add .remoteenv

Reviewed-on: #56
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>

.editorconfig

@@ -0,0 +1,10 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.nix]
+indent_style = space
+indent_size = 2

.git-blame-ignore-revs

@@ -0,0 +1 @@
+e00008da1afe0d760badd34bbeddff36bb08c475

.gitignore

@@ -1,3 +1,4 @@
 result*
 /configuration.nix
 /.direnv/
+/.remote.toml

.remoteenv

@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+# used by the `remote-exec` package
+eval "$(nix print-dev-env .#default)"
+# echo Entered "$(hostname --fqdn)" # just why systemd-networkd...
+echo Entered "$(hostname)"

.remoteignore.toml

@@ -0,0 +1,15 @@
+# used by the `remote-exec` package
+[push]
+exclude = []
+include = []
+
+[pull]
+exclude = ["*"]
+
+[both]
+exclude = [
+    ".remote.toml",
+    ".direnv",
+    "result*",
+]
+include = []

flake.nix

@@ -37,8 +37,8 @@
       "aarch64-linux"
       "aarch64-darwin"
     ];
-    forAllSystems = f: nixlib.genAttrs systems (system: f system);
-    allMachines = nixlib.mapAttrsToList (name: _: name) self.nixosConfigurations;
+    forAllSystems = f: nixlib.genAttrs systems f;
+    allMachines = builtins.attrNames self.nixosConfigurations;
     importantMachines = [
       "bekkalokk"
       "bicep"
@@ -47,6 +47,8 @@
       "ildkule"
     ];
   in {
+    inherit inputs;
+
     nixosConfigurations = let
       unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
       nixosConfig = nixpkgs: name: config: nixpkgs.lib.nixosSystem (nixpkgs.lib.recursiveUpdate
@@ -124,6 +126,11 @@
       buskerud = stableNixosConfig "buskerud" { };
     };
 
+    nixosModules = {
+      snakeoil-certs = ./modules/snakeoil-certs.nix;
+      snappymail = ./modules/snappymail.nix;
+    };
+
     devShells = forAllSystems (system: {
       default = nixpkgs.legacyPackages.${system}.callPackage ./shell.nix { };
     });

hosts/bekkalokk/services/kerberos/pam.nix

@@ -879,7 +879,7 @@ let
 
   inherit (pkgs) pam_krb5 pam_ccreds;
 
-  use_ldap = (config.users.ldap.enable && config.users.ldap.loginPam);
+  use_ldap = config.users.ldap.enable && config.users.ldap.loginPam;
   pam_ldap = if config.users.ldap.daemon.enable then pkgs.nss_pam_ldapd else pkgs.pam_ldap;
 
   # Create a limits.conf(5) file.
@@ -1510,7 +1510,7 @@ in
             it complains "Cannot create session: Already running in a
             session". */
         runuser-l = { rootOK = true; unixAuth = false; };
-      } // optionalAttrs (config.security.pam.enableFscrypt) {
+      } // optionalAttrs config.security.pam.enableFscrypt {
         # Allow fscrypt to verify login passphrase
         fscrypt = {};
       };

hosts/bicep/services/matrix/mjolnir.nix

@@ -11,7 +11,7 @@
   services.mjolnir = {
     enable = true;
     pantalaimon.enable = false;
-    homeserverUrl = http://127.0.0.1:8008;
+    homeserverUrl = "http://127.0.0.1:8008";
     accessTokenFile = config.sops.secrets."matrix/mjolnir/access_token".path;
     managementRoom = "!gsdeCoWjvYRBrzuiRq:pvv.ntnu.no";
     protectedRooms = map (a: "https://matrix.to/#/${a}") [

hosts/bicep/services/matrix/synapse.nix

@@ -143,10 +143,10 @@ in {
   services.redis.servers."".enable = true;
 
   services.nginx.virtualHosts."matrix.pvv.ntnu.no" = lib.mkMerge [
-  ({
+  {
     kTLS = true;
-  })
-  ({
+  }
+  {
     locations."/.well-known/matrix/server" = {
       return = ''
         200 '{"m.server": "matrix.pvv.ntnu.no:443"}'
@@ -156,16 +156,16 @@ in {
         add_header Access-Control-Allow-Origin *;
       '';
     };
-  })
-  ({
+  }
+  {
     locations = let
       connectionInfo = w: matrix-lib.workerConnectionResource "metrics" w;
-      socketAddress = w: let c = connectionInfo w; in "${c.host}:${toString (c.port)}";
+      socketAddress = w: let c = connectionInfo w; in "${c.host}:${toString c.port}";
 
       metricsPath = w: "/metrics/${w.type}/${toString w.index}";
       proxyPath = w: "http://${socketAddress w}/_synapse/metrics";
     in lib.mapAttrs' (n: v: lib.nameValuePair
-      (metricsPath v) ({
+      (metricsPath v) {
         proxyPass = proxyPath v;
         extraConfig = ''
           allow ${values.hosts.ildkule.ipv4};
@@ -174,10 +174,10 @@ in {
           allow ${values.hosts.ildkule.ipv6_global};
           deny all;
         '';
-      }))
-      cfg.workers.instances;
       })
-  ({
+      cfg.workers.instances;
+  }
+  {
     locations."/metrics/master/1" = {
       proxyPass = "http://127.0.0.1:9000/_synapse/metrics";
       extraConfig = ''
@@ -202,5 +202,5 @@ in {
             labels = { };
           }]) + "/";
     };
-  })];
+  }];
 }

hosts/ildkule/services/monitoring/grafana.nix

@@ -34,13 +34,13 @@ in {
         {
           name = "Ildkule Prometheus";
           type = "prometheus";
-          url = ("http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}");
+          url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}";
           isDefault = true;
         }
         {
           name = "Ildkule loki";
           type = "loki";
-          url = ("http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}");
+          url = "http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}";
         }
       ];
       dashboards.settings.providers = [

justfile

@@ -0,0 +1,21 @@
+export GUM_FILTER_HEIGHT := "15"
+nom := `if command -v nom >/dev/null; then echo nom; else echo nix; fi`
+
+@_default:
+  just "$(gum choose --ordered --header "Pick a recipie..." $(just --summary --unsorted))"
+
+check:
+  nix flake check --keep-going
+
+build-machine machine=`just _a_machine`:
+  {{nom}} build .#nixosConfigurations.{{ machine }}.config.system.build.toplevel
+
+@update-inputs:
+  nix eval .#inputs --apply builtins.attrNames --json \
+    | jq '.[]' -r \
+    | gum choose --no-limit --height=15 \
+    | xargs nix flake update --commit-lock-file
+
+
+_a_machine:
+  nix eval .#nixosConfigurations --apply builtins.attrNames --json | jq .[] -r | gum filter

shell.nix

@@ -1,9 +1,14 @@
 { pkgs ? import <nixpkgs> {} }:
 pkgs.mkShellNoCC {
   packages = with pkgs; [
+    just
+    jq
+    gum
     sops
     gnupg
+    statix
     openstackclient
+    editorconfig-checker
   ];
 
   shellHook = ''

statix.toml

@@ -0,0 +1,24 @@
+ignore = [".direnv"]
+nix_version = '2.18' # '2.4'
+disabled = [
+    # "bool_comparison", # W01
+    # "empty_let_in", # W02
+    "manual_inherit", # W03
+    "manual_inherit_from", # W04
+    # "legacy_let_syntax", # W05
+    "collapsible_let_in", # W06
+    # "eta_reduction", # W07
+    # "useless_parens", # W08
+    "empty_pattern", # W10
+    # "redundant_pattern_bind", # W11
+    # "unquoted_uri", # W12
+    # "deprecated_is_null", # W13
+    # "empty_inherit", # W14
+    # "faster_groupby", # W15
+    # "faster_zipattrswith", # W16
+    # "deprecated_to_path", # W17
+    # "bool_simplification", # W18
+    # "useless_has_attr", # W19
+    "repeated_keys", # W20
+    "empty_list_concat", # W23
+]