alejandro-angulo/dotfiles
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Cleanup

Browse source 
Addressed some things nixd complained about
This commit is contained in:
alejandro-angulo 2024-08-03 10:32:02 -07:00
parent 7d8c009c64
commit b9b996bd66
Signed by: alejandro-angulo
GPG key ID: 75579581C74554B6
25 changed files with 145 additions and 187 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
modules/nixos/apps/yubikey/default.nix
View file

@ -1,14 +1,14 @@
{
options,
config,
pkgs,
lib,
...
}:
with lib; let
}: let
inherit (lib) mkEnableOption mkIf;
cfg = config.aa.apps.yubikey;
in {
options.aa.apps.yubikey = with types; {
options.aa.apps.yubikey = {
enable = mkEnableOption "yubikey";
};
@ -25,7 +25,6 @@ in {
security.pam.yubico = {
enable = true;
#debug = true;
mode = "challenge-response";
# Uncomment below for 2FA
#control = "required";

9
modules/nixos/archetypes/workstation/default.nix
View file

@ -1,14 +1,13 @@
{
options,
config,
pkgs,
lib,
...
}:
with lib; let
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.aa.archetypes.workstation;
in {
options.aa.archetypes.workstation = with types; {
options.aa.archetypes.workstation = {
enable = mkEnableOption "workstation archetype";
};

8
modules/nixos/hardware/audio/default.nix
View file

@ -1,14 +1,14 @@
{
options,
config,
lib,
pkgs,
...
}:
with lib; let
}: let
inherit (lib) mkEnableOption mkIf;
cfg = config.aa.hardware.audio;
in {
options.aa.hardware.audio = with types; {
options.aa.hardware.audio = {
enable = mkEnableOption "audio";
};

10
modules/nixos/hardware/bluetooth/default.nix
View file

@ -1,14 +1,13 @@
{
options,
config,
lib,
pkgs,
...
}:
with lib; let
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.aa.hardware.bluetooth;
in {
options.aa.hardware.bluetooth = with types; {
options.aa.hardware.bluetooth = {
enable = mkEnableOption "bluetooth";
};
@ -17,4 +16,3 @@ in {
services.blueman.enable = true;
};
}

9
modules/nixos/hardware/tlp/default.nix
View file

@ -1,14 +1,13 @@
{
options,
config,
pkgs,
lib,
...
}:
with lib; let
}: let
inherit (lib) mkEnableOption mkIf;
cfg = config.aa.hardware.tlp;
in {
options.aa.hardware.tlp = with types; {
options.aa.hardware.tlp = {
enable = mkEnableOption "tlp";
};

21
modules/nixos/nix/default.nix
View file

@ -1,18 +1,18 @@
{
options,
config,
pkgs,
lib,
...
}:
with lib; let
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.aa.nix;
selfHostedCacheHost = "https://cache.kilonull.com/";
in {
options.aa.nix = with types; {
options.aa.nix = {
enable = mkEnableOption "manage nix configuration.";
package = mkOption {
type = package;
type = types.package;
default = pkgs.nixVersions.git;
description = "Which nix package to use.";
};
@ -46,9 +46,8 @@ in {
]
else [];
trusted-public-keys =
if cfg.useSelfhostedCache
then ["gospelCache:9cbn8Wm54BbwpPS0TXw+15wrYZBpfOJt4Fzfbfcq/pc="]
else [];
mkIf cfg.useSelfhostedCache
["gospelCache:9cbn8Wm54BbwpPS0TXw+15wrYZBpfOJt4Fzfbfcq/pc="];
};
# TODO: Configure distributedBuilds and buildMachines?
@ -58,12 +57,6 @@ in {
dates = "weekly";
options = "--delete-older-than 30d";
};
# TODO: Not sure if I want this
# flake-utils-plus
# generateRegistryFromInputs = true;
# generateNixPathFromInputs = true;
# linkInputs = true;
};
};
}

19
modules/nixos/security/acme/default.nix
View file

@ -1,18 +1,17 @@
{
options,
config,
lib,
pkgs,
format,
namespace,
...
}:
with lib; let
}: let
inherit (lib) mkOption mkEnableOption mkIf types;
cfg = config.aa.security.acme;
in {
options.aa.security.acme = with types; {
options.aa.security.acme = {
enable = mkEnableOption "Automatic Certificate Management Environment (ACME)";
useStaging = mkOption {
type = bool;
type = types.bool;
description = ''
Use the staging environment (use when configuring for the first time to
avoid being locked out).
@ -20,16 +19,16 @@ in {
default = false;
};
domainName = mkOption {
type = str;
type = types.str;
description = "The domain to request a wildcard cert for.";
};
isWildcard = mkOption {
type = bool;
type = types.bool;
default = true;
description = "Whether or not to request a wildcard cert.";
};
dnsCredentialsFile = mkOption {
type = path;
type = types.path;
description = "The path to the credentials file for the DNS provider.";
};
};

15
modules/nixos/services/adguardhome/default.nix
View file

@ -1,18 +1,17 @@
{
options,
config,
lib,
pkgs,
format,
namespace,
...
}:
with lib; let
cfg = config.aa.services.adguardhome;
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.adguardhome;
in {
options.aa.services.adguardhome = with types; {
options.${namespace}.services.adguardhome = {
enable = mkEnableOption "adguardhome";
acmeCertName = mkOption {
type = str;
type = types.str;
default = "";
description = ''
If set to a non-empty string, forces SSL with the supplied acme

15
modules/nixos/services/gitea/default.nix
View file

@ -1,19 +1,18 @@
{
options,
config,
lib,
pkgs,
format,
namespace,
...
}:
with lib; let
cfg = config.aa.services.gitea;
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.gitea;
gitea_cfg = config.services.gitea;
in {
options.aa.services.gitea = with types; {
options.${namespace}.services.gitea = {
enable = mkEnableOption "gitea";
acmeCertName = mkOption {
type = str;
type = types.str;
default = "";
description = ''
If set to a non-empty string, forces SSL with the supplied acme

18
modules/nixos/services/grafana/default.nix
View file

@ -1,18 +1,20 @@
{
options,
config,
lib,
pkgs,
namespace,
...
}:
with lib; let
cfg = config.aa.services.grafana;
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.grafana;
server_settings = config.services.grafana.settings.server;
grafana_dashboards = pkgs.${namespace}.teslamate-grafana-dashboards;
in {
options.aa.services.grafana = with types; {
options.${namespace}.services.grafana = {
enable = mkEnableOption "grafana";
acmeCertName = mkOption {
type = str;
type = types.str;
default = "";
description = ''
If set to a non-empty string, forces SSL with the supplied acme
@ -84,7 +86,7 @@ in {
disableDeletion = false;
editable = true;
updateIntervalSeconds = 86400;
options.path = "${pkgs.aa.teslamate-grafana-dashboards}/dashboards";
options.path = "${grafana_dashboards}/dashboards";
}
{
name = "teslamate_internal";
@ -95,7 +97,7 @@ in {
disableDeletion = false;
editable = true;
updateIntervalSeconds = 86400;
options.path = "${pkgs.aa.teslamate-grafana-dashboards}/dashboards/internal";
options.path = "${grafana_dashboards}/dashboards/internal";
}
];
};

14
modules/nixos/services/homeassistant/default.nix
View file

@ -1,19 +1,19 @@
{
options,
config,
lib,
pkgs,
format,
namespace,
...
}:
with lib; let
cfg = config.aa.services.homeassistant;
}: let
inherit (lib) mkIf mkEnableOption mkOption types;
cfg = config.${namespace}.services.homeassistant;
hass_cfg = config.services.home-assistant;
in {
options.aa.services.homeassistant = with types; {
options.${namespace}.services.homeassistant = {
enable = mkEnableOption "home assistant";
acmeCertName = mkOption {
type = str;
type = types.str;
default = "";
description = ''
If set to a non-empty string, forces SSL with the supplied acme

5
modules/nixos/services/hydra/default.nix
View file

@ -1,11 +1,12 @@
{
config,
lib,
namespace,
...
}: let
cfg = config.aa.services.hydra;
cfg = config.${namespace}.services.hydra;
in {
options.aa.services.hydra = with lib; {
options.${namespace}.services.hydra = with lib; {
enable = mkEnableOption "hydra";
hostname = mkOption {
type = types.str;

10
modules/nixos/services/loki/default.nix
View file

@ -1,17 +1,17 @@
{
config,
lib,
namespace,
...
}:
with lib; let
cfg = config.aa.services.loki;
}: let
cfg = config.${namespace}.services.loki;
loki = config.services.loki;
in {
options.aa.services.loki = with types; {
options.${namespace}.services.loki = with lib; {
enable = mkEnableOption "loki";
};
config = mkIf cfg.enable {
config = lib.mkIf cfg.enable {
services.loki = {
enable = true;
configuration = {

15
modules/nixos/services/minio/default.nix
View file

@ -1,18 +1,15 @@
{
options,
config,
lib,
pkgs,
namespace,
...
}:
with lib; let
cfg = config.aa.services.minio;
minio_cfg = config.services.minio;
}: let
cfg = config.${namespace}.services.minio;
in {
options.aa.services.minio = with types; {
options.${namespace}.services.minio = with lib; {
enable = mkEnableOption "minio";
acmeCertName = mkOption {
type = str;
type = types.str;
default = "";
description = ''
If set to a non-empty string, forces SSL with the supplied acme
@ -21,7 +18,7 @@ in {
};
};
config = mkIf cfg.enable {
config = lib.mkIf cfg.enable {
services.minio = {
enable = true;
};

11
modules/nixos/services/mosquitto/default.nix
View file

@ -1,19 +1,14 @@
{
options,
config,
lib,
pkgs,
format,
...
}:
with lib; let
}: let
cfg = config.aa.services.mosquitto;
mosquitto_cfg = config.services.mosquitto;
in {
options.aa.services.mosquitto = with types; {
options.aa.services.mosquitto = with lib; {
enable = mkEnableOption "home assistant";
};
config = mkIf cfg.enable {
config = lib.mkIf cfg.enable {
age.secrets = {
hass_mqtt.file = ../../../../secrets/hass_mqtt.age;
theengs_ble_mqtt.file = ../../../../secrets/theengs_ble_mqtt.age;

11
modules/nixos/services/nextcloud/default.nix
View file

@ -3,14 +3,13 @@
lib,
pkgs,
...
}:
with lib; let
}: let
cfg = config.aa.services.nextcloud;
in {
options.aa.services.nextcloud = with types; {
options.aa.services.nextcloud = with lib; {
enable = mkEnableOption "nextcloud";
acmeCertName = mkOption {
type = str;
type = types.str;
default = "";
description = ''
If set to a non-empty string, forces SSL with the supplied acme
@ -19,7 +18,7 @@ in {
};
};
config = mkIf cfg.enable {
config = lib.mkIf cfg.enable {
age.secrets.nextcloud_admin = {
file = ../../../../secrets/nextcloud_admin.age;
owner = "nextcloud";
@ -53,7 +52,7 @@ in {
};
# nextcloud module configures nginx, just need to specify SSL stuffs here
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = mkIf (cfg.acmeCertName != "") {
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = lib.mkIf (cfg.acmeCertName != "") {
forceSSL = true;
useACMEHost = cfg.acmeCertName;
};

15
modules/nixos/services/nix-serve/default.nix
View file

@ -1,26 +1,23 @@
{
options,
config,
lib,
pkgs,
format,
...
}:
with lib; let
}: let
cfg = config.aa.services.nix-serve;
in {
options.aa.services.nix-serve = with types; {
options.aa.services.nix-serve = with lib; {
enable = mkEnableOption "nix-serve";
domain_name = mkOption {
type = str;
type = types.str;
description = "The domain to use.";
};
subdomain_name = mkOption {
type = str;
type = types.str;
description = "The subdomain to use.";
};
acmeCertName = mkOption {
type = str;
type = types.str;
default = "";
description = ''
If set to a non-empty string, forces SSL with the supplied acme
@ -29,7 +26,7 @@ in {
};
};
config = mkIf cfg.enable {
config = lib.mkIf cfg.enable {
nix.settings = {
allowed-users = ["nix-serve"];
trusted-users = ["nix-serve"];

11
modules/nixos/services/octoprint/default.nix
View file

@ -1,17 +1,14 @@
{
options,
config,
lib,
pkgs,
...
}:
with lib; let
}: let
cfg = config.aa.services.octoprint;
in {
options.aa.services.octoprint = with types; {
options.aa.services.octoprint = with lib; {
enable = mkEnableOption "octoprint";
acmeCertName = mkOption {
type = str;
type = types.str;
default = "";
description = ''
If set to a non-empty string, foces SSL with the supplied acme
@ -20,7 +17,7 @@ in {
};
};
config = mkIf cfg.enable {
config = lib.mkIf cfg.enable {
services.octoprint.enable = true;
services.nginx = {

15
modules/nixos/services/openssh/default.nix
View file

@ -1,23 +1,18 @@
{
options,
config,
lib,
pkgs,
format,
...
}:
with lib; let
}: let
inherit (lib) mkIf mkEnableOption mkOption mkDefault types;
cfg = config.aa.services.openssh;
user = config.users.users.${config.aa.user.name};
user-id = builtins.toString user.uid;
default-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmPdQcM0KCQ3YunF1gwN+B+i1Q8KrIfiUvNtgFQjTy2";
in {
options.aa.services.openssh = with types; {
options.aa.services.openssh = {
enable = mkEnableOption "ssh";
authorizedKeys = mkOption {
type = listOf str;
type = types.listOf types.str;
default = [default-key];
description = "The public keys to authorize";
};

9
modules/nixos/services/printing/default.nix
View file

@ -1,18 +1,15 @@
{
options,
config,
lib,
pkgs,
...
}:
with lib; let
}: let
cfg = config.aa.apps.steam;
in {
options.aa.services.printing = with types; {
options.aa.services.printing = with lib; {
enable = mkEnableOption "printing";
};
config = mkIf cfg.enable {
config = lib.mkIf cfg.enable {
# Setup printing over the network
services.printing.enable = true;
services.avahi = {

13
modules/nixos/services/prometheus/default.nix
View file

@ -1,23 +1,22 @@
{
options,
config,
lib,
pkgs,
...
}:
with lib; let
}: let
inherit (lib) mkIf;
cfg = config.aa.services.prometheus;
exporters = config.services.prometheus.exporters;
in {
options.aa.services.prometheus = with types; {
options.aa.services.prometheus = with lib; {
enable = mkEnableOption "prometheus";
enableServer = mkOption {
type = bool;
type = types.bool;
default = false;
description = "Whether or not to enable the prometheus server";
};
enableNodeExporter = mkOption {
type = bool;
type = types.bool;
default = true;
description = "Whether or not to enable the node exporter";
};

10
modules/nixos/services/promtail/default.nix
View file

@ -1,19 +1,15 @@
{
options,
config,
lib,
pkgs,
...
}:
with lib; let
}: let
cfg = config.aa.services.promtail;
loki = config.services.loki;
in {
options.aa.services.promtail = with types; {
options.aa.services.promtail = with lib; {
enable = mkEnableOption "promtail";
};
config = mkIf cfg.enable {
config = lib.mkIf cfg.enable {
services.promtail = {
enable = true;
configuration = {

17
modules/nixos/services/syncoid/default.nix
View file

@ -4,29 +4,30 @@
pkgs,
lib,
...
}:
with lib; let
}: let
inherit (lib) mkIf;
cfg = config.aa.services.syncoid;
in {
options.aa.services.syncoid = with types; {
options.aa.services.syncoid = with lib; {
enable = mkEnableOption "syncoid (ZFS snap replication)";
commands = mkOption {
type = attrs;
type = types.attrs;
default = {};
description = "Commands to pass directly to syncoid, see `services.syncoid.commands`";
};
remoteTargetUser = mkOption {
type = str;
type = types.str;
default = "";
description = "The user to use on the target machine.";
};
remoteTargetDatasets = mkOption {
type = listOf str;
type = types.listOf types.str;
default = [];
description = "Datasets to be used as a remote target (e.g. a NAS's backups dataset)";
};
remoteTargetPublicKeys = mkOption {
type = listOf str;
type = types.listOf types.str;
default = [];
description = "SSH public keys that the syncoid service's user should trust";
};
@ -45,7 +46,7 @@ in {
++ [
"destroy"
];
commands = mkAliasDefinitions options.aa.services.syncoid.commands;
commands = lib.mkAliasDefinitions options.aa.services.syncoid.commands;
};
environment.systemPackages = mkIf (cfg.remoteTargetUser != "") (with pkgs; [

12
modules/nixos/services/tailscale/default.nix
View file

@ -1,17 +1,17 @@
{
options,
config,
pkgs,
lib,
...
}:
with lib; let
}: let
inherit (lib) mkIf;
cfg = config.aa.services.tailscale;
in {
options.aa.services.tailscale = with types; {
options.aa.services.tailscale = with lib; {
enable = mkEnableOption "tailscale";
configureClientRouting = mkOption {
type = bool;
type = types.bool;
default = false;
description = mdDoc ''
Configures tailscale as a client.
@ -20,7 +20,7 @@ in {
'';
};
configureServerRouting = mkOption {
type = bool;
type = types.bool;
default = false;
description = mdDoc ''
Configures tailscale as a server.

31
modules/nixos/services/teslamate/default.nix
View file

@ -1,18 +1,15 @@
{
options,
config,
lib,
pkgs,
...
}:
with lib; let
}: let
cfg = config.aa.services.teslamate;
in {
options.aa.services.teslamate = with types; {
options.aa.services.teslamate = with lib; {
enable = mkEnableOption "teslamate";
acmeCertName = mkOption {
type = str;
type = types.str;
default = "";
description = ''
If set to a non-empty string, forces SSL with the supplied acme
@ -21,7 +18,7 @@ in {
};
user = mkOption {
type = str;
type = types.str;
default = "teslamate";
description = ''
The user that should run teslamate
@ -29,7 +26,7 @@ in {
};
group = mkOption {
type = str;
type = types.str;
default = "teslamate";
description = ''
The group that should be assigned to the user running teslamate
@ -38,7 +35,7 @@ in {
database = {
host = mkOption {
type = str;
type = types.str;
default = "127.0.0.1";
description = ''
Database host address
@ -46,7 +43,7 @@ in {
};
name = mkOption {
type = str;
type = types.str;
default = "teslamate";
description = ''
The database name
@ -54,7 +51,7 @@ in {
};
user = mkOption {
type = str;
type = types.str;
default = "teslamate";
description = ''
The user that should have access to the database
@ -62,15 +59,15 @@ in {
};
passwordFile = mkOption {
type = path;
description = lib.mdDoc ''
type = types.path;
description = mdDoc ''
A file containing the password corresponding to
{option}`database.user`
'';
};
createDatabase = mkOption {
type = bool;
type = types.bool;
default = false;
description = ''
Whether to create a local database automatically.
@ -79,7 +76,7 @@ in {
};
};
config = mkIf cfg.enable {
config = lib.mkIf cfg.enable {
age.secrets = {
teslamate_encryption.file = ../../../../secrets/teslamate_encryption.age;
teslamate_mqtt.file = ../../../../secrets/teslamate_mqtt.age;
@ -131,8 +128,8 @@ in {
};
users.groups.${cfg.group} = {};
services.postgresql = optionalAttrs cfg.database.createDatabase {
enable = mkDefault true;
services.postgresql = lib.optionalAttrs cfg.database.createDatabase {
enable = lib.mkDefault true;
ensureDatabases = [cfg.database.name];
ensureUsers = [