Set up formatting

2022-05-31 12:45:33 -04:00 · 2022-05-31 12:45:33 -04:00 · 69ce8f32ef
commit 69ce8f32ef
parent 2f78eed4cc
12 changed files with 132 additions and 107 deletions
--- a/modules/cloud/mail/default.nix
+++ b/modules/cloud/mail/default.nix
@ -341,8 +341,8 @@ in
          ExecStart = "${cfg.package}/bin/maddy ${if cfg.debug then "-debug " else ""}-config ${configFile}";
        };
        reload = ''
-            /bin/kill -USR1 $MAINPID
-            /bin/kill -USR2 $MAINPID
+          /bin/kill -USR1 $MAINPID
+          /bin/kill -USR2 $MAINPID
        '';
      };
    };
--- a/modules/cloud/postgresql/default.nix
+++ b/modules/cloud/postgresql/default.nix
@ -1,4 +1,4 @@
-{ pkgs, config, lib, ... } :
+{ pkgs, config, lib, ... }:

 with lib;
 let
@ -7,7 +7,7 @@ let
  # From a database name, create an "ensureUser"
  # entry with the same name and assign all permissions
  # to that database.
-  userFromDatabase = databaseName : {
+  userFromDatabase = databaseName: {
    name = databaseName;
    ensurePermissions = {
      "DATABASE ${databaseName}" = "ALL PRIVILEGES";
@ -17,7 +17,7 @@ in
 {
  options.cloud.postgresql.databases = mkOption {
    type = types.listOf types.str;
-    default = [];
+    default = [ ];
    description = ''
      The list of databases to be created.
      An user with the same name
--- a/modules/cloud/traefik/certs-dumper.nix
+++ b/modules/cloud/traefik/certs-dumper.nix
@ -26,21 +26,21 @@ in

    description = "Dump certificates generated by traefik to a destination folder";
    serviceConfig =
-    let
-      user = config.systemd.services.traefik.serviceConfig.User;
-      group = config.systemd.services.traefik.serviceConfig.Group;
-      certsPath = config.cloud.traefik.certsPath;
-    in
-    {
-      User = user;
-      Group = group;
-      ExecStart = "${cfg.package}/bin/traefik-certs-dumper file --watch --domain-subdir=true --version v2 --source ${certsPath} --dest ${cfg.destination} --post-hook 'chmod -R +r ${cfg.destination}'";
-      LimitNOFILE = "1048576";
-      PrivateTmp = "true";
-      PrivateDevices = "true";
-      ProtectHome = "true";
-      ProtectSystem = "strict";
-      StateDirectory = "traefik-certs";
-    };
+      let
+        user = config.systemd.services.traefik.serviceConfig.User;
+        group = config.systemd.services.traefik.serviceConfig.Group;
+        certsPath = config.cloud.traefik.certsPath;
+      in
+      {
+        User = user;
+        Group = group;
+        ExecStart = "${cfg.package}/bin/traefik-certs-dumper file --watch --domain-subdir=true --version v2 --source ${certsPath} --dest ${cfg.destination} --post-hook 'chmod -R +r ${cfg.destination}'";
+        LimitNOFILE = "1048576";
+        PrivateTmp = "true";
+        PrivateDevices = "true";
+        ProtectHome = "true";
+        ProtectSystem = "strict";
+        StateDirectory = "traefik-certs";
+      };
  };
 }
--- a/modules/cloud/traefik/default.nix
+++ b/modules/cloud/traefik/default.nix
@ -1,22 +1,24 @@
-{ pkgs, config, lib, ... } :
+{ pkgs, config, lib, ... }:

 with lib;
 let
  # Copied from traefik.nix
  jsonValue = with types;
    let
-      valueType = nullOr (oneOf [
-        bool
-        int
-        float
-        str
-        (lazyAttrsOf valueType)
-        (listOf valueType)
-      ]) // {
+      valueType = nullOr
+        (oneOf [
+          bool
+          int
+          float
+          str
+          (lazyAttrsOf valueType)
+          (listOf valueType)
+        ]) // {
        description = "JSON value";
        emptyValue.value = { };
      };
-    in valueType;
+    in
+    valueType;

  cfg = config.cloud.traefik;
 in
@ -30,7 +32,7 @@ in

    config = mkOption {
      type = jsonValue;
-      default = {};
+      default = { };
      description = "The dynamic configuration to be passed to traefik";
    };

@ -40,7 +42,7 @@ in
      description = "The location to read and write the certificates file onto";
    };
  };
-  
+
  config.services.traefik = {
    enable = true;

@ -62,7 +64,7 @@ in

      # Logging
      # -------
-      accessLog = {};
+      accessLog = { };
      log.level = "info";

      # ACME Automatic SSL
--- a/modules/my-tinc/default.nix
+++ b/modules/my-tinc/default.nix
@ -10,7 +10,7 @@ let
 in
 {
  imports = [ ./hosts.nix ];
-  
+
  options.services.my-tinc = {
    enable = mkEnableOption "my private tinc cloud configuration";
    rsaPrivateKey = mkOption {
@ -38,61 +38,63 @@ in

  config = mkIf cfg.enable (builtins.seq
    (mkIf (isNull cfg.rsaPrivateKey && isNull cfg.ed25519PrivateKey) (builtins.abort "one of the keys must be defined"))
-    (let
-      networkName = "my-tinc";
+    (
+      let
+        networkName = "my-tinc";

-      myHost = builtins.getAttr cfg.hostName hosts;
-      myMeshIp = myHost.subnetAddr;
-    in
-    {
-      # Scripts that set up the tinc services
-      environment.etc = {
-        "tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" ''
+        myHost = builtins.getAttr cfg.hostName hosts;
+        myMeshIp = myHost.subnetAddr;
+      in
+      {
+        # Scripts that set up the tinc services
+        environment.etc = {
+          "tinc/${networkName}/tinc-up".source = pkgs.writeScript "tinc-up-${networkName}" ''
            #!${pkgs.stdenv.shell}
            ${pkgs.nettools}/bin/ifconfig $INTERFACE ${myMeshIp} netmask 255.255.255.0
-        '';
-        "tinc/${networkName}/tinc-down".source = pkgs.writeScript "tinc-down-${networkName}" ''
+          '';
+          "tinc/${networkName}/tinc-down".source = pkgs.writeScript "tinc-down-${networkName}" ''
            #!${pkgs.stdenv.shell}
            /run/wrappers/bin/sudo ${pkgs.nettools}/bin/ifconfig $INTERFACE down
-        '';
-      };
+          '';
+        };

-      # Allow the tinc service to call ifconfig without sudo password.
-      security.sudo.extraRules = [
-        {
-          users    = [ "tinc.${networkName}" ];
-          commands = [
-            {
-              command  = "${pkgs.nettools}/bin/ifconfig";
-              options  = [ "NOPASSWD" ];
-            }
-          ];
-        }
-      ];
+        # Allow the tinc service to call ifconfig without sudo password.
+        security.sudo.extraRules = [
+          {
+            users = [ "tinc.${networkName}" ];
+            commands = [
+              {
+                command = "${pkgs.nettools}/bin/ifconfig";
+                options = [ "NOPASSWD" ];
+              }
+            ];
+          }
+        ];

-      # simple interface setup
-      # ----------------------
-      networking.interfaces."tinc.${networkName}".ipv4.addresses = [ { address = myMeshIp; prefixLength = 24; } ];
+        # simple interface setup
+        # ----------------------
+        networking.interfaces."tinc.${networkName}".ipv4.addresses = [{ address = myMeshIp; prefixLength = 24; }];

-      # firewall
-      networking.firewall.allowedUDPPorts = [ 655 ];
-      networking.firewall.allowedTCPPorts = [ 655 ];
+        # firewall
+        networking.firewall.allowedUDPPorts = [ 655 ];
+        networking.firewall.allowedTCPPorts = [ 655 ];

-      # configure tinc service
-      # ----------------------
-      services.tinc.networks."${networkName}"= {
+        # configure tinc service
+        # ----------------------
+        services.tinc.networks."${networkName}" = {

-        name          = cfg.hostName;       # who are we in this network.
+          name = cfg.hostName; # who are we in this network.

-        debugLevel    = 3;            # the debug level for journal -u tinc.private
-        chroot        = false;        # otherwise addresses can't be a DNS
-        interfaceType = "tap";        # tun might also work.
+          debugLevel = 3; # the debug level for journal -u tinc.private
+          chroot = false; # otherwise addresses can't be a DNS
+          interfaceType = "tap"; # tun might also work.

-        bindToAddress = "* ${toString cfg.bindPort}";
+          bindToAddress = "* ${toString cfg.bindPort}";

-        ed25519PrivateKeyFile = cfg.ed25519PrivateKey;
-        rsaPrivateKeyFile = cfg.rsaPrivateKey;
-      };
-    })
+          ed25519PrivateKeyFile = cfg.ed25519PrivateKey;
+          rsaPrivateKeyFile = cfg.rsaPrivateKey;
+        };
+      }
+    )
  );
 }
--- a/modules/my-tinc/hosts.nix
+++ b/modules/my-tinc/hosts.nix
@ -13,11 +13,13 @@ in
 {
  config = mkIf cfg.enable {
    # All hosts we know of
-    services.tinc.networks.my-tinc.hostSettings = mapAttrs (name: host: {
-      addresses = if (host ? address) then [ { address = host.address; } ] else [];
-      subnets = [ { address = host.subnetAddr; } ];
-      rsaPublicKey = mkIf (host ? "rsaPublicKey") host.rsaPublicKey;
-      settings.Ed25519PublicKey = mkIf (host ? "ed25519PublicKey") host.ed25519PublicKey;
-    }) hosts;
+    services.tinc.networks.my-tinc.hostSettings = mapAttrs
+      (name: host: {
+        addresses = if (host ? address) then [{ address = host.address; }] else [ ];
+        subnets = [{ address = host.subnetAddr; }];
+        rsaPublicKey = mkIf (host ? "rsaPublicKey") host.rsaPublicKey;
+        settings.Ed25519PublicKey = mkIf (host ? "ed25519PublicKey") host.ed25519PublicKey;
+      })
+      hosts;
  };
 }