nix fmt rcf-style

2024-10-27 12:33:35 +01:00 · 2024-10-27 12:33:35 +01:00 · b9adba3225
commit b9adba3225
parent b78e40ad6a
35 changed files with 270 additions and 238 deletions
--- a/hosts/hetzner-vpn1/default.nix
+++ b/hosts/hetzner-vpn1/default.nix
@ -1,42 +1,34 @@
-{
-  nixpkgs,
-  common-modules,
-  ...
-}:
+{ nixpkgs, common-modules, ... }:
 nixpkgs.lib.nixosSystem {
  system = "aarch64-linux";
-  modules =
-    common-modules
-    ++ [
-      ./hardware.nix
-      ./nginx.nix
-      ../../users/vinzenz.nix
-      ../../users/ronja.nix
-      {
-        networking.hostName = "hetzner-vpn1";
-      }
-      {
-        # uncomment for build check on non arm system (requires --impure)
-        # nixpkgs.buildPlatform = builtins.currentSystem;
-      }
-      {
-        users.users = {
-          root.openssh.authorizedKeys.keys = [
-            ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
-            ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
-            ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
-            ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
-          ];
-          vinzenz.openssh.authorizedKeys.keys = [
-            ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
-            ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
-            ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
-            ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
-          ];
-          ronja.openssh.authorizedKeys.keys = [
-            ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
-          ];
-        };
-      }
-    ];
+  modules = common-modules ++ [
+    ./hardware.nix
+    ./nginx.nix
+    ../../users/vinzenz.nix
+    ../../users/ronja.nix
+    { networking.hostName = "hetzner-vpn1"; }
+    {
+      # uncomment for build check on non arm system (requires --impure)
+      # nixpkgs.buildPlatform = builtins.currentSystem;
+    }
+    {
+      users.users = {
+        root.openssh.authorizedKeys.keys = [
+          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
+          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
+          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
+          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
+        ];
+        vinzenz.openssh.authorizedKeys.keys = [
+          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICdYqY3Y1/f1bsAi5Qfyr/UWuX9ixu96IeAlhoQaJkbf''
+          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFCJUpbpB3KEKVoKWsKoar9J4RNah8gmQoSH6jQEw5dY vinzenz-pixel-JuiceSSH''
+          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO1CRn4yYTL4XUdCebE8Z4ZeuMujBjorTdWifg911EOv vinzenz-pc2 home roaming''
+          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPDNpLDmctyqGpow/ElQvdhY4BLBPS/sigDJ1QEcC7wC vinzenz-lpt2-roaming''
+        ];
+        ronja.openssh.authorizedKeys.keys = [
+          ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALWKm+d6KL6Vl3grPOcGouiNTkvdhXuWJmcrdEBY2nw ronja-ssh-host-key''
+        ];
+      };
+    }
+  ];
 }
--- a/hosts/hetzner-vpn1/hardware.nix
+++ b/hosts/hetzner-vpn1/hardware.nix
@ -1,11 +1,6 @@
+{ lib, modulesPath, ... }:
 {
-  lib,
-  modulesPath,
-  ...
-}: {
-  imports = [
-    (modulesPath + "/profiles/qemu-guest.nix")
-  ];
+  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];

  config = {
    nixpkgs = {
@ -26,8 +21,12 @@
        };
      };
      initrd = {
-        availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
-        kernelModules = ["nvme"];
+        availableKernelModules = [
+          "ata_piix"
+          "uhci_hcd"
+          "xen_blkfront"
+        ];
+        kernelModules = [ "nvme" ];
      };
    };

@ -48,7 +47,7 @@
    # This file was populated at runtime with the networking
    # details gathered from the active system.
    networking = {
-      nameservers = ["8.8.8.8"];
+      nameservers = [ "8.8.8.8" ];
      defaultGateway = "172.31.1.1";
      defaultGateway6 = {
        address = "fe80::1";
--- a/hosts/hetzner-vpn1/nginx.nix
+++ b/hosts/hetzner-vpn1/nginx.nix
@ -1,8 +1,5 @@
+{ pkgs, lib, ... }:
 {
-  pkgs,
-  lib,
-  ...
-}: {
  security.acme = {
    acceptTerms = true;
    defaults.email = "acme@zerforschen.plus";
@ -10,46 +7,51 @@

  security.pam.services.nginx.setEnvironment = false;
  systemd.services.nginx.serviceConfig = {
-    SupplementaryGroups = ["shadow"];
+    SupplementaryGroups = [ "shadow" ];
  };

  services.nginx = {
    enable = true;
-    additionalModules = [pkgs.nginxModules.pam];
+    additionalModules = [ pkgs.nginxModules.pam ];

    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;

-    virtualHosts = let
-      servicesDomain = "services.zerforschen.plus";
-      mkServiceConfig = host: port: {
-        addSSL = true;
-        enableACME = true;
-        locations."/" = {
-          proxyPass = "http://${host}:${toString port}/";
-          extraConfig = ''
-            # bind to tailscale ip
-            proxy_bind 100.88.118.60;
-            # pam auth
-            limit_except OPTIONS {
-              auth_pam  "Password Required";
-              auth_pam_service_name "nginx";
-            }
-          '';
+    virtualHosts =
+      let
+        servicesDomain = "services.zerforschen.plus";
+        mkServiceConfig = host: port: {
+          addSSL = true;
+          enableACME = true;
+          locations."/" = {
+            proxyPass = "http://${host}:${toString port}/";
+            extraConfig = ''
+              # bind to tailscale ip
+              proxy_bind 100.88.118.60;
+              # pam auth
+              limit_except OPTIONS {
+                auth_pam  "Password Required";
+                auth_pam_service_name "nginx";
+              }
+            '';
+          };
        };
+        pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net";
+      in
+      {
+        "vscode.${servicesDomain}" = lib.mkMerge [
+          (mkServiceConfig pc2 8542)
+          { locations."/".proxyWebsockets = true; }
+        ];
+        "preon-app.${servicesDomain}" = mkServiceConfig pc2 8543;
+        "preon-api.${servicesDomain}" = mkServiceConfig pc2 8544;
      };
-      pc2 = "vinzenz-pc2.donkey-pentatonic.ts.net";
-    in {
-      "vscode.${servicesDomain}" = lib.mkMerge [
-        (mkServiceConfig pc2 8542)
-        {locations."/" .proxyWebsockets = true;}
-      ];
-      "preon-app.${servicesDomain}" = mkServiceConfig pc2 8543;
-      "preon-api.${servicesDomain}" = mkServiceConfig pc2 8544;
-    };
  };

-  networking.firewall.allowedTCPPorts = [80 443];
+  networking.firewall.allowedTCPPorts = [
+    80
+    443
+  ];
 }