use rfc-style formatter

2024-12-19 02:32:58 -05:00 · 2024-12-19 02:32:58 -05:00 · f57ed53bc5
commit f57ed53bc5
parent 993b457e0b
30 changed files with 324 additions and 176 deletions
--- a/flake.nix
+++ b/flake.nix
@ -13,12 +13,14 @@
    };
  };
-  outputs = {
+  outputs =
    {
      self,
      nixpkgs,
      home-manager,
      ...
-  } @ inputs: let
+    }@inputs:
    let
      lib = nixpkgs.lib;
      inherit (self) outputs;
@ -33,17 +35,20 @@
          };
        }
      );
-  in {
+    in
    {
      packages = forEachSystem (pkgs: import ./pkgs { inherit pkgs; });
-    formatter = forEachSystem (pkgs: pkgs.alejandra);
+      formatter = forEachSystem (pkgs: pkgs.nixfmt-rfc-style);
      devShells = forEachSystem (pkgs: import ./shells { inherit pkgs; });
      nixosModules = import ./modules/nixos;
      homeManagerModules = import ./modules/home-manager;
      overlays = import ./overlays { inherit inputs outputs; };
-    nixosConfigurations = let
+      nixosConfigurations =
        let
          pkgs = pkgsFor.x86_64-linux;
-    in {
+        in
        {
          ytnix = lib.nixosSystem {
            specialArgs = { inherit inputs outputs; };
            modules = [
--- a/home/foot.nix
+++ b/home/foot.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  programs.foot = {
    enable = true;
    settings = {
--- a/home/tmux.nix
+++ b/home/tmux.nix
@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
 {
  programs.tmux = {
    enable = true;
    baseIndex = 1;
--- a/home/yt/chunk.nix
+++ b/home/yt/chunk.nix
@ -5,7 +5,8 @@
  inputs,
  outputs,
  ...
-}: {
+}:
 {
  imports = [
    ./common.nix
  ];
--- a/home/yt/common.nix
+++ b/home/yt/common.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  imports = [
    ../tmux.nix
    ../zsh
--- a/home/yt/ytnix.nix
+++ b/home/yt/ytnix.nix
@ -2,7 +2,8 @@
  pkgs,
  inputs,
  ...
-}: {
+}:
 {
  imports = [
    ./common.nix
    ../foot.nix
--- a/home/zsh/default.nix
+++ b/home/zsh/default.nix
@ -1,9 +1,13 @@
-{...}: {
+{ ... }:
 {
  programs.zsh = {
    enable = true;
    autosuggestion = {
      enable = true;
-      strategy = ["history" "completion"];
+      strategy = [
        "history"
        "completion"
      ];
    };
    syntaxHighlighting = {
      enable = true;
--- a/hosts/chunk/adguard.nix
+++ b/hosts/chunk/adguard.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  services.adguardhome = {
    enable = true;
    host = "127.0.0.1";
--- a/hosts/chunk/borg.nix
+++ b/hosts/chunk/borg.nix
@ -2,11 +2,29 @@
  pkgs,
  config,
  ...
-}: {
+}:
 {
  services.borgbackup.jobs = {
    crashRsync = {
-      paths = ["/root" "/home" "/var/backup" "/var/lib" "/var/log" "/opt" "/etc" "/vw-data"];
+      paths = [
-      exclude = ["**/.cache" "**/node_modules" "**/cache" "**/Cache" "/var/lib/docker" "/var/lib/containers/cache" "/var/lib/containers/overlay*"];
+        "/root"
        "/home"
        "/var/backup"
        "/var/lib"
        "/var/log"
        "/opt"
        "/etc"
        "/vw-data"
      ];
      exclude = [
        "**/.cache"
        "**/node_modules"
        "**/cache"
        "**/Cache"
        "/var/lib/docker"
        "/var/lib/containers/cache"
        "/var/lib/containers/overlay*"
      ];
      repo = "de3911@de3911.rsync.net:borg/crash";
      encryption = {
        mode = "repokey-blake2";
@ -22,7 +40,9 @@
      # warnings are often not that serious
      failOnWarnings = false;
      postHook = ''
-        ${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy".path}) -d "chunk: backup completed with exit code: $exitStatus
+        ${pkgs.curl}/bin/curl -u $(cat ${
          config.sops.secrets."services/ntfy".path
        }) -d "chunk: backup completed with exit code: $exitStatus
        $(journalctl -u borgbackup-job-crashRsync.service|tail -n 5)" \
        https://ntfy.cything.io/chunk
      '';
--- a/hosts/chunk/conduit.nix
+++ b/hosts/chunk/conduit.nix
@ -2,7 +2,8 @@
  pkgs,
  config,
  ...
-}: {
+}:
 {
  virtualisation.oci-containers.containers.conduit = {
    image = "matrixconduit/matrix-conduit:latest";
    autoStart = true;
--- a/hosts/chunk/default.nix
+++ b/hosts/chunk/default.nix
@ -3,7 +3,8 @@
  lib,
  pkgs,
  ...
-}: {
+}:
 {
  imports = [
    ./hardware-configuration.nix
    ../common.nix
@ -91,8 +92,19 @@
  networking.networkmanager.enable = true;
  networking.firewall = {
    enable = true;
-    allowedTCPPorts = [22 80 443 53 853];
+    allowedTCPPorts = [
-    allowedUDPPorts = [443 51820 53 853]; # 51820 is wireguard
+      22
      80
      443
      53
      853
    ];
    allowedUDPPorts = [
      443
      51820
      53
      853
    ]; # 51820 is wireguard
    trustedInterfaces = [ "wg0" ];
  };
  networking.interfaces.ens18 = {
@ -117,7 +129,10 @@
    address = "31.59.129.1";
    interface = "ens18";
  };
-  networking.nameservers = ["127.0.0.1" "::1"];
+  networking.nameservers = [
    "127.0.0.1"
    "::1"
  ];
  time.timeZone = "America/Toronto";
@ -129,12 +144,20 @@
  users.users.yt = {
    isNormalUser = true;
-    extraGroups = ["wheel" "networkmanager" "podman"];
+    extraGroups = [
-    openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"];
+      "wheel"
      "networkmanager"
      "podman"
    ];
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"
    ];
    shell = pkgs.zsh;
  };
  programs.zsh.enable = true;
-  users.users.root.openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"];
+  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPdhAQYy0+vS+QmyCd0MAbqbgzyMGcsuuFyf6kg2yKge yt@ytlinux"
  ];
  environment.systemPackages = with pkgs; [
    vim
--- a/hosts/chunk/deluge.nix
+++ b/hosts/chunk/deluge.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  services.deluge = {
    enable = true;
    web = {
--- a/hosts/chunk/ghost.nix
+++ b/hosts/chunk/ghost.nix
@ -2,7 +2,8 @@
  pkgs,
  config,
  ...
-}: {
+}:
 {
  virtualisation.oci-containers.containers.ghost = {
    image = "ghost:5-alpine";
    autoStart = true;
--- a/hosts/chunk/gitlab.nix
+++ b/hosts/chunk/gitlab.nix
@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
 {
  services.gitlab = {
    enable = true;
    https = true;
--- a/hosts/chunk/grafana.nix
+++ b/hosts/chunk/grafana.nix
@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
 {
  services.grafana = {
    enable = true;
    settings.server = {
--- a/hosts/chunk/hardware-configuration.nix
+++ b/hosts/chunk/hardware-configuration.nix
@ -7,12 +7,19 @@
  pkgs,
  modulesPath,
  ...
-}: {
+}:
 {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
  ];
-  boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk"];
+  boot.initrd.availableKernelModules = [
    "ata_piix"
    "uhci_hcd"
    "virtio_pci"
    "sr_mod"
    "virtio_blk"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
--- a/hosts/chunk/hedgedoc.nix
+++ b/hosts/chunk/hedgedoc.nix
@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
 {
  services.hedgedoc = {
    enable = true;
    environmentFile = config.sops.secrets."hedgedoc/env".path;
--- a/hosts/chunk/immich.nix
+++ b/hosts/chunk/immich.nix
@ -2,13 +2,15 @@
  pkgs,
  config,
  ...
-}: let
+}:
 let
  uploadLocation = "/mnt/photos/immich";
  thumbsLocation = "/opt/immich/thumbs";
  profileLocation = "/opt/immich/profile";
  dbDataLocation = "/opt/immich/postgres";
  modelCache = "/opt/immich-ml";
-in {
+in
 {
  virtualisation.oci-containers.containers = {
    immich-server = {
      image = "ghcr.io/immich-app/immich-server:release";
@ -25,7 +27,10 @@ in {
        DB_HOSTNAME = "immich-db";
      };
      networks = [ "immich-net" ];
-      dependsOn = ["immich-db" "immich-redis"];
+      dependsOn = [
        "immich-db"
        "immich-redis"
      ];
    };
    immich-redis = {
@ -48,12 +53,18 @@ in {
      volumes = [ "${dbDataLocation}:/var/lib/postgresql/data" ];
      cmd = [
        "postgres"
-        "-c" "shared_preload_libraries=vectors.so"
+        "-c"
-        "-c" ''search_path="$$user", public, vectors''
+        "shared_preload_libraries=vectors.so"
-        "-c" "logging_collector=on"
+        "-c"
-        "-c" "max_wal_size=2GB"
+        ''search_path="$$user", public, vectors''
-        "-c" "shared_buffers=512MB"
+        "-c"
-        "-c" "wal_compression=on"
+        "logging_collector=on"
        "-c"
        "max_wal_size=2GB"
        "-c"
        "shared_buffers=512MB"
        "-c"
        "wal_compression=on"
      ];
      networks = [ "immich-net" ];
    };
--- a/hosts/chunk/jellyfin.nix
+++ b/hosts/chunk/jellyfin.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  services.jellyfin = {
    enable = true;
    dataDir = "/mnt/jellyfin";
--- a/hosts/chunk/miniflux.nix
+++ b/hosts/chunk/miniflux.nix
@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
 {
  services.miniflux = {
    enable = true;
    adminCredentialsFile = config.sops.secrets."miniflux/env".path;
--- a/hosts/chunk/ntfy.nix
+++ b/hosts/chunk/ntfy.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  services.ntfy-sh = {
    enable = true;
    settings = {
--- a/hosts/chunk/postgres.nix
+++ b/hosts/chunk/postgres.nix
@ -2,7 +2,8 @@
  pkgs,
  lib,
  ...
-}: {
+}:
 {
  services.postgresql = {
    enable = true;
    settings.port = 5432;
--- a/hosts/chunk/rclone.nix
+++ b/hosts/chunk/rclone.nix
@ -2,7 +2,8 @@
  pkgs,
  config,
  ...
-}: {
+}:
 {
  systemd.services.immich-mount = {
    enable = true;
    description = "Mount the immich data remote";
--- a/hosts/chunk/redlib.nix
+++ b/hosts/chunk/redlib.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  services.redlib = {
    enable = true;
    port = 8087;
--- a/hosts/chunk/tor.nix
+++ b/hosts/chunk/tor.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  services.tor = {
    enable = true;
    openFirewall = true;
--- a/hosts/chunk/vaultwarden.nix
+++ b/hosts/chunk/vaultwarden.nix
@ -1,4 +1,5 @@
-{config, ...}: {
+{ config, ... }:
 {
  services.vaultwarden = {
    enable = true;
    dbBackend = "postgresql";
--- a/hosts/chunk/wireguard.nix
+++ b/hosts/chunk/wireguard.nix
@ -2,7 +2,8 @@
  pkgs,
  config,
  ...
-}: {
+}:
 {
  networking.nat = {
    enable = true;
    enableIPv6 = true;
@ -11,7 +12,10 @@
  };
  networking.wg-quick.interfaces.wg0 = {
-    address = ["10.0.0.1/24" "fdc9:281f:04d7:9ee9::1/64"];
+    address = [
      "10.0.0.1/24"
      "fdc9:281f:04d7:9ee9::1/64"
    ];
    listenPort = 51820;
    privateKeyFile = config.sops.secrets."wireguard/private".path;
    postUp = ''
@ -33,12 +37,18 @@
    peers = [
      {
        publicKey = "qUhWoTPVC7jJdDEJLYY92OeiwPkaf8I5pv5kkMcSW3g=";
-        allowedIPs = ["10.0.0.2/32" "fdc9:281f:04d7:9ee9::2/128"];
+        allowedIPs = [
          "10.0.0.2/32"
          "fdc9:281f:04d7:9ee9::2/128"
        ];
        presharedKeyFile = config.sops.secrets."wireguard/psk-yt".path;
      }
      {
        publicKey = "JIGi60wzLw717Cim1dSFoLCdJz5rePa5AIFfuisJI0k=";
-        allowedIPs = ["10.0.0.3/32" "fdc9:281f:04d7:9ee9::3/128"];
+        allowedIPs = [
          "10.0.0.3/32"
          "fdc9:281f:04d7:9ee9::3/128"
        ];
        presharedKeyFile = config.sops.secrets."wireguard/psk-phone".path;
      }
    ];
--- a/hosts/common.nix
+++ b/hosts/common.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
 {
  nix = {
    settings = {
      experimental-features = "nix-command flakes";
--- a/hosts/ytnix/default.nix
+++ b/hosts/ytnix/default.nix
@ -2,7 +2,8 @@
  config,
  pkgs,
  ...
-}: {
+}:
 {
  imports = [
    ./hardware-configuration.nix
    ../common.nix
@ -53,7 +54,10 @@
      dns = "none";
      wifi.backend = "iwd";
    };
-    nameservers = ["31.59.129.225" "2a0f:85c1:840:2bfb::1"];
+    nameservers = [
      "31.59.129.225"
      "2a0f:85c1:840:2bfb::1"
    ];
    resolvconf.enable = true;
    firewall = {
      allowedUDPPorts = [ 51820 ]; # for wireguard
@ -76,7 +80,10 @@
        "bluez5.enable-sbc-xq" = true;
        "bluez5.enable-msbc" = true;
        "bluez5.enable-hw-volume" = true;
-        "bluez5.roles" = ["a2dp_sink" "a2dp_source"];
+        "bluez5.roles" = [
          "a2dp_sink"
          "a2dp_source"
        ];
      };
    };
    # https://wiki.archlinux.org/title/Bluetooth_headset#Connecting_works,_sound_plays_fine_until_headphones_become_idle,_then_stutters
@ -100,7 +107,11 @@
  users.users.yt = {
    isNormalUser = true;
-    extraGroups = ["wheel" "libvirtd" "docker"];
+    extraGroups = [
      "wheel"
      "libvirtd"
      "docker"
    ];
    shell = pkgs.zsh;
  };
  programs.zsh.enable = true;
@ -168,7 +179,14 @@
  programs.sway.enable = true;
  services.borgbackup.jobs.ytnixRsync = {
-    paths = ["/root" "/home" "/var/lib" "/var/log" "/opt" "/etc"];
+    paths = [
      "/root"
      "/home"
      "/var/lib"
      "/var/log"
      "/opt"
      "/etc"
    ];
    exclude = [
      "**/.cache"
      "**/node_modules"
@ -198,7 +216,9 @@
    # warnings are often not that serious
    failOnWarnings = false;
    postHook = ''
-      ${pkgs.curl}/bin/curl -u $(cat ${config.sops.secrets."services/ntfy".path}) -d "ytnixRsync: backup completed with exit code: $exitStatus
+      ${pkgs.curl}/bin/curl -u $(cat ${
        config.sops.secrets."services/ntfy".path
      }) -d "ytnixRsync: backup completed with exit code: $exitStatus
      $(journalctl -u borgbackup-job-ytnixRsync.service|tail -n 5)" \
      https://ntfy.cything.io/chunk
    '';
@ -286,12 +306,18 @@
  # wireguard setup
  networking.wg-quick.interfaces.wg0 = {
-    address = ["10.0.0.2/24" "fdc9:281f:04d7:9ee9::2/64"];
+    address = [
      "10.0.0.2/24"
      "fdc9:281f:04d7:9ee9::2/64"
    ];
    privateKeyFile = config.sops.secrets."wireguard/private".path;
    peers = [
      {
        publicKey = "a16/F/wP7HQIUtFywebqPSXQAktPsLgsMLH9ZfevMy0=";
-        allowedIPs = ["0.0.0.0/0" "::/0"];
+        allowedIPs = [
          "0.0.0.0/0"
          "::/0"
        ];
        endpoint = "31.59.129.225:51820";
        persistentKeepalive = 25;
        presharedKeyFile = config.sops.secrets."wireguard/psk".path;
--- a/hosts/ytnix/hardware-configuration.nix
+++ b/hosts/ytnix/hardware-configuration.nix
@ -7,8 +7,15 @@
  pkgs,
  modulesPath,
  ...
-}: {
+}:
-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod"];
+{
  boot.initrd.availableKernelModules = [
    "xhci_pci"
    "ahci"
    "nvme"
    "usb_storage"
    "sd_mod"
  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
@ -16,21 +23,32 @@
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/17870658-6118-46af-837f-70c9175e09c3";
    fsType = "btrfs";
-    options = ["subvol=root" "compress=zstd"];
+    options = [
      "subvol=root"
      "compress=zstd"
    ];
  };
-  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c6098a16-c8a6-4a97-8648-6f46ca919d13";
+  boot.initrd.luks.devices."cryptroot".device =
    "/dev/disk/by-uuid/c6098a16-c8a6-4a97-8648-6f46ca919d13";
  fileSystems."/home" = {
    device = "/dev/disk/by-uuid/17870658-6118-46af-837f-70c9175e09c3";
    fsType = "btrfs";
-    options = ["subvol=home" "compress=zstd"];
+    options = [
      "subvol=home"
      "compress=zstd"
    ];
  };
  fileSystems."/nix" = {
    device = "/dev/disk/by-uuid/17870658-6118-46af-837f-70c9175e09c3";
    fsType = "btrfs";
-    options = ["subvol=nix" "compress=zstd" "noatime"];
+    options = [
      "subvol=nix"
      "compress=zstd"
      "noatime"
    ];
  };
  fileSystems."/swap" = {
@ -42,7 +60,10 @@
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/29B7-F46D";
    fsType = "vfat";
-    options = ["fmask=0022" "dmask=0022"];
+    options = [
      "fmask=0022"
      "dmask=0022"
    ];
  };
  swapDevices = [