From b2c240e87f848475144cd24225d40f212034d9ba Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Tue, 25 Mar 2025 14:10:54 +0200 Subject: [PATCH] Apply treefmt --- .github/workflows/ci.yml | 8 - .nixd.json | 33 +- .vscode/extensions.json | 8 +- README.md | 20 +- SUMMARY.md | 3 +- checks/README.md | 4 +- checks/nixos-configurations/default.nix | 2 +- defaults/hardware/README.md | 3 +- defaults/hardware/apu.nix | 2 - defaults/hardware/apu1.nix | 2 - defaults/hardware/asrock-z790m.nix | 2 - defaults/hardware/asrock.nix | 2 - defaults/meta/default.nix | 3 - defaults/meta/network-physical.nix | 3 - defaults/meta/network-virtual.nix | 2 - defaults/meta/network.md | 1 - deploy/README.md | 1 - deploy/default.nix | 1 - email.md | 1 - flake.nix | 2 +- lib/default.nix | 2 +- nixos-configurations/calanda/default.nix | 2 +- nixos-configurations/calanda/filesystems.nix | 2 +- nixos-configurations/calanda/networking.nix | 2 +- nixos-configurations/cyprianspitz/README.md | 7 +- .../cyprianspitz/applications/backup.nix | 2 +- .../cyprianspitz/applications/default.nix | 2 - .../cyprianspitz/applications/vpn.nix | 2 +- nixos-configurations/cyprianspitz/default.nix | 2 +- .../cyprianspitz/networking.nix | 2 +- .../cyprianspitz/virtualisation.nix | 2 +- .../lindberg-build/applications/default.nix | 1 - .../lindberg-build/default.nix | 2 +- .../lindberg-build/networking.nix | 2 +- .../lindberg-nextcloud/backup.nix | 2 +- .../lindberg-nextcloud/default.nix | 2 +- .../lindberg-webapps/applications/README.md | 1 - .../lindberg-webapps/applications/default.nix | 2 +- .../lindberg-webapps/default.nix | 2 +- .../lindberg-webapps/networking.nix | 2 +- nixos-configurations/lindberg/README.md | 5 +- .../lindberg/applications/default.nix | 2 +- .../lindberg/applications/loadbalancer.nix | 3 - nixos-configurations/lindberg/backup.nix | 2 +- nixos-configurations/lindberg/default.nix | 2 +- nixos-configurations/lindberg/networking.nix | 2 +- .../lindberg/virtualisation.nix | 2 +- nixos-configurations/setup.md | 10 +- nixos-configurations/stompert/README.md | 4 +- nixos-configurations/stompert/default.nix | 2 +- nixos-modules/attic/default.nix | 1 - nixos-modules/backplane-net.hosts/default.nix | 3 +- nixos-modules/backplane-net/default.nix | 1 - nixos-modules/backup-client/default.nix | 2 - nixos-modules/backup-server/default.nix | 2 - nixos-modules/cloud/README.md | 8 +- nixos-modules/git-ci-runner/README.md | 1 - nixos-modules/git-ci-runner/default.nix | 2 +- nixos-modules/git/README.md | 7 +- nixos-modules/loadbalancer/default.nix | 2 +- nixos-modules/luks-ssh/default.nix | 3 +- nixos-modules/meta/default.nix | 4 - nixos-modules/meta/hosts.nix | 5 +- nixos-modules/meta/network.nix | 12 +- nixos-modules/nixpkgs-cache/default.nix | 1 - nixos-modules/router-dhcp/default.nix | 1 - nixos-modules/router-dns/default.nix | 1 - nixos-modules/router-wireless-ap/default.nix | 2 - nixos-modules/router/README.md | 2 +- nixos-modules/router/default.nix | 1 - nixos-modules/static-page/README.md | 1 - nixos-modules/static-page/default.nix | 12 +- nixos-modules/static-page/test.py | 16 +- nixos-modules/system/applications.nix | 2 - nixos-modules/system/overlays.nix | 3 - nixos-modules/system/security.nix | 2 - nixos-modules/system/unfree.nix | 1 - nixos-modules/vault/README.md | 13 +- nixos-modules/vpn-exit-node/default.nix | 1 - nixos-modules/vpn-server/README.md | 21 +- nixos-modules/vpn-server/default.nix | 2 +- nixos-modules/wwan/README.md | 4 +- nixos-modules/wwan/mbim-ip.bash | 491 +++++++++--------- packages/sops-config/default.nix | 4 +- renovate.json | 9 +- updates.md | 7 +- 86 files changed, 374 insertions(+), 456 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ef07fd9..8104149 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,11 +1,8 @@ name: CI - on: push: - env: ATTIC_AUTH_TOKEN: ${{ secrets.ATTIC_AUTH_TOKEN }} - jobs: build: runs-on: nix @@ -15,18 +12,14 @@ jobs: with: token: ${{ secrets.CI_TOKEN }} lfs: false - - name: Use attic cache run: nix run .#cache use - - name: Build run: | nix build --max-jobs 12 --cores 12 nix run .#cache push - - name: Run Checks run: nix flake check - - name: Deploy Docs if: success() && github.ref == 'refs/heads/main' run: | @@ -36,4 +29,3 @@ jobs: # Remote build might be neccessary due to non-wheel nix users signing restrictions. # However, the build should come from the cache anyway. nix develop --command deploy --skip-checks --remote-build .#lindberg-webapps.\"docs-ops.qo.is\" - diff --git a/.nixd.json b/.nixd.json index b1e6c19..1e4b0db 100644 --- a/.nixd.json +++ b/.nixd.json @@ -1,18 +1,21 @@ { - "eval": { - "target": { - "args": ["-f", "default.nix"], - "installable": "" - } - }, - "formatting": { - "command": "nixfmt" - }, - "options": { - "enable": true, - "target": { - "args": [], - "installable": "" - } + "eval": { + "target": { + "args": [ + "-f", + "default.nix" + ], + "installable": "" } + }, + "formatting": { + "command": "nixfmt" + }, + "options": { + "enable": true, + "target": { + "args": [], + "installable": "" + } + } } diff --git a/.vscode/extensions.json b/.vscode/extensions.json index fce5ab4..76d746c 100644 --- a/.vscode/extensions.json +++ b/.vscode/extensions.json @@ -1,5 +1,5 @@ { - "recommendations": [ - "jnoortheen.nix-ide" - ] -} \ No newline at end of file + "recommendations": [ + "jnoortheen.nix-ide" + ] +} diff --git a/README.md b/README.md index 4899007..f6f8cd4 100644 --- a/README.md +++ b/README.md @@ -6,29 +6,29 @@ Check out the current [rendered documentation](https://docs-ops.qo.is). ## Structure -`nixos-configurations`: Main nixos configuration for every host. -`defaults`: Configuration defaults -`nixos-modules`: Custom modules (e.g. for vpn and routers) +`nixos-configurations`: Main nixos configuration for every host.\ +`defaults`: Configuration defaults\ +`nixos-modules`: Custom modules (e.g. for vpn and routers)\ `private`: Private configuration values (like users, sops-encrypted secrets and keys) ## Building This repository requires [nix flakes](https://nixos.wiki/wiki/Flakes) -- `nix build` +- `nix build`\ Build all host configurations and docs -- `nix build .#nixosConfigurations..config.system.build.toplevel` +- `nix build .#nixosConfigurations..config.system.build.toplevel`\ Build a single host configuration with -- `nix build .#docs` +- `nix build .#docs`\ Build the documentation website ## Development -- `nix develop` +- `nix develop`\ Development environment -- `nix flake check` +- `nix flake check`\ Execute the project's checks -- `nix fmt` +- `nix fmt`\ Autofix formatting ### Working with the private submodule @@ -46,7 +46,7 @@ git add private nix flake lock --update-input private ``` -## Deployment +## Deployment `nix run .#deploy-qois` diff --git a/SUMMARY.md b/SUMMARY.md index fdbf4d1..d562822 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -4,7 +4,7 @@ - [Testing](checks/README.md) - [Deployment](deploy/README.md) ---- +______________________________________________________________________ - [Network Topology](defaults/meta/network.md) - [Hardware (generic)](defaults/hardware/README.md) @@ -12,7 +12,6 @@ - [Updates](updates.md) - [New Host Setup](nixos-configurations/setup.md) - # Services - [E-mail](email.md) diff --git a/checks/README.md b/checks/README.md index c5f73f5..8288d07 100644 --- a/checks/README.md +++ b/checks/README.md @@ -1,11 +1,11 @@ -# Tests +# Tests ## Module Tests We test our nixos modules with [NixOS tests](https://nixos.org/manual/nixos/stable/index.html#sec-nixos-tests). Running nixos tests requires QEMU virtualisation, so make sure you have KVM virtualisation support enabled. -Run all: `nix build .#checks.x86_64-linux.nixos-modules` +Run all: `nix build .#checks.x86_64-linux.nixos-modules`\ Run single test: `nix build .#checks.x86_64-linux.nixos-modules.entries.vm-test-run-testNameAsInDerivationName` ### Run Test Interactively diff --git a/checks/nixos-configurations/default.nix b/checks/nixos-configurations/default.nix index e05772d..689078b 100644 --- a/checks/nixos-configurations/default.nix +++ b/checks/nixos-configurations/default.nix @@ -1,4 +1,4 @@ { self, pkgs, ... }: pkgs.linkFarmFromDrvs "all" ( - pkgs.lib.mapAttrsToList (n: v: v.config.system.build.toplevel) self.nixosConfigurations + pkgs.lib.mapAttrsToList (_n: v: v.config.system.build.toplevel) self.nixosConfigurations ) diff --git a/defaults/hardware/README.md b/defaults/hardware/README.md index f59f745..fbf1f50 100644 --- a/defaults/hardware/README.md +++ b/defaults/hardware/README.md @@ -1,4 +1,3 @@ - # APU ## Setup @@ -7,5 +6,5 @@ To boot the nixos installer with the console port, add `console=ttyS0,115200n8` # ASROCK Mainboards -`F2`: Boot into BIOS +`F2`: Boot into BIOS\ `F11`: Select boot device diff --git a/defaults/hardware/apu.nix b/defaults/hardware/apu.nix index e4256dc..5cdb6dc 100644 --- a/defaults/hardware/apu.nix +++ b/defaults/hardware/apu.nix @@ -2,9 +2,7 @@ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { - config, lib, - pkgs, modulesPath, ... }: diff --git a/defaults/hardware/apu1.nix b/defaults/hardware/apu1.nix index 9c6e00a..b5084d0 100644 --- a/defaults/hardware/apu1.nix +++ b/defaults/hardware/apu1.nix @@ -2,9 +2,7 @@ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { - config, lib, - pkgs, modulesPath, ... }: diff --git a/defaults/hardware/asrock-z790m.nix b/defaults/hardware/asrock-z790m.nix index c90c220..db198d1 100644 --- a/defaults/hardware/asrock-z790m.nix +++ b/defaults/hardware/asrock-z790m.nix @@ -2,9 +2,7 @@ # and may be overwritten by future invocations. Please make changes # to /etc/nixos/configuration.nix instead. { - config, lib, - pkgs, modulesPath, ... }: diff --git a/defaults/hardware/asrock.nix b/defaults/hardware/asrock.nix index 44b3f10..0b4baef 100644 --- a/defaults/hardware/asrock.nix +++ b/defaults/hardware/asrock.nix @@ -1,7 +1,5 @@ { - config, lib, - pkgs, modulesPath, ... }: diff --git a/defaults/meta/default.nix b/defaults/meta/default.nix index 19bb5b6..bf4f5bd 100644 --- a/defaults/meta/default.nix +++ b/defaults/meta/default.nix @@ -1,7 +1,4 @@ { - config, - lib, - pkgs, ... }: { diff --git a/defaults/meta/network-physical.nix b/defaults/meta/network-physical.nix index f3e7806..a83fe09 100644 --- a/defaults/meta/network-physical.nix +++ b/defaults/meta/network-physical.nix @@ -1,7 +1,4 @@ { - config, - lib, - pkgs, ... }: { diff --git a/defaults/meta/network-virtual.nix b/defaults/meta/network-virtual.nix index f8ed2e3..1c323c1 100644 --- a/defaults/meta/network-virtual.nix +++ b/defaults/meta/network-virtual.nix @@ -1,7 +1,5 @@ { config, - lib, - pkgs, ... }: { diff --git a/defaults/meta/network.md b/defaults/meta/network.md index 72e13ba..f119bf9 100644 --- a/defaults/meta/network.md +++ b/defaults/meta/network.md @@ -74,7 +74,6 @@ All Services are published under the *qo.is* domain name. Following services are ## Contacts - ### Init7 - [Status Netzwerkdienste](https://www.init7.net/status/) diff --git a/deploy/README.md b/deploy/README.md index 0a5b7ab..8c95d8a 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -4,7 +4,6 @@ Note that you have to be connected to the `vpn.qo.is` (or execute the deployment from a host that is in the `backplane.net.qo.is` overlay network) and that you need to have SSH root access to the target machines. - ## Deploy to selected target hosts ```bash diff --git a/deploy/default.nix b/deploy/default.nix index 5fb1a86..990140e 100644 --- a/deploy/default.nix +++ b/deploy/default.nix @@ -1,5 +1,4 @@ { - deployPkgs, pkgs, self, ... diff --git a/email.md b/email.md index 902badc..bba9063 100644 --- a/email.md +++ b/email.md @@ -9,7 +9,6 @@ E-Mail accounts should be created in a `first.lastname@qo.is` fashion. Alias/forwarding Domains may be added on an best effort basis. Bills for these domains should go directly to the respective owner (i.e. should be registered with own accounts). - ## System E-mails For groups, systems, services that require e-mail access, other accounts may be created. diff --git a/flake.nix b/flake.nix index e172d0c..0c46df2 100644 --- a/flake.nix +++ b/flake.nix @@ -46,7 +46,7 @@ inherit system; overlays = [ deploy-rs.overlay - (self: super: { + (_self: super: { deploy-rs = { inherit (pkgs) deploy-rs; lib = super.deploy-rs.lib; diff --git a/lib/default.nix b/lib/default.nix index e4cd3ee..3d70a2c 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -8,7 +8,7 @@ let path ; # Get a list of all subdirectories of a directory. - getSubDirs = base: attrNames (filterAttrs (n: t: t == "directory") (builtins.readDir base)); + getSubDirs = base: attrNames (filterAttrs (_n: t: t == "directory") (builtins.readDir base)); # Check if a folder with a base path and folder name contains a file with a specific name isFolderWithFile = fileName: basePath: folderName: diff --git a/nixos-configurations/calanda/default.nix b/nixos-configurations/calanda/default.nix index 18bd0e2..cafe59b 100644 --- a/nixos-configurations/calanda/default.nix +++ b/nixos-configurations/calanda/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { imports = [ diff --git a/nixos-configurations/calanda/filesystems.nix b/nixos-configurations/calanda/filesystems.nix index ecb21b4..f240ed6 100644 --- a/nixos-configurations/calanda/filesystems.nix +++ b/nixos-configurations/calanda/filesystems.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { fileSystems."/" = { diff --git a/nixos-configurations/calanda/networking.nix b/nixos-configurations/calanda/networking.nix index 46ac9cd..9ad8dbe 100644 --- a/nixos-configurations/calanda/networking.nix +++ b/nixos-configurations/calanda/networking.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, ... }: let meta = config.qois.meta; diff --git a/nixos-configurations/cyprianspitz/README.md b/nixos-configurations/cyprianspitz/README.md index d6369f9..b01d9bc 100644 --- a/nixos-configurations/cyprianspitz/README.md +++ b/nixos-configurations/cyprianspitz/README.md @@ -1,17 +1,16 @@ # Host: Cyprianspitz -## Operations {#_operations} +## Operations {#\_operations} Reboot requires passphrase. -``` bash +```bash # Get HDD Password: sops decrypt --extract '["system"]["hdd"]' private/nixos-configurations/cyprianspitz/secrets.sops.yaml ssh -p 8223 root@calanda.plessur-ext.net.qo.is ``` - Direct remote ssh access: ``` @@ -24,8 +23,6 @@ TODO - [Mainboard Manual](docs/z790m-itx-wifi.pdf) - - ### Top Overview ![](docs/top-view.jpg) diff --git a/nixos-configurations/cyprianspitz/applications/backup.nix b/nixos-configurations/cyprianspitz/applications/backup.nix index 241fba8..c364132 100644 --- a/nixos-configurations/cyprianspitz/applications/backup.nix +++ b/nixos-configurations/cyprianspitz/applications/backup.nix @@ -1,4 +1,4 @@ -{ pkgs, config, ... }: +{ config, ... }: { qois.backup-server = { diff --git a/nixos-configurations/cyprianspitz/applications/default.nix b/nixos-configurations/cyprianspitz/applications/default.nix index 18cd6ea..0a2aceb 100644 --- a/nixos-configurations/cyprianspitz/applications/default.nix +++ b/nixos-configurations/cyprianspitz/applications/default.nix @@ -1,6 +1,4 @@ { - config, - pkgs, lib, ... }: diff --git a/nixos-configurations/cyprianspitz/applications/vpn.nix b/nixos-configurations/cyprianspitz/applications/vpn.nix index 2fafbd0..ea7c158 100644 --- a/nixos-configurations/cyprianspitz/applications/vpn.nix +++ b/nixos-configurations/cyprianspitz/applications/vpn.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { qois.vpn-server.enable = true; } diff --git a/nixos-configurations/cyprianspitz/default.nix b/nixos-configurations/cyprianspitz/default.nix index a306350..36ccb08 100644 --- a/nixos-configurations/cyprianspitz/default.nix +++ b/nixos-configurations/cyprianspitz/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { imports = [ diff --git a/nixos-configurations/cyprianspitz/networking.nix b/nixos-configurations/cyprianspitz/networking.nix index 0d55ee9..3423220 100644 --- a/nixos-configurations/cyprianspitz/networking.nix +++ b/nixos-configurations/cyprianspitz/networking.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, ... }: let meta = config.qois.meta; diff --git a/nixos-configurations/cyprianspitz/virtualisation.nix b/nixos-configurations/cyprianspitz/virtualisation.nix index 5905bdf..6e7a883 100644 --- a/nixos-configurations/cyprianspitz/virtualisation.nix +++ b/nixos-configurations/cyprianspitz/virtualisation.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { virtualisation.libvirtd = { enable = true; diff --git a/nixos-configurations/lindberg-build/applications/default.nix b/nixos-configurations/lindberg-build/applications/default.nix index 35d4632..b965c04 100644 --- a/nixos-configurations/lindberg-build/applications/default.nix +++ b/nixos-configurations/lindberg-build/applications/default.nix @@ -1,5 +1,4 @@ { - config, pkgs, lib, ... diff --git a/nixos-configurations/lindberg-build/default.nix b/nixos-configurations/lindberg-build/default.nix index b0f1911..05af11d 100644 --- a/nixos-configurations/lindberg-build/default.nix +++ b/nixos-configurations/lindberg-build/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { imports = [ diff --git a/nixos-configurations/lindberg-build/networking.nix b/nixos-configurations/lindberg-build/networking.nix index 0e8f881..0564355 100644 --- a/nixos-configurations/lindberg-build/networking.nix +++ b/nixos-configurations/lindberg-build/networking.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, ... }: { diff --git a/nixos-configurations/lindberg-nextcloud/backup.nix b/nixos-configurations/lindberg-nextcloud/backup.nix index 3b5da39..561f4b1 100644 --- a/nixos-configurations/lindberg-nextcloud/backup.nix +++ b/nixos-configurations/lindberg-nextcloud/backup.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { diff --git a/nixos-configurations/lindberg-nextcloud/default.nix b/nixos-configurations/lindberg-nextcloud/default.nix index d9ccc62..608fc51 100644 --- a/nixos-configurations/lindberg-nextcloud/default.nix +++ b/nixos-configurations/lindberg-nextcloud/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, ... }: { imports = [ diff --git a/nixos-configurations/lindberg-webapps/applications/README.md b/nixos-configurations/lindberg-webapps/applications/README.md index c9ce161..7a0a199 100644 --- a/nixos-configurations/lindberg-webapps/applications/README.md +++ b/nixos-configurations/lindberg-webapps/applications/README.md @@ -2,7 +2,6 @@ ## Setting up new static sites - Generate ssh key for deployment: ```bash diff --git a/nixos-configurations/lindberg-webapps/applications/default.nix b/nixos-configurations/lindberg-webapps/applications/default.nix index 9efef42..672e080 100644 --- a/nixos-configurations/lindberg-webapps/applications/default.nix +++ b/nixos-configurations/lindberg-webapps/applications/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { imports = [ ]; diff --git a/nixos-configurations/lindberg-webapps/default.nix b/nixos-configurations/lindberg-webapps/default.nix index f875d44..0efcd1d 100644 --- a/nixos-configurations/lindberg-webapps/default.nix +++ b/nixos-configurations/lindberg-webapps/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { imports = [ diff --git a/nixos-configurations/lindberg-webapps/networking.nix b/nixos-configurations/lindberg-webapps/networking.nix index 07f42ff..6a5c63d 100644 --- a/nixos-configurations/lindberg-webapps/networking.nix +++ b/nixos-configurations/lindberg-webapps/networking.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, ... }: { diff --git a/nixos-configurations/lindberg/README.md b/nixos-configurations/lindberg/README.md index c6957d9..7ac97ea 100644 --- a/nixos-configurations/lindberg/README.md +++ b/nixos-configurations/lindberg/README.md @@ -1,10 +1,10 @@ # Host: Lindberg -## Operations {#_operations} +## Operations {#\_operations} Reboot requires passphrase (see pass `host/lindberg/hdd_luks`) -``` bash +```bash ssh -p 2222 root@lindberg.riedbach-ext.net.qo.is ``` @@ -12,7 +12,6 @@ ssh -p 2222 root@lindberg.riedbach-ext.net.qo.is - [Mainboard Manual](docs/X570Pro4-mainboard-manual.pdf) - ### Front / Back #### Front Overview diff --git a/nixos-configurations/lindberg/applications/default.nix b/nixos-configurations/lindberg/applications/default.nix index e0d34f0..bf4ab0c 100644 --- a/nixos-configurations/lindberg/applications/default.nix +++ b/nixos-configurations/lindberg/applications/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { imports = [ ./loadbalancer.nix ]; diff --git a/nixos-configurations/lindberg/applications/loadbalancer.nix b/nixos-configurations/lindberg/applications/loadbalancer.nix index 97427d2..2594617 100644 --- a/nixos-configurations/lindberg/applications/loadbalancer.nix +++ b/nixos-configurations/lindberg/applications/loadbalancer.nix @@ -1,7 +1,4 @@ { - config, - pkgs, - lib, ... }: diff --git a/nixos-configurations/lindberg/backup.nix b/nixos-configurations/lindberg/backup.nix index bb9bb11..7421be3 100644 --- a/nixos-configurations/lindberg/backup.nix +++ b/nixos-configurations/lindberg/backup.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { qois.backup-client.includePaths = [ "/mnt/data" ]; diff --git a/nixos-configurations/lindberg/default.nix b/nixos-configurations/lindberg/default.nix index 6c26cca..e39e769 100644 --- a/nixos-configurations/lindberg/default.nix +++ b/nixos-configurations/lindberg/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { imports = [ diff --git a/nixos-configurations/lindberg/networking.nix b/nixos-configurations/lindberg/networking.nix index fb06bc6..aab51c3 100644 --- a/nixos-configurations/lindberg/networking.nix +++ b/nixos-configurations/lindberg/networking.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, ... }: let meta = config.qois.meta; diff --git a/nixos-configurations/lindberg/virtualisation.nix b/nixos-configurations/lindberg/virtualisation.nix index 5905bdf..6e7a883 100644 --- a/nixos-configurations/lindberg/virtualisation.nix +++ b/nixos-configurations/lindberg/virtualisation.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ pkgs, ... }: { virtualisation.libvirtd = { enable = true; diff --git a/nixos-configurations/setup.md b/nixos-configurations/setup.md index 542eb18..11fdcf8 100644 --- a/nixos-configurations/setup.md +++ b/nixos-configurations/setup.md @@ -3,8 +3,8 @@ ## Prepare Remote Machine 1. Boot nixos installer image -2. Set a root password: `sudo passwd root` -3. Get host ip to connect to ssh with `ip a` +1. Set a root password: `sudo passwd root` +1. Get host ip to connect to ssh with `ip a` ## Verify configuration @@ -12,7 +12,7 @@ ## Installation -```bash +````bash nix develop # Set according to what we want @@ -60,11 +60,11 @@ sops exec-file --no-fifo --filename secret.key private/nixos-configurations/$REM --disk-encryption-keys /run/secrets/system/hdd.key <(yq --raw-output '.system.hdd' {}) \ --disk-encryption-keys /run/secrets/system/initrd-ssh-key <(yq --raw-output '.system.\"initrd-ssh-key\"' {}) " -``` +```` ## Post-Setup -* Add backplane-vpn pubkey to `network-virtual.nix` configuration with +- Add backplane-vpn pubkey to `network-virtual.nix` configuration with ```bash wg pubkey < /secrets/wireguard/private/backplane ``` diff --git a/nixos-configurations/stompert/README.md b/nixos-configurations/stompert/README.md index 8a46e06..84ceeb2 100644 --- a/nixos-configurations/stompert/README.md +++ b/nixos-configurations/stompert/README.md @@ -1,7 +1,7 @@ -# Operations {#_operations} +# Operations {#\_operations} Reboot requires passphrase (see pass `host/stompert/hdd_luks`) -``` bash +```bash ssh -p 2222 root@stompert.eem-ext.net.qo.is ``` diff --git a/nixos-configurations/stompert/default.nix b/nixos-configurations/stompert/default.nix index 7419b91..d5c7cd0 100644 --- a/nixos-configurations/stompert/default.nix +++ b/nixos-configurations/stompert/default.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, ... }: +{ ... }: { imports = [ diff --git a/nixos-modules/attic/default.nix b/nixos-modules/attic/default.nix index e5ff733..5ab774f 100644 --- a/nixos-modules/attic/default.nix +++ b/nixos-modules/attic/default.nix @@ -1,6 +1,5 @@ { config, - pkgs, lib, ... }: diff --git a/nixos-modules/backplane-net.hosts/default.nix b/nixos-modules/backplane-net.hosts/default.nix index b249dac..ea58c18 100644 --- a/nixos-modules/backplane-net.hosts/default.nix +++ b/nixos-modules/backplane-net.hosts/default.nix @@ -1,6 +1,5 @@ { config, - pkgs, lib, ... }: @@ -35,7 +34,7 @@ in networking.hosts = pipe cfg.loadbalancers [ (map (hostname: config.qois.meta.network.virtual.backplane.hosts.${hostname}.v4.ip)) - (flip genAttrs (lb: cfg.domains)) + (flip genAttrs (_lb: cfg.domains)) ]; }; diff --git a/nixos-modules/backplane-net/default.nix b/nixos-modules/backplane-net/default.nix index 08fb31e..e2dc80b 100644 --- a/nixos-modules/backplane-net/default.nix +++ b/nixos-modules/backplane-net/default.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, ... }: with lib; diff --git a/nixos-modules/backup-client/default.nix b/nixos-modules/backup-client/default.nix index 5e45d82..df872f0 100644 --- a/nixos-modules/backup-client/default.nix +++ b/nixos-modules/backup-client/default.nix @@ -2,8 +2,6 @@ config, lib, options, - pkgs, - self, ... }: diff --git a/nixos-modules/backup-server/default.nix b/nixos-modules/backup-server/default.nix index fe3c79f..15df544 100644 --- a/nixos-modules/backup-server/default.nix +++ b/nixos-modules/backup-server/default.nix @@ -2,8 +2,6 @@ config, lib, options, - pkgs, - self, ... }: diff --git a/nixos-modules/cloud/README.md b/nixos-modules/cloud/README.md index 0e135ad..c9b0898 100644 --- a/nixos-modules/cloud/README.md +++ b/nixos-modules/cloud/README.md @@ -11,7 +11,7 @@ For user documentation, refer to the [upstream Nextcloud docs](https://docs.next ## Backup / Restore 1. Stop all related services: nextcloud, php-fpm, redis etc. -2. (mabe dump redis data?) -3. Import Database Backup -4. Restore `/var/lib/nextcloud`, which is currently a bind mount on `lindberg`'s `/mnt/data` volume -5. Resync nextcloud files and database, see [nextcloud docs](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/restore.html) +1. (mabe dump redis data?) +1. Import Database Backup +1. Restore `/var/lib/nextcloud`, which is currently a bind mount on `lindberg`'s `/mnt/data` volume +1. Resync nextcloud files and database, see [nextcloud docs](https://docs.nextcloud.com/server/latest/admin_manual/maintenance/restore.html) diff --git a/nixos-modules/git-ci-runner/README.md b/nixos-modules/git-ci-runner/README.md index 694ad88..f3eea58 100644 --- a/nixos-modules/git-ci-runner/README.md +++ b/nixos-modules/git-ci-runner/README.md @@ -2,7 +2,6 @@ Runner for the [Forgejo git instance](../git/README.md). - ## Default docker/ubuntu Runner Registers a default runner with ubuntu OS or executes user's OCI container with podman. diff --git a/nixos-modules/git-ci-runner/default.nix b/nixos-modules/git-ci-runner/default.nix index ac53334..ce85c13 100644 --- a/nixos-modules/git-ci-runner/default.nix +++ b/nixos-modules/git-ci-runner/default.nix @@ -146,7 +146,7 @@ with lib; { systemd.services = genAttrs (genList (n: "gitea-runner-nix${builtins.toString n}") cfg.nixInstances) - (name: { + (_name: { after = [ "gitea-runner-nix-image.service" ]; diff --git a/nixos-modules/git/README.md b/nixos-modules/git/README.md index 6b822bc..c76741a 100644 --- a/nixos-modules/git/README.md +++ b/nixos-modules/git/README.md @@ -38,7 +38,6 @@ sudo -u forgejo 'nix run nixpkgs#forgejo -- admin user create --config ~custom/c ## Backup / Restore 1. `systemctl stop forgejo.service` -2. Import Postgresql Database Backup -3. Restore `/var/lib/forgejo` -4. `systemctl start forgejo.service` - +1. Import Postgresql Database Backup +1. Restore `/var/lib/forgejo` +1. `systemctl start forgejo.service` diff --git a/nixos-modules/loadbalancer/default.nix b/nixos-modules/loadbalancer/default.nix index 3d8b4d7..e0a113a 100644 --- a/nixos-modules/loadbalancer/default.nix +++ b/nixos-modules/loadbalancer/default.nix @@ -9,7 +9,7 @@ with lib; let # We assume that all static pages are hosted on lindberg-webapps staticPages = pipe config.qois.static-page.pages [ - (mapAttrsToList (name: { domain, domainAliases, ... }: [ domain ] ++ domainAliases)) + (mapAttrsToList (_name: { domain, domainAliases, ... }: [ domain ] ++ domainAliases)) flatten (map (name: { inherit name; diff --git a/nixos-modules/luks-ssh/default.nix b/nixos-modules/luks-ssh/default.nix index 4b15363..5f0950a 100644 --- a/nixos-modules/luks-ssh/default.nix +++ b/nixos-modules/luks-ssh/default.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, ... }: @@ -83,7 +82,7 @@ in with lib; concatLists ( mapAttrsToList ( - name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ] + _name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else [ ] ) config.users.users ); hostKeys = [ cfg.sshHostKey ]; diff --git a/nixos-modules/meta/default.nix b/nixos-modules/meta/default.nix index f7d9775..ad18f47 100644 --- a/nixos-modules/meta/default.nix +++ b/nixos-modules/meta/default.nix @@ -1,8 +1,4 @@ { - config, - lib, - pkgs, - options, ... }: { diff --git a/nixos-modules/meta/hosts.nix b/nixos-modules/meta/hosts.nix index 27526d0..af9497c 100644 --- a/nixos-modules/meta/hosts.nix +++ b/nixos-modules/meta/hosts.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, options, ... }: @@ -43,10 +42,10 @@ in }; config = let - hostsWithSshKey = lib.filterAttrs (name: hostCfg: hostCfg.sshKey != null) cfg; + hostsWithSshKey = lib.filterAttrs (_name: hostCfg: hostCfg.sshKey != null) cfg; in { - programs.ssh.knownHosts = lib.mapAttrs (name: hostCfg: { + programs.ssh.knownHosts = lib.mapAttrs (_name: hostCfg: { publicKey = hostCfg.sshKey; }) hostsWithSshKey; }; diff --git a/nixos-modules/meta/network.nix b/nixos-modules/meta/network.nix index 3caa3d7..e30a26f 100644 --- a/nixos-modules/meta/network.nix +++ b/nixos-modules/meta/network.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, options, ... }: @@ -17,13 +16,6 @@ let type = str; inherit description; }); - mkOptStr = - description: - (mkOption { - type = nullOr str; - default = null; - inherit description; - }); mkNetworkIdOpts = v: @@ -225,10 +217,10 @@ in (getHostNamesForNetworks hostname cfg.virtual) ++ (getHostNamesForNetworks hostname cfg.physical); hostsWithPublicKey = lib.filterAttrs ( - hostName: hostConfig: hostConfig.sshKey != null + _hostName: hostConfig: hostConfig.sshKey != null ) config.qois.meta.hosts; in - mapAttrs (name: hostCfg: { extraHostNames = getHostNames name; }) hostsWithPublicKey; + mapAttrs (name: _hostCfg: { extraHostNames = getHostNames name; }) hostsWithPublicKey; }; } diff --git a/nixos-modules/nixpkgs-cache/default.nix b/nixos-modules/nixpkgs-cache/default.nix index aaea877..3823bb7 100644 --- a/nixos-modules/nixpkgs-cache/default.nix +++ b/nixos-modules/nixpkgs-cache/default.nix @@ -1,6 +1,5 @@ { config, - pkgs, lib, ... }: diff --git a/nixos-modules/router-dhcp/default.nix b/nixos-modules/router-dhcp/default.nix index fed5e6b..c59db06 100644 --- a/nixos-modules/router-dhcp/default.nix +++ b/nixos-modules/router-dhcp/default.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, ... }: diff --git a/nixos-modules/router-dns/default.nix b/nixos-modules/router-dns/default.nix index ed8cbf2..1d0d462 100644 --- a/nixos-modules/router-dns/default.nix +++ b/nixos-modules/router-dns/default.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, ... }: diff --git a/nixos-modules/router-wireless-ap/default.nix b/nixos-modules/router-wireless-ap/default.nix index f18739d..da40979 100644 --- a/nixos-modules/router-wireless-ap/default.nix +++ b/nixos-modules/router-wireless-ap/default.nix @@ -1,14 +1,12 @@ { config, lib, - pkgs, ... }: with lib; let - routerCfg = config.qois.router; cfg = config.qois.router.wireless; in { diff --git a/nixos-modules/router/README.md b/nixos-modules/router/README.md index b4a000f..5944b45 100644 --- a/nixos-modules/router/README.md +++ b/nixos-modules/router/README.md @@ -1,4 +1,4 @@ -# Router Role {#_router_role} +# Router Role {#\_router_role} The `router` role set is applied on hosts which serve the rule of a SOHO router. diff --git a/nixos-modules/router/default.nix b/nixos-modules/router/default.nix index c368bc8..f77f8b0 100644 --- a/nixos-modules/router/default.nix +++ b/nixos-modules/router/default.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, ... }: diff --git a/nixos-modules/static-page/README.md b/nixos-modules/static-page/README.md index 3c3252b..19fce35 100644 --- a/nixos-modules/static-page/README.md +++ b/nixos-modules/static-page/README.md @@ -3,4 +3,3 @@ This module enables static nginx sites, with data served from "/var/lib/nginx/$domain/root". To deploy the site, a user `nginx-$domain` is added, of which a `root` profile in the home folder can be deployed, e.g. with deploy-rs. - diff --git a/nixos-modules/static-page/default.nix b/nixos-modules/static-page/default.nix index 25859b1..6fb12ef 100644 --- a/nixos-modules/static-page/default.nix +++ b/nixos-modules/static-page/default.nix @@ -53,7 +53,7 @@ with lib; config = mkIf cfg.enable ( let pageConfigs = concatMapAttrs ( - name: page: + _name: page: let home = "/var/lib/nginx-${page.domain}"; in @@ -76,7 +76,7 @@ with lib; users = { groups = concatMapAttrs ( - name: + _name: { user, ... }: { "${user}" = { }; @@ -84,10 +84,10 @@ with lib; ) pageConfigs; users = { - ${config.services.nginx.user}.extraGroups = mapAttrsToList (domain: getAttr "user") pageConfigs; + ${config.services.nginx.user}.extraGroups = mapAttrsToList (_domain: getAttr "user") pageConfigs; } // (concatMapAttrs ( - name: + _name: { user, home, @@ -134,10 +134,10 @@ with lib; globalRedirect = domain; }; }); - aliasVhosts = concatMapAttrs (name: mkAliasVhost) pageConfigs; + aliasVhosts = concatMapAttrs (_name: mkAliasVhost) pageConfigs; in - aliasVhosts // (mapAttrs (name: mkVhost) pageConfigs); + aliasVhosts // (mapAttrs (_name: mkVhost) pageConfigs); }; } ); diff --git a/nixos-modules/static-page/test.py b/nixos-modules/static-page/test.py index 16e2b28..31d75cc 100644 --- a/nixos-modules/static-page/test.py +++ b/nixos-modules/static-page/test.py @@ -12,9 +12,11 @@ def test(subtest, webserver): # Helpers def curl_variable_test(node, variable, expected, url): value = node.succeed( - f"curl -s --no-location -o /dev/null -w '%{{{variable}}}' '{url}'") - assert value == expected, \ + f"curl -s --no-location -o /dev/null -w '%{{{variable}}}' '{url}'" + ) + assert value == expected, ( f"expected {variable} to be '{expected}' but got '{value}'" + ) def expect_http_code(node, code, url): curl_variable_test(node, "http_code", code, url) @@ -24,23 +26,21 @@ def test(subtest, webserver): def expect_http_content(node, expectedContent, url): content = node.succeed(f"curl --no-location --silent '{url}'") - assert content.strip() == expectedContent.strip(), f''' + assert content.strip() == expectedContent.strip(), f""" expected content: {expectedContent} at {url} but got following content: {content} - ''' + """ # Tests with subtest("website is successfully served on localhost"): expect_http_code(webserver, "200", "http://localhost/index.html") - expect_http_content(webserver, indexContent, - "http://localhost/index.html") + expect_http_content(webserver, indexContent, "http://localhost/index.html") with subtest("example.com is in hosts file and a redirect to localhost"): webserver.succeed("grep example.com /etc/hosts") url = "http://example.com/index.html" expect_http_code(webserver, "301", url) - expect_http_location( - webserver, "http://localhost/index.html", url) + expect_http_location(webserver, "http://localhost/index.html", url) diff --git a/nixos-modules/system/applications.nix b/nixos-modules/system/applications.nix index ed63b6a..b3bf422 100644 --- a/nixos-modules/system/applications.nix +++ b/nixos-modules/system/applications.nix @@ -1,6 +1,4 @@ { - config, - lib, pkgs, ... }: diff --git a/nixos-modules/system/overlays.nix b/nixos-modules/system/overlays.nix index ead7458..bb6ec19 100644 --- a/nixos-modules/system/overlays.nix +++ b/nixos-modules/system/overlays.nix @@ -1,7 +1,4 @@ { - config, - lib, - pkgs, options, ... }: diff --git a/nixos-modules/system/security.nix b/nixos-modules/system/security.nix index a8a8801..a7ceb31 100644 --- a/nixos-modules/system/security.nix +++ b/nixos-modules/system/security.nix @@ -1,7 +1,5 @@ { - config, lib, - pkgs, ... }: with lib; diff --git a/nixos-modules/system/unfree.nix b/nixos-modules/system/unfree.nix index 4e751ae..7122f94 100644 --- a/nixos-modules/system/unfree.nix +++ b/nixos-modules/system/unfree.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, ... }: diff --git a/nixos-modules/vault/README.md b/nixos-modules/vault/README.md index 337b152..80a04f2 100644 --- a/nixos-modules/vault/README.md +++ b/nixos-modules/vault/README.md @@ -3,7 +3,7 @@ To use our Vaultwarden instance, you can use the regular [Bitwarden apps](https://bitwarden.com/download/) with our custom server when logging in: -Username: `first.lastname@qo.is` +Username: `first.lastname@qo.is`\ Server Name: `https://vault.qo.is` ## Create Accounts @@ -17,7 +17,6 @@ Please instruct users to: - the password cannot be reset without loosing all the passwords. Use of [Emergency Contacts](https://bitwarden.com/help/emergency-access/) or Organizations may be advisable. - ## Administration An admin panel is available under [vault.qo.is/admin](https://vault.qo.is/admin). @@ -26,12 +25,10 @@ The password is saved in the pass database under `vaultwarden-admin`. In the administration panel, users and organizations may be managed. Instance settings should be changed with the nixos module in the infrastructure repository only. - ## Backup / Restore 1. `systemctl stop vaultwarden.service` -2. Import Postgresql Database Backup -3. Restore `/var/lib/bitwarden_rs` -4. `systemctl start vaultwarden.service` -5. Click `Force clients to resync` in the [Administration interface under _Users_](https://vault.qo.is/admin/users/overview) - +1. Import Postgresql Database Backup +1. Restore `/var/lib/bitwarden_rs` +1. `systemctl start vaultwarden.service` +1. Click `Force clients to resync` in the [Administration interface under _Users_](https://vault.qo.is/admin/users/overview) diff --git a/nixos-modules/vpn-exit-node/default.nix b/nixos-modules/vpn-exit-node/default.nix index aff1a84..75e6c03 100644 --- a/nixos-modules/vpn-exit-node/default.nix +++ b/nixos-modules/vpn-exit-node/default.nix @@ -1,6 +1,5 @@ { config, - pkgs, lib, ... }: diff --git a/nixos-modules/vpn-server/README.md b/nixos-modules/vpn-server/README.md index 364a91e..d45c005 100644 --- a/nixos-modules/vpn-server/README.md +++ b/nixos-modules/vpn-server/README.md @@ -29,14 +29,13 @@ These nodes allow access to the internet for clients connected to the VPN: > ⚠️ Currently, name resolution for these do not work reliably on first starts, hence the IP must be used. This hould be fixed in the future. - ### Add exit nodes: 1. Create a preauth secret on the `vpn.qo.is` host: ```bash headscale preauthkeys create --user srv --reusable - ``` -2. Configure the new exit-node host with the `qois.vpn-exit-node` module. + ``` +1. Configure the new exit-node host with the `qois.vpn-exit-node` module. When using the `srv` user, exit nodes and routes are automatically accepted as trusted. @@ -50,11 +49,9 @@ To use the service, you can use a normal Tailscale client with following additio | `exit-node` | `100.64.0.5` (lindberg) or `100.64.0.6` (cypriaspitz) | Use host as [exit node](#exit-nodes) | | `login-server` | `https://vpn.qo.is` | Use our own VPN service. | - > ⚠️ Currently, if the client is in an IPv6 network, the transport is broken. > Disable IPv6 connectivity to use the VPN. -> See [#4](https://git.qo.is/qo.is/infrastructure/issues/4) for details. - +> See [#4](https://git.qo.is/qo.is/infrastructure/issues/4) for details. ### NixOS @@ -90,15 +87,15 @@ See [this Headscale documentation for more](https://headscale.net/stable/usage/c ### Server 1. `systemctl stop headscale` -2. Replace `/var/lib/headscale` -3. `systemctl start headscale` -4. Monitor logs for errors +1. Replace `/var/lib/headscale` +1. `systemctl start headscale` +1. Monitor logs for errors Note: `/var/lib/headscale` contains a sqlite database. ### Clients 1. `systemctl stop tailscaled` -2. Replace `/var/lib/tailscale` -3. `systemctl start tailscaled` -4. Monitor logs for errors +1. Replace `/var/lib/tailscale` +1. `systemctl start tailscaled` +1. Monitor logs for errors diff --git a/nixos-modules/vpn-server/default.nix b/nixos-modules/vpn-server/default.nix index d813532..39361a9 100644 --- a/nixos-modules/vpn-server/default.nix +++ b/nixos-modules/vpn-server/default.nix @@ -10,7 +10,7 @@ let cfgLoadbalancer = config.qois.loadbalancer; defaultDnsRecords = (mapAttrs ( - name: value: mkIf (cfgLoadbalancer.hostmap ? ${value}) cfgLoadbalancer.hostmap.${value} + _name: value: mkIf (cfgLoadbalancer.hostmap ? ${value}) cfgLoadbalancer.hostmap.${value} ) cfgLoadbalancer.domains) // { "vpn.qo.is" = config.services.headscale.address; diff --git a/nixos-modules/wwan/README.md b/nixos-modules/wwan/README.md index 655a021..8e486bb 100644 --- a/nixos-modules/wwan/README.md +++ b/nixos-modules/wwan/README.md @@ -1,8 +1,8 @@ -# WWAN Module {#_wwan_module} +# WWAN Module {#\_wwan_module} This module configures WWAN adapters that support MBIM -## Current limitations {#_current_limitations} +## Current limitations {#\_current_limitations} - IPv4 tested only - Currently, it is not simple to get network failures or address diff --git a/nixos-modules/wwan/mbim-ip.bash b/nixos-modules/wwan/mbim-ip.bash index fafc841..1189b46 100644 --- a/nixos-modules/wwan/mbim-ip.bash +++ b/nixos-modules/wwan/mbim-ip.bash @@ -6,11 +6,11 @@ MODE=$1 DEV=$2 if [ "$DEBUG" == "" ]; then - DEBUG="false" + DEBUG="false" fi if [ "$MBIM_INTERFACE" == "" ]; then - MBIM_INTERFACE="/dev/cdc-wdm0" + MBIM_INTERFACE="/dev/cdc-wdm0" fi ############################################################################### @@ -29,274 +29,273 @@ ipv6_dns=() ipv6_mtu="" export previous_state state skip_line \ - ipv4_addresses ipv4_gateway ipv4_dns ipv4_mtu \ - ipv6_addresses ipv6_gateway ipv6_dns ipv6_mtu + ipv4_addresses ipv4_gateway ipv4_dns ipv4_mtu \ + ipv6_addresses ipv6_gateway ipv6_dns ipv6_mtu ############################################################################### # Function ############################################################################### function print_debug { - if [ "$DEBUG" != "false" ]; then - echo "[State: $state] $1" >&2 - fi + if [ "$DEBUG" != "false" ]; then + echo "[State: $state] $1" >&2 + fi } function print_full_configuration { - if [[ "${#ipv4_addresses[@]}" > 0 ]]; then - printf "IPv4: " - printf '%s, ' "${ipv4_addresses[@]}" - printf "\n" + if [[ ${#ipv4_addresses[@]} > 0 ]]; then + printf "IPv4: " + printf '%s, ' "${ipv4_addresses[@]}" + printf "\n" - printf "GW: $ipv4_gateway\n" + printf "GW: $ipv4_gateway\n" - printf "DNS: " - printf '%s, ' "${ipv4_dns[@]}" - printf "\n" + printf "DNS: " + printf '%s, ' "${ipv4_dns[@]}" + printf "\n" - printf "MTU: $ipv4_mtu\n" - fi + printf "MTU: $ipv4_mtu\n" + fi - if [[ "${#ipv6_addresses[@]}" > 0 ]]; then - echo - printf "IPv6: " - printf '%s, ' "${ipv6_addresses[@]}" - printf "\n" + if [[ ${#ipv6_addresses[@]} > 0 ]]; then + echo + printf "IPv6: " + printf '%s, ' "${ipv6_addresses[@]}" + printf "\n" - printf "GW: $ipv6_gateway\n" + printf "GW: $ipv6_gateway\n" - printf "DNS: " - printf '%s, ' "${ipv6_dns[@]}" - printf "\n" + printf "DNS: " + printf '%s, ' "${ipv6_dns[@]}" + printf "\n" - printf "MTU: $ipv6_mtu\n" - fi + printf "MTU: $ipv6_mtu\n" + fi } function next_state { - previous_state="$state" - state="$1" + previous_state="$state" + state="$1" } function parse_ip { - # IP [0]: '10.134.203.177/30' - local line_re="IP \[([0-9]+)\]: '(.+)'" - local input=$1 - if [[ $input =~ $line_re ]]; then - local ip_cnt=${BASH_REMATCH[1]} - local ip=${BASH_REMATCH[2]} - fi - echo "$ip" + # IP [0]: '10.134.203.177/30' + local line_re="IP \[([0-9]+)\]: '(.+)'" + local input=$1 + if [[ $input =~ $line_re ]]; then + local ip_cnt=${BASH_REMATCH[1]} + local ip=${BASH_REMATCH[2]} + fi + echo "$ip" } function parse_dns { - # IP [0]: '10.134.203.177/30' - local line_re="DNS \[([0-9]+)\]: '(.+)'" - local input=$1 - if [[ $input =~ $line_re ]]; then - local dns_cnt=${BASH_REMATCH[1]} - local dns=${BASH_REMATCH[2]} - fi - echo "$dns" + # IP [0]: '10.134.203.177/30' + local line_re="DNS \[([0-9]+)\]: '(.+)'" + local input=$1 + if [[ $input =~ $line_re ]]; then + local dns_cnt=${BASH_REMATCH[1]} + local dns=${BASH_REMATCH[2]} + fi + echo "$dns" } function parse_gateway { - # Gateway: '10.134.203.178' - local line_re="Gateway: '(.+)'" - local input=$1 - if [[ $input =~ $line_re ]]; then - local gw=${BASH_REMATCH[1]} - fi - echo "$gw" + # Gateway: '10.134.203.178' + local line_re="Gateway: '(.+)'" + local input=$1 + if [[ $input =~ $line_re ]]; then + local gw=${BASH_REMATCH[1]} + fi + echo "$gw" } function parse_mtu { - # MTU: '1500' - local line_re="MTU: '([0-9]+)'" - local input=$1 - if [[ $input =~ $line_re ]]; then - local mtu=${BASH_REMATCH[1]} - fi - echo "$mtu" + # MTU: '1500' + local line_re="MTU: '([0-9]+)'" + local input=$1 + if [[ $input =~ $line_re ]]; then + local mtu=${BASH_REMATCH[1]} + fi + echo "$mtu" } function parse_input_state_machine { - state="start" - while true; do - if [[ "$skip_line" == 0 ]]; then - read line || break # TODO: Clean up - else - skip_line=0 - fi - case "$state" in - "start") - read line || break # first line is empty, read a new one #TODO: This is not very clean... - case "$line" in - *"configuration available: 'none'"*) - # Skip none state - # TODO: This is a workaround of the original parser's shortcomming - continue - ;; - *"IPv4 configuration available"*) - next_state "ipv4_ip" - continue - ;; - *"IPv6 configuration available"*) - next_state "ipv6_ip" - continue - ;; - *) - next_state "exit" - continue - ;; - esac - ;; - "error") - echo "Error in pattern matchin of state $previous_state. Exiting." >&2 - exit 2 - ;; - "exit") - break - ;; - "ipv4_ip") - ipv4=$(parse_ip "$line") - if [ -z "$ipv4" ]; then - if [[ "${#ipv4_addresses[@]}" < 1 ]]; then - next_state "error" - continue - else - next_state "ipv4_gateway" - skip_line=1 - continue - fi - fi - print_debug "$ipv4" - ipv4_addresses+=("$ipv4") - ;; - "ipv4_gateway") - gw=$(parse_gateway "$line") - if [ -z "$gw" ]; then - next_state "error" - continue - fi - print_debug "$gw" - ipv4_gateway="$gw" - next_state "ipv4_dns" - ;; - "ipv4_dns") - ipv4=$(parse_dns "$line") - if [ -z "$ipv4" ]; then - if [[ "${#ipv4_dns[@]}" < 1 ]]; then - next_state "error" - continue - else - next_state "ipv4_mtu" - skip_line=1 - continue - fi - fi - print_debug "$ipv4" - ipv4_dns+=("$ipv4") - ;; - "ipv4_mtu") - mtu=$(parse_mtu "$line") - if [ -z "$mtu" ]; then - next_state "error" - continue - fi - print_debug "$mtu" - ipv4_mtu="$mtu" - next_state "start" - ;; - "ipv6_ip") - ipv6=$(parse_ip "$line") - if [ -z "$ipv6" ]; then - if [[ "${#ipv6_addresses[@]}" < 1 ]]; then - next_state "error" - continue - else - next_state "ipv6_gateway" - skip_line=1 - continue - fi - fi - print_debug "$ipv6" - ipv6_addresses+=("$ipv6") - ;; - "ipv6_gateway") - gw=$(parse_gateway "$line") - if [ -z "$gw" ]; then - next_state "error" - continue - fi - print_debug "$gw" - ipv6_gateway="$gw" - next_state "ipv6_dns" - ;; - "ipv6_dns") - ipv6=$(parse_dns "$line") - if [ -z "$ipv6" ]; then - if [[ "${#ipv6_dns[@]}" < 1 ]]; then - next_state "error" - continue - else - next_state "ipv6_mtu" - skip_line=1 - continue - fi - fi - print_debug "$ipv6" - ipv6_dns+=("$ipv6") - ;; - "ipv6_mtu") - mtu=$(parse_mtu "$line") - if [ -z "$mtu" ]; then - next_state "error" - continue - fi - print_debug "$mtu" - ipv6_mtu="$mtu" - next_state "start" - ;; - *) - print_debug "Invalid state (came from $previous_state). Exiting." - exit 0 - ;; - esac - done + state="start" + while true; do + if [[ $skip_line == 0 ]]; then + read line || break # TODO: Clean up + else + skip_line=0 + fi + case "$state" in + "start") + read line || break # first line is empty, read a new one #TODO: This is not very clean... + case "$line" in + *"configuration available: 'none'"*) + # Skip none state + # TODO: This is a workaround of the original parser's shortcomming + continue + ;; + *"IPv4 configuration available"*) + next_state "ipv4_ip" + continue + ;; + *"IPv6 configuration available"*) + next_state "ipv6_ip" + continue + ;; + *) + next_state "exit" + continue + ;; + esac + ;; + "error") + echo "Error in pattern matchin of state $previous_state. Exiting." >&2 + exit 2 + ;; + "exit") + break + ;; + "ipv4_ip") + ipv4=$(parse_ip "$line") + if [ -z "$ipv4" ]; then + if [[ ${#ipv4_addresses[@]} < 1 ]]; then + next_state "error" + continue + else + next_state "ipv4_gateway" + skip_line=1 + continue + fi + fi + print_debug "$ipv4" + ipv4_addresses+=("$ipv4") + ;; + "ipv4_gateway") + gw=$(parse_gateway "$line") + if [ -z "$gw" ]; then + next_state "error" + continue + fi + print_debug "$gw" + ipv4_gateway="$gw" + next_state "ipv4_dns" + ;; + "ipv4_dns") + ipv4=$(parse_dns "$line") + if [ -z "$ipv4" ]; then + if [[ ${#ipv4_dns[@]} < 1 ]]; then + next_state "error" + continue + else + next_state "ipv4_mtu" + skip_line=1 + continue + fi + fi + print_debug "$ipv4" + ipv4_dns+=("$ipv4") + ;; + "ipv4_mtu") + mtu=$(parse_mtu "$line") + if [ -z "$mtu" ]; then + next_state "error" + continue + fi + print_debug "$mtu" + ipv4_mtu="$mtu" + next_state "start" + ;; + "ipv6_ip") + ipv6=$(parse_ip "$line") + if [ -z "$ipv6" ]; then + if [[ ${#ipv6_addresses[@]} < 1 ]]; then + next_state "error" + continue + else + next_state "ipv6_gateway" + skip_line=1 + continue + fi + fi + print_debug "$ipv6" + ipv6_addresses+=("$ipv6") + ;; + "ipv6_gateway") + gw=$(parse_gateway "$line") + if [ -z "$gw" ]; then + next_state "error" + continue + fi + print_debug "$gw" + ipv6_gateway="$gw" + next_state "ipv6_dns" + ;; + "ipv6_dns") + ipv6=$(parse_dns "$line") + if [ -z "$ipv6" ]; then + if [[ ${#ipv6_dns[@]} < 1 ]]; then + next_state "error" + continue + else + next_state "ipv6_mtu" + skip_line=1 + continue + fi + fi + print_debug "$ipv6" + ipv6_dns+=("$ipv6") + ;; + "ipv6_mtu") + mtu=$(parse_mtu "$line") + if [ -z "$mtu" ]; then + next_state "error" + continue + fi + print_debug "$mtu" + ipv6_mtu="$mtu" + next_state "start" + ;; + *) + print_debug "Invalid state (came from $previous_state). Exiting." + exit 0 + ;; + esac + done } +interface_stop() { + ip addr flush dev $DEV + ip route flush dev $DEV -interface_stop(){ - ip addr flush dev $DEV - ip route flush dev $DEV + ip -6 addr flush dev $DEV + ip -6 route flush dev $DEV - ip -6 addr flush dev $DEV - ip -6 route flush dev $DEV - - #TODO: Nameserver? + #TODO: Nameserver? } interface_start() { - ip link set $DEV up + ip link set $DEV up - if [[ "${#ipv4_addresses[@]}" > 0 ]]; then - ip addr add ${ipv4_addresses[@]} dev $DEV broadcast + #TODO: Works for multiple addresses? - ip link set $DEV mtu $ipv4_mtu - ip route add default via $ipv4_gateway dev $DEV - #TODO: nameserver ${ipv4_dns[@]} - else - echo "No IPv4 address, skipping v4 configuration..." - fi + if [[ ${#ipv4_addresses[@]} > 0 ]]; then + ip addr add ${ipv4_addresses[@]} dev $DEV broadcast + #TODO: Works for multiple addresses? + ip link set $DEV mtu $ipv4_mtu + ip route add default via $ipv4_gateway dev $DEV + #TODO: nameserver ${ipv4_dns[@]} + else + echo "No IPv4 address, skipping v4 configuration..." + fi - if [[ "${#ipv6_addresses[@]}" > 0 ]]; then - ip -6 addr add ${ipv6_addresses[@]} dev $DEV #TODO: Works for multiple addresses? - ip -6 route add default via $ipv6_gateway dev $DEV - ip -6 link set $DEV mtu $ipv6_mtu - #TODO: nameserver ${ipv6_dns[@]}" - else - echo "No IPv6 address, skipping v6 configuration..." - fi + if [[ ${#ipv6_addresses[@]} > 0 ]]; then + ip -6 addr add ${ipv6_addresses[@]} dev $DEV #TODO: Works for multiple addresses? + ip -6 route add default via $ipv6_gateway dev $DEV + ip -6 link set $DEV mtu $ipv6_mtu + #TODO: nameserver ${ipv6_dns[@]}" + else + echo "No IPv6 address, skipping v6 configuration..." + fi } ############################################################################### @@ -307,23 +306,23 @@ set -e echo "NOTE: This script does not yet support nameserver configuration." case "$MODE" in - "start") - mbim-network $MBIM_INTERFACE start - sleep 1 - mbimcli -d $MBIM_INTERFACE -p --query-ip-configuration=0 | { - parse_input_state_machine - print_full_configuration - interface_stop - interface_start - } - ;; - "stop") - mbim-network $MBIM_INTERFACE stop - interface_stop - ;; - *) - echo "USAGE: $0 start|stop INTERFACE" >&2 - echo "You can set an env variable DEBUG to gather debugging output." >&2 - exit 1 - ;; +"start") + mbim-network $MBIM_INTERFACE start + sleep 1 + mbimcli -d $MBIM_INTERFACE -p --query-ip-configuration=0 | { + parse_input_state_machine + print_full_configuration + interface_stop + interface_start + } + ;; +"stop") + mbim-network $MBIM_INTERFACE stop + interface_stop + ;; +*) + echo "USAGE: $0 start|stop INTERFACE" >&2 + echo "You can set an env variable DEBUG to gather debugging output." >&2 + exit 1 + ;; esac diff --git a/packages/sops-config/default.nix b/packages/sops-config/default.nix index 0fc0344..9655950 100644 --- a/packages/sops-config/default.nix +++ b/packages/sops-config/default.nix @@ -41,9 +41,9 @@ let userAgeKeys = [ ]; serverAgeKeys = let - getHostsWithSshKeys = filterAttrs (name: cfg: cfg ? sshKey); + getHostsWithSshKeys = filterAttrs (_name: cfg: cfg ? sshKey); mapHostToAgeKey = mapAttrs ( - name: cfg: + _name: cfg: readFile ( runCommand "sshToAgeKey" { diff --git a/renovate.json b/renovate.json index 9df5a17..f710e2d 100644 --- a/renovate.json +++ b/renovate.json @@ -1,13 +1,16 @@ { "$schema": "https://docs.renovatebot.com/renovate-schema.json", - "extends": [ "config:recommended" ], + "extends": [ + "config:recommended" + ], "lockFileMaintenance": { "enabled": true, - "extends": [ "schedule:weekly" ] + "extends": [ + "schedule:weekly" + ] }, "cloneSubmodules": true, "nix": { "enabled": true } } - diff --git a/updates.md b/updates.md index 09373c1..949cac7 100644 --- a/updates.md +++ b/updates.md @@ -16,7 +16,7 @@ git commit git push ``` -Deploy updates: +Deploy updates: ```bash nix develop @@ -47,11 +47,10 @@ pssh -l root -H lindberg-nextcloud.backplane.net.qo.is -H lindberg-build.backpla ## Application Updates -Some applications have pinned versions to prevent problems due to accidental upgrades. +Some applications have pinned versions to prevent problems due to accidental upgrades.\ The version switch has to be done manually by switching the package used. This includes the modules for: - `nextcloud` -- `postgresql`, [→ Nixpkgs manual page](https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading) - +- `postgresql`, [→ Nixpkgs manual page](https://nixos.org/manual/nixos/stable/#module-services-postgres-upgrading)