From 69ce8f32efabe886099adf0aec30440768e86ae9 Mon Sep 17 00:00:00 2001 From: Natsu Kagami Date: Tue, 31 May 2022 12:45:33 -0400 Subject: [PATCH] Set up formatting --- flake.lock | 18 ++++- flake.nix | 6 +- home/config.nix | 10 +-- home/mac-home.nix | 7 +- home/osu.nix | 22 +++--- modules/cloud/mail/default.nix | 4 +- modules/cloud/postgresql/default.nix | 6 +- modules/cloud/traefik/certs-dumper.nix | 32 ++++---- modules/cloud/traefik/default.nix | 28 +++---- modules/my-tinc/default.nix | 90 +++++++++++----------- modules/my-tinc/hosts.nix | 14 ++-- nki-personal-do/hardware-configuration.nix | 2 +- 12 files changed, 132 insertions(+), 107 deletions(-) diff --git a/flake.lock b/flake.lock index 5014247..da83514 100644 --- a/flake.lock +++ b/flake.lock @@ -58,6 +58,21 @@ } }, "flake-utils": { + "locked": { + "lastModified": 1653893745, + "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { "locked": { "lastModified": 1648297722, "narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=", @@ -307,6 +322,7 @@ "inputs": { "darwin": "darwin", "deploy-rs": "deploy-rs", + "flake-utils": "flake-utils", "home-manager": "home-manager", "nix-gaming": "nix-gaming", "nixpkgs": "nixpkgs_2", @@ -385,7 +401,7 @@ }, "youmubot": { "inputs": { - "flake-utils": "flake-utils", + "flake-utils": "flake-utils_2", "naersk": "naersk_2", "nixpkgs": [ "nixpkgs" diff --git a/flake.nix b/flake.nix index 9039b53..d089e42 100644 --- a/flake.nix +++ b/flake.nix @@ -12,6 +12,8 @@ deploy-rs.url = "github:Serokell/deploy-rs"; nur.url = "github:nix-community/NUR"; + flake-utils.url = github:numtide/flake-utils; + # --- # Imported apps rnix-lsp.url = "github:nix-community/rnix-lsp"; @@ -146,5 +148,7 @@ # This is highly advised, and will prevent many possible mistakes checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; - }; + } // (inputs.flake-utils.lib.eachDefaultSystem (system: { + formatter = nixpkgs.legacyPackages.${system}.nixpkgs-fmt; + })); } diff --git a/home/config.nix b/home/config.nix index 7741797..ce46830 100644 --- a/home/config.nix +++ b/home/config.nix @@ -1,8 +1,8 @@ { - allowUnfree = true; - packageOverrides = pkgs: { - nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") { - inherit pkgs; - }; + allowUnfree = true; + packageOverrides = pkgs: { + nur = import (builtins.fetchTarball "https://github.com/nix-community/NUR/archive/master.tar.gz") { + inherit pkgs; }; + }; } diff --git a/home/mac-home.nix b/home/mac-home.nix index e41ce73..bdf4df5 100644 --- a/home/mac-home.nix +++ b/home/mac-home.nix @@ -2,7 +2,7 @@ { imports = [ ./common.nix ]; - + # Let Home Manager install and manage itself. programs.home-manager.enable = true; @@ -13,12 +13,11 @@ # Additional packages to be used only on this MacBook. home.packages = with pkgs; [ - anki-bin + anki-bin ]; # Additional settings for programs - programs.fish.shellAliases = { - }; + programs.fish.shellAliases = { }; # This value determines the Home Manager release that your # configuration is compatible with. This helps avoid breakage diff --git a/home/osu.nix b/home/osu.nix index e818d6a..443afb9 100644 --- a/home/osu.nix +++ b/home/osu.nix @@ -1,17 +1,17 @@ { pkgs, config, lib, ... }: let - # pkgsUnstableOsu = import "/home/nki/nixpkgs/osu-lazer" {}; - # osu = pkgs.osu-lazer.overrideAttrs (oldAttrs : rec { - # version = "2021.1006.1"; - # src = pkgs.fetchFromGitHub { - # owner = "ppy"; - # repo = "osu"; - # rev = version; - # sha256 = "11qwrsp9kfxgz7dvh56mbgkry252ic3l5mgx3hwchrwzll71f0yd"; - # }; - # }); + # pkgsUnstableOsu = import "/home/nki/nixpkgs/osu-lazer" {}; + # osu = pkgs.osu-lazer.overrideAttrs (oldAttrs : rec { + # version = "2021.1006.1"; + # src = pkgs.fetchFromGitHub { + # owner = "ppy"; + # repo = "osu"; + # rev = version; + # sha256 = "11qwrsp9kfxgz7dvh56mbgkry252ic3l5mgx3hwchrwzll71f0yd"; + # }; + # }); in { - home.packages = [ pkgs.unstable.osu-lazer ]; + home.packages = [ pkgs.unstable.osu-lazer ]; } diff --git a/modules/cloud/mail/default.nix b/modules/cloud/mail/default.nix index cf7c50f..e7a27d5 100644 --- a/modules/cloud/mail/default.nix +++ b/modules/cloud/mail/default.nix @@ -341,8 +341,8 @@ in ExecStart = "${cfg.package}/bin/maddy ${if cfg.debug then "-debug " else ""}-config ${configFile}"; }; reload = '' - /bin/kill -USR1 $MAINPID - /bin/kill -USR2 $MAINPID + /bin/kill -USR1 $MAINPID + /bin/kill -USR2 $MAINPID ''; }; }; diff --git a/modules/cloud/postgresql/default.nix b/modules/cloud/postgresql/default.nix index cb13f45..d4a08b1 100644 --- a/modules/cloud/postgresql/default.nix +++ b/modules/cloud/postgresql/default.nix @@ -1,4 +1,4 @@ -{ pkgs, config, lib, ... } : +{ pkgs, config, lib, ... }: with lib; let @@ -7,7 +7,7 @@ let # From a database name, create an "ensureUser" # entry with the same name and assign all permissions # to that database. - userFromDatabase = databaseName : { + userFromDatabase = databaseName: { name = databaseName; ensurePermissions = { "DATABASE ${databaseName}" = "ALL PRIVILEGES"; @@ -17,7 +17,7 @@ in { options.cloud.postgresql.databases = mkOption { type = types.listOf types.str; - default = []; + default = [ ]; description = '' The list of databases to be created. An user with the same name diff --git a/modules/cloud/traefik/certs-dumper.nix b/modules/cloud/traefik/certs-dumper.nix index 40826aa..1104152 100644 --- a/modules/cloud/traefik/certs-dumper.nix +++ b/modules/cloud/traefik/certs-dumper.nix @@ -26,21 +26,21 @@ in description = "Dump certificates generated by traefik to a destination folder"; serviceConfig = - let - user = config.systemd.services.traefik.serviceConfig.User; - group = config.systemd.services.traefik.serviceConfig.Group; - certsPath = config.cloud.traefik.certsPath; - in - { - User = user; - Group = group; - ExecStart = "${cfg.package}/bin/traefik-certs-dumper file --watch --domain-subdir=true --version v2 --source ${certsPath} --dest ${cfg.destination} --post-hook 'chmod -R +r ${cfg.destination}'"; - LimitNOFILE = "1048576"; - PrivateTmp = "true"; - PrivateDevices = "true"; - ProtectHome = "true"; - ProtectSystem = "strict"; - StateDirectory = "traefik-certs"; - }; + let + user = config.systemd.services.traefik.serviceConfig.User; + group = config.systemd.services.traefik.serviceConfig.Group; + certsPath = config.cloud.traefik.certsPath; + in + { + User = user; + Group = group; + ExecStart = "${cfg.package}/bin/traefik-certs-dumper file --watch --domain-subdir=true --version v2 --source ${certsPath} --dest ${cfg.destination} --post-hook 'chmod -R +r ${cfg.destination}'"; + LimitNOFILE = "1048576"; + PrivateTmp = "true"; + PrivateDevices = "true"; + ProtectHome = "true"; + ProtectSystem = "strict"; + StateDirectory = "traefik-certs"; + }; }; } diff --git a/modules/cloud/traefik/default.nix b/modules/cloud/traefik/default.nix index 5a3a333..87a6d2e 100644 --- a/modules/cloud/traefik/default.nix +++ b/modules/cloud/traefik/default.nix @@ -1,22 +1,24 @@ -{ pkgs, config, lib, ... } : +{ pkgs, config, lib, ... }: with lib; let # Copied from traefik.nix jsonValue = with types; let - valueType = nullOr (oneOf [ - bool - int - float - str - (lazyAttrsOf valueType) - (listOf valueType) - ]) // { + valueType = nullOr + (oneOf [ + bool + int + float + str + (lazyAttrsOf valueType) + (listOf valueType) + ]) // { description = "JSON value"; emptyValue.value = { }; }; - in valueType; + in + valueType; cfg = config.cloud.traefik; in @@ -30,7 +32,7 @@ in config = mkOption { type = jsonValue; - default = {}; + default = { }; description = "The dynamic configuration to be passed to traefik"; }; @@ -40,7 +42,7 @@ in description = "The location to read and write the certificates file onto"; }; }; - + config.services.traefik = { enable = true; @@ -62,7 +64,7 @@ in # Logging # ------- - accessLog = {}; + accessLog = { }; log.level = "info"; # ACME Automatic SSL diff --git a/modules/my-tinc/default.nix b/modules/my-tinc/default.nix index dc3267b..0892a78 100644 --- a/modules/my-tinc/default.nix +++ b/modules/my-tinc/default.nix @@ -10,7 +10,7 @@ let in { imports = [ ./hosts.nix ]; - + options.services.my-tinc = { enable = mkEnableOption "my private tinc cloud configuration"; rsaPrivateKey = mkOption { @@ -38,61 +38,63 @@ in config = mkIf cfg.enable (builtins.seq (mkIf (isNull cfg.rsaPrivateKey && isNull cfg.ed25519PrivateKey) (builtins.abort "one of the keys must be defined")) - (let - networkName = "my-tinc"; + ( + let + networkName = "my-tinc"; - myHost = builtins.getAttr cfg.hostName hosts; - myMeshIp = myHost.subnetAddr; - in - { - # Scripts that set up the tinc services - environment.etc = { - "tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" '' + myHost = builtins.getAttr cfg.hostName hosts; + myMeshIp = myHost.subnetAddr; + in + { + # Scripts that set up the tinc services + environment.etc = { + "tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" '' #!${pkgs.stdenv.shell} ${pkgs.nettools}/bin/ifconfig $INTERFACE ${myMeshIp} netmask 255.255.255.0 - ''; - "tinc/${networkName}/tinc-down".source = pkgs.writeScript "tinc-down-${networkName}" '' + ''; + "tinc/${networkName}/tinc-down".source = pkgs.writeScript "tinc-down-${networkName}" '' #!${pkgs.stdenv.shell} /run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down - ''; - }; + ''; + }; - # Allow the tinc service to call ifconfig without sudo password. - security.sudo.extraRules = [ - { - users = [ "tinc.${networkName}" ]; - commands = [ - { - command = "${pkgs.nettools}/bin/ifconfig"; - options = [ "NOPASSWD" ]; - } - ]; - } - ]; + # Allow the tinc service to call ifconfig without sudo password. + security.sudo.extraRules = [ + { + users = [ "tinc.${networkName}" ]; + commands = [ + { + command = "${pkgs.nettools}/bin/ifconfig"; + options = [ "NOPASSWD" ]; + } + ]; + } + ]; - # simple interface setup - # ---------------------- - networking.interfaces."tinc.${networkName}".ipv4.addresses = [ { address = myMeshIp; prefixLength = 24; } ]; + # simple interface setup + # ---------------------- + networking.interfaces."tinc.${networkName}".ipv4.addresses = [{ address = myMeshIp; prefixLength = 24; }]; - # firewall - networking.firewall.allowedUDPPorts = [ 655 ]; - networking.firewall.allowedTCPPorts = [ 655 ]; + # firewall + networking.firewall.allowedUDPPorts = [ 655 ]; + networking.firewall.allowedTCPPorts = [ 655 ]; - # configure tinc service - # ---------------------- - services.tinc.networks."${networkName}"= { + # configure tinc service + # ---------------------- + services.tinc.networks."${networkName}" = { - name = cfg.hostName; # who are we in this network. + name = cfg.hostName; # who are we in this network. - debugLevel = 3; # the debug level for journal -u tinc.private - chroot = false; # otherwise addresses can't be a DNS - interfaceType = "tap"; # tun might also work. + debugLevel = 3; # the debug level for journal -u tinc.private + chroot = false; # otherwise addresses can't be a DNS + interfaceType = "tap"; # tun might also work. - bindToAddress = "* ${toString cfg.bindPort}"; + bindToAddress = "* ${toString cfg.bindPort}"; - ed25519PrivateKeyFile = cfg.ed25519PrivateKey; - rsaPrivateKeyFile = cfg.rsaPrivateKey; - }; - }) + ed25519PrivateKeyFile = cfg.ed25519PrivateKey; + rsaPrivateKeyFile = cfg.rsaPrivateKey; + }; + } + ) ); } diff --git a/modules/my-tinc/hosts.nix b/modules/my-tinc/hosts.nix index 51aa522..72336b0 100644 --- a/modules/my-tinc/hosts.nix +++ b/modules/my-tinc/hosts.nix @@ -13,11 +13,13 @@ in { config = mkIf cfg.enable { # All hosts we know of - services.tinc.networks.my-tinc.hostSettings = mapAttrs (name: host: { - addresses = if (host ? address) then [ { address = host.address; } ] else []; - subnets = [ { address = host.subnetAddr; } ]; - rsaPublicKey = mkIf (host ? "rsaPublicKey") host.rsaPublicKey; - settings.Ed25519PublicKey = mkIf (host ? "ed25519PublicKey") host.ed25519PublicKey; - }) hosts; + services.tinc.networks.my-tinc.hostSettings = mapAttrs + (name: host: { + addresses = if (host ? address) then [{ address = host.address; }] else [ ]; + subnets = [{ address = host.subnetAddr; }]; + rsaPublicKey = mkIf (host ? "rsaPublicKey") host.rsaPublicKey; + settings.Ed25519PublicKey = mkIf (host ? "ed25519PublicKey") host.ed25519PublicKey; + }) + hosts; }; } diff --git a/nki-personal-do/hardware-configuration.nix b/nki-personal-do/hardware-configuration.nix index 5439ae1..324b97e 100644 --- a/nki-personal-do/hardware-configuration.nix +++ b/nki-personal-do/hardware-configuration.nix @@ -6,5 +6,5 @@ fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; }; # swap - swapDevices = [ { device = "/var/swapfile"; } ]; + swapDevices = [{ device = "/var/swapfile"; }]; }