foodogsquared/nixos-config
1
0
Fork 0
mirror of https://github.com/foo-dogsquared/nixos-config.git synced 2025-01-30 22:57:55 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

chore: reformat codebase

Browse Source
This commit is contained in:
Gabriel Arazas 2023-06-29 14:17:38 +08:00
parent 52b66fa47d
commit 53f7cf6e83
No known key found for this signature in database
GPG Key ID: ADE0C41DAB221FCC
5 changed files with 55 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
hosts/plover/modules/services/bind.nix
View File

@ -210,9 +210,9 @@ in
}; };
}; };
networking.firewall ={ networking.firewall = {
allowedUDPPorts = [ allowedUDPPorts = [
53 # DNS 53 # DNS
853 # DNS-over-TLS/DNS-over-QUIC 853 # DNS-over-TLS/DNS-over-QUIC
]; ];
allowedTCPPorts = [ 53 853 ]; allowedTCPPorts = [ 53 853 ];

39
hosts/plover/modules/services/postgresql.nix
View File

@ -33,16 +33,18 @@ in
${lib.concatStringsSep "\n" perUserSchemas} ${lib.concatStringsSep "\n" perUserSchemas}
''; '';
settings = let settings =
credsDir = path: "/run/credentials/postgresql.service/${path}"; let
in { credsDir = path: "/run/credentials/postgresql.service/${path}";
# Still doing the secure schema usage pattern. in
search_path = "\"$user\""; {
# Still doing the secure schema usage pattern.
search_path = "\"$user\"";
ssl_cert_file = credsDir "cert.pem"; ssl_cert_file = credsDir "cert.pem";
ssl_key_file = credsDir "key.pem"; ssl_key_file = credsDir "key.pem";
ssl_ca_file = credsDir "fullchain.pem"; ssl_ca_file = credsDir "fullchain.pem";
}; };
}; };
# With a database comes a dumping. # With a database comes a dumping.
@ -58,15 +60,16 @@ in
# Setting this up for TLS. # Setting this up for TLS.
systemd.services.postgresql = { systemd.services.postgresql = {
requires = [ "acme-finished-${postgresqlDomain}.target" ]; requires = [ "acme-finished-${postgresqlDomain}.target" ];
serviceConfig.LoadCredential = let serviceConfig.LoadCredential =
certDirectory = config.security.acme.certs."${postgresqlDomain}".directory; let
certCredentialPath = path: "${path}:${certDirectory}/${path}"; certDirectory = config.security.acme.certs."${postgresqlDomain}".directory;
in certCredentialPath = path: "${path}:${certDirectory}/${path}";
[ in
(certCredentialPath "cert.pem") [
(certCredentialPath "key.pem") (certCredentialPath "cert.pem")
(certCredentialPath "fullchain.pem") (certCredentialPath "key.pem")
]; (certCredentialPath "fullchain.pem")
];
}; };
security.acme.certs."${postgresqlDomain}".postRun = '' security.acme.certs."${postgresqlDomain}".postRun = ''

42
hosts/plover/modules/services/wireguard.nix
View File

@ -16,30 +16,32 @@ in
{ {
environment.systemPackages = [ pkgs.wireguard-tools ]; environment.systemPackages = [ pkgs.wireguard-tools ];
sops.secrets = let sops.secrets =
getKey = key: { let
inherit key; getKey = key: {
sopsFile = ../../secrets/secrets.yaml; inherit key;
}; sopsFile = ../../secrets/secrets.yaml;
};
getSecrets = secrets: getSecrets = secrets:
(lib.mapAttrs' (name: config: (lib.mapAttrs'
lib.nameValuePair (name: config:
"plover/${name}" lib.nameValuePair
((getKey name) // config)) "plover/${name}"
((getKey name) // config))
secrets); secrets);
systemdNetworkdPermission = { systemdNetworkdPermission = {
group = config.users.users.systemd-network.group; group = config.users.users.systemd-network.group;
reloadUnits = [ "systemd-networkd.service" ]; reloadUnits = [ "systemd-networkd.service" ];
mode = "0640"; mode = "0640";
};
in
getSecrets {
"wireguard/private-key" = systemdNetworkdPermission;
"wireguard/preshared-keys/ni" = systemdNetworkdPermission;
"wireguard/preshared-keys/phone" = systemdNetworkdPermission;
}; };
in
getSecrets {
"wireguard/private-key" = systemdNetworkdPermission;
"wireguard/preshared-keys/ni" = systemdNetworkdPermission;
"wireguard/preshared-keys/phone" = systemdNetworkdPermission;
};
networking.firewall = { networking.firewall = {
# Allow the UDP traffic for the Wireguard service. # Allow the UDP traffic for the Wireguard service.

16
modules/home-manager/profiles/dev.nix
View File

@ -46,13 +46,15 @@ in {
}; };
# A fuzzy finder that enables fuzzy finding not furry finding, a common misconception. # A fuzzy finder that enables fuzzy finding not furry finding, a common misconception.
programs.fzf = let programs.fzf =
fd = "${lib.getBin pkgs.fd}/bin/fd"; let
in { fd = "${lib.getBin pkgs.fd}/bin/fd";
enable = true; in
changeDirWidgetCommand = "${fd} --type d"; {
defaultCommand = "${fd} --type f"; enable = true;
}; changeDirWidgetCommand = "${fd} --type d";
defaultCommand = "${fd} --type f";
};
# dog > sky dog > cat. # dog > sky dog > cat.
programs.bat = { programs.bat = {

2
shells/gnome.nix
View File

@ -28,7 +28,7 @@
, nodePackages , nodePackages
# Rust # Rust
, cargo , cargo
, rustc , rustc
}: }: