Granola-Team · jhult · Feb 6, 2025
diff --git a/gandi-nixos-kvm/configuration.nix b/gandi-nixos-kvm/configuration.nix
@@ -1,13 +1,16 @@
-{ config, pkgs, ... }:
 {
-  imports =
-    [ <nixpkgs/nixos/modules/virtualisation/openstack-config.nix>
-    ];
+  config,
+  pkgs,
+  ...
+}: {
+  imports = [
+    <nixpkgs/nixos/modules/virtualisation/openstack-config.nix>
+  ];
 
   users.users.buildkite = {
     isNormalUser = true;
     useDefaultShell = true;
-    extraGroups = [ "wheel" ];
+    extraGroups = ["wheel"];
     autoSubUidGidRange = true;
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBgTr9+Krb77UzfMIIo0iKEfClzlKl82WZupmY6lTVp"
@@ -30,7 +33,7 @@
   users.users.robinbb = {
     isNormalUser = true;
     useDefaultShell = true;
-    extraGroups = [ "wheel" ];
+    extraGroups = ["wheel"];
     autoSubUidGidRange = true;
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBgTr9+Krb77UzfMIIo0iKEfClzlKl82WZupmY6lTVp"
@@ -47,16 +50,16 @@
 
   # Need to figure out how to run this automatically:
   # usermod --add-subuids 100000-165535 --add-subgids 100000-165535 buildkite-agent-gandi-nixos
-#  environment.etc = {
-#    subuid = {
-#      text = "buildkite-agent-gandi-nixos:100000:65536";
-#      mode = "0644";
-#    };
-#    subgid = {
-#      text = "buildkite-agent-gandi-nixos:100000:65536";
-#      mode = "0644";
-#    };
-#  };
+  #  environment.etc = {
+  #    subuid = {
+  #      text = "buildkite-agent-gandi-nixos:100000:65536";
+  #      mode = "0644";
+  #    };
+  #    subgid = {
+  #      text = "buildkite-agent-gandi-nixos:100000:65536";
+  #      mode = "0644";
+  #    };
+  #  };
 
   boot.isContainer = true;
 

diff --git a/linode/granola-prod/config.nix b/linode/granola-prod/config.nix
@@ -1,5 +1,9 @@
-{ config, lib, pkgs, ... }:
-let
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   buildkitePreBootstrap = pkgs.writeScript "buildkite-pre-bootstrap" ''
     #! /bin/sh
     set -e
@@ -43,9 +47,7 @@ let
 
     ln -s ${secretsImportScript} $out/environment
   '';
-
-in
-{
+in {
   imports = [
     ./hardware.nix
   ];
@@ -96,7 +98,12 @@ in
 
   security.sudo.wheelNeedsPassword = false;
   security.pam.loginLimits = [
-    { domain = "*"; item = "nofile"; type = "-"; value = "1234567"; }
+    {
+      domain = "*";
+      item = "nofile";
+      type = "-";
+      value = "1234567";
+    }
   ];
 
   programs.zsh.enable = true;
@@ -115,14 +122,14 @@ in
   users.users.bk = {
     isNormalUser = true;
     createHome = true;
-    extraGroups = [ "keys" ];
+    extraGroups = ["keys"];
     shell = pkgs.bash;
-    packages = [ pkgs.buildkite-agent pkgs.bash pkgs.nix pkgs.git-lfs ];
+    packages = [pkgs.buildkite-agent pkgs.bash pkgs.nix pkgs.git-lfs];
   };
 
   systemd.services.buildkite-agent = {
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" ];
+    wantedBy = ["multi-user.target"];
+    after = ["network.target"];
     environment = {
       HOME = "/home/bk";
     };
@@ -163,7 +170,7 @@ in
     isNormalUser = true;
     useDefaultShell = true;
     createHome = true;
-    extraGroups = [ "wheel" ];  # Enable ‘sudo’.
+    extraGroups = ["wheel"]; # Enable ‘sudo’.
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPwpp6p5298n5Ffk7i33uAPVLFdYLbDJFAYPz/9xHjHN"
     ];
@@ -172,7 +179,7 @@ in
     isNormalUser = true;
     useDefaultShell = true;
     createHome = true;
-    extraGroups = [ "wheel" "keys" ];  # Enable ‘sudo’.
+    extraGroups = ["wheel" "keys"]; # Enable ‘sudo’.
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKgqUmPrZwBkOtlDgkft1yVL0YoDKdTr6lWvsoNUP6yA"
     ];
@@ -182,14 +189,14 @@ in
     isNormalUser = true;
     useDefaultShell = true;
     createHome = true;
-    extraGroups = [ "wheel" "docker" "keys" ];
+    extraGroups = ["wheel" "docker" "keys"];
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILlvbrQLfRCNxi9eprfKiJeT/y2cJ1ix4jwR4RhDqFHK"
     ];
   };
 
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-  nix.settings.trusted-users = [ "root" "@wheel" ];
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.trusted-users = ["root" "@wheel"];
 
   system.stateVersion = "23.11"; # Did NOT change this!
 }
diff --git a/linode/granola-prod/hardware.nix b/linode/granola-prod/hardware.nix
@@ -1,29 +1,33 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
 {
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
 
-  boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
+  boot.initrd.availableKernelModules = ["virtio_pci" "virtio_scsi" "ahci" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
 
-  fileSystems."/" =
-    { device = "/dev/sda";
-      fsType = "ext4";
-    };
-  fileSystems."/mnt/mina-indexer-prod" =
-    { device = "/dev/disk/by-id/scsi-0Linode_Volume_mina-indexer-prod";
-      fsType = "ext4";
-      noCheck = true;
-      options = [ "defaults" "noatime" "nofail" ];
-    };
-  swapDevices = [ ];
+  fileSystems."/" = {
+    device = "/dev/sda";
+    fsType = "ext4";
+  };
+  fileSystems."/mnt/mina-indexer-prod" = {
+    device = "/dev/disk/by-id/scsi-0Linode_Volume_mina-indexer-prod";
+    fsType = "ext4";
+    noCheck = true;
+    options = ["defaults" "noatime" "nofail"];
+  };
+  swapDevices = [];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

diff --git a/linode/isaac/config.nix b/linode/isaac/config.nix
@@ -1,5 +1,9 @@
-{ config, lib, pkgs, ... }:
 {
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
   imports = [
     ./hardware.nix
   ];
@@ -43,16 +47,16 @@
     isNormalUser = true;
     useDefaultShell = true;
     createHome = true;
-    extraGroups = [ "wheel" "docker" "keys" ];  # Enable ‘sudo’.
+    extraGroups = ["wheel" "docker" "keys"]; # Enable ‘sudo’.
     openssh.authorizedKeys.keys = [
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYRazgzvBpVsVr6IIAF4ERsVW3/z8NeE750FeomSjKiMGfqP8LY76tpojjnQDNV6kmC9xFp3wy59FkYPFFCIr+lagotlpkF4aA/RLgKGDMOSaGgibbJrhawzWqxIACqzO24qNIRlDAhgZ8SitCb3d+0Xfuf61h7Q1vqw1KIa5zcxihd6Sk7IrljF3l1fnMXGw7jIZ/2toaJ8wJS0tvgajkMN/MtHXNWzhFO+z+2IFzhJmlDfYYQYwVkToscmK4TVj6ji/H79xaYRoK9DZYxzbwKY8ac7cms2cRm+Nt+UBzHKFSzocjaBVuDfyx55VJi0TB4V8b756F5hek9giTcezx"
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCjLEdzDUNZxefkwTDm7Q6V+nqLX5/yya7MPxG4Fh12hF9jRq8ywjODNV9PXDkOlyxf0gQK67iS81aX5DzLDtP2T1Q8Irw+XrmutwGEA+cCMFwGfebtesd3CxZd3I47UmWgiD0Ba53JGA2kS0NGBCWj6EUyuMD9a6ZJim8AP4NX8TeB37vtCwpf0WTc6wVUNFx/Ee1xqg/k4bXR2n2rB/FtlkxSwW/EtQvmFqIOa5fMqDDK8LODakjt/WCb3XrMgYcKFXv+nbA+pX1aiNciCtB+lOTYY3lDAL+TvRJpG1sOVKJmzKZCx+CqxDpTcs6P380hsvk+TH/4DllhpMDEOigr"
       "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC7X5Z5lnnuEgWtYAeOHLw6RSPC/UqLXCiHKoBSk7gbcov6bfjWe4twinCbPikcNDZ3vAY9U3F/35TbJxG6AVYyBKmoDpFG63TM0eZtqo4BucERQlVCF0vxHT64sRjewX7N7xi6vrl8IHufLErrY4ruOAiPI2cQsgyQvdn0g2y2xekXkxeTRDRX3j1DN9X4EoW66knWB/sZXdShs472j9Xs7UGdW3M+q9Z9YfgRGsY2EUCp1Vt0v10h5/nn8hCzCWlhZ23HZnCcJcDvejePVQQYp2r5JMWnlarlZbhO8vddoGi8BnfcEDgxcaIWc0oQfqxCq4Eo5JdXVvMMPVd8wemvtjQwel88NN7STscZAQ31/eU3gSPwCJMKqP0SVJyJ2VCA1QUXH744xBf3Huf7UkFtw6KFmTbbIJiJFSVIlUNyBTiq3gc6Nh6o/lQt1T10LtsrW4gnyOyZc0irQ3KRyXWJXH/SMrvn+kOd/HyUgxEYyrzUw2tv9Zdp0lbB4s+iksix/ePERoWbdp6OokdXJFwfst64up86pgIFvBb3o/6x/NZn0mBd5wntDnjwigFSVzNUzJhwPVw18NLb40ZWCF3MDNJ8bKsUx8awYJqchsMauHC6wU6S3PsovPgTKx9JqTkwhsSEZaxUM07BRfkElrBj9mfOgGGtSbC3mRPJJ3/3VQ=="
     ];
   };
 
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-  nix.settings.trusted-users = [ "root" "@wheel" ];
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.trusted-users = ["root" "@wheel"];
 
   system.stateVersion = "23.11"; # Did NOT change this!
 }
diff --git a/linode/isaac/hardware.nix b/linode/isaac/hardware.nix
@@ -1,24 +1,28 @@
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
-{ config, lib, pkgs, modulesPath, ... }:
-
 {
-  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
-    ];
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
 
-  boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_scsi" "ahci" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
+  boot.initrd.availableKernelModules = ["virtio_pci" "virtio_scsi" "ahci" "sd_mod"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
 
-  fileSystems."/" =
-    { device = "/dev/sda";
-      fsType = "ext4";
-    };
+  fileSystems."/" = {
+    device = "/dev/sda";
+    fsType = "ext4";
+  };
 
-  swapDevices = [ ];
+  swapDevices = [];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's

diff --git a/linode/nixos-builder/config.nix b/linode/nixos-builder/config.nix
@@ -1,5 +1,9 @@
-{ config, lib, pkgs, ... }:
-let
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
   buildkitePreBootstrap = pkgs.writeScript "buildkite-pre-bootstrap" ''
     #! /bin/sh
     set -e
@@ -36,9 +40,7 @@ let
 
     ln -s ${secretsImportScript} $out/environment
   '';
-
-in
-{
+in {
   imports = [
     ./hardware.nix
   ];
@@ -89,14 +91,14 @@ in
   users.users.bk = {
     isNormalUser = true;
     createHome = true;
-    extraGroups = [ "docker" "keys" ];
+    extraGroups = ["docker" "keys"];
     shell = pkgs.bash;
-    packages = [ pkgs.buildkite-agent pkgs.bash pkgs.nix pkgs.git-lfs ];
+    packages = [pkgs.buildkite-agent pkgs.bash pkgs.nix pkgs.git-lfs];
   };
 
   systemd.services.buildkite-agent = {
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" ];
+    wantedBy = ["multi-user.target"];
+    after = ["network.target"];
     environment = {
       HOME = "/home/bk";
     };
@@ -137,7 +139,7 @@ in
     isNormalUser = true;
     useDefaultShell = true;
     createHome = true;
-    extraGroups = [ "wheel" "docker" "keys" ];  # Enable ‘sudo’.
+    extraGroups = ["wheel" "docker" "keys"]; # Enable ‘sudo’.
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKgqUmPrZwBkOtlDgkft1yVL0YoDKdTr6lWvsoNUP6yA"
     ];
@@ -146,14 +148,14 @@ in
     isNormalUser = true;
     useDefaultShell = true;
     createHome = true;
-    extraGroups = [ "wheel" "docker" "keys" ];  # Enable ‘sudo’.
+    extraGroups = ["wheel" "docker" "keys"]; # Enable ‘sudo’.
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPwpp6p5298n5Ffk7i33uAPVLFdYLbDJFAYPz/9xHjHN"
     ];
   };
 
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-  nix.settings.trusted-users = [ "root" "@wheel" ];
+  nix.settings.experimental-features = ["nix-command" "flakes"];
+  nix.settings.trusted-users = ["root" "@wheel"];
 
   system.stateVersion = "23.11"; # Did NOT change this!
 }