Merge pull request 'feat: format with nixpkgs-fmt' (#103) from feat/nixpkgs-fmt into main

Reviewed-on: #103
Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>
This commit is contained in:
teutat3s 2024-01-28 23:19:13 +00:00
commit 9e80c52965
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
44 changed files with 564 additions and 553 deletions

2
.git-blame-ignore-revs Normal file
View file

@ -0,0 +1,2 @@
# Apply treewide formatting with nixpkgs-fmt
815033c764660e1468b1564a02570bad0f84f77a

View file

@ -80,7 +80,8 @@
flake = flake =
let let
username = "barkeeper"; username = "barkeeper";
in { in
{
inherit username; inherit username;
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib;

View file

@ -1,9 +1,8 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , flake
flake, , ...
...
}: }:
{ {
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

View file

@ -1,9 +1,8 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , flake
flake, , ...
...
}: { }: {
age.secrets.drone-secrets = { age.secrets.drone-secrets = {
file = "${flake.self}/secrets/drone-secrets.age"; file = "${flake.self}/secrets/drone-secrets.age";
@ -31,10 +30,12 @@
"d '/var/lib/drone-db' 0750 drone drone - -" "d '/var/lib/drone-db' 0750 drone drone - -"
]; ];
systemd.services."docker-network-drone" = let systemd.services."docker-network-drone" =
let
docker = config.virtualisation.oci-containers.backend; docker = config.virtualisation.oci-containers.backend;
dockerBin = "${pkgs.${docker}}/bin/${docker}"; dockerBin = "${pkgs.${docker}}/bin/${docker}";
in { in
{
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
before = [ "docker-drone-server.service" ]; before = [ "docker-drone-server.service" ];
script = '' script = ''

View file

@ -1,9 +1,8 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , flake
flake, , ...
...
}: { }: {
age.secrets.forgejo-actions-runner-token = { age.secrets.forgejo-actions-runner-token = {
file = "${flake.self}/secrets/forgejo-actions-runner-token.age"; file = "${flake.self}/secrets/forgejo-actions-runner-token.age";

View file

@ -1,9 +1,8 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , flake
flake, , ...
...
}: { }: {
age.secrets.grafana-admin-password = { age.secrets.grafana-admin-password = {
file = "${flake.self}/secrets/grafana-admin-password.age"; file = "${flake.self}/secrets/grafana-admin-password.age";

View file

@ -1,9 +1,8 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , flake
flake, , ...
...
}: { }: {
# source: https://gist.github.com/rickhull/895b0cb38fdd537c1078a858cf15d63e # source: https://gist.github.com/rickhull/895b0cb38fdd537c1078a858cf15d63e
# https://grafana.com/docs/loki/latest/configure/examples/#1-local-configuration-exampleyaml # https://grafana.com/docs/loki/latest/configure/examples/#1-local-configuration-exampleyaml

View file

@ -1,9 +1,8 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , flake
flake, , ...
...
}: { }: {
age.secrets.nachtigall-metrics-prometheus-basic-auth-password = { age.secrets.nachtigall-metrics-prometheus-basic-auth-password = {
file = "${flake.self}/secrets/nachtigall-metrics-prometheus-basic-auth-password.age"; file = "${flake.self}/secrets/nachtigall-metrics-prometheus-basic-auth-password.age";

View file

@ -1,12 +1,13 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , flake
flake, , ...
... }:
}: let let
psCfg = config.pub-solar; psCfg = config.pub-solar;
in { in
{
config = { config = {
# Override nix.conf for more agressive garbage collection # Override nix.conf for more agressive garbage collection
nix.extraOptions = lib.mkForce '' nix.extraOptions = lib.mkForce ''

View file

@ -2,7 +2,8 @@
{ {
imports = imports =
[ # Include the results of the hardware scan. [
# Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./configuration.nix ./configuration.nix
./triton-vmtools.nix ./triton-vmtools.nix

View file

@ -1,12 +1,11 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config
config, , lib
lib, , pkgs
pkgs, , modulesPath
modulesPath, , ...
...
}: { }: {
imports = [ ]; imports = [ ];

View file

@ -1,7 +1,6 @@
{ { pkgs
pkgs, , flake
flake, , ...
...
}: { }: {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
flake.inputs.triton-vmtools.packages.${pkgs.system}.default flake.inputs.triton-vmtools.packages.${pkgs.system}.default

View file

@ -1,9 +1,8 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , self
self, , ...
...
}: { }: {
services.nginx.virtualHosts."collabora.pub.solar" = { services.nginx.virtualHosts."collabora.pub.solar" = {
enableACME = true; enableACME = true;

View file

@ -21,7 +21,8 @@
let let
externalIPv4s = lib.strings.concatMapStringsSep "\n" ({ address, ... }: "external-ip=${address}") config.networking.interfaces.enp35s0.ipv4.addresses; externalIPv4s = lib.strings.concatMapStringsSep "\n" ({ address, ... }: "external-ip=${address}") config.networking.interfaces.enp35s0.ipv4.addresses;
externalIPv6s = lib.strings.concatMapStringsSep "\n" ({ address, ... }: "external-ip=${address}") config.networking.interfaces.enp35s0.ipv6.addresses; externalIPv6s = lib.strings.concatMapStringsSep "\n" ({ address, ... }: "external-ip=${address}") config.networking.interfaces.enp35s0.ipv6.addresses;
in '' in
''
${externalIPv4s} ${externalIPv4s}
${externalIPv6s} ${externalIPv6s}
@ -64,7 +65,8 @@
}; };
networking.firewall = { networking.firewall = {
interfaces.enp35s0 = let interfaces.enp35s0 =
let
range = with config.services.coturn; [{ range = with config.services.coturn; [{
from = min-port; from = min-port;
to = max-port; to = max-port;

View file

@ -1,9 +1,8 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , flake
flake, , ...
...
}: { }: {
age.secrets.forgejo-database-password = { age.secrets.forgejo-database-password = {
file = "${flake.self}/secrets/forgejo-database-password.age"; file = "${flake.self}/secrets/forgejo-database-password.age";

View file

@ -1,9 +1,8 @@
{ { flake
flake, , config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: { }: {
age.secrets.keycloak-database-password = { age.secrets.keycloak-database-password = {
file = "${flake.self}/secrets/keycloak-database-password.age"; file = "${flake.self}/secrets/keycloak-database-password.age";

View file

@ -1,9 +1,8 @@
{ { flake
flake, , config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: }:
{ {
networking.firewall.allowedTCPPorts = [ 25 ]; networking.firewall.allowedTCPPorts = [ 25 ];

View file

@ -90,7 +90,8 @@
sendConnectionMessages = true; sendConnectionMessages = true;
ssl = true; ssl = true;
}; };
in { in
{
"irc.libera.chat" = lib.attrsets.recursiveUpdate commonConfig { "irc.libera.chat" = lib.attrsets.recursiveUpdate commonConfig {
name = "libera"; name = "libera";
dynamicChannels.groupId = "+libera.chat:localhost"; dynamicChannels.groupId = "+libera.chat:localhost";

View file

@ -2,7 +2,8 @@
let let
publicDomain = "matrix.pub.solar"; publicDomain = "matrix.pub.solar";
serverDomain = "pub.solar"; serverDomain = "pub.solar";
in { in
{
age.secrets."matrix-synapse-signing-key" = { age.secrets."matrix-synapse-signing-key" = {
file = "${flake.self}/secrets/matrix-synapse-signing-key.age"; file = "${flake.self}/secrets/matrix-synapse-signing-key.age";
mode = "400"; mode = "400";

View file

@ -1,10 +1,10 @@
{ { flake
flake, , config
config, , lib
lib, , pkgs
pkgs, , ...
... }:
}: let let
localSettingsPHP = pkgs.writeScript "LocalSettings.php" '' localSettingsPHP = pkgs.writeScript "LocalSettings.php" ''
<?php <?php
# Protect against web entry # Protect against web entry
@ -154,7 +154,8 @@
uid = 986; uid = 986;
gid = 984; gid = 984;
in { in
{
age.secrets.mediawiki-database-password = { age.secrets.mediawiki-database-password = {
file = "${flake.self}/secrets/mediawiki-database-password.age"; file = "${flake.self}/secrets/mediawiki-database-password.age";
path = "/run/mediawiki/database-password"; path = "/run/mediawiki/database-password";

View file

@ -1,8 +1,7 @@
{ { config
config, , pkgs
pkgs, , flake
flake, , ...
...
}: }:
{ {
age.secrets."nextcloud-secrets" = { age.secrets."nextcloud-secrets" = {

View file

@ -46,10 +46,12 @@ in
least_conn; least_conn;
''; '';
servers = builtins.listToAttrs servers = builtins.listToAttrs
(map (i: { (map
(i: {
name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket"; name = "unix:/run/mastodon-streaming/streaming-${toString i}.socket";
value = { }; value = { };
}) (lib.range 1 cfg.streamingProcesses)); })
(lib.range 1 cfg.streamingProcesses));
}; };
}; };
} }

View file

@ -128,7 +128,8 @@ in
port = 8448; port = 8448;
addr = "0.0.0.0"; addr = "0.0.0.0";
ssl = true; ssl = true;
} { }
{
port = 8448; port = 8448;
addr = "[::]"; addr = "[::]";
ssl = true; ssl = true;

View file

@ -1,13 +1,14 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , self
self, , ...
... }:
}: let let
acmeEmailAddress = "admins@pub.solar"; acmeEmailAddress = "admins@pub.solar";
webserverGroup = "hakkonaut"; webserverGroup = "hakkonaut";
in { in
{
services.nginx = { services.nginx = {
enable = true; enable = true;
group = webserverGroup; group = webserverGroup;

View file

@ -1,9 +1,8 @@
{ { flake
flake, , config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: { }: {
services.nginx.virtualHosts."stream.pub.solar" = { services.nginx.virtualHosts."stream.pub.solar" = {
enableACME = true; enableACME = true;

View file

@ -1,6 +1,5 @@
{ { config
config, , ...
...
}: { }: {
services.prometheus = { services.prometheus = {
exporters = { exporters = {

View file

@ -1,9 +1,8 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , flake
flake, , ...
...
}: { }: {
age.secrets.nachtigall-metrics-prometheus-basic-auth-password = { age.secrets.nachtigall-metrics-prometheus-basic-auth-password = {
file = "${flake.self}/secrets/nachtigall-metrics-prometheus-basic-auth-password.age"; file = "${flake.self}/secrets/nachtigall-metrics-prometheus-basic-auth-password.age";

View file

@ -1,9 +1,8 @@
{ { flake
flake, , config
config, , lib
lib, , pkgs
pkgs, , ...
...
}: }:
{ {
age.secrets.searx-environment = { age.secrets.searx-environment = {

View file

@ -1,8 +1,7 @@
{ { flake
flake, , config
config, , pkgs
pkgs, , ...
...
}: { }: {
# Use GRUB2 as the boot loader. # Use GRUB2 as the boot loader.
# We don't use systemd-boot because Hetzner uses BIOS legacy boot. # We don't use systemd-boot because Hetzner uses BIOS legacy boot.

View file

@ -2,7 +2,8 @@
{ {
imports = imports =
[ # Include the results of the hardware scan. [
# Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./configuration.nix ./configuration.nix

View file

@ -5,7 +5,8 @@
{ {
imports = imports =
[ (modulesPath + "/installer/scan/not-detected.nix") [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "ahci" "nvme" ]; boot.initrd.availableKernelModules = [ "ahci" "nvme" ];
@ -14,32 +15,38 @@
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "root_pool/root"; {
device = "root_pool/root";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib" = fileSystems."/var/lib" =
{ device = "root_pool/data"; {
device = "root_pool/data";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/postgresql" = fileSystems."/var/lib/postgresql" =
{ device = "root_pool/data/postgresql"; {
device = "root_pool/data/postgresql";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/var/lib/docker" = fileSystems."/var/lib/docker" =
{ device = "root_pool/data/docker"; {
device = "root_pool/data/docker";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot1" = fileSystems."/boot1" =
{ device = "/dev/disk/by-uuid/5493-EFF5"; {
device = "/dev/disk/by-uuid/5493-EFF5";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/boot2" = fileSystems."/boot2" =
{ device = "/dev/disk/by-uuid/5494-BA1E"; {
device = "/dev/disk/by-uuid/5494-BA1E";
fsType = "vfat"; fsType = "vfat";
}; };

View file

@ -1,4 +1,5 @@
{...}: let { ... }:
let
inherit (default.inputs.nixos) lib; inherit (default.inputs.nixos) lib;
host = configs.${hostname} or configs.PubSolarOS; host = configs.${hostname} or configs.PubSolarOS;

View file

@ -1,9 +1,11 @@
{ self, lib, inputs, ... }: { { self, lib, inputs, ... }: {
# Configuration common to all Linux systems # Configuration common to all Linux systems
flake = { flake = {
lib = let lib =
let
callLibs = file: import file { inherit lib; }; callLibs = file: import file { inherit lib; };
in rec { in
rec {
## Define your own library functions here! ## Define your own library functions here!
#id = x: x; #id = x: x;
## Or in files, containing functions that take {lib} ## Or in files, containing functions that take {lib}

View file

@ -5,7 +5,8 @@
* Licensed under the MIT license * Licensed under the MIT license
*/ */
{ lib, inputs }: let { lib, inputs }:
let
# https://github.com/serokell/deploy-rs#overall-usage # https://github.com/serokell/deploy-rs#overall-usage
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = import inputs.nixpkgs { inherit system; }; pkgs = import inputs.nixpkgs { inherit system; };
@ -16,7 +17,8 @@
(self: super: { deploy-rs = { inherit (pkgs) deploy-rs; lib = super.deploy-rs.lib; }; }) (self: super: { deploy-rs = { inherit (pkgs) deploy-rs; lib = super.deploy-rs.lib; }; })
]; ];
}; };
getFqdn = c: let getFqdn = c:
let
net = c.config.networking; net = c.config.networking;
fqdn = fqdn =
if (net ? domain) && (net.domain != null) if (net ? domain) && (net.domain != null)
@ -24,7 +26,8 @@
else net.hostName; else net.hostName;
in in
fqdn; fqdn;
in { in
{
mkDeployNodes = systemConfigurations: extraConfig: mkDeployNodes = systemConfigurations: extraConfig:
/* /*
* *

View file

@ -1,9 +1,8 @@
{ { config
config, , pkgs
pkgs, , lib
lib, , flake
flake, , ...
...
}: { }: {
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
]; ];

View file

@ -1,7 +1,6 @@
{ { self
self, , inputs
inputs, , ...
...
}: { }: {
flake = { flake = {
nixosModules = rec { nixosModules = rec {

View file

@ -24,7 +24,8 @@ let
flora6Keys = [ flora6Keys = [
flora-6-host flora-6-host
]; ];
in { in
{
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall # ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall
"nachtigall-root-ssh-key.age".publicKeys = nachtigallKeys ++ baseKeys; "nachtigall-root-ssh-key.age".publicKeys = nachtigallKeys ++ baseKeys;