From 316914904587928d76da80a7dedadc2e646b2877 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Mon, 28 Oct 2024 16:03:01 +0100 Subject: [PATCH 1/2] Add formatter --- flake.lock | 124 +++++++++++++++++++++++++++++++++++++++++++++++--- flake.nix | 17 +++++-- formatter.nix | 27 +++++++++++ treefmt.nix | 4 ++ 4 files changed, 161 insertions(+), 11 deletions(-) create mode 100644 formatter.nix create mode 100644 treefmt.nix diff --git a/flake.lock b/flake.lock index a451762..bd7121f 100644 --- a/flake.lock +++ b/flake.lock @@ -27,7 +27,7 @@ }, "deploy-rs": { "inputs": { - "flake-compat": "flake-compat_2", + "flake-compat": "flake-compat_3", "nixpkgs": "nixpkgs_3", "utils": "utils" }, @@ -142,6 +142,22 @@ } }, "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, + "flake-compat_4": { "flake": false, "locked": { "lastModified": 1673956053, @@ -157,7 +173,7 @@ "type": "github" } }, - "flake-compat_4": { + "flake-compat_5": { "flake": false, "locked": { "lastModified": 1696426674, @@ -296,6 +312,27 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "haumea": { "inputs": { "nixpkgs": [ @@ -343,7 +380,7 @@ }, "kubenix_2": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "nixpkgs": [ "servers", "nixpkgs-unstable" @@ -420,7 +457,7 @@ }, "nix-snapshotter": { "inputs": { - "flake-compat": "flake-compat_4", + "flake-compat": "flake-compat_5", "flake-parts": "flake-parts", "nixpkgs": [ "servers", @@ -541,6 +578,22 @@ } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1720386169, + "narHash": "sha256-NGKVY4PjzwAa4upkGtAMz1npHGoRzWotlSnVlqI40mo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "194846768975b7ad2c4988bdb82572c00222c0d7", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-24.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1729357638, "narHash": "sha256-66RHecx+zohbZwJVEPF7uuwHeqf8rykZTMCTqIrOew4=", @@ -604,6 +657,22 @@ "type": "github" } }, + "nixpkgs_4": { + "locked": { + "lastModified": 1726871744, + "narHash": "sha256-V5LpfdHyQkUF7RfOaDPrZDP+oqz88lTJrMT1+stXNwo=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "a1d92660c6b3b7c26fb883500a80ea9d33321be2", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "poetry2nix": { "inputs": { "flake-utils": "flake-utils_3", @@ -629,6 +698,29 @@ "type": "github" } }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat_2", + "gitignore": "gitignore", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1729104314, + "narHash": "sha256-pZRZsq5oCdJt3upZIU4aslS9XwFJ+/nVtALHIciX/BI=", + "owner": "cachix", + "repo": "git-hooks.nix", + "rev": "3c3e88f0f544d6bb54329832616af7eb971b6be6", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "git-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "blog-pim": "blog-pim", @@ -638,7 +730,9 @@ "nixhelm": "nixhelm", "nixng": "nixng", "nixpkgs": "nixpkgs_2", - "servers": "servers" + "pre-commit-hooks": "pre-commit-hooks", + "servers": "servers", + "treefmt-nix": "treefmt-nix_3" } }, "servers": { @@ -677,7 +771,7 @@ "servers", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1729775275, @@ -871,6 +965,24 @@ "type": "github" } }, + "treefmt-nix_3": { + "inputs": { + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1730120726, + "narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=", + "owner": "numtide", + "repo": "treefmt-nix", + "rev": "9ef337e492a5555d8e17a51c911ff1f02635be15", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "treefmt-nix", + "type": "github" + } + }, "treefmt_2": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 334c94d..d4b6610 100644 --- a/flake.nix +++ b/flake.nix @@ -4,6 +4,12 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; flutils.url = "github:numtide/flake-utils"; + treefmt-nix.url = "github:numtide/treefmt-nix"; + + pre-commit-hooks = { + url = "github:cachix/git-hooks.nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; nixhelm = { url = "github:farcaller/nixhelm"; @@ -40,9 +46,10 @@ }; }; - outputs = inputs@{ flutils, ... }: flutils.lib.meld inputs [ - ./kubenix.nix - ./scripts - ./globals.nix - ]; + outputs = inputs @ {flutils, ...}: + flutils.lib.meld inputs [ + ./kubenix.nix + ./scripts + ./globals.nix + ]; } diff --git a/formatter.nix b/formatter.nix new file mode 100644 index 0000000..3cef74a --- /dev/null +++ b/formatter.nix @@ -0,0 +1,27 @@ +{ + self, + nixpkgs, + treefmt-nix, + flake-utils, + pre-commit-hooks, + ... +}: +flake-utils.lib.eachDefaultSystem ( + system: let + pkgs = nixpkgs.legacyPackages.${system}; + treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix; + treefmtWrapper = treefmtEval.config.build.wrapper; + in { + packages.formatter = treefmtWrapper; + formatter = self.packages.${system}.formatter; + checks.pre-commit-check = pre-commit-hooks.lib.${system}.run { + src = ./.; + hooks = { + treefmt = { + enable = true; + package = treefmtWrapper; + }; + }; + }; + } +) diff --git a/treefmt.nix b/treefmt.nix new file mode 100644 index 0000000..e6da195 --- /dev/null +++ b/treefmt.nix @@ -0,0 +1,4 @@ +{...}: { + projectRootFile = "flake.nix"; + programs.alejandra.enable = true; +} From 8160b9da0b1e0186b7417d09f7a2d5dccf69e3c2 Mon Sep 17 00:00:00 2001 From: Pim Kunis Date: Mon, 28 Oct 2024 16:05:06 +0100 Subject: [PATCH 2/2] Format repo --- flake.lock | 54 ++++---- flake.nix | 9 +- globals.nix | 6 +- images/attic.nix | 12 +- images/dnsmasq.nix | 11 +- kubenix.nix | 155 ++++++++++++---------- modules/attic.nix | 29 ++-- modules/atuin.nix | 29 ++-- modules/bind9/default.nix | 30 +++-- modules/bind9/kun.is.zone.nix | 21 +-- modules/blog.nix | 7 +- modules/bootstrap-default.nix | 71 +++++----- modules/bootstrap-kube-system/default.nix | 18 ++- modules/cyberchef.nix | 7 +- modules/dnsmasq.nix | 9 +- modules/forgejo/default.nix | 9 +- modules/freshrss.nix | 17 ++- modules/hedgedoc.nix | 19 ++- modules/immich.nix | 43 +++--- modules/inbucket.nix | 9 +- modules/ingress.nix | 53 +++++--- modules/kitchenowl.nix | 17 ++- modules/kms.nix | 7 +- modules/longhorn-volume.nix | 56 ++++---- modules/media.nix | 49 ++++--- modules/minecraft.nix | 17 ++- modules/nextcloud.nix | 47 ++++--- modules/ntfy.nix | 15 ++- modules/paperless.nix | 37 ++++-- modules/pihole.nix | 7 +- modules/radicale.nix | 13 +- modules/syncthing.nix | 11 +- modules/tailscale-ingress.nix | 65 +++++---- modules/tailscale.nix | 8 +- modules/traefik.nix | 11 +- scripts/default.nix | 34 +++-- utils.nix | 23 +++- 37 files changed, 643 insertions(+), 392 deletions(-) diff --git a/flake.lock b/flake.lock index bd7121f..cce6cf3 100644 --- a/flake.lock +++ b/flake.lock @@ -3,7 +3,7 @@ "blog-pim": { "inputs": { "flutils": [ - "flutils" + "flake-utils" ], "nginx": "nginx", "nixpkgs": [ @@ -89,7 +89,7 @@ }, "dns_2": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_5", "nixpkgs": [ "servers", "nixpkgs" @@ -227,6 +227,24 @@ } }, "flake-utils_2": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { "inputs": { "systems": "systems_3" }, @@ -243,7 +261,7 @@ "type": "indirect" } }, - "flake-utils_3": { + "flake-utils_4": { "inputs": { "systems": "systems_4" }, @@ -261,7 +279,7 @@ "type": "github" } }, - "flake-utils_4": { + "flake-utils_5": { "locked": { "lastModified": 1614513358, "narHash": "sha256-LakhOx3S1dRjnh0b5Dg3mbZyH0ToC9I8Y2wKSkBaTzU=", @@ -276,7 +294,7 @@ "type": "github" } }, - "flake-utils_5": { + "flake-utils_6": { "inputs": { "systems": "systems_7" }, @@ -294,24 +312,6 @@ "type": "github" } }, - "flutils": { - "inputs": { - "systems": "systems" - }, - "locked": { - "lastModified": 1726560853, - "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "gitignore": { "inputs": { "nixpkgs": [ @@ -480,7 +480,7 @@ }, "nixhelm": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "haumea": "haumea", "nix-kube-generators": "nix-kube-generators", "nixpkgs": [ @@ -675,7 +675,7 @@ }, "poetry2nix": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_4", "nix-github-actions": "nix-github-actions", "nixpkgs": [ "nixhelm", @@ -725,7 +725,7 @@ "inputs": { "blog-pim": "blog-pim", "dns": "dns", - "flutils": "flutils", + "flake-utils": "flake-utils_2", "kubenix": "kubenix", "nixhelm": "nixhelm", "nixng": "nixng", @@ -740,7 +740,7 @@ "deploy-rs": "deploy-rs", "disko": "disko", "dns": "dns_2", - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_6", "kubenix": "kubenix_2", "nix-snapshotter": "nix-snapshotter", "nixng": "nixng_2", diff --git a/flake.nix b/flake.nix index d4b6610..8e7fbbd 100644 --- a/flake.nix +++ b/flake.nix @@ -3,7 +3,7 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - flutils.url = "github:numtide/flake-utils"; + flake-utils.url = "github:numtide/flake-utils"; treefmt-nix.url = "github:numtide/treefmt-nix"; pre-commit-hooks = { @@ -21,7 +21,7 @@ url = "git+https://git.kun.is/home/blog-pim?rev=7296f7f5bf5f089a5137036dcbd8058cf3e4a9e5"; inputs = { nixpkgs.follows = "nixpkgs"; - flutils.follows = "flutils"; + flutils.follows = "flake-utils"; }; }; @@ -46,10 +46,11 @@ }; }; - outputs = inputs @ {flutils, ...}: - flutils.lib.meld inputs [ + outputs = inputs @ {flake-utils, ...}: + flake-utils.lib.meld inputs [ ./kubenix.nix ./scripts ./globals.nix + ./formatter.nix ]; } diff --git a/globals.nix b/globals.nix index 91ee50b..8726879 100644 --- a/globals.nix +++ b/globals.nix @@ -1,5 +1,4 @@ -{ servers, ... }: -let +{servers, ...}: let globals = { images = { jellyfin = "jellyfin/jellyfin:10.10.0"; @@ -34,7 +33,6 @@ let minecraft = "itzg/minecraft-server:latest"; }; }; -in -{ +in { globals = globals // servers.globals; } diff --git a/images/attic.nix b/images/attic.nix index ee8a0aa..77c1008 100644 --- a/images/attic.nix +++ b/images/attic.nix @@ -1,13 +1,17 @@ -{ nixpkgs, nglib, ... }: +{ + nixpkgs, + nglib, + ... +}: nglib.makeSystem { inherit nixpkgs; system = "x86_64-linux"; name = "nixng-attic"; - config = { ... }: { + config = {...}: { dumb-init = { enable = true; - type.services = { }; + type.services = {}; }; init.services.attic = { @@ -22,7 +26,7 @@ nglib.makeSystem { # This is done because we quote the template for the toml file. # See: https://github.com/helmfile/vals?tab=readme-ov-file#expression-syntax # database.url = "ref+sops://secrets.yml#attic/databaseURL+"; - database = { }; + database = {}; storage = { type = "local"; diff --git a/images/dnsmasq.nix b/images/dnsmasq.nix index 6fc8c4f..6b3cc14 100644 --- a/images/dnsmasq.nix +++ b/images/dnsmasq.nix @@ -1,13 +1,18 @@ -{ globals, nixpkgs, nglib, ... }: +{ + globals, + nixpkgs, + nglib, + ... +}: nglib.makeSystem { inherit nixpkgs; system = "x86_64-linux"; name = "nixng-dnsmasq"; - config = { ... }: { + config = {...}: { dumb-init = { enable = true; - type.services = { }; + type.services = {}; }; init.services.dnsmasq = { diff --git a/kubenix.nix b/kubenix.nix index 8c1c7fd..95527de 100644 --- a/kubenix.nix +++ b/kubenix.nix @@ -1,15 +1,23 @@ -inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaultSystem - (system: - let - pkgs = nixpkgs.legacyPackages.${system}; - lib = pkgs.lib; - deployScript = (pkgs.writeScriptBin "applyset-deploy.sh" (builtins.readFile ./applyset-deploy.sh)).overrideAttrs (old: { - buildCommand = "${old.buildCommand}\npatchShebangs $out"; - }); +inputs @ { + self, + servers, + flake-utils, + nixpkgs, + kubenix, + ... +}: +flake-utils.lib.eachDefaultSystem +(system: let + pkgs = nixpkgs.legacyPackages.${system}; + lib = pkgs.lib; + deployScript = (pkgs.writeScriptBin "applyset-deploy.sh" (builtins.readFile ./applyset-deploy.sh)).overrideAttrs (old: { + buildCommand = "${old.buildCommand}\npatchShebangs $out"; + }); - machines = servers.machines.${system}; + machines = servers.machines.${system}; - mkKubernetes = name: module: namespace: (kubenix.evalModules.${system} { + mkKubernetes = name: module: namespace: + (kubenix.evalModules.${system} { specialArgs = { inherit namespace system machines self; inherit (inputs) nixhelm blog-pim dns nixpkgs nixng; @@ -22,67 +30,74 @@ inputs@{ self, servers, flutils, nixpkgs, kubenix, ... }: flutils.lib.eachDefaul }; }; - module = { kubenix, ... }: - { - imports = [ - kubenix.modules.k8s - kubenix.modules.helm - ./modules - module - ]; + module = {kubenix, ...}: { + imports = [ + kubenix.modules.k8s + kubenix.modules.helm + ./modules + module + ]; - config = { - kubenix.project = name; - kubernetes.namespace = namespace; - }; + config = { + kubenix.project = name; + kubernetes.namespace = namespace; }; - }).config.kubernetes; - - mkManifest = name: { module, namespace }: { - name = "${name}-manifest"; - value = (mkKubernetes name module namespace).result; - }; - - mkDeployApp = name: { module, namespace }: - let - kubernetes = mkKubernetes name module namespace; - kubeconfig = kubernetes.kubeconfig or ""; - result = kubernetes.result or ""; - - wrappedDeployScript = pkgs.symlinkJoin - { - name = "applyset-deploy.sh"; - paths = [ deployScript pkgs.vals pkgs.kubectl ]; - buildInputs = [ pkgs.makeWrapper ]; - passthru.manifest = result; - meta.mainProgram = "applyset-deploy.sh"; - - postBuild = - let - # HACK: create normal way of checking if server runs k8s - k8sMachines = lib.filterAttrs (n: m: m.kubernetesNodeLabels != null) machines; - k8sServerNames = builtins.concatStringsSep " " (builtins.attrNames k8sMachines); - in - /* bash */ '' - wrapProgram $out/bin/applyset-deploy.sh \ - --suffix PATH : "$out/bin" \ - --run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \ - --set MANIFEST '${result}' \ - --set NAME '${name}' \ - --set NAMESPACE '${namespace}' \ - --set SERVERS '${k8sServerNames}' \ - --set DYFF '${lib.getExe pkgs.dyff}' \ - --set GCROOTDIR '/nix/var/nix/gcroots/kubernetes-manifests' - ''; - }; - in - { - name = "${name}-deploy"; - value = wrappedDeployScript; }; + }) + .config + .kubernetes; - deployments = import ./deployments.nix; - in - { - packages = pkgs.lib.mergeAttrs (pkgs.lib.mapAttrs' mkDeployApp deployments) (pkgs.lib.mapAttrs' mkManifest deployments); - }) + mkManifest = name: { + module, + namespace, + }: { + name = "${name}-manifest"; + value = (mkKubernetes name module namespace).result; + }; + + mkDeployApp = name: { + module, + namespace, + }: let + kubernetes = mkKubernetes name module namespace; + kubeconfig = kubernetes.kubeconfig or ""; + result = kubernetes.result or ""; + + wrappedDeployScript = + pkgs.symlinkJoin + { + name = "applyset-deploy.sh"; + paths = [deployScript pkgs.vals pkgs.kubectl]; + buildInputs = [pkgs.makeWrapper]; + passthru.manifest = result; + meta.mainProgram = "applyset-deploy.sh"; + + postBuild = let + # HACK: create normal way of checking if server runs k8s + k8sMachines = lib.filterAttrs (n: m: m.kubernetesNodeLabels != null) machines; + k8sServerNames = builtins.concatStringsSep " " (builtins.attrNames k8sMachines); + in + /* + bash + */ + '' + wrapProgram $out/bin/applyset-deploy.sh \ + --suffix PATH : "$out/bin" \ + --run 'export KUBECONFIG=''${KUBECONFIG:-${toString kubeconfig}}' \ + --set MANIFEST '${result}' \ + --set NAME '${name}' \ + --set NAMESPACE '${namespace}' \ + --set SERVERS '${k8sServerNames}' \ + --set DYFF '${lib.getExe pkgs.dyff}' \ + --set GCROOTDIR '/nix/var/nix/gcroots/kubernetes-manifests' + ''; + }; + in { + name = "${name}-deploy"; + value = wrappedDeployScript; + }; + + deployments = import ./deployments.nix; +in { + packages = pkgs.lib.mergeAttrs (pkgs.lib.mapAttrs' mkDeployApp deployments) (pkgs.lib.mapAttrs' mkManifest deployments); +}) diff --git a/modules/attic.nix b/modules/attic.nix index 2c124c0..6e72133 100644 --- a/modules/attic.nix +++ b/modules/attic.nix @@ -1,4 +1,11 @@ -{ self, utils, lib, config, globals, ... }: { +{ + self, + utils, + lib, + config, + globals, + ... +}: { options.attic.enable = lib.mkEnableOption "attic"; config = lib.mkIf config.attic.enable { @@ -50,10 +57,12 @@ }; }; - volumeMounts = [{ - name = "data"; - mountPath = "/var/lib/atticd/storage"; - }]; + volumeMounts = [ + { + name = "data"; + mountPath = "/var/lib/atticd/storage"; + } + ]; }; volumes = { @@ -98,10 +107,12 @@ }; }; - volumeMounts = [{ - name = "data"; - mountPath = "/pgdata"; - }]; + volumeMounts = [ + { + name = "data"; + mountPath = "/pgdata"; + } + ]; }; volumes.data.persistentVolumeClaim.claimName = "database"; diff --git a/modules/atuin.nix b/modules/atuin.nix index c055a9c..7485f9f 100644 --- a/modules/atuin.nix +++ b/modules/atuin.nix @@ -1,4 +1,9 @@ -{ config, globals, lib, ... }: { +{ + config, + globals, + lib, + ... +}: { options.atuin.enable = lib.mkEnableOption "atuin"; config = lib.mkIf config.atuin.enable { @@ -34,7 +39,7 @@ image = globals.images.atuin; imagePullPolicy = "IfNotPresent"; ports.web.containerPort = 8888; - args = [ "server" "start" ]; + args = ["server" "start"]; env = { ATUIN_HOST.value = "0.0.0.0"; @@ -47,10 +52,12 @@ }; }; - volumeMounts = [{ - name = "data"; - mountPath = "/config"; - }]; + volumeMounts = [ + { + name = "data"; + mountPath = "/config"; + } + ]; }; database = { @@ -67,10 +74,12 @@ }; }; - volumeMounts = [{ - name = "database"; - mountPath = "/var/lib/postgresql/data"; - }]; + volumeMounts = [ + { + name = "database"; + mountPath = "/var/lib/postgresql/data"; + } + ]; }; }; }; diff --git a/modules/bind9/default.nix b/modules/bind9/default.nix index d99c8ad..5cebe2a 100644 --- a/modules/bind9/default.nix +++ b/modules/bind9/default.nix @@ -1,8 +1,12 @@ -{ config, lib, globals, dns, ... }: -let - kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix globals dns); -in { + config, + lib, + globals, + dns, + ... +}: let + kunisZone = dns.lib.toString "kun.is" (import ./kun.is.zone.nix globals dns); +in { options.bind9.enable = lib.mkEnableOption "bind9"; config = lib.mkIf config.bind9.enable { @@ -54,7 +58,7 @@ in containers = { bind9-udp = { image = globals.images.bind9; - envFrom = [{ configMapRef.name = "bind9-env"; }]; + envFrom = [{configMapRef.name = "bind9-env";}]; ports.dns-udp = { containerPort = 53; @@ -77,7 +81,7 @@ in bind9-tcp = { image = globals.images.bind9; - envFrom = [{ configMapRef.name = "bind9-env"; }]; + envFrom = [{configMapRef.name = "bind9-env";}]; ports.dns-tcp = { containerPort = 53; @@ -99,10 +103,12 @@ in }; }; - volumes = [{ - name = "config"; - configMap.name = "bind9-config"; - }]; + volumes = [ + { + name = "config"; + configMap.name = "bind9-config"; + } + ]; }; }; }; @@ -117,7 +123,7 @@ in spec = { type = "LoadBalancer"; selector.app = "bind9"; - ipFamilies = [ "IPv4" "IPv6" ]; + ipFamilies = ["IPv4" "IPv6"]; ipFamilyPolicy = "RequireDualStack"; ports.dns = { @@ -137,7 +143,7 @@ in spec = { type = "LoadBalancer"; selector.app = "bind9"; - ipFamilies = [ "IPv4" "IPv6" ]; + ipFamilies = ["IPv4" "IPv6"]; ipFamilyPolicy = "RequireDualStack"; ports.dns = { diff --git a/modules/bind9/kun.is.zone.nix b/modules/bind9/kun.is.zone.nix index fbca909..3c12587 100644 --- a/modules/bind9/kun.is.zone.nix +++ b/modules/bind9/kun.is.zone.nix @@ -1,4 +1,5 @@ -globals: dns: with dns.lib.combinators; { +globals: dns: +with dns.lib.combinators; { CAA = letsEncrypt "caa@kun.is"; SOA = { @@ -17,36 +18,36 @@ globals: dns: with dns.lib.combinators; { ]; TXT = [ - (with spf; soft [ "include:spf.glasnet.nl" ]) + (with spf; soft ["include:spf.glasnet.nl"]) ]; subdomains = rec { - "*".A = [ globals.routerPublicIPv4 ]; + "*".A = [globals.routerPublicIPv4]; ns = { - A = [ globals.routerPublicIPv4 ]; - AAAA = [ ]; + A = [globals.routerPublicIPv4]; + AAAA = []; }; ns1 = ns; ns2 = ns; wg = { - A = [ globals.routerPublicIPv4 ]; - AAAA = [ ]; + A = [globals.routerPublicIPv4]; + AAAA = []; }; #for SMTP2GO to be able send emails from kun.is domain em670271 = { - CNAME = [ "return.smtp2go.net." ]; + CNAME = ["return.smtp2go.net."]; }; "s670271._domainkey" = { - CNAME = [ "dkim.smtp2go.net." ]; + CNAME = ["dkim.smtp2go.net."]; }; link = { - CNAME = [ "track.smtp2go.net." ]; + CNAME = ["track.smtp2go.net."]; }; }; } diff --git a/modules/blog.nix b/modules/blog.nix index 0671bc2..a6c1ed7 100644 --- a/modules/blog.nix +++ b/modules/blog.nix @@ -1,4 +1,9 @@ -{ blog-pim, lib, config, ... }: { +{ + blog-pim, + lib, + config, + ... +}: { options.blog.enable = lib.mkEnableOption "blog"; config = lib.mkIf config.blog.enable { diff --git a/modules/bootstrap-default.nix b/modules/bootstrap-default.nix index 8aaa7e1..fccd2b7 100644 --- a/modules/bootstrap-default.nix +++ b/modules/bootstrap-default.nix @@ -1,4 +1,12 @@ -{ config, lib, nixhelm, system, globals, machines, ... }: { +{ + config, + lib, + nixhelm, + system, + globals, + machines, + ... +}: { options.bootstrap-default.enable = lib.mkEnableOption "bootstrap-default"; config = lib.mkIf config.bootstrap-default.enable { @@ -36,36 +44,35 @@ services.longhorn-frontend.spec.loadBalancerIP = globals.longhornIPv4; namespaces = { - static-websites = { }; - freshrss = { }; - radicale = { }; - kms = { }; - atuin = { }; - nextcloud = { }; - hedgedoc = { }; - kitchenowl = { }; - forgejo = { }; - paperless = { }; - syncthing = { }; - immich = { }; - attic = { }; - inbucket = { }; - dns = { }; - media = { }; - minecraft = { }; - tailscale = { }; - ntfy = { }; + static-websites = {}; + freshrss = {}; + radicale = {}; + kms = {}; + atuin = {}; + nextcloud = {}; + hedgedoc = {}; + kitchenowl = {}; + forgejo = {}; + paperless = {}; + syncthing = {}; + immich = {}; + attic = {}; + inbucket = {}; + dns = {}; + media = {}; + minecraft = {}; + tailscale = {}; + ntfy = {}; }; - nodes = - let - machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines; - in + nodes = let + machinesWithKubernetesLabels = lib.filterAttrs (name: machine: machine.kubernetesNodeLabels != null) machines; + in builtins.mapAttrs - (name: machine: { - metadata.labels = machine.kubernetesNodeLabels; - }) - machinesWithKubernetesLabels; + (name: machine: { + metadata.labels = machine.kubernetesNodeLabels; + }) + machinesWithKubernetesLabels; recurringJobs.backup-nfs.spec = { cron = "0 1 * * *"; # One o'clock at night @@ -74,13 +81,13 @@ concurrency = 1; }; - ipAddressPools.main.spec.addresses = [ "192.168.30.128-192.168.30.200" "2a0d:6e00:1a77:30::2-2a0d:6e00:1a77:30:ffff:ffff:ffff:fffe" ]; - l2Advertisements.main.metadata = { }; + ipAddressPools.main.spec.addresses = ["192.168.30.128-192.168.30.200" "2a0d:6e00:1a77:30::2-2a0d:6e00:1a77:30:ffff:ffff:ffff:fffe"]; + l2Advertisements.main.metadata = {}; persistentVolumes = { music-syncthing.spec = { capacity.storage = "1Gi"; - accessModes = [ "ReadWriteMany" ]; + accessModes = ["ReadWriteMany"]; nfs = { server = "lewis.dmz"; @@ -90,7 +97,7 @@ media-media.spec = { capacity.storage = "1Gi"; - accessModes = [ "ReadWriteMany" ]; + accessModes = ["ReadWriteMany"]; nfs = { server = "lewis.dmz"; diff --git a/modules/bootstrap-kube-system/default.nix b/modules/bootstrap-kube-system/default.nix index 619c1d4..c557072 100644 --- a/modules/bootstrap-kube-system/default.nix +++ b/modules/bootstrap-kube-system/default.nix @@ -1,4 +1,10 @@ -{ config, lib, nixhelm, system, ... }: { +{ + config, + lib, + nixhelm, + system, + ... +}: { options.bootstrap-kube-system.enable = lib.mkEnableOption "bootstrap-kube-system"; config = lib.mkIf config.bootstrap-kube-system.enable { @@ -29,10 +35,12 @@ server = "https://acme-v02.api.letsencrypt.org/directory"; email = "pim@kunis.nl"; privateKeySecretRef.name = "letsencrypt-private-key"; - solvers = [{ - selector = { }; - http01.ingress.class = "traefik"; - }]; + solvers = [ + { + selector = {}; + http01.ingress.class = "traefik"; + } + ]; }; }; }; diff --git a/modules/cyberchef.nix b/modules/cyberchef.nix index c25b23f..d2dabbc 100644 --- a/modules/cyberchef.nix +++ b/modules/cyberchef.nix @@ -1,4 +1,9 @@ -{ config, lib, globals, ... }: { +{ + config, + lib, + globals, + ... +}: { options.cyberchef.enable = lib.mkEnableOption "cyberchef"; config = lib.mkIf config.cyberchef.enable { diff --git a/modules/dnsmasq.nix b/modules/dnsmasq.nix index b287cac..5cc6b0a 100644 --- a/modules/dnsmasq.nix +++ b/modules/dnsmasq.nix @@ -1,4 +1,11 @@ -{ self, utils, globals, config, lib, ... }: { +{ + self, + utils, + globals, + config, + lib, + ... +}: { options.dnsmasq.enable = lib.mkEnableOption "dnsmasq"; config = lib.mkIf config.dnsmasq.enable { diff --git a/modules/forgejo/default.nix b/modules/forgejo/default.nix index 2e45aab..c35a5fc 100644 --- a/modules/forgejo/default.nix +++ b/modules/forgejo/default.nix @@ -1,9 +1,14 @@ -{ lib, config, globals, ... }: { +{ + lib, + config, + globals, + ... +}: { options.forgejo.enable = lib.mkEnableOption "forgejo"; config = lib.mkIf config.forgejo.enable { kubernetes.resources = { - secrets.forgejo.stringData.config = lib.generators.toINI { } (import ./config.nix); + secrets.forgejo.stringData.config = lib.generators.toINI {} (import ./config.nix); deployments.server.spec = { selector.matchLabels.app = "forgejo"; diff --git a/modules/freshrss.nix b/modules/freshrss.nix index a591ff6..0581d95 100644 --- a/modules/freshrss.nix +++ b/modules/freshrss.nix @@ -1,4 +1,9 @@ -{ config, lib, globals, ... }: { +{ + config, + lib, + globals, + ... +}: { options.freshrss.enable = lib.mkEnableOption "freshrss"; config = lib.mkIf config.freshrss.enable { @@ -43,10 +48,12 @@ }; }; - volumeMounts = [{ - name = "data"; - mountPath = "/var/www/FreshRSS/data"; - }]; + volumeMounts = [ + { + name = "data"; + mountPath = "/var/www/FreshRSS/data"; + } + ]; }; volumes.data.persistentVolumeClaim.claimName = "data"; diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix index 04b57e0..a889825 100644 --- a/modules/hedgedoc.nix +++ b/modules/hedgedoc.nix @@ -1,9 +1,14 @@ -{ config, lib, globals, ... }: { +{ + config, + lib, + globals, + ... +}: { options.hedgedoc.enable = lib.mkEnableOption "hedgedoc"; config = lib.mkIf config.hedgedoc.enable { kubernetes.resources = { - configMaps.hedgedoc-config.data.config = lib.generators.toJSON { } { + configMaps.hedgedoc-config.data.config = lib.generators.toJSON {} { useSSL = false; }; @@ -106,10 +111,12 @@ }; }; - volumeMounts = [{ - name = "database"; - mountPath = "/pgdata"; - }]; + volumeMounts = [ + { + name = "database"; + mountPath = "/pgdata"; + } + ]; }; volumes.database.persistentVolumeClaim.claimName = "database"; diff --git a/modules/immich.nix b/modules/immich.nix index 33608aa..0317b8b 100644 --- a/modules/immich.nix +++ b/modules/immich.nix @@ -1,4 +1,9 @@ -{ globals, config, lib, ... }: { +{ + globals, + config, + lib, + ... +}: { options.immich.enable = lib.mkEnableOption "immich"; config = lib.mkIf config.immich.enable { @@ -51,10 +56,12 @@ }; }; - volumeMounts = [{ - name = "data"; - mountPath = "/usr/src/app/upload"; - }]; + volumeMounts = [ + { + name = "data"; + mountPath = "/usr/src/app/upload"; + } + ]; }; }; }; @@ -90,10 +97,12 @@ ports.ml.containerPort = 3003; env.MACHINE_LEARNING_WORKER_TIMEOUT.value = "600"; - volumeMounts = [{ - name = "cache"; - mountPath = "/cache"; - }]; + volumeMounts = [ + { + name = "cache"; + mountPath = "/cache"; + } + ]; }; }; }; @@ -157,8 +166,8 @@ containers.postgres = { image = globals.images.immich-postgres; imagePullPolicy = "IfNotPresent"; - command = [ "postgres" ]; - args = [ "-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on" ]; + command = ["postgres"]; + args = ["-c" "shared_preload_libraries=vectors.so" "-c" "search_path=\"$$user\", public, vectors" "-c" "logging_collector=on" "-c" "max_wal_size=2GB" "-c" "shared_buffers=512MB" "-c" "wal_compression=on"]; ports.postgres.containerPort = 5432; securityContext.runAsUser = 999; securityContext.runAsGroup = 999; @@ -175,10 +184,12 @@ }; }; - volumeMounts = [{ - name = "data"; - mountPath = "/pgdata"; - }]; + volumeMounts = [ + { + name = "data"; + mountPath = "/pgdata"; + } + ]; }; }; }; @@ -239,7 +250,7 @@ }; persistentVolumeClaims.cache.spec = { - accessModes = [ "ReadWriteOnce" ]; + accessModes = ["ReadWriteOnce"]; resources.requests.storage = "5Gi"; }; }; diff --git a/modules/inbucket.nix b/modules/inbucket.nix index be8f140..7fbc481 100644 --- a/modules/inbucket.nix +++ b/modules/inbucket.nix @@ -1,9 +1,14 @@ -{ globals, config, lib, ... }: { +{ + globals, + config, + lib, + ... +}: { options.inbucket.enable = lib.mkEnableOption "inbucket"; config = lib.mkIf config.inbucket.enable { kubernetes.resources = { - serviceAccounts.inbucket = { }; + serviceAccounts.inbucket = {}; deployments.inbucket.spec = { selector.matchLabels.app = "inbucket"; diff --git a/modules/ingress.nix b/modules/ingress.nix index 99b2e78..9dbcb86 100644 --- a/modules/ingress.nix +++ b/modules/ingress.nix @@ -1,6 +1,9 @@ -{ lib, config, ... }: -let - ingressOpts = { name, ... }: { +{ + lib, + config, + ... +}: let + ingressOpts = {name, ...}: { options = { host = lib.mkOption { type = lib.types.str; @@ -22,17 +25,17 @@ let }; }; }; -in -{ +in { options = { lab.ingresses = lib.mkOption { type = with lib.types; attrsOf (submodule ingressOpts); - default = { }; + default = {}; }; }; config = { - kubernetes.resources.ingresses = builtins.mapAttrs + kubernetes.resources.ingresses = + builtins.mapAttrs (name: ingress: { metadata.annotations = { "cert-manager.io/cluster-issuer" = "letsencrypt"; @@ -42,24 +45,30 @@ in spec = { ingressClassName = "traefik"; - rules = [{ - host = ingress.host; + rules = [ + { + host = ingress.host; - http.paths = [{ - path = "/"; - pathType = "Prefix"; + http.paths = [ + { + path = "/"; + pathType = "Prefix"; - backend.service = { - name = ingress.service.name; - port.name = ingress.service.portName; - }; - }]; - }]; + backend.service = { + name = ingress.service.name; + port.name = ingress.service.portName; + }; + } + ]; + } + ]; - tls = [{ - secretName = "${name}-tls"; - hosts = [ ingress.host ]; - }]; + tls = [ + { + secretName = "${name}-tls"; + hosts = [ingress.host]; + } + ]; }; }) config.lab.ingresses; diff --git a/modules/kitchenowl.nix b/modules/kitchenowl.nix index f51d3ad..1042468 100644 --- a/modules/kitchenowl.nix +++ b/modules/kitchenowl.nix @@ -1,4 +1,9 @@ -{ lib, globals, config, ... }: { +{ + lib, + globals, + config, + ... +}: { options.kitchenowl.enable = lib.mkEnableOption "kitchenowl"; config = lib.mkIf config.kitchenowl.enable { @@ -33,10 +38,12 @@ key = "jwtSecretKey"; }; - volumeMounts = [{ - name = "data"; - mountPath = "/data"; - }]; + volumeMounts = [ + { + name = "data"; + mountPath = "/data"; + } + ]; }; securityContext = { diff --git a/modules/kms.nix b/modules/kms.nix index 826e7cd..a7b1f8e 100644 --- a/modules/kms.nix +++ b/modules/kms.nix @@ -1,4 +1,9 @@ -{ config, globals, lib, ... }: { +{ + config, + globals, + lib, + ... +}: { options.kms.enable = lib.mkEnableOption "kms"; config = lib.mkIf config.kms.enable { diff --git a/modules/longhorn-volume.nix b/modules/longhorn-volume.nix index 868e16f..6eb4bfd 100644 --- a/modules/longhorn-volume.nix +++ b/modules/longhorn-volume.nix @@ -1,6 +1,9 @@ -{ lib, config, ... }: -let - longhornVolumeOpts = { name, ... }: { +{ + lib, + config, + ... +}: let + longhornVolumeOpts = {name, ...}: { options = { storage = lib.mkOption { type = lib.types.str; @@ -13,7 +16,7 @@ let }; }; - longhornPVOpts = { name, ... }: { + longhornPVOpts = {name, ...}: { options = { storage = lib.mkOption { type = lib.types.str; @@ -21,7 +24,7 @@ let }; }; - longhornPVCOpts = { name, ... }: { + longhornPVCOpts = {name, ...}: { options = { volumeName = lib.mkOption { type = lib.types.str; @@ -34,34 +37,34 @@ let }; }; }; -in -{ +in { options = { lab.longhornVolumes = lib.mkOption { type = with lib.types; attrsOf (submodule longhornVolumeOpts); - default = { }; + default = {}; }; lab.longhorn = { persistentVolume = lib.mkOption { type = with lib.types; attrsOf (submodule longhornPVOpts); - default = { }; + default = {}; }; persistentVolumeClaim = lib.mkOption { type = with lib.types; attrsOf (submodule longhornPVCOpts); - default = { }; + default = {}; }; }; }; config = { kubernetes.resources = { - persistentVolumes = lib.mergeAttrs + persistentVolumes = + lib.mergeAttrs (builtins.mapAttrs (name: longhornVolume: { spec = { - accessModes = [ "ReadWriteOnce" ]; + accessModes = ["ReadWriteOnce"]; capacity.storage = longhornVolume.storage; persistentVolumeReclaimPolicy = "Delete"; volumeMode = "Filesystem"; @@ -84,10 +87,12 @@ in staleReplicaTimeout = "30"; unmapMarkSnapChainRemoved = "ignored"; - recurringJobSelector = lib.generators.toYAML { } [{ - name = "backup-nfs"; - isGroup = false; - }]; + recurringJobSelector = lib.generators.toYAML {} [ + { + name = "backup-nfs"; + isGroup = false; + } + ]; }; }; }; @@ -96,7 +101,7 @@ in (builtins.mapAttrs (name: longhornPV: { spec = { - accessModes = [ "ReadWriteOnce" ]; + accessModes = ["ReadWriteOnce"]; capacity.storage = longhornPV.storage; persistentVolumeReclaimPolicy = "Delete"; volumeMode = "Filesystem"; @@ -114,21 +119,24 @@ in staleReplicaTimeout = "30"; unmapMarkSnapChainRemoved = "ignored"; - recurringJobSelector = lib.generators.toYAML { } [{ - name = "backup-nfs"; - isGroup = false; - }]; + recurringJobSelector = lib.generators.toYAML {} [ + { + name = "backup-nfs"; + isGroup = false; + } + ]; }; }; }; }) config.lab.longhorn.persistentVolume); - persistentVolumeClaims = lib.mergeAttrs + persistentVolumeClaims = + lib.mergeAttrs (builtins.mapAttrs (name: longhornVolume: { spec = { - accessModes = [ "ReadWriteOnce" ]; + accessModes = ["ReadWriteOnce"]; resources.requests.storage = longhornVolume.storage; storageClassName = ""; }; @@ -137,7 +145,7 @@ in (builtins.mapAttrs (name: longhornPVC: { spec = { - accessModes = [ "ReadWriteOnce" ]; + accessModes = ["ReadWriteOnce"]; resources.requests.storage = longhornPVC.storage; storageClassName = ""; volumeName = longhornPVC.volumeName; diff --git a/modules/media.nix b/modules/media.nix index 8156e8b..3ed17d3 100644 --- a/modules/media.nix +++ b/modules/media.nix @@ -1,4 +1,9 @@ -{ globals, config, lib, ... }: { +{ + globals, + config, + lib, + ... +}: { options.media.enable = lib.mkEnableOption "media"; config = lib.mkIf config.media.enable { @@ -64,13 +69,17 @@ fsGroupChangePolicy = "OnRootMismatch"; }; - affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [{ - matchExpressions = [{ - key = "hasMedia"; - operator = "In"; - values = [ "true" ]; - }]; - }]; + affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms = [ + { + matchExpressions = [ + { + key = "hasMedia"; + operator = "In"; + values = ["true"]; + } + ]; + } + ]; }; }; }; @@ -167,10 +176,12 @@ TZ.value = "Europe/Amsterdam"; }; - volumeMounts = [{ - name = "config"; - mountPath = "/app/config"; - }]; + volumeMounts = [ + { + name = "config"; + mountPath = "/app/config"; + } + ]; }; securityContext = { @@ -274,10 +285,12 @@ TZ.value = "Europe/Amsterdam"; }; - volumeMounts = [{ - name = "config"; - mountPath = "/config"; - }]; + volumeMounts = [ + { + name = "config"; + mountPath = "/config"; + } + ]; }; securityContext = { @@ -518,12 +531,12 @@ persistentVolumeClaims = { jellyfin-cache.spec = { - accessModes = [ "ReadWriteOnce" ]; + accessModes = ["ReadWriteOnce"]; resources.requests.storage = "20Gi"; }; media.spec = { - accessModes = [ "ReadWriteMany" ]; + accessModes = ["ReadWriteMany"]; storageClassName = ""; resources.requests.storage = "1Mi"; volumeName = "media-media"; diff --git a/modules/minecraft.nix b/modules/minecraft.nix index a61dd6c..3e0a8f9 100644 --- a/modules/minecraft.nix +++ b/modules/minecraft.nix @@ -1,4 +1,9 @@ -{ lib, config, globals, ... }: { +{ + lib, + config, + globals, + ... +}: { options.minecraft.enable = lib.mkEnableOption "minecraft"; config = lib.mkIf config.minecraft.enable { @@ -18,10 +23,12 @@ env.EULA.value = "TRUE"; - volumeMounts = [{ - name = "data"; - mountPath = "/data"; - }]; + volumeMounts = [ + { + name = "data"; + mountPath = "/data"; + } + ]; }; securityContext = { diff --git a/modules/nextcloud.nix b/modules/nextcloud.nix index 7fd5035..9017255 100644 --- a/modules/nextcloud.nix +++ b/modules/nextcloud.nix @@ -1,4 +1,9 @@ -{ lib, config, globals, ... }: { +{ + lib, + config, + globals, + ... +}: { options.nextcloud.enable = lib.mkEnableOption "nextcloud"; config = lib.mkIf config.nextcloud.enable { @@ -45,10 +50,12 @@ }; }; - volumeMounts = [{ - name = "data"; - mountPath = "/var/www/html"; - }]; + volumeMounts = [ + { + name = "data"; + mountPath = "/var/www/html"; + } + ]; }; securityContext = { @@ -56,14 +63,18 @@ fsGroupChangePolicy = "OnRootMismatch"; }; - affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [{ - weight = 1; - preference.matchExpressions = [{ - key = "storageType"; - operator = "In"; - values = [ "fast" ]; - }]; - }]; + affinity.nodeAffinity.preferredDuringSchedulingIgnoredDuringExecution = [ + { + weight = 1; + preference.matchExpressions = [ + { + key = "storageType"; + operator = "In"; + values = ["fast"]; + } + ]; + } + ]; }; }; }; @@ -97,10 +108,12 @@ }; }; - volumeMounts = [{ - name = "database"; - mountPath = "/pgdata"; - }]; + volumeMounts = [ + { + name = "database"; + mountPath = "/pgdata"; + } + ]; }; volumes.database.persistentVolumeClaim.claimName = "database"; diff --git a/modules/ntfy.nix b/modules/ntfy.nix index bdd667a..4915e8c 100644 --- a/modules/ntfy.nix +++ b/modules/ntfy.nix @@ -1,9 +1,14 @@ -{ lib, config, globals, ... }: { +{ + lib, + config, + globals, + ... +}: { options.ntfy.enable = lib.mkEnableOption "ntfy"; config = lib.mkIf config.ntfy.enable { kubernetes.resources = { - configMaps.ntfy.data.config = lib.generators.toYAML { } { + configMaps.ntfy.data.config = lib.generators.toYAML {} { base-url = "https://ntfy.kun.is"; cache-file = "/var/cache/ntfy/cache.db"; cache-duration = "14d"; @@ -35,7 +40,7 @@ image = globals.images.ntfy; ports.web.containerPort = 80; env.TZ.value = "Europe/Amsterdam"; - args = [ "serve" ]; + args = ["serve"]; volumeMounts = [ { @@ -70,12 +75,12 @@ persistentVolumeClaims = { cache.spec = { - accessModes = [ "ReadWriteOnce" ]; + accessModes = ["ReadWriteOnce"]; resources.requests.storage = "300Mi"; }; attachment-cache.spec = { - accessModes = [ "ReadWriteOnce" ]; + accessModes = ["ReadWriteOnce"]; resources.requests.storage = "500Mi"; }; }; diff --git a/modules/paperless.nix b/modules/paperless.nix index 9eb59f7..5ac3937 100644 --- a/modules/paperless.nix +++ b/modules/paperless.nix @@ -1,4 +1,9 @@ -{ globals, lib, config, ... }: { +{ + globals, + lib, + config, + ... +}: { options.paperless.enable = lib.mkEnableOption "paperless"; config = lib.mkIf config.paperless.enable { @@ -64,10 +69,12 @@ }; }; - volumeMounts = [{ - name = "data"; - mountPath = "/data"; - }]; + volumeMounts = [ + { + name = "data"; + mountPath = "/data"; + } + ]; }; securityContext = { @@ -107,10 +114,12 @@ ports.redis.containerPort = 6379; imagePullPolicy = "IfNotPresent"; - volumeMounts = [{ - name = "data"; - mountPath = "/data"; - }]; + volumeMounts = [ + { + name = "data"; + mountPath = "/data"; + } + ]; }; securityContext = { @@ -159,10 +168,12 @@ }; }; - volumeMounts = [{ - name = "data"; - mountPath = "/pgdata"; - }]; + volumeMounts = [ + { + name = "data"; + mountPath = "/pgdata"; + } + ]; }; volumes.data.persistentVolumeClaim.claimName = "database"; diff --git a/modules/pihole.nix b/modules/pihole.nix index ec51aec..c437325 100644 --- a/modules/pihole.nix +++ b/modules/pihole.nix @@ -1,4 +1,9 @@ -{ globals, config, lib, ... }: { +{ + globals, + config, + lib, + ... +}: { options.pihole.enable = lib.mkEnableOption "pihole"; config = lib.mkIf config.pihole.enable { diff --git a/modules/radicale.nix b/modules/radicale.nix index c2769d4..aa0586b 100644 --- a/modules/radicale.nix +++ b/modules/radicale.nix @@ -1,4 +1,9 @@ -{ config, lib, globals, ... }: { +{ + config, + lib, + globals, + ... +}: { options.radicale.enable = lib.mkEnableOption "radicale"; config = lib.mkIf config.radicale.enable { @@ -6,7 +11,7 @@ configMaps.server.data = { users = "pim:$apr1$GUiTihkS$dDCkaUxFx/O86m6NCy/yQ."; - config = lib.generators.toINI { } { + config = lib.generators.toINI {} { server = { hosts = "0.0.0.0:5232, [::]:5232"; ssl = false; @@ -31,8 +36,8 @@ filesystem_folder = "/data"; }; - logging = { }; - headers = { }; + logging = {}; + headers = {}; }; }; diff --git a/modules/syncthing.nix b/modules/syncthing.nix index 93d3242..c06b81a 100644 --- a/modules/syncthing.nix +++ b/modules/syncthing.nix @@ -1,9 +1,14 @@ -{ globals, config, lib, ... }: { +{ + globals, + config, + lib, + ... +}: { options.syncthing.enable = lib.mkEnableOption "syncthing"; config = lib.mkIf config.syncthing.enable { kubernetes.resources = { - serviceAccounts.syncthing = { }; + serviceAccounts.syncthing = {}; deployments.syncthing.spec = { selector.matchLabels.app = "syncthing"; @@ -71,7 +76,7 @@ }; persistentVolumeClaims.music.spec = { - accessModes = [ "ReadWriteMany" ]; + accessModes = ["ReadWriteMany"]; storageClassName = ""; resources.requests.storage = "1Mi"; volumeName = "music-syncthing"; diff --git a/modules/tailscale-ingress.nix b/modules/tailscale-ingress.nix index 29ad04f..83e3f96 100644 --- a/modules/tailscale-ingress.nix +++ b/modules/tailscale-ingress.nix @@ -1,12 +1,16 @@ -{ lib, config, ... }: { +{ + lib, + config, + ... +}: { options = with lib.types; { lab.tailscaleIngresses = lib.mkOption { type = attrsOf (submodule { options = { - host = lib.mkOption { type = str; }; + host = lib.mkOption {type = str;}; service = { - name = lib.mkOption { type = str; }; + name = lib.mkOption {type = str;}; portName = lib.mkOption { type = str; @@ -16,37 +20,44 @@ }; }); - default = { }; + default = {}; }; }; - config = - let - cfg = config.lab.tailscaleIngresses; + config = let + cfg = config.lab.tailscaleIngresses; - mkTailscaleIngress = name: { host, service }: { - spec = { - ingressClassName = "tailscale"; + mkTailscaleIngress = name: { + host, + service, + }: { + spec = { + ingressClassName = "tailscale"; - rules = [{ - http.paths = [{ - path = "/"; - pathType = "Prefix"; + rules = [ + { + http.paths = [ + { + path = "/"; + pathType = "Prefix"; - backend.service = { - name = service.name; - port.name = service.portName; - }; - }]; - }]; + backend.service = { + name = service.name; + port.name = service.portName; + }; + } + ]; + } + ]; - tls = [{ - hosts = [ host ]; - }]; - }; + tls = [ + { + hosts = [host]; + } + ]; }; - in - { - kubernetes.resources.ingresses = builtins.mapAttrs mkTailscaleIngress cfg; }; + in { + kubernetes.resources.ingresses = builtins.mapAttrs mkTailscaleIngress cfg; + }; } diff --git a/modules/tailscale.nix b/modules/tailscale.nix index 97b0902..3a3b656 100644 --- a/modules/tailscale.nix +++ b/modules/tailscale.nix @@ -1,4 +1,10 @@ -{ nixhelm, system, config, lib, ... }: { +{ + nixhelm, + system, + config, + lib, + ... +}: { options.tailscale.enable = lib.mkEnableOption "tailscale"; config = lib.mkIf config.tailscale.enable { diff --git a/modules/traefik.nix b/modules/traefik.nix index e5d304f..b59253d 100644 --- a/modules/traefik.nix +++ b/modules/traefik.nix @@ -1,4 +1,9 @@ -{ lib, globals, config, ... }: { +{ + lib, + globals, + config, + ... +}: { options.traefik.enable = lib.mkEnableOption "traefik"; config = lib.mkIf config.traefik.enable { @@ -8,7 +13,7 @@ # Override Traefik's service with a static load balancer IP. # Create endpoint for HTTPS on port 444. # Allow external name services for servers in LAN. - spec.valuesContent = lib.generators.toYAML { } { + spec.valuesContent = lib.generators.toYAML {} { providers.kubernetesIngress.allowExternalNameServices = true; service.loadBalancerIP = globals.traefikIPv4; @@ -23,7 +28,7 @@ enabled = true; options = ""; certResolver = ""; - domains = [ ]; + domains = []; }; }; diff --git a/scripts/default.nix b/scripts/default.nix index 90dcbe2..c5a24df 100644 --- a/scripts/default.nix +++ b/scripts/default.nix @@ -1,23 +1,31 @@ -{ nixpkgs, flutils, ... }: flutils.lib.eachDefaultSystem (system: -let +{ + nixpkgs, + flake-utils, + ... +}: +flake-utils.lib.eachDefaultSystem (system: let pkgs = nixpkgs.legacyPackages.${system}; - createScript = { name, runtimeInputs, scriptPath, extraWrapperFlags ? "", ... }: - let - script = (pkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: { - buildCommand = "${old.buildCommand}\n patchShebangs $out"; - }); - in + createScript = { + name, + runtimeInputs, + scriptPath, + extraWrapperFlags ? "", + ... + }: let + script = (pkgs.writeScriptBin name (builtins.readFile scriptPath)).overrideAttrs (old: { + buildCommand = "${old.buildCommand}\n patchShebangs $out"; + }); + in pkgs.symlinkJoin { inherit name; - paths = [ script ] ++ runtimeInputs; - buildInputs = [ pkgs.makeWrapper ]; + paths = [script] ++ runtimeInputs; + buildInputs = [pkgs.makeWrapper]; postBuild = "wrapProgram $out/bin/${name} --set PATH $out/bin ${extraWrapperFlags}"; }; -in -{ +in { packages.gen-k3s-cert = createScript { name = "create-k3s-cert"; - runtimeInputs = with pkgs; [ openssl coreutils openssh yq ]; + runtimeInputs = with pkgs; [openssl coreutils openssh yq]; scriptPath = ./gen-k3s-cert.sh; }; }) diff --git a/utils.nix b/utils.nix index 8b05d75..99201ad 100644 --- a/utils.nix +++ b/utils.nix @@ -1,11 +1,22 @@ -{ pkgs, nixpkgs, nixng, globals, ... }: { - mkNixNGImage = name: file: - let - stream = (import file { +{ + pkgs, + nixpkgs, + nixng, + globals, + ... +}: { + mkNixNGImage = name: file: let + stream = + (import file { inherit nixpkgs nixng globals; inherit (nixng) nglib; - }).config.system.build.ociImage.stream; - in + }) + .config + .system + .build + .ociImage + .stream; + in pkgs.stdenv.mkDerivation { name = "${name}.tar"; src = stream;