tlaternet/tlaternet-server
1
0
Fork 0
Code Issues10 Pull requests Releases Activity

style(treewide): Apply linter suggestions

Browse source
This commit is contained in:
Tristan Daniël Maat 2025-05-20 20:38:43 +08:00
parent 5192ec9633
commit 3e9f6f2b23
Signed by: tlater
GPG key ID: 49670FD774E43268
13 changed files with 23 additions and 64 deletions

10
configuration/default.nix
View file

@ -1,7 +1,5 @@
{ {
config, config,
pkgs,
lib,
modulesPath, modulesPath,
flake-inputs, flake-inputs,
... ...
@ -32,13 +30,7 @@
./sops.nix ./sops.nix
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [ (_: prev: { local = import ../pkgs { pkgs = prev; }; }) ];
(final: prev: {
local = import ../pkgs {
pkgs = prev;
};
})
];
nix = { nix = {
extraOptions = '' extraOptions = ''

4
configuration/hardware-specific/vm.nix
View file

@ -15,9 +15,7 @@
systemd.network.networks."10-eth0" = { systemd.network.networks."10-eth0" = {
matchConfig.Name = "eth0"; matchConfig.Name = "eth0";
gateway = [ gateway = [ "192.168.9.1" ];
"192.168.9.1"
];
networkConfig = { networkConfig = {
Address = "192.168.9.2/24"; Address = "192.168.9.2/24";
}; };

4
configuration/services/backups.nix
View file

@ -57,7 +57,7 @@ in
''; '';
type = types.attrsOf ( type = types.attrsOf (
types.submodule ( types.submodule (
{ config, name, ... }: { name, ... }:
{ {
options = { options = {
user = lib.mkOption { user = lib.mkOption {
@ -246,7 +246,7 @@ in
}; };
} }
// lib.mapAttrs' ( // lib.mapAttrs' (
name: backup: name: _:
lib.nameValuePair "backup-${name}" { lib.nameValuePair "backup-${name}" {
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {

12
configuration/services/conduit/matrix-hookshot.nix
View file

@ -74,9 +74,7 @@ in
services.matrix-hookshot = { services.matrix-hookshot = {
enable = true; enable = true;
serviceDependencies = [ serviceDependencies = [ "conduit.service" ];
"conduit.service"
];
registrationFile = "/run/matrix-hookshot/registration.yaml"; registrationFile = "/run/matrix-hookshot/registration.yaml";
@ -126,15 +124,11 @@ in
listeners = [ listeners = [
{ {
port = 9000; port = 9000;
resources = [ resources = [ "webhooks" ];
"webhooks"
];
} }
{ {
port = 9001; port = 9001;
resources = [ resources = [ "metrics" ];
"metrics"
];
} }
]; ];

16
configuration/services/crowdsec.nix
View file

@ -8,9 +8,7 @@
security.crowdsec = { security.crowdsec = {
enable = true; enable = true;
parserWhitelist = [ parserWhitelist = [ "10.45.249.2" ];
"10.45.249.2"
];
extraGroups = [ extraGroups = [
"systemd-journal" "systemd-journal"
@ -21,25 +19,19 @@
{ {
source = "journalctl"; source = "journalctl";
labels.type = "syslog"; labels.type = "syslog";
journalctl_filter = [ journalctl_filter = [ "SYSLOG_IDENTIFIER=Nextcloud" ];
"SYSLOG_IDENTIFIER=Nextcloud"
];
} }
{ {
source = "journalctl"; source = "journalctl";
labels.type = "syslog"; labels.type = "syslog";
journalctl_filter = [ journalctl_filter = [ "SYSLOG_IDENTIFIER=sshd-session" ];
"SYSLOG_IDENTIFIER=sshd-session"
];
} }
{ {
labels.type = "nginx"; labels.type = "nginx";
filenames = filenames =
[ [ "/var/log/nginx/*.log" ]
"/var/log/nginx/*.log"
]
++ lib.mapAttrsToList ( ++ lib.mapAttrsToList (
vHost: _: "/var/log/nginx/${vHost}/access.log" vHost: _: "/var/log/nginx/${vHost}/access.log"
) config.services.nginx.virtualHosts; ) config.services.nginx.virtualHosts;

2
configuration/services/metrics/exporters.nix
View file

@ -74,7 +74,7 @@ in
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
group = "nginx"; group = "nginx";
settings.namespaces = lib.mapAttrsToList (name: virtualHost: { settings.namespaces = lib.mapAttrsToList (name: _: {
inherit name; inherit name;
metrics_override.prefix = "nginxlog"; metrics_override.prefix = "nginxlog";
namespace_label = "vhost"; namespace_label = "vhost";

4
configuration/services/metrics/options.nix
View file

@ -38,7 +38,7 @@ in
services.victoriametrics.scrapeConfigs = mkOption { services.victoriametrics.scrapeConfigs = mkOption {
type = types.attrsOf ( type = types.attrsOf (
types.submodule ( types.submodule (
{ name, self, ... }: { name, ... }:
{ {
options = { options = {
job_name = mkOption { job_name = mkOption {
@ -212,7 +212,7 @@ in
services.victoriametrics.scrapeConfigs = services.victoriametrics.scrapeConfigs =
let let
allExporters = lib.mapAttrs (name: exporter: { inherit (exporter) listenAddress port; }) ( allExporters = lib.mapAttrs (_: exporter: { inherit (exporter) listenAddress port; }) (
(lib.filterAttrs ( (lib.filterAttrs (
name: exporter: name: exporter:
# A bunch of deprecated exporters that need to be ignored # A bunch of deprecated exporters that need to be ignored

6
configuration/services/metrics/victorialogs.nix
View file

@ -1,8 +1,4 @@
{ { config, lib, ... }:
config,
lib,
...
}:
let let
cfg = config.services.victorialogs; cfg = config.services.victorialogs;
in in

6
configuration/services/nextcloud.nix
View file

@ -15,12 +15,12 @@ in
package = nextcloud; package = nextcloud;
phpPackage = lib.mkForce ( phpPackage = lib.mkForce (
pkgs.php.override { pkgs.php.override {
packageOverrides = final: prev: { packageOverrides = _: prev: {
extensions = prev.extensions // { extensions = prev.extensions // {
pgsql = prev.extensions.pgsql.overrideAttrs (old: { pgsql = prev.extensions.pgsql.overrideAttrs (_: {
configureFlags = [ "--with-pgsql=${lib.getDev config.services.postgresql.package}" ]; configureFlags = [ "--with-pgsql=${lib.getDev config.services.postgresql.package}" ];
}); });
pdo_pgsql = prev.extensions.pdo_pgsql.overrideAttrs (old: { pdo_pgsql = prev.extensions.pdo_pgsql.overrideAttrs (_: {
configureFlags = [ "--with-pdo-pgsql=${lib.getDev config.services.postgresql.package}" ]; configureFlags = [ "--with-pdo-pgsql=${lib.getDev config.services.postgresql.package}" ];
}); });
}; };

4
modules/crowdsec/default.nix
View file

@ -267,9 +267,7 @@ in
}; };
}; };
systemd.packages = [ systemd.packages = [ cfg.package ];
cfg.package
];
environment = { environment = {
systemPackages = [ systemPackages = [

8
modules/crowdsec/remediations/cs-firewall-bouncer.nix
View file

@ -31,9 +31,7 @@ in
security.crowdsec.remediationComponents.firewallBouncer.settings = { security.crowdsec.remediationComponents.firewallBouncer.settings = {
mode = lib.mkDefault "${if config.networking.nftables.enable then "nftables" else "iptables"}"; mode = lib.mkDefault "${if config.networking.nftables.enable then "nftables" else "iptables"}";
log_mode = "stdout"; log_mode = "stdout";
iptables_chains = [ iptables_chains = [ "nixos-fw" ];
"nixos-fw"
];
# Don't let users easily override this; unfortunately we need to # Don't let users easily override this; unfortunately we need to
# set up this key through substitution at runtime. # set up this key through substitution at runtime.
@ -78,9 +76,7 @@ in
requiredBy = [ "crowdsec.service" ]; requiredBy = [ "crowdsec.service" ];
path = path =
lib.optionals (cfg.settings.mode == "ipset" || cfg.settings.mode == "iptables") [ lib.optionals (cfg.settings.mode == "ipset" || cfg.settings.mode == "iptables") [ pkgs.ipset ]
pkgs.ipset
]
++ lib.optional (cfg.settings.mode == "iptables") pkgs.iptables ++ lib.optional (cfg.settings.mode == "iptables") pkgs.iptables
++ lib.optional (cfg.settings.mode == "nftables") pkgs.nftables; ++ lib.optional (cfg.settings.mode == "nftables") pkgs.nftables;
}; };

6
modules/crowdsec/remediations/default.nix
View file

@ -1,5 +1 @@
{ { imports = [ ./cs-firewall-bouncer.nix ]; }
imports = [
./cs-firewall-bouncer.nix
];
}

5
pkgs/crowdsec/hub.nix
View file

@ -1,4 +1 @@
{ { sources }: sources.crowdsec-hub.src
sources,
}:
sources.crowdsec-hub.src