Merge branch 'add-nixfmt-in-ci'

Author: albin-mullvad

.github/workflows/nixfmt.yml

@@ -0,0 +1,23 @@
+---
+name: Nix - Check formatting
+on:
+  pull_request:
+    paths:
+      - .github/workflows/nixfmt.yml
+      - '**/*.nix'
+  workflow_dispatch:
+
+permissions: {}
+
+jobs:
+  check-formatting:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Install Nix
+        uses: cachix/install-nix-action@v27
+
+      - name: Install nixfmt-tree
+        run: nix shell nixpkgs#nixfmt-tree --command treefmt --ci

ci/ios/test-router/app-team-ios-lab.nix

@@ -1,44 +1,59 @@
-{ config, lib, pkgs, modulesPath, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
 
 {
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
 
   nixpkgs.config.allowUnfree = true;
   hardware.enableAllFirmware = true;
   hardware.firmware = [ pkgs.wireless-regdb ];
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "nvme"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+    "sdhci_pci"
+  ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
   boot.extraModprobeConfig = ''
     options iwlmvm power_scheme=1
     options iwlwifi disable_11ac=1
     options iwlwifi disable_11ax= 1
-    '';
+  '';
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
   boot.kernelPackages = pkgs.linuxPackages_6_6;
 
   services.fwupd.enable = true;
 
-
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/40974b12-1be6-4e2b-b8b2-57123f4d60ce";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/0C9E-5CDB";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/40974b12-1be6-4e2b-b8b2-57123f4d60ce";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/0C9E-5CDB";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
 
   swapDevices = [ ];
 
   networking.useDHCP = lib.mkDefault false;
   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
-

ci/ios/test-router/flake.nix

@@ -1,48 +1,52 @@
 {
   description = "Config for our testing router";
 
-  inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; };
+  inputs = {
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
+  };
 
-  outputs = { self, nixpkgs }: {
-    nixosConfigurations.app-team-ios-lab = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      modules = [
-        (import ./router-config.nix {
-          hostname = "app-team-ios-tests";
-          lanMac = "a0:ce:c8:ab:bd:2d";
-          wanMac = "88:ae:dd:64:e1:55";
-          lanIp = "192.168.105.1/24";
-        })
-        ./app-team-ios-lab.nix
-        {
-          boot.loader.systemd-boot.enable = true;
-          boot.loader.efi.canTouchEfiVariables = true;
-          hardware = {
-            cpu.intel.updateMicrocode = true;
-            enableRedistributableFirmware = true;
-          };
-        }
-      ];
-    };
+  outputs =
+    { self, nixpkgs }:
+    {
+      nixosConfigurations.app-team-ios-lab = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          (import ./router-config.nix {
+            hostname = "app-team-ios-tests";
+            lanMac = "a0:ce:c8:ab:bd:2d";
+            wanMac = "88:ae:dd:64:e1:55";
+            lanIp = "192.168.105.1/24";
+          })
+          ./app-team-ios-lab.nix
+          {
+            boot.loader.systemd-boot.enable = true;
+            boot.loader.efi.canTouchEfiVariables = true;
+            hardware = {
+              cpu.intel.updateMicrocode = true;
+              enableRedistributableFirmware = true;
+            };
+          }
+        ];
+      };
 
-    nixosConfigurations.app-team-ios-lab-iso = nixpkgs.lib.nixosSystem {
-      system = "x86_64-linux";
-      modules = [
-        (import ./router-config.nix {
-          hostname = "app-team-ios-tests";
-          lanMac = "48:21:0b:36:bb:52";
-          wanMac = "48:21:0b:36:43:a3";
-          lanIp = "192.168.105.1/24";
-        })
-        "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
-        {
-          isoImage.squashfsCompression = "lz4";
-        }
-      ];
-    };
+      nixosConfigurations.app-team-ios-lab-iso = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          (import ./router-config.nix {
+            hostname = "app-team-ios-tests";
+            lanMac = "48:21:0b:36:bb:52";
+            wanMac = "48:21:0b:36:43:a3";
+            lanIp = "192.168.105.1/24";
+          })
+          "${nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
+          {
+            isoImage.squashfsCompression = "lz4";
+          }
+        ];
+      };
 
-    packages.x86_64-linux.raas =
-      with import nixpkgs { system = "x86_64-linux"; };
-      pkgs.callPackage ./raas.nix {};
-  };
+      packages.x86_64-linux.raas =
+        with import nixpkgs { system = "x86_64-linux"; };
+        pkgs.callPackage ./raas.nix { };
+    };
 }

ci/ios/test-router/nftables.nix

@@ -1,5 +1,6 @@
 { lib, config, ... }:
-with lib; let
+with lib;
+let
   cfg = config.services.nftables;
 in
 {

ci/ios/test-router/raas.nix

@@ -1,4 +1,12 @@
-{ pkgs, rustPlatform, pkg-config, libmnl, libnftnl, libpcap, ... }:
+{
+  pkgs,
+  rustPlatform,
+  pkg-config,
+  libmnl,
+  libnftnl,
+  libpcap,
+  ...
+}:
 
 rustPlatform.buildRustPackage rec {
   pname = "raas";
@@ -8,5 +16,9 @@ rustPlatform.buildRustPackage rec {
   cargoLock.lockFile = ./raas/Cargo.lock;
 
   nativeBuildInputs = [ pkg-config ];
-  buildInputs = [ libmnl libnftnl libpcap ];
+  buildInputs = [
+    libmnl
+    libnftnl
+    libpcap
+  ];
 }

ci/ios/test-router/router-config.nix

@@ -1,14 +1,19 @@
-args@{ hostname
-, # hostname of the router
-  lanMac ? null
-, # MAC address of the local area network interface
-  wanMac
-, # MAC address of the upstream interface
-  lanIp
-, # IP adderss/subnet
+args@{
+  hostname,
+  # hostname of the router
+  lanMac ? null,
+  # MAC address of the local area network interface
+  wanMac,
+  # MAC address of the upstream interface
+  lanIp, # IP adderss/subnet
 }:
 
-{ config, pkgs, lib, ... }:
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
 let
   ifNotNull = maybeNull: attrSet: lib.attrsets.optionalAttrs (!builtins.isNull maybeNull) attrSet;
 in
@@ -28,7 +33,14 @@ in
   services.nftables.internetHostOverride = gatewayAddress;
   services.nftables.lanInterfaces = "lan";
 
-  environment.systemPackages = with pkgs; [ htop vim curl dig tcpdump cargo ];
+  environment.systemPackages = with pkgs; [
+    htop
+    vim
+    curl
+    dig
+    tcpdump
+    cargo
+  ];
 
   networking.hostName = args.hostname;
   networking.useDHCP = true;
@@ -54,7 +66,9 @@ in
     };
   };
 
-  networking = { firewall.enable = false; };
+  networking = {
+    firewall.enable = false;
+  };
   hardware.bluetooth.enable = false;
 
   boot.kernel.sysctl = {
@@ -85,23 +99,28 @@ in
 
   networking.wireguard.interfaces.staging = {
     privateKeyFile = "/staging-wg-private-key";
-    ips = [ "10.64.9.184/32" "fc00:bbbb:bbbb:bb01::a40:9b8/128" ];
+    ips = [
+      "10.64.9.184/32"
+      "fc00:bbbb:bbbb:bb01::a40:9b8/128"
+    ];
     allowedIPsAsRoutes = true;
     # postSetup could be used to dynamically fetch the IP of the staging API and set up the route to that IP through this interface too.
     # postSetup = '''';
-    peers = [{
-      publicKey = "2KS+F8ZAOUSMwygl2CYqkqFhbi3L5u58b3kIpaylaEk=";
-      name = "se-sto-wg-001-staging";
-      endpoint = "85.203.53.81:51820";
-      allowedIPs = [
-        # api.stagemole.eu
-        "185.217.116.129/32"
-        # api-app.stagemole.eu
-        "185.217.116.132/32"
-        # api-partners.stagemole.eu
-        "185.217.116.131/32"
-      ];
-    }];
+    peers = [
+      {
+        publicKey = "2KS+F8ZAOUSMwygl2CYqkqFhbi3L5u58b3kIpaylaEk=";
+        name = "se-sto-wg-001-staging";
+        endpoint = "85.203.53.81:51820";
+        allowedIPs = [
+          # api.stagemole.eu
+          "185.217.116.129/32"
+          # api-app.stagemole.eu
+          "185.217.116.132/32"
+          # api-partners.stagemole.eu
+          "185.217.116.131/32"
+        ];
+      }
+    ];
   };
 
   systemd.network.enable = true;
@@ -125,7 +144,9 @@ in
       UseDNS = true;
     };
 
-    dhcpV6Config = { UseDNS = true; };
+    dhcpV6Config = {
+      UseDNS = true;
+    };
   };
 
   # obtain all leases
@@ -142,7 +163,6 @@ in
     linkConfig.RequiredForOnline = "enslaved";
   };
 
-
   systemd.network.networks.lan = {
     name = "lan";
     address = [ "192.168.105.1/24" ];
@@ -157,7 +177,10 @@ in
 
     dhcpServerConfig = {
       ServerAddress = "192.168.105.1/24";
-      DNS = [ "1.1.1.1" "1.0.0.1" ];
+      DNS = [
+        "1.1.1.1"
+        "1.0.0.1"
+      ];
       PoolOffset = 128;
       EmitDNS = true;
       EmitNTP = true;
@@ -197,7 +220,10 @@ in
 
   services.openssh = {
     enable = true;
-    ports = [ 22 2021 ];
+    ports = [
+      22
+      2021
+    ];
     settings.PermitRootLogin = "yes";
   };
 
@@ -217,7 +243,10 @@ in
       enable = true;
       description = "Web service to apply blocking firewall rules";
       bindsTo = [ "sys-subsystem-net-devices-lan.device" ];
-      after = [ "systemd-networkd.service" "network-online.target" ];
+      after = [
+        "systemd-networkd.service"
+        "network-online.target"
+      ];
       wantedBy = [ "multi-user.target" ];
       serviceConfig.ExecStart = ''
         ${raas}/bin/raas ${listenAddress}:80