From ee4671761833be2c2f46bb77666dc2c51ceeae41 Mon Sep 17 00:00:00 2001 From: winston Date: Wed, 18 Sep 2024 16:10:20 +0200 Subject: [PATCH] style: format with nixfmt-rfc-style --- config/acme.nix | 5 +- config/default.nix | 5 +- config/games/valheim.nix | 6 +- config/network.nix | 2 +- config/nix.nix | 18 +-- config/secrets/default.nix | 18 ++- config/secrets/secrets.nix | 8 +- config/services/attic.nix | 3 +- config/services/atuin.nix | 5 +- config/services/containers.nix | 2 +- config/services/forgejo.nix | 42 ++++--- config/services/freshrss.nix | 3 +- config/services/geoipupdate.nix | 9 +- config/services/minio.nix | 3 +- config/services/monitoring.nix | 55 ++++++--- config/services/nextcloud.nix | 8 +- config/services/nginx.nix | 21 ++-- config/services/postgres.nix | 3 +- config/services/renovate.nix | 7 +- config/services/wakapi.nix | 7 +- config/users.nix | 29 +++-- flake.nix | 112 ++++++++++-------- hosts/main-node/default.nix | 5 +- hosts/main-node/hardware-configuration.nix | 30 +++-- modules/default.nix | 6 +- modules/wakapi.nix | 40 ++++--- pkgs/prometheus-fail2ban-exporter/default.nix | 37 +++--- 27 files changed, 284 insertions(+), 205 deletions(-) diff --git a/config/acme.nix b/config/acme.nix index 8ae8c33..2f7a7e9 100644 --- a/config/acme.nix +++ b/config/acme.nix @@ -1,9 +1,10 @@ -{config, ...}: { +{ config, ... }: +{ security.acme = { acceptTerms = true; defaults.email = "hey@winston.sh"; certs."winston.sh" = { - extraDomainNames = ["*.winston.sh"]; + extraDomainNames = [ "*.winston.sh" ]; dnsProvider = "porkbun"; credentialsFile = config.age.secrets."lego/porkbun-credentials".path; }; diff --git a/config/default.nix b/config/default.nix index 7e70ffb..07f6dad 100644 --- a/config/default.nix +++ b/config/default.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ imports = [ ./games ./secrets @@ -9,6 +10,6 @@ ./users.nix ]; - environment.systemPackages = with pkgs; [wezterm.terminfo]; + environment.systemPackages = with pkgs; [ wezterm.terminfo ]; programs.git.enable = true; } diff --git a/config/games/valheim.nix b/config/games/valheim.nix index 94143c8..1a792bb 100644 --- a/config/games/valheim.nix +++ b/config/games/valheim.nix @@ -1,5 +1,7 @@ -{lib, ...}: { - nixpkgs.config.allowUnfreePredicate = pkg: +{ lib, ... }: +{ + nixpkgs.config.allowUnfreePredicate = + pkg: builtins.elem (lib.getName pkg) [ "valheim-server" "steamworks-sdk-redist" diff --git a/config/network.nix b/config/network.nix index 302cf7a..219fa0f 100644 --- a/config/network.nix +++ b/config/network.nix @@ -8,7 +8,7 @@ }; openssh = { enable = true; - ports = [22]; + ports = [ 22 ]; settings = { KexAlgorithms = [ "curve25519-sha256" diff --git a/config/nix.nix b/config/nix.nix index a9c78e2..0b98253 100644 --- a/config/nix.nix +++ b/config/nix.nix @@ -1,12 +1,16 @@ { nix = { gc.automatic = true; - settings = - (import ../flake.nix).nixConfig - // { - auto-optimise-store = true; - experimental-features = ["nix-command" "flakes"]; - trusted-users = ["@wheel" "winston"]; - }; + settings = (import ../flake.nix).nixConfig // { + auto-optimise-store = true; + experimental-features = [ + "nix-command" + "flakes" + ]; + trusted-users = [ + "@wheel" + "winston" + ]; + }; }; } diff --git a/config/secrets/default.nix b/config/secrets/default.nix index aa58b83..644f16f 100644 --- a/config/secrets/default.nix +++ b/config/secrets/default.nix @@ -1,7 +1,13 @@ -{lib, ...}: { - age.secrets = with builtins; - listToAttrs (map (k: { - name = lib.removeSuffix ".age" k; - value = {file = ./. + "/${k}";}; - }) (attrNames (import ./secrets.nix))); +{ lib, ... }: +{ + age.secrets = + with builtins; + listToAttrs ( + map (k: { + name = lib.removeSuffix ".age" k; + value = { + file = ./. + "/${k}"; + }; + }) (attrNames (import ./secrets.nix)) + ); } diff --git a/config/secrets/secrets.nix b/config/secrets/secrets.nix index b089c08..ff9dc50 100644 --- a/config/secrets/secrets.nix +++ b/config/secrets/secrets.nix @@ -2,8 +2,12 @@ let users.winston = "age1yubikey1qfkn095xth4ukxjye98ew4ul6xdkyz7sek0hd67yfjs5z6tv7q9jgnfchls"; systems.main-node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFcY5fuyxK8rs3eocLuLnvSPDL6qcvq7oUdYrE+wLj0y"; - default = [users.winston systems.main-node]; -in { + default = [ + users.winston + systems.main-node + ]; +in +{ "containers/faerber.env.age".publicKeys = default; "containers/ghcr-token.age".publicKeys = default; diff --git a/config/services/attic.nix b/config/services/attic.nix index dc07ec5..cb084e6 100644 --- a/config/services/attic.nix +++ b/config/services/attic.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.atticd = { enable = true; credentialsFile = config.age.secrets."services/attic/atticd.env".path; diff --git a/config/services/atuin.nix b/config/services/atuin.nix index eb711e0..59e8a9a 100644 --- a/config/services/atuin.nix +++ b/config/services/atuin.nix @@ -1,8 +1,5 @@ +{ config, pkgs, ... }: { - config, - pkgs, - ... -}: { services.atuin = { enable = true; package = pkgs.unstable.atuin; diff --git a/config/services/containers.nix b/config/services/containers.nix index 0967ef4..ffcd441 100644 --- a/config/services/containers.nix +++ b/config/services/containers.nix @@ -1 +1 @@ -{} +{ } diff --git a/config/services/forgejo.nix b/config/services/forgejo.nix index 0ff9b04..f4149a3 100644 --- a/config/services/forgejo.nix +++ b/config/services/forgejo.nix @@ -3,14 +3,17 @@ inputs, pkgs, ... -}: let - modules = ["services/misc/forgejo.nix" "services/continuous-integration/gitea-actions-runner.nix"]; -in { +}: +let + modules = [ + "services/misc/forgejo.nix" + "services/continuous-integration/gitea-actions-runner.nix" + ]; +in +{ # swap out stable for unstable modules disabledModules = modules; - imports = - builtins.map (v: "${inputs.nixpkgs-unstable}/nixos/modules/${v}") - modules; + imports = builtins.map (v: "${inputs.nixpkgs-unstable}/nixos/modules/${v}") modules; age.secrets = { "services/forgejo/minio-secretkey".owner = config.services.forgejo.user; @@ -18,7 +21,7 @@ in { }; # forgejo ssh - networking.firewall.allowedTCPPorts = [22]; + networking.firewall.allowedTCPPorts = [ 22 ]; # indexer services.elasticsearch.enable = true; @@ -44,16 +47,19 @@ in { settings = { DEFAULT.APP_NAME = "winston's forgejo"; - indexer = with config.services.elasticsearch; let - indexer = "elasticsearch"; - conn = "http://${listenAddress}:${toString port}"; - in { - REPO_INDEXER_ENABLED = true; - REPO_INDEXER_CONN_STR = conn; - REPO_INDEXER_TYPE = indexer; - ISSUE_INDEXER_CONN_STR = conn; - ISSUE_INDEXER_TYPE = indexer; - }; + indexer = + with config.services.elasticsearch; + let + indexer = "elasticsearch"; + conn = "http://${listenAddress}:${toString port}"; + in + { + REPO_INDEXER_ENABLED = true; + REPO_INDEXER_CONN_STR = conn; + REPO_INDEXER_TYPE = indexer; + ISSUE_INDEXER_CONN_STR = conn; + ISSUE_INDEXER_TYPE = indexer; + }; metrics = { ENABLED = true; @@ -121,7 +127,7 @@ in { name = "main"; url = config.services.forgejo.settings.server.ROOT_URL; tokenFile = config.age.secrets."services/forgejo/runner-token".path; - labels = ["ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest"]; + labels = [ "ubuntu-latest:docker://ghcr.io/catthehacker/ubuntu:act-latest" ]; settings.container = { network = "host"; options = "--add-host=forgejo.winston.sh:host-gateway"; diff --git a/config/services/freshrss.nix b/config/services/freshrss.nix index d73ed4e..2165868 100644 --- a/config/services/freshrss.nix +++ b/config/services/freshrss.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.freshrss = rec { enable = true; diff --git a/config/services/geoipupdate.nix b/config/services/geoipupdate.nix index 9e76a5b..14a6f87 100644 --- a/config/services/geoipupdate.nix +++ b/config/services/geoipupdate.nix @@ -1,10 +1,15 @@ -{config, ...}: { +{ config, ... }: +{ services.geoipupdate = { enable = true; settings = { AccountID = 1062126; LicenseKey = config.age.secrets."services/geoipupdate/license".path; - EditionIDs = ["GeoLite2-ASN" "GeoLite2-City" "GeoLite2-Country"]; + EditionIDs = [ + "GeoLite2-ASN" + "GeoLite2-City" + "GeoLite2-Country" + ]; }; }; } diff --git a/config/services/minio.nix b/config/services/minio.nix index aecf559..93901da 100644 --- a/config/services/minio.nix +++ b/config/services/minio.nix @@ -1,4 +1,5 @@ -{config, ...}: { +{ config, ... }: +{ services.minio = { enable = true; browser = true; diff --git a/config/services/monitoring.nix b/config/services/monitoring.nix index e33271e..058d11f 100644 --- a/config/services/monitoring.nix +++ b/config/services/monitoring.nix @@ -3,7 +3,8 @@ lib, pkgs, ... -}: let +}: +let geoipDir = config.services.geoipupdate.settings.DatabaseDirectory; log_params = [ @@ -25,7 +26,8 @@ ]; log_format = lib.concatStringsSep " " (map (p: "${p}=\"\$${p}\"") log_params); log_file = "/var/log/nginx/access.log"; -in { +in +{ services.grafana = { enable = true; settings = { @@ -50,7 +52,7 @@ in { }; services.nginx = { - additionalModules = [pkgs.nginxModules.geoip2]; + additionalModules = [ pkgs.nginxModules.geoip2 ]; commonHttpConfig = # nginx '' @@ -82,10 +84,12 @@ in { globalConfig.scrape_interval = "10s"; scrapeConfigs = - (builtins.map (config: { + (builtins.map + (config: { inherit (config) job_name; - static_configs = [{targets = ["localhost:${toString config.port}"];}]; - }) [ + static_configs = [ { targets = [ "localhost:${toString config.port}" ]; } ]; + }) + [ { job_name = "fail2ban"; port = 9191; @@ -106,17 +110,20 @@ in { job_name = "postgres"; port = config.services.prometheus.exporters.postgres.port; } - ]) + ] + ) ++ [ { job_name = "minio"; bearer_token_file = config.age.secrets."services/prometheus/minio-bearer-token".path; metrics_path = "/minio/v2/metrics/cluster"; - static_configs = [{targets = [config.services.minio.listenAddress];}]; + static_configs = [ { targets = [ config.services.minio.listenAddress ]; } ]; } { job_name = "forgejo"; - static_configs = with config.services.forgejo.settings.server; [{targets = ["${HTTP_ADDR}:${toString HTTP_PORT}"];}]; + static_configs = with config.services.forgejo.settings.server; [ + { targets = [ "${HTTP_ADDR}:${toString HTTP_PORT}" ]; } + ]; } ]; @@ -159,14 +166,30 @@ in { } ]; - source.files = [log_file]; + source.files = [ log_file ]; } ]; }; node = { enable = true; - enabledCollectors = ["logind" "processes" "systemd"]; - disabledCollectors = ["bonding" "fibrechannel" "infiniband" "ipvs" "mdadm" "nfs" "nfsd" "nvme" "tapestats" "watchdog" "zfs"]; + enabledCollectors = [ + "logind" + "processes" + "systemd" + ]; + disabledCollectors = [ + "bonding" + "fibrechannel" + "infiniband" + "ipvs" + "mdadm" + "nfs" + "nfsd" + "nvme" + "tapestats" + "watchdog" + "zfs" + ]; }; postgres = { enable = true; @@ -177,11 +200,11 @@ in { }; systemd.services.prometheus-fail2ban-exporter = { - wantedBy = ["multi-user.target"]; - after = ["network.target"]; - requires = ["network-online.target"]; + wantedBy = [ "multi-user.target" ]; + after = [ "network.target" ]; + requires = [ "network-online.target" ]; serviceConfig = { - ExecStart = [(lib.getExe pkgs.prometheus-fail2ban-exporter)]; + ExecStart = [ (lib.getExe pkgs.prometheus-fail2ban-exporter) ]; Restart = "on-failure"; NoNewPrivileges = true; User = "root"; diff --git a/config/services/nextcloud.nix b/config/services/nextcloud.nix index 6ae9519..f8c6838 100644 --- a/config/services/nextcloud.nix +++ b/config/services/nextcloud.nix @@ -1,8 +1,5 @@ +{ config, pkgs, ... }: { - config, - pkgs, - ... -}: { age.secrets = { "services/nextcloud/admin-password".owner = "nextcloud"; "services/nextcloud/s3-secret".owner = "nextcloud"; @@ -20,8 +17,7 @@ }; extraApps = { - inherit - (config.services.nextcloud.package.packages.apps) + inherit (config.services.nextcloud.package.packages.apps) end_to_end_encryption previewgenerator twofactor_webauthn diff --git a/config/services/nginx.nix b/config/services/nginx.nix index 6db6144..7f1984c 100644 --- a/config/services/nginx.nix +++ b/config/services/nginx.nix @@ -1,13 +1,11 @@ -{ - config, - pkgs, - ... -}: let - snakeoilCert = pkgs.runCommand "nginx-snakeoil-cert" {buildInputs = [pkgs.openssl];} '' +{ config, pkgs, ... }: +let + snakeoilCert = pkgs.runCommand "nginx-snakeoil-cert" { buildInputs = [ pkgs.openssl ]; } '' mkdir "$out" openssl req -newkey rsa:4096 -x509 -sha256 -days 36500 -subj '/CN=Snakeoil CA' -nodes -out "$out/cert.pem" -keyout "$out/cert.key" ''; -in { +in +{ services.nginx = { enable = true; package = pkgs.nginxMainline; @@ -44,11 +42,14 @@ in { security.dhparams = { enable = true; - params.nginx = {}; + params.nginx = { }; }; - networking.firewall.allowedTCPPorts = [80 443]; + networking.firewall.allowedTCPPorts = [ + 80 + 443 + ]; # allow nginx to access Acme secrets - users.users.nginx.extraGroups = ["acme"]; + users.users.nginx.extraGroups = [ "acme" ]; } diff --git a/config/services/postgres.nix b/config/services/postgres.nix index cb7c66d..63b6de1 100644 --- a/config/services/postgres.nix +++ b/config/services/postgres.nix @@ -1,4 +1,5 @@ -{pkgs, ...}: { +{ pkgs, ... }: +{ services.postgresql = { enable = true; package = pkgs.postgresql_14; diff --git a/config/services/renovate.nix b/config/services/renovate.nix index a82e9aa..384a592 100644 --- a/config/services/renovate.nix +++ b/config/services/renovate.nix @@ -3,8 +3,9 @@ inputs, pkgs, ... -}: { - imports = ["${inputs.nixpkgs-unstable}/nixos/modules/services/misc/renovate.nix"]; +}: +{ + imports = [ "${inputs.nixpkgs-unstable}/nixos/modules/services/misc/renovate.nix" ]; services.renovate = { enable = true; @@ -23,7 +24,7 @@ platform = "gitea"; gitAuthor = "renovate[bot] "; autodiscover = true; - autodiscoverTopics = ["managed-by-renovate"]; + autodiscoverTopics = [ "managed-by-renovate" ]; # performance cachePrivatePackages = true; diff --git a/config/services/wakapi.nix b/config/services/wakapi.nix index 825034c..e4840fc 100644 --- a/config/services/wakapi.nix +++ b/config/services/wakapi.nix @@ -1,8 +1,5 @@ +{ config, pkgs, ... }: { - config, - pkgs, - ... -}: { services.wakapi = { enable = true; package = pkgs.unstable.wakapi; @@ -30,7 +27,7 @@ # for agenix owner permissions age.secrets."services/wakapi/password-salt.env".owner = "wakapi"; users = { - groups.wakapi = {}; + groups.wakapi = { }; users.wakapi = { isSystemUser = true; group = "wakapi"; diff --git a/config/users.nix b/config/users.nix index 237a114..62e0dd4 100644 --- a/config/users.nix +++ b/config/users.nix @@ -3,29 +3,35 @@ lib, pkgs, ... -}: let +}: +let nu_scripts = "${pkgs.nu_scripts}/share/nu_scripts"; - mkCompletions = completions: + mkCompletions = + completions: lib.concatStringsSep "\n" ( builtins.map ( el: "source ${nu_scripts}/custom-completions/${el.name or el}/${el.filename or el}-completions.nu" - ) - completions + ) completions ); -in { +in +{ i18n.defaultLocale = "en_US.UTF-8"; users = { mutableUsers = false; users.root = { hashedPasswordFile = config.age.secrets."system/password-root".path; - openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgFwSZPS1B3wndghjmgmamdM5LZ7hqv4fZsbcmYBQWT"] ++ config.users.users.winston.openssh.authorizedKeys.keys; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgFwSZPS1B3wndghjmgmamdM5LZ7hqv4fZsbcmYBQWT" + ] ++ config.users.users.winston.openssh.authorizedKeys.keys; }; users.winston = { - extraGroups = ["wheel"]; + extraGroups = [ "wheel" ]; hashedPasswordFile = config.age.secrets."system/password-winston".path; isNormalUser = true; - openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh"]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILm0O46zW/XfVOSwz0okRWYeOAg+wCVkCtCAoVTpZsOh" + ]; }; }; @@ -102,7 +108,12 @@ in { } source ${nu_scripts}/aliases/git/git-aliases.nu - ${mkCompletions ["git" "man" "rg" "tar"]} + ${mkCompletions [ + "git" + "man" + "rg" + "tar" + ]} ''; }; starship.enable = true; diff --git a/flake.nix b/flake.nix index 4a604df..7cd038d 100644 --- a/flake.nix +++ b/flake.nix @@ -1,19 +1,21 @@ { - outputs = { - flake-parts, - nixpkgs, - nixpkgs-unstable, - self, - ... - } @ inputs: let - overlays = [ - (final: _: { - unstable = nixpkgs-unstable.legacyPackages.${final.system}; - prometheus-fail2ban-exporter = final.callPackage ./pkgs/prometheus-fail2ban-exporter {}; - }) - ]; - in - flake-parts.lib.mkFlake {inherit inputs;} { + outputs = + { + flake-parts, + nixpkgs, + nixpkgs-unstable, + self, + ... + }@inputs: + let + overlays = [ + (final: _: { + unstable = nixpkgs-unstable.legacyPackages.${final.system}; + prometheus-fail2ban-exporter = final.callPackage ./pkgs/prometheus-fail2ban-exporter { }; + }) + ]; + in + flake-parts.lib.mkFlake { inherit inputs; } { flake = { nixosConfigurations.main-node = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -33,7 +35,9 @@ inputs.satisfactory-server.nixosModules.default inputs.valheim-server.nixosModules.default ]; - specialArgs = {inherit inputs;}; + specialArgs = { + inherit inputs; + }; }; checks = builtins.mapAttrs (_: deployLib: deployLib.deployChecks self.deploy) inputs.deploy-rs.lib; @@ -47,48 +51,52 @@ }; }; - perSystem = { - config, - inputs', - pkgs, - self', - system, - ... - }: { - _module.args.pkgs = import nixpkgs { - inherit overlays system; - }; + perSystem = + { + config, + inputs', + pkgs, + self', + system, + ... + }: + { + _module.args.pkgs = import nixpkgs { inherit overlays system; }; - devShells.default = pkgs.mkShell { - inherit (config.pre-commit.devShell) shellHook; - buildInputs = [ - inputs'.agenix.packages.agenix - pkgs.age-plugin-yubikey - pkgs.unstable.deploy-rs - pkgs.unstable.nh - pkgs.unstable.nixd - self'.formatter - ]; - }; + devShells.default = pkgs.mkShell { + inherit (config.pre-commit.devShell) shellHook; + buildInputs = [ + inputs'.agenix.packages.agenix + pkgs.age-plugin-yubikey + pkgs.unstable.deploy-rs + pkgs.unstable.nh + pkgs.unstable.nixd + self'.formatter + ]; + }; - formatter = pkgs.alejandra; + formatter = pkgs.nixfmt-rfc-style; - pre-commit = { - check.enable = true; - settings.excludes = ["_sources/"]; - settings.hooks = { - alejandra.enable = true; - commitizen.enable = true; - deadnix.enable = true; - editorconfig-checker.enable = true; - nil.enable = true; - shellcheck.enable = true; + pre-commit = { + check.enable = true; + settings.excludes = [ "_sources/" ]; + settings.hooks = { + commitizen.enable = true; + editorconfig-checker.enable = true; + nil.enable = true; + nixfmt-rfc-style.enable = true; + shellcheck.enable = true; + }; }; }; - }; - imports = [inputs.pre-commit-hooks.flakeModule]; - systems = ["x86_64-linux" "aarch64-linux" "aarch64-darwin" "x86_64-darwin"]; + imports = [ inputs.pre-commit-hooks.flakeModule ]; + systems = [ + "x86_64-linux" + "aarch64-linux" + "aarch64-darwin" + "x86_64-darwin" + ]; }; inputs = { diff --git a/hosts/main-node/default.nix b/hosts/main-node/default.nix index 15b3c5f..c870734 100644 --- a/hosts/main-node/default.nix +++ b/hosts/main-node/default.nix @@ -1,5 +1,6 @@ -{pkgs, ...}: { - imports = [./hardware-configuration.nix]; +{ pkgs, ... }: +{ + imports = [ ./hardware-configuration.nix ]; boot = { loader = { diff --git a/hosts/main-node/hardware-configuration.nix b/hosts/main-node/hardware-configuration.nix index cb9bfc1..628df70 100644 --- a/hosts/main-node/hardware-configuration.nix +++ b/hosts/main-node/hardware-configuration.nix @@ -3,35 +3,41 @@ lib, modulesPath, ... -}: { - imports = [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; +}: +{ + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; - boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"]; - boot.initrd.kernelModules = []; - boot.kernelModules = []; - boot.extraModulePackages = []; + boot.initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + "sd_mod" + "sr_mod" + ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/8e282da8-0e52-4515-8647-fff793b8ead8"; fsType = "btrfs"; - options = ["subvol=root"]; + options = [ "subvol=root" ]; }; fileSystems."/home" = { device = "/dev/disk/by-uuid/8e282da8-0e52-4515-8647-fff793b8ead8"; fsType = "btrfs"; - options = ["subvol=home"]; + options = [ "subvol=home" ]; }; fileSystems."/nix" = { device = "/dev/disk/by-uuid/8e282da8-0e52-4515-8647-fff793b8ead8"; fsType = "btrfs"; - options = ["subvol=nix"]; + options = [ "subvol=nix" ]; }; - swapDevices = []; + swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/modules/default.nix b/modules/default.nix index 62a9ab2..dda2a10 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,5 +1 @@ -{ - imports = [ - ./wakapi.nix - ]; -} +{ imports = [ ./wakapi.nix ]; } diff --git a/modules/wakapi.nix b/modules/wakapi.nix index a19ab9c..136f514 100644 --- a/modules/wakapi.nix +++ b/modules/wakapi.nix @@ -3,9 +3,10 @@ lib, pkgs, ... -}: let +}: +let cfg = config.services.wakapi; - settingsFormat = pkgs.formats.yaml {}; + settingsFormat = pkgs.formats.yaml { }; inherit (lib) types; settingsFile = settingsFormat.generate "wakapi-settings" cfg.settings; @@ -13,9 +14,9 @@ serviceConfig = { systemd.services.wakapi = { description = "Wakapi (self-hosted WakaTime-compatible backend)"; - wants = ["network-online.target"]; - after = ["network-online.target"]; - wantedBy = ["multi-user.target"]; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + wantedBy = [ "multi-user.target" ]; script = '' exec ${pkgs.wakapi}/bin/wakapi -config ${settingsFile} @@ -36,7 +37,11 @@ ProtectKernelTunables = true; ProtectProc = "invisible"; ProtectSystem = "strict"; - RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_UNIX"]; + RestrictAddressFamilies = [ + "AF_INET" + "AF_INET6" + "AF_UNIX" + ]; RestrictNamespaces = true; RestrictRealtime = true; RestrictSUIDSGID = true; @@ -77,8 +82,8 @@ }; systemd.services.wakapi = { - requires = ["postgresql.service"]; - after = ["postgresql.service"]; + requires = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; }; }; @@ -97,10 +102,11 @@ public_url = lib.mkDefault cfg.domain; }; }; -in { +in +{ options.services.wakapi = { enable = lib.mkEnableOption "Wakapi"; - package = lib.mkPackageOption pkgs "wakapi" {}; + package = lib.mkPackageOption pkgs "wakapi" { }; port = lib.mkOption { type = types.int; @@ -176,7 +182,7 @@ in { settings = lib.mkOption { type = settingsFormat.type; - default = {}; + default = { }; description = lib.mkDoc '' Settings for Wakapi. @@ -185,9 +191,11 @@ in { }; }; - config = lib.mkIf cfg.enable (lib.mkMerge [ - databaseConfig - nginxConfig - serviceConfig - ]); + config = lib.mkIf cfg.enable ( + lib.mkMerge [ + databaseConfig + nginxConfig + serviceConfig + ] + ); } diff --git a/pkgs/prometheus-fail2ban-exporter/default.nix b/pkgs/prometheus-fail2ban-exporter/default.nix index 9e97ff4..bfde013 100644 --- a/pkgs/prometheus-fail2ban-exporter/default.nix +++ b/pkgs/prometheus-fail2ban-exporter/default.nix @@ -2,26 +2,27 @@ buildGoModule, fetchFromGitLab, lib, -}: let +}: +let version = "0.10.1"; in - buildGoModule { - pname = "prometheus-fail2ban-exporter"; - inherit version; +buildGoModule { + pname = "prometheus-fail2ban-exporter"; + inherit version; - src = fetchFromGitLab { - owner = "hectorjsmith"; - repo = "fail2ban-prometheus-exporter"; - rev = "v${version}"; - sha256 = "sha256-zGEhDy3uXIbvx4agSA8Mx7bRtiZZtoDZGbNbHc9L+yI="; - }; + src = fetchFromGitLab { + owner = "hectorjsmith"; + repo = "fail2ban-prometheus-exporter"; + rev = "v${version}"; + sha256 = "sha256-zGEhDy3uXIbvx4agSA8Mx7bRtiZZtoDZGbNbHc9L+yI="; + }; - vendorHash = "sha256-5o8p5p0U/c0WAIV5dACnWA3ThzSh2tt5LIFMb59i9GY="; + vendorHash = "sha256-5o8p5p0U/c0WAIV5dACnWA3ThzSh2tt5LIFMb59i9GY="; - meta = with lib; { - mainProgram = "fail2ban-prometheus-exporter"; - description = "Collect and export metrics on Fail2Ban"; - homepage = "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter"; - license = licenses.mit; - }; - } + meta = with lib; { + mainProgram = "fail2ban-prometheus-exporter"; + description = "Collect and export metrics on Fail2Ban"; + homepage = "https://gitlab.com/hectorjsmith/fail2ban-prometheus-exporter"; + license = licenses.mit; + }; +}