware-configuration.nix @@ -1,9 +1,10 @@ -{ modulesPath, ... }: -{ - imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; +{modulesPath, ...}: { + imports = [(modulesPath + "/profiles/qemu-guest.nix")]; boot.loader.grub.device = "/dev/sda"; - boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ]; - boot.initrd.kernelModules = [ "nvme" ]; - fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; - + boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi"]; + boot.initrd.kernelModules = ["nvme"]; + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + }; } diff --git a/system/distrust/networking.nix b/system/distrust/networking.nix index a4c41bf..560acac 100644 --- a/system/distrust/networking.nix +++ b/system/distrust/networking.nix @@ -1,11 +1,12 @@ -{ lib, ... }: { +{lib, ...}: { # This file was populated at runtime with the networking # details gathered from the active system. networking = { - nameservers = [ "2a01:4ff:ff00::add:2" - "2a01:4ff:ff00::add:1" - "185.12.64.2" - ]; + nameservers = [ + "2a01:4ff:ff00::add:2" + "2a01:4ff:ff00::add:1" + "185.12.64.2" + ]; defaultGateway = "172.31.1.1"; defaultGateway6 = { address = "fe80::1"; @@ -16,20 +17,38 @@ interfaces = { eth0 = { ipv4.addresses = [ - { address="95.217.161.66"; prefixLength=32; } + { + address = "95.217.161.66"; + prefixLength = 32; + } ]; ipv6.addresses = [ - { address="2a01:4f9:c012:215b::1"; prefixLength=64; } -{ address="fe80::9000:6ff:feb6:58bb"; prefixLength=64; } + { + address = "2a01:4f9:c012:215b::1"; + prefixLength = 64; + } + { + address = "fe80::9000:6ff:feb6:58bb"; + prefixLength = 64; + } + ]; + ipv4.routes = [ + { + address = "172.31.1.1"; + prefixLength = 32; + } + ]; + ipv6.routes = [ + { + address = "fe80::1"; + prefixLength = 128; + } ]; - ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ]; - ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ]; }; - }; }; services.udev.extraRules = '' ATTR{address}=="92:00:06:b6:58:bb", NAME="eth0" - + ''; }