format

2026-03-16 10:11:08 +01:00 · 2025-12-27 22:22:54 +01:00
parent cb0307e8bf
commit c3db0404b3
139 changed files with 2630 additions and 1976 deletions
--- a/systems/makanek/configuration.nix
+++ b/systems/makanek/configuration.nix
@@ -3,7 +3,8 @@
  config,
  pkgs,
  ...
-}: {
+}:
+{
  imports = [
    ./gitea.nix
    ./hardware-configuration.nix
@@ -77,7 +78,10 @@
  };

  networking = {
-    firewall.allowedTCPPorts = [80 443];
+    firewall.allowedTCPPorts = [
+      80
+      443
+    ];
    hostName = "makanek";
    interfaces.ens3.useDHCP = true;
    retiolum = pkgs.lib.niveum.retiolumAddresses.makanek;
@@ -122,17 +126,17 @@
    locations."/" = {
      root = "/var/www/kmein.de";
      extraConfig = ''
-          add_header 'Access-Control-Allow-Origin' '*';
-          add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-          add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
+        add_header 'Access-Control-Allow-Origin' '*';
+        add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+        add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';

-          # Handle preflight requests
-          if ($request_method = 'OPTIONS') {
-              add_header 'Access-Control-Allow-Origin' '*';
-              add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
-              add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
-              return 204; # No Content
-          }
+        # Handle preflight requests
+        if ($request_method = 'OPTIONS') {
+            add_header 'Access-Control-Allow-Origin' '*';
+            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
+            add_header 'Access-Control-Allow-Headers' 'Content-Type, Authorization';
+            return 204; # No Content
+        }
      '';
    };
  };
--- a/systems/makanek/gitea.nix
+++ b/systems/makanek/gitea.nix
@@ -1,21 +1,26 @@
 { config, pkgs, ... }:
 let
  domain = "code.kmein.de";
-in {
+in
+{
  services.anubis = {
    defaultOptions.settings = {
      USER_DEFINED_DEFAULT = true;
    };
-    instances = let instance = "gitea"; in {
-      ${instance}.settings = {
-        BIND = "/run/anubis/anubis-${instance}/anubis.sock";
-        METRICS_BIND = "/run/anubis/anubis-${instance}/anubis-metrics.sock";
-        TARGET = "http://localhost:${toString config.services.gitea.settings.server.HTTP_PORT}";
-        USER_DEFINED_INSTANCE = true;
-        OG_PASSTHROUGH = true;
-        SERVE_ROBOTS_TXT = true;
+    instances =
+      let
+        instance = "gitea";
+      in
+      {
+        ${instance}.settings = {
+          BIND = "/run/anubis/anubis-${instance}/anubis.sock";
+          METRICS_BIND = "/run/anubis/anubis-${instance}/anubis-metrics.sock";
+          TARGET = "http://localhost:${toString config.services.gitea.settings.server.HTTP_PORT}";
+          USER_DEFINED_INSTANCE = true;
+          OG_PASSTHROUGH = true;
+          SERVE_ROBOTS_TXT = true;
+        };
      };
-    };
  };

  users.users.nginx.extraGroups = [ config.services.anubis.instances."gitea".group ];
@@ -39,7 +44,9 @@ in {
        proxyPass = "http://unix:${config.services.anubis.instances."gitea".settings.BIND}";
        proxyWebsockets = true;
      };
-      "/metrics".proxyPass = "http://unix:${config.services.anubis.instances."gitea".settings.METRICS_BIND}";
+      "/metrics".proxyPass = "http://unix:${
+        config.services.anubis.instances."gitea".settings.METRICS_BIND
+      }";
    };
  };

--- a/systems/makanek/hardware-configuration.nix
+++ b/systems/makanek/hardware-configuration.nix
@@ -4,19 +4,26 @@
  pkgs,
  modulesPath,
  ...
-}: {
-  imports = [(modulesPath + "/profiles/qemu-guest.nix")];
+}:
+{
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];

  boot = {
    initrd = {
-      availableKernelModules = ["ata_piix" "virtio_pci" "xhci_pci" "sd_mod" "sr_mod"];
-      kernelModules = [];
+      availableKernelModules = [
+        "ata_piix"
+        "virtio_pci"
+        "xhci_pci"
+        "sd_mod"
+        "sr_mod"
+      ];
+      kernelModules = [ ];
    };
-    kernelModules = [];
-    extraModulePackages = [];
+    kernelModules = [ ];
+    extraModulePackages = [ ];
    loader.grub = {
      enable = true;
-      devices = ["/dev/sda"];
+      devices = [ "/dev/sda" ];
      configurationLimit = 3;
    };
  };
@@ -26,7 +33,7 @@
    fsType = "ext4";
  };

-  swapDevices = [];
+  swapDevices = [ ];
  zramSwap.enable = true;

  nix.settings.max-jobs = lib.mkDefault 2;
--- a/systems/makanek/hedgedoc.nix
+++ b/systems/makanek/hedgedoc.nix
@@ -3,11 +3,13 @@
  pkgs,
  lib,
  ...
-}: let
+}:
+let
  backupLocation = "/var/lib/codimd-backup";
  stateLocation = "/var/lib/codimd/state.sqlite";
  domain = "pad.kmein.de";
-in {
+in
+{
  services.nginx.virtualHosts.${domain} = {
    enableACME = true;
    forceSSL = true;
@@ -18,17 +20,20 @@ in {
  };

  security.acme.certs.${domain}.group = "hedgecert";
-  users.groups.hedgecert.members = ["codimd" "nginx"];
+  users.groups.hedgecert.members = [
+    "codimd"
+    "nginx"
+  ];

  security.dhparams = {
    enable = true;
-    params.hedgedoc = {};
+    params.hedgedoc = { };
  };

  services.hedgedoc = {
    enable = true;
    settings = {
-      allowOrigin = [domain];
+      allowOrigin = [ domain ];
      allowAnonymous = true;
      allowGravatar = false;
      allowFreeURL = true;
@@ -40,7 +45,7 @@ in {
      domain = domain;
      useSSL = true;
      protocolUseSSL = true;
-      sslCAPath = ["/etc/ssl/certs/ca-certificates.crt"];
+      sslCAPath = [ "/etc/ssl/certs/ca-certificates.crt" ];
      sslCertPath = "/var/lib/acme/${domain}/cert.pem";
      sslKeyPath = "/var/lib/acme/${domain}/key.pem";
      dhParamPath = config.security.dhparams.params.hedgedoc.path;
@@ -70,7 +75,7 @@ in {
    script = ''
      ${pkgs.sqlite}/bin/sqlite3 -json ${stateLocation} "select shortid, alias, ownerId, content from Notes" \
      | ${
-        pkgs.writers.writePython3 "hedgedoc-json-to-fs.py" {} ''
+        pkgs.writers.writePython3 "hedgedoc-json-to-fs.py" { } ''
          import json
          import pathlib
          import sys
--- a/systems/makanek/horoscopy.nix
+++ b/systems/makanek/horoscopy.nix
@@ -2,7 +2,8 @@
  pkgs,
  lib,
  ...
-}: let
+}:
+let
  port = 5040;
  punkt = pkgs.fetchzip {
    url = "https://raw.githubusercontent.com/nltk/nltk_data/gh-pages/packages/tokenizers/punkt.zip";
@@ -14,10 +15,11 @@
    hash = "sha256-KBAbCvayTEr4+cOHnMXHCBA+8RWDMiQF65xzP4fOdaE=";
  };
  horoscopy = import horoscopy-src;
-in {
+in
+{
  systemd.services.horoscopy = {
-    wants = ["network-online.target"];
-    wantedBy = ["multi-user.target"];
+    wants = [ "network-online.target" ];
+    wantedBy = [ "multi-user.target" ];
    description = "AI astrologer";
    serviceConfig = {
      DynamicUser = true;
--- a/systems/makanek/matterbridge.nix
+++ b/systems/makanek/matterbridge.nix
@@ -2,52 +2,58 @@
  pkgs,
  lib,
  ...
-}: {
+}:
+{
  services.matterbridge = {
    enable = false;
-    configPath = let
-      bridgeBotToken = lib.strings.fileContents <system-secrets/telegram/krebs.token>;
-    in
-      toString ((pkgs.formats.toml {}).generate "config.toml" {
-        general = {
-          RemoteNickFormat = "[{NICK}] ";
-          Charset = "utf-8";
-        };
-        telegram.krebs.Token = bridgeBotToken;
-        irc = let
-          Nick = "ponte";
-        in {
-          hackint = {
-            Server = "irc.hackint.org:6697";
-            UseTLS = true;
-            inherit Nick;
+    configPath =
+      let
+        bridgeBotToken = lib.strings.fileContents <system-secrets/telegram/krebs.token>;
+      in
+      toString (
+        (pkgs.formats.toml { }).generate "config.toml" {
+          general = {
+            RemoteNickFormat = "[{NICK}] ";
+            Charset = "utf-8";
          };
-        };
-        mumble.lassulus = {
-          Server = "lassul.us:64738";
-          Nick = "krebs_bridge";
-          SkipTLSVerify = true;
-        };
-        gateway = [
-          {
-            name = "krebs-bridge";
-            enable = true;
-            inout = [
-              {
-                account = "irc.hackint";
-                channel = "#krebs";
-              }
-              {
-                account = "telegram.krebs";
-                channel = "-330372458";
-              }
-              {
-                account = "mumble.lassulus";
-                channel = 6; # "nixos"
-              }
-            ];
-          }
-        ];
-      });
+          telegram.krebs.Token = bridgeBotToken;
+          irc =
+            let
+              Nick = "ponte";
+            in
+            {
+              hackint = {
+                Server = "irc.hackint.org:6697";
+                UseTLS = true;
+                inherit Nick;
+              };
+            };
+          mumble.lassulus = {
+            Server = "lassul.us:64738";
+            Nick = "krebs_bridge";
+            SkipTLSVerify = true;
+          };
+          gateway = [
+            {
+              name = "krebs-bridge";
+              enable = true;
+              inout = [
+                {
+                  account = "irc.hackint";
+                  channel = "#krebs";
+                }
+                {
+                  account = "telegram.krebs";
+                  channel = "-330372458";
+                }
+                {
+                  account = "mumble.lassulus";
+                  channel = 6; # "nixos"
+                }
+              ];
+            }
+          ];
+        }
+      );
  };
 }
--- a/systems/makanek/menstruation.nix
+++ b/systems/makanek/menstruation.nix
@@ -4,15 +4,17 @@
  lib,
  inputs,
  ...
-}: let
+}:
+let
  backendPort = 8000;
-in {
+in
+{
  services.redis.servers.menstruation = {
    enable = true;
    port = 6379;
  };

-  environment.systemPackages = [pkgs.redis];
+  environment.systemPackages = [ pkgs.redis ];

  niveum.passport.services = [
    {
@@ -28,7 +30,7 @@ in {
      "menstruation-backend.service"
      "redis-menstruation.service"
    ];
-    wantedBy = ["multi-user.target"];
+    wantedBy = [ "multi-user.target" ];
    environment = {
      MENSTRUATION_ENDPOINT = "http://localhost:${toString backendPort}";
      MENSTRUATION_MODERATORS = "18980945";
@@ -50,7 +52,7 @@ in {
  age.secrets.telegram-token-menstruation.file = ../../secrets/telegram-token-menstruation.age;

  systemd.services.menstruation-backend = {
-    wants = ["network-online.target"];
+    wants = [ "network-online.target" ];
    environment.ROCKET_PORT = toString backendPort;
    serviceConfig = {
      Restart = "always";
--- a/systems/makanek/moinbot.nix
+++ b/systems/makanek/moinbot.nix
@@ -1,7 +1,8 @@
 {
  pkgs,
  ...
-}: {
+}:
+{
  systemd.services.moinbot = {
    startAt = "7:00";
    script = ''
--- a/systems/makanek/monitoring/blackbox.nix
+++ b/systems/makanek/monitoring/blackbox.nix
@@ -8,7 +8,10 @@
      method = "GET";
      no_follow_redirects = false;
      preferred_ip_protocol = "ip4";
-      valid_http_versions = ["HTTP/1.1" "HTTP/2.0"];
+      valid_http_versions = [
+        "HTTP/1.1"
+        "HTTP/2.0"
+      ];
      tls_config.insecure_skip_verify = true;
    };
    prober = "http";