chore: nixfmt *

2022-10-31 11:04:38 +01:00 · 2022-10-31 11:04:38 +01:00 · 47c5c9dc56
commit 47c5c9dc56
parent aae3fd4090
161 changed files with 2693 additions and 3029 deletions
--- a/nix/os/containers/backup-target.nix
+++ b/nix/os/containers/backup-target.nix
@ -1,20 +1,15 @@
-{ hostAddress
-, localAddress
-, containerBackupCfg
-, sshPort ? containerBackupCfg.portInt
-}: {
+{ hostAddress, localAddress, containerBackupCfg
+, sshPort ? containerBackupCfg.portInt }: {
  config = { config, pkgs, lib, ... }: {
    system.stateVersion = "21.11"; # Did you read the comment?

-    imports = [
-      ../profiles/containers/configuration.nix
-    ];
+    imports = [ ../profiles/containers/configuration.nix ];

    networking.firewall.enable = false;

    services.ddclientovh = {
-        enable = true;
-        domain = containerBackupCfg.addr;
+      enable = true;
+      domain = containerBackupCfg.addr;
    };

    services.openssh.enable = true;
@ -28,26 +23,34 @@
        "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNI3H0BRSYOZ/MbTs9J80doJwSd1HymFOP5quNt0J48vxZ5FPVrT2FHpQiNrCcYbCKRsU4X8AiGUHiXC0PapQQ3JDkqp6WZoqBNDx6BI7RadyH1TqVQPlou3pQmCAogzfBInruR53YTDmQqXiPwfM0okPOXgiBNjDfZXOX4+CyUfkmZZwASoicTInqWGkn1sFnh4tyXIkgWflg0njlVmfkVvH71+evvKLYHtoNpVXazkQ0SXbyuW5f3mSta7TNkpC3HbBm+4n+WxYGySrlRLWQhTo+aoWUKk9h5zvECDNpwRtbqzt+bA9nKrdg180ceu8hruwvWNiC6PPA2GW9Z1+VKROviGu1C3dliE/pPCBtK+ZoRVv2CGE+pmAuQsB9Nif9tk5tY6HJhuLNxKYiMfQkiLsDYv6KdZXUIVK/4BIDkZuQNnjhdOQBLnea0ANOhutA9gnjxnsd3UT6ovfazg5gud7n3u4yBtzjTkRrqWZ63eM1NmUVOgMWHQ715pV+hJfOFGqzRBEe3g/p3bWNgpROBYJbG1H8l9DN7emG4FGWsb1HeNFwQ5lS0Zsezb7qzahr4vSmHNugVw7w8ONt5dPbPI9wQnWvkkuHH76P/NYy6OC6lHrN1rXyA1okqdPr06YAZnCot+Pqdgn/ijxgp06J3dtkhin+Q7PoQbGff3ERIw== bkp"
      ];

-      packages = with pkgs; [
-        btrfsProgs
-        # btrbk
-      ];
+      packages = with pkgs;
+        [
+          btrfsProgs
+          # btrbk
+        ];

      isSystemUser = true;
    };

    security.sudo = {
      enable = true;
-      extraRules = [
-        { 
-          users = [ "bkp" ]; 
-          commands = [
-            { command = "/etc/profiles/per-user/bkp/bin/btrfs"; options = [ "NOPASSWD" ]; }
-            { command = "/run/current-system/sw/bin/readlink"; options = [ "NOPASSWD" ]; }
-            { command = "/run/current-system/sw/bin/test"; options = [ "NOPASSWD" ]; }
-          ];
-        }
-      ];
+      extraRules = [{
+        users = [ "bkp" ];
+        commands = [
+          {
+            command = "/etc/profiles/per-user/bkp/bin/btrfs";
+            options = [ "NOPASSWD" ];
+          }
+          {
+            command = "/run/current-system/sw/bin/readlink";
+            options = [ "NOPASSWD" ];
+          }
+          {
+            command = "/run/current-system/sw/bin/test";
+            options = [ "NOPASSWD" ];
+          }
+        ];
+      }];
    };
  };

@ -61,14 +64,12 @@
  };

  privateNetwork = true;
-  forwardPorts = [
-    {
-      # ssh
-      containerPort = 22;
-      hostPort = sshPort;
-      protocol = "tcp";
-    }
-  ];
+  forwardPorts = [{
+    # ssh
+    containerPort = 22;
+    hostPort = sshPort;
+    protocol = "tcp";
+  }];

  inherit hostAddress localAddress;
 }
--- a/nix/os/containers/backup.nix
+++ b/nix/os/containers/backup.nix
@ -1,9 +1,4 @@
-{ config
-, hostAddress
-, localAddress
-, subvolumes
-, targetPathSuffix ? ""
-}:
+{ config, hostAddress, localAddress, subvolumes, targetPathSuffix ? "" }:

 let
  passwords = import ../../variables/passwords.crypt.nix;
@ -13,14 +8,9 @@ in {
  config = { pkgs, ... }: {
    system.stateVersion = "20.03"; # Did you read the comment?

-    imports = [
-      ../profiles/containers/configuration.nix
-    ];
+    imports = [ ../profiles/containers/configuration.nix ];

-    environment.systemPackages = with pkgs; [
-      btrfs-progs
-      btrbk
-    ];
+    environment.systemPackages = with pkgs; [ btrfs-progs btrbk ];

    networking.firewall.enable = true;

@ -28,17 +18,11 @@ in {
      enable = true;
      description = "bkp-sync service";

-      serviceConfig = {
-        Type = "oneshot";
-      };
+      serviceConfig = { Type = "oneshot"; };

-      after = [
-        "bkp-run.service"
-      ];
+      after = [ "bkp-run.service" ];

-      requires = [
-        "bkp-run.service"
-      ];
+      requires = [ "bkp-run.service" ];

      path = with pkgs; [ utillinux ];
      script = ''
@ -51,17 +35,13 @@ in {
      enable = true;
      description = "bkp-run";

-      serviceConfig = {
-        Type = "oneshot";
-      };
+      serviceConfig = { Type = "oneshot"; };

-      partOf = [
-        "bkp-sync.service"
-      ];
+      partOf = [ "bkp-sync.service" ];

      path = with pkgs; [ btrfs-progs btrbk coreutils ];

-      script = let 
+      script = let
        btrbkConf = pkgs.writeText "cfg" ''
          timestamp_format long
          ssh_identity ${passwords.storage.backupTarget.keyPath}
@ -78,7 +58,8 @@ in {

          volume ${subvolumeParentDir}
            target ${passwords.storage.backupTarget.target}/container-volumes/${targetPathSuffix}
-          ${builtins.foldl' (sum: elem: sum + "  subvolume " + elem + "\n") "" subvolumes}
+          ${builtins.foldl' (sum: elem: sum + "  subvolume " + elem + "\n") ""
+          subvolumes}
        '';
      in ''
        #! ${pkgs.bash}/bin/bash
@ -95,10 +76,10 @@ in {
      timerConfig = {
        # Obtained using `systemd-analyze calendar "Wed 23:00"`
        # OnCalendar = "Wed *-*-* 23:00:00";
-        OnStartupSec="1m";
+        OnStartupSec = "1m";
        Unit = "bkp-sync.service";
-        OnUnitInactiveSec="2h";
-        Persistent="true";
+        OnUnitInactiveSec = "2h";
+        Persistent = "true";
      };
    };
  };
@ -122,13 +103,13 @@ in {
    };
  };

-  allowedDevices = [
-    { node = "/dev/fuse"; modifier = "rw"; }
-  ];
+  allowedDevices = [{
+    node = "/dev/fuse";
+    modifier = "rw";
+  }];

  privateNetwork = true;
-  forwardPorts = [
-  ];
+  forwardPorts = [ ];

  inherit hostAddress localAddress;
 }
--- a/nix/os/containers/mailserver.nix
+++ b/nix/os/containers/mailserver.nix
@ -1,28 +1,20 @@
-{ hostAddress
-, localAddress
-, imapsPort ? 993
-, sievePort ? 4190
-}:
+{ hostAddress, localAddress, imapsPort ? 993, sievePort ? 4190 }:

-let
-  passwords = import ../../variables/passwords.crypt.nix;
+let passwords = import ../../variables/passwords.crypt.nix;

-in
-{
+in {

  config = { pkgs, ... }: {
    system.stateVersion = "21.11"; # Did you read the comment?

-    imports = [
-      ../profiles/containers/configuration.nix
-      ../profiles/common/user.nix
-    ];
+    imports =
+      [ ../profiles/containers/configuration.nix ../profiles/common/user.nix ];

    networking.firewall.enable = false;

    services.ddclientovh = {
-        enable = true;
-        domain = "mailserver.svc.stefanjunker.de";
+      enable = true;
+      domain = "mailserver.svc.stefanjunker.de";
    };

    services.dovecot2 = {
@ -43,7 +35,7 @@ in
      extraConfig = ''
        auth_mechanisms = cram-md5 digest-md5
        auth_verbose = yes
-        
+
        passdb {
          driver = passwd-file
          args = scheme=CRYPT username_format=%u /etc/dovecot/users
@ -75,26 +67,26 @@ in
      description = "Getmail service";
      path = [ pkgs.getmail6 ];
      script = let
-          rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''
-            [options]
-            verbose = 1
-            read_all = 0
-            delete_after = 30
+        rc = pkgs.writeText "mailATstefanjunker.de.getmail.rc" ''
+          [options]
+          verbose = 1
+          read_all = 0
+          delete_after = 30

-            [retriever]
-            type = SimpleIMAPSSLRetriever
-            server = ssl0.ovh.net
-            port = 993
-            username = mail@stefanjunker.de
-            password = ${passwords.email.mailStefanjunkerDe}
-            mailboxes = ('INBOX',)
+          [retriever]
+          type = SimpleIMAPSSLRetriever
+          server = ssl0.ovh.net
+          port = 993
+          username = mail@stefanjunker.de
+          password = ${passwords.email.mailStefanjunkerDe}
+          mailboxes = ('INBOX',)

-            [destination]
-            type = MDA_external
-            path = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda
-          '';
-        in ''
-          getmail --rcfile=${rc} --idle=INBOX
+          [destination]
+          type = MDA_external
+          path = ${pkgs.dovecot}/libexec/dovecot/dovecot-lda
+        '';
+      in ''
+        getmail --rcfile=${rc} --idle=INBOX
      '';
    };

@ -108,45 +100,45 @@ in
      serviceConfig.RestartSec = 1000;
      serviceConfig.Restart = "always";
      script = let
-          rc = pkgs.writeText "schtifATweb.de.getmail.rc" ''
-            [options]
-            verbose = 1
-            read_all = 0
-            delete_after = 30
+        rc = pkgs.writeText "schtifATweb.de.getmail.rc" ''
+          [options]
+          verbose = 1
+          read_all = 0
+          delete_after = 30

-            [retriever]
-            type = SimpleIMAPSSLRetriever
-            server = imap.web.de
-            port = 993
-            username = schtif
-            password = ${passwords.email.schtifATwebDe}
-            mailboxes = ('INBOX',)
+          [retriever]
+          type = SimpleIMAPSSLRetriever
+          server = imap.web.de
+          port = 993
+          username = schtif
+          password = ${passwords.email.schtifATwebDe}
+          mailboxes = ('INBOX',)

-            [destination]
-            type = Maildir
-            path = ~/.maildir/
-          '';
-        in ''
-          getmail --rcfile=${rc}
+          [destination]
+          type = Maildir
+          path = ~/.maildir/
+        '';
+      in ''
+        getmail --rcfile=${rc}
      '';
-      };
    };
+  };

  autoStart = true;

  bindMounts = {
-    "/etc/secrets/" = { 
+    "/etc/secrets/" = {
      hostPath = "/var/lib/container-volumes/mailserver/etc-secrets";
      isReadOnly = false;
    };

-    "/home" = { 
+    "/home" = {
      hostPath = "/var/lib/container-volumes/mailserver/home";
      isReadOnly = false;
    };
  };

-  privateNetwork = true ;
+  privateNetwork = true;
  forwardPorts = [
    {
      # imaps
--- a/nix/os/containers/syncthing.nix
+++ b/nix/os/containers/syncthing.nix
@ -1,17 +1,12 @@
-{ hostAddress
-, localAddress
-, syncthingPort ? 22000
-, syncthingLocalAnnouncePort ? 21027
-}:
+{ hostAddress, localAddress, syncthingPort ? 22000
+, syncthingLocalAnnouncePort ? 21027 }:

 {

  config = { config, pkgs, ... }: {
    system.stateVersion = "20.05"; # Did you read the comment?

-    imports = [
-      ../profiles/containers/configuration.nix
-    ];
+    imports = [ ../profiles/containers/configuration.nix ];

    networking.firewall.enable = true;
    networking.firewall.allowedTCPPorts = [
--- a/nix/os/containers/webserver.nix
+++ b/nix/os/containers/webserver.nix
@ -1,25 +1,17 @@
-{ hostAddress
-, localAddress
-, httpPort ? 80
-, httpsPort ? 443
-}:
+{ hostAddress, localAddress, httpPort ? 80, httpsPort ? 443 }:

-let
-  passwords = import ../../variables/passwords.crypt.nix;
-in
-{
+let passwords = import ../../variables/passwords.crypt.nix;
+in {
  config = { config, pkgs, lib, ... }: {
    system.stateVersion = "22.05"; # Did you read the comment?

-    imports = [
-      ../profiles/containers/configuration.nix
-    ];
+    imports = [ ../profiles/containers/configuration.nix ];

    networking.firewall.enable = false;

    services.ddclientovh = {
-        enable = true;
-        domain = "www.stefanjunker.de";
+      enable = true;
+      domain = "www.stefanjunker.de";
    };

    security.acme = {
@ -58,20 +50,16 @@ in
      # sslCertificate = "/etc/secrets/stefanjunker.de/nginx/nginx.crt";
      # sslCertificateKey = "/etc/secrets/stefanjunker.de/nginx/nginx.key";

-      locations."/fi" = {
-        index = "index.php";
-      };
+      locations."/fi" = { index = "index.php"; };

-      locations."~ ^(.+\.php)(.*)$".extraConfig = ''
+      locations."~ ^(.+.php)(.*)$".extraConfig = ''
        fastcgi_split_path_info  ^(.+\.php)(.*)$;

        fastcgi_pass unix:${config.services.phpfpm.pools.mypool.socket};
        fastcgi_index index.php;
      '';

-      locations."/hedgedoc/" = {
-        proxyPass = "http://127.0.0.1:3000/";
-      };
+      locations."/hedgedoc/" = { proxyPass = "http://127.0.0.1:3000/"; };

      locations."/hedgedoc/socket.io/" = {
        proxyPass = "http://127.0.0.1:3000/socket.io/";
@ -92,15 +80,14 @@ in
        "pm.max_spare_servers" = 3;
        "pm.max_requests" = 500;

-        "php_admin_value[error_reporting]" = "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
+        "php_admin_value[error_reporting]" =
+          "E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED";
      };
    };

    # the custom php5 we're using here has no fpm-systemd, so the default `Type = "notify"` won't work
    systemd.services."phpfpm-mypool" = {
-      serviceConfig = {
-        Type = lib.mkForce "simple";
-      };
+      serviceConfig = { Type = lib.mkForce "simple"; };
    };

    services.mysql = {