diff --git a/flake.lock b/flake.lock index cce6cf3..a451762 100644 --- a/flake.lock +++ b/flake.lock @@ -3,7 +3,7 @@ "blog-pim": { "inputs": { "flutils": [ - "flake-utils" + "flutils" ], "nginx": "nginx", "nixpkgs": [ @@ -27,7 +27,7 @@ }, "deploy-rs": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "nixpkgs": "nixpkgs_3", "utils": "utils" }, @@ -89,7 +89,7 @@ }, "dns_2": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_4", "nixpkgs": [ "servers", "nixpkgs" @@ -142,22 +142,6 @@ } }, "flake-compat_3": { - "flake": false, - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_4": { "flake": false, "locked": { "lastModified": 1673956053, @@ -173,7 +157,7 @@ "type": "github" } }, - "flake-compat_5": { + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1696426674, @@ -227,24 +211,6 @@ } }, "flake-utils_2": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_3": { "inputs": { "systems": "systems_3" }, @@ -261,7 +227,7 @@ "type": "indirect" } }, - "flake-utils_4": { + "flake-utils_3": { "inputs": { "systems": "systems_4" }, @@ -279,7 +245,7 @@ "type": "github" } }, - "flake-utils_5": { + "flake-utils_4": { "locked": { "lastModified": 1614513358, "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=", @@ -294,7 +260,7 @@ "type": "github" } }, - "flake-utils_6": { + "flake-utils_5": { "inputs": { "systems": "systems_7" }, @@ -312,24 +278,21 @@ "type": "github" } }, - "gitignore": { + "flutils": { "inputs": { - "nixpkgs": [ - "pre-commit-hooks", - "nixpkgs" - ] + "systems": "systems" }, "locked": { - "lastModified": 1709087332, - "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", - "owner": "hercules-ci", - "repo": "gitignore.nix", - "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { - "owner": "hercules-ci", - "repo": "gitignore.nix", + "owner": "numtide", + "repo": "flake-utils", "type": "github" } }, @@ -380,7 +343,7 @@ }, "kubenix_2": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_3", "nixpkgs": [ "servers", "nixpkgs-unstable" @@ -457,7 +420,7 @@ }, "nix-snapshotter": { "inputs": { - "flake-compat": "flake-compat_5", + "flake-compat": "flake-compat_4", "flake-parts": "flake-parts", "nixpkgs": [ "servers", @@ -480,7 +443,7 @@ }, "nixhelm": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "haumea": "haumea", "nix-kube-generators": "nix-kube-generators", "nixpkgs": [ @@ -578,22 +541,6 @@ } }, "nixpkgs-stable": { - "locked": { - "lastModified": 1720386169, - "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-24.05", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-stable_2": { "locked": { "lastModified": 1729357638, "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=", @@ -657,25 +604,9 @@ "type": "github" } }, - "nixpkgs_4": { - "locked": { - "lastModified": 1726871744, - "narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "a1d92660c6b3b7c26fb883500a80ea9d33321be2", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "poetry2nix": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "nix-github-actions": "nix-github-actions", "nixpkgs": [ "nixhelm", @@ -698,41 +629,16 @@ "type": "github" } }, - "pre-commit-hooks": { - "inputs": { - "flake-compat": "flake-compat_2", - "gitignore": "gitignore", - "nixpkgs": [ - "nixpkgs" - ], - "nixpkgs-stable": "nixpkgs-stable" - }, - "locked": { - "lastModified": 1729104314, - "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=", - "owner": "cachix", - "repo": "git-hooks.nix", - "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6", - "type": "github" - }, - "original": { - "owner": "cachix", - "repo": "git-hooks.nix", - "type": "github" - } - }, "root": { "inputs": { "blog-pim": "blog-pim", "dns": "dns", - "flake-utils": "flake-utils_2", + "flutils": "flutils", "kubenix": "kubenix", "nixhelm": "nixhelm", "nixng": "nixng", "nixpkgs": "nixpkgs_2", - "pre-commit-hooks": "pre-commit-hooks", - "servers": "servers", - "treefmt-nix": "treefmt-nix_3" + "servers": "servers" } }, "servers": { @@ -740,7 +646,7 @@ "deploy-rs": "deploy-rs", "disko": "disko", "dns": "dns_2", - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_5", "kubenix": "kubenix_2", "nix-snapshotter": "nix-snapshotter", "nixng": "nixng_2", @@ -771,7 +677,7 @@ "servers", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable_2" + "nixpkgs-stable": "nixpkgs-stable" }, "locked": { "lastModified": 1729775275, @@ -965,24 +871,6 @@ "type": "github" } }, - "treefmt-nix_3": { - "inputs": { - "nixpkgs": "nixpkgs_4" - }, - "locked": { - "lastModified": 1730120726, - "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, "treefmt_2": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 8e7fbbd..334c94d 100644 --- a/flake.nix +++ b/flake.nix @@ -3,13 +3,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - flake-utils.url = "github:numtide/flake-utils"; - treefmt-nix.url = "github:numtide/treefmt-nix"; - - pre-commit-hooks = { - url = "github:cachix/git-hooks.nix"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + flutils.url = "github:numtide/flake-utils"; nixhelm = { url = "github:farcaller/nixhelm"; @@ -21,7 +15,7 @@ url = "git+https://git.kun.is/home/blog-pim?rev=7296f7f5bf5f089a5137036dcbd8058cf3e4a9e5"; inputs = { nixpkgs.follows = "nixpkgs"; - flutils.follows = "flake-utils"; + flutils.follows = "flutils"; }; }; @@ -46,11 +40,9 @@ }; }; - outputs = inputs @ {flake-utils, ...}: - flake-utils.lib.meld inputs [ - ./kubenix.nix - ./scripts - ./globals.nix - ./formatter.nix - ]; + outputs = inputs@{ flutils, ... }: flutils.lib.meld inputs [ + ./kubenix.nix + ./scripts + ./globals.nix + ]; } diff --git a/formatter.nix b/formatter.nix deleted file mode 100644 index 3cef74a..0000000 --- a/formatter.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ - self, - nixpkgs, - treefmt-nix, - flake-utils, - pre-commit-hooks, - ... -}: -flake-utils.lib.eachDefaultSystem ( - system: let - pkgs = nixpkgs.legacyPackages.${system}; - treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix; - treefmtWrapper = treefmtEval.config.build.wrapper; - in { - packages.formatter = treefmtWrapper; - formatter = self.packages.${system}.formatter; - checks.pre-commit-check = pre-commit-hooks.lib.${system}.run { - src = ./.; - hooks = { - treefmt = { - enable = true; - package = treefmtWrapper; - }; - }; - }; - } -) diff --git a/globals.nix b/globals.nix index 8726879..91ee50b 100644 --- a/globals.nix +++ b/globals.nix @@ -1,4 +1,5 @@ -{servers, ...}: let +{ servers, ... }: +let globals = { images = { jellyfin = "jellyfin/jellyfin:10.10.0"; @@ -33,6 +34,7 @@ minecraft = "itzg/minecraft-server:latest"; }; }; -in { +in +{ globals = globals // servers.globals; } diff --git a/images/attic.nix b/images/attic.nix index 77c1008..ee8a0aa 100644 --- a/images/attic.nix +++ b/images/attic.nix @@ -1,17 +1,13 @@ -{ - nixpkgs, - nglib, - ... -}: +{ nixpkgs, nglib, ... }: nglib.makeSystem { inherit nixpkgs; system = "x86_64-linux"; name = "nixng-attic"; - config = {...}: { + config = { ... }: { dumb-init = { enable = true; - type.services = {}; + type.services = { }; }; init.services.attic = { @@ -26,7 +22,7 @@ nglib.makeSystem { # This is done because we quote the template for the toml file. # See: https://github.com/helmfile/vals?tab=readme-ov-file#expression-syntax # database.url = "ref+sops://secrets.yml#attic/databaseURL+"; - database = {}; + database = { }; storage = { type = "local"; diff --git a/images/dnsmasq.nix b/images/dnsmasq.nix index 6b3cc14..6fc8c4f 100644 --- a/images/dnsmasq.nix +++ b/images/dnsmasq.nix @@ -1,18 +1,13 @@ -{ - globals, - nixpkgs, - nglib, - ... -}: +{ globals, nixpkgs, nglib, ... }: nglib.makeSystem { inherit nixpkgs; system = "x86_64-linux"; name = "nixng-dnsmasq"; - config = {...}: { + config = { ... }: { dumb-init = { enable = true; - type.services = {}; + type.services = { }; }; init.services.dnsmasq = { diff --git a/kubenix.nix b/kubenix.nix index 95527de..8c1c7fd 100644 --- a/kubenix.nix +++ b/kubenix.nix @@ -1,23 +1,15 @@ -inputs @ { - self, - servers, - flake-utils, - nixpkgs, - kubenix, - ... -}: -flake-utils.lib.eachDefaultSystem -(system: let - pkgs = nixpkgs.legacyPackages.${system}; - lib = pkgs.lib; - deployScript = (pkgs.writeScriptBin "applyset-deploy.sh" (builtins.readFile ./applyset-deploy.sh)).overrideAttrs (old: { - buildCommand = "${old.buildCommand}\npatchShebangs $out"; - }); +inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaultSystem + (system: + let + pkgs = nixpkgs.legacyPackages.${system}; + lib = pkgs.lib; + deployScript = (pkgs.writeScriptBin "applyset-deploy.sh" (builtins.readFile ./applyset-deploy.sh)).overrideAttrs (old: { + buildCommand = "${old.buildCommand}\npatchShebangs $out"; + }); - machines = servers.machines.${system}; + machines = servers.machines.${system}; - mkKubernetes = name: module: namespace: - (kubenix.evalModules.${system} { + mkKubernetes = name: module: namespace: (kubenix.evalModules.${system} { specialArgs = { inherit namespace system machines self; inherit (inputs) nixhelm blog-pim dns nixpkgs nixng; @@ -30,74 +22,67 @@ flake-utils.lib.eachDefaultSystem }; }; - module = {kubenix, ...}: { - imports = [ - kubenix.modules.k8s - kubenix.modules.helm - ./modules - module - ]; + module = { kubenix, ... }: + { + imports = [ + kubenix.modules.k8s + kubenix.modules.helm + ./modules + module + ]; - config = { - kubenix.project = name; - kubernetes.namespace = namespace; + config = { + kubenix.project = name; + kubernetes.namespace = namespace; + }; }; - }; - }) - .config - .kubernetes; + }).config.kubernetes; - mkManifest = name: { - module, - namespace, - }: { - name = "${name}-manifest"; - value = (mkKubernetes name module namespace).result; - }; + mkManifest = name: { module, namespace }: { + name = "${name}-manifest"; + value = (mkKubernetes name module namespace).result; + }; - mkDeployApp = name: { - module, - namespace, - }: let - kubernetes = mkKubernetes name module namespace; - kubeconfig = kubernetes.kubeconfig or ""; - result = kubernetes.result or ""; + mkDeployApp = name: { module, namespace }: + let + kubernetes = mkKubernetes name module namespace; + kubeconfig = kubernetes.kubeconfig or ""; + result = kubernetes.result or ""; - wrappedDeployScript = - pkgs.symlinkJoin + wrappedDeployScript = pkgs.symlinkJoin + { + name = "applyset-deploy.sh"; + paths = [ deployScript pkgs.vals pkgs.kubectl ]; + buildInputs = [ pkgs.makeWrapper ]; + passthru.manifest = result; + meta.mainProgram = "applyset-deploy.sh"; + + postBuild = + let + # HACK: create normal way of checking if server runs k8s + k8sMachines = lib.filterAttrs (n: m: m.kubernetesNodeLabels != null) machines; + k8sServerNames = builtins.concatStringsSep " " (builtins.attrNames k8sMachines); + in + /* bash */ '' + wrapProgram $out/bin/applyset-deploy.sh \ + --suffix PATH : "$out/bin" \ + --run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \ + --set MANIFEST '${result}' \ + --set NAME '${name}' \ + --set NAMESPACE '${namespace}' \ + --set SERVERS '${k8sServerNames}' \ + --set DYFF '${lib.getExe pkgs.dyff}' \ + --set GCROOTDIR '/nix/var/nix/gcroots/kubernetes-manifests' + ''; + }; + in { - name = "applyset-deploy.sh"; - paths = [deployScript pkgs.vals pkgs.kubectl]; - buildInputs = [pkgs.makeWrapper]; - passthru.manifest = result; - meta.mainProgram = "applyset-deploy.sh"; - - postBuild = let - # HACK: create normal way of checking if server runs k8s - k8sMachines = lib.filterAttrs (n: m: m.kubernetesNodeLabels != null) machines; - k8sServerNames = builtins.concatStringsSep " " (builtins.attrNames k8sMachines); - in - /* - bash - */ - '' - wrapProgram $out/bin/applyset-deploy.sh \ - --suffix PATH : "$out/bin" \ - --run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \ - --set MANIFEST '${result}' \ - --set NAME '${name}' \ - --set NAMESPACE '${namespace}' \ - --set SERVERS '${k8sServerNames}' \ - --set DYFF '${lib.getExe pkgs.dyff}' \ - --set GCROOTDIR '/nix/var/nix/gcroots/kubernetes-manifests' - ''; + name = "${name}-deploy"; + value = wrappedDeployScript; }; - in { - name = "${name}-deploy"; - value = wrappedDeployScript; - }; - deployments = import ./deployments.nix; -in { - packages = pkgs.lib.mergeAttrs (pkgs.lib.mapAttrs' mkDeployApp deployments) (pkgs.lib.mapAttrs' mkManifest deployments); -}) + deployments = import ./deployments.nix; + in + { + packages = pkgs.lib.mergeAttrs (pkgs.lib.mapAttrs' mkDeployApp deployments) (pkgs.lib.mapAttrs' mkManifest deployments); + }) diff --git a/modules/attic.nix b/modules/attic.nix index 6e72133..2c124c0 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -1,11 +1,4 @@ -{ - self, - utils, - lib, - config, - globals, - ... -}: { +{ self, utils, lib, config, globals, ... }: { options.attic.enable = lib.mkEnableOption "attic"; config = lib.mkIf config.attic.enable { @@ -57,12 +50,10 @@ }; }; - volumeMounts = [ - { - name = "data"; - mountPath = "/var/lib/atticd/storage"; - } - ]; + volumeMounts = [{ + name = "data"; + mountPath = "/var/lib/atticd/storage"; + }]; }; volumes = { @@ -107,12 +98,10 @@ }; }; - volumeMounts = [ - { - name = "data"; - mountPath = "/pgdata"; - } - ]; + volumeMounts = [{ + name = "data"; + mountPath = "/pgdata"; + }]; }; volumes.data.persistentVolumeClaim.claimName = "database"; diff --git a/modules/atuin.nix b/modules/atuin.nix index 7485f9f..c055a9c 100644 --- a/modules/atuin.nix +++ b/modules/atuin.nix @@ -1,9 +1,4 @@ -{ - config, - globals, - lib, - ... -}: { +{ config, globals, lib, ... }: { options.atuin.enable = lib.mkEnableOption "atuin"; config = lib.mkIf config.atuin.enable { @@ -39,7 +34,7 @@ image = globals.images.atuin; imagePullPolicy = "IfNotPresent"; ports.web.containerPort = 8888; - args = ["server" "start"]; + args = [ "server" "start" ]; env = { ATUIN_HOST.value = "0.0.0.0"; @@ -52,12 +47,10 @@ }; }; - volumeMounts = [ - { - name = "data"; - mountPath = "/config"; - } - ]; + volumeMounts = [{ + name = "data"; + mountPath = "/config"; + }]; }; database = { @@ -74,12 +67,10 @@ }; }; - volumeMounts = [ - { - name = "database"; - mountPath = "/var/lib/postgresql/data"; - } - ]; + volumeMounts = [{ + name = "database"; + mountPath = "/var/lib/postgresql/data"; + }]; }; }; }; diff --git a/modules/bind9/default.nix b/modules/bind9/default.nix index 5cebe2a..d99c8ad 100644 --- a/modules/bind9/default.nix +++ b/modules/bind9/default.nix @@ -1,12 +1,8 @@ -{ - config, - lib, - globals, - dns, - ... -}: let +{ config, lib, globals, dns, ... }: +let kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix globals dns); -in { +in +{ options.bind9.enable = lib.mkEnableOption "bind9"; config = lib.mkIf config.bind9.enable { @@ -58,7 +54,7 @@ in { containers = { bind9-udp = { image = globals.images.bind9; - envFrom = [{configMapRef.name = "bind9-env";}]; + envFrom = [{ configMapRef.name = "bind9-env"; }]; ports.dns-udp = { containerPort = 53; @@ -81,7 +77,7 @@ in { bind9-tcp = { image = globals.images.bind9; - envFrom = [{configMapRef.name = "bind9-env";}]; + envFrom = [{ configMapRef.name = "bind9-env"; }]; ports.dns-tcp = { containerPort = 53; @@ -103,12 +99,10 @@ in { }; }; - volumes = [ - { - name = "config"; - configMap.name = "bind9-config"; - } - ]; + volumes = [{ + name = "config"; + configMap.name = "bind9-config"; + }]; }; }; }; @@ -123,7 +117,7 @@ in { spec = { type = "LoadBalancer"; selector.app = "bind9"; - ipFamilies = ["IPv4" "IPv6"]; + ipFamilies = [ "IPv4" "IPv6" ]; ipFamilyPolicy = "RequireDualStack"; ports.dns = { @@ -143,7 +137,7 @@ in { spec = { type = "LoadBalancer"; selector.app = "bind9"; - ipFamilies = ["IPv4" "IPv6"]; + ipFamilies = [ "IPv4" "IPv6" ]; ipFamilyPolicy = "RequireDualStack"; ports.dns = { diff --git a/modules/bind9/kun.is.zone.nix b/modules/bind9/kun.is.zone.nix index 3c12587..fbca909 100644 --- a/modules/bind9/kun.is.zone.nix +++ b/modules/bind9/kun.is.zone.nix @@ -1,5 +1,4 @@ -globals: dns: -with dns.lib.combinators; { +globals: dns: with dns.lib.combinators; { CAA = letsEncrypt "caa@kun.is"; SOA = { @@ -18,36 +17,36 @@ with dns.lib.combinators; { ]; TXT = [ - (with spf; soft ["include:spf.glasnet.nl"]) + (with spf; soft [ "include:spf.glasnet.nl" ]) ]; subdomains = rec { - "*".A = [globals.routerPublicIPv4]; + "*".A = [ globals.routerPublicIPv4 ]; ns = { - A = [globals.routerPublicIPv4]; - AAAA = []; + A = [ globals.routerPublicIPv4 ]; + AAAA = [ ]; }; ns1 = ns; ns2 = ns; wg = { - A = [globals.routerPublicIPv4]; - AAAA = []; + A = [ globals.routerPublicIPv4 ]; + AAAA = [ ]; }; #for SMTP2GO to be able send emails from kun.is domain em670271 = { - CNAME = ["return.smtp2go.net."]; + CNAME = [ "return.smtp2go.net." ]; }; "s670271._domainkey" = { - CNAME = ["dkim.smtp2go.net."]; + CNAME = [ "dkim.smtp2go.net." ]; }; link = { - CNAME = ["track.smtp2go.net."]; + CNAME = [ "track.smtp2go.net." ]; }; }; } diff --git a/modules/blog.nix b/modules/blog.nix index a6c1ed7..0671bc2 100644 --- a/modules/blog.nix +++ b/modules/blog.nix @@ -1,9 +1,4 @@ -{ - blog-pim, - lib, - config, - ... -}: { +{ blog-pim, lib, config, ... }: { options.blog.enable = lib.mkEnableOption "blog"; config = lib.mkIf config.blog.enable { diff --git a/modules/bootstrap-default.nix b/modules/bootstrap-default.nix index fccd2b7..8aaa7e1 100644 --- a/modules/bootstrap-default.nix +++ b/modules/bootstrap-default.nix @@ -1,12 +1,4 @@ -{ - config, - lib, - nixhelm, - system, - globals, - machines, - ... -}: { +{ config, lib, nixhelm, system, globals, machines, ... }: { options.bootstrap-default.enable = lib.mkEnableOption "bootstrap-default"; config = lib.mkIf config.bootstrap-default.enable { @@ -44,35 +36,36 @@ services.longhorn-frontend.spec.loadBalancerIP = globals.longhornIPv4; namespaces = { - static-websites = {}; - freshrss = {}; - radicale = {}; - kms = {}; - atuin = {}; - nextcloud = {}; - hedgedoc = {}; - kitchenowl = {}; - forgejo = {}; - paperless = {}; - syncthing = {}; - immich = {}; - attic = {}; - inbucket = {}; - dns = {}; - media = {}; - minecraft = {}; - tailscale = {}; - ntfy = {}; + static-websites = { }; + freshrss = { }; + radicale = { }; + kms = { }; + atuin = { }; + nextcloud = { }; + hedgedoc = { }; + kitchenowl = { }; + forgejo = { }; + paperless = { }; + syncthing = { }; + immich = { }; + attic = { }; + inbucket = { }; + dns = { }; + media = { }; + minecraft = { }; + tailscale = { }; + ntfy = { }; }; - nodes = let - machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines; - in + nodes = + let + machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines; + in builtins.mapAttrs - (name: machine: { - metadata.labels = machine.kubernetesNodeLabels; - }) - machinesWithKubernetesLabels; + (name: machine: { + metadata.labels = machine.kubernetesNodeLabels; + }) + machinesWithKubernetesLabels; recurringJobs.backup-nfs.spec = { cron = "0 1 * * *"; # One o'clock at night @@ -81,13 +74,13 @@ concurrency = 1; }; - ipAddressPools.main.spec.addresses = ["192.168.30.128-192.168.30.200" "2a0d:6e00:1a77:30::2-2a0d:6e00:1a77:30:ffff:ffff:ffff:fffe"]; - l2Advertisements.main.metadata = {}; + ipAddressPools.main.spec.addresses = [ "192.168.30.128-192.168.30.200" "2a0d:6e00:1a77:30::2-2a0d:6e00:1a77:30:ffff:ffff:ffff:fffe" ]; + l2Advertisements.main.metadata = { }; persistentVolumes = { music-syncthing.spec = { capacity.storage = "1Gi"; - accessModes = ["ReadWriteMany"]; + accessModes = [ "ReadWriteMany" ]; nfs = { server = "lewis.dmz"; @@ -97,7 +90,7 @@ media-media.spec = { capacity.storage = "1Gi"; - accessModes = ["ReadWriteMany"]; + accessModes = [ "ReadWriteMany" ]; nfs = { server = "lewis.dmz"; diff --git a/modules/bootstrap-kube-system/default.nix b/modules/bootstrap-kube-system/default.nix index c557072..619c1d4 100644 --- a/modules/bootstrap-kube-system/default.nix +++ b/modules/bootstrap-kube-system/default.nix @@ -1,10 +1,4 @@ -{ - config, - lib, - nixhelm, - system, - ... -}: { +{ config, lib, nixhelm, system, ... }: { options.bootstrap-kube-system.enable = lib.mkEnableOption "bootstrap-kube-system"; config = lib.mkIf config.bootstrap-kube-system.enable { @@ -35,12 +29,10 @@ server = "https://acme-v02.api.letsencrypt.org/directory"; email = "pim@kunis.nl"; privateKeySecretRef.name = "letsencrypt-private-key"; - solvers = [ - { - selector = {}; - http01.ingress.class = "traefik"; - } - ]; + solvers = [{ + selector = { }; + http01.ingress.class = "traefik"; + }]; }; }; }; diff --git a/modules/cyberchef.nix b/modules/cyberchef.nix index d2dabbc..c25b23f 100644 --- a/modules/cyberchef.nix +++ b/modules/cyberchef.nix @@ -1,9 +1,4 @@ -{ - config, - lib, - globals, - ... -}: { +{ config, lib, globals, ... }: { options.cyberchef.enable = lib.mkEnableOption "cyberchef"; config = lib.mkIf config.cyberchef.enable { diff --git a/modules/dnsmasq.nix b/modules/dnsmasq.nix index 5cc6b0a..b287cac 100644 --- a/modules/dnsmasq.nix +++ b/modules/dnsmasq.nix @@ -1,11 +1,4 @@ -{ - self, - utils, - globals, - config, - lib, - ... -}: { +{ self, utils, globals, config, lib, ... }: { options.dnsmasq.enable = lib.mkEnableOption "dnsmasq"; config = lib.mkIf config.dnsmasq.enable { diff --git a/modules/forgejo/default.nix b/modules/forgejo/default.nix index c35a5fc..2e45aab 100644 --- a/modules/forgejo/default.nix +++ b/modules/forgejo/default.nix @@ -1,14 +1,9 @@ -{ - lib, - config, - globals, - ... -}: { +{ lib, config, globals, ... }: { options.forgejo.enable = lib.mkEnableOption "forgejo"; config = lib.mkIf config.forgejo.enable { kubernetes.resources = { - secrets.forgejo.stringData.config = lib.generators.toINI {} (import ./config.nix); + secrets.forgejo.stringData.config = lib.generators.toINI { } (import ./config.nix); deployments.server.spec = { selector.matchLabels.app = "forgejo"; diff --git a/modules/freshrss.nix b/modules/freshrss.nix index 0581d95..a591ff6 100644 --- a/modules/freshrss.nix +++ b/modules/freshrss.nix @@ -1,9 +1,4 @@ -{ - config, - lib, - globals, - ... -}: { +{ config, lib, globals, ... }: { options.freshrss.enable = lib.mkEnableOption "freshrss"; config = lib.mkIf config.freshrss.enable { @@ -48,12 +43,10 @@ }; }; - volumeMounts = [ - { - name = "data"; - mountPath = "/var/www/FreshRSS/data"; - } - ]; + volumeMounts = [{ + name = "data"; + mountPath = "/var/www/FreshRSS/data"; + }]; }; volumes.data.persistentVolumeClaim.claimName = "data"; diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix index a889825..04b57e0 100644 --- a/modules/hedgedoc.nix +++ b/modules/hedgedoc.nix @@ -1,14 +1,9 @@ -{ - config, - lib, - globals, - ... -}: { +{ config, lib, globals, ... }: { options.hedgedoc.enable = lib.mkEnableOption "hedgedoc"; config = lib.mkIf config.hedgedoc.enable { kubernetes.resources = { - configMaps.hedgedoc-config.data.config = lib.generators.toJSON {} { + configMaps.hedgedoc-config.data.config = lib.generators.toJSON { } { useSSL = false; }; @@ -111,12 +106,10 @@ }; }; - volumeMounts = [ - { - name = "database"; - mountPath = "/pgdata"; - } - ]; + volumeMounts = [{ + name = "database"; + mountPath = "/pgdata"; + }]; }; volumes.database.persistentVolumeClaim.claimName = "database"; diff --git a/modules/immich.nix b/modules/immich.nix index 0317b8b..33608aa 100644 --- a/modules/immich.nix +++ b/modules/immich.nix @@ -1,9 +1,4 @@ -{ - globals, - config, - lib, - ... -}: { +{ globals, config, lib, ... }: { options.immich.enable = lib.mkEnableOption "immich"; config = lib.mkIf config.immich.enable { @@ -56,12 +51,10 @@ }; }; - volumeMounts = [ - { - name = "data"; - mountPath = "/usr/src/app/upload"; - } - ]; + volumeMounts = [{ + name = "data"; + mountPath = "/usr/src/app/upload"; + }]; }; }; }; @@ -97,12 +90,10 @@ ports.ml.containerPort = 3003; env.MACHINE_LEARNING_WORKER_TIMEOUT.value = "600"; - volumeMounts = [ - { - name = "cache"; - mountPath = "/cache"; - } - ]; + volumeMounts = [{ + name = "cache"; + mountPath = "/cache"; + }]; }; }; }; @@ -166,8 +157,8 @@ containers.postgres = { image = globals.images.immich-postgres; imagePullPolicy = "IfNotPresent"; - command = ["postgres"]; - args = ["-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on"]; + command = [ "postgres" ]; + args = [ "-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on" ]; ports.postgres.containerPort = 5432; securityContext.runAsUser = 999; securityContext.runAsGroup = 999; @@ -184,12 +175,10 @@ }; }; - volumeMounts = [ - { - name = "data"; - mountPath = "/pgdata"; - } - ]; + volumeMounts = [{ + name = "data"; + mountPath = "/pgdata"; + }]; }; }; }; @@ -250,7 +239,7 @@ }; persistentVolumeClaims.cache.spec = { - accessModes = ["ReadWriteOnce"]; + accessModes = [ "ReadWriteOnce" ]; resources.requests.storage = "5Gi"; }; }; diff --git a/modules/inbucket.nix b/modules/inbucket.nix index 7fbc481..be8f140 100644 --- a/modules/inbucket.nix +++ b/modules/inbucket.nix @@ -1,14 +1,9 @@ -{ - globals, - config, - lib, - ... -}: { +{ globals, config, lib, ... }: { options.inbucket.enable = lib.mkEnableOption "inbucket"; config = lib.mkIf config.inbucket.enable { kubernetes.resources = { - serviceAccounts.inbucket = {}; + serviceAccounts.inbucket = { }; deployments.inbucket.spec = { selector.matchLabels.app = "inbucket"; diff --git a/modules/ingress.nix b/modules/ingress.nix index 9dbcb86..99b2e78 100644 --- a/modules/ingress.nix +++ b/modules/ingress.nix @@ -1,9 +1,6 @@ -{ - lib, - config, - ... -}: let - ingressOpts = {name, ...}: { +{ lib, config, ... }: +let + ingressOpts = { name, ... }: { options = { host = lib.mkOption { type = lib.types.str; @@ -25,17 +22,17 @@ }; }; }; -in { +in +{ options = { lab.ingresses = lib.mkOption { type = with lib.types; attrsOf (submodule ingressOpts); - default = {}; + default = { }; }; }; config = { - kubernetes.resources.ingresses = - builtins.mapAttrs + kubernetes.resources.ingresses = builtins.mapAttrs (name: ingress: { metadata.annotations = { "cert-manager.io/cluster-issuer" = "letsencrypt"; @@ -45,30 +42,24 @@ in { spec = { ingressClassName = "traefik"; - rules = [ - { - host = ingress.host; + rules = [{ + host = ingress.host; - http.paths = [ - { - path = "/"; - pathType = "Prefix"; + http.paths = [{ + path = "/"; + pathType = "Prefix"; - backend.service = { - name = ingress.service.name; - port.name = ingress.service.portName; - }; - } - ]; - } - ]; + backend.service = { + name = ingress.service.name; + port.name = ingress.service.portName; + }; + }]; + }]; - tls = [ - { - secretName = "${name}-tls"; - hosts = [ingress.host]; - } - ]; + tls = [{ + secretName = "${name}-tls"; + hosts = [ ingress.host ]; + }]; }; }) config.lab.ingresses; diff --git a/modules/kitchenowl.nix b/modules/kitchenowl.nix index 1042468..f51d3ad 100644 --- a/modules/kitchenowl.nix +++ b/modules/kitchenowl.nix @@ -1,9 +1,4 @@ -{ - lib, - globals, - config, - ... -}: { +{ lib, globals, config, ... }: { options.kitchenowl.enable = lib.mkEnableOption "kitchenowl"; config = lib.mkIf config.kitchenowl.enable { @@ -38,12 +33,10 @@ key = "jwtSecretKey"; }; - volumeMounts = [ - { - name = "data"; - mountPath = "/data"; - } - ]; + volumeMounts = [{ + name = "data"; + mountPath = "/data"; + }]; }; securityContext = { diff --git a/modules/kms.nix b/modules/kms.nix index a7b1f8e..826e7cd 100644 --- a/modules/kms.nix +++ b/modules/kms.nix @@ -1,9 +1,4 @@ -{ - config, - globals, - lib, - ... -}: { +{ config, globals, lib, ... }: { options.kms.enable = lib.mkEnableOption "kms"; config = lib.mkIf config.kms.enable { diff --git a/modules/longhorn-volume.nix b/modules/longhorn-volume.nix index 6eb4bfd..868e16f 100644 --- a/modules/longhorn-volume.nix +++ b/modules/longhorn-volume.nix @@ -1,9 +1,6 @@ -{ - lib, - config, - ... -}: let - longhornVolumeOpts = {name, ...}: { +{ lib, config, ... }: +let + longhornVolumeOpts = { name, ... }: { options = { storage = lib.mkOption { type = lib.types.str; @@ -16,7 +13,7 @@ }; }; - longhornPVOpts = {name, ...}: { + longhornPVOpts = { name, ... }: { options = { storage = lib.mkOption { type = lib.types.str; @@ -24,7 +21,7 @@ }; }; - longhornPVCOpts = {name, ...}: { + longhornPVCOpts = { name, ... }: { options = { volumeName = lib.mkOption { type = lib.types.str; @@ -37,34 +34,34 @@ }; }; }; -in { +in +{ options = { lab.longhornVolumes = lib.mkOption { type = with lib.types; attrsOf (submodule longhornVolumeOpts); - default = {}; + default = { }; }; lab.longhorn = { persistentVolume = lib.mkOption { type = with lib.types; attrsOf (submodule longhornPVOpts); - default = {}; + default = { }; }; persistentVolumeClaim = lib.mkOption { type = with lib.types; attrsOf (submodule longhornPVCOpts); - default = {}; + default = { }; }; }; }; config = { kubernetes.resources = { - persistentVolumes = - lib.mergeAttrs + persistentVolumes = lib.mergeAttrs (builtins.mapAttrs (name: longhornVolume: { spec = { - accessModes = ["ReadWriteOnce"]; + accessModes = [ "ReadWriteOnce" ]; capacity.storage = longhornVolume.storage; persistentVolumeReclaimPolicy = "Delete"; volumeMode = "Filesystem"; @@ -87,12 +84,10 @@ in { staleReplicaTimeout = "30"; unmapMarkSnapChainRemoved = "ignored"; - recurringJobSelector = lib.generators.toYAML {} [ - { - name = "backup-nfs"; - isGroup = false; - } - ]; + recurringJobSelector = lib.generators.toYAML { } [{ + name = "backup-nfs"; + isGroup = false; + }]; }; }; }; @@ -101,7 +96,7 @@ in { (builtins.mapAttrs (name: longhornPV: { spec = { - accessModes = ["ReadWriteOnce"]; + accessModes = [ "ReadWriteOnce" ]; capacity.storage = longhornPV.storage; persistentVolumeReclaimPolicy = "Delete"; volumeMode = "Filesystem"; @@ -119,24 +114,21 @@ in { staleReplicaTimeout = "30"; unmapMarkSnapChainRemoved = "ignored"; - recurringJobSelector = lib.generators.toYAML {} [ - { - name = "backup-nfs"; - isGroup = false; - } - ]; + recurringJobSelector = lib.generators.toYAML { } [{ + name = "backup-nfs"; + isGroup = false; + }]; }; }; }; }) config.lab.longhorn.persistentVolume); - persistentVolumeClaims = - lib.mergeAttrs + persistentVolumeClaims = lib.mergeAttrs (builtins.mapAttrs (name: longhornVolume: { spec = { - accessModes = ["ReadWriteOnce"]; + accessModes = [ "ReadWriteOnce" ]; resources.requests.storage = longhornVolume.storage; storageClassName = ""; }; @@ -145,7 +137,7 @@ in { (builtins.mapAttrs (name: longhornPVC: { spec = { - accessModes = ["ReadWriteOnce"]; + accessModes = [ "ReadWriteOnce" ]; resources.requests.storage = longhornPVC.storage; storageClassName = ""; volumeName = longhornPVC.volumeName; diff --git a/modules/media.nix b/modules/media.nix index 3ed17d3..8156e8b 100644 --- a/modules/media.nix +++ b/modules/media.nix @@ -1,9 +1,4 @@ -{ - globals, - config, - lib, - ... -}: { +{ globals, config, lib, ... }: { options.media.enable = lib.mkEnableOption "media"; config = lib.mkIf config.media.enable { @@ -69,17 +64,13 @@ fsGroupChangePolicy = "OnRootMismatch"; }; - affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [ - { - matchExpressions = [ - { - key = "hasMedia"; - operator = "In"; - values = ["true"]; - } - ]; - } - ]; + affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [{ + matchExpressions = [{ + key = "hasMedia"; + operator = "In"; + values = [ "true" ]; + }]; + }]; }; }; }; @@ -176,12 +167,10 @@ TZ.value = "Europe/Amsterdam"; }; - volumeMounts = [ - { - name = "config"; - mountPath = "/app/config"; - } - ]; + volumeMounts = [{ + name = "config"; + mountPath = "/app/config"; + }]; }; securityContext = { @@ -285,12 +274,10 @@ TZ.value = "Europe/Amsterdam"; }; - volumeMounts = [ - { - name = "config"; - mountPath = "/config"; - } - ]; + volumeMounts = [{ + name = "config"; + mountPath = "/config"; + }]; }; securityContext = { @@ -531,12 +518,12 @@ persistentVolumeClaims = { jellyfin-cache.spec = { - accessModes = ["ReadWriteOnce"]; + accessModes = [ "ReadWriteOnce" ]; resources.requests.storage = "20Gi"; }; media.spec = { - accessModes = ["ReadWriteMany"]; + accessModes = [ "ReadWriteMany" ]; storageClassName = ""; resources.requests.storage = "1Mi"; volumeName = "media-media"; diff --git a/modules/minecraft.nix b/modules/minecraft.nix index 3e0a8f9..a61dd6c 100644 --- a/modules/minecraft.nix +++ b/modules/minecraft.nix @@ -1,9 +1,4 @@ -{ - lib, - config, - globals, - ... -}: { +{ lib, config, globals, ... }: { options.minecraft.enable = lib.mkEnableOption "minecraft"; config = lib.mkIf config.minecraft.enable { @@ -23,12 +18,10 @@ env.EULA.value = "TRUE"; - volumeMounts = [ - { - name = "data"; - mountPath = "/data"; - } - ]; + volumeMounts = [{ + name = "data"; + mountPath = "/data"; + }]; }; securityContext = { diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 9017255..7fd5035 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -1,9 +1,4 @@ -{ - lib, - config, - globals, - ... -}: { +{ lib, config, globals, ... }: { options.nextcloud.enable = lib.mkEnableOption "nextcloud"; config = lib.mkIf config.nextcloud.enable { @@ -50,12 +45,10 @@ }; }; - volumeMounts = [ - { - name = "data"; - mountPath = "/var/www/html"; - } - ]; + volumeMounts = [{ + name = "data"; + mountPath = "/var/www/html"; + }]; }; securityContext = { @@ -63,18 +56,14 @@ fsGroupChangePolicy = "OnRootMismatch"; }; - affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [ - { - weight = 1; - preference.matchExpressions = [ - { - key = "storageType"; - operator = "In"; - values = ["fast"]; - } - ]; - } - ]; + affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{ + weight = 1; + preference.matchExpressions = [{ + key = "storageType"; + operator = "In"; + values = [ "fast" ]; + }]; + }]; }; }; }; @@ -108,12 +97,10 @@ }; }; - volumeMounts = [ - { - name = "database"; - mountPath = "/pgdata"; - } - ]; + volumeMounts = [{ + name = "database"; + mountPath = "/pgdata"; + }]; }; volumes.database.persistentVolumeClaim.claimName = "database"; diff --git a/modules/ntfy.nix b/modules/ntfy.nix index 4915e8c..bdd667a 100644 --- a/modules/ntfy.nix +++ b/modules/ntfy.nix @@ -1,14 +1,9 @@ -{ - lib, - config, - globals, - ... -}: { +{ lib, config, globals, ... }: { options.ntfy.enable = lib.mkEnableOption "ntfy"; config = lib.mkIf config.ntfy.enable { kubernetes.resources = { - configMaps.ntfy.data.config = lib.generators.toYAML {} { + configMaps.ntfy.data.config = lib.generators.toYAML { } { base-url = "https://ntfy.kun.is"; cache-file = "/var/cache/ntfy/cache.db"; cache-duration = "14d"; @@ -40,7 +35,7 @@ image = globals.images.ntfy; ports.web.containerPort = 80; env.TZ.value = "Europe/Amsterdam"; - args = ["serve"]; + args = [ "serve" ]; volumeMounts = [ { @@ -75,12 +70,12 @@ persistentVolumeClaims = { cache.spec = { - accessModes = ["ReadWriteOnce"]; + accessModes = [ "ReadWriteOnce" ]; resources.requests.storage = "300Mi"; }; attachment-cache.spec = { - accessModes = ["ReadWriteOnce"]; + accessModes = [ "ReadWriteOnce" ]; resources.requests.storage = "500Mi"; }; }; diff --git a/modules/paperless.nix b/modules/paperless.nix index 5ac3937..9eb59f7 100644 --- a/modules/paperless.nix +++ b/modules/paperless.nix @@ -1,9 +1,4 @@ -{ - globals, - lib, - config, - ... -}: { +{ globals, lib, config, ... }: { options.paperless.enable = lib.mkEnableOption "paperless"; config = lib.mkIf config.paperless.enable { @@ -69,12 +64,10 @@ }; }; - volumeMounts = [ - { - name = "data"; - mountPath = "/data"; - } - ]; + volumeMounts = [{ + name = "data"; + mountPath = "/data"; + }]; }; securityContext = { @@ -114,12 +107,10 @@ ports.redis.containerPort = 6379; imagePullPolicy = "IfNotPresent"; - volumeMounts = [ - { - name = "data"; - mountPath = "/data"; - } - ]; + volumeMounts = [{ + name = "data"; + mountPath = "/data"; + }]; }; securityContext = { @@ -168,12 +159,10 @@ }; }; - volumeMounts = [ - { - name = "data"; - mountPath = "/pgdata"; - } - ]; + volumeMounts = [{ + name = "data"; + mountPath = "/pgdata"; + }]; }; volumes.data.persistentVolumeClaim.claimName = "database"; diff --git a/modules/pihole.nix b/modules/pihole.nix index c437325..ec51aec 100644 --- a/modules/pihole.nix +++ b/modules/pihole.nix @@ -1,9 +1,4 @@ -{ - globals, - config, - lib, - ... -}: { +{ globals, config, lib, ... }: { options.pihole.enable = lib.mkEnableOption "pihole"; config = lib.mkIf config.pihole.enable { diff --git a/modules/radicale.nix b/modules/radicale.nix index aa0586b..c2769d4 100644 --- a/modules/radicale.nix +++ b/modules/radicale.nix @@ -1,9 +1,4 @@ -{ - config, - lib, - globals, - ... -}: { +{ config, lib, globals, ... }: { options.radicale.enable = lib.mkEnableOption "radicale"; config = lib.mkIf config.radicale.enable { @@ -11,7 +6,7 @@ configMaps.server.data = { users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ."; - config = lib.generators.toINI {} { + config = lib.generators.toINI { } { server = { hosts = "0.0.0.0:5232, [::]:5232"; ssl = false; @@ -36,8 +31,8 @@ filesystem_folder = "/data"; }; - logging = {}; - headers = {}; + logging = { }; + headers = { }; }; }; diff --git a/modules/syncthing.nix b/modules/syncthing.nix index c06b81a..93d3242 100644 --- a/modules/syncthing.nix +++ b/modules/syncthing.nix @@ -1,14 +1,9 @@ -{ - globals, - config, - lib, - ... -}: { +{ globals, config, lib, ... }: { options.syncthing.enable = lib.mkEnableOption "syncthing"; config = lib.mkIf config.syncthing.enable { kubernetes.resources = { - serviceAccounts.syncthing = {}; + serviceAccounts.syncthing = { }; deployments.syncthing.spec = { selector.matchLabels.app = "syncthing"; @@ -76,7 +71,7 @@ }; persistentVolumeClaims.music.spec = { - accessModes = ["ReadWriteMany"]; + accessModes = [ "ReadWriteMany" ]; storageClassName = ""; resources.requests.storage = "1Mi"; volumeName = "music-syncthing"; diff --git a/modules/tailscale-ingress.nix b/modules/tailscale-ingress.nix index 83e3f96..29ad04f 100644 --- a/modules/tailscale-ingress.nix +++ b/modules/tailscale-ingress.nix @@ -1,16 +1,12 @@ -{ - lib, - config, - ... -}: { +{ lib, config, ... }: { options = with lib.types; { lab.tailscaleIngresses = lib.mkOption { type = attrsOf (submodule { options = { - host = lib.mkOption {type = str;}; + host = lib.mkOption { type = str; }; service = { - name = lib.mkOption {type = str;}; + name = lib.mkOption { type = str; }; portName = lib.mkOption { type = str; @@ -20,44 +16,37 @@ }; }); - default = {}; + default = { }; }; }; - config = let - cfg = config.lab.tailscaleIngresses; + config = + let + cfg = config.lab.tailscaleIngresses; - mkTailscaleIngress = name: { - host, - service, - }: { - spec = { - ingressClassName = "tailscale"; + mkTailscaleIngress = name: { host, service }: { + spec = { + ingressClassName = "tailscale"; - rules = [ - { - http.paths = [ - { - path = "/"; - pathType = "Prefix"; + rules = [{ + http.paths = [{ + path = "/"; + pathType = "Prefix"; - backend.service = { - name = service.name; - port.name = service.portName; - }; - } - ]; - } - ]; + backend.service = { + name = service.name; + port.name = service.portName; + }; + }]; + }]; - tls = [ - { - hosts = [host]; - } - ]; + tls = [{ + hosts = [ host ]; + }]; + }; }; + in + { + kubernetes.resources.ingresses = builtins.mapAttrs mkTailscaleIngress cfg; }; - in { - kubernetes.resources.ingresses = builtins.mapAttrs mkTailscaleIngress cfg; - }; } diff --git a/modules/tailscale.nix b/modules/tailscale.nix index 3a3b656..97b0902 100644 --- a/modules/tailscale.nix +++ b/modules/tailscale.nix @@ -1,10 +1,4 @@ -{ - nixhelm, - system, - config, - lib, - ... -}: { +{ nixhelm, system, config, lib, ... }: { options.tailscale.enable = lib.mkEnableOption "tailscale"; config = lib.mkIf config.tailscale.enable { diff --git a/modules/traefik.nix b/modules/traefik.nix index b59253d..e5d304f 100644 --- a/modules/traefik.nix +++ b/modules/traefik.nix @@ -1,9 +1,4 @@ -{ - lib, - globals, - config, - ... -}: { +{ lib, globals, config, ... }: { options.traefik.enable = lib.mkEnableOption "traefik"; config = lib.mkIf config.traefik.enable { @@ -13,7 +8,7 @@ # Override Traefik's service with a static load balancer IP. # Create endpoint for HTTPS on port 444. # Allow external name services for servers in LAN. - spec.valuesContent = lib.generators.toYAML {} { + spec.valuesContent = lib.generators.toYAML { } { providers.kubernetesIngress.allowExternalNameServices = true; service.loadBalancerIP = globals.traefikIPv4; @@ -28,7 +23,7 @@ enabled = true; options = ""; certResolver = ""; - domains = []; + domains = [ ]; }; }; diff --git a/scripts/default.nix b/scripts/default.nix index c5a24df..90dcbe2 100644 --- a/scripts/default.nix +++ b/scripts/default.nix @@ -1,31 +1,23 @@ -{ - nixpkgs, - flake-utils, - ... -}: -flake-utils.lib.eachDefaultSystem (system: let +{ nixpkgs, flutils, ... }: flutils.lib.eachDefaultSystem (system: +let pkgs = nixpkgs.legacyPackages.${system}; - createScript = { - name, - runtimeInputs, - scriptPath, - extraWrapperFlags ? "", - ... - }: let - script = (pkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: { - buildCommand = "${old.buildCommand}\n patchShebangs $out"; - }); - in + createScript = { name, runtimeInputs, scriptPath, extraWrapperFlags ? "", ... }: + let + script = (pkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: { + buildCommand = "${old.buildCommand}\n patchShebangs $out"; + }); + in pkgs.symlinkJoin { inherit name; - paths = [script] ++ runtimeInputs; - buildInputs = [pkgs.makeWrapper]; + paths = [ script ] ++ runtimeInputs; + buildInputs = [ pkgs.makeWrapper ]; postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin ${extraWrapperFlags}"; }; -in { +in +{ packages.gen-k3s-cert = createScript { name = "create-k3s-cert"; - runtimeInputs = with pkgs; [openssl coreutils openssh yq]; + runtimeInputs = with pkgs; [ openssl coreutils openssh yq ]; scriptPath = ./gen-k3s-cert.sh; }; }) diff --git a/treefmt.nix b/treefmt.nix deleted file mode 100644 index e6da195..0000000 --- a/treefmt.nix +++ /dev/null @@ -1,4 +0,0 @@ -{...}: { - projectRootFile = "flake.nix"; - programs.alejandra.enable = true; -} diff --git a/utils.nix b/utils.nix index 99201ad..8b05d75 100644 --- a/utils.nix +++ b/utils.nix @@ -1,22 +1,11 @@ -{ - pkgs, - nixpkgs, - nixng, - globals, - ... -}: { - mkNixNGImage = name: file: let - stream = - (import file { +{ pkgs, nixpkgs, nixng, globals, ... }: { + mkNixNGImage = name: file: + let + stream = (import file { inherit nixpkgs nixng globals; inherit (nixng) nglib; - }) - .config - .system - .build - .ociImage - .stream; - in + }).config.system.build.ociImage.stream; + in pkgs.stdenv.mkDerivation { name = "${name}.tar"; src = stream;