diff --git a/flake.nix b/flake.nix index 55a556a..50da3fe 100644 --- a/flake.nix +++ b/flake.nix @@ -49,16 +49,16 @@ ]; stop-box-modules = [ - sops-nix.nixosModules.sops - dump-dvb.nixosModules.default - ./hosts/traffic-stop-box - ./modules/base.nix - ./modules/dump-dvb - { - nixpkgs.overlays = [ - dump-dvb.overlays.default - ]; - } + sops-nix.nixosModules.sops + dump-dvb.nixosModules.default + ./hosts/traffic-stop-box + ./modules/base.nix + ./modules/dump-dvb + { + nixpkgs.overlays = [ + dump-dvb.overlays.default + ]; + } ]; # function that generates a system with the given number @@ -160,7 +160,7 @@ dump-dvb.nixosModules.disk-module { users.users.root.openssh.authorizedKeys.keys = [ -"sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaili3ylty7fwvohtwx8511v+gbtlzzmuv505fi1pj53v6aaaabhnzado=" + "sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaili3ylty7fwvohtwx8511v+gbtlzzmuv505fi1pj53v6aaaabhnzado=" "sk-ssh-ed25519@openssh.com aaaagnnrlxnzac1lzdi1nte5qg9wzw5zc2guy29taaaaipzbd00cbfpxzuc8eb6sljaafnf1hgs6vci1rzcncyocaaaabhnzado=" ]; } @@ -184,22 +184,22 @@ data-hoarder-microvm = self.nixosConfigurations.data-hoarder.config.microvm.declaredRunner; docs = pkgs.callPackage ./pkgs/documentation.nix { options-docs = (pkgs.nixosOptionsDoc { - options = self.nixosConfigurations.data-hoarder.options.dump-dvb; + options = self.nixosConfigurations.data-hoarder.options.dump-dvb; }).optionsCommonMark; }; } // (import ./pkgs/deployment.nix { inherit self pkgs; systems = stop_boxes; }); mobile-box-modules = [ - dump-dvb.nixosModules.disk-module - dump-dvb.nixosModules.default - ./hosts/mobile-box/configuration.nix - ./hosts/mobile-box/hardware-configuration.nix - ./hardware/dell-wyse-3040.nix - ./modules/base.nix - ./modules/user-stop-box/user.nix - ./modules/dump-dvb - sops-nix.nixosModules.sops - ]; + dump-dvb.nixosModules.disk-module + dump-dvb.nixosModules.default + ./hosts/mobile-box/configuration.nix + ./hosts/mobile-box/hardware-configuration.nix + ./hardware/dell-wyse-3040.nix + ./modules/base.nix + ./modules/user-stop-box/user.nix + ./modules/dump-dvb + sops-nix.nixosModules.sops + ]; in { packages."x86_64-linux" = packages; diff --git a/hardware/rpi-3b-4b.nix b/hardware/rpi-3b-4b.nix index d428f1d..12b33cf 100644 --- a/hardware/rpi-3b-4b.nix +++ b/hardware/rpi-3b-4b.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, config, modulesPath, ... }: +{ lib, pkgs, config, modulesPath, ... }: { imports = [ (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") diff --git a/modules/base.nix b/modules/base.nix index b2efd39..b58948f 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -7,16 +7,16 @@ let `- \`_`"'- ''; prodMotd = '' - .-o=o-. <===== THIS IS FUCKING PROD YOU PLAYIN' WITH - , /=o=o=o=\ .--. - _|\|=o=O=o=O=| \ - __.' a`\=o=o=o=(`\ / - '. a 4/`|.-""'`\ \ ;'`) .---. - \ .' / .--' |_.' / .-._) - `) _.' / /`-.__.' / - jgs `'-.____; /'-.___.-' - `"""` - ''; + .-o=o-. <===== THIS IS FUCKING PROD YOU PLAYIN' WITH + , /=o=o=o=\ .--. + _|\|=o=O=o=O=| \ + __.' a`\=o=o=o=(`\ / + '. a 4/`|.-""'`\ \ ;'`) .---. + \ .' / .--' |_.' / .-._) + `) _.' / /`-.__.' / + jgs `'-.____; /'-.___.-' + `"""` + ''; in { nix = { diff --git a/modules/data-hoarder/documentation.nix b/modules/data-hoarder/documentation.nix index 7d8d79c..58c165d 100644 --- a/modules/data-hoarder/documentation.nix +++ b/modules/data-hoarder/documentation.nix @@ -1,7 +1,8 @@ -{ pkgs, config, ... }: +{ pkgs, config, ... }: let documentation-package = pkgs.callPackage ../../pkgs/documentation.nix { }; -in { +in +{ services = { nginx = { enable = true; diff --git a/modules/data-hoarder/nginx.nix b/modules/data-hoarder/nginx.nix index c68bcee..2348ddb 100644 --- a/modules/data-hoarder/nginx.nix +++ b/modules/data-hoarder/nginx.nix @@ -1,33 +1,33 @@ { ... }: let headers = '' - # Permissions Policy - gps only - add_header Permissions-Policy "geolocation=()"; + # Permissions Policy - gps only + add_header Permissions-Policy "geolocation=()"; - # Minimize information leaked to other domains - add_header 'Referrer-Policy' 'origin-when-cross-origin'; + # Minimize information leaked to other domains + add_header 'Referrer-Policy' 'origin-when-cross-origin'; - # Disable embedding as a frame - add_header X-Frame-Options DENY; + # Disable embedding as a frame + add_header X-Frame-Options DENY; - # Prevent injection of code in other mime types (XSS Attacks) - add_header X-Content-Type-Options nosniff; + # Prevent injection of code in other mime types (XSS Attacks) + add_header X-Content-Type-Options nosniff; - # Enable XSS protection of the browser. - # May be unnecessary when CSP is configured properly (see above) - add_header X-XSS-Protection "1; mode=block"; + # Enable XSS protection of the browser. + # May be unnecessary when CSP is configured properly (see above) + add_header X-XSS-Protection "1; mode=block"; - # STS - add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + # STS + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; ''; in - { - security.acme.acceptTerms = true; - security.acme.defaults.email = "dump-dvb@protonmail.com"; - services.nginx = { - recommendedTlsSettings = true; - recommendedOptimisation = true; - recommendedGzipSettings = true; - commonHttpConfig = headers; - }; +{ + security.acme.acceptTerms = true; + security.acme.defaults.email = "dump-dvb@protonmail.com"; + services.nginx = { + recommendedTlsSettings = true; + recommendedOptimisation = true; + recommendedGzipSettings = true; + commonHttpConfig = headers; + }; } diff --git a/pkgs/documentation.nix b/pkgs/documentation.nix index 02bea30..60341df 100644 --- a/pkgs/documentation.nix +++ b/pkgs/documentation.nix @@ -1,33 +1,33 @@ -{pkgs, lib, stdenv, mdbook-mermaid, mdbook, options-docs, fetchFromGitHub}: +{ pkgs, lib, stdenv, mdbook-mermaid, mdbook, options-docs, fetchFromGitHub }: stdenv.mkDerivation { - pname = "dvb-dump-docs"; - version = "0.1.0"; + pname = "dvb-dump-docs"; + version = "0.1.0"; - src = pkgs.fetchFromGitHub { - owner = "dump-dvb"; - repo = "documentation"; - rev = "8393cd4a965aa6b75f3e0fff6f82ba1365515290"; #TODO: use tag - sha256 = "sha256-HppCT0UfshDxm3UNXACilpHTdvtjFs2vqpH8vbLmHTg="; - }; + src = pkgs.fetchFromGitHub { + owner = "dump-dvb"; + repo = "documentation"; + rev = "8393cd4a965aa6b75f3e0fff6f82ba1365515290"; #TODO: use tag + sha256 = "sha256-HppCT0UfshDxm3UNXACilpHTdvtjFs2vqpH8vbLmHTg="; + }; - nativeBuildInputs = [ mdbook mdbook-mermaid ]; + nativeBuildInputs = [ mdbook mdbook-mermaid ]; - patchPhase = '' - cp ${options-docs} src/chapter_5_3_nixos_options.md - ''; + patchPhase = '' + cp ${options-docs} src/chapter_5_3_nixos_options.md + ''; - buildPhase = '' - ${mdbook-mermaid}/bin/mdbook-mermaid install - ${mdbook}/bin/mdbook build - ''; + buildPhase = '' + ${mdbook-mermaid}/bin/mdbook-mermaid install + ${mdbook}/bin/mdbook build + ''; - installPhase = '' - mkdir -p $out/bin/ - cp -r book/* $out/bin/ - ''; + installPhase = '' + mkdir -p $out/bin/ + cp -r book/* $out/bin/ + ''; - meta = with lib; { - description = "Documentation for DVB-Dump project"; - homepage = "https://github.com/dump-dvb/documentation"; - }; + meta = with lib; { + description = "Documentation for DVB-Dump project"; + homepage = "https://github.com/dump-dvb/documentation"; + }; }