From 693423010384a9a715a5ee78575c5a18fdcc6ec4 Mon Sep 17 00:00:00 2001 From: kat witch Date: Tue, 8 Dec 2020 15:10:03 +0000 Subject: [PATCH] Further nixfmting. --- .../hosts/beltane/services/bitwarden.nix | 23 +-- .../hosts/beltane/services/gitea.nix | 14 +- .../hosts/beltane/services/matrix.nix | 41 +++-- .../hosts/beltane/services/nextcloud.nix | 37 ++-- .../hosts/beltane/services/nginx.nix | 161 +++++++++--------- .../hosts/beltane/services/postgres.nix | 30 ++-- .../hosts/beltane/services/weechat.nix | 33 ++-- configuration/hosts/beltane/services/znc.nix | 89 +++++----- .../hosts/samhain/services/nginx.nix | 40 ++--- .../samhain/services/thermal/thermal.nix | 80 +++++---- .../hosts/samhain/services/torrenting.nix | 37 ++-- .../profiles/development/default.nix | 23 ++- 12 files changed, 307 insertions(+), 301 deletions(-) diff --git a/configuration/hosts/beltane/services/bitwarden.nix b/configuration/hosts/beltane/services/bitwarden.nix index c0dab4d1..9f406f70 100644 --- a/configuration/hosts/beltane/services/bitwarden.nix +++ b/configuration/hosts/beltane/services/bitwarden.nix @@ -1,14 +1,15 @@ { config, pkgs, ... }: -let secrets = ( import ../secrets.nix ); in { - bitwarden_rs = { - enable = true; - config = { - rocketPort = 4000; - websocketEnabled = true; - signupsAllowed = false; - adminToken = secrets.bitwarden.token; - domain = "https://pw.dork.dev"; - }; +let secrets = (import ../secrets.nix); +in { + bitwarden_rs = { + enable = true; + config = { + rocketPort = 4000; + websocketEnabled = true; + signupsAllowed = false; + adminToken = secrets.bitwarden.token; + domain = "https://pw.dork.dev"; }; -} \ No newline at end of file + }; +} diff --git a/configuration/hosts/beltane/services/gitea.nix b/configuration/hosts/beltane/services/gitea.nix index 2db95880..60eb70aa 100644 --- a/configuration/hosts/beltane/services/gitea.nix +++ b/configuration/hosts/beltane/services/gitea.nix @@ -1,10 +1,10 @@ { config, pkgs, ... }: { - gitea = { - enable = true; - disableRegistration = true; # TODO change for initial setup - domain = "git.dork.dev"; - rootUrl = "https://git.dork.dev"; - }; -} \ No newline at end of file + gitea = { + enable = true; + disableRegistration = true; # TODO change for initial setup + domain = "git.dork.dev"; + rootUrl = "https://git.dork.dev"; + }; +} diff --git a/configuration/hosts/beltane/services/matrix.nix b/configuration/hosts/beltane/services/matrix.nix index d38edd08..ed6494e2 100644 --- a/configuration/hosts/beltane/services/matrix.nix +++ b/configuration/hosts/beltane/services/matrix.nix @@ -1,24 +1,21 @@ { config, pkgs, ... }: -let secrets = ( import ../secrets.nix ); in { - matrix-synapse = { - enable = true; - registration_shared_secret = secrets.matrix.secret; - server_name = "dork.dev"; - listeners = [ - { - port = 8008; - bind_address = "::1"; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = [ "client" "federation" ]; - compress = false; - } - ]; - } - ]; - }; -} \ No newline at end of file +let secrets = (import ../secrets.nix); +in { + matrix-synapse = { + enable = true; + registration_shared_secret = secrets.matrix.secret; + server_name = "dork.dev"; + listeners = [{ + port = 8008; + bind_address = "::1"; + type = "http"; + tls = false; + x_forwarded = true; + resources = [{ + names = [ "client" "federation" ]; + compress = false; + }]; + }]; + }; +} diff --git a/configuration/hosts/beltane/services/nextcloud.nix b/configuration/hosts/beltane/services/nextcloud.nix index 3aeef19e..18e1c09f 100644 --- a/configuration/hosts/beltane/services/nextcloud.nix +++ b/configuration/hosts/beltane/services/nextcloud.nix @@ -1,23 +1,24 @@ { config, pkgs, ... }: { - systemd.services."nextcloud-setup" = { - requires = ["postgresql.service"]; - after = ["postgresql.service"]; - }; + systemd.services."nextcloud-setup" = { + requires = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; + }; - services.nextcloud = { - enable = true; - hostName = "fs.dork.dev"; - https = true; - nginx.enable = true; - config = { - dbtype = "pgsql"; - dbuser = "nextcloud"; - dbhost = "/run/postgresql"; - dbname = "nextcloud"; - adminpassFile = "/var/lib/nextcloud/admin_pass"; # TODO replace this with proper secrets management - adminuser = "root"; - }; + services.nextcloud = { + enable = true; + hostName = "fs.dork.dev"; + https = true; + nginx.enable = true; + config = { + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; + dbname = "nextcloud"; + adminpassFile = + "/var/lib/nextcloud/admin_pass"; # TODO replace this with proper secrets management + adminuser = "root"; }; -} \ No newline at end of file + }; +} diff --git a/configuration/hosts/beltane/services/nginx.nix b/configuration/hosts/beltane/services/nginx.nix index 000e91fe..da786210 100644 --- a/configuration/hosts/beltane/services/nginx.nix +++ b/configuration/hosts/beltane/services/nginx.nix @@ -1,87 +1,86 @@ { config, pkgs, ... }: -let common = { +let + common = { enableACME = true; forceSSL = true; -}; secrets = import ../secrets.nix; in { - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - commonHttpConfig = '' - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - add_header 'Referrer-Policy' 'origin-when-cross-origin'; - #add_header X-Frame-Options DENY; - #add_header X-Content-Type-Options nosniff; - #add_header X-XSS-Protection "1; mode=block"; - #proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; - ''; + }; + secrets = import ../secrets.nix; +in { + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + commonHttpConfig = '' + map $scheme $hsts_header { + https "max-age=31536000; includeSubdomains; preload"; + } + add_header Strict-Transport-Security $hsts_header; + #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; + add_header 'Referrer-Policy' 'origin-when-cross-origin'; + #add_header X-Frame-Options DENY; + #add_header X-Content-Type-Options nosniff; + #add_header X-XSS-Protection "1; mode=block"; + #proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; + ''; - virtualHosts = { - "beltane.dork.dev" = { - root = "/var/www/beltane"; - } // common; - "dork.dev" = { - root = "/var/www/dork"; - /*locations = { - "/_matrix" = { - proxyPass = "http://[::1]:8008"; - }; - "= /.well-known/matrix/server".extraConfig = - let server = { "m.server" = "dork.dev:443"; }; in '' - add_header Content-Type application/json; - return 200 '${builtins.toJSON server}'; - ''; - "= /.well-known/matrix/client".extraConfig = - let client = { - "m.homeserver" = { "base_url" = "https://dork.dev"; }; - "m.identity_server" = { "base_url" = "https://vector.im"; }; - }; in '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - return 200 '${builtins.toJSON client}'; - ''; - };*/ - } // common; - /*"pw.dork.dev" = { - locations = { - "/".proxyPass = "http://127.0.0.1:4000"; - "/notifications/hub".proxyPass = "http://127.0.0.1:3012"; - "/notifications/hub/negotiate".proxyPass = "http://127.0.0.1:80"; - }; - } // common; - "git.dork.dev" = { - locations = { - "/".proxyPass = "http://127.0.0.1:3000"; - }; - } // common;*/ - "znc.dork.dev" = { - locations = { - "/".proxyPass = "http://127.0.0.1:5000"; - }; - } // common; - "irc.dork.dev" = { - locations = { - "/" = { - root = pkgs.glowing-bear; - }; - "^~ /weechat" = { - proxyPass = "http://127.0.0.1:9000"; - proxyWebsockets = true; - }; - }; - } // common; - } // secrets.beltane-protected; - }; + virtualHosts = { + "beltane.dork.dev" = { root = "/var/www/beltane"; } // common; + "dork.dev" = { + root = "/var/www/dork"; + /* locations = { + "/_matrix" = { + proxyPass = "http://[::1]:8008"; + }; + "= /.well-known/matrix/server".extraConfig = + let server = { "m.server" = "dork.dev:443"; }; in '' + add_header Content-Type application/json; + return 200 '${builtins.toJSON server}'; + ''; + "= /.well-known/matrix/client".extraConfig = + let client = { + "m.homeserver" = { "base_url" = "https://dork.dev"; }; + "m.identity_server" = { "base_url" = "https://vector.im"; }; + }; in '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + return 200 '${builtins.toJSON client}'; + ''; + }; + */ + } // common; + /* "pw.dork.dev" = { + locations = { + "/".proxyPass = "http://127.0.0.1:4000"; + "/notifications/hub".proxyPass = "http://127.0.0.1:3012"; + "/notifications/hub/negotiate".proxyPass = "http://127.0.0.1:80"; + }; + } // common; + "git.dork.dev" = { + locations = { + "/".proxyPass = "http://127.0.0.1:3000"; + }; + } // common; + */ + "znc.dork.dev" = { + locations = { "/".proxyPass = "http://127.0.0.1:5000"; }; + } // common; + "irc.dork.dev" = { + locations = { + "/" = { root = pkgs.glowing-bear; }; + "^~ /weechat" = { + proxyPass = "http://127.0.0.1:9000"; + proxyWebsockets = true; + }; + }; + } // common; + } // secrets.beltane-protected; + }; - security.acme = { - email = secrets.acme.email; - acceptTerms = true; - }; -} \ No newline at end of file + security.acme = { + email = secrets.acme.email; + acceptTerms = true; + }; +} diff --git a/configuration/hosts/beltane/services/postgres.nix b/configuration/hosts/beltane/services/postgres.nix index dbcc0571..3a36cd3c 100644 --- a/configuration/hosts/beltane/services/postgres.nix +++ b/configuration/hosts/beltane/services/postgres.nix @@ -1,19 +1,17 @@ { config, pkgs, ... }: { - services.postgresql.enable = true; - services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' - CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; - CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" - TEMPLATE template0 - LC_COLLATE = "C" - LC_CTYPE = "C"; - ''; - services.postgresql.ensureDatabases = [ "nextcloud" ]; - services.postgresql.ensureUsers = [ - { - name = "nextcloud"; - ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; - } - ]; -} \ No newline at end of file + services.postgresql.enable = true; + services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" '' + CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse'; + CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse" + TEMPLATE template0 + LC_COLLATE = "C" + LC_CTYPE = "C"; + ''; + services.postgresql.ensureDatabases = [ "nextcloud" ]; + services.postgresql.ensureUsers = [{ + name = "nextcloud"; + ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES"; + }]; +} diff --git a/configuration/hosts/beltane/services/weechat.nix b/configuration/hosts/beltane/services/weechat.nix index a4c1cbd5..43483090 100644 --- a/configuration/hosts/beltane/services/weechat.nix +++ b/configuration/hosts/beltane/services/weechat.nix @@ -1,17 +1,24 @@ { config, pkgs, ... }: { - services.weechat = { - binary = let new-weechat = pkgs.wrapWeechat pkgs.weechat-unwrapped { - configure = { availablePlugins, ... }: { - scripts = [ pkgs.weechatScripts.weechat-matrix ]; - plugins = [ availablePlugins.perl ( availablePlugins.python.withPackages (ps: [ ps.potr pkgs.weechatScripts.weechat-matrix ])) ]; }; - }; in "${new-weechat}/bin/weechat"; - enable = true; - }; + services.weechat = { + binary = let + new-weechat = pkgs.wrapWeechat pkgs.weechat-unwrapped { + configure = { availablePlugins, ... }: { + scripts = [ pkgs.weechatScripts.weechat-matrix ]; + plugins = [ + availablePlugins.perl + (availablePlugins.python.withPackages + (ps: [ ps.potr pkgs.weechatScripts.weechat-matrix ])) + ]; + }; + }; + in "${new-weechat}/bin/weechat"; + enable = true; + }; - programs.screen.screenrc = '' - multiuser on - acladd kat - ''; -} \ No newline at end of file + programs.screen.screenrc = '' + multiuser on + acladd kat + ''; +} diff --git a/configuration/hosts/beltane/services/znc.nix b/configuration/hosts/beltane/services/znc.nix index bff17399..21c07bca 100644 --- a/configuration/hosts/beltane/services/znc.nix +++ b/configuration/hosts/beltane/services/znc.nix @@ -1,50 +1,45 @@ { config, pkgs, ... }: -let secrets = import ../secrets.nix; in { - services.znc = { - enable = true; - mutable = false; - useLegacyConfig = false; - openFirewall = false; - config = { - Listener.l = { - Port = 5000; - SSL = false; - AllowWeb = true; - }; - modules = [ "webadmin" "adminlog" ]; - User.kat = { - Admin = true; - Nick = secrets.znc.nick; - AltNick = secrets.znc.altNick; - Network.freenode = { - Server = "chat.freenode.net +6697 ${secrets.znc.freenode.password}"; - Chan = secrets.znc.freenode.channels; - Nick = secrets.znc.freenode.nick; - AltNick = secrets.znc.freenode.altNick; - JoinDelay = 2; - LoadModule = [ - "simple_away" - "nickserv" - ]; - }; - Network.espernet = { - Server = "anarchy.esper.net +6697 ${secrets.znc.espernet.password}"; - Chan = secrets.znc.espernet.channels; - Nick = secrets.znc.espernet.nick; - AltNick = secrets.znc.espernet.altNick; - JoinDelay = 2; - LoadModule = [ - "simple_away" - "nickserv" - ]; - }; - Pass.password = { - Method = secrets.znc.password.method; - Hash = secrets.znc.password.hash; - Salt = secrets.znc.password.salt; - }; - }; +let secrets = import ../secrets.nix; +in { + services.znc = { + enable = true; + mutable = false; + useLegacyConfig = false; + openFirewall = false; + config = { + Listener.l = { + Port = 5000; + SSL = false; + AllowWeb = true; + }; + modules = [ "webadmin" "adminlog" ]; + User.kat = { + Admin = true; + Nick = secrets.znc.nick; + AltNick = secrets.znc.altNick; + Network.freenode = { + Server = "chat.freenode.net +6697 ${secrets.znc.freenode.password}"; + Chan = secrets.znc.freenode.channels; + Nick = secrets.znc.freenode.nick; + AltNick = secrets.znc.freenode.altNick; + JoinDelay = 2; + LoadModule = [ "simple_away" "nickserv" ]; }; - }; -} \ No newline at end of file + Network.espernet = { + Server = "anarchy.esper.net +6697 ${secrets.znc.espernet.password}"; + Chan = secrets.znc.espernet.channels; + Nick = secrets.znc.espernet.nick; + AltNick = secrets.znc.espernet.altNick; + JoinDelay = 2; + LoadModule = [ "simple_away" "nickserv" ]; + }; + Pass.password = { + Method = secrets.znc.password.method; + Hash = secrets.znc.password.hash; + Salt = secrets.znc.password.salt; + }; + }; + }; + }; +} diff --git a/configuration/hosts/samhain/services/nginx.nix b/configuration/hosts/samhain/services/nginx.nix index 27921d32..d05cc60b 100644 --- a/configuration/hosts/samhain/services/nginx.nix +++ b/configuration/hosts/samhain/services/nginx.nix @@ -1,23 +1,23 @@ { config, pkgs, ... }: { - services.nginx = { - enable = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - commonHttpConfig = '' - map $scheme $hsts_header { - https "max-age=31536000; includeSubdomains; preload"; - } - add_header Strict-Transport-Security $hsts_header; - #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; - add_header 'Referrer-Policy' 'origin-when-cross-origin'; - #add_header X-Frame-Options DENY; - #add_header X-Content-Type-Options nosniff; - #add_header X-XSS-Protection "1; mode=block"; - #proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; - ''; - }; -} \ No newline at end of file + services.nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + commonHttpConfig = '' + map $scheme $hsts_header { + https "max-age=31536000; includeSubdomains; preload"; + } + add_header Strict-Transport-Security $hsts_header; + #add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; + add_header 'Referrer-Policy' 'origin-when-cross-origin'; + #add_header X-Frame-Options DENY; + #add_header X-Content-Type-Options nosniff; + #add_header X-XSS-Protection "1; mode=block"; + #proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; + ''; + }; +} diff --git a/configuration/hosts/samhain/services/thermal/thermal.nix b/configuration/hosts/samhain/services/thermal/thermal.nix index c4c5a5ed..4235f9ac 100644 --- a/configuration/hosts/samhain/services/thermal/thermal.nix +++ b/configuration/hosts/samhain/services/thermal/thermal.nix @@ -1,42 +1,50 @@ { config, pkgs, ... }: { - boot.kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" ]; - powerManagement = { - enable = true; - cpuFreqGovernor = "conservative"; - }; - systemd = { - services = { - kaede-thermals = let kaede-thermals-script = pkgs.writeScriptBin "script" (builtins.readFile ./kaede-thermals.sh); in { - wantedBy = [ "multi-user.target" ]; - path = [pkgs.bash pkgs.coreutils-full]; - serviceConfig = { - RemainAfterExit = "no"; - Type = "simple"; - ExecStart = "${kaede-thermals-script}/bin/script start"; - ExecStop = "${kaede-thermals-script}/bin/script stop"; - User = "root"; - }; - }; - kaede-power = let kaede-power-script = pkgs.writeScriptBin "script" (builtins.readFile ./kaede-power.sh); in { - wantedBy = [ "multi-user.target" ]; - path = [pkgs.bash pkgs.linuxPackages.cpupower]; - serviceConfig = { - RemainAfterExit = "yes"; - Type = "oneshot"; - ExecStart = "${kaede-power-script}/bin/script start"; - ExecStop = "${kaede-power-script}/bin/script stop"; - User = "root"; - }; - }; + boot.kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" ]; + powerManagement = { + enable = true; + cpuFreqGovernor = "conservative"; + }; + systemd = { + services = { + kaede-thermals = let + kaede-thermals-script = + pkgs.writeScriptBin "script" (builtins.readFile ./kaede-thermals.sh); + in { + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.bash pkgs.coreutils-full ]; + serviceConfig = { + RemainAfterExit = "no"; + Type = "simple"; + ExecStart = "${kaede-thermals-script}/bin/script start"; + ExecStop = "${kaede-thermals-script}/bin/script stop"; + User = "root"; }; + }; + kaede-power = let + kaede-power-script = + pkgs.writeScriptBin "script" (builtins.readFile ./kaede-power.sh); + in { + wantedBy = [ "multi-user.target" ]; + path = [ pkgs.bash pkgs.linuxPackages.cpupower ]; + serviceConfig = { + RemainAfterExit = "yes"; + Type = "oneshot"; + ExecStart = "${kaede-power-script}/bin/script start"; + ExecStop = "${kaede-power-script}/bin/script stop"; + User = "root"; + }; + }; }; - services.thermald = let cfg_file = pkgs.writeTextFile { - name = "cfg"; - text = (builtins.readFile ./kaede-thermald.xml); - }; in { - enable = true; - configFile = "${cfg_file}"; + }; + services.thermald = let + cfg_file = pkgs.writeTextFile { + name = "cfg"; + text = (builtins.readFile ./kaede-thermald.xml); }; -} \ No newline at end of file + in { + enable = true; + configFile = "${cfg_file}"; + }; +} diff --git a/configuration/hosts/samhain/services/torrenting.nix b/configuration/hosts/samhain/services/torrenting.nix index 07f59b4f..0823ad31 100644 --- a/configuration/hosts/samhain/services/torrenting.nix +++ b/configuration/hosts/samhain/services/torrenting.nix @@ -1,17 +1,18 @@ { config, lib, pkgs, ... }: { - services.transmission = let transmission-done-script = pkgs.writeScriptBin "script" '' - #!${pkgs.bash}/bin/bash - set -e - if [ "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME" != "/" ]; then - cd "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME" - if [ ! -z "*.rar" ]; then - ${pkgs.unrar}/bin/unrar x "*.rar" - fi - chmod ugo=rwX . - fi''; - in { + services.transmission = let + transmission-done-script = pkgs.writeScriptBin "script" '' + #!${pkgs.bash}/bin/bash + set -e + if [ "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME" != "/" ]; then + cd "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME" + if [ ! -z "*.rar" ]; then + ${pkgs.unrar}/bin/unrar x "*.rar" + fi + chmod ugo=rwX . + fi''; + in { enable = true; home = "/disks/pool-raw/transmission"; downloadDirPermissions = "777"; @@ -57,11 +58,11 @@ }; services.nginx.virtualHosts = { - "192.168.1.135" = { - locations."/share/" = { - alias = "/disks/pool-raw/Public/Media/"; - extraConfig = "autoindex on;"; - }; + "192.168.1.135" = { + locations."/share/" = { + alias = "/disks/pool-raw/Public/Media/"; + extraConfig = "autoindex on;"; }; - }; -} \ No newline at end of file + }; + }; +} diff --git a/configuration/profiles/development/default.nix b/configuration/profiles/development/default.nix index 9fc30c41..04611b82 100644 --- a/configuration/profiles/development/default.nix +++ b/configuration/profiles/development/default.nix @@ -1,16 +1,15 @@ -{ config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: -{ - environment.systemPackages = let python-env = python-packages: with pkgs.python38Packages; [ - pip - setuptools - psutil - ]; python-with-env = pkgs.python3.withPackages python-env; - in [ - pkgs.php - pkgs.php74Packages.composer2 - python-with-env - ]; +{ + environment.systemPackages = let + python-env = python-packages: + with pkgs.python38Packages; [ + pip + setuptools + psutil + ]; + python-with-env = pkgs.python3.withPackages python-env; + in [ pkgs.php pkgs.php74Packages.composer2 python-with-env ]; home-manager.users.kat = { programs.go.enable = true;