project-wide: nixdirfmt

2026-02-09 20:39:18 -08:00 · 2021-08-29 02:35:36 +01:00 · 2021-08-29 02:35:36 +01:00 · a7afb6aafb
commit a7afb6aafb
parent fa103bf41b
3 changed files with 137 additions and 129 deletions
--- a/config/modules/nixos/monitoring.nix
+++ b/config/modules/nixos/monitoring.nix
@ -4,12 +4,13 @@ let
  cfg = config.kw.monitoring;
  prom_configs =
    (mapAttrs (hostName: host: host.services.prometheus.exporters.node)
-    (filterAttrs
-    (_: host: host.services.prometheus.exporters.node.enable)
-    meta.network.nodes));
-    nd_configs = (mapAttrs (hostName: host: host.services.netdata)
+      (filterAttrs
+        (_: host: host.services.prometheus.exporters.node.enable)
+        meta.network.nodes));
+  nd_configs = (mapAttrs (hostName: host: host.services.netdata)
    (filterAttrs (_: host: host.services.netdata.enable) meta.network.nodes));
-in {
+in
+{
  options.kw.monitoring = {
    server = {
      enable = mkEnableOption "Monitoring Stack Server";
@ -90,9 +91,9 @@ in {
    (mkIf cfg.server.enable {
      kw.secrets = [
        "grafana-admin-pass"
-        ];
+      ];

-        secrets.files.grafana-admin-pass = {
+      secrets.files.grafana-admin-pass = {
        text = "${tf.variables.grafana-admin-pass.ref}";
        owner = "grafana";
        group = "grafana";
@ -101,42 +102,42 @@ in {
      services.grafana.security.adminPasswordFile =
        config.secrets.files.grafana-admin-pass.path;

-        services.postgresql = {
-          ensureDatabases = [ "grafana" ];
-          ensureUsers = [{
-            name = "grafana";
-            ensurePermissions."DATABASE grafana" = "ALL PRIVILEGES";
-          }];
-        };
+      services.postgresql = {
+        ensureDatabases = [ "grafana" ];
+        ensureUsers = [{
+          name = "grafana";
+          ensurePermissions."DATABASE grafana" = "ALL PRIVILEGES";
+        }];
+      };

-        services.grafana = {
-          enable = true;
-          port = 3001;
-          domain = "graph.${config.network.dns.domain}";
-          rootUrl = "https://graph.${config.network.dns.domain}/";
-          database = {
-            type = "postgres";
-            host = "/run/postgresql/";
-            user = "grafana";
-            name = "grafana";
-          };
+      services.grafana = {
+        enable = true;
+        port = 3001;
+        domain = "graph.${config.network.dns.domain}";
+        rootUrl = "https://graph.${config.network.dns.domain}/";
+        database = {
+          type = "postgres";
+          host = "/run/postgresql/";
+          user = "grafana";
+          name = "grafana";
        };
+      };

-        services.nginx.virtualHosts."graph.${config.network.dns.domain}" = {
-          enableACME = true;
-          forceSSL = true;
-          locations = { "/".proxyPass = "http://127.0.0.1:3001"; };
-        };
+      services.nginx.virtualHosts."graph.${config.network.dns.domain}" = {
+        enableACME = true;
+        forceSSL = true;
+        locations = { "/".proxyPass = "http://127.0.0.1:3001"; };
+      };

-        deploy.tf.dns.records.services_grafana = {
-          tld = config.network.dns.tld;
-          domain = "graph";
-          cname.target = "${config.networking.hostName}.${config.network.dns.tld}";
-        };
+      deploy.tf.dns.records.services_grafana = {
+        tld = config.network.dns.tld;
+        domain = "graph";
+        cname.target = "${config.networking.hostName}.${config.network.dns.tld}";
+      };

-        services.prometheus = {
-          enable = true;
-          scrapeConfigs = mapAttrsToList
+      services.prometheus = {
+        enable = true;
+        scrapeConfigs = mapAttrsToList
          (hostName: prom: {
            job_name = "${hostName}-nd";
            metrics_path = "/api/v1/allmetrics";
@ -152,69 +153,71 @@ in {
            };
          })
          prom_configs;
-        };
-      })
-      (mkIf cfg.client.enable {
-        network.firewall.private.tcp.ports = [ 9002 19999 ];
+      };
+    })
+    (mkIf cfg.client.enable {
+      network.firewall.private.tcp.ports = [ 9002 19999 ];

-        services.netdata.enable = true;
+      services.netdata.enable = true;

-        services.nginx.virtualHosts = kw.virtualHostGen {
-          networkFilter = singleton "yggdrasil";
-          block = {
-            locations."/netdata" = {
-              proxyPass = "http://[::1]:19999/";
-            };
+      services.nginx.virtualHosts = kw.virtualHostGen {
+        networkFilter = singleton "yggdrasil";
+        block = {
+          locations."/netdata" = {
+            proxyPass = "http://[::1]:19999/";
          };
        };
+      };

-        systemd.services.promtail = {
-          enable = any id (attrValues (mapAttrs (node: conf: conf.kw.monitoring.server.loki ) meta.network.nodes));
-          description = "Promtail service for Loki";
-          wantedBy = [ "multi-user.target" ];
-          wants = [ "yggdrassil.service" ];
+      systemd.services.promtail = {
+        enable = any id (attrValues (mapAttrs (node: conf: conf.kw.monitoring.server.loki) meta.network.nodes));
+        description = "Promtail service for Loki";
+        wantedBy = [ "multi-user.target" ];
+        wants = [ "yggdrassil.service" ];

-          serviceConfig = mkIf (any id (attrValues (mapAttrs (node: conf: conf.kw.monitoring.server.loki ) meta.network.nodes))) {
-            ExecStart = let
+        serviceConfig = mkIf (any id (attrValues (mapAttrs (node: conf: conf.kw.monitoring.server.loki) meta.network.nodes))) {
+          ExecStart =
+            let
              serverNode = head (attrNames (filterAttrs (node: enabled: enabled == true) (mapAttrs (node: conf: conf.kw.monitoring.server.loki) meta.network.nodes)));
              promtailConfig = pkgs.writeText "prom-config.json" (builtins.toJSON {
                clients =
                  [{ url = "http://${serverNode}${cfg.server.domainPrefix}:3100/loki/api/v1/push"; }];
-                  positions = { filename = "/tmp/positions.yaml"; };
-                  scrape_configs = [{
-                    job_name = "journal";
-                    journal = {
-                      labels = {
-                        host = config.networking.hostName;
-                        job = "systemd-journal";
-                      };
-                      max_age = "12h";
+                positions = { filename = "/tmp/positions.yaml"; };
+                scrape_configs = [{
+                  job_name = "journal";
+                  journal = {
+                    labels = {
+                      host = config.networking.hostName;
+                      job = "systemd-journal";
                    };
-                    relabel_configs = [{
-                      source_labels = [ "__journal__systemd_unit" ];
-                      target_label = "unit";
-                    }];
-                  }];
-                  server = {
-                    grpc_listen_port = 0;
-                    http_listen_port = 28183;
+                    max_age = "12h";
                  };
-                });
-            in ''
+                  relabel_configs = [{
+                    source_labels = [ "__journal__systemd_unit" ];
+                    target_label = "unit";
+                  }];
+                }];
+                server = {
+                  grpc_listen_port = 0;
+                  http_listen_port = 28183;
+                };
+              });
+            in
+            ''
              ${pkgs.grafana-loki}/bin/promtail --config.file ${promtailConfig}
            '';
-          };
        };
+      };

-        services.prometheus = {
-          exporters = {
-            node = {
-              enable = true;
-              enabledCollectors = [ "systemd" ];
-              port = 9002;
-            };
+      services.prometheus = {
+        exporters = {
+          node = {
+            enable = true;
+            enabledCollectors = [ "systemd" ];
+            port = 9002;
          };
        };
-      })
-    ];
-  }
+      };
+    })
+  ];
+}
--- a/config/services/znc/default.nix
+++ b/config/services/znc/default.nix
@ -4,15 +4,15 @@ with lib;

 let
  sortedAttrs = set: sort
-  (l: r:
-  if l == "extraConfig" then false # Always put extraConfig last
-  else if isAttrs set.${l} == isAttrs set.${r} then l < r
-  else isAttrs set.${r} # Attrsets should be last, makes for a nice config
+    (l: r:
+      if l == "extraConfig" then false # Always put extraConfig last
+      else if isAttrs set.${l} == isAttrs set.${r} then l < r
+      else isAttrs set.${r} # Attrsets should be last, makes for a nice config
      # This last case occurs when any side (but not both) is an attrset
      # The order of these is correct when the attrset is on the right
      # which we're just returning
-      )
-      (attrNames set);
+    )
+    (attrNames set);

  # Specifies an attrset that encodes the value according to its type
  encode = name: value: {
@ -34,19 +34,20 @@ let
    #     Qux=qux
    #   </Foo>
    set = concatMap
-    (subname: optionals (value.${subname} != null) ([
-      "<${name} ${subname}>"
-    ] ++ map (line: "\t${line}") (toLines value.${subname}) ++ [
-    "</${name}>"
-    ]))
-    (filter (v: v != null) (attrNames value));
+      (subname: optionals (value.${subname} != null) ([
+        "<${name} ${subname}>"
+      ] ++ map (line: "\t${line}") (toLines value.${subname}) ++ [
+        "</${name}>"
+      ]))
+      (filter (v: v != null) (attrNames value));

  }.${builtins.typeOf value};

  # One level "above" encode, acts upon a set and uses encode on each name,value pair
  toLines = set: concatMap (name: encode name set.${name}) (sortedAttrs set);

-in {
+in
+{
  network.firewall.public.tcp.ports = singleton 5001;

  kw.secrets = [ "znc-softnet-address" "znc-espernet-pass" "znc-liberachat-pass" "znc-savebuff-pass" "znc-espernet-cert" "znc-liberachat-cert" "znc-softnet-cert" ];
@ -72,20 +73,20 @@ in {
  system.activationScripts = {
    softnet-cert-deploy = {
      text = ''
-          mkdir -p /var/lib/znc/users/kat/networks/softnet/moddata/cert
-          ln -fs ${config.secrets.files.softnet-cert.path} /var/lib/znc/users/kat/networks/softnet/moddata/cert/user.pem
+        mkdir -p /var/lib/znc/users/kat/networks/softnet/moddata/cert
+        ln -fs ${config.secrets.files.softnet-cert.path} /var/lib/znc/users/kat/networks/softnet/moddata/cert/user.pem
      '';
    };
    esperrnet-cert-deploy = {
      text = ''
-          mkdir -p /var/lib/znc/users/kat/networks/espernet/moddata/cert
-          ln -fs ${config.secrets.files.espernet-cert.path} /var/lib/znc/users/kat/networks/espernet/moddata/cert/user.pem
+        mkdir -p /var/lib/znc/users/kat/networks/espernet/moddata/cert
+        ln -fs ${config.secrets.files.espernet-cert.path} /var/lib/znc/users/kat/networks/espernet/moddata/cert/user.pem
      '';
    };
    liberachat-cert-deploy = {
      text = ''
-          mkdir -p /var/lib/znc/users/kat/networks/liberachat/moddata/cert
-          ln -fs ${config.secrets.files.liberachat-cert.path} /var/lib/znc/users/kat/networks/liberachat/moddata/cert/user.pem
+        mkdir -p /var/lib/znc/users/kat/networks/liberachat/moddata/cert
+        ln -fs ${config.secrets.files.liberachat-cert.path} /var/lib/znc/users/kat/networks/liberachat/moddata/cert/user.pem
      '';
    };
  };
--- a/config/users/kat/personal/weechat.nix
+++ b/config/users/kat/personal/weechat.nix
@ -1,32 +1,36 @@
 { config, nixos, pkgs, lib, ... }:

 {
-  home.file = lib.mkIf config.deploy.profile.trusted (let
-    bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.kw.repoSecrets.bitw.source} "$@"'';
-  in { ".local/share/weechat/sec.conf".text = ''
-      #
-      # weechat -- sec.conf
-      #
-      # WARNING: It is NOT recommended to edit this file by hand,
-      # especially if WeeChat is running.
-      #
-      # Use /set or similar command to change settings in WeeChat.
-      #
-      # For more info, see: https://weechat.org/doc/quickstart
-      #
+  home.file = lib.mkIf config.deploy.profile.trusted (
+    let
+      bitw = pkgs.writeShellScriptBin "bitw" ''${pkgs.rbw-bitw}/bin/bitw -p gpg://${config.kw.repoSecrets.bitw.source} "$@"'';
+    in
+    {
+      ".local/share/weechat/sec.conf".text = ''
+        #
+        # weechat -- sec.conf
+        #
+        # WARNING: It is NOT recommended to edit this file by hand,
+        # especially if WeeChat is running.
+        #
+        # Use /set or similar command to change settings in WeeChat.
+        #
+        # For more info, see: https://weechat.org/doc/quickstart
+        #

-      [crypt]
-      cipher = aes256
-      hash_algo = sha512
-      passphrase_command = "${bitw}/bin/bitw get comms/weechat"
-      salt = on
+        [crypt]
+        cipher = aes256
+        hash_algo = sha512
+        passphrase_command = "${bitw}/bin/bitw get comms/weechat"
+        salt = on

-      [data]
-      __passphrase__ = on
-      znc = "552E98A5111B986C1003CF86C67DF2AF4B3FDE88E5762FC01EB4A00E31B8363ABFCBBE7A702CB72C298F61D4005D1C5AABB30602BBFCE9E4013CBE88D3D3DB66B18C551743D7816C4F0C9DA44B83DB5807BBB02A48B66D"
-      matrix = "CC989DF79CDAECC1CE32F10FA9B42B6AE9FA63B41C0B3FCCCD4A309AB798CDEE695E0B4A2E0C975C6364927C76D4FEB25BC84C7AF8989DC418A205A5D62E9330E142E4F11AB59E0720867915DEEFCA70E80102C639D35B"
-    '';
-  });
+        [data]
+        __passphrase__ = on
+        znc = "552E98A5111B986C1003CF86C67DF2AF4B3FDE88E5762FC01EB4A00E31B8363ABFCBBE7A702CB72C298F61D4005D1C5AABB30602BBFCE9E4013CBE88D3D3DB66B18C551743D7816C4F0C9DA44B83DB5807BBB02A48B66D"
+        matrix = "CC989DF79CDAECC1CE32F10FA9B42B6AE9FA63B41C0B3FCCCD4A309AB798CDEE695E0B4A2E0C975C6364927C76D4FEB25BC84C7AF8989DC418A205A5D62E9330E142E4F11AB59E0720867915DEEFCA70E80102C639D35B"
+      '';
+    }
+  );

  programs.weechat = {
    enable = true;