diff options
Diffstat (limited to 'config')
-rw-r--r-- | config/acme-sh.nix | 8 | ||||
-rw-r--r-- | config/borg-backup.nix | 7 | ||||
-rw-r--r-- | config/container.nix | 7 | ||||
-rw-r--r-- | config/dns.nix | 17 | ||||
-rw-r--r-- | config/hydra.nix | 28 | ||||
-rw-r--r-- | config/keycloak.nix | 3 | ||||
-rw-r--r-- | config/laptop.nix | 20 |
7 files changed, 23 insertions, 67 deletions
diff --git a/config/acme-sh.nix b/config/acme-sh.nix index 41cca88..95a6c4f 100644 --- a/config/acme-sh.nix +++ b/config/acme-sh.nix @@ -1,7 +1,3 @@ { config, lib, pkgs, ... }: -let - acme-sh = pkgs.callPackage ../pkgs/acme-sh/default.nix {}; -in -{ - environment.systemPackages = [ acme-sh ]; -} +let acme-sh = pkgs.callPackage ../pkgs/acme-sh/default.nix { }; +in { environment.systemPackages = [ acme-sh ]; } diff --git a/config/borg-backup.nix b/config/borg-backup.nix index fe31144..188fd06 100644 --- a/config/borg-backup.nix +++ b/config/borg-backup.nix @@ -9,8 +9,7 @@ let repo = "storage"; repo_path = lib.removePrefix "/" path; }; -in -{ +in { systemd.services.borg-backup = { description = "Run backups."; path = with pkgs; [ borgbackup rsync openssh ]; @@ -57,9 +56,7 @@ in description = "Find latest backup probe timestamp."; path = with pkgs; [ borgbackup rsync openssh sshfs moreutils ]; startAt = "06:30"; - serviceConfig = { - PrivateTmp = true; - }; + serviceConfig = { PrivateTmp = true; }; environment = { BORG_KEY_FILE = "/opt/secret/borg-backup-keys/staging_backup"; BORG_RELOCATED_REPO_ACCESS_IS_OK = "yes"; diff --git a/config/container.nix b/config/container.nix index 60cb2d9..0c81251 100644 --- a/config/container.nix +++ b/config/container.nix @@ -1,5 +1,4 @@ -{ config, lib, pkgs, ... }: -{ +{ config, lib, pkgs, ... }: { boot.isContainer = true; networking.firewall.allowedTCPPorts = [ 22 ]; services = { @@ -12,8 +11,6 @@ ln -fs $systemConfig/init /sbin/init ''; boot.specialFileSystems = { - "/dev/pts" = { - options = lib.mkAfter [ "ptmxmode=666" ]; - }; + "/dev/pts" = { options = lib.mkAfter [ "ptmxmode=666" ]; }; }; } diff --git a/config/dns.nix b/config/dns.nix index d0e67c0..c1172ef 100644 --- a/config/dns.nix +++ b/config/dns.nix @@ -4,8 +4,7 @@ let masterZones = [ "tommvo.com" "orbekk.com" "orbekk.no" ]; zone-files = pkgs.callPackage ../pkgs/zone-files/default.nix { }; -in -{ +in { networking.firewall = { allowedTCPPorts = [ 53 ]; allowedUDPPorts = [ 53 ]; @@ -13,17 +12,9 @@ in services.bind = { enable = true; - forwarders = [ - "1.1.1.1" - "1.0.0.1" - "2606:4700:4700::1111" - "2606:4700:4700::1001" - ]; - cacheNetworks = [ - "::1/128" - "127.0.0.0/24" - "10.0.0.0/8" - ]; + forwarders = + [ "1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001" ]; + cacheNetworks = [ "::1/128" "127.0.0.0/24" "10.0.0.0/8" ]; extraOptions = '' serial-update-method unixtime; listen-on-v6 { 2001:470:8e2e:20::d; }; diff --git a/config/hydra.nix b/config/hydra.nix index cb9c8e6..5ebc605 100644 --- a/config/hydra.nix +++ b/config/hydra.nix @@ -1,8 +1,6 @@ { config, lib, pkgs, ... }: -let - hydraPort = (import ../data/aliases.nix).services.hydra.port; -in -{ +let hydraPort = (import ../data/aliases.nix).services.hydra.port; +in { networking.firewall.allowedTCPPorts = [ hydraPort ]; virtualisation.virtualbox.host.enable = true; @@ -11,7 +9,7 @@ in enable = true; hydraURL = "https://hydra.orbekk.com"; notificationSender = "kj+hydra@orbekk.com"; - buildMachinesFiles = []; + buildMachinesFiles = [ ]; useSubstitutes = true; port = hydraPort; extraConfig = '' @@ -40,24 +38,20 @@ in touch /opt/secret/hydra_key/initialized fi ''; - }; + }; nix = { distributedBuilds = true; nrBuildUsers = 30; # Enable this if I run low on disk. gc.automatic = lib.mkForce false; - buildMachines = [ - { - hostName = "localhost"; - systems = [ "x86_64-linux" "i686-linux" ]; - maxJobs = "16"; - supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; - } - ]; + buildMachines = [{ + hostName = "localhost"; + systems = [ "x86_64-linux" "i686-linux" ]; + maxJobs = "16"; + supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ]; + }]; extraOptions = "auto-optimise-store = true"; }; - nixpkgs.config = { - allowUnfree = true; - }; + nixpkgs.config = { allowUnfree = true; }; } diff --git a/config/keycloak.nix b/config/keycloak.nix index fb02dc2..7209d8e 100644 --- a/config/keycloak.nix +++ b/config/keycloak.nix @@ -7,7 +7,8 @@ enable = true; settings.hostname = "auth.orbekk.com"; settings.log-level = "INFO"; - settings.http-port = (import ../data/aliases.nix).services.keycloak.http-port; + settings.http-port = + (import ../data/aliases.nix).services.keycloak.http-port; settings.hostname-strict-https = false; settings.proxy = "edge"; database.type = "postgresql"; diff --git a/config/laptop.nix b/config/laptop.nix deleted file mode 100644 index 230d513..0000000 --- a/config/laptop.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - boot = { - loader = { - systemd-boot.enable = true; - # systemd-boot.memtest86.enable = true; - timeout = 0; - efi.canTouchEfiVariables = true; - }; - }; - - networking = { - networkmanager.enable = lib.mkDefault true; - firewall.enable = lib.mkDefault true; - }; - -}; - - -} |