chore: format with alejandra

2026-03-18 02:51:08 +01:00 · 2022-03-10 21:52:12 +01:00
parent 13727abfd6
commit d37e90cb97
159 changed files with 4239 additions and 3405 deletions
--- a/systems/zaatar/backup.nix
+++ b/systems/zaatar/backup.nix
@@ -1,17 +1,19 @@
-{ pkgs, lib, ... }:
-let
+{
+  pkgs,
+  lib,
+  ...
+}: let
  niveumLib = import <niveum/lib>;
  inherit (niveumLib) retiolumAddresses restic;
  firewall = niveumLib.firewall lib;
  dataDir = "/backup/restic";
-in
-{
+in {
  services.restic.server = {
    enable = true;
    appendOnly = true;
    inherit dataDir;
    prometheus = true;
-    extraFlags = [ "--no-auth" ]; # auth is done via firewall
+    extraFlags = ["--no-auth"]; # auth is done via firewall
    listenAddress = ":${toString restic.port}";
  };

@@ -26,14 +28,22 @@ in
    fsType = "ext4";
  };

-  networking.firewall =
-  let
+  networking.firewall = let
    dport = restic.port;
    protocol = "tcp";
    rules = [
-      (firewall.accept { inherit dport protocol; source = retiolumAddresses.kabsa.ipv4; })
-      (firewall.accept { inherit dport protocol; source = retiolumAddresses.manakish.ipv4; })
-      (firewall.accept { inherit dport protocol; source = retiolumAddresses.makanek.ipv4; })
+      (firewall.accept {
+        inherit dport protocol;
+        source = retiolumAddresses.kabsa.ipv4;
+      })
+      (firewall.accept {
+        inherit dport protocol;
+        source = retiolumAddresses.manakish.ipv4;
+      })
+      (firewall.accept {
+        inherit dport protocol;
+        source = retiolumAddresses.makanek.ipv4;
+      })
    ];
  in {
    extraCommands = firewall.addRules rules;
--- a/systems/zaatar/configuration.nix
+++ b/systems/zaatar/configuration.nix
@@ -1,8 +1,11 @@
-{ config, pkgs, lib, ... }:
-let
-  inherit (import <niveum/lib>) retiolumAddresses restic;
-in
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  inherit (import <niveum/lib>) retiolumAddresses restic;
+in {
  imports = [
    ./backup.nix
    ./gaslight.nix
@@ -29,14 +32,17 @@ in
  services.restic.backups.moodle-dl = {
    initialize = true;
    inherit (restic) repository;
-    timerConfig = { OnCalendar = "daily"; RandomizedDelaySec = "1h"; };
+    timerConfig = {
+      OnCalendar = "daily";
+      RandomizedDelaySec = "1h";
+    };
    passwordFile = toString <secrets/restic/password>;
    paths = [
      "/var/lib/moodle-dl"
    ];
  };

-  nix.nixPath = [ "/var/src" ];
+  nix.nixPath = ["/var/src"];

  services.logind = {
    lidSwitch = "ignore";
@@ -46,8 +52,7 @@ in

  services.illum.enable = true;

-  environment.systemPackages =
-  let
+  environment.systemPackages = let
    worldradio = pkgs.callPackage <niveum/packages/worldradio.nix> {};
  in [
    (pkgs.writers.writeDashBin "mpv" ''${pkgs.mpv}/bin/mpv --no-video "$@"'')
@@ -62,7 +67,7 @@ in

  networking = {
    hostName = "zaatar";
-    wireless.interfaces = [ "wlp2s0" ];
+    wireless.interfaces = ["wlp2s0"];
    retiolum = retiolumAddresses.zaatar;
  };

--- a/systems/zaatar/gaslight.nix
+++ b/systems/zaatar/gaslight.nix
@@ -1,5 +1,4 @@
-{ pkgs, ... }:
-{
+{pkgs, ...}: {
  environment.systemPackages = [
    (pkgs.writers.writeDashBin "gaslight-stream" ''
      ${pkgs.ffmpeg}/bin/ffmpeg -r 14 -s 640x480 -f video4linux2 -i /dev/video0 -f alsa -i default -c:v libx264 -preset ultrafast -c:a aac -f avi -
@@ -16,10 +15,9 @@
    '')
  ];
 }
-
 /*
+ 
+ ssh machine gaslight-stream | mpv -
+ ssh machine gaslight-say "blablabla"
+ */

-ssh machine gaslight-stream | mpv -
-ssh machine gaslight-say "blablabla"
-
-*/
--- a/systems/zaatar/hardware-configuration.nix
+++ b/systems/zaatar/hardware-configuration.nix
@@ -1,11 +1,15 @@
-{ config, lib, pkgs, ... }:
 {
-  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
+  config,
+  lib,
+  pkgs,
+  ...
+}: {
+  imports = [<nixpkgs/nixos/modules/installer/scan/not-detected.nix>];

  boot = {
-    initrd.availableKernelModules = [ "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" "rtsx_usb_sdmmc" ];
-    kernelModules = [ "kvm-intel" ];
-    extraModulePackages = [ ];
+    initrd.availableKernelModules = ["ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_acpi" "rtsx_usb_sdmmc"];
+    kernelModules = ["kvm-intel"];
+    extraModulePackages = [];
    loader = {
      systemd-boot = {
        enable = true;
@@ -26,7 +30,7 @@
    };
  };

-  swapDevices = [{ device = "/dev/disk/by-label/swap"; }];
+  swapDevices = [{device = "/dev/disk/by-label/swap";}];

  nix.maxJobs = lib.mkDefault 4;
  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
--- a/systems/zaatar/kiosk.nix
+++ b/systems/zaatar/kiosk.nix
@@ -1,25 +1,30 @@
-{ config, pkgs, lib, ... }:
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
  users.extraUsers.kiosk = {
    isNormalUser = true;
    password = "";
-    extraGroups = [ "audio" ];
+    extraGroups = ["audio"];
  };
  services.cage = {
    enable = true;
    user = config.users.extraUsers.kiosk.name;
-    extraArguments = [ "-s" ]; # allow vt switching
-    program =
-    let startUrls = [ "https://youtube.com" "http://radio.kmein.r" ];
-    in pkgs.writers.writeDash "kiosk-browser" ''
-      while true; do
-        ${pkgs.brave}/bin/brave \
-          --no-first-run --no-message-box --noerrdialogs \
-          --default-browser --no-default-browser-check \
-          --start-maximized ${lib.escapeShellArgs startUrls}
-        sleep 0.5
-      done
-    '';
+    extraArguments = ["-s"]; # allow vt switching
+    program = let
+      startUrls = ["https://youtube.com" "http://radio.kmein.r"];
+    in
+      pkgs.writers.writeDash "kiosk-browser" ''
+        while true; do
+          ${pkgs.brave}/bin/brave \
+            --no-first-run --no-message-box --noerrdialogs \
+            --default-browser --no-default-browser-check \
+            --start-maximized ${lib.escapeShellArgs startUrls}
+          sleep 0.5
+        done
+      '';
  };
  systemd.services.cage-tty1.environment.XKB_DEFAULT_LAYOUT = "de";
  programs.chromium = {
--- a/systems/zaatar/moodle-dl-meinhark.nix
+++ b/systems/zaatar/moodle-dl-meinhark.nix
@@ -1,11 +1,16 @@
-{ config, pkgs, lib, ... }:
-let
-  moodle-dl-package = pkgs.moodle-dl.overrideAttrs (old: old // {
-    patches = [ <niveum/packages/moodle-dl/telegram-format.patch> ];
-  });
-in
 {
-  imports = [ <niveum/modules/moodle-dl.nix> ];
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  moodle-dl-package = pkgs.moodle-dl.overrideAttrs (old:
+    old
+    // {
+      patches = [<niveum/packages/moodle-dl/telegram-format.patch>];
+    });
+in {
+  imports = [<niveum/modules/moodle-dl.nix>];

  services.moodle-dl = {
    enable = true;
@@ -77,15 +82,14 @@ in

  fileSystems."/export/moodle" = {
    device = config.services.moodle-dl.directory;
-    options = [ "bind" ];
+    options = ["bind"];
  };

-  networking.firewall.allowedTCPPorts = [ 2049 ];
+  networking.firewall.allowedTCPPorts = [2049];

  services.nginx.enable = true;

-  services.nginx.virtualHosts."moodle.kmein.r" =
-  let
+  services.nginx.virtualHosts."moodle.kmein.r" = let
    identity = lib.strings.fileContents <secrets/eduroam/identity>;
    password = lib.strings.fileContents <secrets/eduroam/password>;
  in {
@@ -101,7 +105,9 @@ in

  services.nfs.server = {
    enable = true;
-    exports = let machines = with (import <niveum/lib>).retiolumAddresses; [kabsa manakish]; in ''
+    exports = let
+      machines = with (import <niveum/lib>).retiolumAddresses; [kabsa manakish];
+    in ''
      /export        ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(fsid=0)") machines}
      /export/moodle ${lib.concatMapStringsSep " " (machine: "${machine.ipv4}(insecure,rw)") machines}
    '';
--- a/systems/zaatar/pulseaudio.nix
+++ b/systems/zaatar/pulseaudio.nix
@@ -6,9 +6,9 @@
    systemWide = true;
    tcp = {
      enable = true;
-      anonymousClients.allowedIpRanges = [ "127.0.0.1" "10.243.2.0/24" "192.168.0.0/16" ];
+      anonymousClients.allowedIpRanges = ["127.0.0.1" "10.243.2.0/24" "192.168.0.0/16"];
    };
    zeroconf.publish.enable = true;
  };
-  networking.firewall.allowedTCPPorts = [ 4713 ];
+  networking.firewall.allowedTCPPorts = [4713];
 }
--- a/systems/zaatar/spotifyd.nix
+++ b/systems/zaatar/spotifyd.nix
@@ -1,5 +1,9 @@
-{ config, pkgs, lib, ... }:
 {
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
  services.spotifyd = {
    enable = true;
    settings = {
--- a/systems/zaatar/tuna.nix
+++ b/systems/zaatar/tuna.nix
@@ -1,5 +1,9 @@
-{ config, pkgs, lib, ... }:
-let
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
  firewall = (import <niveum/lib>).firewall lib;

  streams = import <niveum/lib/streams.nix> {
@@ -7,13 +11,14 @@ let
  };
  multi-room-audio-port = 8000;
  password = lib.strings.fileContents <system-secrets/mpd-web.key>;
-in
-{
+in {
  imports = [
    <niveum/modules/tuna.nix>
  ];

-  services.syncthing = let mpd-directory = config.services.mpd.dataDir; in {
+  services.syncthing = let
+    mpd-directory = config.services.mpd.dataDir;
+  in {
    enable = true;
    user = config.services.mpd.user; # config.users.extraUsers.moodle.name;
    openDefaultPorts = true;
@@ -25,7 +30,7 @@ in
      inherit ((import <niveum/lib>).syncthing.devices) kabsa manakish heym;
    };
    folders.${config.services.mpd.musicDirectory} = {
-      devices = [ "heym" "kabsa" "manakish" ];
+      devices = ["heym" "kabsa" "manakish"];
      id = "music";
      type = "receiveonly";
    };
@@ -45,24 +50,29 @@ in
    '';
  };

-  environment.systemPackages = [ pkgs.mpc_cli ];
+  environment.systemPackages = [pkgs.mpc_cli];

-  networking.firewall =
-  let
+  networking.firewall = let
    dport = config.services.mpd.network.port;
    protocol = "tcp";
    rules = [
-      (firewall.accept { inherit dport protocol; source = "192.168.0.0/16"; })
-      (firewall.accept { inherit dport protocol; source = "127.0.0.0/8"; })
+      (firewall.accept {
+        inherit dport protocol;
+        source = "192.168.0.0/16";
+      })
+      (firewall.accept {
+        inherit dport protocol;
+        source = "127.0.0.0/8";
+      })
    ];
  in {
-    allowedTCPPorts = [ 80 ];
+    allowedTCPPorts = [80];
    extraCommands = firewall.addRules rules;
    extraStopCommands = firewall.removeRules rules;
  };

-  system.activationScripts.mpd-playlists =
-  let playlistFile = pkgs.writeText "radio.m3u" (lib.concatMapStringsSep "\n" (lib.getAttr "stream") streams);
+  system.activationScripts.mpd-playlists = let
+    playlistFile = pkgs.writeText "radio.m3u" (lib.concatMapStringsSep "\n" (lib.getAttr "stream") streams);
  in ''
    rm -rf /var/lib/mpd/playlists
    install -d /var/lib/mpd/playlists
@@ -72,17 +82,28 @@ in
  services.tuna = {
    enable = true;
    # stationsFile = "/etc/tuna/stations.json";
-    stations = lib.lists.imap0 (id: {desc ? "", logo ? "https://picsum.photos/seed/${builtins.hashString "md5" stream}/300", stream, station}: { inherit id desc logo stream station; }) streams;
+    stations = lib.lists.imap0 (id: {
+      desc ? "",
+      logo ? "https://picsum.photos/seed/${builtins.hashString "md5" stream}/300",
+      stream,
+      station,
+    }: {inherit id desc logo stream station;})
+    streams;
    webPort = 8080;
  };

-  systemd.services.tuna-stations =
-  let
-    stations = lib.lists.imap0 (id: {desc ? "", logo ? "https://picsum.photos/seed/${builtins.hashString "md5" stream}/300", stream, station}: { inherit id desc logo stream station; }) streams;
+  systemd.services.tuna-stations = let
+    stations = lib.lists.imap0 (id: {
+      desc ? "",
+      logo ? "https://picsum.photos/seed/${builtins.hashString "md5" stream}/300",
+      stream,
+      station,
+    }: {inherit id desc logo stream station;})
+    streams;
    stationsJson = (pkgs.formats.json {}).generate "stations.json" stations;
  in {
    enable = false;
-    wantedBy = [ "tuna.service" ];
+    wantedBy = ["tuna.service"];
    startAt = "hourly";
    script = ''
      mkdir -p /etc/tuna
@@ -95,7 +116,6 @@ in
    '';
  };

-
  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;