mirror of
https://github.com/foo-dogsquared/nixos-config.git
synced 2025-02-24 18:19:01 +00:00
chore: reformat codebase
This commit is contained in:
parent
7d55e45f70
commit
3ee04bb812
hosts/plover
lib
modules
@ -1,12 +1,12 @@
|
||||
return {
|
||||
tls_servers = {
|
||||
-- These are expected to be imported through systemd LoadCredentials
|
||||
-- directive.
|
||||
{
|
||||
pem_private_key = os.getenv("CREDENTIALS_DIRECTORY") .. "/key.pem",
|
||||
pem_cert = os.getenv("CREDENTIALS_DIRECTORY") .. "/cert.pem",
|
||||
pem_ca = os.getenv("CREDENTIALS_DIRECTORY") .. "/fullchain.pem",
|
||||
bind_address = "@listen_address@",
|
||||
},
|
||||
-- These are expected to be imported through systemd LoadCredentials
|
||||
-- directive.
|
||||
{
|
||||
pem_private_key = os.getenv("CREDENTIALS_DIRECTORY") .. "/key.pem",
|
||||
pem_cert = os.getenv("CREDENTIALS_DIRECTORY") .. "/cert.pem",
|
||||
pem_ca = os.getenv("CREDENTIALS_DIRECTORY") .. "/fullchain.pem",
|
||||
bind_address = "@listen_address@",
|
||||
},
|
||||
},
|
||||
}
|
||||
|
@ -273,16 +273,18 @@ in
|
||||
|
||||
# Set up the firewall. Take note the ports with the transport layer being
|
||||
# accepted in Bind.
|
||||
networking.firewall = let
|
||||
ports = [
|
||||
53 # DNS
|
||||
853 # DNS-over-TLS/DNS-over-QUIC
|
||||
dnsOverHTTPSPort
|
||||
];
|
||||
in {
|
||||
allowedUDPPorts = ports;
|
||||
allowedTCPPorts = ports;
|
||||
};
|
||||
networking.firewall =
|
||||
let
|
||||
ports = [
|
||||
53 # DNS
|
||||
853 # DNS-over-TLS/DNS-over-QUIC
|
||||
dnsOverHTTPSPort
|
||||
];
|
||||
in
|
||||
{
|
||||
allowedUDPPorts = ports;
|
||||
allowedTCPPorts = ports;
|
||||
};
|
||||
|
||||
# Making this with nginx.
|
||||
services.nginx.upstreams.local-dns = {
|
||||
|
@ -117,7 +117,8 @@ in
|
||||
|
||||
# Setting up with secure schema usage pattern.
|
||||
systemd.services.grafana = {
|
||||
preStart = let
|
||||
preStart =
|
||||
let
|
||||
grafanaDatabaseUser = config.services.grafana.settings.database.user;
|
||||
psql = lib.getExe' config.services.postgresql.package "psql";
|
||||
in
|
||||
@ -125,17 +126,19 @@ in
|
||||
# Setting up the appropriate schema for PostgreSQL secure schema usage.
|
||||
${psql} -tAc "SELECT 1 FROM information_schema.schemata WHERE schema_name='${grafanaDatabaseUser}';" \
|
||||
grep -q 1 || ${psql} -tAc "CREATE SCHEMA IF NOT EXISTS AUTHORIZATION ${grafanaDatabaseUser};"
|
||||
'';
|
||||
'';
|
||||
};
|
||||
|
||||
sops.secrets = let
|
||||
grafanaFileAttributes = {
|
||||
owner = config.users.users.grafana.name;
|
||||
group = config.users.users.grafana.group;
|
||||
mode = "0400";
|
||||
sops.secrets =
|
||||
let
|
||||
grafanaFileAttributes = {
|
||||
owner = config.users.users.grafana.name;
|
||||
group = config.users.users.grafana.group;
|
||||
mode = "0400";
|
||||
};
|
||||
in
|
||||
lib.getSecrets ../../secrets/secrets.yaml {
|
||||
"grafana/database/password" = grafanaFileAttributes;
|
||||
"grafana/users/admin/password" = grafanaFileAttributes;
|
||||
};
|
||||
in lib.getSecrets ../../secrets/secrets.yaml {
|
||||
"grafana/database/password" = grafanaFileAttributes;
|
||||
"grafana/users/admin/password" = grafanaFileAttributes;
|
||||
};
|
||||
}
|
||||
|
@ -44,7 +44,7 @@ rec {
|
||||
(r: r)
|
||||
users';
|
||||
|
||||
getUser = type: user: ../users/${type}/${user};
|
||||
getUser = type: user: ../users/${type}/${user};
|
||||
|
||||
# Import modules with a set blocklist.
|
||||
importModules = attrs:
|
||||
|
@ -80,18 +80,20 @@ in {
|
||||
enable = true;
|
||||
config = {
|
||||
ytdl-format = "(webm,mkv,mp4)[height<=?1280]";
|
||||
ytdl-raw-options-append = let
|
||||
options = {
|
||||
yes-playlist = "";
|
||||
};
|
||||
options' = lib.mapAttrsToList (n: v: "${n}=${v}") options;
|
||||
in lib.concatStringsSep "," options';
|
||||
ytdl-raw-options-append =
|
||||
let
|
||||
options = {
|
||||
yes-playlist = "";
|
||||
};
|
||||
options' = lib.mapAttrsToList (n: v: "${n}=${v}") options;
|
||||
in
|
||||
lib.concatStringsSep "," options';
|
||||
ordered-chapters = true;
|
||||
ab-loop-count = "inf";
|
||||
chapter-seek-threshold = 15.0;
|
||||
osc = false;
|
||||
sub-auto = "fuzzy";
|
||||
hwdec= "auto";
|
||||
hwdec = "auto";
|
||||
};
|
||||
|
||||
bindings = {
|
||||
|
@ -48,19 +48,20 @@ in
|
||||
policies = {
|
||||
AppAutoUpdate = false;
|
||||
|
||||
Containers.Default = let
|
||||
mkContainer = name: color: icon: {
|
||||
inherit name color icon;
|
||||
};
|
||||
in
|
||||
[
|
||||
(mkContainer "Personal" "blue" "fingerprint")
|
||||
(mkContainer "Self-hosted" "pink" "fingerprint")
|
||||
(mkContainer "Work" "red" "briefcase")
|
||||
(mkContainer "Banking" "green" "dollar")
|
||||
(mkContainer "Shopping" "pink" "cart")
|
||||
(mkContainer "Gaming" "turquoise" "chill")
|
||||
];
|
||||
Containers.Default =
|
||||
let
|
||||
mkContainer = name: color: icon: {
|
||||
inherit name color icon;
|
||||
};
|
||||
in
|
||||
[
|
||||
(mkContainer "Personal" "blue" "fingerprint")
|
||||
(mkContainer "Self-hosted" "pink" "fingerprint")
|
||||
(mkContainer "Work" "red" "briefcase")
|
||||
(mkContainer "Banking" "green" "dollar")
|
||||
(mkContainer "Shopping" "pink" "cart")
|
||||
(mkContainer "Gaming" "turquoise" "chill")
|
||||
];
|
||||
|
||||
DisableAppUpdate = true;
|
||||
DisableMasterPasswordCreation = true;
|
||||
|
@ -3,23 +3,25 @@
|
||||
let
|
||||
cfg = config.programs.blender;
|
||||
|
||||
addons = let
|
||||
blenderVersion = lib.versions.majorMinor cfg.package.version;
|
||||
in
|
||||
pkgs.runCommand "blender-system-resources" {
|
||||
passAsFile = [ "paths" ];
|
||||
paths = cfg.addons ++ [ cfg.package ];
|
||||
nativeBuildInputs = with pkgs; [ outils ];
|
||||
} ''
|
||||
mkdir -p $out
|
||||
for i in $(cat $pathsPath); do
|
||||
resourcesPath="$i/share/blender"
|
||||
if [ -d $i/share/blender/${blenderVersion} ]; then
|
||||
resourcesPath="$i/share/blender/${blenderVersion}";
|
||||
fi
|
||||
lndir -silent $resourcesPath $out
|
||||
done
|
||||
'';
|
||||
addons =
|
||||
let
|
||||
blenderVersion = lib.versions.majorMinor cfg.package.version;
|
||||
in
|
||||
pkgs.runCommand "blender-system-resources"
|
||||
{
|
||||
passAsFile = [ "paths" ];
|
||||
paths = cfg.addons ++ [ cfg.package ];
|
||||
nativeBuildInputs = with pkgs; [ outils ];
|
||||
} ''
|
||||
mkdir -p $out
|
||||
for i in $(cat $pathsPath); do
|
||||
resourcesPath="$i/share/blender"
|
||||
if [ -d $i/share/blender/${blenderVersion} ]; then
|
||||
resourcesPath="$i/share/blender/${blenderVersion}";
|
||||
fi
|
||||
lndir -silent $resourcesPath $out
|
||||
done
|
||||
'';
|
||||
in
|
||||
{
|
||||
options.programs.blender = {
|
||||
|
@ -64,7 +64,8 @@ let
|
||||
settingsFile' = "/var/lib/vouch-proxy/${name}-config.yml";
|
||||
in
|
||||
lib.nameValuePair "vouch-proxy-${name}" {
|
||||
preStart = if (settings != { } && settingsFile == null)
|
||||
preStart =
|
||||
if (settings != { } && settingsFile == null)
|
||||
then ''
|
||||
${pkgs.writeScript
|
||||
"vouch-proxy-replace-secrets"
|
||||
|
Loading…
Reference in New Issue
Block a user