chore: nix fmt

2025-01-13 11:52:09 +08:00 · 2025-01-13 11:52:09 +08:00 · 7266fff06e
commit 7266fff06e
parent a80bd4ed3b
128 changed files with 3402 additions and 2013 deletions
--- a/spec/eientei/acme.nix
+++ b/spec/eientei/acme.nix
@ -1,11 +1,15 @@
 {
-  security.acme.certs = let
-    cloudflare = {
-      dnsProvider = "cloudflare";
-      credentialsFile = "/nix/persist/secret/cloudflare";
+  security.acme.certs =
+    let
+      cloudflare = {
+        dnsProvider = "cloudflare";
+        credentialsFile = "/nix/persist/secret/cloudflare";
+      };
+    in
+    {
+      "514fpv.io" = cloudflare;
+      ".514fpv.io" = cloudflare // {
+        domain = "*.514fpv.io";
+      };
    };
-  in {
-    "514fpv.io" = cloudflare;
-    ".514fpv.io" = cloudflare // { domain = "*.514fpv.io"; };
-  };
 }
--- a/spec/eientei/coturn.nix
+++ b/spec/eientei/coturn.nix
@ -1,7 +1,11 @@
-{ config
-, ... }: let
+{
+  config,
+  ...
+}:
+let
  host = "514fpv.io";
-in {
+in
+{
  services.coturn = rec {
    enable = true;
    no-cli = true;
@ -43,17 +47,27 @@ in {
    '';
  };

-  networking.firewall = let
-    range = with config.services.coturn; [ {
-      from = min-port;
-      to = max-port;
-    } ];
-  in {
+  networking.firewall =
+    let
+      range = with config.services.coturn; [
+        {
+          from = min-port;
+          to = max-port;
+        }
+      ];
+    in
+    {
      allowedUDPPortRanges = range;
-      allowedUDPPorts = [ 3478 5349 ];
+      allowedUDPPorts = [
+        3478
+        5349
+      ];
      allowedTCPPortRanges = range;
-      allowedTCPPorts = [ 3478 5349 ];
-  };
+      allowedTCPPorts = [
+        3478
+        5349
+      ];
+    };

  global.fs.zfs.mountpoints."/nix/persist/service/coturn" = "service/coturn";
 }
--- a/spec/eientei/default.nix
+++ b/spec/eientei/default.nix
@ -1,6 +1,9 @@
-{ lib
-, pkgs
-, ... }: {
+{
+  lib,
+  pkgs,
+  ...
+}:
+{
  global = {
    id = "ff96c05be13e44f681292205370eed1a";
    auth.openssh.enable = true;
@ -37,7 +40,15 @@
  ];

  hardware.enableRedistributableFirmware = true;
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "mpt3sas" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "ahci"
+    "mpt3sas"
+    "nvme"
+    "usbhid"
+    "usb_storage"
+    "sd_mod"
+  ];
  boot.initrd.kernelModules = [ "i915" ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];
--- a/spec/eientei/forgejo.nix
+++ b/spec/eientei/forgejo.nix
@ -1,8 +1,12 @@
-{ pkgs
-, config
-, ...}: let
+{
+  pkgs,
+  config,
+  ...
+}:
+let
  host = "src.514fpv.io";
-in {
+in
+{
  services.forgejo = {
    enable = true;
    lfs.enable = true;
--- a/spec/eientei/frigate.nix
+++ b/spec/eientei/frigate.nix
@ -1,6 +1,9 @@
-{ pkgs
-, config
-, ...}: {
+{
+  pkgs,
+  config,
+  ...
+}:
+{
  # container image used for edgetpu support
  virtualisation.oci-containers.containers.frigate = {
    extraOptions = [
@ -23,7 +26,11 @@
    ];
  };

-  networking.firewall.interfaces.ss0.allowedTCPPorts = [ 5000 8554 8555 ];
+  networking.firewall.interfaces.ss0.allowedTCPPorts = [
+    5000
+    8554
+    8555
+  ];
  networking.firewall.interfaces.ss0.allowedUDPPorts = [ 8555 ];

  global.fs.zfs.mountpoints."/nix/persist/service/frigate" = "service/frigate";
--- a/spec/eientei/hass.nix
+++ b/spec/eientei/hass.nix
@ -1,6 +1,9 @@
-{ pkgs
-, config
-, ...}: {
+{
+  pkgs,
+  config,
+  ...
+}:
+{
  services.home-assistant = {
    enable = true;
    config = null;
@ -14,9 +17,12 @@
      "synology_dsm"
    ];

-    extraPackages = python3Packages: with python3Packages; [
-      aiogithubapi gtts radios
-    ];
+    extraPackages =
+      python3Packages: with python3Packages; [
+        aiogithubapi
+        gtts
+        radios
+      ];
  };

  services.nginx.virtualHosts."home.514fpv.io" = {
--- a/spec/eientei/jellyfin.nix
+++ b/spec/eientei/jellyfin.nix
@ -1,13 +1,20 @@
-{ pkgs
-, config
-, ...}: {
+{
+  pkgs,
+  config,
+  ...
+}:
+{
  services.jellyfin = {
    enable = true;
    openFirewall = true;
    dataDir = "/nix/persist/service/jellyfin";
  };

-  environment.systemPackages = with pkgs; [ jellyfin jellyfin-web jellyfin-ffmpeg ];
+  environment.systemPackages = with pkgs; [
+    jellyfin
+    jellyfin-web
+    jellyfin-ffmpeg
+  ];

  users.users.jellyfin.uid = 282;
  users.groups.jellyfin.gid = 282;
--- a/spec/eientei/matrix.nix
+++ b/spec/eientei/matrix.nix
@ -1,7 +1,11 @@
-{ config
-, ... }: let
+{
+  config,
+  ...
+}:
+let
  host = "514fpv.io";
-in {
+in
+{
  services.matrix-synapse = {
    enable = true;
    withJemalloc = true;
@ -12,29 +16,43 @@ in {
      server_name = host;
      public_baseurl = "https://${host}:8448/";

-      listeners = [ {
-        bind_addresses = [ "127.0.0.1" ];
-        port = 8008;
-        tls = false;
-        type = "http";
-        x_forwarded = true;
-        resources = [
-          { compress = true; names = [ "client" ]; }
-          { compress = false; names = [ "federation" ]; }
-        ];
-      } ];
+      listeners = [
+        {
+          bind_addresses = [ "127.0.0.1" ];
+          port = 8008;
+          tls = false;
+          type = "http";
+          x_forwarded = true;
+          resources = [
+            {
+              compress = true;
+              names = [ "client" ];
+            }
+            {
+              compress = false;
+              names = [ "federation" ];
+            }
+          ];
+        }
+      ];

-       # turn server configuration
-       turn_uris = [
-         "turn:${config.services.coturn.realm}:3478?transport=udp"
-         "turn:${config.services.coturn.realm}:3478?transport=tcp"
-       ];
-       turn_user_lifetime = "1h";
+      # turn server configuration
+      turn_uris = [
+        "turn:${config.services.coturn.realm}:3478?transport=udp"
+        "turn:${config.services.coturn.realm}:3478?transport=tcp"
+      ];
+      turn_user_lifetime = "1h";
    };
  };

  services.nginx.virtualHosts.${host} = {
-    listen = [{ addr = "0.0.0.0"; port = 8448; ssl = true; }];
+    listen = [
+      {
+        addr = "0.0.0.0";
+        port = 8448;
+        ssl = true;
+      }
+    ];
    useACMEHost = host;
    addSSL = true;
    locations."/".extraConfig = ''
--- a/spec/eientei/minecraft.nix
+++ b/spec/eientei/minecraft.nix
@ -1,4 +1,10 @@
-{ pkgs, lib, config, ... }: let
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+let
  inherit (lib) mapAttrs' nameValuePair;

  servers = {
@ -25,81 +31,100 @@

  prefix = "minecraft-server-";
  data = "/nix/persist/service/minecraft";
-in {
+in
+{
  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/games/minecraft-server.nix
  users.users.minecraft = {
-    description     = "Minecraft server service user";
-    home            = data;
-    createHome      = true;
-    isSystemUser    = true;
-    uid             = 1021;
-    group           = "minecraft";
+    description = "Minecraft server service user";
+    home = data;
+    createHome = true;
+    isSystemUser = true;
+    uid = 1021;
+    group = "minecraft";
  };
  users.groups.minecraft.gid = 1021;

-  systemd.sockets = mapAttrs' (name: value: with value; (nameValuePair "${prefix}${name}" {
-    bindsTo = [ "${prefix}${name}.service" ];
-    socketConfig = {
-      ListenFIFO = "/run/minecraft-server/${name}.stdin";
-      SocketMode = "0660";
-      SocketUser = "minecraft";
-      SocketGroup = "minecraft";
-      RemoveOnStop = true;
-      FlushPending = true;
-    };
-  })) servers;
+  systemd.sockets = mapAttrs' (
+    name: value:
+    with value;
+    (nameValuePair "${prefix}${name}" {
+      bindsTo = [ "${prefix}${name}.service" ];
+      socketConfig = {
+        ListenFIFO = "/run/minecraft-server/${name}.stdin";
+        SocketMode = "0660";
+        SocketUser = "minecraft";
+        SocketGroup = "minecraft";
+        RemoveOnStop = true;
+        FlushPending = true;
+      };
+    })
+  ) servers;

-  systemd.services = let
-    stopScript = { name, stop }: pkgs.writeShellScript "minecraft-server-stop" ''
-      echo ${stop} > ${config.systemd.sockets."${prefix}${name}".socketConfig.ListenFIFO}
+  systemd.services =
+    let
+      stopScript =
+        { name, stop }:
+        pkgs.writeShellScript "minecraft-server-stop" ''
+          echo ${stop} > ${config.systemd.sockets."${prefix}${name}".socketConfig.ListenFIFO}

-      # Wait for the PID of the minecraft server to disappear before
-      # returning, so systemd doesn't attempt to SIGKILL it.
-      while kill -0 "$1" 2> /dev/null; do
-        sleep 1s
-      done
-    '';
-  in mapAttrs' (name: value: with value; (nameValuePair "${prefix}${name}" {
-    description   = "Minecraft Server Service for ${name}";
-    wantedBy      = [ "multi-user.target" ];
-    requires      = [ "${prefix}${name}.socket" ];
-    after         = [ "network.target" "${prefix}${name}.socket" ];
-    path          = [ pkgs.bash ];
+          # Wait for the PID of the minecraft server to disappear before
+          # returning, so systemd doesn't attempt to SIGKILL it.
+          while kill -0 "$1" 2> /dev/null; do
+            sleep 1s
+          done
+        '';
+    in
+    mapAttrs' (
+      name: value:
+      with value;
+      (nameValuePair "${prefix}${name}" {
+        description = "Minecraft Server Service for ${name}";
+        wantedBy = [ "multi-user.target" ];
+        requires = [ "${prefix}${name}.socket" ];
+        after = [
+          "network.target"
+          "${prefix}${name}.socket"
+        ];
+        path = [ pkgs.bash ];

-    serviceConfig = {
-      ExecStart = cmdline;
-      ExecStop = "${stopScript { inherit name stop; }} $MAINPID";
-      Restart = "always";
-      User = "minecraft";
-      WorkingDirectory = "${data}/${name}";
+        serviceConfig = {
+          ExecStart = cmdline;
+          ExecStop = "${stopScript { inherit name stop; }} $MAINPID";
+          Restart = "always";
+          User = "minecraft";
+          WorkingDirectory = "${data}/${name}";

-      StandardInput = "socket";
-      StandardOutput = "journal";
-      StandardError = "journal";
+          StandardInput = "socket";
+          StandardOutput = "journal";
+          StandardError = "journal";

-      # Hardening
-      CapabilityBoundingSet = [ "" ];
-      DeviceAllow = [ "" ];
-      LockPersonality = true;
-      PrivateDevices = true;
-      PrivateTmp = true;
-      PrivateUsers = true;
-      ProtectClock = true;
-      ProtectControlGroups = true;
-      ProtectHome = true;
-      ProtectHostname = true;
-      ProtectKernelLogs = true;
-      ProtectKernelModules = true;
-      ProtectKernelTunables = true;
-      ProtectProc = "invisible";
-      RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
-      RestrictNamespaces = true;
-      RestrictRealtime = true;
-      RestrictSUIDSGID = true;
-      SystemCallArchitectures = "native";
-      UMask = "0077";
-    };
-  })) servers;
+          # Hardening
+          CapabilityBoundingSet = [ "" ];
+          DeviceAllow = [ "" ];
+          LockPersonality = true;
+          PrivateDevices = true;
+          PrivateTmp = true;
+          PrivateUsers = true;
+          ProtectClock = true;
+          ProtectControlGroups = true;
+          ProtectHome = true;
+          ProtectHostname = true;
+          ProtectKernelLogs = true;
+          ProtectKernelModules = true;
+          ProtectKernelTunables = true;
+          ProtectProc = "invisible";
+          RestrictAddressFamilies = [
+            "AF_INET"
+            "AF_INET6"
+          ];
+          RestrictNamespaces = true;
+          RestrictRealtime = true;
+          RestrictSUIDSGID = true;
+          SystemCallArchitectures = "native";
+          UMask = "0077";
+        };
+      })
+    ) servers;

  global.fs.zfs.mountpoints.${data} = "service/minecraft";
  networking.firewall.allowedTCPPorts = [ 25565 ];
--- a/spec/eientei/mosquitto.nix
+++ b/spec/eientei/mosquitto.nix
@ -1,16 +1,18 @@
 {
  services.mosquitto = {
    enable = true;
-    listeners = [ {
-      users.frigate = {
-        acl = [ "readwrite #" ];
-        hashedPassword = "$7$101$Zt3Me3AkHbrKBbbI$SsLTGeTwtkFGXS2F1/S3Vg6w7TcgMLU037ttedKaw/Ela0wgqbaAVxecK1j5i5TDw9OjZMkNI9mUzz9l0d7vcg==";
-      };
-      users.root = {
-        acl = [ "readwrite #" ];
-        hashedPassword = "$7$101$FjpEh+NpG27RltQe$u2dmg9wz+BBnp1s4z6E6x95TyGO5B9RM2z51qxetvAqO4QDvye1J3UCdMvjuz52iMqzZ3eKi+T2xDeLR7CeMgQ==";
-      };
-    } ];
+    listeners = [
+      {
+        users.frigate = {
+          acl = [ "readwrite #" ];
+          hashedPassword = "$7$101$Zt3Me3AkHbrKBbbI$SsLTGeTwtkFGXS2F1/S3Vg6w7TcgMLU037ttedKaw/Ela0wgqbaAVxecK1j5i5TDw9OjZMkNI9mUzz9l0d7vcg==";
+        };
+        users.root = {
+          acl = [ "readwrite #" ];
+          hashedPassword = "$7$101$FjpEh+NpG27RltQe$u2dmg9wz+BBnp1s4z6E6x95TyGO5B9RM2z51qxetvAqO4QDvye1J3UCdMvjuz52iMqzZ3eKi+T2xDeLR7CeMgQ==";
+        };
+      }
+    ];
  };

  networking.firewall.allowedTCPPorts = [ 1883 ];
--- a/spec/eientei/nextcloud.nix
+++ b/spec/eientei/nextcloud.nix
@ -1,15 +1,27 @@
-{ pkgs
-, ...}: let
+{
+  pkgs,
+  ...
+}:
+let
  host = "cloud.514fpv.io";
-in {
+in
+{
  services.nextcloud = {
    enable = true;
    package = pkgs.nextcloud30;
    extraApps = {
      inherit (pkgs.nextcloud30Packages.apps)
-      notify_push impersonate spreed
-      contacts bookmarks deck polls notes forms
-      twofactor_webauthn;
+        notify_push
+        impersonate
+        spreed
+        contacts
+        bookmarks
+        deck
+        polls
+        notes
+        forms
+        twofactor_webauthn
+        ;
    };
    home = "/nix/persist/service/nextcloud";
    configureRedis = true;
--- a/spec/eientei/nginx.nix
+++ b/spec/eientei/nginx.nix
@ -20,5 +20,8 @@
    };
  };

-  networking.firewall.allowedTCPPorts = [ 80 443 ];
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
 }
--- a/spec/eientei/photoprism.nix
+++ b/spec/eientei/photoprism.nix
@ -1,5 +1,9 @@
-{ lib
-, ... }: with lib; {
+{
+  lib,
+  ...
+}:
+with lib;
+{
  services.photoprism = {
    enable = true;
    originalsPath = "/run/storage/aerial/raw";
--- a/spec/eientei/photoview.nix
+++ b/spec/eientei/photoview.nix
@ -4,7 +4,7 @@
    database.driver = "postgres";
    database.string = "postgresql:///photoview?host=/var/run/postgresql";
    stateDir = "/nix/persist/service/photoview";
-    secrets = "/nix/persist/service/photoview/secrets.env" ;
+    secrets = "/nix/persist/service/photoview/secrets.env";
  };

  services.nginx.virtualHosts."dvr.514fpv.io" = {
--- a/spec/eientei/postgresql.nix
+++ b/spec/eientei/postgresql.nix
@ -1,6 +1,9 @@
-{ pkgs
-, config
-, ...}: {
+{
+  pkgs,
+  config,
+  ...
+}:
+{
  services.postgresql = {
    enable = true;
    dataDir = "/nix/persist/service/postgresql/${config.services.postgresql.package.psqlSchema}";