foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-04-24 12:19:12 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

chore: reformat codebase

Browse Source
This commit is contained in:
Gabriel Arazas 2023-06-08 21:19:17 +08:00
parent 9d99235d94
commit 1bdda28ffe
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
7 changed files with 94 additions and 82 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
hosts/ni/default.nix
View File

@ -231,41 +231,45 @@ in
# We're using wg-quick here as this host is using network managers that can # We're using wg-quick here as this host is using network managers that can
# differ between workflows (i.e., GNOME and KDE Plasma using NetworkManager, # differ between workflows (i.e., GNOME and KDE Plasma using NetworkManager,
# others might be using systemd-networkd). # others might be using systemd-networkd).
networking.wg-quick.interfaces.wireguard0 = let networking.wg-quick.interfaces.wireguard0 =
domains = [ let
"~plover.foodogsquared.one" domains = [
"~0.27.172.in-addr.arpa" "~plover.foodogsquared.one"
]; "~0.27.172.in-addr.arpa"
in { ];
privateKeyFile = config.sops.secrets."ni/wireguard/private-key".path; in
listenPort = wireguardPort; {
dns = with interfaces.internal; [ IPv4.adress IPv6.address ]; privateKeyFile = config.sops.secrets."ni/wireguard/private-key".path;
postUp = let listenPort = wireguardPort;
resolvectl = "${lib.getBin pkgs.systemd}/bin/resolvectl"; dns = with interfaces.internal; [ IPv4.adress IPv6.address ];
in '' postUp =
${resolvectl} domain %i ${lib.concatStringsSep " " domains} let
''; resolvectl = "${lib.getBin pkgs.systemd}/bin/resolvectl";
in
''
${resolvectl} domain %i ${lib.concatStringsSep " " domains}
'';
address = with wireguardPeers.desktop; [ address = with wireguardPeers.desktop; [
"${IPv4}/32" "${IPv4}/32"
"${IPv6}/128" "${IPv6}/128"
]; ];
peers = [ peers = [
# The "server" peer. # The "server" peer.
{ {
publicKey = lib.removeSuffix "\n" (lib.readFile ../plover/files/wireguard/wireguard-public-key-plover); publicKey = lib.removeSuffix "\n" (lib.readFile ../plover/files/wireguard/wireguard-public-key-plover);
presharedKeyFile = config.sops.secrets."ni/wireguard/preshared-keys/plover".path; presharedKeyFile = config.sops.secrets."ni/wireguard/preshared-keys/plover".path;
allowedIPs = wireguardAllowedIPs; allowedIPs = wireguardAllowedIPs;
endpoint = "${interfaces.main'.IPv4.address}:${toString wireguardPort}"; endpoint = "${interfaces.main'.IPv4.address}:${toString wireguardPort}";
} }
# The "phone" peer. # The "phone" peer.
{ {
publicKey = lib.removeSuffix "\n" (lib.readFile ../plover/files/wireguard/wireguard-public-key-phone); publicKey = lib.removeSuffix "\n" (lib.readFile ../plover/files/wireguard/wireguard-public-key-phone);
presharedKeyFile = config.sops.secrets."ni/wireguard/preshared-keys/phone".path; presharedKeyFile = config.sops.secrets."ni/wireguard/preshared-keys/phone".path;
allowedIPs = wireguardAllowedIPs; allowedIPs = wireguardAllowedIPs;
} }
]; ];
}; };
} }

17
hosts/plover/modules/services/coredns.nix
View File

@ -165,13 +165,14 @@ in
${replaceSecretBin} '#mailboxSecurityKey#' '${secretsPath "dns/${domain}/mailbox-security-key"}' '${domainZoneFile'}' ${replaceSecretBin} '#mailboxSecurityKey#' '${secretsPath "dns/${domain}/mailbox-security-key"}' '${domainZoneFile'}'
${replaceSecretBin} '#mailboxSecurityKeyRecord#' '${secretsPath "dns/${domain}/mailbox-security-key-record"}' '${domainZoneFile'}' ${replaceSecretBin} '#mailboxSecurityKeyRecord#' '${secretsPath "dns/${domain}/mailbox-security-key-record"}' '${domainZoneFile'}'
''; '';
serviceConfig.LoadCredential = let serviceConfig.LoadCredential =
certDirectory = certs."${dnsDomainName}".directory; let
in certDirectory = certs."${dnsDomainName}".directory;
[ in
"cert.pem:${certDirectory}/cert.pem" [
"key.pem:${certDirectory}/key.pem" "cert.pem:${certDirectory}/cert.pem"
"fullchain.pem:${certDirectory}/fullchain.pem" "key.pem:${certDirectory}/key.pem"
]; "fullchain.pem:${certDirectory}/fullchain.pem"
];
}; };
} }

35
hosts/plover/modules/services/gitea.nix
View File

@ -137,25 +137,26 @@ in
# Gitea service module will have to set up certain things first which is # Gitea service module will have to set up certain things first which is
# why we have to go first. # why we have to go first.
preStart = let preStart =
giteaBin = "${lib.getBin config.services.gitea.package}/bin/gitea"; let
giteaAdminUsername = lib.escapeShellArg "foodogsquared"; giteaBin = "${lib.getBin config.services.gitea.package}/bin/gitea";
giteaAdminUsername = lib.escapeShellArg "foodogsquared";
in in
lib.mkMerge [ lib.mkMerge [
(lib.mkBefore '' (lib.mkBefore ''
# Setting up the appropriate schema for PostgreSQL secure schema usage. # Setting up the appropriate schema for PostgreSQL secure schema usage.
psql -tAc "SELECT 1 FROM information_schema.schemata WHERE schema_name='${giteaDatabaseUser}';" \ psql -tAc "SELECT 1 FROM information_schema.schemata WHERE schema_name='${giteaDatabaseUser}';" \
grep -q 1 || psql -tAc "CREATE SCHEMA IF NOT EXISTS AUTHORIZATION ${giteaDatabaseUser};" grep -q 1 || psql -tAc "CREATE SCHEMA IF NOT EXISTS AUTHORIZATION ${giteaDatabaseUser};"
'') '')
(lib.mkAfter '' (lib.mkAfter ''
# Setting up the administrator account automated. # Setting up the administrator account automated.
${giteaBin} admin user list --admin | grep -q ${giteaAdminUsername} \ ${giteaBin} admin user list --admin | grep -q ${giteaAdminUsername} \
|| ${giteaBin} admin user create \ || ${giteaBin} admin user create \
--username ${giteaAdminUsername} --email foodogsquared@${config.networking.domain} \ --username ${giteaAdminUsername} --email foodogsquared@${config.networking.domain} \
--random-password --random-password-length 76 --admin --random-password --random-password-length 76 --admin
'') '')
]; ];
}; };
# Attaching it altogether with the reverse proxy of choice. # Attaching it altogether with the reverse proxy of choice.

7
hosts/plover/modules/services/keycloak.nix
View File

@ -62,8 +62,9 @@ in
# Modifying it a little bit for per-user schema. # Modifying it a little bit for per-user schema.
systemd.services.keycloak = { systemd.services.keycloak = {
preStart = let preStart =
psqlBin = "${lib.getBin config.services.postgresql.package}/bin/psql"; let
psqlBin = "${lib.getBin config.services.postgresql.package}/bin/psql";
in in
lib.mkAfter '' lib.mkAfter ''
# Setting up the appropriate schema for PostgreSQL secure schema usage. # Setting up the appropriate schema for PostgreSQL secure schema usage.
@ -88,7 +89,7 @@ in
(lib.lists.map (lib.lists.map
(appPath: lib.nameValuePair appPath { proxyPass = keycloakPath appPath; }) (appPath: lib.nameValuePair appPath { proxyPass = keycloakPath appPath; })
[ "/js/" "/realms/" "/resources/" "/robots.txt" ]) [ "/js/" "/realms/" "/resources/" "/robots.txt" ])
// { "/".return = "444"; }; // { "/".return = "444"; };
}; };
"${authInternalDomain}" = { "${authInternalDomain}" = {

5
modules/home-manager/files/mutable-files.nix
View File

@ -61,7 +61,7 @@ let
note of the commands used for each type as documented from note of the commands used for each type as documented from
`config.home.mutableFile.<name>.type`. `config.home.mutableFile.<name>.type`.
''; '';
default = []; default = [ ];
example = [ "--depth" "1" ]; example = [ "--depth" "1" ];
}; };
}; };
@ -136,7 +136,8 @@ in
script = pkgs.writeShellScript "fetch-mutable-files" '' script = pkgs.writeShellScript "fetch-mutable-files" ''
${lib.concatStringsSep "\n" mutableFilesCmds} ${lib.concatStringsSep "\n" mutableFilesCmds}
''; '';
in builtins.toString script; in
builtins.toString script;
}; };
Install.WantedBy = [ "default.target" ]; Install.WantedBy = [ "default.target" ];

24
templates/sample-nixos-template/flake.nix
View File

@ -6,17 +6,19 @@
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
}; };
outputs = { nixpkgs, home-manager, ... }: let outputs = { nixpkgs, home-manager, ... }:
system = "x85_64-linux"; let
in { system = "x85_64-linux";
nixosConfigurations.desktop = nixpkgs.lib.nixosSystem { in
inherit system; {
modules = [ ./hosts/desktop ]; nixosConfigurations.desktop = nixpkgs.lib.nixosSystem {
}; inherit system;
modules = [ ./hosts/desktop ];
};
homeConfigurations.foodogsquared = home-manager.lib.homeManagerConfiguration { homeConfigurations.foodogsquared = home-manager.lib.homeManagerConfiguration {
pkgs = import nixpkgs { inherit system; }; pkgs = import nixpkgs { inherit system; };
modules = [ ./users/foodogsquared ]; modules = [ ./users/foodogsquared ];
};
}; };
};
} }

16
users/home-manager/foo-dogsquared/default.nix
View File

@ -354,12 +354,14 @@ in
}; };
systemd.user.services.fetch-mutable-files = { systemd.user.services.fetch-mutable-files = {
Service.ExecStartPost = let Service.ExecStartPost =
script = pkgs.writeShellScript "post-fetch-mutable-files" '' let
# Automate installation of Doom Emacs. script = pkgs.writeShellScript "post-fetch-mutable-files" ''
${config.xdg.configHome}/emacs/bin/doom install --no-config --no-fonts --install --force # Automate installation of Doom Emacs.
${config.xdg.configHome}/emacs/bin/doom sync ${config.xdg.configHome}/emacs/bin/doom install --no-config --no-fonts --install --force
''; ${config.xdg.configHome}/emacs/bin/doom sync
in builtins.toString script; '';
in
builtins.toString script;
}; };
} }