diff --git a/hosts/plover/config/wezterm/config.lua b/hosts/plover/config/wezterm/config.lua index 3f07e4d1..927f960e 100644 --- a/hosts/plover/config/wezterm/config.lua +++ b/hosts/plover/config/wezterm/config.lua @@ -1,12 +1,12 @@ return { tls_servers = { - -- These are expected to be imported through systemd LoadCredentials - -- directive. - { - pem_private_key = os.getenv("CREDENTIALS_DIRECTORY") .. "/key.pem", - pem_cert = os.getenv("CREDENTIALS_DIRECTORY") .. "/cert.pem", - pem_ca = os.getenv("CREDENTIALS_DIRECTORY") .. "/fullchain.pem", - bind_address = "@listen_address@", - }, + -- These are expected to be imported through systemd LoadCredentials + -- directive. + { + pem_private_key = os.getenv("CREDENTIALS_DIRECTORY") .. "/key.pem", + pem_cert = os.getenv("CREDENTIALS_DIRECTORY") .. "/cert.pem", + pem_ca = os.getenv("CREDENTIALS_DIRECTORY") .. "/fullchain.pem", + bind_address = "@listen_address@", + }, }, } diff --git a/hosts/plover/modules/services/bind.nix b/hosts/plover/modules/services/bind.nix index 9fff86bd..ff963239 100644 --- a/hosts/plover/modules/services/bind.nix +++ b/hosts/plover/modules/services/bind.nix @@ -273,16 +273,18 @@ in # Set up the firewall. Take note the ports with the transport layer being # accepted in Bind. - networking.firewall = let - ports = [ - 53 # DNS - 853 # DNS-over-TLS/DNS-over-QUIC - dnsOverHTTPSPort - ]; - in { - allowedUDPPorts = ports; - allowedTCPPorts = ports; - }; + networking.firewall = + let + ports = [ + 53 # DNS + 853 # DNS-over-TLS/DNS-over-QUIC + dnsOverHTTPSPort + ]; + in + { + allowedUDPPorts = ports; + allowedTCPPorts = ports; + }; # Making this with nginx. services.nginx.upstreams.local-dns = { diff --git a/hosts/plover/modules/services/grafana.nix b/hosts/plover/modules/services/grafana.nix index 3460c592..95debefa 100644 --- a/hosts/plover/modules/services/grafana.nix +++ b/hosts/plover/modules/services/grafana.nix @@ -117,7 +117,8 @@ in # Setting up with secure schema usage pattern. systemd.services.grafana = { - preStart = let + preStart = + let grafanaDatabaseUser = config.services.grafana.settings.database.user; psql = lib.getExe' config.services.postgresql.package "psql"; in @@ -125,17 +126,19 @@ in # Setting up the appropriate schema for PostgreSQL secure schema usage. ${psql} -tAc "SELECT 1 FROM information_schema.schemata WHERE schema_name='${grafanaDatabaseUser}';" \ grep -q 1 || ${psql} -tAc "CREATE SCHEMA IF NOT EXISTS AUTHORIZATION ${grafanaDatabaseUser};" - ''; + ''; }; - sops.secrets = let - grafanaFileAttributes = { - owner = config.users.users.grafana.name; - group = config.users.users.grafana.group; - mode = "0400"; + sops.secrets = + let + grafanaFileAttributes = { + owner = config.users.users.grafana.name; + group = config.users.users.grafana.group; + mode = "0400"; + }; + in + lib.getSecrets ../../secrets/secrets.yaml { + "grafana/database/password" = grafanaFileAttributes; + "grafana/users/admin/password" = grafanaFileAttributes; }; - in lib.getSecrets ../../secrets/secrets.yaml { - "grafana/database/password" = grafanaFileAttributes; - "grafana/users/admin/password" = grafanaFileAttributes; - }; } diff --git a/lib/private.nix b/lib/private.nix index 2d76e1f9..0c923491 100644 --- a/lib/private.nix +++ b/lib/private.nix @@ -44,7 +44,7 @@ rec { (r: r) users'; - getUser = type: user: ../users/${type}/${user}; + getUser = type: user: ../users/${type}/${user}; # Import modules with a set blocklist. importModules = attrs: diff --git a/modules/home-manager/profiles/desktop.nix b/modules/home-manager/profiles/desktop.nix index 4f083c08..e4bf0c4d 100644 --- a/modules/home-manager/profiles/desktop.nix +++ b/modules/home-manager/profiles/desktop.nix @@ -80,18 +80,20 @@ in { enable = true; config = { ytdl-format = "(webm,mkv,mp4)[height<=?1280]"; - ytdl-raw-options-append = let - options = { - yes-playlist = ""; - }; - options' = lib.mapAttrsToList (n: v: "${n}=${v}") options; - in lib.concatStringsSep "," options'; + ytdl-raw-options-append = + let + options = { + yes-playlist = ""; + }; + options' = lib.mapAttrsToList (n: v: "${n}=${v}") options; + in + lib.concatStringsSep "," options'; ordered-chapters = true; ab-loop-count = "inf"; chapter-seek-threshold = 15.0; osc = false; sub-auto = "fuzzy"; - hwdec= "auto"; + hwdec = "auto"; }; bindings = { diff --git a/modules/nixos/profiles/browsers.nix b/modules/nixos/profiles/browsers.nix index 742f172d..5858177c 100644 --- a/modules/nixos/profiles/browsers.nix +++ b/modules/nixos/profiles/browsers.nix @@ -48,19 +48,20 @@ in policies = { AppAutoUpdate = false; - Containers.Default = let - mkContainer = name: color: icon: { - inherit name color icon; - }; - in - [ - (mkContainer "Personal" "blue" "fingerprint") - (mkContainer "Self-hosted" "pink" "fingerprint") - (mkContainer "Work" "red" "briefcase") - (mkContainer "Banking" "green" "dollar") - (mkContainer "Shopping" "pink" "cart") - (mkContainer "Gaming" "turquoise" "chill") - ]; + Containers.Default = + let + mkContainer = name: color: icon: { + inherit name color icon; + }; + in + [ + (mkContainer "Personal" "blue" "fingerprint") + (mkContainer "Self-hosted" "pink" "fingerprint") + (mkContainer "Work" "red" "briefcase") + (mkContainer "Banking" "green" "dollar") + (mkContainer "Shopping" "pink" "cart") + (mkContainer "Gaming" "turquoise" "chill") + ]; DisableAppUpdate = true; DisableMasterPasswordCreation = true; diff --git a/modules/nixos/programs/blender.nix b/modules/nixos/programs/blender.nix index aeaba312..da8d658f 100644 --- a/modules/nixos/programs/blender.nix +++ b/modules/nixos/programs/blender.nix @@ -3,23 +3,25 @@ let cfg = config.programs.blender; - addons = let - blenderVersion = lib.versions.majorMinor cfg.package.version; - in - pkgs.runCommand "blender-system-resources" { - passAsFile = [ "paths" ]; - paths = cfg.addons ++ [ cfg.package ]; - nativeBuildInputs = with pkgs; [ outils ]; - } '' - mkdir -p $out - for i in $(cat $pathsPath); do - resourcesPath="$i/share/blender" - if [ -d $i/share/blender/${blenderVersion} ]; then - resourcesPath="$i/share/blender/${blenderVersion}"; - fi - lndir -silent $resourcesPath $out - done - ''; + addons = + let + blenderVersion = lib.versions.majorMinor cfg.package.version; + in + pkgs.runCommand "blender-system-resources" + { + passAsFile = [ "paths" ]; + paths = cfg.addons ++ [ cfg.package ]; + nativeBuildInputs = with pkgs; [ outils ]; + } '' + mkdir -p $out + for i in $(cat $pathsPath); do + resourcesPath="$i/share/blender" + if [ -d $i/share/blender/${blenderVersion} ]; then + resourcesPath="$i/share/blender/${blenderVersion}"; + fi + lndir -silent $resourcesPath $out + done + ''; in { options.programs.blender = { diff --git a/modules/nixos/services/vouch-proxy.nix b/modules/nixos/services/vouch-proxy.nix index 090430b9..f2324a99 100644 --- a/modules/nixos/services/vouch-proxy.nix +++ b/modules/nixos/services/vouch-proxy.nix @@ -64,7 +64,8 @@ let settingsFile' = "/var/lib/vouch-proxy/${name}-config.yml"; in lib.nameValuePair "vouch-proxy-${name}" { - preStart = if (settings != { } && settingsFile == null) + preStart = + if (settings != { } && settingsFile == null) then '' ${pkgs.writeScript "vouch-proxy-replace-secrets"