RuJect/nixos-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: apply nix fmt

Browse source
This commit is contained in:
Rustam Efimov 2026-04-01 09:54:15 +03:00
parent caa6948199
commit e2bd4444d2
No known key found for this signature in database
47 changed files with 274 additions and 187 deletions
Download patch file Download diff file Expand all files Collapse all files

6
hosts/velarion/machine.nix
View file

@ -1,11 +1,13 @@
{dns, ...}: let { dns, ... }:
let
domain = "ruject.fun"; domain = "ruject.fun";
database = { database = {
host = "127.0.0.1"; host = "127.0.0.1";
port = 5432; port = 5432;
}; };
ipv4 = "94.156.112.0"; ipv4 = "94.156.112.0";
in { in
{
services.nginx.enable = true; services.nginx.enable = true;
machine = { machine = {
gateway = "10.0.0.1"; gateway = "10.0.0.1";

3
services/bind/firewall.nix
View file

@ -6,7 +6,8 @@
let let
cfg = config.machine.bind; cfg = config.machine.bind;
in in
with lib; mkIf cfg.enable { with lib;
mkIf cfg.enable {
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ cfg.port ]; allowedTCPPorts = [ cfg.port ];
allowedUDPPorts = [ cfg.port ]; allowedUDPPorts = [ cfg.port ];

3
services/bind/service.nix
View file

@ -7,7 +7,8 @@
let let
cfg = config.machine.bind; cfg = config.machine.bind;
in in
with lib; mkIf cfg.enable { with lib;
mkIf cfg.enable {
services.bind = { services.bind = {
enable = cfg.enable; enable = cfg.enable;
listenOnPort = cfg.port; listenOnPort = cfg.port;

3
services/code-server/nginx.nix
View file

@ -6,7 +6,8 @@
let let
cfg = config.machine.code-server; cfg = config.machine.code-server;
in in
with lib; mkIf cfg.enable { with lib;
mkIf cfg.enable {
services.nginx.virtualHosts = mkIf (cfg.domain != null) { services.nginx.virtualHosts = mkIf (cfg.domain != null) {
${cfg.domain} = { ${cfg.domain} = {
enableACME = true; enableACME = true;

3
services/code-server/options.nix
View file

@ -6,7 +6,8 @@
let let
cfg = config.machine.code-server; cfg = config.machine.code-server;
in in
with lib; { with lib;
{
options.machine.code-server = { options.machine.code-server = {
enable = mkEnableOption "code-server"; enable = mkEnableOption "code-server";
port = mkOption { port = mkOption {

3
services/code-server/service.nix
View file

@ -7,7 +7,8 @@
let let
cfg = config.machine.code-server; cfg = config.machine.code-server;
in in
with lib; mkIf cfg.enable { with lib;
mkIf cfg.enable {
services.code-server = { services.code-server = {
enable = cfg.enable; enable = cfg.enable;
port = cfg.port; port = cfg.port;

3
services/coturn/firewall.nix
View file

@ -6,7 +6,8 @@
let let
cfg = config.machine.coturn; cfg = config.machine.coturn;
in in
with lib; mkIf cfg.enable { with lib;
mkIf cfg.enable {
networking.firewall = { networking.firewall = {
interfaces.enp2s0 = interfaces.enp2s0 =
let let

3
services/coturn/service.nix
View file

@ -12,7 +12,8 @@ let
realm realm
; ;
in in
with lib; mkIf enable { with lib;
mkIf enable {
services.coturn = rec { services.coturn = rec {
inherit realm enable; inherit realm enable;
no-cli = true; no-cli = true;

3
services/forgejo/mail.nix
View file

@ -9,7 +9,8 @@ let
inherit (config.machine.forgejo) domain; inherit (config.machine.forgejo) domain;
address = "noreply@${domain}"; address = "noreply@${domain}";
in in
with lib; mkIf config.machine.mail.enable { with lib;
mkIf config.machine.mail.enable {
services.forgejo = { services.forgejo = {
secrets = { secrets = {
mailer.PASSWD = sec."mail/servicePassword".path; mailer.PASSWD = sec."mail/servicePassword".path;

7
services/forgejo/network.nix
View file

@ -10,12 +10,15 @@ let
port port
; ;
in in
with lib; mkIf enable { with lib;
mkIf enable {
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ port ]; allowedTCPPorts = [ port ];
}; };
services.nginx.virtualHosts = with lib; mkIf (domain != null) { services.nginx.virtualHosts =
with lib;
mkIf (domain != null) {
"${domain}" = { "${domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

3
services/forgejo/runners.nix
View file

@ -9,7 +9,8 @@ let
url = config.services.forgejo.settings.server.ROOT_URL; url = config.services.forgejo.settings.server.ROOT_URL;
cfg = config.machine.forgejo; cfg = config.machine.forgejo;
in in
with lib; mkIf cfg.enableRunner { with lib;
mkIf cfg.enableRunner {
sops.secrets = { sops.secrets = {
"forgejo/runnerToken" = { "forgejo/runnerToken" = {
sopsFile = ./../../secrets/common.yaml; sopsFile = ./../../secrets/common.yaml;

3
services/forgejo/tmpfiles.nix
View file

@ -7,7 +7,8 @@ let
cfg = config.machine.forgejo; cfg = config.machine.forgejo;
customDir = config.services.forgejo.customDir; customDir = config.services.forgejo.customDir;
in in
with lib; mkIf cfg.enable { with lib;
mkIf cfg.enable {
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d '${customDir}/templates' - forgejo forgejo - -" "d '${customDir}/templates' - forgejo forgejo - -"
"d '${customDir}/public' - forgejo forgejo - -" "d '${customDir}/public' - forgejo forgejo - -"

3
services/mail/rspamd.nix
View file

@ -6,7 +6,8 @@
let let
inherit (config.machine.mail) enable; inherit (config.machine.mail) enable;
in in
with lib; mkIf enable { with lib;
mkIf enable {
services.rspamd = { services.rspamd = {
enable = true; enable = true;
overrides = { overrides = {

3
services/mail/tmpfiles.nix
View file

@ -7,7 +7,8 @@
let let
inherit (config.machine.mail) enable; inherit (config.machine.mail) enable;
in in
with lib; mkIf enable { with lib;
mkIf enable {
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"C /var/dkim/default.private 0600 root root - - ${sec.dkim_default_private.path}" "C /var/dkim/default.private 0600 root root - - ${sec.dkim_default_private.path}"
]; ];

3
services/minecraft-server/firewall.nix
View file

@ -9,7 +9,8 @@ let
port port
; ;
in in
with lib; mkIf enable { with lib;
mkIf enable {
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
port port
]; ];

3
services/minecraft-server/service.nix
View file

@ -10,7 +10,8 @@ let
port port
; ;
in in
with lib; mkIf enable { with lib;
mkIf enable {
services.minecraft-server = { services.minecraft-server = {
inherit enable; inherit enable;
dataDir = "/var/lib/minecraft"; dataDir = "/var/lib/minecraft";

3
services/mysql/firewall.nix
View file

@ -6,7 +6,8 @@
let let
cfg = config.machine.mysql; cfg = config.machine.mysql;
in in
with lib; mkIf cfg.enable { with lib;
mkIf cfg.enable {
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ cfg.port ]; allowedTCPPorts = [ cfg.port ];
}; };

3
services/mysql/service.nix
View file

@ -10,7 +10,8 @@ let
enable enable
; ;
in in
with lib; mkIf enable { with lib;
mkIf enable {
services.mysql = { services.mysql = {
inherit enable; inherit enable;
package = pkgs.mysql84; package = pkgs.mysql84;

7
services/navidrome/service.nix
View file

@ -11,8 +11,11 @@ let
folder folder
; ;
in in
with lib; mkIf enable { with lib;
services.nginx.virtualHosts = with lib; mkIf (domain != null) { mkIf enable {
services.nginx.virtualHosts =
with lib;
mkIf (domain != null) {
"${domain}" = { "${domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

10
services/networking/service.nix
View file

@ -1,8 +1,14 @@
{ config, lib, hostname, ... }: {
config,
lib,
hostname,
...
}:
let let
inherit (config.machine) ipv4 gateway; inherit (config.machine) ipv4 gateway;
in in
with lib; { with lib;
{
networking = { networking = {
hostName = hostname; hostName = hostname;
networkmanager.enable = mkDefault true; networkmanager.enable = mkDefault true;

7
services/nextcloud/database.nix
View file

@ -7,7 +7,8 @@ let
pgsqlEnable = config.machine.postgresql.enable; pgsqlEnable = config.machine.postgresql.enable;
cfg = config.machine.nextcloud; cfg = config.machine.nextcloud;
in in
with lib; mkIf cfg.enable { with lib;
mkIf cfg.enable {
services.nextcloud.config = services.nextcloud.config =
if pgsqlEnable then if pgsqlEnable then
{ {
@ -20,7 +21,9 @@ with lib; mkIf cfg.enable {
dbhost = "localhost"; dbhost = "localhost";
}; };
services.postgresql = with lib; mkIf pgsqlEnable { services.postgresql =
with lib;
mkIf pgsqlEnable {
ensureDatabases = [ "nextcloud" ]; ensureDatabases = [ "nextcloud" ];
ensureUsers = [ ensureUsers = [
{ {

3
services/nextcloud/mail.nix
View file

@ -11,7 +11,8 @@ let
; ;
address = "noreply@${host}"; address = "noreply@${host}";
in in
with lib; mkIf enable { with lib;
mkIf enable {
services.nextcloud = { services.nextcloud = {
settings = { settings = {
mail_smtpmode = "smtp"; mail_smtpmode = "smtp";

3
services/nextcloud/service.nix
View file

@ -8,7 +8,8 @@
let let
cfg = config.machine.nextcloud; cfg = config.machine.nextcloud;
in in
with lib; mkIf cfg.enable { with lib;
mkIf cfg.enable {
services.nextcloud = { services.nextcloud = {
enable = cfg.enable; enable = cfg.enable;
appstoreEnable = false; appstoreEnable = false;

3
services/nginx/acme.nix
View file

@ -1,5 +1,6 @@
{ lib, config, ... }: { lib, config, ... }:
with lib; mkIf (config.services.nginx.enable) { with lib;
mkIf (config.services.nginx.enable) {
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { defaults = {

3
services/nginx/firewall.nix
View file

@ -6,7 +6,8 @@
let let
inherit (config.services.nginx) enable; inherit (config.services.nginx) enable;
in in
with lib; mkIf enable { with lib;
mkIf enable {
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
80 80
443 443

3
services/postgresql/service.nix
View file

@ -10,7 +10,8 @@ let
enable enable
; ;
in in
with lib; mkIf enable { with lib;
mkIf enable {
services.postgresql = { services.postgresql = {
inherit enable; inherit enable;
settings = { settings = {

3
services/prometheus/service.nix
View file

@ -9,7 +9,8 @@ let
port port
; ;
in in
with lib; mkIf enable { with lib;
mkIf enable {
services.prometheus = { services.prometheus = {
inherit enable port; inherit enable port;
}; };

3
services/prosody/firewall.nix
View file

@ -8,7 +8,8 @@ let
enable enable
; ;
in in
with lib; mkIf enable { with lib;
mkIf enable {
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
# HTTP filer # HTTP filer

7
services/prosody/nginx.nix
View file

@ -11,7 +11,8 @@ let
localhost = "http://localhost:5280"; localhost = "http://localhost:5280";
in in
with lib; mkIf enable { with lib;
mkIf enable {
security.acme.certs."${domain}".extraDomainNames = [ security.acme.certs."${domain}".extraDomainNames = [
"conference.${domain}" "conference.${domain}"
"upload.${domain}" "upload.${domain}"
@ -19,7 +20,9 @@ with lib; mkIf enable {
users.groups.acme.members = [ users.groups.acme.members = [
"prosody" "prosody"
]; ];
services.nginx.virtualHosts = with lib; mkIf (domain != null) { services.nginx.virtualHosts =
with lib;
mkIf (domain != null) {
"${domain}".locations = { "${domain}".locations = {
"= /xmpp-websocket" = { "= /xmpp-websocket" = {
proxyPass = localhost; proxyPass = localhost;

3
services/prosody/service.nix
View file

@ -12,7 +12,8 @@ let
sslCertDir = config.security.acme.certs."${domain}".directory; sslCertDir = config.security.acme.certs."${domain}".directory;
in in
with lib; mkIf enable { with lib;
mkIf enable {
services.prosody = { services.prosody = {
inherit enable; inherit enable;

3
services/redis/service.nix
View file

@ -10,7 +10,8 @@ let
enable enable
; ;
in in
with lib; mkIf enable { with lib;
mkIf enable {
sops.secrets = { sops.secrets = {
"redis/password" = { }; "redis/password" = { };
}; };

3
services/roundcube/service.nix
View file

@ -10,7 +10,8 @@ let
domain domain
; ;
in in
with lib; mkIf enable { with lib;
mkIf enable {
services.roundcube = { services.roundcube = {
inherit enable; inherit enable;
dicts = with pkgs.aspellDicts; [ dicts = with pkgs.aspellDicts; [

11
services/synapse/database.nix
View file

@ -7,8 +7,11 @@ let
pgsqlEnable = config.machine.postgresql.enable; pgsqlEnable = config.machine.postgresql.enable;
inherit (config.machine.synapse) enable; inherit (config.machine.synapse) enable;
in in
with lib; mkIf enable { with lib;
services.postgresql = with lib; mkIf pgsqlEnable { mkIf enable {
services.postgresql =
with lib;
mkIf pgsqlEnable {
ensureUsers = [ ensureUsers = [
{ {
name = "matrix-synapse"; name = "matrix-synapse";
@ -19,7 +22,9 @@ with lib; mkIf enable {
}; };
services.matrix-synapse.settings.database = { services.matrix-synapse.settings.database = {
name = if pgsqlEnable then "psycopg2" else "sqlite3"; name = if pgsqlEnable then "psycopg2" else "sqlite3";
args = with lib; mkIf pgsqlEnable { args =
with lib;
mkIf pgsqlEnable {
host = "/run/postgresql"; host = "/run/postgresql";
}; };
}; };

3
services/synapse/element.nix
View file

@ -52,7 +52,8 @@ let
}; };
}; };
in in
with lib; mkIf enable { with lib;
mkIf enable {
services.nginx.virtualHosts.${domain} = { services.nginx.virtualHosts.${domain} = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;

3
services/synapse/mail.nix
View file

@ -11,7 +11,8 @@ let
; ;
address = "noreply@${domain}"; address = "noreply@${domain}";
in in
with lib; mkIf (enable && config.machine.mail.enable) { with lib;
mkIf (enable && config.machine.mail.enable) {
services.matrix-synapse = { services.matrix-synapse = {
settings = { settings = {
admin_contact = address; admin_contact = address;

3
services/synapse/redis.nix
View file

@ -7,7 +7,8 @@ let
redisEnable = config.machine.redis.enable; redisEnable = config.machine.redis.enable;
inherit (config.machine.synapse) enable; inherit (config.machine.synapse) enable;
in in
with lib; mkIf (redisEnable && enable) { with lib;
mkIf (redisEnable && enable) {
services.redis.servers.matrix-synapse = { services.redis.servers.matrix-synapse = {
enable = true; enable = true;
}; };

7
services/synapse/secrets.nix
View file

@ -8,7 +8,8 @@ let
enable enable
; ;
in in
with lib; mkIf enable { with lib;
mkIf enable {
sops.secrets = { sops.secrets = {
"matrix/registrationSharedSecret" = { "matrix/registrationSharedSecret" = {
sopsFile = ./../../secrets/common.yaml; sopsFile = ./../../secrets/common.yaml;
@ -40,7 +41,9 @@ with lib; mkIf enable {
smtp_pass: ${config.sops.placeholder."mail/servicePassword"} smtp_pass: ${config.sops.placeholder."mail/servicePassword"}
''; '';
}; };
services.matrix-synapse.extraConfigFiles = with lib; mkIf config.machine.synapse.enable [ services.matrix-synapse.extraConfigFiles =
with lib;
mkIf config.machine.synapse.enable [
config.sops.templates.matrix-synapse-config.path config.sops.templates.matrix-synapse-config.path
]; ];
} }

3
services/synapse/synapse.nix
View file

@ -12,7 +12,8 @@ let
metrics metrics
; ;
in in
with lib; mkIf enable { with lib;
mkIf enable {
services.matrix-synapse = { services.matrix-synapse = {
inherit enable; inherit enable;
enableRegistrationScript = true; enableRegistrationScript = true;

3
services/synapse/turn.nix
View file

@ -6,7 +6,8 @@
let let
inherit (config.machine.coturn) enable; inherit (config.machine.coturn) enable;
in in
with lib; mkIf (enable && config.machine.coturn.enable) { with lib;
mkIf (enable && config.machine.coturn.enable) {
services.matrix-synapse.settings = with config.services.coturn; { services.matrix-synapse.settings = with config.services.coturn; {
turn_uris = [ turn_uris = [
"turn:${realm}:3478?transport=udp" "turn:${realm}:3478?transport=udp"

7
services/uptime-kuma/service.nix
View file

@ -10,7 +10,8 @@ let
port port
; ;
in in
with lib; mkIf enable { with lib;
mkIf enable {
services.uptime-kuma = { services.uptime-kuma = {
inherit enable; inherit enable;
settings = { settings = {
@ -18,7 +19,9 @@ with lib; mkIf enable {
}; };
}; };
services.nginx.virtualHosts = with lib; mkIf (domain != null) { services.nginx.virtualHosts =
with lib;
mkIf (domain != null) {
"${domain}" = { "${domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

7
services/vaultwarden/service.nix
View file

@ -10,12 +10,15 @@ let
port port
; ;
in in
with lib; mkIf enable { with lib;
mkIf enable {
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ port ]; allowedTCPPorts = [ port ];
}; };
services.nginx.virtualHosts = with lib; mkIf (domain != null) { services.nginx.virtualHosts =
with lib;
mkIf (domain != null) {
"${domain}" = { "${domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;

3
services/xray-3x-ui/firewall.nix
View file

@ -9,7 +9,8 @@ let
port port
; ;
in in
with lib; mkIf enable { with lib;
mkIf enable {
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
# Web panel # Web panel
port port

21
services/xray-3x-ui/nginx.nix
View file

@ -2,17 +2,22 @@
lib, lib,
config, config,
... ...
}: let }:
inherit let
(config.machine.xray-3x-ui) inherit (config.machine.xray-3x-ui)
enable enable
port port
domain domain
subscriptions subscriptions
; ;
in { in
services.nginx.virtualHosts = with lib; mkIf enable { {
${domain} = with lib; mkIf (domain != null) { services.nginx.virtualHosts =
with lib;
mkIf enable {
${domain} =
with lib;
mkIf (domain != null) {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {
@ -26,7 +31,9 @@ in {
''; '';
}; };
}; };
${subscriptions.domain} = with lib; mkIf (subscriptions.domain != null) { ${subscriptions.domain} =
with lib;
mkIf (subscriptions.domain != null) {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {

28
services/xray-3x-ui/service.nix
View file

@ -1,6 +1,11 @@
# See https://github.com/sunmeplz/xray-3x-ui # See https://github.com/sunmeplz/xray-3x-ui
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
with lib; with lib;
@ -11,8 +16,7 @@ let
minGoVersion = "1.26.0"; minGoVersion = "1.26.0";
xray-3x-ui = xray-3x-ui =
assert assertMsg assert assertMsg (versionAtLeast pkgs.go.version minGoVersion)
(versionAtLeast pkgs.go.version minGoVersion)
"3x-ui requires Go >= ${minGoVersion}, but ${pkgs.go.version} is available"; "3x-ui requires Go >= ${minGoVersion}, but ${pkgs.go.version} is available";
pkgs.buildGoModule rec { pkgs.buildGoModule rec {
@ -28,7 +32,10 @@ let
vendorHash = "sha256-M8YQTMfF/xZut4hxUcAfF2xGK625vwJNp4JS/zoXUCQ="; vendorHash = "sha256-M8YQTMfF/xZut4hxUcAfF2xGK625vwJNp4JS/zoXUCQ=";
ldflags = [ "-s" "-w" ]; ldflags = [
"-s"
"-w"
];
meta = with lib; { meta = with lib; {
description = "Xray panel supporting multi-protocol multi-user"; description = "Xray panel supporting multi-protocol multi-user";
@ -39,7 +46,8 @@ let
}; };
}; };
in { in
{
# Service implementation # Service implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
# User and group configuration # User and group configuration
@ -85,8 +93,14 @@ in {
Group = "xray-3x-ui"; Group = "xray-3x-ui";
StateDirectory = "3x-ui 3x-ui/bin 3x-ui/logs"; StateDirectory = "3x-ui 3x-ui/bin 3x-ui/logs";
StateDirectoryMode = "0755"; StateDirectoryMode = "0755";
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" "CAP_NET_ADMIN" ]; AmbientCapabilities = [
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" "CAP_NET_ADMIN" ]; "CAP_NET_BIND_SERVICE"
"CAP_NET_ADMIN"
];
CapabilityBoundingSet = [
"CAP_NET_BIND_SERVICE"
"CAP_NET_ADMIN"
];
}; };
}; };