nixpkgs-fmt

2022-06-26 21:19:15 +02:00 · 2022-06-26 21:19:15 +02:00 · ebc2829be8
commit ebc2829be8
parent 35e93ce43b
11 changed files with 157 additions and 144 deletions
--- a/hosts/cirrus/configuration.nix
+++ b/hosts/cirrus/configuration.nix
@ -22,7 +22,7 @@
    networks."uplink" = {
      matchConfig = { Name = "enp1s0"; };
      networkConfig = {
-        DHCP="yes"; # hetzner suggests this as default
+        DHCP = "yes"; # hetzner suggests this as default
      };
    };
  };
--- a/hosts/cirrus/hardware-configuration.nix
+++ b/hosts/cirrus/hardware-configuration.nix
@ -5,7 +5,8 @@

 {
  imports =
-    [ (modulesPath + "/profiles/qemu-guest.nix")
+    [
+      (modulesPath + "/profiles/qemu-guest.nix")
    ];

  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
@ -14,12 +15,14 @@
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/627952eb-107a-43c3-8223-bfea9af92837";
+    {
+      device = "/dev/disk/by-uuid/627952eb-107a-43c3-8223-bfea9af92837";
      fsType = "ext4";
    };

  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/5CA6-CCE4";
+    {
+      device = "/dev/disk/by-uuid/5CA6-CCE4";
      fsType = "vfat";
    };

--- a/hosts/cirrus/nextcloud-proxy.nix
+++ b/hosts/cirrus/nextcloud-proxy.nix
@ -24,14 +24,14 @@
    '';
    locations = {
      "/" = {
-      #  extraConfig = '' return 503; '';
-      proxyPass = "http://10.34.45.100:8080";
+        #  extraConfig = '' return 503; '';
+        proxyPass = "http://10.34.45.100:8080";
      };
      "/well-known/carddav" = {
-      return = "301 $scheme://$host/remote.php/dav";
+        return = "301 $scheme://$host/remote.php/dav";
      };
      "/well-known/caldav" = {
-      return = "301 $scheme://$host/remote.php/dav";
+        return = "301 $scheme://$host/remote.php/dav";
      };

    };
--- a/hosts/cirrus/wireguard-server.nix
+++ b/hosts/cirrus/wireguard-server.nix
@ -19,20 +19,20 @@
        {
          # microwave
          wireguardPeerConfig = {
-          # nextcloud down, have to keep things in here: https://www.youtube.com/watch?v=1c6v7j1TUBI
-          PublicKey = "0zpfcNrmbsNwwbnDDX4SMl4BVTB0zuhGKixT9TJQoHc=";
-          AllowedIPs = [ "10.66.66.10/32" ];
-          PersistentKeepalive = 25;
-        };
+            # nextcloud down, have to keep things in here: https://www.youtube.com/watch?v=1c6v7j1TUBI
+            PublicKey = "0zpfcNrmbsNwwbnDDX4SMl4BVTB0zuhGKixT9TJQoHc=";
+            AllowedIPs = [ "10.66.66.10/32" ];
+            PersistentKeepalive = 25;
+          };
        }
        {
          # Dishwasher
          wireguardPeerConfig = {
-          # nextcloud down, have to keep things in here: https://www.youtube.com/watch?v=1c6v7j1TUBI
-          PublicKey = "AdWUBbyeRkxdP9HUu25PpISoxbgQ8oeCw3BmV93xtAw=";
-          AllowedIPs = [ "10.66.66.100/32" ];
-          PersistentKeepalive = 25;
-        };
+            # nextcloud down, have to keep things in here: https://www.youtube.com/watch?v=1c6v7j1TUBI
+            PublicKey = "AdWUBbyeRkxdP9HUu25PpISoxbgQ8oeCw3BmV93xtAw=";
+            AllowedIPs = [ "10.66.66.100/32" ];
+            PersistentKeepalive = 25;
+          };
        }
      ];
    };
@ -60,12 +60,12 @@
      wireguardPeers = [
        # nextcloud
        {
-        wireguardPeerConfig = {
-          PublicKey ="KCYoGx7TGei4X79EZo2NONCcmQjPzBUN1Ds6I9lQbz0=";
-          AllowedIPs = [ "10.34.45.100/32" ];
-          PersistentKeepalive = 25;
-        };
-      }
+          wireguardPeerConfig = {
+            PublicKey = "KCYoGx7TGei4X79EZo2NONCcmQjPzBUN1Ds6I9lQbz0=";
+            AllowedIPs = [ "10.34.45.100/32" ];
+            PersistentKeepalive = 25;
+          };
+        }
      ];
    };
    networks."oxaproxy" = {
--- a/hosts/dishwasher/configuration.nix
+++ b/hosts/dishwasher/configuration.nix
@ -6,9 +6,10 @@

 {
  imports =
-    [ # Include the results of the hardware scan.
-    ./hardware-configuration.nix
-  ];
+    [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];

  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
@ -35,7 +36,7 @@
      };
      networkConfig = {
        DHCP = "yes";
-        LinkLocalAddressing="ipv6";
+        LinkLocalAddressing = "ipv6";
        IPv6AcceptRA = "yes";
      };
      dhcpV6Config = {
@ -47,7 +48,7 @@
    };
  };

-  services.resolved={
+  services.resolved = {
    enable = true;
    fallbackDns = [
      "8.8.8.8"
--- a/hosts/dishwasher/hardware-configuration.nix
+++ b/hosts/dishwasher/hardware-configuration.nix
@ -5,7 +5,8 @@

 {
  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
    ];

  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
@ -14,37 +15,43 @@
  boot.extraModulePackages = [ ];

  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1";
+    {
+      device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1";
      fsType = "btrfs";
      options = [ "subvol=nixos" "compress=zstd" "noatime" ];
    };

  fileSystems."/var/lib" =
-    { device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1";
+    {
+      device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1";
      fsType = "btrfs";
      options = [ "subvol=var-lib" "compress=zstd" "noatime" ];
    };

  fileSystems."/var/log" =
-    { device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1";
+    {
+      device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1";
      fsType = "btrfs";
      options = [ "subvol=var-log" "compress=zstd" "noatime" ];
    };

  fileSystems."/var/microvms" =
-    { device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1";
+    {
+      device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1";
      fsType = "btrfs";
      options = [ "subvol=microvms" "compress=zstd" "noatime" ];
    };

  fileSystems."/nix" =
-    { device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1";
+    {
+      device = "/dev/disk/by-uuid/2971597a-b364-405d-8bb2-287556e819e1";
      fsType = "btrfs";
      options = [ "subvol=nix" "compress=zstd" "noatime" ];
    };

  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/2A04-BFAE";
+    {
+      device = "/dev/disk/by-uuid/2A04-BFAE";
      fsType = "vfat";
    };

--- a/hosts/dishwasher/mcvm-network.nix
+++ b/hosts/dishwasher/mcvm-network.nix
@ -11,14 +11,15 @@
        DHCPServer = false;
        IPv6SendRA = true;
      };
-      addresses = [ {
+      addresses = [{
        addressConfig.Address = "10.99.99.1/24";
-        } {
-        addressConfig.Address = "fd12:3456:789a::1/64";
-        } ];
-        ipv6Prefixes = [ {
+      }
+        {
+          addressConfig.Address = "fd12:3456:789a::1/64";
+        }];
+      ipv6Prefixes = [{
        ipv6PrefixConfig.Prefix = "fd12:3456:789a::/64";
-        } ];
+      }];
      # networkConfig = {
      #   Address = "10.99.99.1/24";
      #   IPForward = "ipv4";
@ -27,9 +28,9 @@
      #   routeConfig = {
      #   GatewayOnLink = true;
      # };}];
-        # IPForward = "ipv4";
-        # DHCPServer = true;
-        # IPv6SendRA = true;
+      # IPForward = "ipv4";
+      # DHCPServer = true;
+      # IPv6SendRA = true;
      # addresses = [{
      #   addressConfig.Address = "10.99.99.1/24";
      # }];
--- a/hosts/dishwasher/oxalab.nix
+++ b/hosts/dishwasher/oxalab.nix
@ -15,11 +15,11 @@
        {
          # cirrus
          wireguardPeerConfig = {
-          PublicKey = "5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E=";
-          AllowedIPs = [ "10.66.66.0/24" ];
-          Endpoint = [ "95.216.166.21:51820" ];
-          PersistentKeepalive = 25;
-        };
+            PublicKey = "5nCVC21BL+1r70OGwA4Q6Z/gcPLC3+ZF8sTurdn7N0E=";
+            AllowedIPs = [ "10.66.66.0/24" ];
+            Endpoint = [ "95.216.166.21:51820" ];
+            PersistentKeepalive = 25;
+          };
        }
      ];
    };
--- a/microvms/nextcloud/default.nix
+++ b/microvms/nextcloud/default.nix
@ -26,97 +26,98 @@
    recommendedOptimisation = true;
    virtualHosts."nc.oxapentane.com" = {
      extraConfig = ''
-          # HTTP response headers borrowed from Nextcloud .htaccess
-          add_header Referrer-Policy                      "no-referrer"   always;
-          #add_header X-Content-Type-Options               "nosniff"       always;
-          add_header X-Download-Options                   "noopen"        always;
-          #add_header X-Frame-Options                      "SAMEORIGIN"    always;
-          add_header X-Permitted-Cross-Domain-Policies    "none"          always;
-          add_header X-Robots-Tag                         "none"          always;
-          add_header X-XSS-Protection                     "1; mode=block" always;
+        # HTTP response headers borrowed from Nextcloud .htaccess
+        add_header Referrer-Policy                      "no-referrer"   always;
+        #add_header X-Content-Type-Options               "nosniff"       always;
+        add_header X-Download-Options                   "noopen"        always;
+        #add_header X-Frame-Options                      "SAMEORIGIN"    always;
+        add_header X-Permitted-Cross-Domain-Policies    "none"          always;
+        add_header X-Robots-Tag                         "none"          always;
+        add_header X-XSS-Protection                     "1; mode=block" always;

-          # Remove X-Powered-By, which is an information leak
-          fastcgi_hide_header X-Powered-By;
+        # Remove X-Powered-By, which is an information leak
+        fastcgi_hide_header X-Powered-By;
      '';
      listen = [{
-            # We are listening on wireguard interface only
-            addr = "10.34.45.100";
-            port = 8080;
-            ssl = false;
-          }];
-        };
-      };
+        # We are listening on wireguard interface only
+        addr = "10.34.45.100";
+        port = 8080;
+        ssl = false;
+      }];
+    };
+  };

-      services.nextcloud = {
-        enable = true;
-        hostName = "nc.oxapentane.com";
-        home = "/var/lib/nextcloud-oxa";
-        package = pkgs.nextcloud24;
-        maxUploadSize = "5000M";
-        caching.redis = true;
-        autoUpdateApps = {
-          enable = true;
-          startAt = "07:00:00";
-        };
-        config = {
-          overwriteProtocol = "https";
-          trustedProxies = [ "10.34.45.1" ];
+  services.nextcloud = {
+    enable = true;
+    hostName = "nc.oxapentane.com";
+    home = "/var/lib/nextcloud-oxa";
+    package = pkgs.nextcloud24;
+    maxUploadSize = "5000M";
+    caching.redis = true;
+    autoUpdateApps = {
+      enable = true;
+      startAt = "07:00:00";
+    };
+    config = {
+      overwriteProtocol = "https";
+      trustedProxies = [ "10.34.45.1" ];

-          dbtype = "pgsql";
-          dbuser = "nextcloud";
-          dbhost = "/run/postgresql";
-          dbname = "nextcloud";
-          adminuser = "admin";
-          adminpassFile = config.sops.secrets."nextcloud/adminpass".path;
-        };
-      };
+      dbtype = "pgsql";
+      dbuser = "nextcloud";
+      dbhost = "/run/postgresql";
+      dbname = "nextcloud";
+      adminuser = "admin";
+      adminpassFile = config.sops.secrets."nextcloud/adminpass".path;
+    };
+  };

-      systemd.services."nextcloud-setup" = {
-        requires = [ "postgresql.service" ];
-        after = [ "postgresql.service" ];
-      };
+  systemd.services."nextcloud-setup" = {
+    requires = [ "postgresql.service" ];
+    after = [ "postgresql.service" ];
+  };




-      microvm = {
-        hypervisor = "qemu";
-        mem = 4 * 1024;
+  microvm = {
+    hypervisor = "qemu";
+    mem = 4 * 1024;

-        shares = [{
-          source = "/nix/store";
-          mountPoint = "/nix/.ro-store";
-          tag = "store";
-          proto = "virtiofs";
-          socket = "store.socket";
-        }] ++ map (dir: {
-          source = "/var/lib/microvms/${config.networking.hostName}/${dir}";
-          mountPoint = "/${dir}";
-          tag = dir;
-          proto = "virtiofs";
-          socket = "${dir}.socket";
-        }) [ "etc" "var" "home" ];
+    shares = [{
+      source = "/nix/store";
+      mountPoint = "/nix/.ro-store";
+      tag = "store";
+      proto = "virtiofs";
+      socket = "store.socket";
+    }] ++ map
+      (dir: {
+        source = "/var/lib/microvms/${config.networking.hostName}/${dir}";
+        mountPoint = "/${dir}";
+        tag = dir;
+        proto = "virtiofs";
+        socket = "${dir}.socket";
+      }) [ "etc" "var" "home" ];

-        interfaces = [{
-          type = "tap";
-          id = "vm-nextcloud";
-          mac = "EA:40:E8:60:C5:36";
-        }];
-      };
+    interfaces = [{
+      type = "tap";
+      id = "vm-nextcloud";
+      mac = "EA:40:E8:60:C5:36";
+    }];
+  };

-      networking = {
-        hostName = "nextcloud";
-        };
+  networking = {
+    hostName = "nextcloud";
+  };

-        services.openssh = {
-          enable = true;
-          permitRootLogin = "prohibit-password";
-          };
+  services.openssh = {
+    enable = true;
+    permitRootLogin = "prohibit-password";
+  };

-          networking.firewall.allowedTCPPorts = [ 22 ];
-          users.users.root.openssh.authorizedKeys.keys = [
-            "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP6xE2ey0C8XXfvniiiHiqXsCC277jKI9RXEA+s2LQLUI5zl7v350i3Oa8H3NCcPj39lfMreqE6ncxcOhqYyzahPrrMkOqgbPAoRvq8H3ophLK+56O3xdHoKwLBwRD1yoGACjqG4UTiTrmnN2ateENgYcnTEY1e4vDw1qMj1drUXCsZ/6mkBBmHJiFfCaR4yCMt1r4gGi/dAC7ifnBP3oSyV/lJEwPxYYkGlbOBIvX/7Ar98pJS6xYPB3jHs9gwyNNON63d0fNYrwBojXPPCnGGaRZNOkBTzex3zZYp12ThINQ2xl8tRp9D8qpZ7vrLjhTD6AXkOBRzmDj+NsCeEaeTuWajqUM93iKncYUI+JxR1t7q8gA2pBMFzLesMXnx7R+5Kw7QDtSJM7a4GMIfsocPwf64BH6rzxEz68rXFE3P+J77PPM9CuaYw90JXHo3z220zYw2nMQ/1qjATVZw/hiVrLmQMVfmFJIufnGjTBs2sy3IoNyzvYm/oDeNNg1cdSV9gyyRKZhK08fxjXN5GSf9vZkfZa9tHtqaZ99HI40GQBHUVx1K2/NQJY8TVTSA+v16SFnJK8BIbmp/WFCuvDcMkgLIbqiYtDASe7P2mKIib86uOENT+P820egeLiTQ06kFw/gfUa8t69d5qEcjiQZ+lxCeYIs/E9KrEXHvRUWew== cardno:16 811 348"
-          ];
+  networking.firewall.allowedTCPPorts = [ 22 ];
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDP6xE2ey0C8XXfvniiiHiqXsCC277jKI9RXEA+s2LQLUI5zl7v350i3Oa8H3NCcPj39lfMreqE6ncxcOhqYyzahPrrMkOqgbPAoRvq8H3ophLK+56O3xdHoKwLBwRD1yoGACjqG4UTiTrmnN2ateENgYcnTEY1e4vDw1qMj1drUXCsZ/6mkBBmHJiFfCaR4yCMt1r4gGi/dAC7ifnBP3oSyV/lJEwPxYYkGlbOBIvX/7Ar98pJS6xYPB3jHs9gwyNNON63d0fNYrwBojXPPCnGGaRZNOkBTzex3zZYp12ThINQ2xl8tRp9D8qpZ7vrLjhTD6AXkOBRzmDj+NsCeEaeTuWajqUM93iKncYUI+JxR1t7q8gA2pBMFzLesMXnx7R+5Kw7QDtSJM7a4GMIfsocPwf64BH6rzxEz68rXFE3P+J77PPM9CuaYw90JXHo3z220zYw2nMQ/1qjATVZw/hiVrLmQMVfmFJIufnGjTBs2sy3IoNyzvYm/oDeNNg1cdSV9gyyRKZhK08fxjXN5GSf9vZkfZa9tHtqaZ99HI40GQBHUVx1K2/NQJY8TVTSA+v16SFnJK8BIbmp/WFCuvDcMkgLIbqiYtDASe7P2mKIib86uOENT+P820egeLiTQ06kFw/gfUa8t69d5qEcjiQZ+lxCeYIs/E9KrEXHvRUWew== cardno:16 811 348"
+  ];

-          system.stateVersion = "22.05";
-        }
+  system.stateVersion = "22.05";
+}
--- a/microvms/nextcloud/oxaproxy.nix
+++ b/microvms/nextcloud/oxaproxy.nix
@ -12,9 +12,9 @@
      wireguardConfig = {
        PrivateKeyFile = config.sops.secrets."wg/oxaproxy-seckey".path;
        #own pubkey: KCYoGx7TGei4X79EZo2NONCcmQjPzBUN1Ds6I9lQbz0=
-        };
-        wireguardPeers = [
-          {
+      };
+      wireguardPeers = [
+        {
          # cirrus
          wireguardPeerConfig = {
            PublicKey = "0KMtL2fQOrrCH6c2a2l4FKiM73G86sUuyaNj4FarzVM=";
@ -40,16 +40,16 @@
      routes = [
        {
          routeConfig = {
-            Gateway="10.99.99.1";
-            Destination="0.0.0.0/0";
-            Metric=1024;
+            Gateway = "10.99.99.1";
+            Destination = "0.0.0.0/0";
+            Metric = 1024;
          };
        }
        {
          routeConfig = {
-            Gateway="10.99.99.1";
-            Destination="10.99.99.0/24";
-            Metric=1024;
+            Gateway = "10.99.99.1";
+            Destination = "10.99.99.0/24";
+            Metric = 1024;
          };
        }
      ];
--- a/modules/wireguard.nix
+++ b/modules/wireguard.nix
@ -19,12 +19,12 @@
      privateKeyFile = config.sops.secrets."wg/wg-dvb-seckey".path;
      address = [ "10.13.37.3/32" ];

-      peers = [ {
-          publicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY=";
-          allowedIPs = [ "10.13.37.0/24" ];
-          endpoint = "academicstrokes.com:51820";
-          persistentKeepalive = 25;
-        } ];
+      peers = [{
+        publicKey = "WDvCObJ0WgCCZ0ORV2q4sdXblBd8pOPZBmeWr97yphY=";
+        allowedIPs = [ "10.13.37.0/24" ];
+        endpoint = "academicstrokes.com:51820";
+        persistentKeepalive = 25;
+      }];
    };

    mlwd-nl = {