chore: reformat codebase

This commit is contained in:
Gabriel Arazas 2023-10-09 20:48:01 +08:00
parent 7d55e45f70
commit 3ee04bb812
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
8 changed files with 79 additions and 68 deletions
hosts/plover
config/wezterm
modules/services
lib
modules
home-manager/profiles
nixos

View File

@ -1,12 +1,12 @@
return {
tls_servers = {
-- These are expected to be imported through systemd LoadCredentials
-- directive.
{
pem_private_key = os.getenv("CREDENTIALS_DIRECTORY") .. "/key.pem",
pem_cert = os.getenv("CREDENTIALS_DIRECTORY") .. "/cert.pem",
pem_ca = os.getenv("CREDENTIALS_DIRECTORY") .. "/fullchain.pem",
bind_address = "@listen_address@",
},
-- These are expected to be imported through systemd LoadCredentials
-- directive.
{
pem_private_key = os.getenv("CREDENTIALS_DIRECTORY") .. "/key.pem",
pem_cert = os.getenv("CREDENTIALS_DIRECTORY") .. "/cert.pem",
pem_ca = os.getenv("CREDENTIALS_DIRECTORY") .. "/fullchain.pem",
bind_address = "@listen_address@",
},
},
}

View File

@ -273,16 +273,18 @@ in
# Set up the firewall. Take note the ports with the transport layer being
# accepted in Bind.
networking.firewall = let
ports = [
53 # DNS
853 # DNS-over-TLS/DNS-over-QUIC
dnsOverHTTPSPort
];
in {
allowedUDPPorts = ports;
allowedTCPPorts = ports;
};
networking.firewall =
let
ports = [
53 # DNS
853 # DNS-over-TLS/DNS-over-QUIC
dnsOverHTTPSPort
];
in
{
allowedUDPPorts = ports;
allowedTCPPorts = ports;
};
# Making this with nginx.
services.nginx.upstreams.local-dns = {

View File

@ -117,7 +117,8 @@ in
# Setting up with secure schema usage pattern.
systemd.services.grafana = {
preStart = let
preStart =
let
grafanaDatabaseUser = config.services.grafana.settings.database.user;
psql = lib.getExe' config.services.postgresql.package "psql";
in
@ -125,17 +126,19 @@ in
# Setting up the appropriate schema for PostgreSQL secure schema usage.
${psql} -tAc "SELECT 1 FROM information_schema.schemata WHERE schema_name='${grafanaDatabaseUser}';" \
grep -q 1 || ${psql} -tAc "CREATE SCHEMA IF NOT EXISTS AUTHORIZATION ${grafanaDatabaseUser};"
'';
'';
};
sops.secrets = let
grafanaFileAttributes = {
owner = config.users.users.grafana.name;
group = config.users.users.grafana.group;
mode = "0400";
sops.secrets =
let
grafanaFileAttributes = {
owner = config.users.users.grafana.name;
group = config.users.users.grafana.group;
mode = "0400";
};
in
lib.getSecrets ../../secrets/secrets.yaml {
"grafana/database/password" = grafanaFileAttributes;
"grafana/users/admin/password" = grafanaFileAttributes;
};
in lib.getSecrets ../../secrets/secrets.yaml {
"grafana/database/password" = grafanaFileAttributes;
"grafana/users/admin/password" = grafanaFileAttributes;
};
}

View File

@ -44,7 +44,7 @@ rec {
(r: r)
users';
getUser = type: user: ../users/${type}/${user};
getUser = type: user: ../users/${type}/${user};
# Import modules with a set blocklist.
importModules = attrs:

View File

@ -80,18 +80,20 @@ in {
enable = true;
config = {
ytdl-format = "(webm,mkv,mp4)[height<=?1280]";
ytdl-raw-options-append = let
options = {
yes-playlist = "";
};
options' = lib.mapAttrsToList (n: v: "${n}=${v}") options;
in lib.concatStringsSep "," options';
ytdl-raw-options-append =
let
options = {
yes-playlist = "";
};
options' = lib.mapAttrsToList (n: v: "${n}=${v}") options;
in
lib.concatStringsSep "," options';
ordered-chapters = true;
ab-loop-count = "inf";
chapter-seek-threshold = 15.0;
osc = false;
sub-auto = "fuzzy";
hwdec= "auto";
hwdec = "auto";
};
bindings = {

View File

@ -48,19 +48,20 @@ in
policies = {
AppAutoUpdate = false;
Containers.Default = let
mkContainer = name: color: icon: {
inherit name color icon;
};
in
[
(mkContainer "Personal" "blue" "fingerprint")
(mkContainer "Self-hosted" "pink" "fingerprint")
(mkContainer "Work" "red" "briefcase")
(mkContainer "Banking" "green" "dollar")
(mkContainer "Shopping" "pink" "cart")
(mkContainer "Gaming" "turquoise" "chill")
];
Containers.Default =
let
mkContainer = name: color: icon: {
inherit name color icon;
};
in
[
(mkContainer "Personal" "blue" "fingerprint")
(mkContainer "Self-hosted" "pink" "fingerprint")
(mkContainer "Work" "red" "briefcase")
(mkContainer "Banking" "green" "dollar")
(mkContainer "Shopping" "pink" "cart")
(mkContainer "Gaming" "turquoise" "chill")
];
DisableAppUpdate = true;
DisableMasterPasswordCreation = true;

View File

@ -3,23 +3,25 @@
let
cfg = config.programs.blender;
addons = let
blenderVersion = lib.versions.majorMinor cfg.package.version;
in
pkgs.runCommand "blender-system-resources" {
passAsFile = [ "paths" ];
paths = cfg.addons ++ [ cfg.package ];
nativeBuildInputs = with pkgs; [ outils ];
} ''
mkdir -p $out
for i in $(cat $pathsPath); do
resourcesPath="$i/share/blender"
if [ -d $i/share/blender/${blenderVersion} ]; then
resourcesPath="$i/share/blender/${blenderVersion}";
fi
lndir -silent $resourcesPath $out
done
'';
addons =
let
blenderVersion = lib.versions.majorMinor cfg.package.version;
in
pkgs.runCommand "blender-system-resources"
{
passAsFile = [ "paths" ];
paths = cfg.addons ++ [ cfg.package ];
nativeBuildInputs = with pkgs; [ outils ];
} ''
mkdir -p $out
for i in $(cat $pathsPath); do
resourcesPath="$i/share/blender"
if [ -d $i/share/blender/${blenderVersion} ]; then
resourcesPath="$i/share/blender/${blenderVersion}";
fi
lndir -silent $resourcesPath $out
done
'';
in
{
options.programs.blender = {

View File

@ -64,7 +64,8 @@ let
settingsFile' = "/var/lib/vouch-proxy/${name}-config.yml";
in
lib.nameValuePair "vouch-proxy-${name}" {
preStart = if (settings != { } && settingsFile == null)
preStart =
if (settings != { } && settingsFile == null)
then ''
${pkgs.writeScript
"vouch-proxy-replace-secrets"