From 6b8d8541c6e4efd8f0d583f05205f4ad1c21bee7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= Date: Sun, 4 Dec 2022 08:53:28 +0100 Subject: [PATCH] Deadnix, statix, other cleanups --- flake.nix | 8 +-- hosts/auth/default.nix | 4 +- hosts/blogs/default.nix | 2 +- hosts/broker/default.nix | 2 +- hosts/c3d2-web/default.nix | 12 ++--- hosts/dacbert/default.nix | 2 +- hosts/direkthilfe/default.nix | 11 ++-- hosts/dn42/default.nix | 2 +- hosts/factorio/default.nix | 2 +- hosts/ftp/default.nix | 2 +- hosts/gitea/default.nix | 2 +- hosts/glotzbert/default.nix | 2 +- hosts/glotzbert/hardware-configuration.nix | 2 +- hosts/grafana/default.nix | 2 +- hosts/hedgedoc/default.nix | 2 +- hosts/hydra/default.nix | 4 +- hosts/hydra/hardware-configuration.nix | 2 +- hosts/hydra/hydra.nix | 2 +- hosts/leon/default.nix | 2 +- hosts/leoncloud/default.nix | 2 +- hosts/matemat/default.nix | 2 +- hosts/mediawiki/default.nix | 2 +- hosts/mobilizon/default.nix | 2 +- hosts/mucbot/default.nix | 2 +- hosts/network-homepage/default.nix | 4 +- hosts/nfsroot/default.nix | 4 +- hosts/nncp/default.nix | 2 +- hosts/nncp/neighbours.nix | 8 +-- hosts/oparl/default.nix | 8 ++- hosts/prometheus/default.nix | 4 +- hosts/public-access-proxy/proxy.nix | 63 ++++++++++------------ hosts/public-access-proxy/stats.nix | 2 +- hosts/pulsebert/hardware-configuration.nix | 2 +- hosts/rpi-netboot/default.nix | 2 +- hosts/scrape/default.nix | 2 +- hosts/sdrweb/default.nix | 2 +- hosts/server10/default.nix | 2 +- hosts/server10/hardware-configuration.nix | 2 +- hosts/server8/default.nix | 2 +- hosts/server8/hardware-configuration.nix | 2 +- hosts/server9/default.nix | 2 +- hosts/server9/hardware-configuration.nix | 2 +- hosts/spaceapi/default.nix | 3 +- hosts/ticker/default.nix | 4 +- hosts/zengel/default.nix | 11 ++-- modules/audio-server.nix | 2 +- modules/backup.nix | 2 +- modules/c3d2.nix | 8 +-- modules/cluster/default.nix | 6 +-- modules/cluster/deployment-options.nix | 4 +- modules/cluster/deployment.nix | 3 +- modules/logging.nix | 26 +-------- modules/microvm.nix | 4 +- modules/nncp.nix | 38 ++++++------- modules/plume.nix | 9 ++-- modules/rpi-netboot.nix | 2 +- overlays/bmxd.nix | 2 +- overlays/plume/default.nix | 3 +- packages.nix | 12 +---- 59 files changed, 139 insertions(+), 192 deletions(-) diff --git a/flake.nix b/flake.nix index 950d9da1..3d32b924 100644 --- a/flake.nix +++ b/flake.nix @@ -207,7 +207,7 @@ inherit (inputs) tracer bevy-mandelbrot bevy-julia; }; - legacyPackages = lib.attrsets.mapAttrs (system: pkgs: + legacyPackages = lib.attrsets.mapAttrs (_: pkgs: pkgs.appendOverlays [ fenix.overlays.default naersk.overlay @@ -224,7 +224,7 @@ inherit specialArgs system; modules = [ - ({ pkgs, ... }: { + ({ ... }: { _module.args = extraArgs // { inherit hostRegistry inputs zentralwerk; }; @@ -327,7 +327,7 @@ radiobert = nixosSystem' { modules = [ - ({ modulesPath, ... }: + ({ ... }: { nixpkgs.overlays = [ heliwatch.overlay ]; }) @@ -763,7 +763,7 @@ else nixosSystem.config.system.build.toplevel ) self.nixosConfigurations // nixos.lib.filterAttrs (name: attr: - (builtins.match ".+-tftproot" name != null && lib.isDerivation attr) + (lib.match ".+-tftproot" name != null && lib.isDerivation attr) ) self.packages.aarch64-linux ); }; diff --git a/hosts/auth/default.nix b/hosts/auth/default.nix index 813e8ebb..eb535c3c 100644 --- a/hosts/auth/default.nix +++ b/hosts/auth/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, lib, pkgs, ... }: +{ config, ... }: { c3d2 = { @@ -58,7 +58,7 @@ age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; defaultSopsFile = ./secrets.yaml; secrets."portunus/seed" = { - group = config.services.portunus.group; + inherit (config.services.portunus) group; owner = config.services.portunus.user; }; }; diff --git a/hosts/blogs/default.nix b/hosts/blogs/default.nix index a45d968e..357bf17a 100644 --- a/hosts/blogs/default.nix +++ b/hosts/blogs/default.nix @@ -1,4 +1,4 @@ -{ hostRegistry, zentralwerk, config, ... }: +{ config, ... }: { microvm.mem = 2048; c3d2.deployment = { diff --git a/hosts/broker/default.nix b/hosts/broker/default.nix index 6664c55a..3c31cc64 100644 --- a/hosts/broker/default.nix +++ b/hosts/broker/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, zentralwerk, ... }: +{ config, pkgs, ... }: let mymqttui = pkgs.writeScriptBin "mqttui" '' diff --git a/hosts/c3d2-web/default.nix b/hosts/c3d2-web/default.nix index ae29141b..4b5a66ac 100644 --- a/hosts/c3d2-web/default.nix +++ b/hosts/c3d2-web/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, nixpkgs, config, lib, pkgs, ... }: +{ config, pkgs, ... }: let webroot = "/var/www"; geminiRoot = "/var/gemini"; @@ -150,11 +150,11 @@ in home = "/var/lib/c3d2-web"; }; - systemd.tmpfiles.rules = [ - "d ${webroot}/c3d2 0755 c3d2-web ${config.users.users.c3d2-web.group} -" - "d ${webroot}/log 0755 c3d2-web ${config.users.users.c3d2-web.group} -" - "d ${geminiRoot} 0755 c3d2-web ${config.users.users.c3d2-web.group} -" - "d ${config.users.users.c3d2-web.home} 0700 c3d2-web ${config.users.users.c3d2-web.group} -" + systemd.tmpfiles.rules = with config.users.users.c3d2-web; [ + "d ${webroot}/c3d2 0755 c3d2-web ${group} -" + "d ${webroot}/log 0755 c3d2-web ${group} -" + "d ${geminiRoot} 0755 c3d2-web ${group} -" + "d ${home} 0700 c3d2-web ${group} -" ]; # Build script diff --git a/hosts/dacbert/default.nix b/hosts/dacbert/default.nix index 90bbd332..cb34dc1d 100644 --- a/hosts/dacbert/default.nix +++ b/hosts/dacbert/default.nix @@ -1,4 +1,4 @@ -{ hostRegistry, config, lib, pkgs, modulesPath, ... }: +{ hostRegistry, config, lib, pkgs, ... }: { c3d2 = { diff --git a/hosts/direkthilfe/default.nix b/hosts/direkthilfe/default.nix index 89674680..e289dc4a 100644 --- a/hosts/direkthilfe/default.nix +++ b/hosts/direkthilfe/default.nix @@ -1,7 +1,6 @@ -{ pkgs, ... }: -let - domain = "direkthilfe.c3d2.de"; -in { +{ config, pkgs, ... }: + +{ networking.hostName = "direkthilfe"; microvm.mem = 1024; c3d2.deployment = { @@ -27,7 +26,7 @@ in { services.engelsystem = { enable = true; - domain = domain; + domain = "direkthilfe.c3d2.de"; createDatabase = true; package = pkgs.engelsystem.override { php = pkgs.php74; }; config = { @@ -64,7 +63,7 @@ in { services.phpfpm.phpPackage = pkgs.php74; services.nginx = { enable = true; - virtualHosts."${domain}" = { + virtualHosts."${config.services.engelsystem.domain}" = { default = true; forceSSL = true; enableACME = true; diff --git a/hosts/dn42/default.nix b/hosts/dn42/default.nix index 879ca71d..f2db903a 100644 --- a/hosts/dn42/default.nix +++ b/hosts/dn42/default.nix @@ -140,7 +140,7 @@ in { } '' else ""; - interface = if conf ? interface then conf.interface else name; + interface = conf.interface or name; in "${neighbor4}${neighbor6}") neighbors)); in '' protocol kernel { diff --git a/hosts/factorio/default.nix b/hosts/factorio/default.nix index fbd4585d..9a7109ff 100644 --- a/hosts/factorio/default.nix +++ b/hosts/factorio/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, lib, pkgs, ... }: +{ config, lib, ... }: { c3d2 = { diff --git a/hosts/ftp/default.nix b/hosts/ftp/default.nix index 245deebc..63afffdb 100644 --- a/hosts/ftp/default.nix +++ b/hosts/ftp/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, zentralwerk, ... }: +{ config, pkgs, ... }: { c3d2 = { diff --git a/hosts/gitea/default.nix b/hosts/gitea/default.nix index e160679d..dff1a079 100644 --- a/hosts/gitea/default.nix +++ b/hosts/gitea/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, zentralwerk, ... }: +{ config, pkgs, lib, ... }: { c3d2 = { diff --git a/hosts/glotzbert/default.nix b/hosts/glotzbert/default.nix index 2d6e201e..5847dc3a 100644 --- a/hosts/glotzbert/default.nix +++ b/hosts/glotzbert/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, pkgs, ... }: +{ config, pkgs, ... }: { imports = [ ./hardware-configuration.nix ]; diff --git a/hosts/glotzbert/hardware-configuration.nix b/hosts/glotzbert/hardware-configuration.nix index 700acaed..37ee602f 100644 --- a/hosts/glotzbert/hardware-configuration.nix +++ b/hosts/glotzbert/hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ lib, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; diff --git a/hosts/grafana/default.nix b/hosts/grafana/default.nix index 3661cebb..9b2e0f75 100644 --- a/hosts/grafana/default.nix +++ b/hosts/grafana/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, pkgs, lib, modulesPath, ... }: +{ config, pkgs, ... }: let restartServices = [ "grafana" "influxdb" ]; diff --git a/hosts/hedgedoc/default.nix b/hosts/hedgedoc/default.nix index 08b6ef76..c0c7fa30 100644 --- a/hosts/hedgedoc/default.nix +++ b/hosts/hedgedoc/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, lib, pkgs, ... }: +{ config, pkgs, ... }: { c3d2 = { diff --git a/hosts/hydra/default.nix b/hosts/hydra/default.nix index 3277103e..93ffdba1 100644 --- a/hosts/hydra/default.nix +++ b/hosts/hydra/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, pkgs, lib, ... }: +{ config, pkgs, ... }: { imports = [ @@ -52,5 +52,5 @@ c3d2.hq.statistics.enable = true; services.smartd.enable = true; - system.stateVersion = "20.09"; # Did you read the comment? + system.stateVersion = "20.09"; } diff --git a/hosts/hydra/hardware-configuration.nix b/hosts/hydra/hardware-configuration.nix index 51876ce3..5340469a 100644 --- a/hosts/hydra/hardware-configuration.nix +++ b/hosts/hydra/hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, modulesPath, ... }: { imports = diff --git a/hosts/hydra/hydra.nix b/hosts/hydra/hydra.nix index 663c1225..77f5e8e4 100644 --- a/hosts/hydra/hydra.nix +++ b/hosts/hydra/hydra.nix @@ -1,4 +1,4 @@ -{ self, hostRegistry, hydra-ca, config, lib, pkgs, ... }: +{ config, lib, ... }: let cachePort = 5000; diff --git a/hosts/leon/default.nix b/hosts/leon/default.nix index e2fc50a3..ced6c838 100644 --- a/hosts/leon/default.nix +++ b/hosts/leon/default.nix @@ -26,7 +26,7 @@ # `...-' `...-' #-------------------------------------------------------------------------------- -{ config, lib, pkgs, ... }: +{ lib, pkgs, ... }: { deployment = { persistedShares = [ "/etc" "/home" "/var" ]; diff --git a/hosts/leoncloud/default.nix b/hosts/leoncloud/default.nix index e94ba0f3..ed126e07 100644 --- a/hosts/leoncloud/default.nix +++ b/hosts/leoncloud/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: { deployment = { diff --git a/hosts/matemat/default.nix b/hosts/matemat/default.nix index e1ea56b8..0ca0bceb 100644 --- a/hosts/matemat/default.nix +++ b/hosts/matemat/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, lib, pkgs, ... }: +{ pkgs, ... }: { c3d2 = { diff --git a/hosts/mediawiki/default.nix b/hosts/mediawiki/default.nix index 0422d64f..1a561f31 100644 --- a/hosts/mediawiki/default.nix +++ b/hosts/mediawiki/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, lib, pkgs, ... }: +{ config, lib, pkgs, ... }: { networking.hostName = "mediawiki"; diff --git a/hosts/mobilizon/default.nix b/hosts/mobilizon/default.nix index b996ad0c..689d3422 100644 --- a/hosts/mobilizon/default.nix +++ b/hosts/mobilizon/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, pkgs, ... }: +{ config, pkgs, ... }: { microvm.mem = 1024; c3d2.isInHq = false; diff --git a/hosts/mucbot/default.nix b/hosts/mucbot/default.nix index b3d13456..e681656a 100644 --- a/hosts/mucbot/default.nix +++ b/hosts/mucbot/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, tigger, ... }: +{ pkgs, tigger, ... }: { deployment = { diff --git a/hosts/network-homepage/default.nix b/hosts/network-homepage/default.nix index fdcf2285..6143ab63 100644 --- a/hosts/network-homepage/default.nix +++ b/hosts/network-homepage/default.nix @@ -1,6 +1,4 @@ -{ zentralwerk, config, lib, pkgs, ... }: - -with lib; +{ zentralwerk, pkgs, ... }: { system.stateVersion = "22.05"; diff --git a/hosts/nfsroot/default.nix b/hosts/nfsroot/default.nix index 7187b395..c913d0b0 100644 --- a/hosts/nfsroot/default.nix +++ b/hosts/nfsroot/default.nix @@ -1,7 +1,5 @@ -{ zentralwerk, config, lib, pkgs, ... }: +{ lib, ... }: let - netConfig = zentralwerk.lib.config.site.net.serv; - nfsExports = [ "var/lib/nfsroot/dacbert" "var/lib/nfsroot/riscbert" diff --git a/hosts/nncp/default.nix b/hosts/nncp/default.nix index 32307479..997115df 100644 --- a/hosts/nncp/default.nix +++ b/hosts/nncp/default.nix @@ -37,7 +37,7 @@ xx = "tx"; # transmit only when-tx-exists = true; }; - in lib.mapAttrs (name: value: + in lib.mapAttrs (_: value: value // { via = lib.lists.remove "c3d2" value.via; } // (lib.attrsets.optionalAttrs (value.addrs or { } != { }) { diff --git a/hosts/nncp/neighbours.nix b/hosts/nncp/neighbours.nix index d10158ea..fc77799c 100644 --- a/hosts/nncp/neighbours.nix +++ b/hosts/nncp/neighbours.nix @@ -1,7 +1,7 @@ -{ config, lib, pkgs, ... }: +{ config, pkgs, ... }: -let - exec = { +{ + programs.nncp.settings.neigh.emery.exec = { # A command to asynchronously export store paths to a remote caller. nix-store-export = with pkgs; [ @@ -16,4 +16,4 @@ let # A command to import store paths from a remote caller. nix-store-import = [ "${config.nix.package}/bin/nix-store" "--import" ]; }; -in { programs.nncp.settings.neigh = { emery = { inherit exec; }; }; } +} diff --git a/hosts/oparl/default.nix b/hosts/oparl/default.nix index 32f1c6fb..713ca79e 100644 --- a/hosts/oparl/default.nix +++ b/hosts/oparl/default.nix @@ -1,9 +1,7 @@ -{ zentralwerk, oparl-scraper, config, pkgs, ... }: +{ oparl-scraper, config, pkgs, ... }: + let ratsinfo-scraper = import oparl-scraper { inherit pkgs; }; - - netConfig = zentralwerk.lib.config.site.net.serv; - in { c3d2.deployment = { @@ -41,7 +39,7 @@ in path = with pkgs; [ git openssh poppler_utils ratsinfo-scraper ]; - script = '' + script = /* bash */ '' if [ -d data ]; then pushd data git pull diff --git a/hosts/prometheus/default.nix b/hosts/prometheus/default.nix index c36ef496..c3c366e0 100644 --- a/hosts/prometheus/default.nix +++ b/hosts/prometheus/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, pkgs, lib, ... }: +{ zentralwerk, config, lib, ... }: { sops.defaultSopsFile = ./secrets.yaml; @@ -64,7 +64,7 @@ static_configs = let zwNets = zentralwerk.lib.config.site.net; - fromNet = net: filter: + fromNet = net: _: map (host: "${host}.${net}.zentralwerk.org:9100" ) (builtins.attrNames zwNets.${net}.hosts4); diff --git a/hosts/public-access-proxy/proxy.nix b/hosts/public-access-proxy/proxy.nix index eb3b65e0..21f5070e 100644 --- a/hosts/public-access-proxy/proxy.nix +++ b/hosts/public-access-proxy/proxy.nix @@ -1,50 +1,48 @@ -{ config, lib, pkgs, ... }: +{ config, lib, ... }: -with lib; -let cfg = config.services.proxy; - - canonicalize = builtins.replaceStrings ["*" "." ":" "[" "]"] ["all" "_" "_" "" ""]; - -in { +let + cfg = config.services.proxy; + canonicalize = builtins.replaceStrings [ "*" "." ":" "[" "]" ] [ "all" "_" "_" "" "" ]; +in +{ options.services.proxy = { - - enable = mkOption { + enable = lib.mkOption { default = false; description = "whether to enable proxy"; - type = types.bool; + type = lib.types.bool; }; - proxyHosts = mkOption { - type = types.listOf (types.submodule { + proxyHosts = lib.mkOption { + type = lib.types.listOf (lib.types.submodule { options = { - hostNames = mkOption { - type = types.listOf types.str; + hostNames = lib.mkOption { + type = with lib.types; listOf str; default = [ ]; description = '' Proxy these hostNames. ''; }; - proxyTo = mkOption { - type = types.submodule { + proxyTo = lib.mkOption { + type = lib.types.submodule { options = { - host = mkOption { - type = types.nullOr types.string; + host = lib.mkOption { + type = with lib.types; nullOr string; default = null; description = '' Host to forward traffic to. Any hostname may only be used once ''; }; - httpPort = mkOption { - type = types.int; + httpPort = lib.mkOption { + type = lib.types.int; default = 80; description = '' Port to forward http to. ''; }; - httpsPort = mkOption { - type = types.int; + httpsPort = lib.mkOption { + type = lib.types.int; default = 443; description = '' Port to forward http to. @@ -57,8 +55,8 @@ in { ''; default = { }; }; - matchArg = mkOption { - type = types.str; + matchArg = lib.mkOption { + type = lib.types.str; default = ""; description = "Optional argument to HAProxy `req.ssl_sni -i`"; }; @@ -76,11 +74,9 @@ in { }; }]; }; - }; - config = mkIf cfg.enable { - + config = lib.mkIf cfg.enable { services.haproxy = { enable = true; config = '' @@ -101,10 +97,9 @@ in { option forwardfor http-request set-header X-Forwarded-Proto http http-request set-header X-Forwarded-Port 80 - ${ - concatMapStrings ({ proxyTo, hostNames, matchArg }: - optionalString (hostNames != [ ] && proxyTo.host != null) ( - concatMapStrings (hostname: '' + ${lib.concatMapStrings ({ proxyTo, hostNames, matchArg }: + lib.optionalString (hostNames != [ ] && proxyTo.host != null) ( + lib.concatMapStrings (hostname: '' use-server ${canonicalize hostname}-http if { req.hdr(host) -i ${matchArg} ${hostname} } server ${canonicalize hostname}-http ${proxyTo.host}:${ toString proxyTo.httpPort @@ -118,13 +113,13 @@ in { bind :::443 v4v6 tcp-request inspect-delay 5s tcp-request content accept if { req.ssl_hello_type 1 } - ${concatMapStrings ({ proxyTo, hostNames, matchArg }: - concatMapStrings (hostname: '' + ${lib.concatMapStrings ({ proxyTo, hostNames, matchArg }: + lib.concatMapStrings (hostname: '' use_backend ${canonicalize proxyTo.host}-https if { req.ssl_sni -i ${matchArg} ${hostname} } '') hostNames ) cfg.proxyHosts} - ${concatMapStrings ({ proxyTo, hostNames, matchArg }: '' + ${lib.concatMapStrings ({ proxyTo, ... }: '' backend ${canonicalize proxyTo.host}-https server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${ toString proxyTo.httpsPort diff --git a/hosts/public-access-proxy/stats.nix b/hosts/public-access-proxy/stats.nix index 09fac918..1656fbeb 100644 --- a/hosts/public-access-proxy/stats.nix +++ b/hosts/public-access-proxy/stats.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, ... }: { c3d2.hq.statistics.enable = true; diff --git a/hosts/pulsebert/hardware-configuration.nix b/hosts/pulsebert/hardware-configuration.nix index 26675d11..caf973a7 100644 --- a/hosts/pulsebert/hardware-configuration.nix +++ b/hosts/pulsebert/hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ lib, ... }: { #imports = diff --git a/hosts/rpi-netboot/default.nix b/hosts/rpi-netboot/default.nix index 40fb2ff1..017dec7c 100644 --- a/hosts/rpi-netboot/default.nix +++ b/hosts/rpi-netboot/default.nix @@ -1,4 +1,4 @@ -{ hostRegistry, nixpkgs, config, lib, pkgs, modulesPath, ... }: +{ hostRegistry, lib, pkgs, ... }: { c3d2 = { diff --git a/hosts/scrape/default.nix b/hosts/scrape/default.nix index 4bbf9290..fe8fa315 100644 --- a/hosts/scrape/default.nix +++ b/hosts/scrape/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, pkgs, config, scrapers, ... }: +{ pkgs, config, scrapers, ... }: let freifunkNodes = { diff --git a/hosts/sdrweb/default.nix b/hosts/sdrweb/default.nix index a5bc6a17..f6e53b0f 100644 --- a/hosts/sdrweb/default.nix +++ b/hosts/sdrweb/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, config, pkgs, ... }: +{ config, pkgs, ... }: { deployment = { # needs to keep just its ssh key for sops-nix diff --git a/hosts/server10/default.nix b/hosts/server10/default.nix index 1b829a29..a16d803e 100644 --- a/hosts/server10/default.nix +++ b/hosts/server10/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, ... }: { imports = [ diff --git a/hosts/server10/hardware-configuration.nix b/hosts/server10/hardware-configuration.nix index 50ffe4f0..fb2caeed 100644 --- a/hosts/server10/hardware-configuration.nix +++ b/hosts/server10/hardware-configuration.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, modulesPath, ... }: { imports = diff --git a/hosts/server8/default.nix b/hosts/server8/default.nix index e84a6b59..a8bb6654 100644 --- a/hosts/server8/default.nix +++ b/hosts/server8/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { imports = [ diff --git a/hosts/server8/hardware-configuration.nix b/hosts/server8/hardware-configuration.nix index 597568d2..17de888d 100644 --- a/hosts/server8/hardware-configuration.nix +++ b/hosts/server8/hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, modulesPath, ... }: { imports = diff --git a/hosts/server9/default.nix b/hosts/server9/default.nix index ea5a2b4c..1f28e789 100644 --- a/hosts/server9/default.nix +++ b/hosts/server9/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +_: { imports = [ diff --git a/hosts/server9/hardware-configuration.nix b/hosts/server9/hardware-configuration.nix index c1abba41..0a9b72d9 100644 --- a/hosts/server9/hardware-configuration.nix +++ b/hosts/server9/hardware-configuration.nix @@ -1,7 +1,7 @@ # Do not modify this file! It was generated by ‘nixos-generate-config’ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, modulesPath, ... }: { imports = diff --git a/hosts/spaceapi/default.nix b/hosts/spaceapi/default.nix index 2475fb3a..5861ef59 100644 --- a/hosts/spaceapi/default.nix +++ b/hosts/spaceapi/default.nix @@ -1,4 +1,5 @@ -{ zentralwerk, ... }: +_: + { c3d2.deployment = { server = "server10"; diff --git a/hosts/ticker/default.nix b/hosts/ticker/default.nix index 152c6a25..154daefd 100644 --- a/hosts/ticker/default.nix +++ b/hosts/ticker/default.nix @@ -1,6 +1,4 @@ -{ zentralwerk, config, lib, pkgs, ... }: - -with lib; +{ zentralwerk, config, ... }: { system.stateVersion = "22.05"; diff --git a/hosts/zengel/default.nix b/hosts/zengel/default.nix index 1a423801..57ef41a5 100644 --- a/hosts/zengel/default.nix +++ b/hosts/zengel/default.nix @@ -1,7 +1,6 @@ -{ pkgs, ... }: -let - domain = "zengel.datenspuren.de"; -in { +{ config, pkgs, ... }: + +{ networking.hostName = "zengel"; microvm.mem = 1024; c3d2.deployment = { @@ -13,7 +12,7 @@ in { services.engelsystem = { enable = true; - domain = domain; + domain = "zengel.datenspuren.de"; createDatabase = true; package = pkgs.engelsystem.override { php = pkgs.php74; }; config = { @@ -50,7 +49,7 @@ in { services.phpfpm.phpPackage = pkgs.php74; services.nginx = { enable = true; - virtualHosts."${domain}" = { + virtualHosts."${config.services.engelsystem.domain}" = { default = true; forceSSL = true; enableACME = true; diff --git a/modules/audio-server.nix b/modules/audio-server.nix index ad6fe887..107314b7 100644 --- a/modules/audio-server.nix +++ b/modules/audio-server.nix @@ -35,7 +35,7 @@ bluetoothSupport = true; advancedBluetoothCodecs = true; zeroconfSupport = true; - }).overrideAttrs (oldAttrs: { + }).overrideAttrs (_: { # one test times out doCheck = false; }); diff --git a/modules/backup.nix b/modules/backup.nix index 936fa1e2..2c0585ef 100644 --- a/modules/backup.nix +++ b/modules/backup.nix @@ -2,7 +2,7 @@ { config.services.postgresqlBackup = { - enable = config.services.postgresql.enable; + inherit (config.services.postgresql) enable; backupAll = true; compression = "zstd"; # compressionLevel = 9; # TODO: only available with 21.11 diff --git a/modules/c3d2.nix b/modules/c3d2.nix index f15493d9..60d6f2f2 100644 --- a/modules/c3d2.nix +++ b/modules/c3d2.nix @@ -169,21 +169,21 @@ in config = let - adminKeys = (with builtins; lib.lists.flatten ( + adminKeys = with builtins; lib.lists.flatten ( map (getAttr "sshKeys") (attrValues cfg.users) - )); + ); mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x); in { networking.hosts = lib.mkIf cfg.mergeHostsFile (( lib.attrsets.mapAttrs' (n: v: { name = v.ip4; value = [ "${n}.c3d2" ]; }) - (lib.attrsets.filterAttrs (n: v: v.ip4 != null) cfg.hosts) + (lib.attrsets.filterAttrs (_: v: v.ip4 != null) cfg.hosts) ) // ( lib.attrsets.mapAttrs' (n: v: { name = v.ip6; value = [ "${n}.c3d2" ]; }) - (lib.attrsets.filterAttrs (n: v: v.ip6 != null) cfg.hosts) + (lib.attrsets.filterAttrs (_: v: v.ip6 != null) cfg.hosts) )); programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp; diff --git a/modules/cluster/default.nix b/modules/cluster/default.nix index 7b698fd0..7acbbe57 100644 --- a/modules/cluster/default.nix +++ b/modules/cluster/default.nix @@ -1,4 +1,4 @@ -{ zentralwerk, hostRegistry, config, lib, pkgs, ... }: +{ zentralwerk, hostRegistry, config, lib, ... }: let inherit (config.networking) hostName; @@ -15,8 +15,6 @@ let then net else result ) null [ "cluster" "serv" ]; - - ipv4Addr = zentralwerk.lib.config.site.net.${serverNet hostName}.hosts4.${hostName}; in { # Open firewall between cluster members networking.firewall.extraCommands = lib.concatMapStrings (server: @@ -41,7 +39,7 @@ in { ); nomad = { datacenter = "c3d2"; - servers = servers; + inherit servers; # run tasks only on these: client.enable = builtins.elem hostName microvmServers; client.meta = diff --git a/modules/cluster/deployment-options.nix b/modules/cluster/deployment-options.nix index 4f77f516..c7ee785a 100644 --- a/modules/cluster/deployment-options.nix +++ b/modules/cluster/deployment-options.nix @@ -13,9 +13,9 @@ networks = mkOption { type = with types; listOf str; default = builtins.attrNames ( - lib.filterAttrs (net: { hosts4, hosts6, ... }: + lib.filterAttrs (_: { hosts4, hosts6, ... }: hosts4 ? ${config.networking.hostName} || - lib.filterAttrs (ctx: hosts6: + lib.filterAttrs (_: hosts6: hosts6 ? ${config.networking.hostName} ) hosts6 != {} ) zentralwerk.lib.config.site.net diff --git a/modules/cluster/deployment.nix b/modules/cluster/deployment.nix index 8a23ac35..ceedabd0 100644 --- a/modules/cluster/deployment.nix +++ b/modules/cluster/deployment.nix @@ -31,8 +31,7 @@ in { microvm = { hypervisor = "cloud-hypervisor"; - vcpu = config.deployment.vcpu; - mem = config.deployment.mem; + inherit (config.deployment) mem vcpu; preStart = '' # Discard old writable store overlay diff --git a/modules/logging.nix b/modules/logging.nix index 13681b10..683af85d 100644 --- a/modules/logging.nix +++ b/modules/logging.nix @@ -1,28 +1,6 @@ -{ hostRegistry, config, pkgs, lib, ... }: +{ config, pkgs, lib, ... }: -let - - nginxGlobalLogging = '' - log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", ' - '"remote_addr": "$remote_addr", ' - '"body_bytes_sent": $body_bytes_sent, ' - '"request_time": $request_time, ' - '"response_status": $status, ' - '"request": "$request", ' - '"request_method": "$request_method", ' - '"host": "$host",' - '"upstream_cache_status": "$upstream_cache_status",' - '"upstream_addr": "$upstream_addr",' - '"http_x_forwarded_for": "$http_x_forwarded_for",' - '"http_referrer": "$http_referer", ' - '"http_user_agent": "$http_user_agent" }'; - - # replace the hostnames with the IP or hostname of your Graylog2 server - access_log syslog:server=graylog.server.org:12301 graylog2_json; - error_log syslog:server=graylog.server.org:12302; - ''; - -in { +{ # add central logging services.journalbeat = { enable = false; diff --git a/modules/microvm.nix b/modules/microvm.nix index 8df5d8a8..fad57689 100644 --- a/modules/microvm.nix +++ b/modules/microvm.nix @@ -19,9 +19,9 @@ let "${builtins.substring 0 1 hash}2:${c 2}:${c 4}:${c 6}:${c 8}:${c 10}"; nets = builtins.attrNames ( - lib.filterAttrs (net: { hosts4, hosts6, ... }: + lib.filterAttrs (_: { hosts4, hosts6, ... }: hosts4 ? ${hostName} || - lib.filterAttrs (ctx: hosts6: + lib.filterAttrs (_: hosts6: hosts6 ? ${hostName} ) hosts6 != {} ) zentralwerk.lib.config.site.net diff --git a/modules/nncp.nix b/modules/nncp.nix index f605a7a7..23aa135f 100644 --- a/modules/nncp.nix +++ b/modules/nncp.nix @@ -1,13 +1,10 @@ -{ config, lib, pkgs, ... }: -with lib; +{ config, lib, ... }: let nncpCfgFile = "/run/nncp.hjson"; programCfg = lib.optionalAttrs (config.programs ? nncp) config.programs.nncp; callerCfg = config.services.nncp.caller; daemonCfg = config.services.nncp.daemon; - settingsFormat = pkgs.formats.json { }; - jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings; pkg = programCfg.package; in { @@ -15,13 +12,13 @@ in services.nncp = { caller = { - enable = mkEnableOption '' + enable = lib.mkEnableOption '' croned NNCP TCP daemon caller. The daemon will take configuration from ''; - extraArgs = mkOption { - type = with types; listOf str; + extraArgs = lib.mkOption { + type = with lib.types; listOf str; description = "Extra command-line arguments to pass to caller."; default = [ ]; example = [ "-autotoss" ]; @@ -29,18 +26,18 @@ in }; daemon = { - enable = mkEnableOption '' + enable = lib.mkEnableOption '' NNCP TCP synronization daemon. The daemon will take configuration from ''; socketActivation = { - enable = mkEnableOption '' + enable = lib.mkEnableOption '' Whether to run nncp-daemon persistently or socket-activated. ''; - listenStreams = mkOption { - type = with types; listOf str; + listenStreams = lib.mkOption { + type = with lib.types; listOf str; description = '' TCP sockets to bind to. See . @@ -49,8 +46,8 @@ in }; }; - extraArgs = mkOption { - type = with types; listOf str; + extraArgs = lib.mkOption { + type = with lib.types; listOf str; description = "Extra command-line arguments to pass to daemon."; default = [ ]; example = [ "-autotoss" ]; @@ -60,15 +57,14 @@ in }; }; - config = mkIf (programCfg.enable or callerCfg.enable or daemonCfg.enable) { - + config = lib.mkIf (programCfg.enable or callerCfg.enable or daemonCfg.enable) { assertions = [{ - assertion = with builtins; + assertion = let callerCongfigured = let neigh = config.programs.nncp.settings.neigh or { }; - in lib.lists.any (x: hasAttr "calls" x && x.calls != [ ]) - (attrValues neigh); + in lib.lists.any (x: lib.hasAttr "calls" x && x.calls != [ ]) + (lib.attrValues neigh); in !callerCfg.enable || callerCongfigured; message = "NNCP caller enabled but call configuration is missing"; }]; @@ -89,7 +85,7 @@ in }; }; - systemd.services."nncp-daemon" = mkIf daemonCfg.enable { + systemd.services."nncp-daemon" = lib.mkIf daemonCfg.enable { enable = !daemonCfg.socketActivation.enable; description = "NNCP TCP syncronization daemon."; documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ]; @@ -106,7 +102,7 @@ in }; }; - systemd.services."nncp-daemon@" = mkIf daemonCfg.socketActivation.enable { + systemd.services."nncp-daemon@" = lib.mkIf daemonCfg.socketActivation.enable { description = "NNCP TCP syncronization daemon."; documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ]; after = [ "network.target" ]; @@ -123,7 +119,7 @@ in }; }; - systemd.sockets.nncp-daemon = mkIf daemonCfg.socketActivation.enable { + systemd.sockets.nncp-daemon = lib.mkIf daemonCfg.socketActivation.enable { inherit (daemonCfg.socketActivation) listenStreams; description = "socket for NNCP TCP syncronization."; conflicts = [ "nncp-daemon.service" ]; diff --git a/modules/plume.nix b/modules/plume.nix index 530c5abd..1a9a0534 100644 --- a/modules/plume.nix +++ b/modules/plume.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: let - inherit (pkgs) plume; cfg = config.services.plume; in { @@ -33,7 +32,7 @@ in ids.uids.plume = 499; users.users.${cfg.user} = { uid = config.ids.uids.plume; - group = cfg.group; + inherit (cfg) group; home = "/var/lib/plume"; }; users.groups.${cfg.group} = {}; @@ -52,11 +51,11 @@ in after = [ "postgresql.service" ]; requires = [ "postgresql.service" ]; wantedBy = [ "multi-user.target" ]; - path = [ plume ]; + path = [ pkgs.plume ]; script = '' ln -sf ${cfg.envFile} .env mkdir -p static/media - for f in ${plume}/share/plume/static/*; do + for f in ${pkgs.plume}/share/plume/static/*; do n=$(basename "$f") if [ "$n" != media ]; then rm -f "static/$n" @@ -79,7 +78,7 @@ in #! ${pkgs.runtimeShell} -e plm() { - sudo -u ${config.services.plume.user} -- ${plume}/bin/plm $@ + sudo -u ${config.services.plume.user} -- ${pkgs.plume}/bin/plm $@ } plm migration run diff --git a/modules/rpi-netboot.nix b/modules/rpi-netboot.nix index 8de21ce2..3c0782ac 100644 --- a/modules/rpi-netboot.nix +++ b/modules/rpi-netboot.nix @@ -1,4 +1,4 @@ -{ hostRegistry, config, pkgs, lib, ... }: +{ config, pkgs, lib, ... }: { boot = { loader.generic-extlinux-compatible.enable = false; diff --git a/overlays/bmxd.nix b/overlays/bmxd.nix index f5741fa5..8a4e9324 100644 --- a/overlays/bmxd.nix +++ b/overlays/bmxd.nix @@ -1,4 +1,4 @@ -{ stdenv, fetchgit, fetchpatch, }: +{ stdenv, fetchgit }: stdenv.mkDerivation { pname = "bmxd"; diff --git a/overlays/plume/default.nix b/overlays/plume/default.nix index ad4ce17c..70149ff7 100644 --- a/overlays/plume/default.nix +++ b/overlays/plume/default.nix @@ -1,6 +1,5 @@ { naersk , fenix -, curl , nodejs , rustPlatform , stdenv @@ -137,7 +136,7 @@ let "--package=plume-front" ]; copyLibs = true; - overrideMain = oa: { + overrideMain = _: { buildPhase = '' wasm-pack build --mode no-install --target web --release plume-front ''; diff --git a/packages.nix b/packages.nix index 83f9d90b..7ffdf033 100644 --- a/packages.nix +++ b/packages.nix @@ -5,12 +5,7 @@ let let hostConf = hostRegistry.hosts."${name}"; in - if hostConf ? ip4 - then hostConf.ip4 - else if hostConf ? ip6 - then hostConf.ip6 - else throw "Host ${name} has no ip4 or ip6 address"; - + hostConf.ip4 or (hostConf.ip6 or (throw "Host ${name} has no ip4 or ip6 address")); # all the input flakes for `nix copy` to the build machine, # allowing --override-input @@ -309,10 +304,7 @@ lib.attrsets.mapAttrs ]; }).config.microvm.declaredRunner; - "${host}-tftproot" = - if config.system.build ? tftproot - then config.system.build.tftproot - else lib.trace "No tftproot for ${host}" null; + "${host}-tftproot" = config.system.build.tftproot or (lib.trace "No tftproot for ${host}" null); } ) { }