alarsyo/nixos-config
alarsyo/nixos-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

nix: exorcise all with <expr>; uses

Browse source
This commit is contained in:
Antoine Martin 2022-01-11 16:08:21 +01:00
parent ef59fd800e
commit 912073bee6
67 changed files with 576 additions and 259 deletions
Download patch file Download diff file Expand all files Collapse all files

12
services/borg-backup.nix
View file

@ -1,10 +1,14 @@
{ config, lib, pkgs, ... }:
with lib;
let cfg = config.my.services.borg-backup;
let
inherit (lib)
mkEnableOption
mkIf
mkOption
;
cfg = config.my.services.borg-backup;
in {
options.my.services.borg-backup = {
options.my.services.borg-backup = let inherit (lib) types; in {
enable = mkEnableOption "Enable Borg backups for this host";
repo = mkOption {

6
services/fail2ban.nix
View file

@ -1,7 +1,11 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.services.fail2ban;
in {
options.my.services.fail2ban = {

13
services/fava.nix
View file

@ -1,16 +1,20 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
mkOption
;
cfg = config.my.services.fava;
my = config.my;
domain = config.networking.domain;
secrets = config.my.secrets;
in
{
options.my.services.fava = {
enable = lib.mkEnableOption "Fava";
options.my.services.fava = let inherit (lib) types; in {
enable = mkEnableOption "Fava";
home = mkOption {
type = types.str;
@ -43,7 +47,6 @@ in
User = "fava";
Group = "fava";
};
path = with pkgs; [];
};
users.users.fava = {

10
services/gitea/default.nix
View file

@ -1,14 +1,18 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
mkOption
;
cfg = config.my.services.gitea;
my = config.my;
domain = config.networking.domain;
in {
options.my.services.gitea = {
options.my.services.gitea = let inherit (lib) types; in {
enable = mkEnableOption "Personal Git hosting with Gitea";
privatePort = mkOption {

9
services/jellyfin.nix
View file

@ -1,8 +1,11 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.services.jellyfin;
my = config.my;
@ -15,7 +18,7 @@ in {
enable = mkEnableOption "Jellyfin";
};
config = lib.mkIf cfg.enable {
config = mkIf cfg.enable {
services.jellyfin = {
enable = true;
group = "media";

16
services/lohr.nix
View file

@ -1,8 +1,12 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
mkOption
;
cfg = config.my.services.lohr;
my = config.my;
domain = config.networking.domain;
@ -14,8 +18,8 @@ let
flake.defaultPackage."x86_64-linux"; # FIXME: use correct system
in
{
options.my.services.lohr = {
enable = lib.mkEnableOption "Lohr Mirroring Daemon";
options.my.services.lohr = let inherit (lib) types; in {
enable = mkEnableOption "Lohr Mirroring Daemon";
home = mkOption {
type = types.str;
@ -49,9 +53,7 @@ in
User = "lohr";
Group = "lohr";
};
path = with pkgs; [
git
];
path = [ pkgs.git ];
};
users.users.lohr = {

16
services/matrix.nix
View file

@ -9,9 +9,13 @@
#
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
mkOption
;
cfg = config.my.services.matrix;
my = config.my;
@ -19,10 +23,10 @@ let
clientPort = { public = 443; private = 11339; };
domain = config.networking.domain;
in {
options.my.services.matrix = {
enable = lib.mkEnableOption "Matrix Synapse";
options.my.services.matrix = let inherit (lib) types; in {
enable = mkEnableOption "Matrix Synapse";
registration_shared_secret = lib.mkOption {
registration_shared_secret = mkOption {
type = types.str;
default = null;
example = "deadbeef";
@ -61,7 +65,7 @@ in {
};
};
config = lib.mkIf cfg.enable {
config = mkIf cfg.enable {
services.postgresql = {
enable = true;
};

16
services/media.nix
View file

@ -1,11 +1,17 @@
{ config, lib, ... }:
let
mediaServices = with config.my.services; [
jellyfin
transmission
];
inherit (lib)
mkIf
;
mediaServices = builtins.attrValues {
inherit (config.my.services)
jellyfin
transmission
;
};
needed = builtins.any (service: service.enable) mediaServices;
in
{
config.users.groups.media = lib.mkIf needed { };
config.users.groups.media = mkIf needed { };
}

10
services/miniflux.nix
View file

@ -1,14 +1,18 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
mkOption
;
cfg = config.my.services.miniflux;
my = config.my;
domain = config.networking.domain;
in {
options.my.services.miniflux = {
options.my.services.miniflux = let inherit (lib) types; in {
enable = mkEnableOption "Serve a Miniflux instance";
adminCredentialsFile = mkOption {

10
services/monitoring.nix
View file

@ -1,12 +1,16 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
mkOption
;
cfg = config.my.services.monitoring;
domain = config.networking.domain;
in {
options.my.services.monitoring = {
options.my.services.monitoring = let inherit (lib) types; in {
enable = mkEnableOption "Enable monitoring";
domain = mkOption {

13
services/navidrome.nix
View file

@ -1,12 +1,17 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
mkOption
optional
;
cfg = config.my.services.navidrome;
domain = config.networking.domain;
in {
options.my.services.navidrome = {
options.my.services.navidrome = let inherit (lib) types; in {
enable = mkEnableOption "Navidrome";
musicFolder = {
path = mkOption {
@ -17,7 +22,7 @@ in {
};
};
config = lib.mkIf cfg.enable {
config = mkIf cfg.enable {
services.navidrome = {
enable = true;
settings = {

11
services/nextcloud.nix
View file

@ -3,6 +3,11 @@
# TODO: setup prometheus exporter
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.services.nextcloud;
my = config.my;
domain = config.networking.domain;
@ -10,10 +15,10 @@ let
in
{
options.my.services.nextcloud = {
enable = lib.mkEnableOption "NextCloud";
enable = mkEnableOption "NextCloud";
};
config = lib.mkIf cfg.enable {
config = mkIf cfg.enable {
services.postgresql = {
enable = true;
@ -73,7 +78,7 @@ in
my.services.restic-backup = let
nextcloudHome = config.services.nextcloud.home;
in lib.mkIf cfg.enable {
in mkIf cfg.enable {
paths = [ nextcloudHome ];
exclude = [
# borg can fail if *.part files disappear during backup

7
services/nginx.nix
View file

@ -2,10 +2,15 @@
#
# https://github.com/delroth/infra.delroth.net
{ config, lib, pkgs, ... }:
let
inherit (lib)
mkIf
;
in
{
# Whenever something defines an nginx vhost, ensure that nginx defaults are
# properly set.
config = lib.mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != [ "localhost" ]) {
config = mkIf ((builtins.attrNames config.services.nginx.virtualHosts) != [ "localhost" ]) {
services.nginx = {
enable = true;
statusPage = true; # For monitoring scraping.

9
services/nuage.nix
View file

@ -1,14 +1,17 @@
{ config, lib, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.services.nuage;
my = config.my;
in
{
options.my.services.nuage = {
enable = lib.mkEnableOption "Nuage redirect";
enable = mkEnableOption "Nuage redirect";
};
config = mkIf cfg.enable {

12
services/paperless.nix
View file

@ -1,8 +1,12 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
mkOption
;
cfg = config.my.services.paperless;
my = config.my;
domain = config.networking.domain;
@ -10,8 +14,8 @@ let
secretKeyFile = pkgs.writeText "paperless-secret-key-file.env" my.secrets.paperless.secretKey;
in
{
options.my.services.paperless = {
enable = lib.mkEnableOption "Paperless";
options.my.services.paperless = let inherit (lib) types; in {
enable = mkEnableOption "Paperless";
port = mkOption {
type = types.port;

12
services/pipewire.nix
View file

@ -1,14 +1,18 @@
{ config, lib, pkgs, options, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
optionalAttrs
;
cfg = config.my.services.pipewire;
my = config.my;
in
{
options.my.services.pipewire = {
enable = lib.mkEnableOption "Pipewire sound backend";
enable = mkEnableOption "Pipewire sound backend";
};
# HACK: services.pipewire.alsa doesn't exist on 20.09, avoid evaluating this
@ -69,6 +73,6 @@ in
# FIXME: a shame pactl isn't available by itself, eventually this should be
# replaced by pw-cli or a wrapper, I guess?
environment.systemPackages = with pkgs; [ pulseaudio ];
environment.systemPackages = [ pkgs.pulseaudio ];
});
}

7
services/postgresql-backup.nix
View file

@ -1,8 +1,11 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.services.postgresql-backup;
in {
options.my.services.postgresql-backup = {

22
services/restic-backup.nix
View file

@ -1,16 +1,22 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib)
attrsets
concatStringsSep
mkEnableOption
mkIf
mkOption
optional
;
cfg = config.my.services.restic-backup;
secrets = config.my.secrets;
excludeArg = with builtins; with pkgs;
"--exclude-file=" + (writeText "excludes.txt" (concatStringsSep "\n" cfg.exclude));
excludeArg = "--exclude-file=" + (pkgs.writeText "excludes.txt" (concatStringsSep "\n" cfg.exclude));
makePruneOpts = pruneOpts:
attrsets.mapAttrsToList (name: value: "--keep-${name} ${toString value}") pruneOpts;
in {
options.my.services.restic-backup = {
options.my.services.restic-backup = let inherit (lib) types; in {
enable = mkEnableOption "Enable Restic backups for this host";
repo = mkOption {
@ -22,7 +28,7 @@ in {
};
paths = mkOption {
type = with types; listOf str;
type = types.listOf types.str;
default = [ ];
example = [
"/var/lib"
@ -32,7 +38,7 @@ in {
};
exclude = mkOption {
type = with types; listOf str;
type = types.listOf types.str;
default = [ ];
example = [
# very large paths
@ -71,7 +77,7 @@ in {
environmentFile = "/root/restic/creds";
extraBackupArgs = [ "--verbose=2" ]
++ optional (builtins.length cfg.exclude != 0) excludeArg;
++ optional (builtins.length cfg.exclude != 0) excludeArg;
timerConfig = {
OnCalendar = "daily";

11
services/tailscale.nix
View file

@ -1,16 +1,19 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.services.tailscale;
in
{
options.my.services.tailscale = {
enable = lib.mkEnableOption "Tailscale";
enable = mkEnableOption "Tailscale";
# NOTE: still have to do `tailscale up --advertise-exit-node`
exitNode = lib.mkEnableOption "Use as exit node";
exitNode = mkEnableOption "Use as exit node";
};
config = mkIf cfg.enable {

9
services/tgv.nix
View file

@ -1,14 +1,17 @@
{ config, lib, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
;
cfg = config.my.services.tgv;
my = config.my;
in
{
options.my.services.tgv = {
enable = lib.mkEnableOption "TGV redirect";
enable = mkEnableOption "TGV redirect";
};
config = mkIf cfg.enable {

10
services/transmission.nix
View file

@ -1,5 +1,11 @@
{ config, lib, ... }:
let
inherit (lib)
mkEnableOption
mkIf
mkOption
;
cfg = config.my.services.transmission;
domain = config.networking.domain;
@ -11,7 +17,7 @@ let
downloadBase = "/media/torrents/";
in
{
options.my.services.transmission = with lib; {
options.my.services.transmission = let inherit (lib) types; in {
enable = mkEnableOption "Transmission torrent client";
username = mkOption {
@ -28,7 +34,7 @@ in
};
};
config = lib.mkIf cfg.enable {
config = mkIf cfg.enable {
services.transmission = {
enable = true;
group = "media";

10
services/vaultwarden.nix
View file

@ -1,14 +1,18 @@
{ config, lib, pkgs, ... }:
with lib;
let
inherit (lib)
mkEnableOption
mkIf
mkOption
;
cfg = config.my.services.vaultwarden;
my = config.my;
domain = config.networking.domain;
in {
options.my.services.vaultwarden = {
options.my.services.vaultwarden = let inherit (lib) types; in {
enable = mkEnableOption "Vaultwarden";
privatePort = mkOption {