format

2026-03-19 19:41:08 +01:00 · 2025-12-28 13:39:42 +01:00
parent 51533efeda
commit c15f5375e2
28 changed files with 576 additions and 475 deletions
--- a/systems/zaatar/backup.nix
+++ b/systems/zaatar/backup.nix
@@ -3,15 +3,17 @@
  pkgs,
  lib,
  ...
-}: let
+}:
+let
  dataDir = "/backup/restic";
-in {
+in
+{
  services.restic.server = {
    enable = true;
    appendOnly = true;
    inherit dataDir;
    prometheus = true;
-    extraFlags = ["--no-auth"]; # auth is done via firewall
+    extraFlags = [ "--no-auth" ]; # auth is done via firewall
    listenAddress = toString pkgs.lib.niveum.restic.port;
  };

@@ -26,33 +28,35 @@ in {
    fsType = "ext4";
  };

-  networking.firewall = let
-    dport = pkgs.lib.niveum.restic.port;
-    protocol = "tcp";
-    rules = [
-      (pkgs.lib.niveum.firewall.accept {
-        inherit dport protocol;
-        source = pkgs.lib.niveum.retiolumAddresses.kabsa.ipv4;
-      })
-      (pkgs.lib.niveum.firewall.accept {
-        inherit dport protocol;
-        source = pkgs.lib.niveum.retiolumAddresses.manakish.ipv4;
-      })
-      (pkgs.lib.niveum.firewall.accept {
-        inherit dport protocol;
-        source = pkgs.lib.niveum.retiolumAddresses.makanek.ipv4;
-      })
-      (pkgs.lib.niveum.firewall.accept {
-        inherit dport protocol;
-        source = pkgs.lib.niveum.retiolumAddresses.fatteh.ipv4;
-      })
-      (pkgs.lib.niveum.firewall.accept {
-        inherit dport protocol;
-        source = pkgs.lib.niveum.retiolumAddresses.ful.ipv4;
-      })
-    ];
-  in {
-    extraCommands = pkgs.lib.niveum.firewall.addRules rules;
-    extraStopCommands = pkgs.lib.niveum.firewall.removeRules rules;
-  };
+  networking.firewall =
+    let
+      dport = pkgs.lib.niveum.restic.port;
+      protocol = "tcp";
+      rules = [
+        (pkgs.lib.niveum.firewall.accept {
+          inherit dport protocol;
+          source = pkgs.lib.niveum.retiolumAddresses.kabsa.ipv4;
+        })
+        (pkgs.lib.niveum.firewall.accept {
+          inherit dport protocol;
+          source = pkgs.lib.niveum.retiolumAddresses.manakish.ipv4;
+        })
+        (pkgs.lib.niveum.firewall.accept {
+          inherit dport protocol;
+          source = pkgs.lib.niveum.retiolumAddresses.makanek.ipv4;
+        })
+        (pkgs.lib.niveum.firewall.accept {
+          inherit dport protocol;
+          source = pkgs.lib.niveum.retiolumAddresses.fatteh.ipv4;
+        })
+        (pkgs.lib.niveum.firewall.accept {
+          inherit dport protocol;
+          source = pkgs.lib.niveum.retiolumAddresses.ful.ipv4;
+        })
+      ];
+    in
+    {
+      extraCommands = pkgs.lib.niveum.firewall.addRules rules;
+      extraStopCommands = pkgs.lib.niveum.firewall.removeRules rules;
+    };
 }
--- a/systems/zaatar/gaslight.nix
+++ b/systems/zaatar/gaslight.nix
@@ -1,4 +1,5 @@
-{pkgs, ...}: {
+{ pkgs, ... }:
+{
  environment.systemPackages = [
    (pkgs.writers.writeDashBin "gaslight-stream" ''
      ${pkgs.ffmpeg}/bin/ffmpeg -r 14 -s 640x480 -f video4linux2 -i /dev/video0 -f alsa -i default -c:v libx264 -preset ultrafast -c:a aac -f avi -
@@ -16,8 +17,6 @@
  ];
 }
 /*
-
-ssh machine gaslight-stream | mpv -
-ssh machine gaslight-say "blablabla"
+  ssh machine gaslight-stream | mpv -
+  ssh machine gaslight-say "blablabla"
 */
-
--- a/systems/zaatar/hardware-configuration.nix
+++ b/systems/zaatar/hardware-configuration.nix
@@ -4,14 +4,22 @@
  pkgs,
  modulesPath,
  ...
-}: {
-  imports = [(modulesPath + "/installer/scan/not-detected.nix")];
+}:
+{
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

  boot = {
-    initrd.availableKernelModules = ["ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" "rtsx_usb_sdmmc"];
-    kernelModules = ["kvm-intel"];
-    extraModulePackages = [];
-    supportedFilesystems = ["ntfs"];
+    initrd.availableKernelModules = [
+      "ahci"
+      "xhci_pci"
+      "usb_storage"
+      "sd_mod"
+      "sdhci_acpi"
+      "rtsx_usb_sdmmc"
+    ];
+    kernelModules = [ "kvm-intel" ];
+    extraModulePackages = [ ];
+    supportedFilesystems = [ "ntfs" ];
    loader = {
      systemd-boot = {
        enable = true;
@@ -32,9 +40,9 @@
    };
  };

-  swapDevices =
-    [ { device = "/dev/disk/by-uuid/7b2a3e4c-e53f-4c53-b599-b6d6cff49f1f"; }
-    ];
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/7b2a3e4c-e53f-4c53-b599-b6d6cff49f1f"; }
+  ];

  nix.settings.max-jobs = lib.mkDefault 4;
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
--- a/systems/zaatar/home-assistant.nix
+++ b/systems/zaatar/home-assistant.nix
@@ -1,8 +1,15 @@
-{config, pkgs, lib, ...}: let
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+let
  port = 8123;
  volumeName = "home-assistant";
-in {
-  networking.firewall.allowedTCPPorts = [port];
+in
+{
+  networking.firewall.allowedTCPPorts = [ port ];

  services.nginx.virtualHosts."home.kmein.r" = {
    locations."/" = {
@@ -59,7 +66,7 @@ in {
    enable = true;
    autoPrune = {
      enable = true;
-      flags = ["--all"];
+      flags = [ "--all" ];
    };
  };

--- a/systems/zaatar/kiosk.nix
+++ b/systems/zaatar/kiosk.nix
@@ -3,20 +3,25 @@
  pkgs,
  lib,
  ...
-}: {
+}:
+{
  users.extraUsers.kiosk = {
    isNormalUser = true;
    password = "";
-    extraGroups = ["audio" "pipewire"];
+    extraGroups = [
+      "audio"
+      "pipewire"
+    ];
  };
  # TODO https://github.com/cage-kiosk/cage/issues/138
  services.cage = {
    enable = true;
    user = config.users.extraUsers.kiosk.name;
-    extraArguments = ["-s"]; # allow vt switching
-    program = let
-      startUrls = [];
-    in
+    extraArguments = [ "-s" ]; # allow vt switching
+    program =
+      let
+        startUrls = [ ];
+      in
      pkgs.writers.writeDash "kiosk-browser" ''
        while true; do
          ${pkgs.brave}/bin/brave \
--- a/systems/zaatar/moodle-dl-meinhark.nix
+++ b/systems/zaatar/moodle-dl-meinhark.nix
@@ -3,21 +3,25 @@
  pkgs,
  lib,
  ...
-}: let
-  moodle-dl-package = pkgs.moodle-dl.overrideAttrs (old:
+}:
+let
+  moodle-dl-package = pkgs.moodle-dl.overrideAttrs (
+    old:
    old
    // {
      # patches = [../../packages/moodle-dl/telegram-format.patch]; TODO?
-    });
-in {
+    }
+  );
+in
+{
  age.secrets = {
    /*
-    moodle-dl-tokens = {
-      file = ../../secrets/zaatar-moodle-dl-tokens.json.age;
-      owner = "moodle-dl";
-      group = "moodle-dl";
-      mode = "400";
-    };
+      moodle-dl-tokens = {
+        file = ../../secrets/zaatar-moodle-dl-tokens.json.age;
+        owner = "moodle-dl";
+        group = "moodle-dl";
+        mode = "400";
+      };
    */
    moodle-dl-basicAuth = {
      file = ../../secrets/zaatar-moodle-dl-basicAuth.age;
@@ -120,10 +124,10 @@ in {

  fileSystems."/export/moodle" = {
    device = config.services.moodle-dl.directory;
-    options = ["bind"];
+    options = [ "bind" ];
  };

-  networking.firewall.allowedTCPPorts = [2049];
+  networking.firewall.allowedTCPPorts = [ 2049 ];

  services.nginx.enable = true;

@@ -140,11 +144,16 @@ in {

  services.nfs.server = {
    enable = true;
-    exports = let
-      machines = with pkgs.lib.niveum.retiolumAddresses; [kabsa manakish];
-    in ''
-      /export        ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(fsid=0)") machines}
-      /export/moodle ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(insecure,rw)") machines}
-    '';
+    exports =
+      let
+        machines = with pkgs.lib.niveum.retiolumAddresses; [
+          kabsa
+          manakish
+        ];
+      in
+      ''
+        /export        ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(fsid=0)") machines}
+        /export/moodle ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(insecure,rw)") machines}
+      '';
  };
 }