From ea37c7b83627373a8ede87f7c2babf214b4d6f62 Mon Sep 17 00:00:00 2001 From: Felix Buehler Date: Sun, 28 Jul 2024 21:08:02 +0200 Subject: [PATCH] treewide: fmt --- flake.nix | 96 +++-- images/base-config.nix | 18 +- images/flake-module.nix | 12 +- images/rpi4-image.nix | 3 +- images/yubikey-installer.nix | 21 +- machines/configurations.nix | 32 +- machines/core/modules.nix | 3 +- machines/core/network.nix | 3 +- machines/newton/boot.nix | 3 +- machines/newton/disko-config.nix | 4 +- machines/newton/hardware-configuration.nix | 11 +- machines/newton/network.nix | 4 +- machines/newton/system.nix | 3 +- machines/serverle/disko-config.nix | 4 +- machines/serverle/network.nix | 3 +- machines/serverle/syncthing.nix | 4 +- machines/serverle/system.nix | 3 +- machines/thinkman/boot.nix | 3 +- machines/thinkman/disko-config.nix | 4 +- machines/thinkman/network.nix | 3 +- machines/thinkman/profiles.nix | 3 +- machines/thinkman/remote-build.nix | 6 +- machines/thinkman/system.nix | 3 +- modules/hardware/bluetooth/default.nix | 11 +- modules/hardware/debug/default.nix | 7 +- modules/hardware/firmware/default.nix | 47 ++- modules/hardware/graphics/default.nix | 7 +- modules/hardware/keychron/default.nix | 7 +- modules/hardware/sound/default.nix | 7 +- modules/hardware/thunderbolt/default.nix | 11 +- modules/hardware/yubikey/default.nix | 11 +- modules/services/alertmanager/config.nix | 6 +- modules/services/alertmanager/default.nix | 31 +- modules/services/aria2/default.nix | 7 +- modules/services/backup/default.nix | 59 +-- modules/services/bazarr/default.nix | 14 +- modules/services/blackbox/default.nix | 15 +- modules/services/blocky/default.nix | 7 +- modules/services/freshrss/default.nix | 7 +- modules/services/gitea/default.nix | 7 +- modules/services/grafana/default.nix | 7 +- modules/services/hedgedoc/default.nix | 7 +- modules/services/home-automation/default.nix | 7 +- modules/services/homepage/default.nix | 7 +- modules/services/homer/config.nix | 73 ++-- modules/services/homer/default.nix | 31 +- modules/services/initrd-ssh/default.nix | 4 +- modules/services/jellyfin/default.nix | 12 +- modules/services/loki/default.nix | 50 +-- modules/services/minecraft-server/default.nix | 7 +- modules/services/mumble-server/default.nix | 12 +- modules/services/navidrome/default.nix | 7 +- modules/services/nextcloud/default.nix | 14 +- modules/services/nginx/default.nix | 363 ++++++++++-------- modules/services/nginx/sso/default.nix | 12 +- modules/services/node-exporter/default.nix | 52 ++- modules/services/octoprint/default.nix | 20 +- modules/services/photoprism/default.nix | 7 +- modules/services/prometheus/default.nix | 50 ++- modules/services/promtail/default.nix | 22 +- modules/services/prowlarr/default.nix | 14 +- modules/services/radarr/default.nix | 14 +- modules/services/remote-build/default.nix | 11 +- modules/services/sonarr/default.nix | 14 +- modules/system/avahi/default.nix | 7 +- modules/system/docker/default.nix | 8 +- modules/system/fonts/default.nix | 44 ++- modules/system/kvm/default.nix | 37 +- modules/system/podman/default.nix | 12 +- modules/system/spell-check/default.nix | 8 +- overlays/default.nix | 3 +- pkgs/default.nix | 3 +- pkgs/grafana-dashboards/default.nix | 271 +++++++------ profiles/3d-design/default.nix | 7 +- profiles/android/default.nix | 11 +- profiles/clean/default.nix | 7 +- profiles/desktop-apps/default.nix | 7 +- profiles/desktop-dev/default.nix | 16 +- profiles/development/default.nix | 33 +- profiles/filesystem/default.nix | 7 +- profiles/gaming/default.nix | 7 +- profiles/gnome/default.nix | 7 +- profiles/latex/default.nix | 7 +- profiles/media/default.nix | 11 +- profiles/meeting/default.nix | 7 +- profiles/nautilus/default.nix | 11 +- profiles/powersave/default.nix | 7 +- profiles/printing/default.nix | 11 +- profiles/sway/default.nix | 11 +- profiles/sway/screen-sharing.nix | 15 +- profiles/sway/theme.nix | 7 +- profiles/sync/default.nix | 7 +- profiles/update/default.nix | 11 +- profiles/usb-iso/default.nix | 7 +- profiles/webcam/default.nix | 7 +- 95 files changed, 1162 insertions(+), 779 deletions(-) diff --git a/flake.nix b/flake.nix index 2edd43f..358f31d 100644 --- a/flake.nix +++ b/flake.nix @@ -43,7 +43,13 @@ }; }; - outputs = inputs@{ self, flake-parts, nixinate, ... }: + outputs = + inputs@{ + self, + flake-parts, + nixinate, + ... + }: flake-parts.lib.mkFlake { inherit inputs; } { imports = [ @@ -52,51 +58,61 @@ inputs.git-hooks.flakeModule ]; - systems = [ "x86_64-linux" "aarch64-linux" ]; + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; - perSystem = { inputs', config, pkgs, system, ... }: { - # make pkgs available to all `perSystem` functions - _module.args.pkgs = import inputs.nixpkgs { - inherit system; - }; + perSystem = + { + inputs', + config, + pkgs, + system, + ... + }: + { + # make pkgs available to all `perSystem` functions + _module.args.pkgs = import inputs.nixpkgs { inherit system; }; - # enable pre-commit checks - pre-commit.settings = { - hooks = { - deadnix = { - enable = true; - settings.noLambdaPatternNames = true; - }; - markdownlint.enable = true; - nixfmt = { - enable = true; - # TODO remove in 24.11 - package = pkgs.nixfmt-rfc-style; - }; - shellcheck.enable = true; - statix.enable = true; - typos = { - enable = true; - excludes = [ "secrets\\.yaml" "\\.sops\\.yaml" ]; - settings.ignored-words = [ "flate" ]; - }; - yamllint = { - enable = true; - excludes = [ "secrets\\.yaml" ]; + # enable pre-commit checks + pre-commit.settings = { + hooks = { + deadnix = { + enable = true; + settings.noLambdaPatternNames = true; + }; + markdownlint.enable = true; + nixfmt = { + enable = true; + # TODO remove in 24.11 + package = pkgs.nixfmt-rfc-style; + }; + shellcheck.enable = true; + statix.enable = true; + typos = { + enable = true; + excludes = [ + "secrets\\.yaml" + "\\.sops\\.yaml" + ]; + settings.ignored-words = [ "flate" ]; + }; + yamllint = { + enable = true; + excludes = [ "secrets\\.yaml" ]; + }; }; }; - }; - devShells.default = pkgs.mkShell { - inputsFrom = [ - config.pre-commit.devShell - ]; - nativeBuildInputs = with pkgs; [ - inputs'.sops-nix.packages.sops-import-keys-hook - inputs'.disko.packages.disko - ]; + devShells.default = pkgs.mkShell { + inputsFrom = [ config.pre-commit.devShell ]; + nativeBuildInputs = with pkgs; [ + inputs'.sops-nix.packages.sops-import-keys-hook + inputs'.disko.packages.disko + ]; + }; }; - }; # flake = {}; flake.apps = inputs.nixinate.nixinate."x86_64-linux" self; }; diff --git a/images/base-config.nix b/images/base-config.nix index f375272..15d6aa5 100644 --- a/images/base-config.nix +++ b/images/base-config.nix @@ -1,9 +1,11 @@ # based on: https://github.com/Mic92/dotfiles/blob/main/nixos/images/base-config.nix -{ lib -, pkgs -, config -, ... -}: { +{ + lib, + pkgs, + config, + ... +}: +{ system.stateVersion = config.system.nixos.version; networking = { @@ -23,7 +25,8 @@ network.enable = true; network.networks = lib.mapAttrs' - (num: _: + ( + num: _: lib.nameValuePair "eth${num}" { matchConfig.Name = "eth${num}"; networkConfig = { @@ -40,7 +43,8 @@ RouteMetric = 512; }; ipv6AcceptRAConfig.Token = "::521a:c5ff:fefe:65d9"; - }) + } + ) { "0" = { }; "1" = { }; diff --git a/images/flake-module.nix b/images/flake-module.nix index a15ec60..a8e7872 100644 --- a/images/flake-module.nix +++ b/images/flake-module.nix @@ -2,25 +2,19 @@ let inherit (self.inputs) nixos-generators; defaultModule = { - imports = [ - ./base-config.nix - ]; + imports = [ ./base-config.nix ]; _module.args.inputs = self.inputs; }; in { perSystem = - { pkgs - , ... - }: + { pkgs, ... }: { packages = { install-iso = nixos-generators.nixosGenerate { system = "x86_64-linux"; inherit pkgs; - modules = [ - defaultModule - ]; + modules = [ defaultModule ]; format = "install-iso"; }; diff --git a/images/rpi4-image.nix b/images/rpi4-image.nix index ec3777e..58508bd 100644 --- a/images/rpi4-image.nix +++ b/images/rpi4-image.nix @@ -1,6 +1,7 @@ # nix build .#install-sd-aarch64 --system aarch64-linux # zstd -vdcfT6 /nix/store/...-aarch64-linux.img/sd-image/...-aarch64-linux.img.zst | dd of=/dev/sdX status=progress bs=64K -{ ... }: { +{ ... }: +{ nixpkgs.localSystem.system = "aarch64-linux"; imports = [ diff --git a/images/yubikey-installer.nix b/images/yubikey-installer.nix index 8a97397..b6a3621 100644 --- a/images/yubikey-installer.nix +++ b/images/yubikey-installer.nix @@ -2,7 +2,13 @@ # nix build -f yubikey-installer.nix nixos-yubikey # sudo cp -v installer/iso/*.iso /dev/sdb; sync let - configuration = { config, lib, pkgs, ... }: + configuration = + { + config, + lib, + pkgs, + ... + }: with pkgs; let src = fetchGit "https://github.com/drduh/YubiKey-Guide"; @@ -54,12 +60,17 @@ let yubikey-guide = symlinkJoin { name = "yubikey-guide"; - paths = [ view-yubikey-guide shortcut ]; + paths = [ + view-yubikey-guide + shortcut + ]; }; in { - nixpkgs.config = { allowBroken = true; }; + nixpkgs.config = { + allowBroken = true; + }; isoImage.isoBaseName = lib.mkForce "nixos-yubikey"; # Uncomment this to disable compression and speed up image creation time @@ -72,7 +83,9 @@ let kernelParams = [ "copytoram" ]; # Secure defaults tmp.cleanOnBoot = true; - kernel.sysctl = { "kernel.unprivileged_bpf_disabled" = 1; }; + kernel.sysctl = { + "kernel.unprivileged_bpf_disabled" = 1; + }; }; services.pcscd.enable = true; diff --git a/machines/configurations.nix b/machines/configurations.nix index cb5135f..f489dd3 100644 --- a/machines/configurations.nix +++ b/machines/configurations.nix @@ -1,7 +1,6 @@ { self, ... }: let - inherit - (self.inputs) + inherit (self.inputs) nixpkgs nixpkgs-unstable sops-nix @@ -26,18 +25,19 @@ let } { imports = [ - ({ pkgs, ... }: { - nixpkgs.config.allowUnfree = true; - nixpkgs.overlays = [ - overlay-unstable - (import ../overlays) - (import ../pkgs) - ]; - nix.nixPath = [ - "nixpkgs=${pkgs.path}" - ]; - documentation.info.enable = false; - }) + ( + { pkgs, ... }: + { + nixpkgs.config.allowUnfree = true; + nixpkgs.overlays = [ + overlay-unstable + (import ../overlays) + (import ../pkgs) + ]; + nix.nixPath = [ "nixpkgs=${pkgs.path}" ]; + documentation.info.enable = false; + } + ) disko.nixosModules.disko passworts.nixosModules.passworts sops-nix.nixosModules.sops @@ -60,9 +60,7 @@ in }; newton = nixosSystem { system = "x86_64-linux"; - modules = defaultModules ++ [ - ./newton/configuration.nix - ]; + modules = defaultModules ++ [ ./newton/configuration.nix ]; }; serverle = nixosSystem { system = "aarch64-linux"; diff --git a/machines/core/modules.nix b/machines/core/modules.nix index e9cffbb..4977464 100644 --- a/machines/core/modules.nix +++ b/machines/core/modules.nix @@ -1,5 +1,4 @@ -_: -{ +_: { boot.initrd = { availableKernelModules = [ "ahci" diff --git a/machines/core/network.nix b/machines/core/network.nix index b5eeb51..0666ee7 100644 --- a/machines/core/network.nix +++ b/machines/core/network.nix @@ -1,5 +1,4 @@ -_: -{ +_: { networking.networkmanager = { enable = true; diff --git a/machines/newton/boot.nix b/machines/newton/boot.nix index 935a6f5..9d70d99 100644 --- a/machines/newton/boot.nix +++ b/machines/newton/boot.nix @@ -1,5 +1,4 @@ -_: -{ +_: { boot.loader = { timeout = 1; grub = { diff --git a/machines/newton/disko-config.nix b/machines/newton/disko-config.nix index 04af7a4..af30382 100644 --- a/machines/newton/disko-config.nix +++ b/machines/newton/disko-config.nix @@ -18,9 +18,7 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; + mountOptions = [ "defaults" ]; }; }; luks = { diff --git a/machines/newton/hardware-configuration.nix b/machines/newton/hardware-configuration.nix index 35a55d1..3c97088 100644 --- a/machines/newton/hardware-configuration.nix +++ b/machines/newton/hardware-configuration.nix @@ -1,4 +1,9 @@ -{ config, lib, modulesPath, ... }: +{ + config, + lib, + modulesPath, + ... +}: { imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; @@ -9,9 +14,7 @@ "virtio_pci" "virtio_scsi" ]; - boot.initrd.kernelModules = [ - "dm-snapshot" - ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/machines/newton/network.nix b/machines/newton/network.nix index 887aa6a..582664c 100644 --- a/machines/newton/network.nix +++ b/machines/newton/network.nix @@ -27,7 +27,9 @@ let in { # kernel parameters are needed for initrd - boot.kernelParams = [ "ip=${ip4_addr}::${ip4_gw}:${ip4_mask}:${config.networking.hostName}:${ifname}:off" ]; + boot.kernelParams = [ + "ip=${ip4_addr}::${ip4_gw}:${ip4_mask}:${config.networking.hostName}:${ifname}:off" + ]; networking = { nameservers = ip4_dns ++ ip6_dns; domain = "buehler.rocks"; diff --git a/machines/newton/system.nix b/machines/newton/system.nix index 6832efb..507c2b8 100644 --- a/machines/newton/system.nix +++ b/machines/newton/system.nix @@ -1,6 +1,5 @@ # enabled system services -_: -{ +_: { my.system = { podman.enable = true; }; diff --git a/machines/serverle/disko-config.nix b/machines/serverle/disko-config.nix index a3e0a2c..8269c63 100644 --- a/machines/serverle/disko-config.nix +++ b/machines/serverle/disko-config.nix @@ -18,9 +18,7 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; + mountOptions = [ "defaults" ]; }; }; luks = { diff --git a/machines/serverle/network.nix b/machines/serverle/network.nix index 7501041..343e0c2 100644 --- a/machines/serverle/network.nix +++ b/machines/serverle/network.nix @@ -1,5 +1,4 @@ -_: -{ +_: { networking.firewall.allowedTCPPorts = [ 8080 # aria ]; diff --git a/machines/serverle/syncthing.nix b/machines/serverle/syncthing.nix index 96b0d19..1e70a86 100644 --- a/machines/serverle/syncthing.nix +++ b/machines/serverle/syncthing.nix @@ -74,9 +74,7 @@ "Aria2" = { id = "jjnzq-pgzua"; path = "/data/tmp/aria2"; - devices = [ - "thinkman" - ]; + devices = [ "thinkman" ]; }; }; }; diff --git a/machines/serverle/system.nix b/machines/serverle/system.nix index 0757216..0e604e2 100644 --- a/machines/serverle/system.nix +++ b/machines/serverle/system.nix @@ -1,6 +1,5 @@ # enabled system services -_: -{ +_: { my.system = { avahi.enable = true; docker.enable = true; diff --git a/machines/thinkman/boot.nix b/machines/thinkman/boot.nix index 9364765..a8e9220 100644 --- a/machines/thinkman/boot.nix +++ b/machines/thinkman/boot.nix @@ -1,5 +1,4 @@ -_: -{ +_: { boot = { loader = { timeout = 1; diff --git a/machines/thinkman/disko-config.nix b/machines/thinkman/disko-config.nix index 1c90bc6..df18247 100644 --- a/machines/thinkman/disko-config.nix +++ b/machines/thinkman/disko-config.nix @@ -18,9 +18,7 @@ type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = [ - "defaults" - ]; + mountOptions = [ "defaults" ]; }; }; luks = { diff --git a/machines/thinkman/network.nix b/machines/thinkman/network.nix index eaf345e..712d5f3 100644 --- a/machines/thinkman/network.nix +++ b/machines/thinkman/network.nix @@ -1,6 +1,5 @@ # network settings -_: -{ +_: { # hotfixes for dns settings networking.extraHosts = let diff --git a/machines/thinkman/profiles.nix b/machines/thinkman/profiles.nix index af6044f..01ed516 100644 --- a/machines/thinkman/profiles.nix +++ b/machines/thinkman/profiles.nix @@ -1,6 +1,5 @@ # enabled profiles -_: -{ +_: { my.profiles = { "3d-design".enable = true; android.enable = true; diff --git a/machines/thinkman/remote-build.nix b/machines/thinkman/remote-build.nix index f3aaf46..90ee53e 100644 --- a/machines/thinkman/remote-build.nix +++ b/machines/thinkman/remote-build.nix @@ -9,7 +9,11 @@ in { hostName = "buehler.rocks"; system = "x86_64-linux"; - supportedFeatures = [ "benchmark" "kvm" "big-parallel" ]; + supportedFeatures = [ + "benchmark" + "kvm" + "big-parallel" + ]; sshUser = "nixremote"; sshKey = secrets."nixremote/ssh_key".path; maxJobs = 4; diff --git a/machines/thinkman/system.nix b/machines/thinkman/system.nix index ec652f5..c309a5f 100644 --- a/machines/thinkman/system.nix +++ b/machines/thinkman/system.nix @@ -1,6 +1,5 @@ # enabled system services -_: -{ +_: { my.system = { avahi.enable = true; fonts.enable = true; diff --git a/modules/hardware/bluetooth/default.nix b/modules/hardware/bluetooth/default.nix index dab77e7..446eb65 100644 --- a/modules/hardware/bluetooth/default.nix +++ b/modules/hardware/bluetooth/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.hardware.bluetooth; in @@ -18,8 +23,6 @@ in }; }; services.blueman.enable = true; - environment.systemPackages = with pkgs; [ - sony-headphones-client - ]; + environment.systemPackages = with pkgs; [ sony-headphones-client ]; }; } diff --git a/modules/hardware/debug/default.nix b/modules/hardware/debug/default.nix index 9c55232..0d6168a 100644 --- a/modules/hardware/debug/default.nix +++ b/modules/hardware/debug/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.hardware.debug; in diff --git a/modules/hardware/firmware/default.nix b/modules/hardware/firmware/default.nix index 7f46c77..c1f783d 100644 --- a/modules/hardware/firmware/default.nix +++ b/modules/hardware/firmware/default.nix @@ -7,32 +7,39 @@ in enable = mkEnableOption "firmware configuration"; cpuFlavor = mkOption { - type = with types; nullOr (enum [ "intel" "amd" ]); + type = + with types; + nullOr (enum [ + "intel" + "amd" + ]); default = null; example = "intel"; description = "Which kind of CPU to activate micro-code updates"; }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - hardware = { - enableRedistributableFirmware = true; - }; - } + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + hardware = { + enableRedistributableFirmware = true; + }; + } - # Intel CPU - (lib.mkIf (cfg.cpuFlavor == "intel") { - hardware = { - cpu.intel.updateMicrocode = true; - }; - }) + # Intel CPU + (lib.mkIf (cfg.cpuFlavor == "intel") { + hardware = { + cpu.intel.updateMicrocode = true; + }; + }) - # AMD CPU - (lib.mkIf (cfg.cpuFlavor == "amd") { - hardware = { - cpu.amd.updateMicrocode = true; - }; - }) - ]); + # AMD CPU + (lib.mkIf (cfg.cpuFlavor == "amd") { + hardware = { + cpu.amd.updateMicrocode = true; + }; + }) + ] + ); } diff --git a/modules/hardware/graphics/default.nix b/modules/hardware/graphics/default.nix index 6088b4f..04c4941 100644 --- a/modules/hardware/graphics/default.nix +++ b/modules/hardware/graphics/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.hardware.graphics; in diff --git a/modules/hardware/keychron/default.nix b/modules/hardware/keychron/default.nix index 3f07563..09180c5 100644 --- a/modules/hardware/keychron/default.nix +++ b/modules/hardware/keychron/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.hardware.keychron; in diff --git a/modules/hardware/sound/default.nix b/modules/hardware/sound/default.nix index 552ff30..d3ac73f 100644 --- a/modules/hardware/sound/default.nix +++ b/modules/hardware/sound/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.hardware.sound; in diff --git a/modules/hardware/thunderbolt/default.nix b/modules/hardware/thunderbolt/default.nix index 29bac56..100d550 100644 --- a/modules/hardware/thunderbolt/default.nix +++ b/modules/hardware/thunderbolt/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.hardware.thunderbolt; in @@ -8,9 +13,7 @@ in }; config = lib.mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - thunderbolt - ]; + environment.systemPackages = with pkgs; [ thunderbolt ]; services.hardware.bolt.enable = true; }; } diff --git a/modules/hardware/yubikey/default.nix b/modules/hardware/yubikey/default.nix index 070c91a..c278d24 100644 --- a/modules/hardware/yubikey/default.nix +++ b/modules/hardware/yubikey/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.hardware.yubikey; in @@ -18,8 +23,6 @@ in }; services.pcscd.enable = true; - environment.systemPackages = with pkgs; [ - yubikey-manager - ]; + environment.systemPackages = with pkgs; [ yubikey-manager ]; }; } diff --git a/modules/services/alertmanager/config.nix b/modules/services/alertmanager/config.nix index 1c031fa..52ba37b 100644 --- a/modules/services/alertmanager/config.nix +++ b/modules/services/alertmanager/config.nix @@ -14,11 +14,7 @@ receivers = [ { name = "default"; - email_configs = [ - { - to = "server@buehler.rocks"; - } - ]; + email_configs = [ { to = "server@buehler.rocks"; } ]; webhook_configs = [ { url = "http://localhost:4050/services/hooks/YWxlcnRtYW5hZ2VyX3NlcnZpY2U"; diff --git a/modules/services/alertmanager/default.nix b/modules/services/alertmanager/default.nix index 2fc2fd9..fb03e7e 100644 --- a/modules/services/alertmanager/default.nix +++ b/modules/services/alertmanager/default.nix @@ -1,5 +1,10 @@ # monitoring system services -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.alertmanager; inherit (config.networking) domain; @@ -37,24 +42,18 @@ in extraFlags = [ "--cluster.advertise-address 127.0.0.1:${toString cfg.port}" ]; }; - alertmanagers = [ - { - static_configs = [ - { - targets = [ "localhost:${toString cfg.port}" ]; - } - ]; - } - ]; + alertmanagers = [ { static_configs = [ { targets = [ "localhost:${toString cfg.port}" ]; } ]; } ]; scrapeConfigs = [ { job_name = "alertmanager"; - static_configs = [{ - targets = [ "127.0.0.1:${toString cfg.port}" ]; - labels = { - instance = config.networking.hostName; - }; - }]; + static_configs = [ + { + targets = [ "127.0.0.1:${toString cfg.port}" ]; + labels = { + instance = config.networking.hostName; + }; + } + ]; } ]; }; diff --git a/modules/services/aria2/default.nix b/modules/services/aria2/default.nix index c342559..06a0aac 100644 --- a/modules/services/aria2/default.nix +++ b/modules/services/aria2/default.nix @@ -1,5 +1,10 @@ # to download things -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.aria2; inherit (config.networking) domain; diff --git a/modules/services/backup/default.nix b/modules/services/backup/default.nix index c1e3c9a..97647b4 100644 --- a/modules/services/backup/default.nix +++ b/modules/services/backup/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.backup; in @@ -52,9 +57,7 @@ in type = with types; listOf str; description = lib.mdDoc "additional path(s) to back up"; default = [ "/" ]; - example = [ - "/home/user" - ]; + example = [ "/home/user" ]; }; exclude = mkOption { type = with types; listOf str; @@ -100,8 +103,8 @@ in # other-os "**/.Trash" # apple "**/.DS_Store" # apple - "**/$RECYCLE.BIN" #windows - "**/System Volume Information" #windows + "**/$RECYCLE.BIN" # windows + "**/System Volume Information" # windows # var data "/var/cache" @@ -138,27 +141,31 @@ in inherit (cfg) doInit; compression = "auto,zstd"; - postHook = '' - if (( $exitStatus > 1 )); then - '' + lib.optionalString cfg.OnFailureNotification '' - # iterate over all logged in users - for user in $(users); do - sway_pid=$(${pkgs.procps}/bin/pgrep -x "sway" -u "$user") - if [ -n "$sway_pid" ]; then - # set environment variables - export $(cat /proc/$sway_pid/environ | grep -z '^DBUS_SESSION_BUS_ADDRESS=' | tr -d '\0') - export DISPLAY=:0 - # send notification via dbus: https://wiki.archlinux.org/title/Desktop_notifications#Bash - ${pkgs.sudo}/bin/sudo --preserve-env=DBUS_SESSION_BUS_ADDRESS,DISPLAY -u $user ${pkgs.libnotify}/bin/notify-send -u critical "BorgBackup Failed!" "Run journalctl -u borgbackup-job* for more details." - echo "sent notification" + postHook = + '' + if (( $exitStatus > 1 )); then + '' + + lib.optionalString cfg.OnFailureNotification '' + # iterate over all logged in users + for user in $(users); do + sway_pid=$(${pkgs.procps}/bin/pgrep -x "sway" -u "$user") + if [ -n "$sway_pid" ]; then + # set environment variables + export $(cat /proc/$sway_pid/environ | grep -z '^DBUS_SESSION_BUS_ADDRESS=' | tr -d '\0') + export DISPLAY=:0 + # send notification via dbus: https://wiki.archlinux.org/title/Desktop_notifications#Bash + ${pkgs.sudo}/bin/sudo --preserve-env=DBUS_SESSION_BUS_ADDRESS,DISPLAY -u $user ${pkgs.libnotify}/bin/notify-send -u critical "BorgBackup Failed!" "Run journalctl -u borgbackup-job* for more details." + echo "sent notification" + fi + done + '' + + lib.optionalString (cfg.OnFailureMail != null) '' + journalctl -u borgbackup-job-hetzner.service | ${pkgs.mailutils}/bin/mail -r "Administrator" -s "Backup Error" server@buehler.rocks + echo "sent mail" + '' + + '' fi - done - '' + lib.optionalString (cfg.OnFailureMail != null) '' - journalctl -u borgbackup-job-hetzner.service | ${pkgs.mailutils}/bin/mail -r "Administrator" -s "Backup Error" server@buehler.rocks - echo "sent mail" - '' + '' - fi - ''; + ''; # for mail sending readWritePaths = lib.optional (cfg.OnFailureMail != null) "/var/lib/postfix/queue/maildrop/"; diff --git a/modules/services/bazarr/default.nix b/modules/services/bazarr/default.nix index 90d0405..5974a3e 100644 --- a/modules/services/bazarr/default.nix +++ b/modules/services/bazarr/default.nix @@ -31,12 +31,14 @@ in prometheus.scrapeConfigs = [ { job_name = "bazarr"; - static_configs = [{ - targets = [ "127.0.0.1:${toString port + 1}" ]; - labels = { - instance = config.networking.hostName; - }; - }]; + static_configs = [ + { + targets = [ "127.0.0.1:${toString port + 1}" ]; + labels = { + instance = config.networking.hostName; + }; + } + ]; } ]; }; diff --git a/modules/services/blackbox/default.nix b/modules/services/blackbox/default.nix index 13bddbb..cdbf669 100644 --- a/modules/services/blackbox/default.nix +++ b/modules/services/blackbox/default.nix @@ -1,5 +1,10 @@ # monitor urls -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.blackbox; blackBoxConfig = { @@ -11,12 +16,8 @@ let ssh_banner = { prober = "tcp"; tcp.query_response = [ - { - send = "SSH-2.0-blackbox-ssh-check"; - } - { - expect = "^SSH-2.0-"; - } + { send = "SSH-2.0-blackbox-ssh-check"; } + { expect = "^SSH-2.0-"; } ]; }; }; diff --git a/modules/services/blocky/default.nix b/modules/services/blocky/default.nix index de8d467..3b9c376 100644 --- a/modules/services/blocky/default.nix +++ b/modules/services/blocky/default.nix @@ -1,5 +1,10 @@ # Fast and lightweight DNS proxy as ad-blocker for local network -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.blocky; in diff --git a/modules/services/freshrss/default.nix b/modules/services/freshrss/default.nix index 215a726..d760bef 100644 --- a/modules/services/freshrss/default.nix +++ b/modules/services/freshrss/default.nix @@ -1,5 +1,10 @@ # RSS aggregator and reader -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.freshrss; inherit (config.networking) domain; diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix index e3e3de4..9d39a2a 100644 --- a/modules/services/gitea/default.nix +++ b/modules/services/gitea/default.nix @@ -1,5 +1,10 @@ # self-hosted git service -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.gitea; inherit (config.networking) domain; diff --git a/modules/services/grafana/default.nix b/modules/services/grafana/default.nix index 0f5850a..7158009 100644 --- a/modules/services/grafana/default.nix +++ b/modules/services/grafana/default.nix @@ -1,5 +1,10 @@ # visualize monitoring services -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.grafana; inherit (config.networking) domain; diff --git a/modules/services/hedgedoc/default.nix b/modules/services/hedgedoc/default.nix index bb657fa..2bdc65c 100644 --- a/modules/services/hedgedoc/default.nix +++ b/modules/services/hedgedoc/default.nix @@ -1,5 +1,10 @@ # HedgeDoc is an open-source, web-based, self-hosted, collaborative markdown editor. -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.hedgedoc; inherit (config.networking) domain; diff --git a/modules/services/home-automation/default.nix b/modules/services/home-automation/default.nix index a1d9e06..31458a9 100644 --- a/modules/services/home-automation/default.nix +++ b/modules/services/home-automation/default.nix @@ -1,5 +1,10 @@ # home automation -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.home-automation; inherit (config.networking) domain; diff --git a/modules/services/homepage/default.nix b/modules/services/homepage/default.nix index 1b16e42..b028a3f 100644 --- a/modules/services/homepage/default.nix +++ b/modules/services/homepage/default.nix @@ -1,5 +1,10 @@ # My own personal homepage -{ config, lib, inputs, ... }: +{ + config, + lib, + inputs, + ... +}: let cfg = config.my.services.homepage; inherit (config.networking) domain; diff --git a/modules/services/homer/config.nix b/modules/services/homer/config.nix index b342176..ac79efe 100644 --- a/modules/services/homer/config.nix +++ b/modules/services/homer/config.nix @@ -3,24 +3,26 @@ { options.webapps = { dashboardCategories = lib.mkOption { - type = lib.types.listOf (lib.types.submodule { - options = { - name = lib.mkOption { - type = lib.types.str; - description = '' - Category name. - ''; - example = "Applications"; + type = lib.types.listOf ( + lib.types.submodule { + options = { + name = lib.mkOption { + type = lib.types.str; + description = '' + Category name. + ''; + example = "Applications"; + }; + tag = lib.mkOption { + type = lib.types.str; + description = '' + Category tag. + ''; + example = "app"; + }; }; - tag = lib.mkOption { - type = lib.types.str; - description = '' - Category tag. - ''; - example = "app"; - }; - }; - }); + } + ); description = '' App categories to display on the dashboard. ''; @@ -34,8 +36,8 @@ }; apps = lib.mkOption { - type = lib.types.attrsOf - (lib.types.submodule { + type = lib.types.attrsOf ( + lib.types.submodule { options = { dashboard = { url = lib.mkOption { @@ -79,7 +81,10 @@ default = "Ping"; }; method = lib.mkOption { - type = lib.types.enum [ "get" "head" ]; + type = lib.types.enum [ + "get" + "head" + ]; description = '' method of request used ''; @@ -88,7 +93,8 @@ }; }; }; - }); + } + ); description = '' Defines a web application. ''; @@ -105,24 +111,33 @@ let apps = builtins.filter (a: a.dashboard.name != null) (lib.attrValues cfg.apps); in - lib.forEach cfg.dashboardCategories (cat: + lib.forEach cfg.dashboardCategories ( + cat: let catApps = lib.sort (a: b: a.dashboard.name < b.dashboard.name) ( - builtins.filter - (a: - a.dashboard.category != null && a.dashboard.category == cat.tag || - a.dashboard.category == null && cat.tag == "misc") - apps); + builtins.filter ( + a: + a.dashboard.category != null && a.dashboard.category == cat.tag + || a.dashboard.category == null && cat.tag == "misc" + ) apps + ); in { inherit (cat) name; items = lib.forEach catApps (a: { - inherit (a.dashboard) method name type url; + inherit (a.dashboard) + method + name + type + url + ; icon = lib.optionalString (a.dashboard.icon != null) "fas fa-${a.dashboard.icon}"; target = "_blank"; }); } ); - my.services.blackbox.http_endpoints = lib.mapAttrsToList (_key: value: value.dashboard.url) config.webapps.apps ++ [ "https://${config.networking.domain}/" ]; + my.services.blackbox.http_endpoints = + lib.mapAttrsToList (_key: value: value.dashboard.url) config.webapps.apps + ++ [ "https://${config.networking.domain}/" ]; }; } diff --git a/modules/services/homer/default.nix b/modules/services/homer/default.nix index 77ba8ee..0a7d2fc 100644 --- a/modules/services/homer/default.nix +++ b/modules/services/homer/default.nix @@ -1,5 +1,10 @@ # Dashboard site -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.homer; inherit (config.networking) domain; @@ -14,9 +19,7 @@ let }; in { - imports = [ - ./config.nix - ]; + imports = [ ./config.nix ]; options.my.services.homer = with lib; { enable = mkEnableOption "Homer Dashboard"; @@ -44,10 +47,22 @@ in webapps = { dashboardCategories = [ - { name = "Applications"; tag = "app"; } - { name = "Media"; tag = "media"; } - { name = "Infrastructure"; tag = "infra"; } - { name = "Others"; tag = "other"; } + { + name = "Applications"; + tag = "app"; + } + { + name = "Media"; + tag = "media"; + } + { + name = "Infrastructure"; + tag = "infra"; + } + { + name = "Others"; + tag = "other"; + } ]; }; }; diff --git a/modules/services/initrd-ssh/default.nix b/modules/services/initrd-ssh/default.nix index 9523b63..7bfb362 100644 --- a/modules/services/initrd-ssh/default.nix +++ b/modules/services/initrd-ssh/default.nix @@ -15,9 +15,7 @@ in ssh = { enable = true; port = 2222; - hostKeys = [ - "/etc/secrets/initrd/ssh_host_ed25519_key" - ]; + hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman" ]; diff --git a/modules/services/jellyfin/default.nix b/modules/services/jellyfin/default.nix index b73cae9..805e6a7 100644 --- a/modules/services/jellyfin/default.nix +++ b/modules/services/jellyfin/default.nix @@ -1,5 +1,10 @@ # The Free Software Media System -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.jellyfin; inherit (config.networking) domain; @@ -8,10 +13,7 @@ let jellyfin-with-metrics = pkgs.jellyfin.overrideAttrs (attrs: { patches = let - existingPatches = - if attrs ? patches && builtins.isList attrs.patches - then attrs.patches - else [ ]; + existingPatches = if attrs ? patches && builtins.isList attrs.patches then attrs.patches else [ ]; in # with this patch the default setting for metrics is changed existingPatches ++ [ ./enable-metrics.patch ]; diff --git a/modules/services/loki/default.nix b/modules/services/loki/default.nix index 1548e35..1e22d23 100644 --- a/modules/services/loki/default.nix +++ b/modules/services/loki/default.nix @@ -1,5 +1,10 @@ # log monitoring -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.loki; in @@ -15,8 +20,8 @@ in }; rules = mkOption { - type = types.attrsOf - (types.submodule { + type = types.attrsOf ( + types.submodule { options = { condition = mkOption { type = types.str; @@ -53,7 +58,8 @@ in default = "2m"; }; }; - }); + } + ); description = '' Defines the loki rules. ''; @@ -67,14 +73,12 @@ in groups = [ { name = "alerting-rules"; - rules = lib.mapAttrsToList - (name: opts: { - alert = name; - inherit (opts) condition labels; - for = opts.time; - annotations.description = opts.description; - }) - cfg.rules; + rules = lib.mapAttrsToList (name: opts: { + alert = name; + inherit (opts) condition labels; + for = opts.time; + annotations.description = opts.description; + }) cfg.rules; } ]; }; @@ -114,16 +118,18 @@ in }; schema_config = { - configs = [{ - from = "2020-11-08"; - store = "tsdb"; - object_store = "filesystem"; - schema = "v13"; - index = { - prefix = "index_"; - period = "24h"; - }; - }]; + configs = [ + { + from = "2020-11-08"; + store = "tsdb"; + object_store = "filesystem"; + schema = "v13"; + index = { + prefix = "index_"; + period = "24h"; + }; + } + ]; }; limits_config = { diff --git a/modules/services/minecraft-server/default.nix b/modules/services/minecraft-server/default.nix index 31bec13..576a41e 100644 --- a/modules/services/minecraft-server/default.nix +++ b/modules/services/minecraft-server/default.nix @@ -1,5 +1,10 @@ # sandbox video game -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.minecraft-server; in diff --git a/modules/services/mumble-server/default.nix b/modules/services/mumble-server/default.nix index bf678c9..e331c78 100644 --- a/modules/services/mumble-server/default.nix +++ b/modules/services/mumble-server/default.nix @@ -1,5 +1,10 @@ # Have a good quality voice chat -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.mumble-server; domain = "voice.${config.networking.domain}"; @@ -28,7 +33,10 @@ in ''; }; - users.groups."voice-buehler-rocks".members = [ "murmur" "nginx" ]; + users.groups."voice-buehler-rocks".members = [ + "murmur" + "nginx" + ]; my.services.prometheus.rules = { mumble_not_running = { diff --git a/modules/services/navidrome/default.nix b/modules/services/navidrome/default.nix index 5ddeaee..cc072d5 100644 --- a/modules/services/navidrome/default.nix +++ b/modules/services/navidrome/default.nix @@ -1,5 +1,10 @@ # A FLOSS self-hosted, subsonic compatible music server -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.navidrome; inherit (config.networking) domain; diff --git a/modules/services/nextcloud/default.nix b/modules/services/nextcloud/default.nix index 213fd5a..88cc785 100644 --- a/modules/services/nextcloud/default.nix +++ b/modules/services/nextcloud/default.nix @@ -1,5 +1,10 @@ # self-hosted cloud -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.nextcloud; inherit (config.networking) domain; @@ -71,7 +76,12 @@ in }; extraApps = with pkgs.nextcloud29Packages.apps; { - inherit calendar contacts tasks deck; + inherit + calendar + contacts + tasks + deck + ; }; extraAppsEnable = true; }; diff --git a/modules/services/nginx/default.nix b/modules/services/nginx/default.nix index b40ff8e..8929383 100644 --- a/modules/services/nginx/default.nix +++ b/modules/services/nginx/default.nix @@ -1,60 +1,65 @@ # A simple abstraction layer for almost all of my services' needs -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.nginx; - virtualHostOption = with lib; types.submodule { - options = { - subdomain = mkOption { - type = types.str; - example = "dev"; - description = '' - Which subdomain, under config.networking.domain, to use - for this virtual host. - ''; - }; - port = mkOption { - type = with types; nullOr port; - default = null; - example = 8080; - description = '' - Which port to proxy to, through 127.0.0.1, for this virtual host. - This option is incompatible with `root`. - ''; - }; - root = mkOption { - type = with types; nullOr path; - default = null; - example = "/var/www/blog"; - description = '' - The root folder for this virtual host. This option is incompatible - with `port`. - ''; - }; - sso = { - enable = mkEnableOption "SSO authentication"; - }; - extraConfig = mkOption { - type = types.attrs; # FIXME: forward type of virtualHosts - example = literalExpression '' - { - locations."/socket" = { - proxyPass = "http://127.0.0.1:8096/"; - proxyWebsockets = true; - }; - } - ''; - default = { }; - description = '' - Any extra configuration that should be applied to this virtual host. - ''; + virtualHostOption = + with lib; + types.submodule { + options = { + subdomain = mkOption { + type = types.str; + example = "dev"; + description = '' + Which subdomain, under config.networking.domain, to use + for this virtual host. + ''; + }; + port = mkOption { + type = with types; nullOr port; + default = null; + example = 8080; + description = '' + Which port to proxy to, through 127.0.0.1, for this virtual host. + This option is incompatible with `root`. + ''; + }; + root = mkOption { + type = with types; nullOr path; + default = null; + example = "/var/www/blog"; + description = '' + The root folder for this virtual host. This option is incompatible + with `port`. + ''; + }; + sso = { + enable = mkEnableOption "SSO authentication"; + }; + extraConfig = mkOption { + type = types.attrs; # FIXME: forward type of virtualHosts + example = literalExpression '' + { + locations."/socket" = { + proxyPass = "http://127.0.0.1:8096/"; + proxyWebsockets = true; + }; + } + ''; + default = { }; + description = '' + Any extra configuration that should be applied to this virtual host. + ''; + }; }; }; - }; in { - imports = [ - ./sso - ]; + imports = [ ./sso ]; options.my.services.nginx = with lib; { enable = mkEnableOption "Nginx"; acme = { @@ -116,20 +121,22 @@ in description = "Port to use for internal webui."; }; users = mkOption { - type = types.attrsOf (types.submodule { - options = { - passwordHashFile = mkOption { - type = types.str; - example = "/var/lib/nginx-sso/alice/password-hash.txt"; - description = "Path to file containing the user's password hash."; + type = types.attrsOf ( + types.submodule { + options = { + passwordHashFile = mkOption { + type = types.str; + example = "/var/lib/nginx-sso/alice/password-hash.txt"; + description = "Path to file containing the user's password hash."; + }; + totpSecretFile = mkOption { + type = types.str; + example = "/var/lib/nginx-sso/alice/totp-secret.txt"; + description = "Path to file containing the user's TOTP secret."; + }; }; - totpSecretFile = mkOption { - type = types.str; - example = "/var/lib/nginx-sso/alice/totp-secret.txt"; - description = "Path to file containing the user's TOTP secret."; - }; - }; - }); + } + ); example = literalExpression '' { alice = { @@ -153,9 +160,13 @@ in }; }; config = lib.mkIf cfg.enable { - assertions = lib.flip builtins.map cfg.virtualHosts ({ subdomain, ... } @ args: + assertions = lib.flip builtins.map cfg.virtualHosts ( + { subdomain, ... }@args: let - conflicts = [ "port" "root" ]; + conflicts = [ + "port" + "root" + ]; optionsNotNull = builtins.map (v: args.${v} != null) conflicts; optionsSet = lib.filter lib.id optionsNotNull; in @@ -166,39 +177,40 @@ in lib.concatStringsSep ", " (builtins.map (v: "'${v}'") conflicts) } configured. ''; - }) - # ++ ( - # let - # ports = lib.my.mapFilter - # (v: v != null) - # ({ port, ... }: port) - # cfg.virtualHosts; - # lib.unique ports; - # lib.compareLists ports - # portCounts = lib.my.countValues ports; - # nonUniquesCounts = lib.filterAttrs (_: v: v != 1) portCounts; - # nonUniques = builtins.attrNames nonUniquesCounts; - # mkAssertion = port: { - # assertion = false; - # message = "Port ${port} cannot appear in multiple virtual hosts."; - # }; - # in - # map mkAssertion nonUniques - # ) ++ ( - # let - # subs = map ({ subdomain, ... }: subdomain) cfg.virtualHosts; - # subsCounts = lib.my.countValues subs; - # nonUniquesCounts = lib.filterAttrs (_: v: v != 1) subsCounts; - # nonUniques = builtins.attrNames nonUniquesCounts; - # mkAssertion = v: { - # assertion = false; - # message = '' - # Subdomain '${v}' cannot appear in multiple virtual hosts. - # ''; - # }; - # in - # map mkAssertion nonUniques - # ) + } + ) + # ++ ( + # let + # ports = lib.my.mapFilter + # (v: v != null) + # ({ port, ... }: port) + # cfg.virtualHosts; + # lib.unique ports; + # lib.compareLists ports + # portCounts = lib.my.countValues ports; + # nonUniquesCounts = lib.filterAttrs (_: v: v != 1) portCounts; + # nonUniques = builtins.attrNames nonUniquesCounts; + # mkAssertion = port: { + # assertion = false; + # message = "Port ${port} cannot appear in multiple virtual hosts."; + # }; + # in + # map mkAssertion nonUniques + # ) ++ ( + # let + # subs = map ({ subdomain, ... }: subdomain) cfg.virtualHosts; + # subsCounts = lib.my.countValues subs; + # nonUniquesCounts = lib.filterAttrs (_: v: v != 1) subsCounts; + # nonUniques = builtins.attrNames nonUniquesCounts; + # mkAssertion = v: { + # assertion = false; + # message = '' + # Subdomain '${v}' cannot appear in multiple virtual hosts. + # ''; + # }; + # in + # map mkAssertion nonUniques + # ) ; services = { nginx = { @@ -251,67 +263,68 @@ in let genAttrs' = values: f: lib.listToAttrs (map f values); inherit (config.networking) domain; - mkVHost = { subdomain, ... } @ args: lib.nameValuePair - "${subdomain}.${domain}" - (lib.foldl lib.recursiveUpdate { } [ - # Base configuration - { - forceSSL = true; - useACMEHost = domain; - } - # Proxy to port - (lib.optionalAttrs (args.port != null) { - locations."/".proxyPass = - "http://127.0.0.1:${toString args.port}"; - # TODO make ipv6 possible - # http://[::1]:${toString args.port}; - }) - # Serve filesystem content - (lib.optionalAttrs (args.root != null) { - inherit (args) root; - }) - # VHost specific configuration - args.extraConfig - # SSO configuration - (lib.optionalAttrs args.sso.enable { - extraConfig = (args.extraConfig.extraConfig or "") + '' - error_page 401 = @error401; - ''; - locations = { - "@error401".return = '' - 302 https://${cfg.sso.subdomain}.${config.networking.domain}/login?go=$scheme://$http_host$request_uri - ''; - "/" = { - extraConfig = - (args.extraConfig.locations."/".extraConfig or "") + '' - # Use SSO - auth_request /sso-auth; - # Set username through header - auth_request_set $username $upstream_http_x_username; - proxy_set_header X-User $username; - # Renew SSO cookie on request - auth_request_set $cookie $upstream_http_set_cookie; - add_header Set-Cookie $cookie; - ''; - }; - "/sso-auth" = { - proxyPass = "http://localhost:${toString cfg.sso.port}/auth"; - extraConfig = '' - # Do not allow requests from outside - internal; - # Do not forward the request body - proxy_pass_request_body off; - proxy_set_header Content-Length ""; - # Set X-Application according to subdomain for matching - proxy_set_header X-Application "${subdomain}"; - # Set origin URI for matching - proxy_set_header X-Origin-URI $request_uri; + mkVHost = + { subdomain, ... }@args: + lib.nameValuePair "${subdomain}.${domain}" ( + lib.foldl lib.recursiveUpdate { } [ + # Base configuration + { + forceSSL = true; + useACMEHost = domain; + } + # Proxy to port + (lib.optionalAttrs (args.port != null) { + locations."/".proxyPass = "http://127.0.0.1:${toString args.port}"; + # TODO make ipv6 possible + # http://[::1]:${toString args.port}; + }) + # Serve filesystem content + (lib.optionalAttrs (args.root != null) { inherit (args) root; }) + # VHost specific configuration + args.extraConfig + # SSO configuration + (lib.optionalAttrs args.sso.enable { + extraConfig = + (args.extraConfig.extraConfig or "") + + '' + error_page 401 = @error401; ''; + locations = { + "@error401".return = '' + 302 https://${cfg.sso.subdomain}.${config.networking.domain}/login?go=$scheme://$http_host$request_uri + ''; + "/" = { + extraConfig = + (args.extraConfig.locations."/".extraConfig or "") + + '' + # Use SSO + auth_request /sso-auth; + # Set username through header + auth_request_set $username $upstream_http_x_username; + proxy_set_header X-User $username; + # Renew SSO cookie on request + auth_request_set $cookie $upstream_http_set_cookie; + add_header Set-Cookie $cookie; + ''; + }; + "/sso-auth" = { + proxyPass = "http://localhost:${toString cfg.sso.port}/auth"; + extraConfig = '' + # Do not allow requests from outside + internal; + # Do not forward the request body + proxy_pass_request_body off; + proxy_set_header Content-Length ""; + # Set X-Application according to subdomain for matching + proxy_set_header X-Application "${subdomain}"; + # Set origin URI for matching + proxy_set_header X-Origin-URI $request_uri; + ''; + }; }; - }; - }) - ]) - ; + }) + ] + ); in genAttrs' cfg.virtualHosts mkVHost; sso = { @@ -322,9 +335,7 @@ in inherit (cfg.sso) port; }; audit_log = { - target = [ - "fd://stdout" - ]; + target = [ "fd://stdout" ]; events = [ "access_denied" "login_success" @@ -359,21 +370,30 @@ in in { users = applyUsers (_: v: { _secret = v.passwordHashFile; }); - mfa = applyUsers (_: v: [{ - provider = "totp"; - attributes = { - secret = { - _secret = v.totpSecretFile; - }; - }; - }]); + mfa = applyUsers ( + _: v: [ + { + provider = "totp"; + attributes = { + secret = { + _secret = v.totpSecretFile; + }; + }; + } + ] + ); inherit (cfg.sso) groups; }; }; acl = { rule_sets = [ { - rules = [{ field = "x-application"; present = true; }]; + rules = [ + { + field = "x-application"; + present = true; + } + ]; allow = [ "@root" ]; } ]; @@ -426,7 +446,10 @@ in ]; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; # Nginx needs to be able to read the certificates users.users.nginx.extraGroups = [ "acme" ]; security.acme = { diff --git a/modules/services/nginx/sso/default.nix b/modules/services/nginx/sso/default.nix index 8c2526c..d2f3cde 100644 --- a/modules/services/nginx/sso/default.nix +++ b/modules/services/nginx/sso/default.nix @@ -1,5 +1,11 @@ # I must override the module to allow having runtime secrets -{ config, lib, pkgs, utils, ... }: +{ + config, + lib, + pkgs, + utils, + ... +}: let cfg = config.services.nginx.sso; pkg = lib.getBin cfg.package; @@ -8,7 +14,6 @@ in { disabledModules = [ "services/security/nginx-sso.nix" ]; - options.services.nginx.sso = with lib; { enable = mkEnableOption "nginx-sso service"; @@ -67,8 +72,7 @@ in # Fix permissions chown nginx-sso:nginx-sso ${confPath} chmod 0600 ${confPath} - '' - }''; + ''}''; ExecStart = lib.mkForce '' ${pkg}/bin/nginx-sso \ --config ${confPath} \ diff --git a/modules/services/node-exporter/default.nix b/modules/services/node-exporter/default.nix index ae613b8..fafa50c 100644 --- a/modules/services/node-exporter/default.nix +++ b/modules/services/node-exporter/default.nix @@ -1,5 +1,11 @@ # monitoring system services -{ config, lib, pkgs, inputs, ... }: +{ + config, + lib, + pkgs, + inputs, + ... +}: let cfg = config.my.services.node-exporter; in @@ -17,9 +23,7 @@ in "systemd" "textfile" ]; - extraFlags = [ - "--collector.textfile.directory=/etc/prometheus-node-exporter-text-files" - ]; + extraFlags = [ "--collector.textfile.directory=/etc/prometheus-node-exporter-text-files" ]; port = 9100; listenAddress = "127.0.0.1"; }; @@ -32,21 +36,25 @@ in scrapeConfigs = [ { job_name = "node"; - static_configs = [{ - targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; - labels = { - instance = config.networking.hostName; - }; - }]; + static_configs = [ + { + targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; + labels = { + instance = config.networking.hostName; + }; + } + ]; } { job_name = "systemd"; - static_configs = [{ - targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.systemd.port}" ]; - labels = { - instance = config.networking.hostName; - }; - }]; + static_configs = [ + { + targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.systemd.port}" ]; + labels = { + instance = config.networking.hostName; + }; + } + ]; } ]; }; @@ -55,10 +63,14 @@ in environment.etc = let inputsWithDate = lib.filterAttrs (_: input: input ? lastModified) inputs; - flakeAttrs = input: (lib.mapAttrsToList (n: v: ''${n}="${v}"'') - (lib.filterAttrs (_n: v: (builtins.typeOf v) == "string") input)); - lastModified = name: input: '' - flake_input_last_modified{input="${name}",${lib.concatStringsSep "," (flakeAttrs input)}} ${toString input.lastModified}''; + flakeAttrs = + input: + (lib.mapAttrsToList (n: v: ''${n}="${v}"'') ( + lib.filterAttrs (_n: v: (builtins.typeOf v) == "string") input + )); + lastModified = + name: input: + ''flake_input_last_modified{input="${name}",${lib.concatStringsSep "," (flakeAttrs input)}} ${toString input.lastModified}''; in { "prometheus-node-exporter-text-files/flake-inputs.prom" = { diff --git a/modules/services/octoprint/default.nix b/modules/services/octoprint/default.nix index 705f267..ce0fb72 100644 --- a/modules/services/octoprint/default.nix +++ b/modules/services/octoprint/default.nix @@ -19,14 +19,18 @@ in config = lib.mkIf cfg.enable { services.octoprint = { enable = true; - plugins = plugins: with plugins; [ - costestimation - displayprogress - m86motorsoff - stlviewer - telegram - titlestatus - ] ++ cfg.plugins; + plugins = + plugins: + with plugins; + [ + costestimation + displayprogress + m86motorsoff + stlviewer + telegram + titlestatus + ] + ++ cfg.plugins; }; networking.firewall.allowedTCPPorts = [ 5000 ]; }; diff --git a/modules/services/photoprism/default.nix b/modules/services/photoprism/default.nix index 0ac38ef..6ba5718 100644 --- a/modules/services/photoprism/default.nix +++ b/modules/services/photoprism/default.nix @@ -49,7 +49,12 @@ in config = lib.mkIf cfg.enable { services.photoprism = { enable = true; - inherit (cfg) passwordFile port originalsPath settings; + inherit (cfg) + passwordFile + port + originalsPath + settings + ; }; my.services.nginx.virtualHosts = [ diff --git a/modules/services/prometheus/default.nix b/modules/services/prometheus/default.nix index 56088d3..eb439e0 100644 --- a/modules/services/prometheus/default.nix +++ b/modules/services/prometheus/default.nix @@ -1,5 +1,10 @@ # monitoring system services -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.prometheus; inherit (config.networking) domain; @@ -31,8 +36,8 @@ in # a good collections for allerts can be found here: https://samber.github.io/awesome-prometheus-alerts/rules#blackbox rules = mkOption { - type = types.attrsOf - (types.submodule { + type = types.attrsOf ( + types.submodule { options = { condition = mkOption { type = types.str; @@ -69,7 +74,8 @@ in default = "2m"; }; }; - }); + } + ); description = '' Defines the prometheus rules. ''; @@ -92,12 +98,12 @@ in }; ruleFiles = [ - (pkgs.writeText "prometheus-rules.yml" (builtins.toJSON { - groups = [ - { - name = "alerting-rules"; - rules = lib.mapAttrsToList - (name: opts: { + (pkgs.writeText "prometheus-rules.yml" ( + builtins.toJSON { + groups = [ + { + name = "alerting-rules"; + rules = lib.mapAttrsToList (name: opts: { alert = name; expr = opts.condition; for = opts.time; @@ -106,22 +112,24 @@ in inherit (opts) description; grafana = lib.optionalString config.services.grafana.enable "https://visualization.${domain}"; }; - }) - cfg.rules; - } - ]; - })) + }) cfg.rules; + } + ]; + } + )) ]; scrapeConfigs = [ { job_name = "prometheus"; - static_configs = [{ - targets = [ "127.0.0.1:${toString cfg.port}" ]; - labels = { - instance = config.networking.hostName; - }; - }]; + static_configs = [ + { + targets = [ "127.0.0.1:${toString cfg.port}" ]; + labels = { + instance = config.networking.hostName; + }; + } + ]; } ]; }; diff --git a/modules/services/promtail/default.nix b/modules/services/promtail/default.nix index af79205..26240ee 100644 --- a/modules/services/promtail/default.nix +++ b/modules/services/promtail/default.nix @@ -28,9 +28,11 @@ in positions = { filename = "/tmp/positions.yaml"; }; - clients = [{ - url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push"; - }]; + clients = [ + { + url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push"; + } + ]; scrape_configs = [ { job_name = "journal"; @@ -41,18 +43,18 @@ in host = config.networking.hostName; }; }; - relabel_configs = [{ - source_labels = [ "__journal__systemd_unit" ]; - target_label = "unit"; - }]; + relabel_configs = [ + { + source_labels = [ "__journal__systemd_unit" ]; + target_label = "unit"; + } + ]; } { job_name = "nginx"; static_configs = [ { - targets = [ - "localhost" - ]; + targets = [ "localhost" ]; labels = { job = "nginx"; __path__ = "/var/log/nginx/*.log"; diff --git a/modules/services/prowlarr/default.nix b/modules/services/prowlarr/default.nix index 853dedc..cbf63e1 100644 --- a/modules/services/prowlarr/default.nix +++ b/modules/services/prowlarr/default.nix @@ -31,12 +31,14 @@ in prometheus.scrapeConfigs = [ { job_name = "prowlarr"; - static_configs = [{ - targets = [ "127.0.0.1:${toString port + 1}" ]; - labels = { - instance = config.networking.hostName; - }; - }]; + static_configs = [ + { + targets = [ "127.0.0.1:${toString port + 1}" ]; + labels = { + instance = config.networking.hostName; + }; + } + ]; } ]; }; diff --git a/modules/services/radarr/default.nix b/modules/services/radarr/default.nix index ccd118a..f1bae23 100644 --- a/modules/services/radarr/default.nix +++ b/modules/services/radarr/default.nix @@ -31,12 +31,14 @@ in prometheus.scrapeConfigs = [ { job_name = "radarr"; - static_configs = [{ - targets = [ "127.0.0.1:${toString port + 1}" ]; - labels = { - instance = config.networking.hostName; - }; - }]; + static_configs = [ + { + targets = [ "127.0.0.1:${toString port + 1}" ]; + labels = { + instance = config.networking.hostName; + }; + } + ]; } ]; }; diff --git a/modules/services/remote-build/default.nix b/modules/services/remote-build/default.nix index bb056cc..0489087 100644 --- a/modules/services/remote-build/default.nix +++ b/modules/services/remote-build/default.nix @@ -1,5 +1,10 @@ # manages remote builds -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.services.remote-build; in @@ -15,7 +20,9 @@ in isSystemUser = true; group = "nixremote"; shell = pkgs.bashInteractive; - openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYSzDdxqaNHmaaLqEvOK/vB65zvqoCebI3Nxzgg5smq root@thinkman" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYSzDdxqaNHmaaLqEvOK/vB65zvqoCebI3Nxzgg5smq root@thinkman" + ]; }; nix.settings.trusted-users = [ "nixremote" ]; }; diff --git a/modules/services/sonarr/default.nix b/modules/services/sonarr/default.nix index a45c095..45b886f 100644 --- a/modules/services/sonarr/default.nix +++ b/modules/services/sonarr/default.nix @@ -31,12 +31,14 @@ in prometheus.scrapeConfigs = [ { job_name = "sonarr"; - static_configs = [{ - targets = [ "127.0.0.1:${toString port + 1}" ]; - labels = { - instance = config.networking.hostName; - }; - }]; + static_configs = [ + { + targets = [ "127.0.0.1:${toString port + 1}" ]; + labels = { + instance = config.networking.hostName; + }; + } + ]; } ]; }; diff --git a/modules/system/avahi/default.nix b/modules/system/avahi/default.nix index e5ae9e4..68e99cf 100644 --- a/modules/system/avahi/default.nix +++ b/modules/system/avahi/default.nix @@ -1,5 +1,10 @@ # avahi related settings -{ config, lib, options, ... }: +{ + config, + lib, + options, + ... +}: let cfg = config.my.system.avahi; in diff --git a/modules/system/docker/default.nix b/modules/system/docker/default.nix index f913942..dbdcee9 100644 --- a/modules/system/docker/default.nix +++ b/modules/system/docker/default.nix @@ -1,5 +1,11 @@ # Docker related settings -{ config, lib, options, pkgs, ... }: +{ + config, + lib, + options, + pkgs, + ... +}: let cfg = config.my.system.docker; in diff --git a/modules/system/fonts/default.nix b/modules/system/fonts/default.nix index 2709579..e9eb015 100644 --- a/modules/system/fonts/default.nix +++ b/modules/system/fonts/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.system.fonts; in @@ -21,23 +26,26 @@ in monospace = [ "Ubuntu Mono" ]; }; - packages = with pkgs; [ - cantarell-fonts # gnome default - fira - fira-code # coding - fira-code-symbols # ligatures - fira-mono - font-awesome # icons - joypixels # emojis - liberation_ttf # main microsoft fonts - # mplus-outline-fonts.githubRelease # microsoft fonts - noto-fonts - noto-fonts-cjk-sans - noto-fonts-color-emoji - noto-fonts-extra - ubuntu_font_family - unifont # unicode fallback - ] ++ cfg.additionalFonts; + packages = + with pkgs; + [ + cantarell-fonts # gnome default + fira + fira-code # coding + fira-code-symbols # ligatures + fira-mono + font-awesome # icons + joypixels # emojis + liberation_ttf # main microsoft fonts + # mplus-outline-fonts.githubRelease # microsoft fonts + noto-fonts + noto-fonts-cjk-sans + noto-fonts-color-emoji + noto-fonts-extra + ubuntu_font_family + unifont # unicode fallback + ] + ++ cfg.additionalFonts; }; nixpkgs.config.joypixels.acceptLicense = true; }; diff --git a/modules/system/kvm/default.nix b/modules/system/kvm/default.nix index 26b4858..450da3c 100644 --- a/modules/system/kvm/default.nix +++ b/modules/system/kvm/default.nix @@ -7,32 +7,31 @@ in enable = mkEnableOption "kvm configuration"; cpuFlavor = mkOption { - type = with types; nullOr (enum [ "intel" "amd" ]); + type = + with types; + nullOr (enum [ + "intel" + "amd" + ]); default = null; example = "intel"; description = "Which kind of CPU to activate kernelModules"; }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - { - virtualisation.libvirtd.enable = true; + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + { + virtualisation.libvirtd.enable = true; - programs.virt-manager.enable = true; - } + programs.virt-manager.enable = true; + } - # Intel CPU - (lib.mkIf (cfg.cpuFlavor == "intel") { - boot.kernelModules = [ - "kvm-intel" - ]; - }) + # Intel CPU + (lib.mkIf (cfg.cpuFlavor == "intel") { boot.kernelModules = [ "kvm-intel" ]; }) - # AMD CPU - (lib.mkIf (cfg.cpuFlavor == "amd") { - boot.kernelModules = [ - "kvm-amd" - ]; - }) - ]); + # AMD CPU + (lib.mkIf (cfg.cpuFlavor == "amd") { boot.kernelModules = [ "kvm-amd" ]; }) + ] + ); } diff --git a/modules/system/podman/default.nix b/modules/system/podman/default.nix index f2858e3..cb75f6d 100644 --- a/modules/system/podman/default.nix +++ b/modules/system/podman/default.nix @@ -1,5 +1,11 @@ # Podman related settings -{ config, lib, options, pkgs, ... }: +{ + config, + lib, + options, + pkgs, + ... +}: let cfg = config.my.system.podman; in @@ -10,9 +16,7 @@ in config = lib.mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - podman-compose - ]; + environment.systemPackages = with pkgs; [ podman-compose ]; virtualisation.podman = { enable = true; diff --git a/modules/system/spell-check/default.nix b/modules/system/spell-check/default.nix index 250d8ad..dc90ef4 100644 --- a/modules/system/spell-check/default.nix +++ b/modules/system/spell-check/default.nix @@ -1,5 +1,11 @@ # spell-checking -{ config, lib, options, pkgs, ... }: +{ + config, + lib, + options, + pkgs, + ... +}: let cfg = config.my.system.spell-check; in diff --git a/overlays/default.nix b/overlays/default.nix index c8a37e2..49461a6 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,6 +1,5 @@ # overlays for nixpkgs -_self: _super: -{ +_self: _super: { # freshrss = _super.freshrss.overrideAttrs (old: { # version = "1.21.0"; # src = _super.fetchFromGitHub { diff --git a/pkgs/default.nix b/pkgs/default.nix index 70a8552..0dea299 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -1,5 +1,4 @@ -final: _prev: -{ +final: _prev: { homer = final.callPackage ./homer { }; grafana-dashboards = final.callPackage ./grafana-dashboards { }; } diff --git a/pkgs/grafana-dashboards/default.nix b/pkgs/grafana-dashboards/default.nix index 595f778..51c626d 100644 --- a/pkgs/grafana-dashboards/default.nix +++ b/pkgs/grafana-dashboards/default.nix @@ -6,139 +6,164 @@ let inherit (pkgs) stdenv fetchurl; in -lib.makeScope pkgs.newScope (_self: -let - buildGrafanaDashboard = args: stdenv.mkDerivation (args // { - pname = "grafana-dashboard-${args.pname}-${toString args.id}"; - inherit (args) version; - src = fetchurl { - url = "https://grafana.com/api/dashboards/${toString args.id}/revisions/${args.version}/download"; - inherit (args) hash; +lib.makeScope pkgs.newScope ( + _self: + let + buildGrafanaDashboard = + args: + stdenv.mkDerivation ( + args + // { + pname = "grafana-dashboard-${args.pname}-${toString args.id}"; + inherit (args) version; + src = fetchurl { + url = "https://grafana.com/api/dashboards/${toString args.id}/revisions/${args.version}/download"; + inherit (args) hash; + }; + dontUnpack = true; + installPhase = '' + runHook preInstall + mkdir -p $out + cp $src $out/${args.pname}-${toString args.id}.json + runHook postInstall + ''; + } + ); + in + { + inherit buildGrafanaDashboard; + + node-exporter = buildGrafanaDashboard { + id = 1860; + pname = "node-exporter-full"; + version = "31"; + hash = "sha256-QsRHsnayYRRGc+2MfhaKGYpNdH02PesnR5b50MDzHIg="; }; - dontUnpack = true; - installPhase = '' - runHook preInstall - mkdir -p $out - cp $src $out/${args.pname}-${toString args.id}.json - runHook postInstall - ''; - }); -in -{ - inherit buildGrafanaDashboard; + node-systemd = + (buildGrafanaDashboard { + id = 1617; + pname = "node-systemd"; + version = "1"; + hash = "sha256-MEWU5rIqlbaGu3elqdSoMZfbk67WDnH0VWuC8FqZ8v8="; + }).overrideAttrs + (_: { + src = ./node-systemd.json; # sadly only imported dashboards work + }); - node-exporter = buildGrafanaDashboard { - id = 1860; - pname = "node-exporter-full"; - version = "31"; - hash = "sha256-QsRHsnayYRRGc+2MfhaKGYpNdH02PesnR5b50MDzHIg="; - }; - node-systemd = (buildGrafanaDashboard { - id = 1617; - pname = "node-systemd"; - version = "1"; - hash = "sha256-MEWU5rIqlbaGu3elqdSoMZfbk67WDnH0VWuC8FqZ8v8="; - }).overrideAttrs (_: { - src = ./node-systemd.json; # sadly only imported dashboards work - }); + nginx = buildGrafanaDashboard { + id = 12708; + pname = "nginx"; + version = "1"; + hash = "sha256-T1HqWbwt+i/We+Y2B7hcl3CijGxZF5QI38aPcXjk9y0="; + }; - nginx = buildGrafanaDashboard { - id = 12708; - pname = "nginx"; - version = "1"; - hash = "sha256-T1HqWbwt+i/We+Y2B7hcl3CijGxZF5QI38aPcXjk9y0="; - }; + nextcloud = + (buildGrafanaDashboard { + id = 9632; + pname = "nextcloud"; + version = "1"; + hash = "sha256-Z28Q/sMg3jxglkszAs83IpL8f4p9loNnTQzjc3S/SAQ="; + }).overrideAttrs + (_: { + src = ./nextcloud.json; # sadly only imported dashboards work + }); - nextcloud = (buildGrafanaDashboard { - id = 9632; - pname = "nextcloud"; - version = "1"; - hash = "sha256-Z28Q/sMg3jxglkszAs83IpL8f4p9loNnTQzjc3S/SAQ="; - }).overrideAttrs (_: { - src = ./nextcloud.json; # sadly only imported dashboards work - }); + blocky = buildGrafanaDashboard { + id = 13768; + pname = "blocky"; + version = "3"; + hash = "sha256-T1HqWbwt+i/Wa+Y2B7hcl3CijGxZF5aI38aPcXjk9y0="; + }; - blocky = buildGrafanaDashboard { - id = 13768; - pname = "blocky"; - version = "3"; - hash = "sha256-T1HqWbwt+i/Wa+Y2B7hcl3CijGxZF5aI38aPcXjk9y0="; - }; + navidrome = + (buildGrafanaDashboard { + id = 18038; + pname = "navidrome"; + version = "1"; + hash = "sha256-MU890UAEI9wrnVIC/R0HkYwFa6mJ8Y7ESAWuaSQ8FQ8="; + }).overrideAttrs + (_: { + src = ./navidrome.json; # sadly data source is not detected + }); - navidrome = (buildGrafanaDashboard { - id = 18038; - pname = "navidrome"; - version = "1"; - hash = "sha256-MU890UAEI9wrnVIC/R0HkYwFa6mJ8Y7ESAWuaSQ8FQ8="; - }).overrideAttrs (_: { - src = ./navidrome.json; # sadly data source is not detected - }); + # taken from https://gitlab.archlinux.org/archlinux/infrastructure/-/blob/master/roles/grafana/files/dashboards/Hedgedoc.json?ref_type=heads + hedgedoc = + (buildGrafanaDashboard { + id = -1; + pname = "hedgedoc"; + version = "1"; + hash = lib.fakeSha256; + }).overrideAttrs + (_: { + src = ./hedgedoc.json; # sadly data source is not detected + }); - # taken from https://gitlab.archlinux.org/archlinux/infrastructure/-/blob/master/roles/grafana/files/dashboards/Hedgedoc.json?ref_type=heads - hedgedoc = (buildGrafanaDashboard { - id = -1; - pname = "hedgedoc"; - version = "1"; - hash = lib.fakeSha256; - }).overrideAttrs (_: { - src = ./hedgedoc.json; # sadly data source is not detected - }); + cadvisor = buildGrafanaDashboard { + id = 10619; + pname = "cadvisor"; + version = "1"; + hash = "sha256-T1HqWbwt+i/Wa+Y2B7hclaCijGxZF5QI38aPcXjk9y0="; + }; - cadvisor = buildGrafanaDashboard { - id = 10619; - pname = "cadvisor"; - version = "1"; - hash = "sha256-T1HqWbwt+i/Wa+Y2B7hclaCijGxZF5QI38aPcXjk9y0="; - }; + loki = + (buildGrafanaDashboard { + id = 13407; + pname = "loki"; + version = "1"; + hash = "sha256-1sxTDSEwi2O/Ce+rWqqhMvsYEJeELBfkb9W2R6cDjcU="; + }).overrideAttrs + (_: { + src = ./loki.json; # sadly not yet updated to latest grafana + }); - loki = (buildGrafanaDashboard { - id = 13407; - pname = "loki"; - version = "1"; - hash = "sha256-1sxTDSEwi2O/Ce+rWqqhMvsYEJeELBfkb9W2R6cDjcU="; - }).overrideAttrs (_: { - src = ./loki.json; # sadly not yet updated to latest grafana - }); + alertmanager = buildGrafanaDashboard { + id = 9578; + pname = "alertmanager"; + version = "4"; + hash = "sha256-/scCKBKqTjRKKImIrEYLBKGweOUnkx+QsD5yLfdXW5o="; + }; - alertmanager = buildGrafanaDashboard { - id = 9578; - pname = "alertmanager"; - version = "4"; - hash = "sha256-/scCKBKqTjRKKImIrEYLBKGweOUnkx+QsD5yLfdXW5o="; - }; + gitea = + (buildGrafanaDashboard { + id = 13192; + pname = "gitea"; + version = "1"; + hash = "sha256-IAaI/HvMxcWE3PGQFK8avNjgj88DgcDvkWRcDAWSejM="; + }).overrideAttrs + (_: { + src = ./gitea.json; # sadly not yet updated to latest grafana + }); - gitea = (buildGrafanaDashboard { - id = 13192; - pname = "gitea"; - version = "1"; - hash = "sha256-IAaI/HvMxcWE3PGQFK8avNjgj88DgcDvkWRcDAWSejM="; - }).overrideAttrs (_: { - src = ./gitea.json; # sadly not yet updated to latest grafana - }); + prometheus = + (buildGrafanaDashboard { + id = 3662; + pname = "prometheus"; + version = "2"; + hash = "sha256-+nsi8/dYNvGVGV+ftfO1gSAQbO5GpZwW480T5mHMM4Q="; + }).overrideAttrs + (_: { + src = ./prometheus.json; # sadly only imported dashboards work + }); - prometheus = (buildGrafanaDashboard { - id = 3662; - pname = "prometheus"; - version = "2"; - hash = "sha256-+nsi8/dYNvGVGV+ftfO1gSAQbO5GpZwW480T5mHMM4Q="; - }).overrideAttrs (_: { - src = ./prometheus.json; # sadly only imported dashboards work - }); + grafana = + (buildGrafanaDashboard { + id = 3590; + pname = "grafana"; + version = "3"; + }).overrideAttrs + (_: { + src = ./grafana.json; # sadly only imported dashboards work + }); - grafana = (buildGrafanaDashboard { - id = 3590; - pname = "grafana"; - version = "3"; - }).overrideAttrs (_: { - src = ./grafana.json; # sadly only imported dashboards work - }); - - blackbox = (buildGrafanaDashboard { - id = 13659; - pname = "blackbox"; - version = "1"; - hash = "sha256-nnBFWFDAqKUqTOYxOrkRPlVla4ioQZ6rqEqakdzUj1Q="; - }).overrideAttrs (_: { - src = ./blackbox.json; # sadly only imported dashboards work - }); -}) + blackbox = + (buildGrafanaDashboard { + id = 13659; + pname = "blackbox"; + version = "1"; + hash = "sha256-nnBFWFDAqKUqTOYxOrkRPlVla4ioQZ6rqEqakdzUj1Q="; + }).overrideAttrs + (_: { + src = ./blackbox.json; # sadly only imported dashboards work + }); + } +) diff --git a/profiles/3d-design/default.nix b/profiles/3d-design/default.nix index 56719a4..33eff63 100644 --- a/profiles/3d-design/default.nix +++ b/profiles/3d-design/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles."3d-design"; in diff --git a/profiles/android/default.nix b/profiles/android/default.nix index da23980..9f1fd98 100644 --- a/profiles/android/default.nix +++ b/profiles/android/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.android; in @@ -9,8 +14,6 @@ in config = lib.mkIf cfg.enable { programs.adb.enable = true; - environment.systemPackages = with pkgs; [ - scrcpy - ]; + environment.systemPackages = with pkgs; [ scrcpy ]; }; } diff --git a/profiles/clean/default.nix b/profiles/clean/default.nix index 5d05f00..ff12b69 100644 --- a/profiles/clean/default.nix +++ b/profiles/clean/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.clean; in diff --git a/profiles/desktop-apps/default.nix b/profiles/desktop-apps/default.nix index d64d007..b45b655 100644 --- a/profiles/desktop-apps/default.nix +++ b/profiles/desktop-apps/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.desktop-apps; in diff --git a/profiles/desktop-dev/default.nix b/profiles/desktop-dev/default.nix index f290f5a..c9442e5 100644 --- a/profiles/desktop-dev/default.nix +++ b/profiles/desktop-dev/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.desktop-dev; in @@ -22,7 +27,8 @@ in (vscode-with-extensions.override { vscode = vscodium; vscodeExtensions = - with vscode-extensions; [ + with vscode-extensions; + [ bbenoist.nix editorconfig.editorconfig github.copilot @@ -31,11 +37,13 @@ in ms-python.python ms-vscode-remote.remote-ssh pkief.material-icon-theme - ] ++ [ + ] + ++ [ # remove in 24.05 unstable.vscode-extensions.equinusocio.vsc-material-theme unstable.vscode-extensions.hiukky.flate - ] ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ + ] + ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ # { # name = "vsc-material-theme"; # publisher = "Equinusocio"; diff --git a/profiles/development/default.nix b/profiles/development/default.nix index 306a3fc..6c19661 100644 --- a/profiles/development/default.nix +++ b/profiles/development/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.development; in @@ -23,18 +28,20 @@ in # websites hugo # scripts - (python3.withPackages (ps: with ps; [ - jupyter # notebooks - matplotlib - numpy - pandas - pillow - plotly - scikitlearn - scipy - tqdm # progressbar in pandas - wheel # python development - ])) + (python3.withPackages ( + ps: with ps; [ + jupyter # notebooks + matplotlib + numpy + pandas + pillow + plotly + scikitlearn + scipy + tqdm # progressbar in pandas + wheel # python development + ] + )) # linter shellcheck typos diff --git a/profiles/filesystem/default.nix b/profiles/filesystem/default.nix index bff6e4c..f40b259 100644 --- a/profiles/filesystem/default.nix +++ b/profiles/filesystem/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.filesystem; in diff --git a/profiles/gaming/default.nix b/profiles/gaming/default.nix index b316831..7d7724d 100644 --- a/profiles/gaming/default.nix +++ b/profiles/gaming/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.gaming; in diff --git a/profiles/gnome/default.nix b/profiles/gnome/default.nix index d84d986..6594d03 100644 --- a/profiles/gnome/default.nix +++ b/profiles/gnome/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.gnome; in diff --git a/profiles/latex/default.nix b/profiles/latex/default.nix index 221f377..fd5886b 100644 --- a/profiles/latex/default.nix +++ b/profiles/latex/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.latex; in diff --git a/profiles/media/default.nix b/profiles/media/default.nix index 57e9c60..48a3f48 100644 --- a/profiles/media/default.nix +++ b/profiles/media/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.media; in @@ -31,9 +36,7 @@ in shotwell # photo management sonixd # cloud-music-player soundkonverter # audio converter - (yt-dlp.override { - withAlias = true; - }) # video download + (yt-dlp.override { withAlias = true; }) # video download ]; }; } diff --git a/profiles/meeting/default.nix b/profiles/meeting/default.nix index 1509787..d75d135 100644 --- a/profiles/meeting/default.nix +++ b/profiles/meeting/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.meeting; in diff --git a/profiles/nautilus/default.nix b/profiles/nautilus/default.nix index 80c0c23..aee8188 100644 --- a/profiles/nautilus/default.nix +++ b/profiles/nautilus/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.nautilus; in @@ -31,9 +36,7 @@ in ]; sessionVariables.NAUTILUS_4_EXTENSION_DIR = "${config.system.path}/lib/nautilus/extensions-4"; - pathsToLink = [ - "/share/nautilus-python/extensions" - ]; + pathsToLink = [ "/share/nautilus-python/extensions" ]; }; programs.nautilus-open-any-terminal = { diff --git a/profiles/powersave/default.nix b/profiles/powersave/default.nix index cbc2c87..4f53939 100644 --- a/profiles/powersave/default.nix +++ b/profiles/powersave/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.powersave; in diff --git a/profiles/printing/default.nix b/profiles/printing/default.nix index d2aaebe..fd93747 100644 --- a/profiles/printing/default.nix +++ b/profiles/printing/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.printing; in @@ -16,8 +21,6 @@ in ]; programs.system-config-printer.enable = true; - environment.systemPackages = with pkgs; [ - gnome.simple-scan - ]; + environment.systemPackages = with pkgs; [ gnome.simple-scan ]; }; } diff --git a/profiles/sway/default.nix b/profiles/sway/default.nix index 1e88007..3542198 100644 --- a/profiles/sway/default.nix +++ b/profiles/sway/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.sway; in @@ -23,9 +28,7 @@ in sway-theme.enable = true; }; - environment.systemPackages = with pkgs; [ - polkit_gnome - ]; + environment.systemPackages = with pkgs; [ polkit_gnome ]; environment.pathsToLink = [ "/libexec" ]; programs = { diff --git a/profiles/sway/screen-sharing.nix b/profiles/sway/screen-sharing.nix index f2a28f8..e523fcf 100644 --- a/profiles/sway/screen-sharing.nix +++ b/profiles/sway/screen-sharing.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.sway-screen-sharing; in @@ -8,18 +13,14 @@ in }; config = lib.mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - remmina - ]; + environment.systemPackages = with pkgs; [ remmina ]; services.pipewire.enable = true; xdg.portal = { enable = true; wlr.enable = true; - extraPortals = with pkgs; [ - xdg-desktop-portal-gtk - ]; + extraPortals = with pkgs; [ xdg-desktop-portal-gtk ]; }; # for firefox diff --git a/profiles/sway/theme.nix b/profiles/sway/theme.nix index 14208a8..6d93191 100644 --- a/profiles/sway/theme.nix +++ b/profiles/sway/theme.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.sway-theme; in diff --git a/profiles/sync/default.nix b/profiles/sync/default.nix index b73856b..144e22a 100644 --- a/profiles/sync/default.nix +++ b/profiles/sync/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.sync; in diff --git a/profiles/update/default.nix b/profiles/update/default.nix index 6cecd20..558decb 100644 --- a/profiles/update/default.nix +++ b/profiles/update/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.update; in @@ -11,8 +16,6 @@ in # Enable firmware update daemon services.fwupd.enable = true; - environment.systemPackages = with pkgs; [ - topgrade - ]; + environment.systemPackages = with pkgs; [ topgrade ]; }; } diff --git a/profiles/usb-iso/default.nix b/profiles/usb-iso/default.nix index b969096..7c0adae 100644 --- a/profiles/usb-iso/default.nix +++ b/profiles/usb-iso/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.usb-iso; in diff --git a/profiles/webcam/default.nix b/profiles/webcam/default.nix index 85d7e91..8a7b4ce 100644 --- a/profiles/webcam/default.nix +++ b/profiles/webcam/default.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.my.profiles.webcam; in