add alejandra formatter

2024-08-24 01:52:56 -06:00 · 2024-08-24 01:52:56 -06:00 · 806b00f634
commit 806b00f634
parent 9b3cc59d74
17 changed files with 173 additions and 132 deletions
--- a/sys/srv/bepasty.nix
+++ b/sys/srv/bepasty.nix
@ -1,8 +1,10 @@
-{ lib, pkgs, ... }:
-with lib;
 {
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
  services = {
-
    nginx = {
      virtualHosts."send.posixlycorrect.com" = {
        enableACME = true;
@ -10,11 +12,10 @@ with lib;
        extraConfig = ''
          proxy_headers_hash_max_size 512;
          proxy_headers_hash_bucket_size 128;
-          	    '';
+        '';
        locations."/" = {
          proxyPass = "http://127.0.0.1:8989";
        };
-
      };
    };

--- a/sys/srv/default.nix
+++ b/sys/srv/default.nix
@ -1,6 +1,11 @@
-{ config, pkgs, lib, flakes, ... }:
-with lib;
 {
+  config,
+  pkgs,
+  lib,
+  flakes,
+  ...
+}:
+with lib; {
  imports = [
    ./net.nix
    ./mediawiki.nix
--- a/sys/srv/forgejo.nix
+++ b/sys/srv/forgejo.nix
@ -1,6 +1,9 @@
-{ config, lib, ... }:
-with lib;
 {
+  config,
+  lib,
+  ...
+}:
+with lib; {
  config = {
    environment.etc."fail2ban/filter.d/gitea.local".text = ''
      [Definition]
@ -16,7 +19,7 @@ with lib;
          extraConfig = ''
            proxy_headers_hash_max_size 512;
            proxy_headers_hash_bucket_size 128;
-            	    '';
+          '';
          locations."/".proxyPass = "http://localhost:9170";
        };
      };
--- a/sys/srv/jellyfin.nix
+++ b/sys/srv/jellyfin.nix
@ -1,9 +1,10 @@
-{ lib, pkgs, ... }:
-with lib;
 {
-
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
  services = {
-
    nginx = {
      virtualHosts."stream.posixlycorrect.com" = {
        enableACME = true;
@ -11,7 +12,7 @@ with lib;
        extraConfig = ''
          proxy_headers_hash_max_size 512;
          proxy_headers_hash_bucket_size 128;
-          	    '';
+        '';
        locations."/" = {
          proxyPass = "http://localhost:8096";
        };
--- a/sys/srv/jitsi.nix
+++ b/sys/srv/jitsi.nix
@ -1,9 +1,10 @@
-{ lib, pkgs, ... }:
-with lib;
 {
-
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
  services = {
-
    nginx = {
      virtualHosts."meet.posixlycorrect.com" = {
        enableACME = true;
@ -11,7 +12,7 @@ with lib;
        extraConfig = ''
          proxy_headers_hash_max_size 512;
          proxy_headers_hash_bucket_size 128;
-        
+
            ssl_verify_depth 1;
            ssl_verify_client on;
            ssl_client_certificate ${../../pki/gatekeeper_ca.pem};
@ -22,7 +23,6 @@ with lib;
      };
    };

-
    jitsi-meet = {
      enable = true;
      hostName = "meet.posixlycorrect.com";
--- a/sys/srv/kuma.nix
+++ b/sys/srv/kuma.nix
@ -1,6 +1,9 @@
-{ lib, pkgs, ... }:
-with lib;
 {
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
  services = {
    nginx = {
      virtualHosts."status.posixlycorrect.com" = {
@ -9,7 +12,7 @@ with lib;
        extraConfig = ''
          proxy_headers_hash_max_size 512;
          proxy_headers_hash_bucket_size 128;
-          	    '';
+        '';
        locations."/" = {
          proxyPass = "http://127.0.0.1:4456";
        };
--- a/sys/srv/matrix.nix
+++ b/sys/srv/matrix.nix
@ -1,10 +1,14 @@
-{ lib, pkgs, config, flakes, ... }:
-with lib;
-let
+{
+  lib,
+  pkgs,
+  config,
+  flakes,
+  ...
+}:
+with lib; let
  subdomain = "matrix.posixlycorrect.com";
  baseUrl = "https://${subdomain}";
-in
-{
+in {
  # ver https://nixos.org/manual/nixos/stable/#module-services-matrix
  services = {
    matrix-conduit = {
@ -23,37 +27,32 @@ in
      };
    };

-    nginx.virtualHosts =
-      let
-        clientConfig."m.homeserver".base_url = baseUrl;
-        serverConfig."m.server" = "${subdomain}:443";
-        mkWellKnown = data: ''
-          default_type application/json;
-          add_header Access-Control-Allow-Origin *;
-          return 200 '${builtins.toJSON data}';
-        '';
-      in
-      {
-        "posixlycorrect.com" = {
-          locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
-          locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
-        };
-        "${subdomain}" = {
-          enableACME = true;
-          forceSSL = true;
-          extraConfig = ''
-            proxy_headers_hash_max_size 512;
-            proxy_headers_hash_bucket_size 128;
-            	    '';
-          locations."/".extraConfig = ''
-            return 403;
-          '';
-          locations."/_matrix".proxyPass = "http://[::1]:6167";
-          locations."/_synapse/client".proxyPass = "http://[::1]:6167";
-
-        };
+    nginx.virtualHosts = let
+      clientConfig."m.homeserver".base_url = baseUrl;
+      serverConfig."m.server" = "${subdomain}:443";
+      mkWellKnown = data: ''
+        default_type application/json;
+        add_header Access-Control-Allow-Origin *;
+        return 200 '${builtins.toJSON data}';
+      '';
+    in {
+      "posixlycorrect.com" = {
+        locations."= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
+        locations."= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
      };
-
-
+      "${subdomain}" = {
+        enableACME = true;
+        forceSSL = true;
+        extraConfig = ''
+          proxy_headers_hash_max_size 512;
+          proxy_headers_hash_bucket_size 128;
+        '';
+        locations."/".extraConfig = ''
+          return 403;
+        '';
+        locations."/_matrix".proxyPass = "http://[::1]:6167";
+        locations."/_synapse/client".proxyPass = "http://[::1]:6167";
+      };
+    };
  };
 }
--- a/sys/srv/mediawiki.nix
+++ b/sys/srv/mediawiki.nix
@ -1,6 +1,10 @@
-{ lib, pkgs, flakes, ... }:
-with lib;
 {
+  lib,
+  pkgs,
+  flakes,
+  ...
+}:
+with lib; {
  services = {
    nginx = {
      virtualHosts."wiki.posixlycorrect.com" = {
@ -9,7 +13,7 @@ with lib;
        extraConfig = ''
          proxy_headers_hash_max_size 512;
          proxy_headers_hash_bucket_size 128;
-          	    '';
+        '';
      };
    };
    mediawiki = {
--- a/sys/srv/msmtp.nix
+++ b/sys/srv/msmtp.nix
@ -1,9 +1,12 @@
-{ lib, pkgs, ... }:
-with lib;
 {
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
  users.groups = {
    mailsenders = {
-      members = [ "fabian" "mediawiki" ];
+      members = ["fabian" "mediawiki"];
    };
  };

--- a/sys/srv/net.nix
+++ b/sys/srv/net.nix
@ -1,11 +1,14 @@
-{ lib, pkgs, ... }:
-with lib;
 {
+  lib,
+  pkgs,
+  ...
+}:
+with lib; {
  networking = {
    nftables.enable = true;
    firewall = {
      enable = true;
-      allowedTCPPorts = [ 80 443 ];
+      allowedTCPPorts = [80 443];
    };
    domain = "posixlycorrect.com";
  };
@ -36,7 +39,7 @@ with lib;
    fail2ban = {
      enable = true;
      bantime = "10m";
-      ignoreIP = [ "37.205.12.34" ]; # Never ban the server's own IP
+      ignoreIP = ["37.205.12.34"]; # Never ban the server's own IP
      bantime-increment = {
        enable = true;
        formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
--- a/sys/srv/vaultwarden.nix
+++ b/sys/srv/vaultwarden.nix
@ -1,6 +1,9 @@
-{ config, lib, ... }:
-with lib;
 {
+  config,
+  lib,
+  ...
+}:
+with lib; {
  services = {
    nginx = {
      virtualHosts."vault.posixlycorrect.com" = {
@ -9,7 +12,7 @@ with lib;
        extraConfig = ''
          proxy_headers_hash_max_size 512;
          proxy_headers_hash_bucket_size 128;
-          	    '';
+        '';
        locations."/".proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
      };
    };
@ -17,11 +20,13 @@ with lib;
    #fail2ban.jails.gitea.settings = { };

    postgresql = {
-      ensureDatabases = [ "vaultwarden" ];
-      ensureUsers = [{
-        name = "vaultwarden";
-        ensureDBOwnership = true;
-      }];
+      ensureDatabases = ["vaultwarden"];
+      ensureUsers = [
+        {
+          name = "vaultwarden";
+          ensureDBOwnership = true;
+        }
+      ];
    };

    vaultwarden = {