pazpi/nix
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

nix fmt with "nixfmt-rfc-style"

Browse source
This commit is contained in:
pazpi 2024-08-27 09:46:44 +02:00
parent 4a39b2cbfd
commit eb9f742b1e
26 changed files with 460 additions and 267 deletions
Download patch file Download diff file Expand all files Collapse all files

7
modules/audio.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.audio;
in

7
modules/btrfs-autoscrub.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.btrfsAutoscrub;
in

5
modules/commons.nix
View file

@ -25,7 +25,10 @@ in
nix = {
settings.experimental-features = [ "nix-command" "flakes" ];
settings.experimental-features = [
"nix-command"
"flakes"
];
gc = {
# Auto delete old generations

63
modules/desktop/gnome.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.gnome;
in
@ -58,33 +63,35 @@ in
];
# Remove standard Gnome Packages
gnome.excludePackages = (with pkgs; [
gedit # text editor
gnome-photos
gnome-tour
gnome-connections
gnome-photos
]) ++ (with pkgs.gnome; [
atomix # puzzle game
cheese # webcam tool
epiphany # web browser
evince # document viewer
geary # email reader
gnome-calendar
gnome-characters
gnome-clocks
gnome-contacts
gnome-font-viewer
gnome-maps
gnome-music
gnome-terminal
gnome-weather
hitori # sudoku game
iagno # go game
tali # poker game
totem # video player
yelp # help viewer
]);
gnome.excludePackages =
(with pkgs; [
gedit # text editor
gnome-photos
gnome-tour
gnome-connections
gnome-photos
])
++ (with pkgs.gnome; [
atomix # puzzle game
cheese # webcam tool
epiphany # web browser
evince # document viewer
geary # email reader
gnome-calendar
gnome-characters
gnome-clocks
gnome-contacts
gnome-font-viewer
gnome-maps
gnome-music
gnome-terminal
gnome-weather
hitori # sudoku game
iagno # go game
tali # poker game
totem # video player
yelp # help viewer
]);
};

11
modules/desktop/plymouth.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.plymouth;
in
@ -11,7 +16,9 @@ in
boot.plymouth = {
enable = true;
theme = "colorful_loop";
themePackages = [ (pkgs.adi1090x-plymouth-themes.override { selected_themes = [ "colorful_loop" ]; }) ];
themePackages = [
(pkgs.adi1090x-plymouth-themes.override { selected_themes = [ "colorful_loop" ]; })
];
};
};

7
modules/desktop/steam.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.steam;
in

19
modules/main-user.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.mainUser;
in
@ -37,14 +42,22 @@ in
config = lib.mkIf cfg.enable {
users.users.${cfg.userName} = {
description = cfg.description;
extraGroups = [ "users" "wheel" ];
extraGroups = [
"users"
"wheel"
];
initialHashedPassword = cfg.hashedPassword;
isNormalUser = true;
isSystemUser = false;
shell = pkgs.zsh;
uid = 1000;
packages = with pkgs; lib.mkIf cfg.flatpak [ flatpak gnome.gnome-software ];
packages =
with pkgs;
lib.mkIf cfg.flatpak [
flatpak
gnome.gnome-software
];
};
console.keyMap = "it";

7
modules/networking/avahi.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.avahi;
in

7
modules/networking/tailscale.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.tailscale;
in

193
modules/services/download-pod-old.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.download-pod-old;
in
@ -37,103 +42,113 @@ in
};
config = lib.mkIf cfg.enable
{
podman.enable = true;
config = lib.mkIf cfg.enable {
podman.enable = true;
systemd.services.pod-download = {
description = "Start podman 'download' pod";
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
requiredBy = [
"podman-jackett.service"
"podman-radarr.service"
"podman-sabnzbd.service"
"podman-sonarr.service"
systemd.services.pod-download = {
description = "Start podman 'download' pod";
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
requiredBy = [
"podman-jackett.service"
"podman-radarr.service"
"podman-sabnzbd.service"
"podman-sonarr.service"
];
unitConfig = {
RequiresMountsFor = "/run/containers";
};
serviceConfig = {
Type = "oneshot";
ExecStart = "-${pkgs.podman}/bin/podman pod create -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989 download";
}; # -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989
#--share cgroup,ipc,uts
path = [ pkgs.podman ];
};
virtualisation.oci-containers.containers = {
jackett = {
image = "linuxserver/jackett";
autoStart = true;
user = "1000:100";
ports = [ "9117:9117" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [
"jackett_config:/config"
"${cfg.dataDir}:/data"
];
unitConfig = {
RequiresMountsFor = "/run/containers";
};
serviceConfig = {
Type = "oneshot";
ExecStart = "-${pkgs.podman}/bin/podman pod create -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989 download";
}; # -p 9117:9117 -p 7878:7878 -p 8080:8080 -p 8989:8989
#--share cgroup,ipc,uts
path = [ pkgs.podman ];
};
virtualisation.oci-containers.containers = {
jackett = {
image = "linuxserver/jackett";
autoStart = true;
user = "1000:100";
ports = [ "9117:9117" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [ "jackett_config:/config" "${cfg.dataDir}:/data" ];
};
radarr = {
image = "linuxserver/radarr";
autoStart = true;
user = "1000:100";
ports = [ "7878:7878" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [ "radarr_config:/config" "${cfg.dataDir}:/data" ];
};
sabnzbd = {
image = "linuxserver/sabnzbd";
autoStart = true;
user = "1000:100";
ports = [ "8080:8080" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [ "sabnzbd_config:/config" "${cfg.dataDir}:/data" ];
};
sonarr = {
image = "linuxserver/sonarr";
autoStart = true;
user = "1000:100";
ports = [ "8989:8989" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [ "sonarr_config:/config" "${cfg.dataDir}:/data" ];
};
radarr = {
image = "linuxserver/radarr";
autoStart = true;
user = "1000:100";
ports = [ "7878:7878" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [
"radarr_config:/config"
"${cfg.dataDir}:/data"
];
};
services.caddy = lib.mkIf cfg.proxy.enable {
enable = true;
enableReload = false;
virtualHosts = {
"jackett.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:9117
'';
"radarr.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:7878
'';
"sabnzbd.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:8080
'';
"sonarr.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:8989
'';
};
sabnzbd = {
image = "linuxserver/sabnzbd";
autoStart = true;
user = "1000:100";
ports = [ "8080:8080" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [
"sabnzbd_config:/config"
"${cfg.dataDir}:/data"
];
};
sonarr = {
image = "linuxserver/sonarr";
autoStart = true;
user = "1000:100";
ports = [ "8989:8989" ];
extraOptions = [
"--init=true"
"--pod=download"
];
volumes = [
"sonarr_config:/config"
"${cfg.dataDir}:/data"
];
};
};
services.caddy = lib.mkIf cfg.proxy.enable {
enable = true;
enableReload = false;
virtualHosts = {
"jackett.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:9117
'';
"radarr.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:7878
'';
"sabnzbd.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:8080
'';
"sonarr.${cfg.proxy.hostName}".extraConfig = ''
reverse_proxy http://${cfg.proxy.serverName}:8989
'';
};
};
};
}

40
modules/services/download-pod.nix
View file

@ -1,4 +1,9 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.download-pod;
in
@ -73,45 +78,47 @@ in
jackett = {
image = "linuxserver/jackett";
autoStart = true;
extraOptions = [
"--pod=my-pod"
extraOptions = [ "--pod=my-pod" ];
volumes = [
"jackett_config:/config"
"jackett_data:/data"
];
volumes = [ "jackett_config:/config" "jackett_data:/data" ];
};
radarr = {
image = "linuxserver/radarr";
autoStart = true;
extraOptions = [
"--pod=download"
extraOptions = [ "--pod=download" ];
volumes = [
"radarr_config:/config"
"radarr_data:/data"
];
volumes = [ "radarr_config:/config" "radarr_data:/data" ];
};
sabnzbd = {
image = "linuxserver/sabnzbd";
autoStart = true;
extraOptions = [
"--pod=download"
extraOptions = [ "--pod=download" ];
volumes = [
"sabnzbd_config:/config"
"sabnzbd_data:/data"
];
volumes = [ "sabnzbd_config:/config" "sabnzbd_data:/data" ];
};
sonarr = {
image = "linuxserver/sonarr";
autoStart = true;
extraOptions = [
"--pod=download"
extraOptions = [ "--pod=download" ];
volumes = [
"sonarr_config:/config"
"sonarr_data:/data"
];
volumes = [ "sonarr_config:/config" "sonarr_data:/data" ];
};
prowlarr = {
image = "linuxserver/prowlarr";
autoStart = true;
extraOptions = [
"--pod=download"
];
extraOptions = [ "--pod=download" ];
volumes = [ "prowlarr_config:/config" ];
};
@ -139,5 +146,4 @@ in
};
}

7
modules/services/nextcloud-podman.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.nextcloud-pd;
in

72
modules/services/rutorrent.nix
View file

@ -1,22 +1,40 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
let
cfg = config.services.rutorrent;
rutorrentPkgs = import ../packages/rutorrent.nix { inherit pkgs; inherit lib; };
rutorrentPkgs = import ../packages/rutorrent.nix {
inherit pkgs;
inherit lib;
};
rtorrentPluginDependencies = with pkgs; {
_task = [ procps ];
unpack = [ unzip unrar ];
unpack = [
unzip
unrar
];
rss = [ curl ];
mediainfo = [ mediainfo ];
spectrogram = [ sox ];
screenshots = [ ffmpeg ];
};
python = with pkgs; (python312.withPackages (p: with p; [ cloudscraper cfscrape ]));
python =
with pkgs;
(python312.withPackages (
p: with p; [
cloudscraper
cfscrape
]
));
phpPluginDependencies = with pkgs; {
_cloudflare = [ python ];
@ -77,7 +95,13 @@ in
};
poolSettings = mkOption {
type = with types; attrsOf (oneOf [ str int bool ]);
type =
with types;
attrsOf (oneOf [
str
int
bool
]);
default = {
"pm" = "dynamic";
"pm.max_children" = 32;
@ -118,7 +142,10 @@ in
{
assertions =
let
usedRpcPlugins = intersectLists cfg.plugins [ "httprpc" "rpc" ];
usedRpcPlugins = intersectLists cfg.plugins [
"httprpc"
"rpc"
];
in
[
{
@ -136,11 +163,17 @@ in
nginxVhostCfg = config.services.nginx.virtualHosts."${cfg.hostName}";
in
[ ]
++ (optional (cfg.nginx.exposeInsecureRPC2mount && (nginxVhostCfg.basicAuth == { } || nginxVhostCfg.basicAuthFile == null)) ''
You are using exposeInsecureRPC2mount without using basic auth on the virtual host. The exposed rpc mount allow for remote command execution.
++ (optional
(
cfg.nginx.exposeInsecureRPC2mount
&& (nginxVhostCfg.basicAuth == { } || nginxVhostCfg.basicAuthFile == null)
)
''
You are using exposeInsecureRPC2mount without using basic auth on the virtual host. The exposed rpc mount allow for remote command execution.
Please make sure it is not accessible from the outside.
'');
Please make sure it is not accessible from the outside.
''
);
systemd = {
services = {
@ -229,8 +262,11 @@ in
cp -r ${rutorrentPkgs}/php ${cfg.dataDir}/
${optionalString (cfg.plugins != [])
''cp -r ${concatMapStringsSep " " (p: "${rutorrentPkgs}/plugins/${p}") cfg.plugins} ${cfg.dataDir}/plugins/''}
${optionalString (cfg.plugins != [ ])
''cp -r ${
concatMapStringsSep " " (p: "${rutorrentPkgs}/plugins/${p}") cfg.plugins
} ${cfg.dataDir}/plugins/''
}
chown -R ${cfg.user}:${cfg.group} ${cfg.dataDir}/{conf,share,logs,plugins}
chmod -R 755 ${cfg.dataDir}/{conf,share,logs,plugins}
@ -263,7 +299,10 @@ in
{
networking.firewall = {
allowedTCPPorts = [ 80 443 ];
allowedTCPPorts = [
80
443
];
};
services = {
@ -303,11 +342,12 @@ in
pool = {
user = cfg.user;
group = config.services.rtorrent.group;
settings = mapAttrs (name: mkDefault)
{
settings =
mapAttrs (name: mkDefault) {
"listen.owner" = config.services.nginx.user;
"listen.group" = config.services.nginx.group;
} // cfg.poolSettings;
}
// cfg.poolSettings;
};
in
if (envPath == "") then pool else pool // { phpEnv.PATH = envPath; };

7
modules/virtualisation/docker.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.docker;
in

7
modules/virtualisation/libvirtd.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.libvirtd;
in

7
modules/virtualisation/lxc.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.lxc;
in

126
modules/virtualisation/podman-pod.nix
View file

@ -1,5 +1,10 @@
# Save this as podman-pod.nix
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
with lib;
@ -7,40 +12,44 @@ let
cfg = config.services.podmanPods;
# Get the options from the original oci-containers module
containerOptions = (filterAttrs (n: v: n != "definition")
config.virtualisation.oci-containers.containers.type.getSubOptions);
containerOptions = (
filterAttrs (
n: v: n != "definition"
) config.virtualisation.oci-containers.containers.type.getSubOptions
);
# Add our enable option
extendedContainerOptions = containerOptions // {
enable = mkEnableOption "Enable this container";
};
podOptions = { name, config, ... }: {
options = {
podOptions =
{ name, config, ... }:
{
options = {
name = mkOption {
type = types.str;
description = "Name of the pod";
};
ports = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of port mappings (e.g. ['8080:80'])";
};
containers = mkOption {
type = types.attrsOf (types.submodule { options = extendedContainerOptions; });
default = { };
description = "Attribute set of OCI container configurations for this set";
};
name = mkOption {
type = types.str;
description = "Name of the pod";
};
ports = mkOption {
type = types.listOf types.str;
default = [ ];
description = "List of port mappings (e.g. ['8080:80'])";
};
containers = mkOption {
type = types.attrsOf (types.submodule {
options = extendedContainerOptions;
});
default = { };
description = "Attribute set of OCI container configurations for this set";
};
};
};
createPodScript = name: podDef:
createPodScript =
name: podDef:
let
podDefinitionString = builtins.toJSON { inherit (podDef) ports; };
in
@ -73,11 +82,11 @@ let
fi
'';
enabledContainers = lib.flatten (mapAttrs
(podName: podConfig:
filterAttrs (name: value: value.enable or true) podConfig.containers
)
cfg);
enabledContainers = lib.flatten (
mapAttrs (
podName: podConfig: filterAttrs (name: value: value.enable or true) podConfig.containers
) cfg
);
in
{
@ -126,37 +135,38 @@ in
# )
# (filterAttrs (name: value: value.enable) cfg.containers);
networking.firewall.allowedTCPPorts = flatten (mapAttrsToList
(name: podDef:
map (portMapping: lib.toInt (lib.head (lib.splitString ":" portMapping))) podDef.ports
)
cfg);
networking.firewall.allowedTCPPorts = flatten (
mapAttrsToList (
name: podDef: map (portMapping: lib.toInt (lib.head (lib.splitString ":" portMapping))) podDef.ports
) cfg
);
systemd.services =
let
podServices = mapAttrs'
(name: podDef:
nameValuePair "podman-pod-${name}" {
description = "Manage Podman pod: ${name}";
serviceConfig = {
Type = "oneshot";
ExecStart = "${createPodScript name podDef}";
};
path = [ pkgs.jq pkgs.podman ];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
}
)
cfg;
containerServices = mapAttrs'
(name: container:
nameValuePair "podman-${name}" {
after = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ];
requires = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ];
partOf = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ];
}
)
config.virtualisation.oci-containers.containers;
podServices = mapAttrs' (
name: podDef:
nameValuePair "podman-pod-${name}" {
description = "Manage Podman pod: ${name}";
serviceConfig = {
Type = "oneshot";
ExecStart = "${createPodScript name podDef}";
};
path = [
pkgs.jq
pkgs.podman
];
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
}
) cfg;
containerServices = mapAttrs' (
name: container:
nameValuePair "podman-${name}" {
after = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ];
requires = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ];
partOf = [ "podman-pod-${lib.head (lib.splitString "-" name)}.service" ];
}
) config.virtualisation.oci-containers.containers;
in
podServices // containerServices;
};

7
modules/virtualisation/podman.nix
View file

@ -1,4 +1,9 @@
{ lib, config, pkgs, ... }:
{
lib,
config,
pkgs,
...
}:
let
cfg = config.podman;
in

7
modules/virtualisation/proxmox.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.proxmox;