From 581fa6b5609098cc7515facf37b1f5fa27267724 Mon Sep 17 00:00:00 2001 From: sinavir Date: Sun, 10 Mar 2024 01:03:30 +0100 Subject: [PATCH] chore: pre-commit hooks are supposed to be run.... --- default.nix | 63 +++---- iso/configuration.nix | 6 +- lib/default.nix | 7 +- machines/compute01/arkheon.nix | 12 +- machines/compute01/k-radius/module.nix | 36 ++-- .../compute01/k-radius/packages/pykanidm.nix | 4 +- machines/compute01/librenms/default.nix | 10 +- machines/compute01/librenms/module.nix | 24 ++- machines/compute01/satosa/module.nix | 10 +- machines/storage01/netbird/module.nix | 33 ++-- .../packages/crabfit-frontend/default.nix | 166 +++++++++--------- machines/web01/linkal/module.nix | 72 ++++---- machines/web01/metis/default.nix | 25 ++- machines/web01/redirections.nix | 18 +- meta/dns.nix | 25 ++- meta/nodes.nix | 11 +- meta/options.nix | 34 ++-- meta/organization.nix | 5 +- modules/dgn-access-control.nix | 6 +- modules/dgn-backups/default.nix | 67 ++++--- modules/dgn-hardware.nix | 96 +++++----- 21 files changed, 348 insertions(+), 382 deletions(-) diff --git a/default.nix b/default.nix index 1b97910..44d2c02 100644 --- a/default.nix +++ b/default.nix @@ -1,36 +1,37 @@ -/* Copyright : - - Maurice Debray 2023 - - Tom Hubrecht 2023 +/* + Copyright : + - Maurice Debray 2023 + - Tom Hubrecht 2023 - Ce logiciel est un programme informatique servant à déployer des - configurations de serveurs via NixOS. + Ce logiciel est un programme informatique servant à déployer des + configurations de serveurs via NixOS. - Ce logiciel est régi par la licence CeCILL soumise au droit français et - respectant les principes de diffusion des logiciels libres. Vous pouvez - utiliser, modifier et/ou redistribuer ce programme sous les conditions - de la licence CeCILL telle que diffusée par le CEA, le CNRS et l'INRIA - sur le site "http://www.cecill.info". + Ce logiciel est régi par la licence CeCILL soumise au droit français et + respectant les principes de diffusion des logiciels libres. Vous pouvez + utiliser, modifier et/ou redistribuer ce programme sous les conditions + de la licence CeCILL telle que diffusée par le CEA, le CNRS et l'INRIA + sur le site "http://www.cecill.info". - En contrepartie de l'accessibilité au code source et des droits de copie, - de modification et de redistribution accordés par cette licence, il n'est - offert aux utilisateurs qu'une garantie limitée. Pour les mêmes raisons, - seule une responsabilité restreinte pèse sur l'auteur du programme, le - titulaire des droits patrimoniaux et les concédants successifs. + En contrepartie de l'accessibilité au code source et des droits de copie, + de modification et de redistribution accordés par cette licence, il n'est + offert aux utilisateurs qu'une garantie limitée. Pour les mêmes raisons, + seule une responsabilité restreinte pèse sur l'auteur du programme, le + titulaire des droits patrimoniaux et les concédants successifs. - A cet égard l'attention de l'utilisateur est attirée sur les risques - associés au chargement, à l'utilisation, à la modification et/ou au - développement et à la reproduction du logiciel par l'utilisateur étant - donné sa spécificité de logiciel libre, qui peut le rendre complexe à - manipuler et qui le réserve donc à des développeurs et des professionnels - avertis possédant des connaissances informatiques approfondies. Les - utilisateurs sont donc invités à charger et tester l'adéquation du - logiciel à leurs besoins dans des conditions permettant d'assurer la - sécurité de leurs systèmes et ou de leurs données et, plus généralement, - à l'utiliser et l'exploiter dans les mêmes conditions de sécurité. + A cet égard l'attention de l'utilisateur est attirée sur les risques + associés au chargement, à l'utilisation, à la modification et/ou au + développement et à la reproduction du logiciel par l'utilisateur étant + donné sa spécificité de logiciel libre, qui peut le rendre complexe à + manipuler et qui le réserve donc à des développeurs et des professionnels + avertis possédant des connaissances informatiques approfondies. Les + utilisateurs sont donc invités à charger et tester l'adéquation du + logiciel à leurs besoins dans des conditions permettant d'assurer la + sécurité de leurs systèmes et ou de leurs données et, plus généralement, + à l'utiliser et l'exploiter dans les mêmes conditions de sécurité. - Le fait que vous puissiez accéder à cet en-tête signifie que vous avez - pris connaissance de la licence CeCILL, et que vous en avez accepté les - termes. + Le fait que vous puissiez accéder à cet en-tête signifie que vous avez + pris connaissance de la licence CeCILL, et que vous en avez accepté les + termes. */ let @@ -59,9 +60,9 @@ let in { - nodes = builtins.mapAttrs (host: { site, ... }: "${host}.${site}.infra.dgnum.eu") ( - import ./meta/nodes.nix - ); + nodes = builtins.mapAttrs ( + host: { site, ... }: "${host}.${site}.infra.dgnum.eu" + ) (import ./meta/nodes.nix); dns = import ./meta/dns.nix; diff --git a/iso/configuration.nix b/iso/configuration.nix index f41040b..5768a62 100644 --- a/iso/configuration.nix +++ b/iso/configuration.nix @@ -33,7 +33,7 @@ in openssh.enable = true; }; - users.users.root.openssh.authorizedKeys.keyFiles = - builtins.map (m: dgn-lib.mkRel ../keys "${m}.keys") - dgn-members; + users.users.root.openssh.authorizedKeys.keyFiles = builtins.map ( + m: dgn-lib.mkRel ../keys "${m}.keys" + ) dgn-members; } diff --git a/lib/default.nix b/lib/default.nix index cba4639..02edb55 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -20,10 +20,9 @@ lib.extra getNodeKeys = node: let - names = - builtins.foldl' (names: group: names ++ meta.organization.groups.${group}) - (meta.nodes.${node}.admins ++ [ "/machines/${node}" ]) - meta.nodes.${node}.adminGroups; + names = builtins.foldl' (names: group: names ++ meta.organization.groups.${group}) ( + meta.nodes.${node}.admins ++ [ "/machines/${node}" ] + ) meta.nodes.${node}.adminGroups; in rootKeys ++ (getAllKeys names); diff --git a/machines/compute01/arkheon.nix b/machines/compute01/arkheon.nix index b676225..bf0184b 100644 --- a/machines/compute01/arkheon.nix +++ b/machines/compute01/arkheon.nix @@ -10,13 +10,11 @@ (import sources.nixos-unstable { overlays = [ (import (sources.arkheon.outPath + "/overlay.nix")) ]; }).python3.withPackages - ( - ps: [ - ps.arkheon - ps.daphne - ps.psycopg2 - ] - ); + (ps: [ + ps.arkheon + ps.daphne + ps.psycopg2 + ]); domain = "arkheon.dgnum.eu"; diff --git a/machines/compute01/k-radius/module.nix b/machines/compute01/k-radius/module.nix index c726617..fa38934 100644 --- a/machines/compute01/k-radius/module.nix +++ b/machines/compute01/k-radius/module.nix @@ -29,11 +29,9 @@ in freeradius = mkOption { type = types.package; - default = pkgs.freeradius.overrideAttrs ( - old: { - buildInputs = (old.buildInputs or [ ]) ++ [ (pkgs.python3.withPackages (ps: [ ps.kanidm ])) ]; - } - ); + default = pkgs.freeradius.overrideAttrs (old: { + buildInputs = (old.buildInputs or [ ]) ++ [ (pkgs.python3.withPackages (ps: [ ps.kanidm ])) ]; + }); }; configDir = mkOption { @@ -126,21 +124,19 @@ in rm ${cfg.configDir}/clients.conf && touch ${cfg.configDir}/clients.conf ${builtins.concatStringsSep "\n" ( builtins.attrValues ( - builtins.mapAttrs - ( - name: - { secret, ipaddr }: - '' - cat <> ${cfg.configDir}/clients.conf - client ${name} { - ipaddr = ${ipaddr} - secret = $(cat "${secret}") - proto = * - } - EOF - '' - ) - cfg.radiusClients + builtins.mapAttrs ( + name: + { secret, ipaddr }: + '' + cat <> ${cfg.configDir}/clients.conf + client ${name} { + ipaddr = ${ipaddr} + secret = $(cat "${secret}") + proto = * + } + EOF + '' + ) cfg.radiusClients ) )} diff --git a/machines/compute01/k-radius/packages/pykanidm.nix b/machines/compute01/k-radius/packages/pykanidm.nix index 5ee75c5..87e6fda 100644 --- a/machines/compute01/k-radius/packages/pykanidm.nix +++ b/machines/compute01/k-radius/packages/pykanidm.nix @@ -31,7 +31,9 @@ python3.pkgs.buildPythonPackage { aiohttp pydantic toml - (authlib.overridePythonAttrs (_: { doCheck = false; })) + (authlib.overridePythonAttrs (_: { + doCheck = false; + })) ]; doCheck = false; diff --git a/machines/compute01/librenms/default.nix b/machines/compute01/librenms/default.nix index ec152dc..5a52299 100644 --- a/machines/compute01/librenms/default.nix +++ b/machines/compute01/librenms/default.nix @@ -12,12 +12,10 @@ in package = (pkgs.librenms.override { inherit (config.services.librenms) dataDir logDir; }).overrideAttrs - ( - old: { - patches = (old.patches or [ ]) ++ [ ./kanidm.patch ]; - vendorHash = "sha256-2RgtMXQp4fTE+WloO36rtfytO4Sh2q0plt8WkWxEGHI="; - } - ); + (old: { + patches = (old.patches or [ ]) ++ [ ./kanidm.patch ]; + vendorHash = "sha256-2RgtMXQp4fTE+WloO36rtfytO4Sh2q0plt8WkWxEGHI="; + }); hostname = host; diff --git a/machines/compute01/librenms/module.nix b/machines/compute01/librenms/module.nix index 7b73e57..e10ffff 100644 --- a/machines/compute01/librenms/module.nix +++ b/machines/compute01/librenms/module.nix @@ -198,13 +198,11 @@ in poolConfig = mkOption { type = with types; - attrsOf ( - oneOf [ - str - int - bool - ] - ); + attrsOf (oneOf [ + str + int + bool + ]); default = { "pm" = "dynamic"; "pm.max_children" = 32; @@ -221,9 +219,9 @@ in nginx = mkOption { type = types.submodule ( - recursiveUpdate - (import "${modulesPath}/services/web-servers/nginx/vhost-options.nix" { inherit config lib; }) - { } + recursiveUpdate (import "${modulesPath}/services/web-servers/nginx/vhost-options.nix" { + inherit config lib; + }) { } ); default = { }; example = literalExpression '' @@ -392,9 +390,9 @@ in } // (lib.optionalAttrs cfg.distributedPoller.enable { "distributed_poller" = true; - "distributed_poller_name" = - lib.mkIf (cfg.distributedPoller.name != null) - cfg.distributedPoller.name; + "distributed_poller_name" = lib.mkIf ( + cfg.distributedPoller.name != null + ) cfg.distributedPoller.name; "distributed_poller_group" = cfg.distributedPoller.group; "distributed_billing" = cfg.distributedPoller.distributedBilling; "distributed_poller_memcached_host" = cfg.distributedPoller.memcachedHost; diff --git a/machines/compute01/satosa/module.nix b/machines/compute01/satosa/module.nix index 50cc37a..3be8f0a 100644 --- a/machines/compute01/satosa/module.nix +++ b/machines/compute01/satosa/module.nix @@ -23,12 +23,10 @@ let mkYamlFiles = files: builtins.attrValues (builtins.mapAttrs (name: yamlFormat.generate "${name}.yaml") files); - pyEnv = cfg.package.python.withPackages ( - ps: [ - cfg.package - ps.gunicorn - ] - ); + pyEnv = cfg.package.python.withPackages (ps: [ + cfg.package + ps.gunicorn + ]); in { options.services.satosa = { diff --git a/machines/storage01/netbird/module.nix b/machines/storage01/netbird/module.nix index e2fe552..b45da55 100644 --- a/machines/storage01/netbird/module.nix +++ b/machines/storage01/netbird/module.nix @@ -30,9 +30,9 @@ let managementFormat = pkgs.formats.json { }; settingsFile = settingsFormat.generate "setup.env" ( - builtins.mapAttrs - (_: val: if builtins.isList val then ''"${builtins.concatStringsSep " " val}"'' else val) - settings + builtins.mapAttrs ( + _: val: if builtins.isList val then ''"${builtins.concatStringsSep " " val}"'' else val + ) settings ); managementFile = managementFormat.generate "config.json" cfg.managementConfig; @@ -106,9 +106,9 @@ let NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT = ""; NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS = [ "53000" ]; - NETBIRD_AUTH_PKCE_REDIRECT_URLS = - builtins.map (p: "http://localhost:${p}") - cfg.settings.NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS or NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS; + NETBIRD_AUTH_PKCE_REDIRECT_URLS = builtins.map ( + p: "http://localhost:${p}" + ) cfg.settings.NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS or NETBIRD_AUTH_PKCE_REDIRECT_URL_PORTS; } // (optionalAttrs cfg.setupAutoOidc { NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT = "$NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT"; @@ -138,15 +138,13 @@ in type = with types; attrsOf ( - nullOr ( - oneOf [ - (listOf str) - bool - int - float - str - ] - ) + nullOr (oneOf [ + (listOf str) + bool + int + float + str + ]) ); defaultText = lib.literalExpression '' { @@ -493,8 +491,9 @@ in export AUTH_AUTHORITY="$NETBIRD_AUTH_AUTHORITY" export AUTH_CLIENT_ID="$NETBIRD_AUTH_CLIENT_ID" - ${optionalString (cfg.secretFiles.AUTH_CLIENT_SECRET == null) - ''export AUTH_CLIENT_SECRET="$NETBIRD_AUTH_CLIENT_SECRET"''} + ${optionalString ( + cfg.secretFiles.AUTH_CLIENT_SECRET == null + ) ''export AUTH_CLIENT_SECRET="$NETBIRD_AUTH_CLIENT_SECRET"''} export AUTH_AUDIENCE="$NETBIRD_AUTH_AUDIENCE" export AUTH_REDIRECT_URI="$NETBIRD_AUTH_REDIRECT_URI" export AUTH_SILENT_REDIRECT_URI="$NETBIRD_AUTH_SILENT_REDIRECT_URI" diff --git a/machines/web01/crabfit/packages/crabfit-frontend/default.nix b/machines/web01/crabfit/packages/crabfit-frontend/default.nix index a2280ff..b4dffb9 100644 --- a/machines/web01/crabfit/packages/crabfit-frontend/default.nix +++ b/machines/web01/crabfit/packages/crabfit-frontend/default.nix @@ -11,105 +11,103 @@ frontend_url ? "crab.fit", }: -stdenv.mkDerivation ( - finalAttrs: { - pname = "crabfit-frontend"; - version = "unstable-2023-08-02"; +stdenv.mkDerivation (finalAttrs: { + pname = "crabfit-frontend"; + version = "unstable-2023-08-02"; - src = fetchFromGitHub { - owner = "GRA0007"; - repo = "crab.fit"; - rev = "628f9eefc300bf1ed3d6cc3323332c2ed9b8a350"; - hash = "sha256-jy8BrJSHukRenPbZHw4nPx3cSi7E2GSg//WOXDh90mY="; - }; + src = fetchFromGitHub { + owner = "GRA0007"; + repo = "crab.fit"; + rev = "628f9eefc300bf1ed3d6cc3323332c2ed9b8a350"; + hash = "sha256-jy8BrJSHukRenPbZHw4nPx3cSi7E2GSg//WOXDh90mY="; + }; - sourceRoot = "source/frontend"; + sourceRoot = "source/frontend"; - patches = [ - ./01-privacy.patch - ./02-karla.patch - ./03-standalone.patch - ./04-frontend_url.patch - ./05-dgnum.patch - ./06-download.patch - ./07-colormap.patch - ]; + patches = [ + ./01-privacy.patch + ./02-karla.patch + ./03-standalone.patch + ./04-frontend_url.patch + ./05-dgnum.patch + ./06-download.patch + ./07-colormap.patch + ]; - offlineCache = fetchYarnDeps { - yarnLock = "${finalAttrs.src}/frontend/yarn.lock"; - hash = "sha256-jkyQygwHdLlEZ1tlSQOh72nANp2F29rZbTXvKQStvGc="; - }; + offlineCache = fetchYarnDeps { + yarnLock = "${finalAttrs.src}/frontend/yarn.lock"; + hash = "sha256-jkyQygwHdLlEZ1tlSQOh72nANp2F29rZbTXvKQStvGc="; + }; - nativeBuildInputs = [ - nodejs - yarn - fixup_yarn_lock - ]; + nativeBuildInputs = [ + nodejs + yarn + fixup_yarn_lock + ]; - postPatch = '' - substituteInPlace \ - public/robots.txt \ - public/sitemap.xml \ - src/app/\[id\]/page.tsx \ - src/app/layout.tsx \ - src/components/CreateForm/components/EventInfo/EventInfo.tsx \ - src/i18n/locales/de/help.json \ - src/i18n/locales/en-GB/help.json \ - src/i18n/locales/en/help.json \ - src/i18n/locales/es/help.json \ - src/i18n/locales/fr/help.json \ - src/i18n/locales/hi/help.json \ - src/i18n/locales/id/help.json \ - src/i18n/locales/it/help.json \ - src/i18n/locales/ko/help.json \ - src/i18n/locales/pt-BR/help.json \ - src/i18n/locales/pt-PT/help.json \ - src/i18n/locales/ru/help.json \ - --replace "@FRONTEND_URL@" "${frontend_url}" - ''; + postPatch = '' + substituteInPlace \ + public/robots.txt \ + public/sitemap.xml \ + src/app/\[id\]/page.tsx \ + src/app/layout.tsx \ + src/components/CreateForm/components/EventInfo/EventInfo.tsx \ + src/i18n/locales/de/help.json \ + src/i18n/locales/en-GB/help.json \ + src/i18n/locales/en/help.json \ + src/i18n/locales/es/help.json \ + src/i18n/locales/fr/help.json \ + src/i18n/locales/hi/help.json \ + src/i18n/locales/id/help.json \ + src/i18n/locales/it/help.json \ + src/i18n/locales/ko/help.json \ + src/i18n/locales/pt-BR/help.json \ + src/i18n/locales/pt-PT/help.json \ + src/i18n/locales/ru/help.json \ + --replace "@FRONTEND_URL@" "${frontend_url}" + ''; - configurePhase = '' - runHook preConfigure + configurePhase = '' + runHook preConfigure - export HOME="$PWD" + export HOME="$PWD" - echo 'NEXT_PUBLIC_API_URL="${api_url}"' > .env.local + echo 'NEXT_PUBLIC_API_URL="${api_url}"' > .env.local - fixup_yarn_lock yarn.lock - yarn config --offline set yarn-offline-mirror ${finalAttrs.offlineCache} - yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive - patchShebangs node_modules + fixup_yarn_lock yarn.lock + yarn config --offline set yarn-offline-mirror ${finalAttrs.offlineCache} + yarn install --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive + patchShebangs node_modules - mkdir -p src/app/fonts - cp "${ - google-fonts.override { fonts = [ "Karla" ]; } - }/share/fonts/truetype/Karla[wght].ttf" src/app/fonts/karla.ttf + mkdir -p src/app/fonts + cp "${ + google-fonts.override { fonts = [ "Karla" ]; } + }/share/fonts/truetype/Karla[wght].ttf" src/app/fonts/karla.ttf - runHook postConfigure - ''; + runHook postConfigure + ''; - buildPhase = '' - runHook preBuild + buildPhase = '' + runHook preBuild - NODE_ENV=production yarn build + NODE_ENV=production yarn build - runHook postBuild - ''; + runHook postBuild + ''; - installPhase = '' - mkdir $out - cp -R .next/* $out - cp -R public $out/standalone/ - cp -R .next/static $out/standalone/.next + installPhase = '' + mkdir $out + cp -R .next/* $out + cp -R public $out/standalone/ + cp -R .next/static $out/standalone/.next - ln -s /var/cache/crabfit $out/standalone/.next/cache - ''; + ln -s /var/cache/crabfit $out/standalone/.next/cache + ''; - meta = with lib; { - description = "Enter your availability to find a time that works for everyone"; - homepage = "https://github.com/GRA0007/crab.fit"; - license = licenses.gpl3; - maintainers = with maintainers; [ thubrecht ]; - }; - } -) + meta = with lib; { + description = "Enter your availability to find a time that works for everyone"; + homepage = "https://github.com/GRA0007/crab.fit"; + license = licenses.gpl3; + maintainers = with maintainers; [ thubrecht ]; + }; +}) diff --git a/machines/web01/linkal/module.nix b/machines/web01/linkal/module.nix index df762fc..eb55f65 100644 --- a/machines/web01/linkal/module.nix +++ b/machines/web01/linkal/module.nix @@ -28,7 +28,9 @@ in package = mkOption { type = types.package; - default = package.overrideAttrs (_: { buildInputs = [ ]; }); + default = package.overrideAttrs (_: { + buildInputs = [ ]; + }); }; domain = mkOption { type = types.str; }; @@ -38,36 +40,31 @@ in let inherit (types) attrsOf port submodule; in - attrsOf ( - submodule { - options = { - port = mkOption { type = port; }; - calendars = mkOption { inherit (jsonFormat) type; }; - }; - } - ); + attrsOf (submodule { + options = { + port = mkOption { type = port; }; + calendars = mkOption { inherit (jsonFormat) type; }; + }; + }); default = { }; }; }; config = mkIf cfg.enable { - systemd.services = - mapAttrs' - ( - name: - { port, calendars }: - nameValuePair "linkal-${name}" { - description = "Linkal - ${name}"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { - Type = "simple"; - ExecStart = "${cfg.package}/bin/linkal --port ${builtins.toString port} --calendar-file ${ - jsonFormat.generate "linkal-${name}.json" { inherit calendars; } - }"; - }; - } - ) - cfg.calendarGroups; + systemd.services = mapAttrs' ( + name: + { port, calendars }: + nameValuePair "linkal-${name}" { + description = "Linkal - ${name}"; + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + Type = "simple"; + ExecStart = "${cfg.package}/bin/linkal --port ${builtins.toString port} --calendar-file ${ + jsonFormat.generate "linkal-${name}.json" { inherit calendars; } + }"; + }; + } + ) cfg.calendarGroups; # Configure bind for DNS certificate validation on *.cal.dgnum.eu. # services.bind = { @@ -107,20 +104,17 @@ in services.nginx = { enable = true; - virtualHosts = - mapAttrs' - ( - name: - { port, ... }: - nameValuePair "${name}.${cfg.domain}" { - enableACME = true; - # acmeRoot = null; # Use DNS-01 validation - forceSSL = true; + virtualHosts = mapAttrs' ( + name: + { port, ... }: + nameValuePair "${name}.${cfg.domain}" { + enableACME = true; + # acmeRoot = null; # Use DNS-01 validation + forceSSL = true; - locations."/".proxyPass = "http://127.0.0.1:${builtins.toString port}/"; - } - ) - cfg.calendarGroups; + locations."/".proxyPass = "http://127.0.0.1:${builtins.toString port}/"; + } + ) cfg.calendarGroups; }; }; } diff --git a/machines/web01/metis/default.nix b/machines/web01/metis/default.nix index 842be78..949fa6a 100644 --- a/machines/web01/metis/default.nix +++ b/machines/web01/metis/default.nix @@ -16,20 +16,17 @@ in forceSSL = true; root = metis.production; - locations = - lib.mapAttrs' - ( - name: value: - lib.nameValuePair "/cal/${name}/" { - extraConfig = '' - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass ${value}; - ''; - } - ) - providers; + locations = lib.mapAttrs' ( + name: value: + lib.nameValuePair "/cal/${name}/" { + extraConfig = '' + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Server $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_pass ${value}; + ''; + } + ) providers; extraConfig = '' rewrite ^/calendrier(.*)$ $1 permanent; diff --git a/machines/web01/redirections.nix b/machines/web01/redirections.nix index b6189d5..299f03a 100644 --- a/machines/web01/redirections.nix +++ b/machines/web01/redirections.nix @@ -6,16 +6,14 @@ let mkRetired = hosts: builtins.listToAttrs ( - builtins.map - (name: { - inherit name; - value = { - enableACME = true; - forceSSL = true; - locations."/".return = "301 https://${retired_host}/${name}"; - }; - }) - hosts + builtins.map (name: { + inherit name; + value = { + enableACME = true; + forceSSL = true; + locations."/".return = "301 https://${retired_host}/${name}"; + }; + }) hosts ); mkSub = domain: builtins.map (s: "${s}.${domain}"); diff --git a/meta/dns.nix b/meta/dns.nix index 107685d..fc120bc 100644 --- a/meta/dns.nix +++ b/meta/dns.nix @@ -150,20 +150,17 @@ in DMARC = [ { p = "none"; } ]; DKIM = kurisuDKIM; - subdomains = - mapAttrs' - ( - host: - { site, ... }: - nameValuePair "${host}.${site}" ( - with meta.network.${host}.addresses; - { - A = ipv4; - AAAA = ipv6; - } - ) - ) - meta.nodes; + subdomains = mapAttrs' ( + host: + { site, ... }: + nameValuePair "${host}.${site}" ( + with meta.network.${host}.addresses; + { + A = ipv4; + AAAA = ipv6; + } + ) + ) meta.nodes; }; }; } diff --git a/meta/nodes.nix b/meta/nodes.nix index 048b631..5903e46 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -10,11 +10,12 @@ # nixpkgs = "unstable" or "22.11"; # nixpkgs version # } -/* Liste des différents sites : - - dmi01 -> VM du NPSPI - - par01 -> Salle serveur sous le pavillon Pasteur - - par02 -> Local DGNum Jourdan - - par03 -> VM de Luj +/* + Liste des différents sites : + - dmi01 -> VM du NPSPI + - par01 -> Salle serveur sous le pavillon Pasteur + - par02 -> Local DGNum Jourdan + - par03 -> VM de Luj */ { diff --git a/meta/options.nix b/meta/options.nix index 6e03b9b..af0fd62 100644 --- a/meta/options.nix +++ b/meta/options.nix @@ -38,25 +38,23 @@ in options = { organization = { members = mkOption { - type = attrsOf ( - submodule { - options = { - name = mkOption { - type = str; - description = '' - Name of the member. - ''; - }; - - email = mkOption { - type = str; - description = '' - Main e-mail address of the member. - ''; - }; + type = attrsOf (submodule { + options = { + name = mkOption { + type = str; + description = '' + Name of the member. + ''; }; - } - ); + + email = mkOption { + type = str; + description = '' + Main e-mail address of the member. + ''; + }; + }; + }); description = '' Members of the DGNum organization. diff --git a/meta/organization.nix b/meta/organization.nix index 981ec01..734dca4 100644 --- a/meta/organization.nix +++ b/meta/organization.nix @@ -1,5 +1,6 @@ -/* To add a new member add an attribute to `members` - Then add the key to the required groups. +/* + To add a new member add an attribute to `members` + Then add the key to the required groups. */ { diff --git a/modules/dgn-access-control.nix b/modules/dgn-access-control.nix index 1fbece8..b94db79 100644 --- a/modules/dgn-access-control.nix +++ b/modules/dgn-access-control.nix @@ -83,8 +83,8 @@ in # Admins have root access to the node dgn-access-control.users.root = mkDefault admins; - users.users = - builtins.mapAttrs (_: members: { openssh.authorizedKeys.keys = lib.extra.getAllKeys members; }) - cfg.users; + users.users = builtins.mapAttrs (_: members: { + openssh.authorizedKeys.keys = lib.extra.getAllKeys members; + }) cfg.users; }; } diff --git a/modules/dgn-backups/default.nix b/modules/dgn-backups/default.nix index 5343aaf..3ec46d8 100644 --- a/modules/dgn-backups/default.nix +++ b/modules/dgn-backups/default.nix @@ -37,9 +37,9 @@ let { startAt = starts.${name}; key = config.age.secrets."bupstash-put_key".path; - repositoryCommands = - lib.extra.mapSingleFuse (host: "ssh -i /etc/ssh/ssh_host_ed25519_key bupstash-repo@${host}.dgnum") - to; + repositoryCommands = lib.extra.mapSingleFuse ( + host: "ssh -i /etc/ssh/ssh_host_ed25519_key bupstash-repo@${host}.dgnum" + ) to; } // settings ); @@ -58,46 +58,41 @@ in }; jobs = mkOption { - type = attrsOf ( - submodule { - options = { - to = mkOption { - type = listOf str; - default = remove name [ - "compute01" - "geo01" - "geo02" - "storage01" - ]; - description = "Hosts to send the backups to."; - }; - - settings = mkOption { - type = attrs; - default = { }; - description = "Base bupstash job config."; - }; + type = attrsOf (submodule { + options = { + to = mkOption { + type = listOf str; + default = remove name [ + "compute01" + "geo01" + "geo02" + "storage01" + ]; + description = "Hosts to send the backups to."; }; - } - ); + + settings = mkOption { + type = attrs; + default = { }; + description = "Base bupstash job config."; + }; + }; + }); default = { }; description = "List of bupstash jobs."; }; }; config = { - dgn-backups.jobs = - lib.extra.mapFuse - (db: { - "${db}-db".settings = { - user = "postgres"; - command = [ - "${lib.getExe' config.services.postgresql.package "pg_dump"}" - db - ]; - }; - }) - cfg.postgresDatabases; + dgn-backups.jobs = lib.extra.mapFuse (db: { + "${db}-db".settings = { + user = "postgres"; + command = [ + "${lib.getExe' config.services.postgresql.package "pg_dump"}" + db + ]; + }; + }) cfg.postgresDatabases; services.bupstash = { repositories = { diff --git a/modules/dgn-hardware.nix b/modules/dgn-hardware.nix index c4e013e..a36dfd7 100644 --- a/modules/dgn-hardware.nix +++ b/modules/dgn-hardware.nix @@ -41,56 +41,54 @@ in }; }; - config = mkIf cfg.enable ( - mkMerge [ - { - hardware.enableRedistributableFirmware = true; - hardware.cpu.intel.updateMicrocode = true; + config = mkIf cfg.enable (mkMerge [ + { + hardware.enableRedistributableFirmware = true; + hardware.cpu.intel.updateMicrocode = true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - boot = { - initrd.availableKernelModules = [ - "ata_piix" - "uhci_hcd" - "ehci_pci" - "virtio_pci" - "ahci" - "virtio_blk" - ]; - kernelModules = [ "kvm-intel" ]; - kernelParams = [ - "cgroup_enable=cpu" - "cgroup_enable=cpuset" - "cgroup_enable=memory" - "cgroup_memory=1" - ]; + boot = { + initrd.availableKernelModules = [ + "ata_piix" + "uhci_hcd" + "ehci_pci" + "virtio_pci" + "ahci" + "virtio_blk" + ]; + kernelModules = [ "kvm-intel" ]; + kernelParams = [ + "cgroup_enable=cpu" + "cgroup_enable=cpuset" + "cgroup_enable=memory" + "cgroup_memory=1" + ]; + }; + } + + (mkIf cfg.useSystemd { + boot.loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + }) + + (mkIf cfg.useBcachefs { + boot.supportedFilesystems = [ "bcachefs" ]; + boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_7; + }) + + (mkIf cfg.useZfs { + boot = { + supportedFilesystems = [ "zfs" ]; + + zfs = { + forceImportRoot = false; + extraPools = cfg.zfsPools; + package = pkgs.zfs_2_1; }; - } - - (mkIf cfg.useSystemd { - boot.loader = { - systemd-boot.enable = true; - efi.canTouchEfiVariables = true; - }; - }) - - (mkIf cfg.useBcachefs { - boot.supportedFilesystems = [ "bcachefs" ]; - boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_7; - }) - - (mkIf cfg.useZfs { - boot = { - supportedFilesystems = [ "zfs" ]; - - zfs = { - forceImportRoot = false; - extraPools = cfg.zfsPools; - package = pkgs.zfs_2_1; - }; - }; - }) - ] - ); + }; + }) + ]); }