From 04e460142a031c7c9bd9d2cd3ff53f0e2fbbdc98 Mon Sep 17 00:00:00 2001 From: Gabriel Arazas Date: Wed, 18 Jan 2023 11:41:12 +0800 Subject: [PATCH] chore: format the codebase --- hosts/plover/modules/services/atuin.nix | 3 +- hosts/plover/modules/services/gitea.nix | 3 +- hosts/plover/modules/services/keycloak.nix | 3 +- hosts/plover/modules/services/openvpn.nix | 132 +++++++++--------- hosts/plover/modules/services/portunus.nix | 69 ++++----- hosts/plover/modules/services/vaultwarden.nix | 3 +- 6 files changed, 112 insertions(+), 101 deletions(-) diff --git a/hosts/plover/modules/services/atuin.nix b/hosts/plover/modules/services/atuin.nix index 7fbbff46..4c7bfa7e 100644 --- a/hosts/plover/modules/services/atuin.nix +++ b/hosts/plover/modules/services/atuin.nix @@ -5,7 +5,8 @@ let atuinDomain = "atuin.${config.networking.domain}"; -in { +in +{ # Atuin sync server because why not. services.atuin = { enable = true; diff --git a/hosts/plover/modules/services/gitea.nix b/hosts/plover/modules/services/gitea.nix index 8fdfb92e..90825397 100644 --- a/hosts/plover/modules/services/gitea.nix +++ b/hosts/plover/modules/services/gitea.nix @@ -6,7 +6,8 @@ let codeForgeDomain = "code.${config.networking.domain}"; -in { +in +{ services.gitea = { enable = true; appName = "foodogsquared's code forge"; diff --git a/hosts/plover/modules/services/keycloak.nix b/hosts/plover/modules/services/keycloak.nix index 12e50a57..67d37539 100644 --- a/hosts/plover/modules/services/keycloak.nix +++ b/hosts/plover/modules/services/keycloak.nix @@ -9,7 +9,8 @@ let keycloakDbName = if config.services.keycloak.database.createLocally then keycloakUser else config.services.keycloak.database.username; certs = config.security.acme.certs; -in { +in +{ # Hey, the hub for your application sign-in. services.keycloak = { enable = true; diff --git a/hosts/plover/modules/services/openvpn.nix b/hosts/plover/modules/services/openvpn.nix index 9c1e40d6..e37d6073 100644 --- a/hosts/plover/modules/services/openvpn.nix +++ b/hosts/plover/modules/services/openvpn.nix @@ -16,31 +16,32 @@ in # deployed server. services.openvpn.servers = { server = { - config = let - certDirectory = certs."${acmeName}".directory; - dhParams = config.security.dhparams.params; - in - '' - ca ${certDirectory}/chain.pem - cert ${certDirectory}/fullchain.pem - key ${certDirectory}/key.pem - dh ${dhParams."openvpn-server".path} + config = + let + certDirectory = certs."${acmeName}".directory; + dhParams = config.security.dhparams.params; + in + '' + ca ${certDirectory}/chain.pem + cert ${certDirectory}/fullchain.pem + key ${certDirectory}/key.pem + dh ${dhParams."openvpn-server".path} - proto udp - topology subnet + proto udp + topology subnet - server-bridge 172.43.0.1 255.255.255.0 ${vpnAddressPoolStart} ${vpnAddressPoolEnd} - server-ipv6 fd00::/8 + server-bridge 172.43.0.1 255.255.255.0 ${vpnAddressPoolStart} ${vpnAddressPoolEnd} + server-ipv6 fd00::/8 - dev vpn-tap - dev-type tap + dev vpn-tap + dev-type tap - # Connecting clients will be able to reach to one another. - client-to-client + # Connecting clients will be able to reach to one another. + client-to-client - user nobody - group nobody - ''; + user nobody + group nobody + ''; }; }; @@ -52,56 +53,57 @@ in # For key generation, debugging, panic configuration, anything else. environment.systemPackages = [ pkgs.openvpn ]; - systemd.network = let - vpnBridgeIFName = "vpn-bridge"; - vpnTapIFName = "vpn-tap"; - in - { - netdevs = { - "90-${vpnBridgeIFName}".netdevConfig = { - Name = vpnBridgeIFName; - Kind = "bridge"; - }; - - "90-${vpnTapIFName}" = { - netdevConfig = { - Name = vpnTapIFName; - Kind = "tap"; + systemd.network = + let + vpnBridgeIFName = "vpn-bridge"; + vpnTapIFName = "vpn-tap"; + in + { + netdevs = { + "90-${vpnBridgeIFName}".netdevConfig = { + Name = vpnBridgeIFName; + Kind = "bridge"; }; - tapConfig = { - MultiQueue = true; - PacketInfo = true; + "90-${vpnTapIFName}" = { + netdevConfig = { + Name = vpnTapIFName; + Kind = "tap"; + }; + + tapConfig = { + MultiQueue = true; + PacketInfo = true; + }; + }; + }; + + networks = { + "50-vpn-bridge-slave-1" = { + matchConfig.MACAddress = "86:00:00:32:48:20"; + networkConfig.Bridge = vpnBridgeIFName; + }; + + "50-vpn-bridge-slave-tap" = { + matchConfig.Name = vpnTapIFName; + networkConfig.Bridge = vpnBridgeIFName; + }; + + "50-vpn-bridge-static" = { + matchConfig.Name = vpnBridgeIFName; + + address = [ + # The private network IP. + "172.43.0.1/32" + + # Generate a new unique local IPv6 address. + "::" + ]; + + gateway = [ privateNetworkGatewayIP ]; }; }; }; - networks = { - "50-vpn-bridge-slave-1" = { - matchConfig.MACAddress = "86:00:00:32:48:20"; - networkConfig.Bridge = vpnBridgeIFName; - }; - - "50-vpn-bridge-slave-tap" = { - matchConfig.Name = vpnTapIFName; - networkConfig.Bridge = vpnBridgeIFName; - }; - - "50-vpn-bridge-static" = { - matchConfig.Name = vpnBridgeIFName; - - address = [ - # The private network IP. - "172.43.0.1/32" - - # Generate a new unique local IPv6 address. - "::" - ]; - - gateway = [ privateNetworkGatewayIP ]; - }; - }; - }; - security.dhparams.params.openvpn-server = { }; } diff --git a/hosts/plover/modules/services/portunus.nix b/hosts/plover/modules/services/portunus.nix index a77550d0..42977904 100644 --- a/hosts/plover/modules/services/portunus.nix +++ b/hosts/plover/modules/services/portunus.nix @@ -5,7 +5,8 @@ let ldapDomain = "ldap.${config.networking.domain}"; -in { +in +{ services.portunus = { enable = true; @@ -18,37 +19,41 @@ in { tls = true; }; - seedPath = let - seedData = { - groups = [ - { - name = "admin-team"; - long_name = "Portunus Administrators"; - members = [ "foodogsquared" ]; - permissions = { - portunus.is_admin = true; - ldap.can_read = true; - }; - } - ]; - users = [ - { - login_name = "foodogsquared"; - given_name = "Gabriel"; - family_name = "Arazas"; - email = "foodogsquared@${config.networking.domain}"; - ssh_public_keys = let - readFiles = list: lib.lists.map (path: lib.readFile path) list; - in readFiles [ - ../../../../users/home-manager/foo-dogsquared/files/ssh-key.pub - ../../../../users/home-manager/foo-dogsquared/files/ssh-key-2.pub - ]; - password.from_command = [ "${pkgs.coreutils}/bin/cat" config.sops.secrets."plover/ldap/users/foodogsquared/password".path ]; - } - ]; - }; - settingsFormat = pkgs.formats.json { }; - in settingsFormat.generate "portunus-seed" seedData; + seedPath = + let + seedData = { + groups = [ + { + name = "admin-team"; + long_name = "Portunus Administrators"; + members = [ "foodogsquared" ]; + permissions = { + portunus.is_admin = true; + ldap.can_read = true; + }; + } + ]; + users = [ + { + login_name = "foodogsquared"; + given_name = "Gabriel"; + family_name = "Arazas"; + email = "foodogsquared@${config.networking.domain}"; + ssh_public_keys = + let + readFiles = list: lib.lists.map (path: lib.readFile path) list; + in + readFiles [ + ../../../../users/home-manager/foo-dogsquared/files/ssh-key.pub + ../../../../users/home-manager/foo-dogsquared/files/ssh-key-2.pub + ]; + password.from_command = [ "${pkgs.coreutils}/bin/cat" config.sops.secrets."plover/ldap/users/foodogsquared/password".path ]; + } + ]; + }; + settingsFormat = pkgs.formats.json { }; + in + settingsFormat.generate "portunus-seed" seedData; }; # Getting this to be accessible in the reverse proxy of choice. diff --git a/hosts/plover/modules/services/vaultwarden.nix b/hosts/plover/modules/services/vaultwarden.nix index 36f58714..c2c3796a 100644 --- a/hosts/plover/modules/services/vaultwarden.nix +++ b/hosts/plover/modules/services/vaultwarden.nix @@ -10,7 +10,8 @@ let # However, this is set on our own. vaultwardenDbName = "vaultwarden"; -in { +in +{ services.vaultwarden = { enable = true; dbBackend = "postgresql";