chris/sneeuwvlok
chris/sneeuwvlok
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wooooooot, we're compiling again

Browse source
This commit is contained in:
Chris Kruining 2026-03-26 14:00:25 +01:00
parent 97b63074f0
commit ba7c3392b9
No known key found for this signature in database
GPG key ID: EB894A3560CCCAD2
94 changed files with 654 additions and 677 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/nixos/services/authentication/authelia/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/nixos/services/authentication/himmelblau/default.nix
View file

@ -1,7 +1,6 @@
{
lib,
config,
namespace,
...
}: let
inherit (lib) mkEnableOption mkIf;

6
modules/nixos/services/authentication/zitadel/default.nix
View file

@ -1,7 +1,7 @@
{ config, lib, pkgs, namespace, terranixLib, sneeuwvlokLib, ... }:
{ config, lib, pkgs, self, ... }:
let
inherit (lib) mkIf mkEnableOption mkOption types toUpper toSentenceCase nameValuePair mapAttrs mapAttrs' concatMapAttrs concatMapStringsSep filterAttrsRecursive listToAttrs imap0 head drop length literalExpression attrNames;
inherit (sneeuwvlokLib.strings) toSnakeCase;
inherit ((import ../../../../../lib/strings { inherit lib;}).strings) toSnakeCase;
cfg = config.sneeuwvlok.services.authentication.zitadel;
@ -339,7 +339,7 @@ in
config' = config;
# this is a nix package, the generated json file to be exact
terraformConfiguration = terranixLib.terranixConfiguration {
terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration {
system = pkgs.stdenv.hostPlatform.system;
modules = [

11
modules/nixos/services/backup/borg/default.nix
View file

@ -1,10 +1,13 @@
{ config, lib, pkgs, namespace, ... }:
let
{
config,
lib,
pkgs,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.services.backup.borg;
in
{
in {
options.sneeuwvlok.services.backup.borg = {
enable = mkEnableOption "Borg Backup";
};

1
modules/nixos/services/communication/matrix/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (builtins) toString toJSON;

1
modules/nixos/services/development/forgejo/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (builtins) toString;

1
modules/nixos/services/games/minecraft/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption;

1
modules/nixos/services/games/openrct.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/nixos/services/games/palworld/default.nix
View file

@ -1,7 +1,6 @@
{
config,
lib,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/nixos/services/media/default.nix
View file

@ -1,7 +1,6 @@
{
pkgs,
lib,
namespace,
config,
...
}: let

1
modules/nixos/services/media/glance/default.nix
View file

@ -1,7 +1,6 @@
{
config,
lib,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/nixos/services/media/jellyfin/default.nix
View file

@ -2,7 +2,6 @@
pkgs,
config,
lib,
namespace,
inputs,
...
}: let

1
modules/nixos/services/media/mydia/default.nix
View file

@ -1,7 +1,6 @@
{
config,
lib,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

1
modules/nixos/services/media/nextcloud/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption mkOption;

12
modules/nixos/services/media/nfs/default.nix
View file

@ -1,16 +1,18 @@
{ config, lib, namespace, ... }:
let
{
config,
lib,
...
}: let
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.services.media.nfs;
in
{
in {
options.sneeuwvlok.services.media.nfs = {
enable = mkEnableOption "Enable NFS";
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 2049 ];
networking.firewall.allowedTCPPorts = [2049];
services.nfs.server = {
enable = true;

5
modules/nixos/services/media/servarr/default.nix
View file

@ -2,8 +2,7 @@
pkgs,
config,
lib,
namespace,
terranixLib,
self,
...
}: let
inherit (builtins) toString;
@ -154,7 +153,7 @@ in {
config' = config;
lib' = lib;
terraformConfiguration = terranixLib.terranixConfiguration {
terraformConfiguration = self.inputs.terranix.lib.terranixConfiguration {
system = pkgs.stdenv.hostPlatform.system;
modules = [

3
modules/nixos/services/networking/caddy/default.nix
View file

@ -2,7 +2,6 @@
config,
pkgs,
lib,
namespace,
...
}: let
inherit (builtins) length;
@ -12,7 +11,7 @@
hasHosts = (cfg.hosts |> attrNames |> length) > 0;
caddyPackage = pkgs.caddy.withPlugins {
plugins = ["github.com/corazawaf/coraza-caddy/v2@v2.1.0"];
hash = "sha256-rsDnTunR8C7hVOX5aKcba+iFYHbpWek65DZgbMxOdTs=";
hash = "sha256-pSXjLaZoRtKV3eFl2ySRSjl3yxi514G1Cb7pfrpxxtE=";
};
in {
options.sneeuwvlok.services.networking.caddy = {

1
modules/nixos/services/networking/ssh/default.nix
View file

@ -1,7 +1,6 @@
{
config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf;

2
modules/nixos/services/networking/wireguard/default.nix
View file

@ -2,7 +2,6 @@
config,
pkgs,
lib,
namespace,
...
}: let
inherit (builtins) length;
@ -29,6 +28,7 @@ in {
};
};
});
default = {};
};
};

1
modules/nixos/services/observability/grafana/default.nix
View file

@ -2,7 +2,6 @@
pkgs,
config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf;

1
modules/nixos/services/observability/loki/default.nix
View file

@ -2,7 +2,6 @@
pkgs,
config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf;

19
modules/nixos/services/observability/prometheus/default.nix
View file

@ -1,11 +1,14 @@
{ pkgs, config, lib, namespace, ... }:
let
{
pkgs,
config,
lib,
...
}: let
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption;
cfg = config.sneeuwvlok.services.observability.prometheus;
in
{
in {
options.sneeuwvlok.services.observability.prometheus = {
enable = mkEnableOption "enable Prometheus";
};
@ -21,14 +24,14 @@ in
{
job_name = "prometheus";
static_configs = [
{ targets = [ "localhost:9002" ]; }
{targets = ["localhost:9002"];}
];
}
{
job_name = "node";
static_configs = [
{ targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }
{targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];}
];
}
];
@ -37,12 +40,12 @@ in
node = {
enable = true;
port = 9005;
enabledCollectors = [ "systemd" ];
enabledCollectors = ["systemd"];
openFirewall = true;
};
};
};
networking.firewall.allowedTCPPorts = [ 9002 ];
networking.firewall.allowedTCPPorts = [9002];
};
}

1
modules/nixos/services/observability/promtail/default.nix
View file

@ -2,7 +2,6 @@
pkgs,
config,
lib,
namespace,
...
}: let
inherit (lib.modules) mkIf;

1
modules/nixos/services/observability/uptime-kuma/default.nix
View file

@ -2,7 +2,6 @@
pkgs,
config,
lib,
namespace,
...
}: let
inherit (builtins) toString;

1
modules/nixos/services/persistance/postgesql/default.nix
View file

@ -2,7 +2,6 @@
config,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;

76
modules/nixos/services/security/vaultwarden/default.nix
View file

@ -2,13 +2,12 @@
pkgs,
config,
lib,
namespace,
repoRoot,
sneeuwvlokLib,
self,
...
}: let
inherit (builtins) toString;
inherit (lib) mkIf mkEnableOption mkOption types getAttrs toUpper concatMapAttrsStringSep;
inherit (import ../../../../../lib/strings {inherit lib;}) strings;
cfg = config.sneeuwvlok.services.security.vaultwarden;
@ -27,15 +26,22 @@
};
});
databaseProviderPostgresql = types.submodule ({...}: let
urlOptions = sneeuwvlokLib.options.mkUrlOptions {
host = {
databaseProviderPostgresql = types.submodule ({...}: {
options = {
type = mkOption {
type = types.enum ["postgresql"];
};
host = mkOption {
type = types.str;
example = "host.tld";
description = ''
Hostname of the postgresql server
'';
};
port = {
port = mkOption {
type = types.port;
default = 5432;
example = "5432";
description = ''
@ -44,38 +50,34 @@
};
protocol = mkOption {
type = types.str;
default = "postgres";
example = "postgres";
description = ''
Which protocol to use when creating a url string
'';
};
sslMode = mkOption {
type = types.enum ["verify-ca" "verify-full" "require" "prefer" "allow" "disabled"];
default = "verify-full";
example = "verify-ca";
description = ''
How to verify the server's ssl
| mode | eavesdropping protection | MITM protection | Statement |
|-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
| disable | No | No | I don't care about security, and I don't want to pay the overhead of encryption. |
| allow | Maybe | No | I don't care about security, but I will pay the overhead of encryption if the server insists on it. |
| prefer | Maybe | No | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. |
| require | Yes | No | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. |
| verify-ca | Yes | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. |
| verify-full | Yes | Yes | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. |
[Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS)
'';
};
};
in {
options =
{
type = mkOption {
type = types.enum ["postgresql"];
};
sslMode = mkOption {
type = types.enum ["verify-ca" "verify-full" "require" "prefer" "allow" "disabled"];
default = "verify-full";
example = "verify-ca";
description = ''
How to verify the server's ssl
| mode | eavesdropping protection | MITM protection | Statement |
|-------------|--------------------------|----------------------|---------------------------------------------------------------------------------------------------------------------------------------------|
| disable | No | No | I don't care about security, and I don't want to pay the overhead of encryption. |
| allow | Maybe | No | I don't care about security, but I will pay the overhead of encryption if the server insists on it. |
| prefer | Maybe | No | I don't care about encryption, but I wish to pay the overhead of encryption if the server supports it. |
| require | Yes | No | I want my data to be encrypted, and I accept the overhead. I trust that the network will make sure I always connect to the server I want. |
| verify-ca | Yes | Depends on CA policy | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server that I trust. |
| verify-full | Yes | Yes | I want my data encrypted, and I accept the overhead. I want to be sure that I connect to a server I trust, and that it's the one I specify. |
[Source](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS)
'';
};
}
// (urlOptions |> getAttrs ["protocol" "host" "port"]);
});
in {
options.sneeuwvlok.services.security.vaultwarden = {
@ -120,7 +122,7 @@ in {
enable = true;
dbBackend = "postgresql";
package = pkgs.callPackage (repoRoot + "/packages/vaultwarden/package.nix") {};
package = pkgs.vaultwarden-postgresql;
config = {
SIGNUPS_ALLOWED = false;
@ -198,7 +200,7 @@ in {
else if type == "postgresql"
then {
inherit (db) type;
url = sneeuwvlokLib.strings.toUrl {
url = strings.toUrl {
inherit (db) protocol host port;
path = "vaultwarden";
query = {

1
modules/nixos/services/virtualisation/podman/default.nix
View file

@ -3,7 +3,6 @@
options,
lib,
pkgs,
namespace,
...
}: let
inherit (lib) mkIf mkEnableOption;