From eb9f742b1ec55bdd7637ec06cbaf310a6749d031 Mon Sep 17 00:00:00 2001 From: pazpi Date: Tue, 27 Aug 2024 09:46:44 +0200 Subject: [PATCH] nix fmt with "nixfmt-rfc-style" --- hosts/arr/default.nix | 12 +- hosts/deadbeef/default.nix | 9 +- hosts/deadbeef/hardware-configuration.nix | 78 +++++---- lxc-nix/configuration-empty.nix | 7 +- lxc-nix/configuration.nix | 5 +- lxc-nix/services/networking.nix | 5 +- modules/audio.nix | 7 +- modules/btrfs-autoscrub.nix | 7 +- modules/commons.nix | 5 +- modules/desktop/gnome.nix | 63 +++---- modules/desktop/plymouth.nix | 11 +- modules/desktop/steam.nix | 7 +- modules/main-user.nix | 19 ++- modules/networking/avahi.nix | 7 +- modules/networking/tailscale.nix | 7 +- modules/services/download-pod-old.nix | 193 ++++++++++++---------- modules/services/download-pod.nix | 40 +++-- modules/services/nextcloud-podman.nix | 7 +- modules/services/rutorrent.nix | 72 ++++++-- modules/virtualisation/docker.nix | 7 +- modules/virtualisation/libvirtd.nix | 7 +- modules/virtualisation/lxc.nix | 7 +- modules/virtualisation/podman-pod.nix | 126 +++++++------- modules/virtualisation/podman.nix | 7 +- modules/virtualisation/proxmox.nix | 7 +- packages/rutorrent.nix | 5 +- 26 files changed, 460 insertions(+), 267 deletions(-) diff --git a/hosts/arr/default.nix b/hosts/arr/default.nix index 9e370a9..10f09af 100644 --- a/hosts/arr/default.nix +++ b/hosts/arr/default.nix @@ -23,12 +23,18 @@ in services.podmanPods = { mywebapp = { name = "mywebapp"; - ports = [ "9090:80" "9443:443" ]; + ports = [ + "9090:80" + "9443:443" + ]; containers = { webserver = { enable = true; image = "nginx"; - volumes = [ "aaa:/config" "bbb:/data" ]; + volumes = [ + "aaa:/config" + "bbb:/data" + ]; }; appserver = { image = "my-custom-app:latest"; @@ -50,8 +56,6 @@ in }; }; - - # Extra packages # environment.systemPackages = with pkgs; [ ]; diff --git a/hosts/deadbeef/default.nix b/hosts/deadbeef/default.nix index 54cd755..c340431 100644 --- a/hosts/deadbeef/default.nix +++ b/hosts/deadbeef/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, home-manager, ... }: +{ + config, + pkgs, + home-manager, + ... +}: { imports = [ ./hardware-configuration.nix @@ -43,8 +48,6 @@ # podman.enable = true; - download-pod.enable = true; - # Vedi https://github.com/TLATER/dotfiles/blob/f989a86890f27f6b089e9d74b7e8356ec8e5683d/home-config/hosts/yui.nix # home-manager.users.pazpi = import "${flake-inputs.self}/home-config/hosts/deadbeef.nix"; diff --git a/hosts/deadbeef/hardware-configuration.nix b/hosts/deadbeef/hardware-configuration.nix index e27b461..6ad2585 100644 --- a/hosts/deadbeef/hardware-configuration.nix +++ b/hosts/deadbeef/hardware-configuration.nix @@ -1,47 +1,65 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, modulesPath, ... }: +{ + config, + lib, + modulesPath, + ... +}: { - imports = - [ - (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.availableKernelModules = [ + "xhci_pci" + "ahci" + "nvme" + "usb_storage" + "usbhid" + "sd_mod" + "rtsx_pci_sdmmc" + ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { - device = "/dev/disk/by-label/NixOS"; - fsType = "btrfs"; - options = [ "subvol=root" "compress=zstd" "discard=async" ]; - }; + fileSystems."/" = { + device = "/dev/disk/by-label/NixOS"; + fsType = "btrfs"; + options = [ + "subvol=root" + "compress=zstd" + "discard=async" + ]; + }; - fileSystems."/home" = - { - device = "/dev/disk/by-label/NixOS"; - fsType = "btrfs"; - options = [ "subvol=home" "compress=zstd" "discard=async" ]; - }; + fileSystems."/home" = { + device = "/dev/disk/by-label/NixOS"; + fsType = "btrfs"; + options = [ + "subvol=home" + "compress=zstd" + "discard=async" + ]; + }; - fileSystems."/nix" = - { - device = "/dev/disk/by-label/NixOS"; - fsType = "btrfs"; - options = [ "subvol=nix" "noatime" "discard=async" ]; - }; + fileSystems."/nix" = { + device = "/dev/disk/by-label/NixOS"; + fsType = "btrfs"; + options = [ + "subvol=nix" + "noatime" + "discard=async" + ]; + }; - fileSystems."/boot" = - { - device = "/dev/disk/by-label/BOOT"; - fsType = "vfat"; - }; + fileSystems."/boot" = { + device = "/dev/disk/by-label/BOOT"; + fsType = "vfat"; + }; - swapDevices = [{ device = "/dev/disk/by-label/SWAP"; }]; + swapDevices = [ { device = "/dev/disk/by-label/SWAP"; } ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/lxc-nix/configuration-empty.nix b/lxc-nix/configuration-empty.nix index be178f4..0318c59 100644 --- a/lxc-nix/configuration-empty.nix +++ b/lxc-nix/configuration-empty.nix @@ -68,7 +68,7 @@ in hashedPassword = "$6$gir1YD6tNdC9xAj0$zLr1yt/ea9PvwygjHfQVnPmeCd1.2zrAKWiN80duidwOkZF6hwm06ta6J3O9uw6F3uUHC0N7iiKYhCgXXR.Q7/"; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef" -"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrVYJrU6Ys2o/QYfI6Es5yqVVyjUyDYj6Fglvz63ywP krzo@pazpi.top" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrVYJrU6Ys2o/QYfI6Es5yqVVyjUyDYj6Fglvz63ywP krzo@pazpi.top" ]; }; @@ -82,7 +82,10 @@ in "sys-fs-fuse-connections.mount" ]; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; system.stateVersion = "24.05"; } diff --git a/lxc-nix/configuration.nix b/lxc-nix/configuration.nix index ccd05eb..51e100b 100644 --- a/lxc-nix/configuration.nix +++ b/lxc-nix/configuration.nix @@ -125,7 +125,10 @@ in "sys-fs-fuse-connections.mount" ]; - nix.settings.experimental-features = [ "nix-command" "flakes" ]; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; system.stateVersion = "24.05"; } diff --git a/lxc-nix/services/networking.nix b/lxc-nix/services/networking.nix index c8707f3..9e966ee 100644 --- a/lxc-nix/services/networking.nix +++ b/lxc-nix/services/networking.nix @@ -21,7 +21,10 @@ # }; # Since we don't use DHCP, we need to set our own nameservers. - nameservers = [ "1.1.1.1" "1.0.0.1" ]; + nameservers = [ + "1.1.1.1" + "1.0.0.1" + ]; }; diff --git a/modules/audio.nix b/modules/audio.nix index dfd580c..0520083 100644 --- a/modules/audio.nix +++ b/modules/audio.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.audio; in diff --git a/modules/btrfs-autoscrub.nix b/modules/btrfs-autoscrub.nix index 0a54b1c..f861cf3 100644 --- a/modules/btrfs-autoscrub.nix +++ b/modules/btrfs-autoscrub.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.btrfsAutoscrub; in diff --git a/modules/commons.nix b/modules/commons.nix index 3fb1a75..cc8bed9 100644 --- a/modules/commons.nix +++ b/modules/commons.nix @@ -25,7 +25,10 @@ in nix = { - settings.experimental-features = [ "nix-command" "flakes" ]; + settings.experimental-features = [ + "nix-command" + "flakes" + ]; gc = { # Auto delete old generations diff --git a/modules/desktop/gnome.nix b/modules/desktop/gnome.nix index 8470719..ed2f222 100644 --- a/modules/desktop/gnome.nix +++ b/modules/desktop/gnome.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.gnome; in @@ -58,33 +63,35 @@ in ]; # Remove standard Gnome Packages - gnome.excludePackages = (with pkgs; [ - gedit # text editor - gnome-photos - gnome-tour - gnome-connections - gnome-photos - ]) ++ (with pkgs.gnome; [ - atomix # puzzle game - cheese # webcam tool - epiphany # web browser - evince # document viewer - geary # email reader - gnome-calendar - gnome-characters - gnome-clocks - gnome-contacts - gnome-font-viewer - gnome-maps - gnome-music - gnome-terminal - gnome-weather - hitori # sudoku game - iagno # go game - tali # poker game - totem # video player - yelp # help viewer - ]); + gnome.excludePackages = + (with pkgs; [ + gedit # text editor + gnome-photos + gnome-tour + gnome-connections + gnome-photos + ]) + ++ (with pkgs.gnome; [ + atomix # puzzle game + cheese # webcam tool + epiphany # web browser + evince # document viewer + geary # email reader + gnome-calendar + gnome-characters + gnome-clocks + gnome-contacts + gnome-font-viewer + gnome-maps + gnome-music + gnome-terminal + gnome-weather + hitori # sudoku game + iagno # go game + tali # poker game + totem # video player + yelp # help viewer + ]); }; diff --git a/modules/desktop/plymouth.nix b/modules/desktop/plymouth.nix index 983bb67..f310158 100644 --- a/modules/desktop/plymouth.nix +++ b/modules/desktop/plymouth.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.plymouth; in @@ -11,7 +16,9 @@ in boot.plymouth = { enable = true; theme = "colorful_loop"; - themePackages = [ (pkgs.adi1090x-plymouth-themes.override { selected_themes = [ "colorful_loop" ]; }) ]; + themePackages = [ + (pkgs.adi1090x-plymouth-themes.override { selected_themes = [ "colorful_loop" ]; }) + ]; }; }; diff --git a/modules/desktop/steam.nix b/modules/desktop/steam.nix index 9303853..9c964cb 100644 --- a/modules/desktop/steam.nix +++ b/modules/desktop/steam.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.steam; in diff --git a/modules/main-user.nix b/modules/main-user.nix index b3f78c5..c6132a2 100644 --- a/modules/main-user.nix +++ b/modules/main-user.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.mainUser; in @@ -37,14 +42,22 @@ in config = lib.mkIf cfg.enable { users.users.${cfg.userName} = { description = cfg.description; - extraGroups = [ "users" "wheel" ]; + extraGroups = [ + "users" + "wheel" + ]; initialHashedPassword = cfg.hashedPassword; isNormalUser = true; isSystemUser = false; shell = pkgs.zsh; uid = 1000; - packages = with pkgs; lib.mkIf cfg.flatpak [ flatpak gnome.gnome-software ]; + packages = + with pkgs; + lib.mkIf cfg.flatpak [ + flatpak + gnome.gnome-software + ]; }; console.keyMap = "it"; diff --git a/modules/networking/avahi.nix b/modules/networking/avahi.nix index 29e6d52..abb0be8 100644 --- a/modules/networking/avahi.nix +++ b/modules/networking/avahi.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.avahi; in diff --git a/modules/networking/tailscale.nix b/modules/networking/tailscale.nix index 58576ee..2cbcbb6 100644 --- a/modules/networking/tailscale.nix +++ b/modules/networking/tailscale.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.tailscale; in diff --git a/modules/services/download-pod-old.nix b/modules/services/download-pod-old.nix index aba2ccb..4275e09 100644 --- a/modules/services/download-pod-old.nix +++ b/modules/services/download-pod-old.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.download-pod-old; in @@ -37,103 +42,113 @@ in }; - config = lib.mkIf cfg.enable - { - podman.enable = true; + config = lib.mkIf cfg.enable { + podman.enable = true; - systemd.services.pod-download = { - description = "Start podman 'download' pod"; - wants = [ "network-online.target" ]; - after = [ "network-online.target" ]; - requiredBy = [ - "podman-jackett.service" - "podman-radarr.service" - "podman-sabnzbd.service" - "podman-sonarr.service" + systemd.services.pod-download = { + description = "Start podman 'download' pod"; + wants = [ "network-online.target" ]; + after = [ "network-online.target" ]; + requiredBy = [ + "podman-jackett.service" + "podman-radarr.service" + "podman-sabnzbd.service" + "podman-sonarr.service" + ]; + unitConfig = { + RequiresMountsFor = "/run/containers"; + }; + serviceConfig = { + Type = "oneshot"; + ExecStart = "-${pkgs.podman}/bin/podman pod create -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989 download"; + }; # -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989 + #--share cgroup,ipc,uts + path = [ pkgs.podman ]; + }; + + virtualisation.oci-containers.containers = { + jackett = { + image = "linuxserver/jackett"; + autoStart = true; + user = "1000:100"; + ports = [ "9117:9117" ]; + extraOptions = [ + "--init=true" + "--pod=download" + ]; + volumes = [ + "jackett_config:/config" + "${cfg.dataDir}:/data" ]; - unitConfig = { - RequiresMountsFor = "/run/containers"; - }; - serviceConfig = { - Type = "oneshot"; - ExecStart = "-${pkgs.podman}/bin/podman pod create -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989 download"; - }; # -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989 - #--share cgroup,ipc,uts - path = [ pkgs.podman ]; }; - virtualisation.oci-containers.containers = { - jackett = { - image = "linuxserver/jackett"; - autoStart = true; - user = "1000:100"; - ports = [ "9117:9117" ]; - extraOptions = [ - "--init=true" - "--pod=download" - ]; - volumes = [ "jackett_config:/config" "${cfg.dataDir}:/data" ]; - }; - - radarr = { - image = "linuxserver/radarr"; - autoStart = true; - user = "1000:100"; - ports = [ "7878:7878" ]; - extraOptions = [ - "--init=true" - "--pod=download" - ]; - volumes = [ "radarr_config:/config" "${cfg.dataDir}:/data" ]; - }; - - sabnzbd = { - image = "linuxserver/sabnzbd"; - autoStart = true; - user = "1000:100"; - ports = [ "8080:8080" ]; - extraOptions = [ - "--init=true" - "--pod=download" - ]; - volumes = [ "sabnzbd_config:/config" "${cfg.dataDir}:/data" ]; - }; - - sonarr = { - image = "linuxserver/sonarr"; - autoStart = true; - user = "1000:100"; - ports = [ "8989:8989" ]; - extraOptions = [ - "--init=true" - "--pod=download" - ]; - volumes = [ "sonarr_config:/config" "${cfg.dataDir}:/data" ]; - }; - + radarr = { + image = "linuxserver/radarr"; + autoStart = true; + user = "1000:100"; + ports = [ "7878:7878" ]; + extraOptions = [ + "--init=true" + "--pod=download" + ]; + volumes = [ + "radarr_config:/config" + "${cfg.dataDir}:/data" + ]; }; - services.caddy = lib.mkIf cfg.proxy.enable { - enable = true; - enableReload = false; - virtualHosts = { - "jackett.${cfg.proxy.hostName}".extraConfig = '' - reverse_proxy http://${cfg.proxy.serverName}:9117 - ''; - "radarr.${cfg.proxy.hostName}".extraConfig = '' - reverse_proxy http://${cfg.proxy.serverName}:7878 - ''; - "sabnzbd.${cfg.proxy.hostName}".extraConfig = '' - reverse_proxy http://${cfg.proxy.serverName}:8080 - ''; - "sonarr.${cfg.proxy.hostName}".extraConfig = '' - reverse_proxy http://${cfg.proxy.serverName}:8989 - ''; - }; - + sabnzbd = { + image = "linuxserver/sabnzbd"; + autoStart = true; + user = "1000:100"; + ports = [ "8080:8080" ]; + extraOptions = [ + "--init=true" + "--pod=download" + ]; + volumes = [ + "sabnzbd_config:/config" + "${cfg.dataDir}:/data" + ]; }; + sonarr = { + image = "linuxserver/sonarr"; + autoStart = true; + user = "1000:100"; + ports = [ "8989:8989" ]; + extraOptions = [ + "--init=true" + "--pod=download" + ]; + volumes = [ + "sonarr_config:/config" + "${cfg.dataDir}:/data" + ]; + }; }; + services.caddy = lib.mkIf cfg.proxy.enable { + enable = true; + enableReload = false; + virtualHosts = { + "jackett.${cfg.proxy.hostName}".extraConfig = '' + reverse_proxy http://${cfg.proxy.serverName}:9117 + ''; + "radarr.${cfg.proxy.hostName}".extraConfig = '' + reverse_proxy http://${cfg.proxy.serverName}:7878 + ''; + "sabnzbd.${cfg.proxy.hostName}".extraConfig = '' + reverse_proxy http://${cfg.proxy.serverName}:8080 + ''; + "sonarr.${cfg.proxy.hostName}".extraConfig = '' + reverse_proxy http://${cfg.proxy.serverName}:8989 + ''; + }; + + }; + + }; + } diff --git a/modules/services/download-pod.nix b/modules/services/download-pod.nix index 805825b..40be8b8 100644 --- a/modules/services/download-pod.nix +++ b/modules/services/download-pod.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let cfg = config.download-pod; in @@ -73,45 +78,47 @@ in jackett = { image = "linuxserver/jackett"; autoStart = true; - extraOptions = [ - "--pod=my-pod" + extraOptions = [ "--pod=my-pod" ]; + volumes = [ + "jackett_config:/config" + "jackett_data:/data" ]; - volumes = [ "jackett_config:/config" "jackett_data:/data" ]; }; radarr = { image = "linuxserver/radarr"; autoStart = true; - extraOptions = [ - "--pod=download" + extraOptions = [ "--pod=download" ]; + volumes = [ + "radarr_config:/config" + "radarr_data:/data" ]; - volumes = [ "radarr_config:/config" "radarr_data:/data" ]; }; sabnzbd = { image = "linuxserver/sabnzbd"; autoStart = true; - extraOptions = [ - "--pod=download" + extraOptions = [ "--pod=download" ]; + volumes = [ + "sabnzbd_config:/config" + "sabnzbd_data:/data" ]; - volumes = [ "sabnzbd_config:/config" "sabnzbd_data:/data" ]; }; sonarr = { image = "linuxserver/sonarr"; autoStart = true; - extraOptions = [ - "--pod=download" + extraOptions = [ "--pod=download" ]; + volumes = [ + "sonarr_config:/config" + "sonarr_data:/data" ]; - volumes = [ "sonarr_config:/config" "sonarr_data:/data" ]; }; prowlarr = { image = "linuxserver/prowlarr"; autoStart = true; - extraOptions = [ - "--pod=download" - ]; + extraOptions = [ "--pod=download" ]; volumes = [ "prowlarr_config:/config" ]; }; @@ -139,5 +146,4 @@ in }; - } diff --git a/modules/services/nextcloud-podman.nix b/modules/services/nextcloud-podman.nix index ab49d02..1ff4cec 100644 --- a/modules/services/nextcloud-podman.nix +++ b/modules/services/nextcloud-podman.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.nextcloud-pd; in diff --git a/modules/services/rutorrent.nix b/modules/services/rutorrent.nix index 93dea2f..bfe114f 100644 --- a/modules/services/rutorrent.nix +++ b/modules/services/rutorrent.nix @@ -1,22 +1,40 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; let cfg = config.services.rutorrent; - rutorrentPkgs = import ../packages/rutorrent.nix { inherit pkgs; inherit lib; }; + rutorrentPkgs = import ../packages/rutorrent.nix { + inherit pkgs; + inherit lib; + }; rtorrentPluginDependencies = with pkgs; { _task = [ procps ]; - unpack = [ unzip unrar ]; + unpack = [ + unzip + unrar + ]; rss = [ curl ]; mediainfo = [ mediainfo ]; spectrogram = [ sox ]; screenshots = [ ffmpeg ]; }; - python = with pkgs; (python312.withPackages (p: with p; [ cloudscraper cfscrape ])); + python = + with pkgs; + (python312.withPackages ( + p: with p; [ + cloudscraper + cfscrape + ] + )); phpPluginDependencies = with pkgs; { _cloudflare = [ python ]; @@ -77,7 +95,13 @@ in }; poolSettings = mkOption { - type = with types; attrsOf (oneOf [ str int bool ]); + type = + with types; + attrsOf (oneOf [ + str + int + bool + ]); default = { "pm" = "dynamic"; "pm.max_children" = 32; @@ -118,7 +142,10 @@ in { assertions = let - usedRpcPlugins = intersectLists cfg.plugins [ "httprpc" "rpc" ]; + usedRpcPlugins = intersectLists cfg.plugins [ + "httprpc" + "rpc" + ]; in [ { @@ -136,11 +163,17 @@ in nginxVhostCfg = config.services.nginx.virtualHosts."${cfg.hostName}"; in [ ] - ++ (optional (cfg.nginx.exposeInsecureRPC2mount && (nginxVhostCfg.basicAuth == { } || nginxVhostCfg.basicAuthFile == null)) '' - You are using exposeInsecureRPC2mount without using basic auth on the virtual host. The exposed rpc mount allow for remote command execution. + ++ (optional + ( + cfg.nginx.exposeInsecureRPC2mount + && (nginxVhostCfg.basicAuth == { } || nginxVhostCfg.basicAuthFile == null) + ) + '' + You are using exposeInsecureRPC2mount without using basic auth on the virtual host. The exposed rpc mount allow for remote command execution. - Please make sure it is not accessible from the outside. - ''); + Please make sure it is not accessible from the outside. + '' + ); systemd = { services = { @@ -229,8 +262,11 @@ in cp -r ${rutorrentPkgs}/php ${cfg.dataDir}/ - ${optionalString (cfg.plugins != []) - ''cp -r ${concatMapStringsSep " " (p: "${rutorrentPkgs}/plugins/${p}") cfg.plugins} ${cfg.dataDir}/plugins/''} + ${optionalString (cfg.plugins != [ ]) + ''cp -r ${ + concatMapStringsSep " " (p: "${rutorrentPkgs}/plugins/${p}") cfg.plugins + } ${cfg.dataDir}/plugins/'' + } chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}/{conf,share,logs,plugins} chmod -R 755 ${cfg.dataDir}/{conf,share,logs,plugins} @@ -263,7 +299,10 @@ in { networking.firewall = { - allowedTCPPorts = [ 80 443 ]; + allowedTCPPorts = [ + 80 + 443 + ]; }; services = { @@ -303,11 +342,12 @@ in pool = { user = cfg.user; group = config.services.rtorrent.group; - settings = mapAttrs (name: mkDefault) - { + settings = + mapAttrs (name: mkDefault) { "listen.owner" = config.services.nginx.user; "listen.group" = config.services.nginx.group; - } // cfg.poolSettings; + } + // cfg.poolSettings; }; in if (envPath == "") then pool else pool // { phpEnv.PATH = envPath; }; diff --git a/modules/virtualisation/docker.nix b/modules/virtualisation/docker.nix index 24b4f4d..a1b32d3 100644 --- a/modules/virtualisation/docker.nix +++ b/modules/virtualisation/docker.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.docker; in diff --git a/modules/virtualisation/libvirtd.nix b/modules/virtualisation/libvirtd.nix index a8a58c5..18ef569 100644 --- a/modules/virtualisation/libvirtd.nix +++ b/modules/virtualisation/libvirtd.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.libvirtd; in diff --git a/modules/virtualisation/lxc.nix b/modules/virtualisation/lxc.nix index 93a05e4..5b081c4 100644 --- a/modules/virtualisation/lxc.nix +++ b/modules/virtualisation/lxc.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.lxc; in diff --git a/modules/virtualisation/podman-pod.nix b/modules/virtualisation/podman-pod.nix index 2127cc6..7f90771 100644 --- a/modules/virtualisation/podman-pod.nix +++ b/modules/virtualisation/podman-pod.nix @@ -1,5 +1,10 @@ # Save this as podman-pod.nix -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: with lib; @@ -7,40 +12,44 @@ let cfg = config.services.podmanPods; # Get the options from the original oci-containers module - containerOptions = (filterAttrs (n: v: n != "definition") - config.virtualisation.oci-containers.containers.type.getSubOptions); + containerOptions = ( + filterAttrs ( + n: v: n != "definition" + ) config.virtualisation.oci-containers.containers.type.getSubOptions + ); # Add our enable option extendedContainerOptions = containerOptions // { enable = mkEnableOption "Enable this container"; }; - podOptions = { name, config, ... }: { - options = { + podOptions = + { name, config, ... }: + { + options = { + + name = mkOption { + type = types.str; + description = "Name of the pod"; + }; + + ports = mkOption { + type = types.listOf types.str; + default = [ ]; + description = "List of port mappings (e.g. ['8080:80'])"; + }; + + containers = mkOption { + type = types.attrsOf (types.submodule { options = extendedContainerOptions; }); + default = { }; + description = "Attribute set of OCI container configurations for this set"; + }; - name = mkOption { - type = types.str; - description = "Name of the pod"; }; - - ports = mkOption { - type = types.listOf types.str; - default = [ ]; - description = "List of port mappings (e.g. ['8080:80'])"; - }; - - containers = mkOption { - type = types.attrsOf (types.submodule { - options = extendedContainerOptions; - }); - default = { }; - description = "Attribute set of OCI container configurations for this set"; - }; - }; - }; - createPodScript = name: podDef: + createPodScript = + name: podDef: let podDefinitionString = builtins.toJSON { inherit (podDef) ports; }; in @@ -73,11 +82,11 @@ let fi ''; - enabledContainers = lib.flatten (mapAttrs - (podName: podConfig: - filterAttrs (name: value: value.enable or true) podConfig.containers - ) - cfg); + enabledContainers = lib.flatten ( + mapAttrs ( + podName: podConfig: filterAttrs (name: value: value.enable or true) podConfig.containers + ) cfg + ); in { @@ -126,37 +135,38 @@ in # ) # (filterAttrs (name: value: value.enable) cfg.containers); - networking.firewall.allowedTCPPorts = flatten (mapAttrsToList - (name: podDef: - map (portMapping: lib.toInt (lib.head (lib.splitString ":" portMapping))) podDef.ports - ) - cfg); + networking.firewall.allowedTCPPorts = flatten ( + mapAttrsToList ( + name: podDef: map (portMapping: lib.toInt (lib.head (lib.splitString ":" portMapping))) podDef.ports + ) cfg + ); systemd.services = let - podServices = mapAttrs' - (name: podDef: - nameValuePair "podman-pod-${name}" { - description = "Manage Podman pod: ${name}"; - serviceConfig = { - Type = "oneshot"; - ExecStart = "${createPodScript name podDef}"; - }; - path = [ pkgs.jq pkgs.podman ]; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - } - ) - cfg; - containerServices = mapAttrs' - (name: container: - nameValuePair "podman-${name}" { - after = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ]; - requires = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ]; - partOf = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ]; - } - ) - config.virtualisation.oci-containers.containers; + podServices = mapAttrs' ( + name: podDef: + nameValuePair "podman-pod-${name}" { + description = "Manage Podman pod: ${name}"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${createPodScript name podDef}"; + }; + path = [ + pkgs.jq + pkgs.podman + ]; + after = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + } + ) cfg; + containerServices = mapAttrs' ( + name: container: + nameValuePair "podman-${name}" { + after = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ]; + requires = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ]; + partOf = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ]; + } + ) config.virtualisation.oci-containers.containers; in podServices // containerServices; }; diff --git a/modules/virtualisation/podman.nix b/modules/virtualisation/podman.nix index ac466dc..662b3d6 100644 --- a/modules/virtualisation/podman.nix +++ b/modules/virtualisation/podman.nix @@ -1,4 +1,9 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: let cfg = config.podman; in diff --git a/modules/virtualisation/proxmox.nix b/modules/virtualisation/proxmox.nix index 6c197f3..a747b7a 100644 --- a/modules/virtualisation/proxmox.nix +++ b/modules/virtualisation/proxmox.nix @@ -1,4 +1,9 @@ -{ config, lib, pkgs, ... }: +{ + config, + lib, + pkgs, + ... +}: let cfg = config.proxmox; diff --git a/packages/rutorrent.nix b/packages/rutorrent.nix index 791c2f1..73fb4c2 100644 --- a/packages/rutorrent.nix +++ b/packages/rutorrent.nix @@ -1,4 +1,7 @@ -{ pkgs ? import { }, lib, }: +{ + pkgs ? import { }, + lib, +}: with pkgs;