foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-02-25 00:19:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

chore: reformat codebase

Browse Source
This commit is contained in:
Gabriel Arazas 2023-10-09 20:48:01 +08:00
parent 7d55e45f70
commit 3ee04bb812
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
8 changed files with 79 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
hosts/plover/config/wezterm/config.lua
View File

@ -1,12 +1,12 @@
return { return {
tls_servers = { tls_servers = {
-- These are expected to be imported through systemd LoadCredentials -- These are expected to be imported through systemd LoadCredentials
-- directive. -- directive.
{ {
pem_private_key = os.getenv("CREDENTIALS_DIRECTORY") .. "/key.pem", pem_private_key = os.getenv("CREDENTIALS_DIRECTORY") .. "/key.pem",
pem_cert = os.getenv("CREDENTIALS_DIRECTORY") .. "/cert.pem", pem_cert = os.getenv("CREDENTIALS_DIRECTORY") .. "/cert.pem",
pem_ca = os.getenv("CREDENTIALS_DIRECTORY") .. "/fullchain.pem", pem_ca = os.getenv("CREDENTIALS_DIRECTORY") .. "/fullchain.pem",
bind_address = "@listen_address@", bind_address = "@listen_address@",
}, },
}, },
} }

22
hosts/plover/modules/services/bind.nix
View File

@ -273,16 +273,18 @@ in
# Set up the firewall. Take note the ports with the transport layer being # Set up the firewall. Take note the ports with the transport layer being
# accepted in Bind. # accepted in Bind.
networking.firewall = let networking.firewall =
ports = [ let
53 # DNS ports = [
853 # DNS-over-TLS/DNS-over-QUIC 53 # DNS
dnsOverHTTPSPort 853 # DNS-over-TLS/DNS-over-QUIC
]; dnsOverHTTPSPort
in { ];
allowedUDPPorts = ports; in
allowedTCPPorts = ports; {
}; allowedUDPPorts = ports;
allowedTCPPorts = ports;
};
# Making this with nginx. # Making this with nginx.
services.nginx.upstreams.local-dns = { services.nginx.upstreams.local-dns = {

25
hosts/plover/modules/services/grafana.nix
View File

@ -117,7 +117,8 @@ in
# Setting up with secure schema usage pattern. # Setting up with secure schema usage pattern.
systemd.services.grafana = { systemd.services.grafana = {
preStart = let preStart =
let
grafanaDatabaseUser = config.services.grafana.settings.database.user; grafanaDatabaseUser = config.services.grafana.settings.database.user;
psql = lib.getExe' config.services.postgresql.package "psql"; psql = lib.getExe' config.services.postgresql.package "psql";
in in
@ -125,17 +126,19 @@ in
# Setting up the appropriate schema for PostgreSQL secure schema usage. # Setting up the appropriate schema for PostgreSQL secure schema usage.
${psql} -tAc "SELECT 1 FROM information_schema.schemata WHERE schema_name='${grafanaDatabaseUser}';" \ ${psql} -tAc "SELECT 1 FROM information_schema.schemata WHERE schema_name='${grafanaDatabaseUser}';" \
grep -q 1 || ${psql} -tAc "CREATE SCHEMA IF NOT EXISTS AUTHORIZATION ${grafanaDatabaseUser};" grep -q 1 || ${psql} -tAc "CREATE SCHEMA IF NOT EXISTS AUTHORIZATION ${grafanaDatabaseUser};"
''; '';
}; };
sops.secrets = let sops.secrets =
grafanaFileAttributes = { let
owner = config.users.users.grafana.name; grafanaFileAttributes = {
group = config.users.users.grafana.group; owner = config.users.users.grafana.name;
mode = "0400"; group = config.users.users.grafana.group;
mode = "0400";
};
in
lib.getSecrets ../../secrets/secrets.yaml {
"grafana/database/password" = grafanaFileAttributes;
"grafana/users/admin/password" = grafanaFileAttributes;
}; };
in lib.getSecrets ../../secrets/secrets.yaml {
"grafana/database/password" = grafanaFileAttributes;
"grafana/users/admin/password" = grafanaFileAttributes;
};
} }

2
lib/private.nix
View File

@ -44,7 +44,7 @@ rec {
(r: r) (r: r)
users'; users';
getUser = type: user: ../users/${type}/${user}; getUser = type: user: ../users/${type}/${user};
# Import modules with a set blocklist. # Import modules with a set blocklist.
importModules = attrs: importModules = attrs:

16
modules/home-manager/profiles/desktop.nix
View File

@ -80,18 +80,20 @@ in {
enable = true; enable = true;
config = { config = {
ytdl-format = "(webm,mkv,mp4)[height<=?1280]"; ytdl-format = "(webm,mkv,mp4)[height<=?1280]";
ytdl-raw-options-append = let ytdl-raw-options-append =
options = { let
yes-playlist = ""; options = {
}; yes-playlist = "";
options' = lib.mapAttrsToList (n: v: "${n}=${v}") options; };
in lib.concatStringsSep "," options'; options' = lib.mapAttrsToList (n: v: "${n}=${v}") options;
in
lib.concatStringsSep "," options';
ordered-chapters = true; ordered-chapters = true;
ab-loop-count = "inf"; ab-loop-count = "inf";
chapter-seek-threshold = 15.0; chapter-seek-threshold = 15.0;
osc = false; osc = false;
sub-auto = "fuzzy"; sub-auto = "fuzzy";
hwdec= "auto"; hwdec = "auto";
}; };
bindings = { bindings = {

27
modules/nixos/profiles/browsers.nix
View File

@ -48,19 +48,20 @@ in
policies = { policies = {
AppAutoUpdate = false; AppAutoUpdate = false;
Containers.Default = let Containers.Default =
mkContainer = name: color: icon: { let
inherit name color icon; mkContainer = name: color: icon: {
}; inherit name color icon;
in };
[ in
(mkContainer "Personal" "blue" "fingerprint") [
(mkContainer "Self-hosted" "pink" "fingerprint") (mkContainer "Personal" "blue" "fingerprint")
(mkContainer "Work" "red" "briefcase") (mkContainer "Self-hosted" "pink" "fingerprint")
(mkContainer "Banking" "green" "dollar") (mkContainer "Work" "red" "briefcase")
(mkContainer "Shopping" "pink" "cart") (mkContainer "Banking" "green" "dollar")
(mkContainer "Gaming" "turquoise" "chill") (mkContainer "Shopping" "pink" "cart")
]; (mkContainer "Gaming" "turquoise" "chill")
];
DisableAppUpdate = true; DisableAppUpdate = true;
DisableMasterPasswordCreation = true; DisableMasterPasswordCreation = true;

36
modules/nixos/programs/blender.nix
View File

@ -3,23 +3,25 @@
let let
cfg = config.programs.blender; cfg = config.programs.blender;
addons = let addons =
blenderVersion = lib.versions.majorMinor cfg.package.version; let
in blenderVersion = lib.versions.majorMinor cfg.package.version;
pkgs.runCommand "blender-system-resources" { in
passAsFile = [ "paths" ]; pkgs.runCommand "blender-system-resources"
paths = cfg.addons ++ [ cfg.package ]; {
nativeBuildInputs = with pkgs; [ outils ]; passAsFile = [ "paths" ];
} '' paths = cfg.addons ++ [ cfg.package ];
mkdir -p $out nativeBuildInputs = with pkgs; [ outils ];
for i in $(cat $pathsPath); do } ''
resourcesPath="$i/share/blender" mkdir -p $out
if [ -d $i/share/blender/${blenderVersion} ]; then for i in $(cat $pathsPath); do
resourcesPath="$i/share/blender/${blenderVersion}"; resourcesPath="$i/share/blender"
fi if [ -d $i/share/blender/${blenderVersion} ]; then
lndir -silent $resourcesPath $out resourcesPath="$i/share/blender/${blenderVersion}";
done fi
''; lndir -silent $resourcesPath $out
done
'';
in in
{ {
options.programs.blender = { options.programs.blender = {

3
modules/nixos/services/vouch-proxy.nix
View File

@ -64,7 +64,8 @@ let
settingsFile' = "/var/lib/vouch-proxy/${name}-config.yml"; settingsFile' = "/var/lib/vouch-proxy/${name}-config.yml";
in in
lib.nameValuePair "vouch-proxy-${name}" { lib.nameValuePair "vouch-proxy-${name}" {
preStart = if (settings != { } && settingsFile == null) preStart =
if (settings != { } && settingsFile == null)
then '' then ''
${pkgs.writeScript ${pkgs.writeScript
"vouch-proxy-replace-secrets" "vouch-proxy-replace-secrets"