Massive nixfmt reformatting

2025-04-03 13:59:50 +02:00 · 2025-04-03 13:59:50 +02:00 · b29ddd5e65
commit b29ddd5e65
parent fe4492f004
109 changed files with 4323 additions and 2368 deletions
--- a/modules/cloud/conduit/default.nix
+++ b/modules/cloud/conduit/default.nix
@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:

 let
  cfg = config.cloud.conduit;
@ -33,95 +38,105 @@ with lib;
    };

    instances = mkOption {
-      type = types.attrsOf (types.submodule {
-        options = {
-          host = mkOption {
-            type = types.str;
+      type = types.attrsOf (
+        types.submodule {
+          options = {
+            host = mkOption {
+              type = types.str;
+            };
+            server_name = mkOption {
+              type = types.str;
+              default = "";
+            };
+            port = mkOption {
+              type = types.int;
+            };
+            noCloudflare = mkOption {
+              type = types.bool;
+              default = false;
+            };
+            allow_registration = mkOption {
+              type = types.bool;
+              default = false;
+            };
+            well-known_port = mkOption {
+              type = types.int;
+            };
          };
-          server_name = mkOption {
-            type = types.str;
-            default = "";
-          };
-          port = mkOption {
-            type = types.int;
-          };
-          noCloudflare = mkOption {
-            type = types.bool;
-            default = false;
-          };
-          allow_registration = mkOption {
-            type = types.bool;
-            default = false;
-          };
-          well-known_port = mkOption {
-            type = types.int;
-          };
-        };
-      });
+        }
+      );
    };
  };

-  config.systemd.services = mkIf cfg.enable
-    (lib.attrsets.mapAttrs'
-      (name: instance: lib.attrsets.nameValuePair "matrix-conduit-${name}"
-        (
-          let
-            srvName = "matrix-conduit-${name}";
-            format = pkgs.formats.toml { };
-            server_name = if instance.server_name == "" then instance.host else instance.server_name;
-            configFile = format.generate "conduit.toml" (lib.attrsets.recursiveUpdate defaultConfig {
+  config.systemd.services = mkIf cfg.enable (
+    lib.attrsets.mapAttrs' (
+      name: instance:
+      lib.attrsets.nameValuePair "matrix-conduit-${name}" (
+        let
+          srvName = "matrix-conduit-${name}";
+          format = pkgs.formats.toml { };
+          server_name = if instance.server_name == "" then instance.host else instance.server_name;
+          configFile = format.generate "conduit.toml" (
+            lib.attrsets.recursiveUpdate defaultConfig {
              global.server_name = server_name;
              global.port = instance.port;
              global.allow_registration = instance.allow_registration;
              global.database_path = "/mnt/data/${srvName}/";
              global.well_known_client = "https://${instance.host}";
              global.well_known_server = "${instance.host}:443";
-            });
-          in
-          {
-            description = "Conduit Matrix Server (for ${server_name})";
-            documentation = [ "https://gitlab.com/famedly/conduit/" ];
-            wantedBy = [ "multi-user.target" ];
-            environment = { CONDUIT_CONFIG = configFile; };
-            serviceConfig = {
-              DynamicUser = true;
-              User = "${srvName}";
-              LockPersonality = true;
-              MemoryDenyWriteExecute = true;
-              ProtectClock = true;
-              ProtectControlGroups = true;
-              ProtectHostname = true;
-              ProtectKernelLogs = true;
-              ProtectKernelModules = true;
-              ProtectKernelTunables = true;
-              PrivateDevices = true;
-              PrivateMounts = true;
-              PrivateUsers = true;
-              RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
-              RestrictNamespaces = true;
-              RestrictRealtime = true;
-              SystemCallArchitectures = "native";
-              SystemCallFilter = [
-                "@system-service"
-                "~@privileged"
-              ];
-              # StateDirectory = "/mnt/data/${srvName}";
-              BindPaths = [ "/mnt/data/${srvName}" ];
-              ExecStart = "${cfg.package}/bin/conduit";
-              Restart = "on-failure";
-              RestartSec = 10;
-              StartLimitBurst = 5;
-            };
-          }
-        ))
-      cfg.instances);
+            }
+          );
+        in
+        {
+          description = "Conduit Matrix Server (for ${server_name})";
+          documentation = [ "https://gitlab.com/famedly/conduit/" ];
+          wantedBy = [ "multi-user.target" ];
+          environment = {
+            CONDUIT_CONFIG = configFile;
+          };
+          serviceConfig = {
+            DynamicUser = true;
+            User = "${srvName}";
+            LockPersonality = true;
+            MemoryDenyWriteExecute = true;
+            ProtectClock = true;
+            ProtectControlGroups = true;
+            ProtectHostname = true;
+            ProtectKernelLogs = true;
+            ProtectKernelModules = true;
+            ProtectKernelTunables = true;
+            PrivateDevices = true;
+            PrivateMounts = true;
+            PrivateUsers = true;
+            RestrictAddressFamilies = [
+              "AF_INET"
+              "AF_INET6"
+            ];
+            RestrictNamespaces = true;
+            RestrictRealtime = true;
+            SystemCallArchitectures = "native";
+            SystemCallFilter = [
+              "@system-service"
+              "~@privileged"
+            ];
+            # StateDirectory = "/mnt/data/${srvName}";
+            BindPaths = [ "/mnt/data/${srvName}" ];
+            ExecStart = "${cfg.package}/bin/conduit";
+            Restart = "on-failure";
+            RestartSec = 10;
+            StartLimitBurst = 5;
+          };
+        }
+      )
+    ) cfg.instances
+  );

  config.cloud.traefik.hosts = mkIf cfg.enable (
-    (lib.attrsets.mapAttrs'
-      (name: instance: lib.attrsets.nameValuePair "conduit-${name}" ({
+    (lib.attrsets.mapAttrs' (
+      name: instance:
+      lib.attrsets.nameValuePair "conduit-${name}" ({
        inherit (instance) host port noCloudflare;
-      }))
-      cfg.instances)
+      })
+    ) cfg.instances)
  );
 }
-
--- a/modules/cloud/conduit/heisenbridge.nix
+++ b/modules/cloud/conduit/heisenbridge.nix
@ -1,9 +1,15 @@
-{ pkgs, lib, config, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
 let
  cfg = config.cloud.conduit.heisenbridge;
  cfgConduit = config.cloud.conduit;
 in
-with lib; {
+with lib;
+{
  options.cloud.conduit.heisenbridge = {
    enable = mkEnableOption "Enable heisenbridge for conduit";
    package = mkPackageOption pkgs "heisenbridge" { };
@ -23,17 +29,26 @@ with lib; {
  };
  config = mkIf cfg.enable (
    let
-      cfgFile = if cfg.port == null then cfg.appserviceFile else
-      pkgs.runCommand "heisenbridge-config" { } ''
-        cp ${cfg.appserviceFile} $out
-        ${pkgs.sd}/bin/sd '^url: .*$' "url: http://127.0.0.1:${cfg.port}"
-      '';
-      listenArgs = lists.optionals (cfg.port != null) [ "--listen-port" (toString cfg.port) ];
+      cfgFile =
+        if cfg.port == null then
+          cfg.appserviceFile
+        else
+          pkgs.runCommand "heisenbridge-config" { } ''
+            cp ${cfg.appserviceFile} $out
+            ${pkgs.sd}/bin/sd '^url: .*$' "url: http://127.0.0.1:${cfg.port}"
+          '';
+      listenArgs = lists.optionals (cfg.port != null) [
+        "--listen-port"
+        (toString cfg.port)
+      ];
    in
    {
      systemd.services.heisenbridge = {
        description = "Matrix<->IRC bridge";
-        requires = [ "matrix-conduit-nkagami.service" "matrix-synapse.service" ]; # So the registration file can be used by Synapse
+        requires = [
+          "matrix-conduit-nkagami.service"
+          "matrix-synapse.service"
+        ]; # So the registration file can be used by Synapse
        wantedBy = [ "multi-user.target" ];

        serviceConfig = rec {
@ -77,12 +92,18 @@ with lib; {
          RemoveIPC = true;
          UMask = "0077";

-          CapabilityBoundingSet = [ "CAP_CHOWN" ] ++ optional (cfg.port != null && cfg.port < 1024) "CAP_NET_BIND_SERVICE";
+          CapabilityBoundingSet = [
+            "CAP_CHOWN"
+          ] ++ optional (cfg.port != null && cfg.port < 1024) "CAP_NET_BIND_SERVICE";
          AmbientCapabilities = CapabilityBoundingSet;
          NoNewPrivileges = true;
          LockPersonality = true;
          RestrictRealtime = true;
-          SystemCallFilter = [ "@system-service" "~@privileged" "@chown" ];
+          SystemCallFilter = [
+            "@system-service"
+            "~@privileged"
+            "@chown"
+          ];
          SystemCallArchitectures = "native";
          RestrictAddressFamilies = "AF_INET AF_INET6";
        };
@ -97,4 +118,3 @@ with lib; {
    }
  );
 }
-