yadunut/clan-core
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

re-format with nixfmt

Browse Source
This commit is contained in:
Jörg Thalheim
2024-03-17 19:48:49 +01:00
parent f2a0f84bc2
commit ede4d3f6e5
87 changed files with 2122 additions and 1650 deletions
Download Patch File Download Diff File Expand all files Collapse all files

116
clanModules/borgbackup.nix
View File

@@ -1,69 +1,88 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
cfg = config.clan.borgbackup;
in
{
options.clan.borgbackup.destinations = lib.mkOption {
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
options = {
name = lib.mkOption {
type = lib.types.str;
default = name;
description = "the name of the backup job";
};
repo = lib.mkOption {
type = lib.types.str;
description = "the borgbackup repository to backup to";
};
rsh = lib.mkOption {
type = lib.types.str;
default = "ssh -i ${config.clanCore.secrets.borgbackup.secrets."borgbackup.ssh".path} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null";
description = "the rsh to use for the backup";
};
};
}));
type = lib.types.attrsOf (
lib.types.submodule (
{ name, ... }:
{
options = {
name = lib.mkOption {
type = lib.types.str;
default = name;
description = "the name of the backup job";
};
repo = lib.mkOption {
type = lib.types.str;
description = "the borgbackup repository to backup to";
};
rsh = lib.mkOption {
type = lib.types.str;
default = "ssh -i ${
config.clanCore.secrets.borgbackup.secrets."borgbackup.ssh".path
} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null";
description = "the rsh to use for the backup";
};
};
}
)
);
default = { };
description = ''
destinations where the machine should be backuped to
'';
};
imports = [ (lib.mkRemovedOptionModule [ "clan" "borgbackup" "enable" ] "Just define clan.borgbackup.destinations to enable it") ];
imports = [
(lib.mkRemovedOptionModule [
"clan"
"borgbackup"
"enable"
] "Just define clan.borgbackup.destinations to enable it")
];
config = lib.mkIf (cfg.destinations != { }) {
services.borgbackup.jobs = lib.mapAttrs
(_: dest: {
paths = lib.flatten (map (state: state.folders) (lib.attrValues config.clanCore.state));
exclude = [ "*.pyc" ];
repo = dest.repo;
environment.BORG_RSH = dest.rsh;
compression = "auto,zstd";
startAt = "*-*-* 01:00:00";
persistentTimer = true;
preHook = ''
set -x
'';
services.borgbackup.jobs = lib.mapAttrs (_: dest: {
paths = lib.flatten (map (state: state.folders) (lib.attrValues config.clanCore.state));
exclude = [ "*.pyc" ];
repo = dest.repo;
environment.BORG_RSH = dest.rsh;
compression = "auto,zstd";
startAt = "*-*-* 01:00:00";
persistentTimer = true;
preHook = ''
set -x
'';
encryption = {
mode = "repokey";
passCommand = "cat ${config.clanCore.secrets.borgbackup.secrets."borgbackup.repokey".path}";
};
encryption = {
mode = "repokey";
passCommand = "cat ${config.clanCore.secrets.borgbackup.secrets."borgbackup.repokey".path}";
};
prune.keep = {
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 4;
monthly = 0;
};
})
cfg.destinations;
prune.keep = {
within = "1d"; # Keep all archives from the last day
daily = 7;
weekly = 4;
monthly = 0;
};
}) cfg.destinations;
clanCore.secrets.borgbackup = {
facts."borgbackup.ssh.pub" = { };
secrets."borgbackup.ssh" = { };
secrets."borgbackup.repokey" = { };
generator.path = [ pkgs.openssh pkgs.coreutils pkgs.xkcdpass ];
generator.path = [
pkgs.openssh
pkgs.coreutils
pkgs.xkcdpass
];
generator.script = ''
ssh-keygen -t ed25519 -N "" -f "$secrets"/borgbackup.ssh
mv "$secrets"/borgbackup.ssh.pub "$facts"/borgbackup.ssh.pub
@@ -75,8 +94,9 @@ in
# TODO list needs to run locally or on the remote machine
list = ''
# we need yes here to skip the changed url verification
${lib.concatMapStringsSep "\n" (dest: ''yes y | borg-job-${dest.name} list --json | jq -r '. + {"job-name": "${dest.name}"}' '')
(lib.attrValues cfg.destinations)}
${lib.concatMapStringsSep "\n" (
dest: ''yes y | borg-job-${dest.name} list --json | jq -r '. + {"job-name": "${dest.name}"}' ''
) (lib.attrValues cfg.destinations)}
'';
create = ''
${lib.concatMapStringsSep "\n" (dest: ''

7
clanModules/deltachat.nix
View File

@@ -1,4 +1,5 @@
{ config, pkgs, ... }: {
{ config, pkgs, ... }:
{
networking.firewall.interfaces."zt+".allowedTCPPorts = [ 25 ]; # smtp with other hosts
environment.systemPackages = [ pkgs.deltachat-desktop ];
@@ -134,9 +135,7 @@
storage &local_mailboxes
}
'';
ensureAccounts = [
"user@${domain}"
];
ensureAccounts = [ "user@${domain}" ];
ensureCredentials = {
"user@${domain}".passwordFile = pkgs.writeText "dummy" "foobar";
};

1
clanModules/diskLayouts.nix
View File

@@ -41,4 +41,3 @@
};
};
}

3
clanModules/flake-module.nix
View File

@@ -1,4 +1,5 @@
{ inputs, ... }: {
{ inputs, ... }:
{
flake.clanModules = {
diskLayouts = {
imports = [

5
clanModules/graphical.nix
View File

@@ -1,4 +1 @@
_:
{
fonts.enableDefaultPackages = true;
}
_: { fonts.enableDefaultPackages = true; }

9
clanModules/localsend.nix
View File

@@ -1,7 +1,8 @@
{ config
, pkgs
, lib
, ...
{
config,
pkgs,
lib,
...
}:
{
# Integration can be improved, if the following issues get implemented:

3
clanModules/moonlight.nix
View File

@@ -1,4 +1,5 @@
{ pkgs, ... }: {
{ pkgs, ... }:
{
hardware.opengl.enable = true;
environment.systemPackages = [ pkgs.moonlight-qt ];
}

18
clanModules/sshd.nix
View File

@@ -1,15 +1,21 @@
{ config, pkgs, ... }: {
{ config, pkgs, ... }:
{
services.openssh.enable = true;
services.openssh.hostKeys = [{
path = config.clanCore.secrets.openssh.secrets."ssh.id_ed25519".path;
type = "ed25519";
}];
services.openssh.hostKeys = [
{
path = config.clanCore.secrets.openssh.secrets."ssh.id_ed25519".path;
type = "ed25519";
}
];
clanCore.secrets.openssh = {
secrets."ssh.id_ed25519" = { };
facts."ssh.id_ed25519.pub" = { };
generator.path = [ pkgs.coreutils pkgs.openssh ];
generator.path = [
pkgs.coreutils
pkgs.openssh
];
generator.script = ''
ssh-keygen -t ed25519 -N "" -f $secrets/ssh.id_ed25519
mv $secrets/ssh.id_ed25519.pub $facts/ssh.id_ed25519.pub

29
clanModules/sunshine.nix
View File

@@ -1,7 +1,7 @@
{ pkgs, options, ... }:
let
apps = pkgs.writeText "apps.json" (builtins.toJSON
{
apps = pkgs.writeText "apps.json" (
builtins.toJSON {
env = {
PATH = "$(PATH):$(HOME)/.local/bin:/run/current-system/sw/bin";
};
@@ -22,13 +22,12 @@ let
}
{
name = "Steam Big Picture";
detached = [
"setsid steam steam://open/bigpicture"
];
detached = [ "setsid steam steam://open/bigpicture" ];
image-path = "steam.png";
}
];
});
}
);
sunshineConfiguration = pkgs.writeText "sunshine.conf" ''
address_family = both
channels = 5
@@ -78,11 +77,9 @@ in
environment.systemPackages = [
pkgs.sunshine
(pkgs.writers.writeDashBin "sun" ''
${pkgs.sunshine}/bin/sunshine -1 ${
pkgs.writeText "sunshine.conf" ''
address_family = both
''
} "$@"
${pkgs.sunshine}/bin/sunshine -1 ${pkgs.writeText "sunshine.conf" ''
address_family = both
''} "$@"
'')
# Create a dummy account, for easier setup,
# don't use this account in actual production yet.
@@ -113,11 +110,7 @@ in
};
};
systemd.tmpfiles.rules = [
"d '/var/lib/sunshine' 0770 'user' 'users' - -"
];
systemd.tmpfiles.rules = [ "d '/var/lib/sunshine' 0770 'user' 'users' - -" ];
systemd.user.services.sunshine = {
enable = true;
@@ -128,9 +121,7 @@ in
serviceConfig = {
Restart = "on-failure";
RestartSec = "5s";
ReadWritePaths = [
"/var/lib/sunshine"
];
ReadWritePaths = [ "/var/lib/sunshine" ];
};
wantedBy = [ "graphical-session.target" ];
};

67
clanModules/syncthing.nix
View File

@@ -1,7 +1,8 @@
{ config
, pkgs
, lib
, ...
{
config,
pkgs,
lib,
...
}:
{
options.clan.syncthing = {
@@ -53,9 +54,9 @@
assertions = [
{
assertion =
lib.all (attr: builtins.hasAttr attr config.services.syncthing.settings.folders)
config.clan.syncthing.autoShares;
assertion = lib.all (
attr: builtins.hasAttr attr config.services.syncthing.settings.folders
) config.clan.syncthing.autoShares;
message = ''
Syncthing: If you want to AutoShare a folder, you need to have it configured on the sharing device.
'';
@@ -80,12 +81,8 @@
group = "syncthing";
key =
lib.mkDefault
config.clan.secrets.syncthing.secrets."syncthing.key".path or null;
cert =
lib.mkDefault
config.clan.secrets.syncthing.secrets."syncthing.cert".path or null;
key = lib.mkDefault config.clan.secrets.syncthing.secrets."syncthing.key".path or null;
cert = lib.mkDefault config.clan.secrets.syncthing.secrets."syncthing.cert".path or null;
settings = {
options = {
@@ -127,47 +124,33 @@
set -x
# query pending deviceID's
APIKEY=$(cat ${apiKey})
PENDING=$(${
lib.getExe pkgs.curl
} -X GET -H "X-API-Key: $APIKEY" ${baseAddress}${getPendingDevices})
PENDING=$(${lib.getExe pkgs.curl} -X GET -H "X-API-Key: $APIKEY" ${baseAddress}${getPendingDevices})
PENDING=$(echo $PENDING | ${lib.getExe pkgs.jq} keys[])
# accept pending deviceID's
for ID in $PENDING;do
${
lib.getExe pkgs.curl
} -X POST -d "{\"deviceId\": $ID}" -H "Content-Type: application/json" -H "X-API-Key: $APIKEY" ${baseAddress}${postNewDevice}
${lib.getExe pkgs.curl} -X POST -d "{\"deviceId\": $ID}" -H "Content-Type: application/json" -H "X-API-Key: $APIKEY" ${baseAddress}${postNewDevice}
# get all shared folders by their ID
for folder in ${builtins.toString config.clan.syncthing.autoShares}; do
SHARED_IDS=$(${
lib.getExe pkgs.curl
} -X GET -H "X-API-Key: $APIKEY" ${baseAddress}${SharedFolderById}"$folder" | ${
lib.getExe pkgs.jq
} ."devices")
PATCHED_IDS=$(echo $SHARED_IDS | ${
lib.getExe pkgs.jq
} ".+= [{\"deviceID\": $ID, \"introducedBy\": \"\", \"encryptionPassword\": \"\"}]")
${
lib.getExe pkgs.curl
} -X PATCH -d "{\"devices\": $PATCHED_IDS}" -H "X-API-Key: $APIKEY" ${baseAddress}${SharedFolderById}"$folder"
SHARED_IDS=$(${lib.getExe pkgs.curl} -X GET -H "X-API-Key: $APIKEY" ${baseAddress}${SharedFolderById}"$folder" | ${lib.getExe pkgs.jq} ."devices")
PATCHED_IDS=$(echo $SHARED_IDS | ${lib.getExe pkgs.jq} ".+= [{\"deviceID\": $ID, \"introducedBy\": \"\", \"encryptionPassword\": \"\"}]")
${lib.getExe pkgs.curl} -X PATCH -d "{\"devices\": $PATCHED_IDS}" -H "X-API-Key: $APIKEY" ${baseAddress}${SharedFolderById}"$folder"
done
done
'';
};
systemd.timers.syncthing-auto-accept =
lib.mkIf config.clan.syncthing.autoAcceptDevices
{
description = "Syncthing Auto Accept";
systemd.timers.syncthing-auto-accept = lib.mkIf config.clan.syncthing.autoAcceptDevices {
description = "Syncthing Auto Accept";
wantedBy = [ "syncthing-auto-accept.service" ];
wantedBy = [ "syncthing-auto-accept.service" ];
timerConfig = {
OnActiveSec = lib.mkDefault 60;
OnUnitActiveSec = lib.mkDefault 60;
};
};
timerConfig = {
OnActiveSec = lib.mkDefault 60;
OnUnitActiveSec = lib.mkDefault 60;
};
};
systemd.services.syncthing-init-api-key =
let
@@ -182,9 +165,7 @@
set -efu pipefail
APIKEY=$(cat ${apiKey})
${
lib.getExe pkgs.gnused
} -i "s/<apikey>.*<\/apikey>/<apikey>$APIKEY<\/apikey>/" /var/lib/syncthing/config.xml
${lib.getExe pkgs.gnused} -i "s/<apikey>.*<\/apikey>/<apikey>$APIKEY<\/apikey>/" /var/lib/syncthing/config.xml
# sudo systemctl restart syncthing.service
systemctl restart syncthing.service
'';

14
clanModules/waypipe.nix
View File

@@ -1,7 +1,8 @@
{ pkgs
, lib
, config
, ...
{
pkgs,
lib,
config,
...
}:
{
options.clan.services.waypipe = {
@@ -49,7 +50,10 @@
isNormalUser = true;
uid = 1000;
password = "";
extraGroups = [ "wheel" "video" ];
extraGroups = [
"wheel"
"video"
];
shell = "/run/current-system/sw/bin/bash";
};

12
clanModules/zt-tcp-relay.nix
View File

@@ -1,4 +1,10 @@
{ pkgs, lib, config, ... }: {
{
pkgs,
lib,
config,
...
}:
{
options.clan.zt-tcp-relay = {
port = lib.mkOption {
type = lib.types.port;
@@ -13,7 +19,9 @@
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.callPackage ../pkgs/zt-tcp-relay {}}/bin/zt-tcp-relay --listen [::]:${builtins.toString config.clan.zt-tcp-relay.port}";
ExecStart = "${
pkgs.callPackage ../pkgs/zt-tcp-relay { }
}/bin/zt-tcp-relay --listen [::]:${builtins.toString config.clan.zt-tcp-relay.port}";
Restart = "always";
RestartSec = "5";
dynamicUsers = true;