Merge branch 'master' into auto-update/2026-02-13

2026-02-15 23:21:11 +01:00 · 2026-02-15 23:21:11 +01:00 · 6ac38299e0
commit 6ac38299e0
parent f0f8431198 263e5c08a3
17 changed files with 82 additions and 48 deletions
--- a/flake.nix
+++ b/flake.nix
@ -67,7 +67,7 @@
    {
      # used with: `nix fmt`
-      formatter.${system} = pkgs.nixfmt-rfc-style;
+      formatter.${system} = pkgs.nixfmt-tree;
      nixosConfigurations = (import ./hosts inputs);
--- a/hosts/collabora/default.nix
+++ b/hosts/collabora/default.nix
@ -27,4 +27,3 @@ in
  system.stateVersion = "25.11";
 }
--- a/hosts/colmena/default.nix
+++ b/hosts/colmena/default.nix
@ -32,13 +32,20 @@ in
      lxc-standard.enable = true;
    };
-    virtualisation.proxmox.enable = true;
+    virtualisation = {
      proxmox.enable = true;
      podman.enable = true;
    };
  };
  programs = {
    nix-ld.enable = true;
  };
  environment.systemPackages = with pkgs; [
    just-lsp
  ];
  home-manager = {
    useGlobalPkgs = true;
    useUserPackages = true;
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -74,7 +74,10 @@ let
      hostModule = cfg.module;
      unstable = cfg.unstable or false;
      extraModules = cfg.extraModules or [ ];
-      specialArgs = { inherit authentik-nix; } // (cfg.specialArgs or { });
+      specialArgs = {
        inherit authentik-nix;
      }
      // (cfg.specialArgs or { });
    }
  ) hostDefs;
--- a/hosts/docker/default.nix
+++ b/hosts/docker/default.nix
@ -14,6 +14,7 @@
    virtualisation = {
      proxmox.enable = true;
      docker.enable = true;
    };
  };
--- a/hosts/forgejo-runner/default.nix
+++ b/hosts/forgejo-runner/default.nix
@ -61,4 +61,3 @@ in
  system.stateVersion = "25.11";
 }
--- a/hosts/librenms/default.nix
+++ b/hosts/librenms/default.nix
@ -18,7 +18,10 @@ in
      enable = true;
      hostname = p.hosts.librenms;
      settings = {
-        "snmp.community" = [ "public" "homelab" ];
+        "snmp.community" = [
          "public"
          "homelab"
        ];
      };
    };
--- a/modules/monitoring/prometheus.nix
+++ b/modules/monitoring/prometheus.nix
@ -74,7 +74,8 @@ in
              }
            ];
          }
-        ] ++ cfg.extraScrapeConfigs;
+        ]
        ++ cfg.extraScrapeConfigs;
      };
      services.grafana = {
--- a/modules/services/collabora-online.nix
+++ b/modules/services/collabora-online.nix
@ -55,8 +55,7 @@ in
      services.collabora-online = {
        enable = true;
-        settings =
+        settings = {
          {
          net.listen = "0.0.0.0";
          # terminate TLS at Caddy, NOT in coolwsd
@ -69,9 +68,7 @@ in
        // lib.optionalAttrs (cfg.trustedDomains != [ ]) {
          # Restrict which hosts may use WOPI (e.g. only your Nextcloud).
          # Collabora expects regexes here, so escape dots.
-            storage.wopi.host = map
+          storage.wopi.host = map (d: builtins.replaceStrings [ "." ] [ "\\." ] d) cfg.trustedDomains;
              (d: builtins.replaceStrings [ "." ] [ "\\." ] d)
              cfg.trustedDomains;
        };
      };
--- a/modules/services/forgejo-runner.nix
+++ b/modules/services/forgejo-runner.nix
@ -97,4 +97,3 @@ in
  };
 }
--- a/modules/services/ilpost-addict.nix
+++ b/modules/services/ilpost-addict.nix
@ -16,10 +16,14 @@ let
    sha256 = "sha256-kL7tVHXZunqGFztbVx850QQ1U5h5wY1ltIONWXwe7QQ=";
  };
-  phpPackage = pkgs.php.withExtensions ({ enabled, all }: enabled ++ [
+  phpPackage = pkgs.php.withExtensions (
    { enabled, all }:
    enabled
    ++ [
      all.curl
      all.dom
-  ]);
+    ]
  );
 in
 {
@ -51,7 +55,13 @@ in
    };
    poolSettings = lib.mkOption {
-      type = with lib.types; attrsOf (oneOf [ str int bool ]);
+      type =
        with lib.types;
        attrsOf (oneOf [
          str
          int
          bool
        ]);
      default = {
        "pm" = "dynamic";
        "pm.max_children" = 8;
@ -133,11 +143,13 @@ in
        user = cfg.user;
        group = cfg.group;
        phpPackage = phpPackage;
-        settings = lib.mapAttrs (name: lib.mkDefault) {
+        settings =
          lib.mapAttrs (name: lib.mkDefault) {
            "listen.owner" = config.services.caddy.user;
            "listen.group" = config.services.caddy.group;
            "chdir" = cfg.dataDir;
-        } // cfg.poolSettings;
+          }
          // cfg.poolSettings;
      };
      # Caddy configuration for serving PHP
@ -169,4 +181,3 @@ in
    })
  ];
 }
--- a/modules/services/n8n.nix
+++ b/modules/services/n8n.nix
@ -67,7 +67,11 @@ in
      };
      # Add npm/nodejs to n8n's PATH
-      systemd.services.n8n.path = [ pkgs.nodejs pkgs.gnutar pkgs.gzip ];
+      systemd.services.n8n.path = [
        pkgs.nodejs
        pkgs.gnutar
        pkgs.gzip
      ];
    })
--- a/modules/services/rutorrent.nix
+++ b/modules/services/rutorrent.nix
@ -263,9 +263,9 @@ in
                cp -r ${rutorrentPkgs}/php ${cfg.dataDir}/
                ${optionalString (cfg.plugins != [ ])
-                  ''cp -r ${
+                  "cp -r ${
                    concatMapStringsSep " " (p: "${rutorrentPkgs}/plugins/${p}") cfg.plugins
-                  } ${cfg.dataDir}/plugins/''
+                  } ${cfg.dataDir}/plugins/"
                }
                chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}/{conf,share,logs,plugins}
--- a/modules/utils/server-node-users.nix
+++ b/modules/utils/server-node-users.nix
@ -32,7 +32,7 @@ in
        isNormalUser = true;
        hashedPassword = "$y$j9T$oWLCV1hnGPyOGabMfAS3p1$/iwouRZGwQXcv6IHnLuT3I9.pmeXNpcHxq.b8xfitr1";
        shell = pkgs.bash;
-        extraGroups = [ "wheel" ];
+        extraGroups = [ "wheel" ] ++ lib.optionals config.virtualisation.docker.enable [ "docker" ];
        openssh.authorizedKeys.keys = sshKeys.infra-core;
      };
--- a/modules/virtualisation/docker.nix
+++ b/modules/virtualisation/docker.nix
@ -14,13 +14,10 @@ in
  config = lib.mkIf cfg.enable {
    virtualisation = {
-      docker = {
+      docker.enable = true;
        storageDriver = "overlay2";
      };
      oci-containers.backend = "docker";
    };
  };
 }
--- a/modules/virtualisation/podman.nix
+++ b/modules/virtualisation/podman.nix
@ -13,14 +13,27 @@ in
  };
  config = lib.mkIf cfg.enable {
    # Enable common container config files in /etc/containers
    virtualisation.containers.enable = true;
    virtualisation = {
      podman = {
        enable = true;
        # Create a `docker` alias for podman, to use it as a drop-in replacement
        dockerCompat = true;
        # Required for containers under podman-compose to be able to talk to each other.
        defaultNetwork.settings.dns_enabled = true;
      };
    };
-      oci-containers.backend = "podman";
+    # Useful other development tools
-    };
+    environment.systemPackages = with pkgs; [
      dive # look into docker image layers
      podman-tui # status of containers in the terminal
      docker-compose # start group of containers for dev
      podman-compose # start group of containers for dev
    ];
    # Depending on the host filesystem
    # virtualisation.containers.storage.settings = {
`@ -27,4 +27,3 @@ in`

	`system.stateVersion = "25.11";`	`system.stateVersion = "25.11";`
	`}`	`}`
`@ -61,4 +61,3 @@ in`

	`system.stateVersion = "25.11";`	`system.stateVersion = "25.11";`
	`}`	`}`