Nixfmt Tree

2026-02-24 00:00:35 -08:00 · 2026-02-24 00:00:35 -08:00 · f173b9d236
commit f173b9d236
parent d6bcf1a468
23 changed files with 381 additions and 224 deletions
--- a/common/backups/restic.nix
+++ b/common/backups/restic.nix
@ -3,10 +3,17 @@
  pkgs,
  lib,
  ...
-}: let
-  inherit (lib) mkIf mkEnableOption mkOption types;
+}:
+let
+  inherit (lib)
+    mkIf
+    mkEnableOption
+    mkOption
+    types
+    ;
  cfg = config.foehammer.backups.restic;
-in {
+in
+{
  options.foehammer.backups.restic = {
    enable = mkEnableOption "Enable restic backups";

@ -24,17 +31,17 @@ in {

    paths = mkOption {
      type = lib.types.nullOr (lib.types.listOf lib.types.str);
-      default = [];
+      default = [ ];
    };

    exclude = mkOption {
      type = lib.types.nullOr (lib.types.listOf lib.types.str);
-      default = [];
+      default = [ ];
    };
  };

  config = mkIf cfg.enable {
-    users.groups.restic = {};
+    users.groups.restic = { };
    users.users.restic = {
      isSystemUser = true;
      group = "restic";
--- a/common/caddy.nix
+++ b/common/caddy.nix
@ -2,10 +2,12 @@
  config,
  lib,
  ...
-}: let
+}:
+let
  inherit (lib) mkIf mkEnableOption;
  cfg = config.foehammer.caddy;
-in {
+in
+{
  options.foehammer.caddy.enable = mkEnableOption "Enable caddy with default configuration.";
  config = mkIf cfg.enable {
    services.caddy = {
@ -13,6 +15,9 @@ in {
      email = "foehammer127points+acme@gmail.com";
    };

-    networking.firewall.allowedTCPPorts = [80 443];
+    networking.firewall.allowedTCPPorts = [
+      80
+      443
+    ];
  };
 }
--- a/common/nix.nix
+++ b/common/nix.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
  nix = {
    extraOptions = ''
      experimental-features = nix-command flakes
@ -17,10 +18,19 @@
        "nix-command"
      ];

-      trusted-users = ["root" "@wheel"];
+      trusted-users = [
+        "root"
+        "@wheel"
+      ];

-      substituters = ["https://cache.nixos.org" "https://cache.garnix.io"];
-      trusted-public-keys = ["cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="];
+      substituters = [
+        "https://cache.nixos.org"
+        "https://cache.garnix.io"
+      ];
+      trusted-public-keys = [
+        "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
+        "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
+      ];
    };
  };
 }
--- a/common/nixos.nix
+++ b/common/nixos.nix
@ -3,20 +3,28 @@
  lib,
  pkgs,
  ...
-}: let
+}:
+let
  inherit (lib) mkIf;
-in {
+in
+{
  config = {
    users.mutableUsers = false;

-    environment.systemPackages = with pkgs; [neovim git];
+    environment.systemPackages = with pkgs; [
+      neovim
+      git
+    ];

    networking = {
      firewall = {
        enable = true;
      };

-      nameservers = ["1.1.1.1" "8.8.8.8"];
+      nameservers = [
+        "1.1.1.1"
+        "8.8.8.8"
+      ];
      # If using dhcpcd:
      dhcpcd.extraConfig = mkIf config.networking.dhcpcd.enable "nohook resolv.conf";
      # If using NetworkManager:
--- a/common/services/authelia.nix
+++ b/common/services/authelia.nix
@ -2,11 +2,18 @@
  config,
  lib,
  ...
-}: let
-  inherit (lib) mkIf types mkOption mkEnableOption;
+}:
+let
+  inherit (lib)
+    mkIf
+    types
+    mkOption
+    mkEnableOption
+    ;

  cfg = config.foehammer.services.authelia;
-in {
+in
+{
  options.foehammer.services.authelia = {
    enable = mkEnableOption "Enable authelia server component.";
    domain = mkOption {
@ -27,7 +34,6 @@ in {
      type = types.path;
    };

-
    # https://www.authelia.com/integration/ldap/lldap/
    ldap = {
      addr = mkOption {
@ -102,7 +108,7 @@ in {

    settingsFiles = mkOption {
      type = types.listOf types.path;
-      default = [];
+      default = [ ];
      example = [
        "/etc/authelia/config.yml"
        "/etc/authelia/access-control.yml"
@ -124,7 +130,7 @@ in {
        If you provide the raw secret rather than the location of a secret file that secret will be preserved in the nix store.
        For more details: https://www.authelia.com/configuration/methods/secrets/
      '';
-      default = {};
+      default = { };
    };
  };

@ -190,8 +196,7 @@ in {
      };

      secrets = {
-        inherit
-          (cfg)
+        inherit (cfg)
          jwtSecretFile
          oidcIssuerPrivateKeyFile
          oidcHmacSecretFile
--- a/common/services/gitea.nix
+++ b/common/services/gitea.nix
@ -3,11 +3,13 @@
  lib,
  pkgs,
  ...
-}: let
+}:
+let
  inherit (lib) mkEnableOption mkIf mkOption;

  cfg = config.foehammer.services.forgejo;
-in {
+in
+{
  options.foehammer.services.forgejo = {
    enable = mkEnableOption "Enable Gitea Server";

@ -44,8 +46,8 @@ in {

      settings = {
        service = {
-         DISABLE_REGISTRATION = true;
-         SHOW_REGISTRATION_BUTTON = false;
+          DISABLE_REGISTRATION = true;
+          SHOW_REGISTRATION_BUTTON = false;
        };
        ui = {
          SHOW_USER_EMAIL = false;
--- a/common/services/goatcounter.nix
+++ b/common/services/goatcounter.nix
@ -3,11 +3,13 @@
  lib,
  pkgs,
  ...
-}: let
+}:
+let
  inherit (lib) mkEnableOption mkIf mkOption;

  cfg = config.foehammer.services.goatcounter;
-in {
+in
+{
  options.foehammer.services.goatcounter = {
    enable = mkEnableOption "Enable goatcounter server";

@ -26,7 +28,7 @@ in {
      createHome = true;
      group = "goatcounter";
    };
-    users.groups.goatcounter = {};
+    users.groups.goatcounter = { };

    systemd.services.goatcounter = {
      serviceConfig = {
--- a/common/services/lldap.nix
+++ b/common/services/lldap.nix
@ -3,11 +3,18 @@
  lib,
  pkgs,
  ...
-}: let
-  inherit (lib) mkEnableOption types mkIf mkOption;
+}:
+let
+  inherit (lib)
+    mkEnableOption
+    types
+    mkIf
+    mkOption
+    ;

  cfg = config.foehammer.services.lldap;
-in {
+in
+{
  options.foehammer.services.lldap = {
    enable = mkEnableOption "Enable LLDAP Server";

@ -77,7 +84,7 @@ in {
      createHome = true;
      group = "lldap";
    };
-    users.groups.lldap = {};
+    users.groups.lldap = { };

    systemd.services.lldap.serviceConfig.DynamicUser = lib.mkForce false;
  };
--- a/common/services/vaultwarden.nix
+++ b/common/services/vaultwarden.nix
@ -3,11 +3,13 @@
  lib,
  pkgs,
  ...
-}: let
+}:
+let
  inherit (lib) mkEnableOption mkIf mkOption;

  cfg = config.foehammer.services.vaultwarden;
-in {
+in
+{
  options.foehammer.services.vaultwarden = {
    enable = mkEnableOption "Enable Vaultwarden Server";

--- a/common/sudo.nix
+++ b/common/sudo.nix
@ -1,4 +1,5 @@
-{...}: {
+{ ... }:
+{
  security.sudo = {
    enable = true;
    execWheelOnly = true;
--- a/common/tailscale.nix
+++ b/common/tailscale.nix
@ -2,10 +2,17 @@
  config,
  lib,
  ...
-}: let
-  inherit (lib) mkEnableOption mkOption types mkIf;
+}:
+let
+  inherit (lib)
+    mkEnableOption
+    mkOption
+    types
+    mkIf
+    ;
  cfg = config.foehammer.tailscale;
-in {
+in
+{
  options.foehammer.tailscale = {
    enable = mkEnableOption "Enable tailscale";
    authKeyFile = mkOption {
@ -20,6 +27,6 @@ in {
      openFirewall = true;
    };

-    networking.firewall.trustedInterfaces = ["tailscale0"];
+    networking.firewall.trustedInterfaces = [ "tailscale0" ];
  };
 }
--- a/common/users/admin.nix
+++ b/common/users/admin.nix
@ -3,10 +3,18 @@
  lib,
  foelib,
  ...
-}: let
-  inherit (lib) mkIf mkOption mkEnableOption optionals types;
+}:
+let
+  inherit (lib)
+    mkIf
+    mkOption
+    mkEnableOption
+    optionals
+    types
+    ;
  cfg = config.foehammer.users.admin;
-in {
+in
+{
  options.foehammer.users.admin = {
    enable = mkEnableOption "Enable a wheel admin user.";
    hashedPasswordFile = mkOption {
@ -20,7 +28,7 @@ in {
      description = "SSH Admin User.";
      group = "admin";

-      extraGroups = ["wheel"] ++ optionals config.virtualisation.docker.enable ["docker"];
+      extraGroups = [ "wheel" ] ++ optionals config.virtualisation.docker.enable [ "docker" ];
      isNormalUser = true;
      uid = 9999;