style(treewide): go my formatter · ptr.pet/ark@4556170

ptr.pet / ark

fork

Configure Feed

Issues Pull Requests Commits Tags

Feed URL

Select the types of activity you want to include in your feed.

this repo has no description

fork

Configure Feed

Issues Pull Requests Commits Tags

Feed URL

Select the types of activity you want to include in your feed.

style(treewide): go my formatter

dusk 9 months ago 4556170d 6a8b8352

+237 -172

33 changed files

expand all collapse all

flake.nix

hosts

tkaronto

default.nix

wolumonde

default.nix

modules

atproto.nix

blog.nix

headplane.nix

headscale.nix

default.nix

limbusart.nix

nginx.nix

nsid-tracker.nix

pds.nix

perses.nix

default.nix

ssh.nix

tailscale.nix

tangled.nix

unbound.nix

wsl

default.nix

pkgs-set

default.nix

overlays

_lix.nix

pkgs

buildGoApplication.nix

headplane.nix

nsid-tracker-server.nix

tangled-knot.nix

tangled-modules.nix

tangled-spindle.nix

tangled-sqlite-lib.nix

shells

default.nix

users

dusk@devel.mobi

default.nix

nsid-tracker.nix

modules

netbird

default.nix

nushell

default.nix

tailscale

default.nix

root

default.nix

+20 -12

flake.nix

reviewed

··· 11 11 tlib = import ./lib lib; 12 12 l = lib; 13 13 14 14 - makePkgsSet = system: import ./pkgs-set { 15 15 - inherit system lib tlib flakeInputs; 16 16 - }; 14 14 + makePkgsSet = 15 15 + system: 16 16 + import ./pkgs-set { 17 17 + inherit 18 18 + system 19 19 + lib 20 20 + tlib 21 21 + flakeInputs 22 22 + ; 23 23 + }; 17 24 allPkgsSets = tlib.genSystems makePkgsSet; 18 25 19 26 miscApps = 20 27 l.mapAttrs 21 28 ( 22 22 - _: l.mapAttrs (_: cmd: { 23 23 - type = "app"; 24 24 - program = cmd; 25 25 - }) 29 29 + _: 30 30 + l.mapAttrs ( 31 31 + _: cmd: { 32 32 + type = "app"; 33 33 + program = cmd; 34 34 + } 35 35 + ) 26 36 ) 27 37 ( 28 28 - l.mapAttrs 29 29 - (_: set: { 38 38 + l.mapAttrs (_: set: { 30 39 deploy-ncr = l.getExe set.terra.deploy-ncr; 31 40 dns = l.getExe set.terra.dnsmngmt; 32 32 - }) 33 33 - allPkgsSets 41 41 + }) allPkgsSets 34 42 ); 35 43 in 36 44 { ··· 38 46 nixosConfigurations = import ./hosts { inherit lib tlib allPkgsSets; }; 39 47 homeConfigurations = import ./users { inherit lib tlib allPkgsSets; }; 40 48 41 41 - legacyPackages = l.mapAttrs (_: set: set.pkgs // {inherit (set) inputs;}) allPkgsSets; 49 49 + legacyPackages = l.mapAttrs (_: set: set.pkgs // { inherit (set) inputs; }) allPkgsSets; 42 50 packages = l.mapAttrs (_: set: set.exported) allPkgsSets; 43 51 apps = miscApps; 44 52

+12 -13

hosts/tkaronto/default.nix

reviewed

··· 145 145 4995 146 146 ]; 147 147 # musikcube 148 148 - networking.firewall.allowedTCPPorts = 149 149 - [ 150 150 - 7905 151 151 - 7906 152 152 - ] 153 153 - ++ [ 154 154 - 6695 155 155 - 6696 156 156 - 6697 157 157 - 6698 158 158 - 6699 159 159 - ] 160 160 - ++ [ 50300 ]; 148 148 + networking.firewall.allowedTCPPorts = [ 149 149 + 7905 150 150 + 7906 151 151 + ] 152 152 + ++ [ 153 153 + 6695 154 154 + 6696 155 155 + 6697 156 156 + 6698 157 157 + 6699 158 158 + ] 159 159 + ++ [ 50300 ]; 161 160 162 161 # for tailscale 163 162 networking.firewall.checkReversePath = "loose";

+2 -1

hosts/wolumonde/default.nix

reviewed

··· 10 10 "${inputs.agenix}/modules/age.nix" 11 11 "${inputs.ncr}/firewall" 12 12 "${inputs.ncr}/firewall/hetzner" 13 13 - ] ++ (tlib.importFolder (toString ./modules)); 13 13 + ] 14 14 + ++ (tlib.importFolder (toString ./modules)); 14 15 15 16 environment.systemPackages = with pkgs; [ 16 17 magic-wormhole-rs

+13 -14

hosts/wolumonde/modules/atproto.nix

reviewed

··· 30 30 }; 31 31 in 32 32 { 33 33 - services.nginx.virtualHosts = 34 34 - { 35 35 - # "gaze.systems" = mkWellKnownCfg { 36 36 - # "atproto-did" = pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae"; 37 37 - # }; 38 38 - "poor.dog" = mkWellKnownCfg { 39 39 - "atproto-did" = pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae"; 40 40 - }; 41 41 - # "9.0.0.0.8.e.f.1.5.0.7.4.0.1.0.0.2.ip6.arpa" = mkWellKnownCfg { 42 42 - # "atproto-did" = pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae"; 43 43 - # }; 44 44 - } 45 45 - // (mkDidWebCfg "dawn.gaze.systems") 46 46 - // (mkDidWebCfg "guestbook.gaze.systems"); 33 33 + services.nginx.virtualHosts = { 34 34 + # "gaze.systems" = mkWellKnownCfg { 35 35 + # "atproto-did" = pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae"; 36 36 + # }; 37 37 + "poor.dog" = mkWellKnownCfg { 38 38 + "atproto-did" = pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae"; 39 39 + }; 40 40 + # "9.0.0.0.8.e.f.1.5.0.7.4.0.1.0.0.2.ip6.arpa" = mkWellKnownCfg { 41 41 + # "atproto-did" = pkgs.writeText "server" "did:plc:dfl62fgb7wtjj3fcbb72naae"; 42 42 + # }; 43 43 + } 44 44 + // (mkDidWebCfg "dawn.gaze.systems") 45 45 + // (mkDidWebCfg "guestbook.gaze.systems"); 47 46 # // (mkDidWebCfg "9.0.0.0.8.e.f.1.5.0.7.4.0.1.0.0.2.ip6.arpa"); 48 47 }

+1 -1

hosts/wolumonde/modules/blog.nix

reviewed

··· 6 6 }: 7 7 let 8 8 PUBLIC_BASE_URL = "https://gaze.systems"; 9 9 - modules = (pkgs.callPackage "${inputs.blog}/nix/modules.nix" {}).overrideAttrs (_: { 9 9 + modules = (pkgs.callPackage "${inputs.blog}/nix/modules.nix" { }).overrideAttrs (_: { 10 10 outputHash = "sha256-CO0bFv5WbNBSgucHCb+I9kIZEkh6QqWngRra0luMtSI="; 11 11 }); 12 12 pkg = pkgs.callPackage "${inputs.blog}/nix" {

+12 -4

hosts/wolumonde/modules/headplane.nix

reviewed

··· 1 1 - {lib, config, pkgs, terra, inputs, ...}: 1 1 + { 2 2 + lib, 3 3 + config, 4 4 + pkgs, 5 5 + terra, 6 6 + inputs, 7 7 + ... 8 8 + }: 2 9 let 3 3 - format = pkgs.formats.yaml {}; 10 10 + format = pkgs.formats.yaml { }; 4 11 5 12 # A workaround generate a valid Headscale config accepted by Headplane when `config_strict == true`. 6 13 settings = lib.recursiveUpdate config.services.headscale.settings { ··· 14 21 headscaleConfig = format.generate "headscale.yml" settings; 15 22 16 23 cfg = config.services.headplane.settings; 17 17 - in { 18 18 - imports = ["${inputs.headplane}/nix/module.nix"]; 24 24 + in 25 25 + { 26 26 + imports = [ "${inputs.headplane}/nix/module.nix" ]; 19 27 20 28 services.headplane = { 21 29 enable = true;

+10 -3

hosts/wolumonde/modules/headscale.nix/default.nix

reviewed

··· 1 1 - {config, ...}: let 1 1 + { config, ... }: 2 2 + let 2 3 rootDomain = "gaze.systems"; 3 4 domain = "vpn.${rootDomain}"; 4 4 - in { 5 5 + in 6 6 + { 5 7 age.secrets.headscaleOidcSecret = { 6 8 file = ../../../../secrets/headscaleOidcSecret.age; 7 9 mode = "600"; ··· 21 23 }; 22 24 dns = { 23 25 base_domain = "lan.${rootDomain}"; 24 24 - nameservers.global = ["1.1.1.1" "1.0.0.1" "9.9.9.9" "149.112.112.112"]; 26 26 + nameservers.global = [ 27 27 + "1.1.1.1" 28 28 + "1.0.0.1" 29 29 + "9.9.9.9" 30 30 + "149.112.112.112" 31 31 + ]; 25 32 }; 26 33 oidc = { 27 34 issuer = config.services.pocket-id.settings.APP_URL;

+1 -1

hosts/wolumonde/modules/limbusart.nix

reviewed

··· 5 5 ... 6 6 }: 7 7 let 8 8 - pkg = pkgs.callPackage "${inputs.limbusart}/package.nix" {}; 8 8 + pkg = pkgs.callPackage "${inputs.limbusart}/package.nix" { }; 9 9 in 10 10 { 11 11 systemd.services.limbusart = {

+2 -2

hosts/wolumonde/modules/nginx.nix

reviewed

··· 16 16 statusPage = true; 17 17 }; 18 18 19 19 - networking.firewall.public."http".allowedTCPPorts = [80]; 20 20 - networking.firewall.public."https".allowedTCPPorts = [443]; 19 19 + networking.firewall.public."http".allowedTCPPorts = [ 80 ]; 20 20 + networking.firewall.public."https".allowedTCPPorts = [ 443 ]; 21 21 22 22 # output json logs so we can consume them more easily 23 23 services.nginx.appendHttpConfig = ''

+4 -4

hosts/wolumonde/modules/nsid-tracker.nix

reviewed

··· 6 6 }: 7 7 let 8 8 client-modules = 9 9 - (pkgs.callPackage "${inputs.nsid-tracker}/nix/client-modules.nix" {}) 10 10 - .overrideAttrs (_: { 11 11 - outputHash = "sha256-TzTafbNTng/mMyf0yR9Rc6XS9/zzipwmK9SUWm2XxeY="; 12 12 - }); 9 9 + (pkgs.callPackage "${inputs.nsid-tracker}/nix/client-modules.nix" { }).overrideAttrs 10 10 + (_: { 11 11 + outputHash = "sha256-TzTafbNTng/mMyf0yR9Rc6XS9/zzipwmK9SUWm2XxeY="; 12 12 + }); 13 13 client = pkgs.callPackage "${inputs.nsid-tracker}/nix/client.nix" { 14 14 PUBLIC_API_URL = "gaze.systems/nsid-tracker/api"; 15 15 inherit client-modules;

+29 -30

hosts/wolumonde/modules/pds.nix

reviewed

··· 6 6 services.nginx.virtualHosts.${config.services.pds.settings.PDS_HOSTNAME} = { 7 7 useACMEHost = "gaze.systems"; 8 8 forceSSL = true; 9 9 - locations = 10 10 - { 11 11 - # we need to proxy /xrpc for pds to work 12 12 - # silly but i want root domain >:3 13 13 - "/xrpc" = { 14 14 - proxyPass = pdsLocalhost; 15 15 - proxyWebsockets = true; 16 16 - # pass ws headers so we can actually proxy the ws 17 17 - extraConfig = '' 18 18 - proxy_set_header id $request_id; 19 19 - client_max_body_size 100M; 20 20 - ''; 21 21 - # higher prio just to make sure 22 22 - priority = 100; 23 23 - }; 24 24 - } 25 25 - # others 26 26 - // (lib.genAttrs 27 27 - [ 28 28 - "/@atproto" 29 29 - "/oauth" 30 30 - "=/.well-known/oauth-protected-resource" 31 31 - "=/.well-known/oauth-authorization-server" 32 32 - ] 33 33 - (_: { 34 34 - proxyPass = pdsLocalhost; 35 35 - # higher prio just to make sure 36 36 - priority = 100; 37 37 - }) 38 38 - ); 9 9 + locations = { 10 10 + # we need to proxy /xrpc for pds to work 11 11 + # silly but i want root domain >:3 12 12 + "/xrpc" = { 13 13 + proxyPass = pdsLocalhost; 14 14 + proxyWebsockets = true; 15 15 + # pass ws headers so we can actually proxy the ws 16 16 + extraConfig = '' 17 17 + proxy_set_header id $request_id; 18 18 + client_max_body_size 100M; 19 19 + ''; 20 20 + # higher prio just to make sure 21 21 + priority = 100; 22 22 + }; 23 23 + } 24 24 + # others 25 25 + // (lib.genAttrs 26 26 + [ 27 27 + "/@atproto" 28 28 + "/oauth" 29 29 + "=/.well-known/oauth-protected-resource" 30 30 + "=/.well-known/oauth-authorization-server" 31 31 + ] 32 32 + (_: { 33 33 + proxyPass = pdsLocalhost; 34 34 + # higher prio just to make sure 35 35 + priority = 100; 36 36 + }) 37 37 + ); 39 38 }; 40 39 # setup pds stuff 41 40 services.pds = {

+15 -8

hosts/wolumonde/modules/perses.nix/default.nix

reviewed

··· 1 1 - { pkgs, terra, config, ... }: 1 1 + { 2 2 + pkgs, 3 3 + terra, 4 4 + config, 5 5 + ... 6 6 + }: 2 7 let 3 8 domain = "dash.gaze.systems"; 4 9 port = 7412; ··· 15 20 security = { 16 21 enable_auth = true; 17 22 authentication = { 18 18 - providers.oidc = [{ 19 19 - slug_id = "pocketid"; 20 20 - name = "Pocket ID"; 21 21 - client_id = "aa583db6-e03c-4490-853a-7f2b3e089fbe"; 22 22 - issuer = config.services.pocket-id.settings.APP_URL; 23 23 - scopes = ["openid profile email"]; 24 24 - }]; 23 23 + providers.oidc = [ 24 24 + { 25 25 + slug_id = "pocketid"; 26 26 + name = "Pocket ID"; 27 27 + client_id = "aa583db6-e03c-4490-853a-7f2b3e089fbe"; 28 28 + issuer = config.services.pocket-id.settings.APP_URL; 29 29 + scopes = [ "openid profile email" ]; 30 30 + } 31 31 + ]; 25 32 disable_sign_up = true; 26 33 }; 27 34 cookie = {

+1 -1

hosts/wolumonde/modules/ssh.nix

reviewed

··· 8 8 users.users.root.openssh.authorizedKeys.keys = [ 9 9 (builtins.readFile "${inputs.self}/secrets/yusdacra.key.pub") 10 10 ]; 11 11 - networking.firewall.public."ssh".allowedTCPPorts = [22]; 11 11 + networking.firewall.public."ssh".allowedTCPPorts = [ 22 ]; 12 12 }

+2 -1

hosts/wolumonde/modules/tailscale.nix

reviewed

··· 1 1 - {config, ...}: { 1 1 + { config, ... }: 2 2 + { 2 3 age.secrets.tailscaleAuthKey.file = ../../../secrets/tailscaleAuthKey.age; 3 4 4 5 services.tailscale = {

+10 -4

hosts/wolumonde/modules/tangled.nix

reviewed

··· 1 1 - { lib, config, inputs, terra, ... }: 1 1 + { 2 2 + lib, 3 3 + config, 4 4 + inputs, 5 5 + terra, 6 6 + ... 7 7 + }: 2 8 let 3 9 knotCfg = config.services.tangled-knot; 4 10 spindleCfg = config.services.tangled-spindle; ··· 46 52 group = "spindle"; 47 53 isSystemUser = true; 48 54 }; 49 49 - users.groups.spindle = {}; 50 50 - users.groups.podman.members = ["spindle"]; 55 55 + users.groups.spindle = { }; 56 56 + users.groups.podman.members = [ "spindle" ]; 51 57 systemd.services.spindle = { 52 52 - after = lib.mkForce ["network.target"]; 58 58 + after = lib.mkForce [ "network.target" ]; 53 59 serviceConfig = { 54 60 User = "spindle"; 55 61 Group = "spindle";

+6 -4

hosts/wolumonde/modules/unbound.nix

reviewed

··· 1 1 - {config, lib, ...}: let 1 1 + { config, lib, ... }: 2 2 + let 2 3 cfg = config.services.unbound.settings; 3 3 - in { 4 4 + in 5 5 + { 4 6 services.unbound = { 5 7 enable = true; 6 8 enableRootTrustAnchor = false; ··· 47 49 }; 48 50 }; 49 51 networking.firewall = { 50 50 - allowedTCPPorts = [cfg.server.port]; 51 51 - allowedUDPPorts = [cfg.server.port]; 52 52 + allowedTCPPorts = [ cfg.server.port ]; 53 53 + allowedUDPPorts = [ cfg.server.port ]; 52 54 }; 53 55 }

+2 -1

hosts/wsl/default.nix

reviewed

··· 12 12 ../../users/firewatch 13 13 "${inputs.nixos-wsl}/modules" 14 14 "${inputs.agenix}/modules/age.nix" 15 15 - ] ++ (tlib.importFolder (toString ./modules)); 15 15 + ] 16 16 + ++ (tlib.importFolder (toString ./modules)); 16 17 17 18 wsl.enable = true; 18 19 wsl.defaultUser = "firewatch";

+27 -26

pkgs-set/default.nix

reviewed

··· 14 14 # config.permittedInsecurePackages = ["electron-25.9.0"]; 15 15 }; 16 16 _inputs = import ../_sources/generated.nix { 17 17 - inherit (_pkgs) fetchgit fetchurl fetchFromGitHub dockerTools; 17 17 + inherit (_pkgs) 18 18 + fetchgit 19 19 + fetchurl 20 20 + fetchFromGitHub 21 21 + dockerTools 22 22 + ; 18 23 }; 19 19 - inputs = (l.mapAttrs (_: inp: inp // {__toString = s: toString s.src;}) _inputs) // flakeInputs; 24 24 + inputs = (l.mapAttrs (_: inp: inp // { __toString = s: toString s.src; }) _inputs) // flakeInputs; 20 25 pkgs = _pkgs.appendOverlays ( 21 26 l.flatten ( 22 22 - l.mapAttrsToList 23 23 - ( 27 27 + l.mapAttrsToList ( 24 28 name: _: 25 25 - if name != "disabled" 26 26 - then 27 27 - let 28 28 - o = import "${./overlays}/${name}"; 29 29 - in 30 30 - if (l.functionArgs o) ? inputs 31 31 - then o { inherit inputs; } 32 32 - else o 33 33 - else 34 34 - [] 35 35 - ) 36 36 - (l.readDir ./overlays) 29 29 + if name != "disabled" then 30 30 + let 31 31 + o = import "${./overlays}/${name}"; 32 32 + in 33 33 + if (l.functionArgs o) ? inputs then o { inherit inputs; } else o 34 34 + else 35 35 + [ ] 36 36 + ) (l.readDir ./overlays) 37 37 + ) 38 38 + ); 39 39 + terraPkgs = pkgs.lib.makeScope pkgs.newScope ( 40 40 + self: 41 41 + l.genAttrs (l.map (l.removeSuffix ".nix") (l.attrNames (l.readDir ./pkgs))) ( 42 42 + name: 43 43 + self.callPackage "${./pkgs}/${name}.nix" { 44 44 + inherit inputs tlib; 45 45 + } 37 46 ) 38 47 ); 39 39 - terraPkgs = 40 40 - pkgs.lib.makeScope pkgs.newScope ( 41 41 - self: 42 42 - l.genAttrs 43 43 - (l.map (l.removeSuffix ".nix") (l.attrNames (l.readDir ./pkgs))) 44 44 - (name: self.callPackage "${./pkgs}/${name}.nix" { 45 45 - inherit inputs tlib; 46 46 - }) 47 47 - ); 48 48 pkgsToExport = pkgs.lib.getAttrs (import ./exported.nix) (pkgs // terraPkgs); 49 49 - in { 49 49 + in 50 50 + { 50 51 inherit pkgs inputs; 51 52 terra = terraPkgs; 52 53 exported = pkgsToExport;

+8 -5

pkgs-set/overlays/_lix.nix

reviewed

··· 1 1 - {inputs}: final: prev: 2 2 - (import "${inputs.lix-module}/overlay.nix" {lix = null;}) 3 3 - final (prev // { 4 4 - lix = final.lixPackageSets.latest.lix; 5 5 - }) 1 1 + { inputs }: 2 2 + final: prev: 3 3 + (import "${inputs.lix-module}/overlay.nix" { lix = null; }) final ( 4 4 + prev 5 5 + // { 6 6 + lix = final.lixPackageSets.latest.lix; 7 7 + } 8 8 + )

+1 -1

pkgs-set/pkgs/buildGoApplication.nix

reviewed

··· 1 1 - {callPackage, inputs, ...}: 1 1 + { callPackage, inputs, ... }: 2 2 (callPackage "${inputs.gomod2nix}/builder" { 3 3 gomod2nix = null; 4 4 }).buildGoApplication

+1 -1

pkgs-set/pkgs/headplane.nix

reviewed

··· 1 1 - {callPackage, inputs, ...}: callPackage "${inputs.headplane}/nix/package.nix" {} 1 1 + { callPackage, inputs, ... }: callPackage "${inputs.headplane}/nix/package.nix" { }

+1 -1

pkgs-set/pkgs/nsid-tracker-server.nix

reviewed

··· 1 1 - {callPackage, inputs, ...}: callPackage "${inputs.nsid-tracker}/nix/server.nix" {} 1 1 + { callPackage, inputs, ... }: callPackage "${inputs.nsid-tracker}/nix/server.nix" { }

+12 -10

pkgs-set/pkgs/tangled-knot.nix

reviewed

··· 6 6 ... 7 7 }: 8 8 let 9 9 - unwrapped = (callPackage "${inputs.tangled}/nix/pkgs/knot-unwrapped.nix" { 10 10 - modules = tangled-modules; 11 11 - sqlite-lib = tangled-sqlite-lib; 12 12 - gitignoreSource = null; 13 13 - }).overrideAttrs (_: { 14 14 - src = inputs.tangled; 15 15 - }); 9 9 + unwrapped = 10 10 + (callPackage "${inputs.tangled}/nix/pkgs/knot-unwrapped.nix" { 11 11 + modules = tangled-modules; 12 12 + sqlite-lib = tangled-sqlite-lib; 13 13 + gitignoreSource = null; 14 14 + }).overrideAttrs 15 15 + (_: { 16 16 + src = inputs.tangled; 17 17 + }); 16 18 in 17 17 - callPackage "${inputs.tangled}/nix/pkgs/knot.nix" { 18 18 - knot-unwrapped = unwrapped; 19 19 - } 19 19 + callPackage "${inputs.tangled}/nix/pkgs/knot.nix" { 20 20 + knot-unwrapped = unwrapped; 21 21 + }

+1 -1

pkgs-set/pkgs/tangled-modules.nix

reviewed

··· 1 1 - {inputs, ...}: "${inputs.tangled}/nix/gomod2nix.toml" 1 1 + { inputs, ... }: "${inputs.tangled}/nix/gomod2nix.toml"

+4 -3

pkgs-set/pkgs/tangled-spindle.nix

reviewed

··· 9 9 modules = tangled-modules; 10 10 sqlite-lib = tangled-sqlite-lib; 11 11 gitignoreSource = null; 12 12 - }).overrideAttrs (_: { 13 13 - src = inputs.tangled; 14 14 - }) 12 12 + }).overrideAttrs 13 13 + (_: { 14 14 + src = inputs.tangled; 15 15 + })

+1 -1

pkgs-set/pkgs/tangled-sqlite-lib.nix

reviewed

··· 1 1 - {callPackage, inputs, ...}: 1 1 + { callPackage, inputs, ... }: 2 2 callPackage "${inputs.tangled}/nix/pkgs/sqlite-lib.nix" { 3 3 sqlite-lib-src = inputs.tangled-sqlite-lib; 4 4 }

+3 -5

shells/default.nix

reviewed

··· 3 3 allPkgsSets, 4 4 ... 5 5 }: 6 6 - lib.mapAttrs 7 7 - ( 6 6 + lib.mapAttrs ( 8 7 system: set: 9 8 let 10 9 inherit (set) pkgs; 11 11 - agenix = pkgs.callPackage "${set.inputs.agenix}/pkgs/agenix.nix" {}; 10 10 + agenix = pkgs.callPackage "${set.inputs.agenix}/pkgs/agenix.nix" { }; 12 11 agenix-wrapped = pkgs.writeShellApplication { 13 12 name = "agenix"; 14 13 runtimeInputs = [ agenix ]; ··· 53 52 ''; 54 53 }; 55 54 } 56 56 - ) 57 57 - allPkgsSets 55 55 + ) allPkgsSets

+2 -2

users/dusk@devel.mobi/default.nix

reviewed

··· 44 44 PATH = "${pkgs.coreutils-full}/bin:$PATH"; 45 45 }; 46 46 47 47 - age.identityPaths = ["${config.home.homeDirectory}/.ssh/id_ed25519"]; 47 47 + age.identityPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; 48 48 home = { 49 49 homeDirectory = "/home/dusk"; 50 50 username = "dusk"; ··· 65 65 enable = true; 66 66 controlServer = "https://vpn.gaze.systems"; 67 67 authKeyFile = config.age.secrets.tailscaleAuthKey.path; 68 68 - extraUpFlags = ["--hostname=dusk-devel-mobi"]; 68 68 + extraUpFlags = [ "--hostname=dusk-devel-mobi" ]; 69 69 }; 70 70 71 71 programs = {

+1 -1

users/dusk@devel.mobi/nsid-tracker.nix

reviewed

··· 14 14 }; 15 15 16 16 Service = { 17 17 - ExecStartPre="${pkgs.coreutils-full}/bin/mkdir -p %D/nsid-tracker"; 17 17 + ExecStartPre = "${pkgs.coreutils-full}/bin/mkdir -p %D/nsid-tracker"; 18 18 ExecStart = "${pkgs.dash}/bin/dash -c 'cd %D/nsid-tracker && ${server}/bin/server'"; 19 19 Restart = "on-failure"; 20 20 RestartSec = 5;

+13 -3

users/modules/netbird/default.nix

reviewed

··· 1 1 - {lib, config, pkgs, ...}: let 1 1 + { 2 2 + lib, 3 3 + config, 4 4 + pkgs, 5 5 + ... 6 6 + }: 7 7 + let 2 8 l = lib; 3 9 t = l.types; 4 10 cfg = config.services.netbird; ··· 16 22 wrappedProxychains = pkgs.writers.writeBashBin "netbird-proxychains" '' 17 23 ${pkgs.proxychains-ng}/bin/proxychains4 -f "${proxychainsCfg}" $@ 18 24 ''; 19 19 - in { 25 25 + in 26 26 + { 20 27 options = { 21 28 services.netbird = { 22 29 enable = l.mkEnableOption "netbird client"; ··· 37 44 }; 38 45 }; 39 46 config = l.mkIf cfg.enable { 40 40 - home.packages = [ wrapped wrappedProxychains ]; 47 47 + home.packages = [ 48 48 + wrapped 49 49 + wrappedProxychains 50 50 + ]; 41 51 services.netbird.proxyScript = wrappedProxychains; 42 52 systemd.user.services.netbird = { 43 53 Unit = {

+2 -1

users/modules/nushell/default.nix

reviewed

··· 1 1 - {pkgs, lib, ...}: { 1 1 + { pkgs, lib, ... }: 2 2 + { 2 3 programs.carapace.enable = true; 3 4 programs.carapace.enableNushellIntegration = true; 4 5 programs.nushell = {

+16 -5

users/modules/tailscale/default.nix

reviewed

··· 1 1 - {lib, config, pkgs, ...}: let 1 1 + { 2 2 + lib, 3 3 + config, 4 4 + pkgs, 5 5 + ... 6 6 + }: 7 7 + let 2 8 l = lib; 3 9 t = l.types; 4 10 cfg = config.services.tailscale; ··· 15 21 wrapped = pkgs.writers.writeBashBin "tailscale" '' 16 22 ${pkgs.tailscale}/bin/tailscale --socket $XDG_RUNTIME_DIR/tailscaled.sock $@ 17 23 ''; 18 18 - in { 24 24 + in 25 25 + { 19 26 options = { 20 27 services.tailscale = { 21 28 enable = l.mkEnableOption "tailscale client"; ··· 31 38 }; 32 39 extraUpFlags = l.mkOption { 33 40 type = t.listOf t.str; 34 34 - default = []; 41 41 + default = [ ]; 35 42 description = "Extra flags to pass to tailscale up"; 36 43 }; 37 44 proxyScript = l.mkOption { ··· 42 49 }; 43 50 }; 44 51 config = l.mkIf cfg.enable { 45 45 - home.packages = [ wrapped wrappedProxychains ]; 52 52 + home.packages = [ 53 53 + wrapped 54 54 + wrappedProxychains 55 55 + ]; 46 56 services.tailscale.proxyScript = wrappedProxychains; 47 57 systemd.user.services.tailscaled = { 48 58 Unit = { ··· 54 64 ExecStart = "${pkgs.tailscale}/bin/tailscaled --tun=userspace-networking --socks5-server=localhost:1055 --outbound-http-proxy-listen=localhost:1055 --socket %t/tailscaled.sock"; 55 65 Restart = "on-failure"; 56 66 RestartSec = "5s"; 57 57 - } // l.optionalAttrs (cfg.authKeyFile != null) { 67 67 + } 68 68 + // l.optionalAttrs (cfg.authKeyFile != null) { 58 69 ExecStartPost = "${wrapped}/bin/tailscale up --reset --login-server=${cfg.controlServer} --auth-key=file:${cfg.authKeyFile} ${l.concatStringsSep " " cfg.extraUpFlags}"; 59 70 }; 60 71

+2 -2

users/root/default.nix

reviewed

··· 1 1 { pkgs, ... }: 2 2 { 3 3 users.users.root.initialHashedPassword = "$6$XLWo1sPpgp63Zm$XHBbULH9q1gb/.yalPPU/I7EgTcW80bM.moCjIe/qGyOwE47VcXNVbTHloBZdIWQq0MfIG0IxInAu59.oJyos/"; 4 4 - environment.systemPackages = [pkgs.nushell]; 4 4 + environment.systemPackages = [ pkgs.nushell ]; 5 5 users.users.root.shell = pkgs.nushell; 6 6 home-manager.users.root = { 7 7 - imports = [../modules/nushell]; 7 7 + imports = [ ../modules/nushell ]; 8 8 }; 9 9 }