From ebc2829be8ffda323b7fa41192c2b5db33520b7f Mon Sep 17 00:00:00 2001 From: "root@dishwasher" Date: Sun, 26 Jun 2022 21:19:15 +0200 Subject: [PATCH] nixpkgs-fmt --- hosts/cirrus/configuration.nix | 2 +- hosts/cirrus/hardware-configuration.nix | 9 +- hosts/cirrus/nextcloud-proxy.nix | 8 +- hosts/cirrus/wireguard-server.nix | 32 ++-- hosts/dishwasher/configuration.nix | 11 +- hosts/dishwasher/hardware-configuration.nix | 21 ++- hosts/dishwasher/mcvm-network.nix | 19 +-- hosts/dishwasher/oxalab.nix | 10 +- microvms/nextcloud/default.nix | 157 ++++++++++---------- microvms/nextcloud/oxaproxy.nix | 18 +-- modules/wireguard.nix | 14 +- 11 files changed, 157 insertions(+), 144 deletions(-) diff --git a/hosts/cirrus/configuration.nix b/hosts/cirrus/configuration.nix index d26af82..6b0ba45 100644 --- a/hosts/cirrus/configuration.nix +++ b/hosts/cirrus/configuration.nix @@ -22,7 +22,7 @@ networks."uplink" = { matchConfig = { Name = "enp1s0"; }; networkConfig = { - DHCP="yes"; # hetzner suggests this as default + DHCP = "yes"; # hetzner suggests this as default }; }; }; diff --git a/hosts/cirrus/hardware-configuration.nix b/hosts/cirrus/hardware-configuration.nix index bedfc3b..0325243 100644 --- a/hosts/cirrus/hardware-configuration.nix +++ b/hosts/cirrus/hardware-configuration.nix @@ -5,7 +5,8 @@ { imports = - [ (modulesPath + "/profiles/qemu-guest.nix") + [ + (modulesPath + "/profiles/qemu-guest.nix") ]; boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ]; @@ -14,12 +15,14 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/627952eb-107a-43c3-8223-bfea9af92837"; + { + device = "/dev/disk/by-uuid/627952eb-107a-43c3-8223-bfea9af92837"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/5CA6-CCE4"; + { + device = "/dev/disk/by-uuid/5CA6-CCE4"; fsType = "vfat"; }; diff --git a/hosts/cirrus/nextcloud-proxy.nix b/hosts/cirrus/nextcloud-proxy.nix index 7e9a351..647d29f 100644 --- a/hosts/cirrus/nextcloud-proxy.nix +++ b/hosts/cirrus/nextcloud-proxy.nix @@ -24,14 +24,14 @@ ''; locations = { "/" = { - # extraConfig = '' return 503; ''; - proxyPass = "http://10.34.45.100:8080"; + # extraConfig = '' return 503; ''; + proxyPass = "http://10.34.45.100:8080"; }; "/well-known/carddav" = { - return = "301 $scheme://$host/remote.php/dav"; + return = "301 $scheme://$host/remote.php/dav"; }; "/well-known/caldav" = { - return = "301 $scheme://$host/remote.php/dav"; + return = "301 $scheme://$host/remote.php/dav"; }; }; diff --git a/hosts/cirrus/wireguard-server.nix b/hosts/cirrus/wireguard-server.nix index c474e0f..ee4cf60 100644 --- a/hosts/cirrus/wireguard-server.nix +++ b/hosts/cirrus/wireguard-server.nix @@ -19,20 +19,20 @@ { # microwave wireguardPeerConfig = { - # nextcloud down, have to keep things in here: https://www.youtube.com/watch?v=1c6v7j1TUBI - PublicKey = "0zpfcNrmbsNwwbnDDX4SMl4BVTB0zuhGKixT9TJQoHc="; - AllowedIPs = [ "10.66.66.10/32" ]; - PersistentKeepalive = 25; - }; + # nextcloud down, have to keep things in here: https://www.youtube.com/watch?v=1c6v7j1TUBI + PublicKey = "0zpfcNrmbsNwwbnDDX4SMl4BVTB0zuhGKixT9TJQoHc="; + AllowedIPs = [ "10.66.66.10/32" ]; + PersistentKeepalive = 25; + }; } { # Dishwasher wireguardPeerConfig = { - # nextcloud down, have to keep things in here: https://www.youtube.com/watch?v=1c6v7j1TUBI - PublicKey = "AdWUBbyeRkxdP9HUu25PpISoxbgQ8oeCw3BmV93xtAw="; - AllowedIPs = [ "10.66.66.100/32" ]; - PersistentKeepalive = 25; - }; + # nextcloud down, have to keep things in here: https://www.youtube.com/watch?v=1c6v7j1TUBI + PublicKey = "AdWUBbyeRkxdP9HUu25PpISoxbgQ8oeCw3BmV93xtAw="; + AllowedIPs = [ "10.66.66.100/32" ]; + PersistentKeepalive = 25; + }; } ]; }; @@ -60,12 +60,12 @@ wireguardPeers = [ # nextcloud { - wireguardPeerConfig = { - PublicKey ="KCYoGx7TGei4X79EZo2NONCcmQjPzBUN1Ds6I9lQbz0="; - AllowedIPs = [ "10.34.45.100/32" ]; - PersistentKeepalive = 25; - }; - } + wireguardPeerConfig = { + PublicKey = "KCYoGx7TGei4X79EZo2NONCcmQjPzBUN1Ds6I9lQbz0="; + AllowedIPs = [ "10.34.45.100/32" ]; + PersistentKeepalive = 25; + }; + } ]; }; networks."oxaproxy" = { diff --git a/hosts/dishwasher/configuration.nix b/hosts/dishwasher/configuration.nix index ea1b070..ffa9ff7 100644 --- a/hosts/dishwasher/configuration.nix +++ b/hosts/dishwasher/configuration.nix @@ -6,9 +6,10 @@ { imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; + [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; @@ -35,7 +36,7 @@ }; networkConfig = { DHCP = "yes"; - LinkLocalAddressing="ipv6"; + LinkLocalAddressing = "ipv6"; IPv6AcceptRA = "yes"; }; dhcpV6Config = { @@ -47,7 +48,7 @@ }; }; - services.resolved={ + services.resolved = { enable = true; fallbackDns = [ "8.8.8.8" diff --git a/hosts/dishwasher/hardware-configuration.nix b/hosts/dishwasher/hardware-configuration.nix index ebbd0ff..f9735fb 100644 --- a/hosts/dishwasher/hardware-configuration.nix +++ b/hosts/dishwasher/hardware-configuration.nix @@ -5,7 +5,8 @@ { imports = - [ (modulesPath + "/installer/scan/not-detected.nix") + [ + (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; @@ -14,37 +15,43 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1"; + { + device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1"; fsType = "btrfs"; options = [ "subvol=nixos" "compress=zstd" "noatime" ]; }; fileSystems."/var/lib" = - { device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1"; + { + device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1"; fsType = "btrfs"; options = [ "subvol=var-lib" "compress=zstd" "noatime" ]; }; fileSystems."/var/log" = - { device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1"; + { + device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1"; fsType = "btrfs"; options = [ "subvol=var-log" "compress=zstd" "noatime" ]; }; fileSystems."/var/microvms" = - { device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1"; + { + device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1"; fsType = "btrfs"; options = [ "subvol=microvms" "compress=zstd" "noatime" ]; }; fileSystems."/nix" = - { device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1"; + { + device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1"; fsType = "btrfs"; options = [ "subvol=nix" "compress=zstd" "noatime" ]; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/2A04-BFAE"; + { + device = "/dev/disk/by-uuid/2A04-BFAE"; fsType = "vfat"; }; diff --git a/hosts/dishwasher/mcvm-network.nix b/hosts/dishwasher/mcvm-network.nix index 518cab8..bd7c1b9 100644 --- a/hosts/dishwasher/mcvm-network.nix +++ b/hosts/dishwasher/mcvm-network.nix @@ -11,14 +11,15 @@ DHCPServer = false; IPv6SendRA = true; }; - addresses = [ { + addresses = [{ addressConfig.Address = "10.99.99.1/24"; - } { - addressConfig.Address = "fd12:3456:789a::1/64"; - } ]; - ipv6Prefixes = [ { + } + { + addressConfig.Address = "fd12:3456:789a::1/64"; + }]; + ipv6Prefixes = [{ ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64"; - } ]; + }]; # networkConfig = { # Address = "10.99.99.1/24"; # IPForward = "ipv4"; @@ -27,9 +28,9 @@ # routeConfig = { # GatewayOnLink = true; # };}]; - # IPForward = "ipv4"; - # DHCPServer = true; - # IPv6SendRA = true; + # IPForward = "ipv4"; + # DHCPServer = true; + # IPv6SendRA = true; # addresses = [{ # addressConfig.Address = "10.99.99.1/24"; # }]; diff --git a/hosts/dishwasher/oxalab.nix b/hosts/dishwasher/oxalab.nix index ffe34fa..7e79971 100644 --- a/hosts/dishwasher/oxalab.nix +++ b/hosts/dishwasher/oxalab.nix @@ -15,11 +15,11 @@ { # cirrus wireguardPeerConfig = { - PublicKey = "5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E="; - AllowedIPs = [ "10.66.66.0/24" ]; - Endpoint = [ "95.216.166.21:51820" ]; - PersistentKeepalive = 25; - }; + PublicKey = "5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E="; + AllowedIPs = [ "10.66.66.0/24" ]; + Endpoint = [ "95.216.166.21:51820" ]; + PersistentKeepalive = 25; + }; } ]; }; diff --git a/microvms/nextcloud/default.nix b/microvms/nextcloud/default.nix index c6c07bd..84625c9 100644 --- a/microvms/nextcloud/default.nix +++ b/microvms/nextcloud/default.nix @@ -26,97 +26,98 @@ recommendedOptimisation = true; virtualHosts."nc.oxapentane.com" = { extraConfig = '' - # HTTP response headers borrowed from Nextcloud .htaccess - add_header Referrer-Policy "no-referrer" always; - #add_header X-Content-Type-Options "nosniff" always; - add_header X-Download-Options "noopen" always; - #add_header X-Frame-Options "SAMEORIGIN" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Robots-Tag "none" always; - add_header X-XSS-Protection "1; mode=block" always; + # HTTP response headers borrowed from Nextcloud .htaccess + add_header Referrer-Policy "no-referrer" always; + #add_header X-Content-Type-Options "nosniff" always; + add_header X-Download-Options "noopen" always; + #add_header X-Frame-Options "SAMEORIGIN" always; + add_header X-Permitted-Cross-Domain-Policies "none" always; + add_header X-Robots-Tag "none" always; + add_header X-XSS-Protection "1; mode=block" always; - # Remove X-Powered-By, which is an information leak - fastcgi_hide_header X-Powered-By; + # Remove X-Powered-By, which is an information leak + fastcgi_hide_header X-Powered-By; ''; listen = [{ - # We are listening on wireguard interface only - addr = "10.34.45.100"; - port = 8080; - ssl = false; - }]; - }; - }; + # We are listening on wireguard interface only + addr = "10.34.45.100"; + port = 8080; + ssl = false; + }]; + }; + }; - services.nextcloud = { - enable = true; - hostName = "nc.oxapentane.com"; - home = "/var/lib/nextcloud-oxa"; - package = pkgs.nextcloud24; - maxUploadSize = "5000M"; - caching.redis = true; - autoUpdateApps = { - enable = true; - startAt = "07:00:00"; - }; - config = { - overwriteProtocol = "https"; - trustedProxies = [ "10.34.45.1" ]; + services.nextcloud = { + enable = true; + hostName = "nc.oxapentane.com"; + home = "/var/lib/nextcloud-oxa"; + package = pkgs.nextcloud24; + maxUploadSize = "5000M"; + caching.redis = true; + autoUpdateApps = { + enable = true; + startAt = "07:00:00"; + }; + config = { + overwriteProtocol = "https"; + trustedProxies = [ "10.34.45.1" ]; - dbtype = "pgsql"; - dbuser = "nextcloud"; - dbhost = "/run/postgresql"; - dbname = "nextcloud"; - adminuser = "admin"; - adminpassFile = config.sops.secrets."nextcloud/adminpass".path; - }; - }; + dbtype = "pgsql"; + dbuser = "nextcloud"; + dbhost = "/run/postgresql"; + dbname = "nextcloud"; + adminuser = "admin"; + adminpassFile = config.sops.secrets."nextcloud/adminpass".path; + }; + }; - systemd.services."nextcloud-setup" = { - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - }; + systemd.services."nextcloud-setup" = { + requires = [ "postgresql.service" ]; + after = [ "postgresql.service" ]; + }; - microvm = { - hypervisor = "qemu"; - mem = 4 * 1024; + microvm = { + hypervisor = "qemu"; + mem = 4 * 1024; - shares = [{ - source = "/nix/store"; - mountPoint = "/nix/.ro-store"; - tag = "store"; - proto = "virtiofs"; - socket = "store.socket"; - }] ++ map (dir: { - source = "/var/lib/microvms/${config.networking.hostName}/${dir}"; - mountPoint = "/${dir}"; - tag = dir; - proto = "virtiofs"; - socket = "${dir}.socket"; - }) [ "etc" "var" "home" ]; + shares = [{ + source = "/nix/store"; + mountPoint = "/nix/.ro-store"; + tag = "store"; + proto = "virtiofs"; + socket = "store.socket"; + }] ++ map + (dir: { + source = "/var/lib/microvms/${config.networking.hostName}/${dir}"; + mountPoint = "/${dir}"; + tag = dir; + proto = "virtiofs"; + socket = "${dir}.socket"; + }) [ "etc" "var" "home" ]; - interfaces = [{ - type = "tap"; - id = "vm-nextcloud"; - mac = "EA:40:E8:60:C5:36"; - }]; - }; + interfaces = [{ + type = "tap"; + id = "vm-nextcloud"; + mac = "EA:40:E8:60:C5:36"; + }]; + }; - networking = { - hostName = "nextcloud"; - }; + networking = { + hostName = "nextcloud"; + }; - services.openssh = { - enable = true; - permitRootLogin = "prohibit-password"; - }; + services.openssh = { + enable = true; + permitRootLogin = "prohibit-password"; + }; - networking.firewall.allowedTCPPorts = [ 22 ]; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP6xE2ey0C8XXfvniiiHiqXsCC277jKI9RXEA+s2LQLUI5zl7v350i3Oa8H3NCcPj39lfMreqE6ncxcOhqYyzahPrrMkOqgbPAoRvq8H3ophLK+56O3xdHoKwLBwRD1yoGACjqG4UTiTrmnN2ateENgYcnTEY1e4vDw1qMj1drUXCsZ/6mkBBmHJiFfCaR4yCMt1r4gGi/dAC7ifnBP3oSyV/lJEwPxYYkGlbOBIvX/7Ar98pJS6xYPB3jHs9gwyNNON63d0fNYrwBojXPPCnGGaRZNOkBTzex3zZYp12ThINQ2xl8tRp9D8qpZ7vrLjhTD6AXkOBRzmDj+NsCeEaeTuWajqUM93iKncYUI+JxR1t7q8gA2pBMFzLesMXnx7R+5Kw7QDtSJM7a4GMIfsocPwf64BH6rzxEz68rXFE3P+J77PPM9CuaYw90JXHo3z220zYw2nMQ/1qjATVZw/hiVrLmQMVfmFJIufnGjTBs2sy3IoNyzvYm/oDeNNg1cdSV9gyyRKZhK08fxjXN5GSf9vZkfZa9tHtqaZ99HI40GQBHUVx1K2/NQJY8TVTSA+v16SFnJK8BIbmp/WFCuvDcMkgLIbqiYtDASe7P2mKIib86uOENT+P820egeLiTQ06kFw/gfUa8t69d5qEcjiQZ+lxCeYIs/E9KrEXHvRUWew== cardno:16 811 348" - ]; + networking.firewall.allowedTCPPorts = [ 22 ]; + users.users.root.openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP6xE2ey0C8XXfvniiiHiqXsCC277jKI9RXEA+s2LQLUI5zl7v350i3Oa8H3NCcPj39lfMreqE6ncxcOhqYyzahPrrMkOqgbPAoRvq8H3ophLK+56O3xdHoKwLBwRD1yoGACjqG4UTiTrmnN2ateENgYcnTEY1e4vDw1qMj1drUXCsZ/6mkBBmHJiFfCaR4yCMt1r4gGi/dAC7ifnBP3oSyV/lJEwPxYYkGlbOBIvX/7Ar98pJS6xYPB3jHs9gwyNNON63d0fNYrwBojXPPCnGGaRZNOkBTzex3zZYp12ThINQ2xl8tRp9D8qpZ7vrLjhTD6AXkOBRzmDj+NsCeEaeTuWajqUM93iKncYUI+JxR1t7q8gA2pBMFzLesMXnx7R+5Kw7QDtSJM7a4GMIfsocPwf64BH6rzxEz68rXFE3P+J77PPM9CuaYw90JXHo3z220zYw2nMQ/1qjATVZw/hiVrLmQMVfmFJIufnGjTBs2sy3IoNyzvYm/oDeNNg1cdSV9gyyRKZhK08fxjXN5GSf9vZkfZa9tHtqaZ99HI40GQBHUVx1K2/NQJY8TVTSA+v16SFnJK8BIbmp/WFCuvDcMkgLIbqiYtDASe7P2mKIib86uOENT+P820egeLiTQ06kFw/gfUa8t69d5qEcjiQZ+lxCeYIs/E9KrEXHvRUWew== cardno:16 811 348" + ]; - system.stateVersion = "22.05"; - } + system.stateVersion = "22.05"; +} diff --git a/microvms/nextcloud/oxaproxy.nix b/microvms/nextcloud/oxaproxy.nix index 42290ac..c980cce 100644 --- a/microvms/nextcloud/oxaproxy.nix +++ b/microvms/nextcloud/oxaproxy.nix @@ -12,9 +12,9 @@ wireguardConfig = { PrivateKeyFile = config.sops.secrets."wg/oxaproxy-seckey".path; #own pubkey: KCYoGx7TGei4X79EZo2NONCcmQjPzBUN1Ds6I9lQbz0= - }; - wireguardPeers = [ - { + }; + wireguardPeers = [ + { # cirrus wireguardPeerConfig = { PublicKey = "0KMtL2fQOrrCH6c2a2l4FKiM73G86sUuyaNj4FarzVM="; @@ -40,16 +40,16 @@ routes = [ { routeConfig = { - Gateway="10.99.99.1"; - Destination="0.0.0.0/0"; - Metric=1024; + Gateway = "10.99.99.1"; + Destination = "0.0.0.0/0"; + Metric = 1024; }; } { routeConfig = { - Gateway="10.99.99.1"; - Destination="10.99.99.0/24"; - Metric=1024; + Gateway = "10.99.99.1"; + Destination = "10.99.99.0/24"; + Metric = 1024; }; } ]; diff --git a/modules/wireguard.nix b/modules/wireguard.nix index 84287a7..871dc6e 100644 --- a/modules/wireguard.nix +++ b/modules/wireguard.nix @@ -14,17 +14,17 @@ } ]; }; - + wg-dvb = { privateKeyFile = config.sops.secrets."wg/wg-dvb-seckey".path; address = [ "10.13.37.3/32" ]; - peers = [ { - publicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY="; - allowedIPs = [ "10.13.37.0/24" ]; - endpoint = "academicstrokes.com:51820"; - persistentKeepalive = 25; - } ]; + peers = [{ + publicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY="; + allowedIPs = [ "10.13.37.0/24" ]; + endpoint = "academicstrokes.com:51820"; + persistentKeepalive = 25; + }]; }; mlwd-nl = {