diff --git a/configuration/default.nix b/configuration/default.nix index f874733..aebea7a 100644 --- a/configuration/default.nix +++ b/configuration/default.nix @@ -1,7 +1,5 @@ { config, - pkgs, - lib, modulesPath, flake-inputs, ... @@ -32,13 +30,7 @@ ./sops.nix ]; - nixpkgs.overlays = [ - (final: prev: { - local = import ../pkgs { - pkgs = prev; - }; - }) - ]; + nixpkgs.overlays = [ (_: prev: { local = import ../pkgs { pkgs = prev; }; }) ]; nix = { extraOptions = '' diff --git a/configuration/hardware-specific/vm.nix b/configuration/hardware-specific/vm.nix index db563fe..23969f0 100644 --- a/configuration/hardware-specific/vm.nix +++ b/configuration/hardware-specific/vm.nix @@ -15,9 +15,7 @@ systemd.network.networks."10-eth0" = { matchConfig.Name = "eth0"; - gateway = [ - "192.168.9.1" - ]; + gateway = [ "192.168.9.1" ]; networkConfig = { Address = "192.168.9.2/24"; }; diff --git a/configuration/services/backups.nix b/configuration/services/backups.nix index 81e3554..baa61e3 100644 --- a/configuration/services/backups.nix +++ b/configuration/services/backups.nix @@ -57,7 +57,7 @@ in ''; type = types.attrsOf ( types.submodule ( - { config, name, ... }: + { name, ... }: { options = { user = lib.mkOption { @@ -246,7 +246,7 @@ in }; } // lib.mapAttrs' ( - name: backup: + name: _: lib.nameValuePair "backup-${name}" { wantedBy = [ "timers.target" ]; timerConfig = { diff --git a/configuration/services/conduit/matrix-hookshot.nix b/configuration/services/conduit/matrix-hookshot.nix index c1f16dc..6846d99 100644 --- a/configuration/services/conduit/matrix-hookshot.nix +++ b/configuration/services/conduit/matrix-hookshot.nix @@ -74,9 +74,7 @@ in services.matrix-hookshot = { enable = true; - serviceDependencies = [ - "conduit.service" - ]; + serviceDependencies = [ "conduit.service" ]; registrationFile = "/run/matrix-hookshot/registration.yaml"; @@ -126,15 +124,11 @@ in listeners = [ { port = 9000; - resources = [ - "webhooks" - ]; + resources = [ "webhooks" ]; } { port = 9001; - resources = [ - "metrics" - ]; + resources = [ "metrics" ]; } ]; diff --git a/configuration/services/crowdsec.nix b/configuration/services/crowdsec.nix index 6e0f367..b736047 100644 --- a/configuration/services/crowdsec.nix +++ b/configuration/services/crowdsec.nix @@ -8,9 +8,7 @@ security.crowdsec = { enable = true; - parserWhitelist = [ - "10.45.249.2" - ]; + parserWhitelist = [ "10.45.249.2" ]; extraGroups = [ "systemd-journal" @@ -21,25 +19,19 @@ { source = "journalctl"; labels.type = "syslog"; - journalctl_filter = [ - "SYSLOG_IDENTIFIER=Nextcloud" - ]; + journalctl_filter = [ "SYSLOG_IDENTIFIER=Nextcloud" ]; } { source = "journalctl"; labels.type = "syslog"; - journalctl_filter = [ - "SYSLOG_IDENTIFIER=sshd-session" - ]; + journalctl_filter = [ "SYSLOG_IDENTIFIER=sshd-session" ]; } { labels.type = "nginx"; filenames = - [ - "/var/log/nginx/*.log" - ] + [ "/var/log/nginx/*.log" ] ++ lib.mapAttrsToList ( vHost: _: "/var/log/nginx/${vHost}/access.log" ) config.services.nginx.virtualHosts; diff --git a/configuration/services/metrics/exporters.nix b/configuration/services/metrics/exporters.nix index 80a3480..52c2a46 100644 --- a/configuration/services/metrics/exporters.nix +++ b/configuration/services/metrics/exporters.nix @@ -74,7 +74,7 @@ in listenAddress = "127.0.0.1"; group = "nginx"; - settings.namespaces = lib.mapAttrsToList (name: virtualHost: { + settings.namespaces = lib.mapAttrsToList (name: _: { inherit name; metrics_override.prefix = "nginxlog"; namespace_label = "vhost"; diff --git a/configuration/services/metrics/options.nix b/configuration/services/metrics/options.nix index d69ecfb..a0c35b6 100644 --- a/configuration/services/metrics/options.nix +++ b/configuration/services/metrics/options.nix @@ -38,7 +38,7 @@ in services.victoriametrics.scrapeConfigs = mkOption { type = types.attrsOf ( types.submodule ( - { name, self, ... }: + { name, ... }: { options = { job_name = mkOption { @@ -212,7 +212,7 @@ in services.victoriametrics.scrapeConfigs = let - allExporters = lib.mapAttrs (name: exporter: { inherit (exporter) listenAddress port; }) ( + allExporters = lib.mapAttrs (_: exporter: { inherit (exporter) listenAddress port; }) ( (lib.filterAttrs ( name: exporter: # A bunch of deprecated exporters that need to be ignored diff --git a/configuration/services/metrics/victorialogs.nix b/configuration/services/metrics/victorialogs.nix index ae47c39..413659a 100644 --- a/configuration/services/metrics/victorialogs.nix +++ b/configuration/services/metrics/victorialogs.nix @@ -1,8 +1,4 @@ -{ - config, - lib, - ... -}: +{ config, lib, ... }: let cfg = config.services.victorialogs; in diff --git a/configuration/services/nextcloud.nix b/configuration/services/nextcloud.nix index b5cb691..5790cdf 100644 --- a/configuration/services/nextcloud.nix +++ b/configuration/services/nextcloud.nix @@ -15,12 +15,12 @@ in package = nextcloud; phpPackage = lib.mkForce ( pkgs.php.override { - packageOverrides = final: prev: { + packageOverrides = _: prev: { extensions = prev.extensions // { - pgsql = prev.extensions.pgsql.overrideAttrs (old: { + pgsql = prev.extensions.pgsql.overrideAttrs (_: { configureFlags = [ "--with-pgsql=${lib.getDev config.services.postgresql.package}" ]; }); - pdo_pgsql = prev.extensions.pdo_pgsql.overrideAttrs (old: { + pdo_pgsql = prev.extensions.pdo_pgsql.overrideAttrs (_: { configureFlags = [ "--with-pdo-pgsql=${lib.getDev config.services.postgresql.package}" ]; }); }; diff --git a/modules/crowdsec/default.nix b/modules/crowdsec/default.nix index c0003a5..ac93c4a 100644 --- a/modules/crowdsec/default.nix +++ b/modules/crowdsec/default.nix @@ -267,9 +267,7 @@ in }; }; - systemd.packages = [ - cfg.package - ]; + systemd.packages = [ cfg.package ]; environment = { systemPackages = [ diff --git a/modules/crowdsec/remediations/cs-firewall-bouncer.nix b/modules/crowdsec/remediations/cs-firewall-bouncer.nix index aa70552..2769432 100644 --- a/modules/crowdsec/remediations/cs-firewall-bouncer.nix +++ b/modules/crowdsec/remediations/cs-firewall-bouncer.nix @@ -31,9 +31,7 @@ in security.crowdsec.remediationComponents.firewallBouncer.settings = { mode = lib.mkDefault "${if config.networking.nftables.enable then "nftables" else "iptables"}"; log_mode = "stdout"; - iptables_chains = [ - "nixos-fw" - ]; + iptables_chains = [ "nixos-fw" ]; # Don't let users easily override this; unfortunately we need to # set up this key through substitution at runtime. @@ -78,9 +76,7 @@ in requiredBy = [ "crowdsec.service" ]; path = - lib.optionals (cfg.settings.mode == "ipset" || cfg.settings.mode == "iptables") [ - pkgs.ipset - ] + lib.optionals (cfg.settings.mode == "ipset" || cfg.settings.mode == "iptables") [ pkgs.ipset ] ++ lib.optional (cfg.settings.mode == "iptables") pkgs.iptables ++ lib.optional (cfg.settings.mode == "nftables") pkgs.nftables; }; diff --git a/modules/crowdsec/remediations/default.nix b/modules/crowdsec/remediations/default.nix index 7df6ade..c3c0790 100644 --- a/modules/crowdsec/remediations/default.nix +++ b/modules/crowdsec/remediations/default.nix @@ -1,5 +1 @@ -{ - imports = [ - ./cs-firewall-bouncer.nix - ]; -} +{ imports = [ ./cs-firewall-bouncer.nix ]; } diff --git a/pkgs/crowdsec/hub.nix b/pkgs/crowdsec/hub.nix index d057ca8..1b8c9b3 100644 --- a/pkgs/crowdsec/hub.nix +++ b/pkgs/crowdsec/hub.nix @@ -1,4 +1 @@ -{ - sources, -}: -sources.crowdsec-hub.src +{ sources }: sources.crowdsec-hub.src