format

2024-02-26 18:26:21 +00:00 · 2024-02-26 18:26:21 +00:00 · a8b581f499
commit a8b581f499
parent 7fc3164ab8
12 changed files with 81 additions and 64 deletions
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -113,6 +113,6 @@ in {

  services.prometheus.exporters.node = {
    enable = true;
-    enabledCollectors = [ "systemd" ];
+    enabledCollectors = ["systemd"];
  };
 }
--- a/nixos/services/anki.nix
+++ b/nixos/services/anki.nix
@ -1,8 +1,7 @@
-{config, ...}:
-let
+{config, ...}: let
  anki = config.services.anki-sync-server;
  secrets = config.sops.secrets;
-  domain = "tristans.cloud";
+  domain = config.networking.domain;
 in {
  sops.secrets."anki/password" = {
    owner = "anki";
@ -21,11 +20,14 @@ in {
  services.nginx.virtualHosts."anki.${domain}" = {
    forceSSL = true;
    enableACME = true;
-    locations."~".proxyPass  = "http://localhost:${toString anki.port}";
+    locations."~".proxyPass = "http://localhost:${toString anki.port}";
  };

  # TODO: this really ought to be part of the nixpkgs anki-sync-server module
-  users.users.anki = { group = "anki"; isSystemUser = true; };
+  users.users.anki = {
+    group = "anki";
+    isSystemUser = true;
+  };
  users.groups.anki = {};
  systemd.services.anki-sync-server.serviceConfig.User = "anki";
 }
--- a/nixos/services/forgejo.nix
+++ b/nixos/services/forgejo.nix
@ -8,6 +8,7 @@ in {
    settings = {
      server = {
        ROOT_URL = "https://${cfg.settings.server.DOMAIN}";
+        DOMAIN = "git.${config.networking.domain}";
      };
      service = {
        DISABLE_REGISTRATION = true;
--- a/nixos/services/grafana.nix
+++ b/nixos/services/grafana.nix
@ -10,6 +10,7 @@ in {
    settings = {
      server = {
        root_url = "https://${cfg.settings.server.domain}";
+        domain = "monitor.${config.networking.domain}";
      };
      "auth.generic_oauth" = {
        enabled = true;
@ -21,8 +22,7 @@ in {
        token_url = "https://auth.tristans.cloud/application/o/token/";
        api_url = "https://auth.tristans.cloud/application/o/userinfo/";
        redirect_url = "https://auth.tristans.cloud/application/o/grafana/end-session/";
-        role_attribute_path =
-          "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'";
+        role_attribute_path = "contains(groups[*], 'Grafana Admins') && 'Admin' || contains(groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'";
      };
    };
  };
--- a/nixos/services/nextcloud.nix
+++ b/nixos/services/nextcloud.nix
@ -1,5 +1,8 @@
-{config, pkgs, ...}:
-let
+{
+  config,
+  pkgs,
+  ...
+}: let
  nextcloud = config.services.nextcloud;
  secrets = config.sops.secrets;
  sops = config.sops;
@ -19,11 +22,12 @@ in {
    };
  };

-  environment.systemPackages = with pkgs; [ ffmpeg ];
+  environment.systemPackages = with pkgs; [ffmpeg];

  services.nextcloud = {
    enable = true;
    https = true;
+    hostName = "files.${config.networking.domain}";
    configureRedis = true;
    config = {
      adminpassFile = secrets."nextcloud/admin_password".path;
--- a/nixos/services/prometheus.nix
+++ b/nixos/services/prometheus.nix
@ -1,21 +1,21 @@
-{config, ...}:
-let
-  inherit ( config.services ) prometheus;
+{config, ...}: let
+  inherit (config.services) prometheus;
  nodes = [
    "100.65.29.110"
    "100.106.241.122"
  ];
  addPort = ip: "${ip}:${toString prometheus.exporters.node.port}";
-in
-{
+in {
  services.prometheus = {
    enable = true;
    scrapeConfigs = [
      {
        job_name = "nodes";
-        static_configs = [{
-          targets = builtins.map addPort nodes;
-        }];
+        static_configs = [
+          {
+            targets = builtins.map addPort nodes;
+          }
+        ];
      }
    ];
  };
--- a/nixos/services/synapse.nix
+++ b/nixos/services/synapse.nix
@ -1,5 +1,9 @@
-{pkgs, config, lib, ...}:
-let
+{
+  pkgs,
+  config,
+  lib,
+  ...
+}: let
  fqdn = "${hostname}.${domain}";
  domain = "tristans.cloud";
  hostname = "matrix";
@ -12,7 +16,6 @@ let
  inherit (config) sops;
  inherit (config.services) matrix-synapse;
  inherit (sops) secrets templates;
-
 in {
  services.postgresql.enable = true;
  services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
@ -32,21 +35,23 @@ in {
    "synapse/secrets.yaml" = {
      owner = "matrix-synapse";
      content = builtins.toJSON {
-        oidc_providers = [{
-          idp_id = "authentik";
-          idp_name = "authentik";
-          discover = true;
-          issuer = "https://auth.tristans.cloud/application/o/chat/";
-          client_id = "fdad520e8c57f228aaa658aa74d5e00ba9b164a3";
-          client_secret = sops.placeholder."synapse/oidc_client_secret";
-          scopes = ["openid" "profile" "email"];
-          user_mapping_provider = {
-            config = {
-              localpart_template= "{{ user.preferred_username }}";
-              display_name_template= "{{ user.name|capitalize }}";
+        oidc_providers = [
+          {
+            idp_id = "authentik";
+            idp_name = "authentik";
+            discover = true;
+            issuer = "https://auth.tristans.cloud/application/o/chat/";
+            client_id = "fdad520e8c57f228aaa658aa74d5e00ba9b164a3";
+            client_secret = sops.placeholder."synapse/oidc_client_secret";
+            scopes = ["openid" "profile" "email"];
+            user_mapping_provider = {
+              config = {
+                localpart_template = "{{ user.preferred_username }}";
+                display_name_template = "{{ user.name|capitalize }}";
+              };
            };
-          };
-        }];
+          }
+        ];
      };
    };
    "synapse/sliding_sync_env".content = ''
@ -62,17 +67,21 @@ in {
      server_name = domain;
      baseurl = "https://${domain}";
      oidc_providers = [];
-      settings.listeners = [ {
-        inherit port;
-        bind_addresses = [ "localhost" ];
-        type = "http";
-        tls = false;
-        x_forwarded = true;
-        resources = [ {
-          names = [ "client" "federation" ];
-          compress = true;
-        } ];
-      } ];
+      settings.listeners = [
+        {
+          inherit port;
+          bind_addresses = ["localhost"];
+          type = "http";
+          tls = false;
+          x_forwarded = true;
+          resources = [
+            {
+              names = ["client" "federation"];
+              compress = true;
+            }
+          ];
+        }
+      ];
    };
  };

--- a/nixos/services/vaultwarden.nix
+++ b/nixos/services/vaultwarden.nix
@ -1,6 +1,6 @@
 {config, ...}: let
  cfg = config.services.vaultwarden;
-  domain = "vault.tristans.cloud";
+  domain = "vault.${config.networking.domain}";
 in {
  services.vaultwarden = {
    enable = true;
--- a/nixos/services/whatsapp.nix
+++ b/nixos/services/whatsapp.nix
@ -0,0 +1,5 @@
+{
+  services.mautrix-whatsapp = {
+    enable = true;
+  };
+}