faukah/nichts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

treewide: format using nixfmt

Browse source 
Signed-off-by: Bloxx12 <charlie@charlieroot.dev>
Change-Id: I6a6a69641c36f9763e104087a559c148d0449f00
This commit is contained in:
Bloxx12 2025-07-20 01:23:48 +02:00
commit e641dfa114
Signed by: faukah
SSH key fingerprint: SHA256:jpYIt4Vkz1NBTQcks/N9OPTfTFxE6KF2W/rV7hrfrIw
113 changed files with 1545 additions and 1019 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/services/acme.mod.nix
View file

@ -3,7 +3,8 @@
lib,
pkgs,
...
}: let
}:
let
mkAcmeCert = domain: {
# An acme system user is created. This user belongs to the acme group
# and the home directory is /var/lib/acme. This user will try to make the directory
@ -15,7 +16,8 @@
email = "charlie@charlieroot.dev";
group = "nginx";
};
in {
in
{
security.acme = {
acceptTerms = true;
defaults = {

98
modules/services/forgejo/forgejo.mod.nix
View file

@ -3,7 +3,8 @@
lib,
pkgs,
...
}: let
}:
let
inherit (pkgs) fetchurl;
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
@ -16,7 +17,8 @@
img = ./img;
dataDir = "/srv/data/forgejo";
dumpDir = "/srv/data/forgejo-dump";
in {
in
{
options.modules.system.services.forgejo.enable = mkEnableOption "forgejo";
config = mkIf cfg.enable {
@ -50,7 +52,7 @@ in {
group = "git";
isSystemUser = true;
};
users.groups.git = {};
users.groups.git = { };
services.forgejo = {
enable = true;
@ -113,53 +115,55 @@ in {
};
};
systemd.tmpfiles.rules = let
# no crawlers, thank you.
robots = pkgs.writeText "robots-txt" ''
User-agent: *
Disallow: /
'';
base-brand = fetchurl {
url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/codeberg/base-brand.css";
hash = "sha256-QJ775HpINf8klO3d/8h+tEw0vk34p19dWUCWWuVwcho=";
};
dark-variables = fetchurl {
url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/codeberg/dark-variables.css";
hash = "sha256-nCSJUOU9/R1fldoKXTTZmP7vmRjYUk/OKkbgrJ/NrXQ=";
};
theme-codeberg-dark = fetchurl {
url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/theme-codeberg-dark.css";
hash = "sha256-KyXznH49koRGlzIDDqagN4PvFGD/zCX//wrctmtfgBs=";
};
in [
"d '${customDir}/public' 0750 ${user} ${group} - -"
"d '${customDir}/public/assets' 0750 ${user} ${group} - -"
"d '${customDir}/public/assets/img' 0750 ${user} ${group} - -"
# Copeberg logo, thanks Raf <3
"L+ '${customDir}/public/assets/img/logo.svg' - - - - ${img}/logo.svg"
"L+ '${customDir}/public/assets/img/logo.png' - - - - ${img}/logo.png"
"L+ '${customDir}/public/assets/img/apple-touch-icon' - - - - ${img}/logo.png"
"L+ '${customDir}/public/assets/img/favicon.svg' - - - - ${img}/logo.svg"
"L+ '${customDir}/public/assets/img/favicon.png' - - - - ${img}/logo.png"
systemd.tmpfiles.rules =
let
# no crawlers, thank you.
robots = pkgs.writeText "robots-txt" ''
User-agent: *
Disallow: /
'';
base-brand = fetchurl {
url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/codeberg/base-brand.css";
hash = "sha256-QJ775HpINf8klO3d/8h+tEw0vk34p19dWUCWWuVwcho=";
};
dark-variables = fetchurl {
url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/codeberg/dark-variables.css";
hash = "sha256-nCSJUOU9/R1fldoKXTTZmP7vmRjYUk/OKkbgrJ/NrXQ=";
};
theme-codeberg-dark = fetchurl {
url = "https://codeberg.org/Codeberg-Infrastructure/forgejo/raw/branch/codeberg-10/web_src/css/themes/theme-codeberg-dark.css";
hash = "sha256-KyXznH49koRGlzIDDqagN4PvFGD/zCX//wrctmtfgBs=";
};
in
[
"d '${customDir}/public' 0750 ${user} ${group} - -"
"d '${customDir}/public/assets' 0750 ${user} ${group} - -"
"d '${customDir}/public/assets/img' 0750 ${user} ${group} - -"
# Copeberg logo, thanks Raf <3
"L+ '${customDir}/public/assets/img/logo.svg' - - - - ${img}/logo.svg"
"L+ '${customDir}/public/assets/img/logo.png' - - - - ${img}/logo.png"
"L+ '${customDir}/public/assets/img/apple-touch-icon' - - - - ${img}/logo.png"
"L+ '${customDir}/public/assets/img/favicon.svg' - - - - ${img}/logo.svg"
"L+ '${customDir}/public/assets/img/favicon.png' - - - - ${img}/logo.png"
# Theming shenanigans
"d '${customDir}/public/assets' 0750 ${user} ${group} - -"
"d '${customDir}/public/assets/css' 0750 ${user} ${group} - -"
"d '${customDir}/public/assets/css/codeberg' 0750 ${user} ${group} - -"
# Theming shenanigans
"d '${customDir}/public/assets' 0750 ${user} ${group} - -"
"d '${customDir}/public/assets/css' 0750 ${user} ${group} - -"
"d '${customDir}/public/assets/css/codeberg' 0750 ${user} ${group} - -"
"L+ '${customDir}/public/assets/css/theme-codeberg-dark.css' - - - - ${theme-codeberg-dark}"
"L+ '${customDir}/public/assets/css/codeberg/base-brand.css' - - - - ${base-brand}"
"L+ '${customDir}/public/assets/css/codeberg/dark-variables.css' - - - - ${dark-variables}"
"L+ '${customDir}/public/assets/css/theme-codeberg-dark.css' - - - - ${theme-codeberg-dark}"
"L+ '${customDir}/public/assets/css/codeberg/base-brand.css' - - - - ${base-brand}"
"L+ '${customDir}/public/assets/css/codeberg/dark-variables.css' - - - - ${dark-variables}"
# Templates
"d '${customDir}/templates' 0750 ${user} ${group} - -"
"d '${customDir}/templates/repo' 0750 ${user} ${group} - -"
# Home page
"L+ '${customDir}/templates/home.tmpl' - - - - ${./templates}/home.tmpl"
"L+ '${customDir}/templates/repo/header.tmpl' - - - - ${./templates/repo}/header.tmpl"
# Templates
"d '${customDir}/templates' 0750 ${user} ${group} - -"
"d '${customDir}/templates/repo' 0750 ${user} ${group} - -"
# Home page
"L+ '${customDir}/templates/home.tmpl' - - - - ${./templates}/home.tmpl"
"L+ '${customDir}/templates/repo/header.tmpl' - - - - ${./templates/repo}/header.tmpl"
# Fuck off scrapers
"L+ ${customDir}/public/robots.txt - - - - ${robots.outPath}"
];
# Fuck off scrapers
"L+ ${customDir}/public/robots.txt - - - - ${robots.outPath}"
];
};
}

8
modules/services/grafana/grafana.mod.nix
View file

@ -3,7 +3,8 @@
lib,
pkgs,
...
}: let
}:
let
inherit (builtins) fetchurl;
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
@ -11,11 +12,12 @@
cfg = config.modules.system.services.grafana;
domain = "info.copeberg.org";
port = 4021;
in {
in
{
options.modules.system.services.grafana.enable = mkEnableOption "Grafana, a graphing service";
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [config.services.grafana.settings.server.http_port];
networking.firewall.allowedTCPPorts = [ config.services.grafana.settings.server.http_port ];
modules.system.services.database.postgresql.enable = true;

50
modules/services/greetd.mod.nix
View file

@ -3,7 +3,8 @@
lib,
pkgs,
...
}: let
}:
let
inherit (lib.meta) getExe getExe';
inherit (lib.modules) mkIf;
inherit (lib.options) mkOption mkEnableOption;
@ -12,7 +13,8 @@
inherit (config.meta.mainUser) username;
cfg = config.modules.services.greetd;
uwsmEnabled = config.modules.services.uwsm.enable;
in {
in
{
options.modules.services.greetd = {
enable = mkEnableOption "greetd";
greeter = mkOption {
@ -27,33 +29,33 @@ in {
description = "Which login session to start";
type = str;
default =
if uwsmEnabled
then "${getExe config.programs.uwsm.package} start Hyprland"
else "Hyprland";
if uwsmEnabled then "${getExe config.programs.uwsm.package} start Hyprland" else "Hyprland";
};
};
config = mkIf cfg.enable {
services.greetd = let
session = {
# command = ''
# ${pkgs.greetd.tuigreet}/bin/tuigreet \
# -c \"${cfg.session}\" \
# -r
# -t --time-format "DD.MM.YYYY"
# --asteriks'';
services.greetd =
let
session = {
# command = ''
# ${pkgs.greetd.tuigreet}/bin/tuigreet \
# -c \"${cfg.session}\" \
# -r
# -t --time-format "DD.MM.YYYY"
# --asteriks'';
command = "${getExe config.programs.uwsm.package} start hyprland-uwsm.desktop";
user = username;
command = "${getExe config.programs.uwsm.package} start hyprland-uwsm.desktop";
user = username;
};
in
{
enable = true;
package = pkgs.greetd;
vt = 7;
settings = {
default_session = session;
initial_session = session;
};
};
in {
enable = true;
package = pkgs.greetd;
vt = 7;
settings = {
default_session = session;
initial_session = session;
};
};
};
}

6
modules/services/kanata/kanata.mod.nix
View file

@ -2,12 +2,14 @@
config,
lib,
...
}: let
}:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.modules.services.kanata;
in {
in
{
options.modules.services.kanata.enable = mkEnableOption "kanata";
config = mkIf cfg.enable {
services.kanata = {

8
modules/services/locate.mod.nix
View file

@ -3,14 +3,16 @@
lib,
pkgs,
...
}: let
}:
let
cfg = config.modules.services.locate;
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
in {
in
{
options.modules.services.locate.enable = mkEnableOption "Locate service";
config = mkIf cfg.enable {
environment.systemPackages = [pkgs.plocate];
environment.systemPackages = [ pkgs.plocate ];
services.locate = {
enable = true;
interval = "hourly";

12
modules/services/mako.mod.nix
View file

@ -1,8 +1,9 @@
{pkgs, ...}: let
{ pkgs, ... }:
let
mako-wrapped = pkgs.symlinkJoin {
name = "mako-wrapped";
paths = [pkgs.mako];
nativeBuildInputs = [pkgs.makeWrapper];
paths = [ pkgs.mako ];
nativeBuildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/mako --add-flags "\
--font 'Lexend 11' \
@ -12,6 +13,7 @@
--default-timeout 4000"
'';
};
in {
environment.systemPackages = [mako-wrapped];
in
{
environment.systemPackages = [ mako-wrapped ];
}

6
modules/services/monitoring/loki/loki.mod.nix
View file

@ -3,14 +3,16 @@
lib,
pkgs,
...
}: let
}:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.modules.system.services.loki;
port = 4026;
dataDir = "/srv/data/loki";
in {
in
{
options.modules.system.services.loki.enable = mkEnableOption "Grafana, a graphing service";
config = mkIf cfg.enable {

8
modules/services/mpd.mod.nix
View file

@ -3,13 +3,15 @@
lib,
pkgs,
...
}: let
}:
let
cfg = config.modules.services.media.mpd;
inherit (config.meta.mainUser) username;
inherit (lib.modules) mkIf;
inherit (lib.types) str;
inherit (lib.options) mkOption mkEnableOption;
in {
in
{
options.modules.services = {
media = {
mpd = {
@ -24,7 +26,7 @@ in {
};
config = mkIf cfg.enable {
# command line interface to mpd
environment.systemPackages = [pkgs.mpc];
environment.systemPackages = [ pkgs.mpc ];
systemd.services.mpd.environment = {
# https://gitlab.freedesktop.org/pipewire/pipewire/-/issues/609

6
modules/services/nginx.mod.nix
View file

@ -3,11 +3,13 @@
lib,
pkgs,
...
}: let
}:
let
inherit (lib.modules) mkIf mkDefault;
inherit (lib.options) mkEnableOption;
cfg = config.modules.system.services.nginx;
in {
in
{
options.modules.system.services.nginx.enable = mkEnableOption "nginx";
config = mkIf cfg.enable {
security = {

12
modules/services/owncloud.mod.nix
View file

@ -3,12 +3,14 @@
lib,
pkgs,
...
}: let
}:
let
inherit (lib.meta) getExe';
inherit (lib.modules) mkIf;
cfg = config.modules.system.services.owncloud;
in {
in
{
options.modules.system.services.owncloud.enable = lib.mkEnableOption "owncloud";
config = {
@ -16,11 +18,11 @@ in {
description = "Owncloud client service";
# makes the graphical session start this service when it starts
wantedBy = ["graphical-session.target"];
wantedBy = [ "graphical-session.target" ];
# when graphical session restarts or gets stopped, this also gets restarted/stopped.
partOf = ["graphical-session.target"];
partOf = [ "graphical-session.target" ];
# gets started only after graphical session
after = ["graphical-session.target"];
after = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = "${getExe' pkgs.owncloud-client "owncloud"}";

6
modules/services/pipewire.mod.nix
View file

@ -2,10 +2,12 @@
config,
lib,
...
}: let
}:
let
cfg = config.modules.system.sound;
inherit (lib.modules) mkIf;
in {
in
{
config = mkIf cfg.enable {
services.pulseaudio.enable = false;
services.pipewire = {

6
modules/services/postgresql.mod.nix
View file

@ -3,12 +3,14 @@
lib,
pkgs,
...
}: let
}:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.modules.system.services.database.postgresql;
in {
in
{
options.modules.system.services.database.postgresql.enable = mkEnableOption "postgresql";
config = mkIf cfg.enable {

6
modules/services/printing.mod.nix
View file

@ -2,9 +2,11 @@
lib,
pkgs,
...
}: let
}:
let
inherit (lib.options) mkEnableOption;
in {
in
{
options.modules.services.cups.enable = mkEnableOption "CUPS, the Common UNIX printing system";
config = {

25
modules/services/prometheus/prometheus.mod.nix
View file

@ -3,13 +3,15 @@
lib,
pkgs,
...
}: let
}:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.modules.system.services.prometheus;
port = 4022;
in {
in
{
options.modules.system.services.prometheus.enable = mkEnableOption "Grafana, a graphing service";
config = mkIf cfg.enable {
@ -22,7 +24,10 @@ in {
node = {
enable = true;
port = 4023;
enabledCollectors = ["systemd" "processes"];
enabledCollectors = [
"systemd"
"processes"
];
};
postgres = {
@ -39,22 +44,28 @@ in {
{
job_name = "prometheus";
scrape_interval = "30s";
static_configs = [{targets = ["localhost:${toString port}"];}];
static_configs = [ { targets = [ "localhost:${toString port}" ]; } ];
}
{
job_name = "node";
scrape_interval = "30s";
static_configs = [{targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];}];
static_configs = [
{ targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }
];
}
{
job_name = "postgres";
scrape_interval = "30s";
static_configs = [{targets = ["localhost:${toString config.services.prometheus.exporters.postgres.port}"];}];
static_configs = [
{ targets = [ "localhost:${toString config.services.prometheus.exporters.postgres.port}" ]; }
];
}
{
job_name = "nginx";
scrape_interval = "30s";
static_configs = [{targets = ["localhost:${toString config.services.prometheus.exporters.nginx.port}"];}];
static_configs = [
{ targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ]; }
];
}
];
};

8
modules/services/spotifyd.mod.nix
View file

@ -2,15 +2,17 @@
config,
lib,
...
}: let
}:
let
inherit (lib.modules) mkIf;
inherit (config.modules.system) isGraphical;
in {
in
{
# TODO: setup
services.spotifyd = mkIf isGraphical {
enable = true;
settings = {
backend = "pipe";
# backend = "pipe";
};
};
}

8
modules/services/ssh.mod.nix
View file

@ -1,11 +1,13 @@
{lib, ...}: let
{ lib, ... }:
let
inherit (lib.options) mkEnableOption;
in {
in
{
options.modules.programs.ssh.enable = mkEnableOption "ssh";
config = {
services.openssh = {
enable = true;
ports = [22];
ports = [ 22 ];
settings = {
PasswordAuthentication = false;
PermitRootLogin = "no";

16
modules/services/stalwart.mod.nix
View file

@ -3,14 +3,16 @@
lib,
pkgs,
...
}: let
}:
let
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
domain = "charlieroot.dev";
cfg = config.modules.system.services.stalwart;
in {
in
{
options.modules.system.services.stalwart.enable = mkEnableOption "stalwart";
config = mkIf cfg.enable {
# create the stallwart user
@ -20,7 +22,7 @@ in {
group = "stalwart";
isSystemUser = true;
};
users.groups.stalwart = {};
users.groups.stalwart = { };
services.stalwart-mail = {
enable = true;
@ -55,7 +57,7 @@ in {
# This is the standard port for SMTP, and is used by mail servers to send email to each other.
smtp = {
protocol = "smtp";
bind = ["[::]:25"];
bind = [ "[::]:25" ];
tls.implicit = true;
};
# SMTP submissions with implicit TLS are received on port 465 by default.
@ -63,17 +65,17 @@ in {
# and is used by mail clients to send email to mail servers.
submissions = {
bind = ["[::]:465"];
bind = [ "[::]:465" ];
protocol = "smtp";
tls.implicit = true;
};
imaps = {
bind = ["[::]:993"];
bind = [ "[::]:993" ];
protocol = "imap";
tls.implicit = true;
};
management = {
bind = ["127.0.0.1:8080"];
bind = [ "127.0.0.1:8080" ];
protocol = "http";
tls.implicit = true;
};

13
modules/services/usbguard.mod.nix
View file

@ -3,18 +3,23 @@
lib,
pkgs,
...
}: let
}:
let
inherit (config.meta.mainUser) username;
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
cfg = config.modules.services.usbguard;
in {
in
{
options.modules.services.usbguard.enable = mkEnableOption "usbguard";
config = mkIf cfg.enable {
environment.systemPackages = [pkgs.usbguard];
environment.systemPackages = [ pkgs.usbguard ];
services.usbguard = {
enable = true;
IPCAllowedUsers = ["root" "${username}"];
IPCAllowedUsers = [
"root"
"${username}"
];
presentDevicePolicy = "allow";
rules = ''
allow with-interface equals { 08:*:* }

6
modules/services/uwsm.mod.nix
View file

@ -3,11 +3,13 @@
lib,
pkgs,
...
}: let
}:
let
cfg = config.modules.services.uwsm;
inherit (lib.modules) mkIf;
inherit (lib.options) mkEnableOption;
in {
in
{
options.modules.services.uwsm.enable = mkEnableOption "uwsm";
config = mkIf cfg.enable {
programs.uwsm = {

16
modules/services/wayneko.mod.nix
View file

@ -2,7 +2,8 @@
lib,
pkgs,
...
}: let
}:
let
inherit (lib.meta) getExe;
custom-wayneko = pkgs.wayneko.overrideAttrs {
@ -16,16 +17,17 @@
hash = "";
};
in {
in
{
systemd.user.services.wayneko = {
description = "Wayneko, as a systemd service";
# makes the graphical session start this service when it starts
wantedBy = ["graphical-session.target"];
wantedBy = [ "graphical-session.target" ];
# when graphical session restarts or gets stopped, this also gets restarted/stopped.
partOf = ["graphical-session.target"];
partOf = [ "graphical-session.target" ];
# gets started only after graphical session
after = ["graphical-session.target"];
after = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = ''
@ -39,7 +41,7 @@ in {
RestartSec = 1;
TimeoutStopSec = 10;
CapabilityBoundingSet = [""];
CapabilityBoundingSet = [ "" ];
DevicePolicy = "closed";
LockPersonality = true;
MemoryDenyWriteExecute = true;
@ -65,7 +67,7 @@ in {
RestrictRealTime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = ["native"];
SystemCallArchitectures = [ "native" ];
SystemCallFilter = "~@clock @cpu-emulation @debug @obsolete @module @mount @raw-io @reboot @swap @privileged";
};