flake: reformat with nixfmt

2025-01-28 20:33:04 -05:00 · 2025-01-28 20:33:04 -05:00 · eaf4f56ac0
commit eaf4f56ac0
parent a79e641851
117 changed files with 2667 additions and 1592 deletions
--- a/hosts/Infini-DL360/authentik.nix
+++ b/hosts/Infini-DL360/authentik.nix
@ -1,4 +1,9 @@
-{ config, common, secrets, ... }:
+{
+  config,
+  common,
+  secrets,
+  ...
+}:
 let
  domain = common.subdomain "auth";
  ldap = common.subdomain "ldap";
@ -32,7 +37,10 @@ in
    environmentFile = secrets.authentik-ldap;
  };

-  networking.firewall.allowedTCPPorts = [ 3389 6636 ];
+  networking.firewall.allowedTCPPorts = [
+    3389
+    6636
+  ];

  security.acme.certs.${ldap} = {
    group = "nginx";
--- a/hosts/Infini-DL360/conduwuit.nix
+++ b/hosts/Infini-DL360/conduwuit.nix
@ -1,4 +1,9 @@
-{ config, common, inputs, ... }:
+{
+  config,
+  common,
+  inputs,
+  ...
+}:
 let
  domain = common.subdomain "matrix";
  cfg = config.services.conduwuit;
--- a/hosts/Infini-DL360/default.nix
+++ b/hosts/Infini-DL360/default.nix
@ -1,4 +1,11 @@
-{ config, lib, pkgs, private, ... }: {
+{
+  config,
+  lib,
+  pkgs,
+  private,
+  ...
+}:
+{
  imports = [
    ./hardware-configuration.nix
    ./disks.nix
@ -57,19 +64,39 @@

  networking = {
    firewall = {
-      allowedUDPPorts = [ 80 443 ];
-      allowedTCPPorts = [ 80 443 25565 ];
+      allowedUDPPorts = [
+        80
+        443
+      ];
+      allowedTCPPorts = [
+        80
+        443
+        25565
+      ];
    };

    bridges = {
      br0 = {
-        interfaces = [ "eno1" "eno2" "eno3" "eno4" ];
+        interfaces = [
+          "eno1"
+          "eno2"
+          "eno3"
+          "eno4"
+        ];
      };
    };
-    interfaces.br0.ipv4.addresses = [{ address = "192.168.137.11"; prefixLength = 24; }];
+    interfaces.br0.ipv4.addresses = [
+      {
+        address = "192.168.137.11";
+        prefixLength = 24;
+      }
+    ];
    dhcpcd.denyInterfaces = [ "eno*" ];

-    defaultGateway = { address = "192.168.137.1"; interface = "br0"; };
+    defaultGateway = {
+      address = "192.168.137.1";
+      interface = "br0";
+    };

    nat = {
      enable = true;
@ -89,10 +116,12 @@

  services.fail2ban.enable = true;

-  environment.etc."fail2ban/filter.d/nginx-url-probe.local".text = lib.mkDefault (lib.mkAfter ''
-    [Definition]
-    failregex = ^<HOST>.*GET.*(\.php|admin|wp\-).* HTTP/\d.\d\" 404.*$
-  '');
+  environment.etc."fail2ban/filter.d/nginx-url-probe.local".text = lib.mkDefault (
+    lib.mkAfter ''
+      [Definition]
+      failregex = ^<HOST>.*GET.*(\.php|admin|wp\-).* HTTP/\d.\d\" 404.*$
+    ''
+  );

  services.fail2ban.jails.nginx-url-probe.settings = {
    enabled = true;
@ -127,22 +156,26 @@

  services.minecraft-servers.servers.emd-server.autoStart = lib.mkForce false;

-  services.borgbackup.jobs."persist" = let tmux = lib.getExe pkgs.tmux; in {
-    preHook = ''
-      ${tmux} -S /run/minecraft/friend-server.sock send-keys "say Server is backing up..." Enter
-      ${tmux} -S /run/minecraft/friend-server.sock send-keys save-off Enter
-      ${tmux} -S /run/minecraft/friend-server.sock send-keys save-all Enter
-      ${tmux} -S /run/minecraft/sister-server.sock send-keys "say Server is backing up..." Enter
-      ${tmux} -S /run/minecraft/sister-server.sock send-keys save-off Enter
-      ${tmux} -S /run/minecraft/sister-server.sock send-keys save-all Enter
-    '';
-    postHook = ''
-      ${tmux} -S /run/minecraft/friend-server.sock send-keys save-on Enter
-      ${tmux} -S /run/minecraft/friend-server.sock send-keys "say Backup complete" Enter
-      ${tmux} -S /run/minecraft/sister-server.sock send-keys save-on Enter
-      ${tmux} -S /run/minecraft/sister-server.sock send-keys "say Backup complete" Enter
-    '';
-  };
+  services.borgbackup.jobs."persist" =
+    let
+      tmux = lib.getExe pkgs.tmux;
+    in
+    {
+      preHook = ''
+        ${tmux} -S /run/minecraft/friend-server.sock send-keys "say Server is backing up..." Enter
+        ${tmux} -S /run/minecraft/friend-server.sock send-keys save-off Enter
+        ${tmux} -S /run/minecraft/friend-server.sock send-keys save-all Enter
+        ${tmux} -S /run/minecraft/sister-server.sock send-keys "say Server is backing up..." Enter
+        ${tmux} -S /run/minecraft/sister-server.sock send-keys save-off Enter
+        ${tmux} -S /run/minecraft/sister-server.sock send-keys save-all Enter
+      '';
+      postHook = ''
+        ${tmux} -S /run/minecraft/friend-server.sock send-keys save-on Enter
+        ${tmux} -S /run/minecraft/friend-server.sock send-keys "say Backup complete" Enter
+        ${tmux} -S /run/minecraft/sister-server.sock send-keys save-on Enter
+        ${tmux} -S /run/minecraft/sister-server.sock send-keys "say Backup complete" Enter
+      '';
+    };

  systemd.services.setup-infiniband = {
    wantedBy = [ "network.target" ];
--- a/hosts/Infini-DL360/disks.nix
+++ b/hosts/Infini-DL360/disks.nix
@ -3,7 +3,10 @@ with lib.our.disko;
 {
  boot.kernelPackages = pkgs.linuxPackages;

-  boot.zfs.extraPools = [ "zssd" "zhdd" ];
+  boot.zfs.extraPools = [
+    "zssd"
+    "zhdd"
+  ];

  disko.devices = {
    nodev."/" = mkTmpfs "64G";
--- a/hosts/Infini-DL360/forgejo.nix
+++ b/hosts/Infini-DL360/forgejo.nix
@ -1,4 +1,10 @@
-{ config, common, secrets, pkgs, ... }:
+{
+  config,
+  common,
+  secrets,
+  pkgs,
+  ...
+}:
 let
  cfg = config.services.forgejo;
  domain = common.subdomain "git";
--- a/hosts/Infini-DL360/hardware-configuration.nix
+++ b/hosts/Infini-DL360/hardware-configuration.nix
@ -5,12 +5,22 @@
    (modulesPath + "/installer/scan/not-detected.nix")
  ];

-  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "uhci_hcd" "hpsa" "usb_storage" "sd_mod" ];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ehci_pci"
+    "uhci_hcd"
+    "hpsa"
+    "usb_storage"
+    "sd_mod"
+  ];
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
  boot.kernelParams = [ "boot.shell_on_fail" ];
-  boot.supportedFilesystems = [ "btrfs" "zfs" ];
+  boot.supportedFilesystems = [
+    "btrfs"
+    "zfs"
+  ];
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

  info.model = "HPE ProLiant DL360 Gen 9";
--- a/hosts/Infini-DL360/hedgedoc.nix
+++ b/hosts/Infini-DL360/hedgedoc.nix
@ -1,4 +1,9 @@
-{ config, common, secrets, ... }:
+{
+  config,
+  common,
+  secrets,
+  ...
+}:
 let
  cfg = config.services.hedgedoc;
  domain = common.subdomain "md";
@ -12,7 +17,10 @@ in
      protocolUseSSL = true;
      port = 4003;

-      db = { dialect = "sqlite"; storage = "/srv/hedgedoc/db.sqlite"; };
+      db = {
+        dialect = "sqlite";
+        storage = "/srv/hedgedoc/db.sqlite";
+      };
      uploadsPath = "/srv/hedgedoc/uploads";

      allowFreeURL = true;
--- a/hosts/Infini-DL360/hydra.nix
+++ b/hosts/Infini-DL360/hydra.nix
@ -1,4 +1,10 @@
-{ config, common, secrets, pkgs, ... }:
+{
+  config,
+  common,
+  secrets,
+  pkgs,
+  ...
+}:
 let
  domain = common.subdomain "hydra";
 in
@ -61,7 +67,12 @@ in
    {
      hostName = "localhost";
      system = "x86_64-linux";
-      supportedFeatures = [ "kvm" "nixos-test" "big-parallel" "benchmark" ];
+      supportedFeatures = [
+        "kvm"
+        "nixos-test"
+        "big-parallel"
+        "benchmark"
+      ];
      protocol = null;
      maxJobs = 32;
      speedFactor = 16;
--- a/hosts/Infini-DL360/immich.nix
+++ b/hosts/Infini-DL360/immich.nix
@ -1,4 +1,9 @@
-{ config, pkgs, common, ... }:
+{
+  config,
+  pkgs,
+  common,
+  ...
+}:
 let
  domain = common.subdomain "photos";
  cfg = config.services.immich;
--- a/hosts/Infini-DL360/jellyfin.nix
+++ b/hosts/Infini-DL360/jellyfin.nix
@ -25,9 +25,11 @@ in
    locations."/" = {
      proxyPass = jellyfin;
      recommendedProxySettings = false;
-      extraConfig = proxyConfig + ''
-        proxy_buffering off;
-      '';
+      extraConfig =
+        proxyConfig
+        + ''
+          proxy_buffering off;
+        '';
    };

    locations."= /web/" = {
@ -51,5 +53,9 @@ in
    openFirewall = true;
  };

-  persist.directories = with config.services.jellyfin; [ dataDir cacheDir logDir ];
+  persist.directories = with config.services.jellyfin; [
+    dataDir
+    cacheDir
+    logDir
+  ];
 }
--- a/hosts/Infini-DL360/jupyter.nix
+++ b/hosts/Infini-DL360/jupyter.nix
@ -1,11 +1,22 @@
-{ config, common, pkgs, ... }:
+{
+  config,
+  common,
+  pkgs,
+  ...
+}:
 let
  cfg = config.services.jupyter;

  mkPythonKernel = displayName: env: {
    inherit displayName;
    language = "python";
-    argv = [ "${env.interpreter}" "-m" "ipykernel_launcher" "-f" "{connection_file}" ];
+    argv = [
+      "${env.interpreter}"
+      "-m"
+      "ipykernel_launcher"
+      "-f"
+      "{connection_file}"
+    ];
    logo32 = "${env}/${env.sitePackages}/ipykernel/resources/logo-32x32.png";
    logo64 = "${env}/${env.sitePackages}/ipykernel/resources/logo-64x64.png";
  };
@ -59,24 +70,32 @@ in
    notebookDir = "~/Notebooks";

    kernels = {
-      python3 = mkPythonKernel "Python 3" (pkgs.python3.withPackages (p: with p; [
-        ipykernel
+      python3 = mkPythonKernel "Python 3" (
+        pkgs.python3.withPackages (
+          p: with p; [
+            ipykernel

-        matplotlib
-        numpy
-        pandas
-        scipy
-      ]));
-      vpython = mkPythonKernel "VPython" (pkgs.python3.withPackages (p: with p; [
-        ipykernel
-        jupyterlab-vpython
+            matplotlib
+            numpy
+            pandas
+            scipy
+          ]
+        )
+      );
+      vpython = mkPythonKernel "VPython" (
+        pkgs.python3.withPackages (
+          p: with p; [
+            ipykernel
+            jupyterlab-vpython

-        vpython-jupyter
-        matplotlib
-        numpy
-        pandas
-        scipy
-      ]));
+            vpython-jupyter
+            matplotlib
+            numpy
+            pandas
+            scipy
+          ]
+        )
+      );
    };
  };

--- a/hosts/Infini-DL360/postgresql.nix
+++ b/hosts/Infini-DL360/postgresql.nix
@ -4,7 +4,13 @@ let
  directory = "/srv/postgresql";
 in
 {
-  persist.directories = [{ inherit directory; user = "postgres"; group = "postgres"; }];
+  persist.directories = [
+    {
+      inherit directory;
+      user = "postgres";
+      group = "postgres";
+    }
+  ];

  services.postgresql = {
    enable = true;
--- a/hosts/Infini-DL360/searx.nix
+++ b/hosts/Infini-DL360/searx.nix
@ -1,4 +1,9 @@
-{ config, common, secrets, ... }:
+{
+  config,
+  common,
+  secrets,
+  ...
+}:
 let
  cfg = config.services.searx;
  domain = common.subdomain "search";
--- a/hosts/Infini-DL360/ssh.nix
+++ b/hosts/Infini-DL360/ssh.nix
@ -50,8 +50,15 @@ in
  security.pam.services.sshd.allowNullPassword = true;

  systemd.tmpfiles.settings."30-external" = {
-    "/srv/external".d = { user = "root"; group = "root"; };
-    "/srv/external/incoming".d = { user = "incoming"; group = "incoming"; mode = "0770"; };
+    "/srv/external".d = {
+      user = "root";
+      group = "root";
+    };
+    "/srv/external/incoming".d = {
+      user = "incoming";
+      group = "incoming";
+      mode = "0770";
+    };
  };

  # https://enotacoes.wordpress.com/2021/10/05/limiting-user-to-sshfs-or-sftp-of-one-directory-only/
--- a/hosts/Infini-DL360/thelounge.nix
+++ b/hosts/Infini-DL360/thelounge.nix
@ -1,4 +1,9 @@
-{ config, common, pkgs, ... }:
+{
+  config,
+  common,
+  pkgs,
+  ...
+}:

 {
  services.nginx.virtualHosts."thelounge.inx.moe" = common.nginx.ssl // {
--- a/hosts/Infini-DL360/torrenting.nix
+++ b/hosts/Infini-DL360/torrenting.nix
@ -1,4 +1,10 @@
-{ pkgs, private, config, lib, ... }:
+{
+  pkgs,
+  private,
+  config,
+  lib,
+  ...
+}:

 {
  containers.torrenting = {
--- a/hosts/Infini-DL360/vaultwarden.nix
+++ b/hosts/Infini-DL360/vaultwarden.nix
@ -1,4 +1,11 @@
-{ config, common, secrets, lib, pkgs, ... }:
+{
+  config,
+  common,
+  secrets,
+  lib,
+  pkgs,
+  ...
+}:
 let
  domain = common.subdomain "bitwarden";
 in
--- a/hosts/Infini-DL360/web.nix
+++ b/hosts/Infini-DL360/web.nix
@ -1,4 +1,10 @@
-{ config, common, pkgs, lib, ... }:
+{
+  config,
+  common,
+  pkgs,
+  lib,
+  ...
+}:
 let
  inherit (common.nginx) ssl ssl-optional;

@ -14,21 +20,23 @@ let
    location ~ "/\..+" { deny all; }
  '';

-  mkWebsite = name: ssl // {
-    locations."/" = {
-      root = "/srv/web/${name}";
-      inherit tryFiles;
-      extraConfig = websiteConfig;
+  mkWebsite =
+    name:
+    ssl
+    // {
+      locations."/" = {
+        root = "/srv/web/${name}";
+        inherit tryFiles;
+        extraConfig = websiteConfig;
+      };
    };
-  };

  mkRedirect = from: to: ssl-optional // { globalRedirect = to; };

  websites = lib.genAttrs [
    "inx.moe"
    "stickers.inx.moe"
-  ]
-    mkWebsite;
+  ] mkWebsite;

  redirects = lib.mapAttrs mkRedirect {
    "nitter.inx.moe" = "twitter.com";
@ -44,52 +52,55 @@ in
    }
  '';

-  services.nginx.virtualHosts = websites // redirects // {
-    "j.inx.moe" = ssl-optional // {
-      locations."/" = {
-        return = "302 $jump_link";
+  services.nginx.virtualHosts =
+    websites
+    // redirects
+    // {
+      "j.inx.moe" = ssl-optional // {
+        locations."/" = {
+          return = "302 $jump_link";
+        };
+      };
+      "blahaj.inx.moe" = ssl-optional // {
+        locations."/" = {
+          tryFiles = "/Blahaj.png =404";
+          root = ./static;
+        };
+        locations."/buy" = {
+          return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
+        };
+      };
+      "swedish.fish" = ssl-optional // {
+        locations."/" = {
+          tryFiles = "/Blahaj.png =404";
+          root = ./static;
+        };
+        locations."/buy" = {
+          return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
+        };
+      };
+      "files.inx.moe" = ssl // {
+        locations."/" = {
+          root = "/srv/web/files.inx.moe";
+          extraConfig = ''
+            autoindex on;
+          '';
+        };
+        locations."/p/" = {
+          root = "/srv/web/files.inx.moe";
+        };
+      };
+      "old.inx.moe" = ssl-optional // {
+        locations."/" = {
+          root = "/srv/web/inx.moe";
+          inherit tryFiles;
+          extraConfig = websiteConfig;
+        };
+      };
+      "foxy.software" = ssl-optional // {
+        locations."/".return = "301 https://inx.moe";
      };
    };
-    "blahaj.inx.moe" = ssl-optional // {
-      locations."/" = {
-        tryFiles = "/Blahaj.png =404";
-        root = ./static;
-      };
-      locations."/buy" = {
-        return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
-      };
-    };
-    "swedish.fish" = ssl-optional // {
-      locations."/" = {
-        tryFiles = "/Blahaj.png =404";
-        root = ./static;
-      };
-      locations."/buy" = {
-        return = "301 https://www.ikea.com/us/en/p/blahaj-soft-toy-shark-90373590/";
-      };
-    };
-    "files.inx.moe" = ssl // {
-      locations."/" = {
-        root = "/srv/web/files.inx.moe";
-        extraConfig = ''
-          autoindex on;
-        '';
-      };
-      locations."/p/" = {
-        root = "/srv/web/files.inx.moe";
-      };
-    };
-    "old.inx.moe" = ssl-optional // {
-      locations."/" = {
-        root = "/srv/web/inx.moe";
-        inherit tryFiles;
-        extraConfig = websiteConfig;
-      };
-    };
-    "foxy.software" = ssl-optional // {
-      locations."/".return = "301 https://inx.moe";
-    };
-  };

  services.uwsgi = {
    enable = true;