Massive nixfmt reformatting

2025-04-03 13:59:50 +02:00 · 2025-04-03 13:59:50 +02:00 · b29ddd5e65
commit b29ddd5e65
parent fe4492f004
109 changed files with 4323 additions and 2368 deletions
--- a/modules/cloud/traefik/certs-dumper.nix
+++ b/modules/cloud/traefik/certs-dumper.nix
@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:

 with lib;
 let
--- a/modules/cloud/traefik/config.nix
+++ b/modules/cloud/traefik/config.nix
@ -1,4 +1,9 @@
-{ pkgs, lib, config, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:

 with lib;
 let
@ -9,126 +14,169 @@ let
  };

  # Copied from traefik.nix
-  jsonValue = with types;
+  jsonValue =
+    with types;
    let
-      valueType = nullOr
-        (oneOf [
+      valueType =
+        nullOr (oneOf [
          bool
          int
          float
          str
          (lazyAttrsOf valueType)
          (listOf valueType)
-        ]) // {
-        description = "JSON value";
-        emptyValue.value = { };
-      };
+        ])
+        // {
+          description = "JSON value";
+          emptyValue.value = { };
+        };
    in
    valueType;

-  hostType = with types; submodule {
-    options = {
-      host = mkOption {
-        type = str;
-        description = "The host for the router filter";
-      };
-      path = mkOption {
-        type = nullOr str;
-        default = null;
-        description = "The path for the router filter (exact path is matched)";
-      };
-      filter = mkOption {
-        type = nullOr str;
-        default = null;
-        description = "The filter syntax for the router. Overrides `host` and `path` if provided";
-      };
-      localHost = mkOption {
-        type = types.nullOr types.str;
-        description = "The local host of the service. Must be an IP if protocol is TCP. Default to localhost/127.0.0.1";
-        default = null;
-      };
-      port = mkOption {
-        type = types.port;
-        description = "The port that the service is listening on";
-      };
-      entrypoints = mkOption {
-        type = listOf (enum [ "http" "https" "smtp-submission" "smtp-submission-ssl" "imap" "wireguard" ]);
-        default = [ "https" ];
-        description = "The entrypoints that will serve the host";
-      };
-      middlewares = mkOption {
-        type = listOf jsonValue;
-        default = [ ];
-        description = "The middlewares to be used with the host.";
-      };
-      protocol = mkOption {
-        type = enum [ "http" "tcp" "udp" ];
-        default = "http";
-        description = "The protocol of the router and service";
-      };
-      tlsPassthrough = mkOption {
-        type = types.bool;
-        default = true;
-        description = "Sets the TCP passthrough value. Defaults to `true` if the connection is tcp";
-      };
-      noCloudflare = mkOption {
-        type = types.bool;
-        default = false;
-        description = "Bypasses the client cert requirement, enable if you don't route things through cloudflare";
+  hostType =
+    with types;
+    submodule {
+      options = {
+        host = mkOption {
+          type = str;
+          description = "The host for the router filter";
+        };
+        path = mkOption {
+          type = nullOr str;
+          default = null;
+          description = "The path for the router filter (exact path is matched)";
+        };
+        filter = mkOption {
+          type = nullOr str;
+          default = null;
+          description = "The filter syntax for the router. Overrides `host` and `path` if provided";
+        };
+        localHost = mkOption {
+          type = types.nullOr types.str;
+          description = "The local host of the service. Must be an IP if protocol is TCP. Default to localhost/127.0.0.1";
+          default = null;
+        };
+        port = mkOption {
+          type = types.port;
+          description = "The port that the service is listening on";
+        };
+        entrypoints = mkOption {
+          type = listOf (enum [
+            "http"
+            "https"
+            "smtp-submission"
+            "smtp-submission-ssl"
+            "imap"
+            "wireguard"
+          ]);
+          default = [ "https" ];
+          description = "The entrypoints that will serve the host";
+        };
+        middlewares = mkOption {
+          type = listOf jsonValue;
+          default = [ ];
+          description = "The middlewares to be used with the host.";
+        };
+        protocol = mkOption {
+          type = enum [
+            "http"
+            "tcp"
+            "udp"
+          ];
+          default = "http";
+          description = "The protocol of the router and service";
+        };
+        tlsPassthrough = mkOption {
+          type = types.bool;
+          default = true;
+          description = "Sets the TCP passthrough value. Defaults to `true` if the connection is tcp";
+        };
+        noCloudflare = mkOption {
+          type = types.bool;
+          default = false;
+          description = "Bypasses the client cert requirement, enable if you don't route things through cloudflare";
+        };
      };
    };
-  };

  # Returns the filter given a host configuration
-  filterOfHost = host:
+  filterOfHost =
+    host:
    let
      hostFilter = if host.protocol == "http" then "Host" else "HostSNI";
    in
-    if host.filter != null then host.filter
-    else if host.path == null then "${hostFilter}(`${host.host}`)"
-    else "${hostFilter}(`${host.host}`) && Path(`${host.path}`)";
+    if host.filter != null then
+      host.filter
+    else if host.path == null then
+      "${hostFilter}(`${host.host}`)"
+    else
+      "${hostFilter}(`${host.host}`) && Path(`${host.path}`)";

  # Turns a host configuration into dynamic traefik configuration
  hostToConfig = name: host: {
-    "${host.protocol}" = {
-      routers."${name}-router" = (if (host.protocol != "udp") then {
-        rule = filterOfHost host;
-        tls = { certResolver = "le"; }
-          // (if host.protocol == "tcp" then { passthrough = if (host ? tlsPassthrough) then host.tlsPassthrough else true; } else { })
-          // (if host.noCloudflare then tlsNoCloudflare else { });
-      } else { }) // {
-        entryPoints = host.entrypoints;
-        service = "${name}-service";
-      } // (
-        if host.protocol == "http" then
-          { middlewares = lists.imap0 (id: m: "${name}-middleware-${toString id}") host.middlewares; }
-        else if host.middlewares == [ ] then
+    "${host.protocol}" =
+      {
+        routers."${name}-router" =
+          (
+            if (host.protocol != "udp") then
+              {
+                rule = filterOfHost host;
+                tls =
+                  {
+                    certResolver = "le";
+                  }
+                  // (
+                    if host.protocol == "tcp" then
+                      { passthrough = if (host ? tlsPassthrough) then host.tlsPassthrough else true; }
+                    else
+                      { }
+                  )
+                  // (if host.noCloudflare then tlsNoCloudflare else { });
+              }
+            else
+              { }
+          )
+          // {
+            entryPoints = host.entrypoints;
+            service = "${name}-service";
+          }
+          // (
+            if host.protocol == "http" then
+              { middlewares = lists.imap0 (id: m: "${name}-middleware-${toString id}") host.middlewares; }
+            else if host.middlewares == [ ] then
+              { }
+            else
+              abort "Cannot have middlewares on non-http routers"
+          );
+        services."${name}-service".loadBalancer.servers = [
+          (
+            let
+              localhost =
+                if isNull host.localHost then
+                  (if host.protocol == "http" then "localhost" else "127.0.0.1")
+                else
+                  host.localHost;
+            in
+            if host.protocol == "http" then
+              { url = "http://${localhost}:${toString host.port}"; }
+            else
+              { address = "${localhost}:${toString host.port}"; }
+          )
+        ];
+      }
+      // (
+        if (host.middlewares != [ ]) then
+          {
+            middlewares = builtins.listToAttrs (
+              lists.imap0 (id: v: {
+                name = "${name}-middleware-${toString id}";
+                value = v;
+              }) host.middlewares
+            );
+          }
+        else
          { }
-        else abort "Cannot have middlewares on non-http routers"
      );
-      services."${name}-service".loadBalancer.servers = [
-        (
-          let
-            localhost =
-              if isNull host.localHost then
-                (
-                  if host.protocol == "http" then "localhost"
-                  else "127.0.0.1"
-                ) else host.localHost;
-          in
-          if host.protocol == "http" then
-            { url = "http://${localhost}:${toString host.port}"; }
-          else { address = "${localhost}:${toString host.port}"; }
-        )
-      ];
-    } // (if (host.middlewares != [ ]) then {
-      middlewares = builtins.listToAttrs (lists.imap0
-        (id: v: {
-          name = "${name}-middleware-${toString id}";
-          value = v;
-        })
-        host.middlewares);
-    } else { });
  };

  tlsConfig = {
--- a/modules/cloud/traefik/dashboard.nix
+++ b/modules/cloud/traefik/dashboard.nix
@ -1,4 +1,9 @@
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:

 with lib;
 let
@ -28,7 +33,8 @@ in
    # Dynamic configuration
    # ---------------------
    ## Middleware
-    services.traefik.dynamicConfigOptions.http.middlewares.dashboard-auth.basicAuth.usersFile = cfg.usersFile;
+    services.traefik.dynamicConfigOptions.http.middlewares.dashboard-auth.basicAuth.usersFile =
+      cfg.usersFile;
    ## Router
    services.traefik.dynamicConfigOptions.http.routers.dashboard = {
      rule = "Host(`${cfg.host}`)";
--- a/modules/cloud/traefik/default.nix
+++ b/modules/cloud/traefik/default.nix
@ -1,22 +1,29 @@
-{ pkgs, config, lib, ... }:
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}:

 with lib;
 let
  # Copied from traefik.nix
-  jsonValue = with types;
+  jsonValue =
+    with types;
    let
-      valueType = nullOr
-        (oneOf [
+      valueType =
+        nullOr (oneOf [
          bool
          int
          float
          str
          (lazyAttrsOf valueType)
          (listOf valueType)
-        ]) // {
-        description = "JSON value";
-        emptyValue.value = { };
-      };
+        ])
+        // {
+          description = "JSON value";
+          emptyValue.value = { };
+        };
    in
    valueType;

@ -41,7 +48,11 @@ let
  cfg = config.cloud.traefik;
 in
 {
-  imports = [ ./config.nix ./dashboard.nix ./certs-dumper.nix ];
+  imports = [
+    ./config.nix
+    ./dashboard.nix
+    ./certs-dumper.nix
+  ];
  options.cloud.traefik = {
    cloudflareKeyFile = mkOption {
      type = types.path;
@ -104,7 +115,12 @@ in
  config.systemd.services.traefik.environment.CF_DNS_API_TOKEN_FILE = cfg.cloudflareKeyFile;

  # Set up firewall to allow traefik traffic.
-  config.networking.firewall.allowedTCPPorts = [ 443 993 587 465 ];
+  config.networking.firewall.allowedTCPPorts = [
+    443
+    993
+    587
+    465
+  ];
  config.networking.firewall.allowedUDPPorts = [
    443 # QUIC
    51820 # Wireguard