tidying

2023-10-16 18:17:28 +01:00 · 2023-10-16 18:17:28 +01:00 · 85e38766ce
parent 13afaf15a4
commit 85e38766ce
13 changed files with 39 additions and 63 deletions
--- a/flake.nix
+++ b/flake.nix
@ -21,7 +21,6 @@
    nixos-wsl.inputs.flake-utils.follows = "flake-utils";
    nixos-wsl.inputs.flake-compat.follows = "flake-compat";
    tree-input.url = "github:kittywitch/tree";
    tree-input.inputs.nixpkgs.follows = "nixpkgs-unstable";
--- a/home/base/ssh.nix
+++ b/home/base/ssh.nix
@ -1,36 +1,21 @@
-{
+{lib, ...}: let
  self,
  lib,
  ...
 }: let
  inherit (lib.modules) mkMerge;
  inherit (lib.lists) forEach;
  inherit (builtins) attrNames;
  containerAddresses = import "${self}/hosts/hetzner-arm/data/containerAddresses.nix";
 in {
-  programs.ssh.enable = true;
+  programs.ssh = {
-  programs.ssh.matchBlocks =
+    enable = true;
-    mkMerge
+    matchBlocks = mkMerge [
-    ((forEach ["hetzner-arm" "hetzner-arm-decrypt" "vault" "vault-decrypt" "raspberry"] (hostname: {
+      (mkMerge (map (hostname: {
        "${hostname}" = {
          user = "root";
          hostname = "${hostname}.servers.genderfucked.monster";
        };
-      }))
+      }) ["hetzner-arm" "hetzner-arm-decrypt" "vault" "vault-decrypt" "raspberry"]))
      ++ (forEach (attrNames containerAddresses.containers) (name: {
        "hetzner-arm-container-${name}" = {
          user = "root";
          hostname = "${containerAddresses.containers.${name}}";
          proxyJump = "hetzner-arm";
        };
      }))
      ++ [
      {
        "blahaj" = {
          user = "chaos";
          hostname = "blahaj.sapphicco.de";
        };
      }
-      ]);
+    ];
  };
 }
--- a/hosts/hetzner-arm/containers/caldav/default.nix
+++ b/hosts/hetzner-arm/containers/caldav/default.nix
@ -31,9 +31,6 @@ in {
        [
          presets.nixos.containerBase
          ./secrets.nix
          #./profiles/postgres.nix
          #./profiles/restic.nix
        ]
        ++ (with hosts.hetzner-arm.containers.caldav.profiles; [
          radicale
--- a/hosts/hetzner-arm/containers/forgejo/default.nix
+++ b/hosts/hetzner-arm/containers/forgejo/default.nix
@ -35,8 +35,6 @@ in {
      imports = with tree;
        [
          presets.nixos.containerBase
          profiles.sshd
          profiles.firewallAllow.ssh
          ./secrets.nix
        ]
--- a/hosts/hetzner-arm/containers/mail/default.nix
+++ b/hosts/hetzner-arm/containers/mail/default.nix
@ -54,12 +54,11 @@ in {
        [
          presets.nixos.containerBase
          profiles.nginx
          ./secrets.nix
        ]
        ++ (with hosts.hetzner-arm.containers.mail; [
          modules.mailserver
          profiles.mailserver
          profiles.restic
        ]);
--- a/hosts/hetzner-arm/containers/music/default.nix
+++ b/hosts/hetzner-arm/containers/music/default.nix
@ -43,8 +43,6 @@ in {
      imports = with tree;
        [
          presets.nixos.containerBase
          profiles.sshd
          profiles.firewallAllow.ssh
          profiles.nginx
          profiles.firewallAllow.httpCommon
@ -89,7 +87,8 @@ in {
  in {
    forceSSL = true;
    enableACME = true;
-    locations = mkMerge ([
+    locations =
      mkMerge [
        {
          "/mpd/flac" = {
            proxyPass = "http://${containerIP}:${toString ports.mpd-flac}";
@ -97,7 +96,7 @@ in {
          };
        }
      ]
-      ++ (forEach ["low" "medium" "high"] (quality: {
+      ++ (mkMerge (forEach ["low" "medium" "high"] (quality: {
        "/mpd/opus-${quality}" = {
          proxyPass = "http://${containerIP}:${toString ports."mpd-opus-${quality}"}";
          inherit extraConfig;
--- a/hosts/hetzner-arm/containers/postgresql/default.nix
+++ b/hosts/hetzner-arm/containers/postgresql/default.nix
@ -27,13 +27,15 @@ in {
    config = {...}: {
      nixpkgs.pkgs = pkgs;
-      imports = with tree; [
+      imports = with tree;
        [
          presets.nixos.containerBase
          ./secrets.nix
-
+        ]
-        ./profiles/postgres.nix
+        ++ (with hosts.hetzner-arm.containers.postgresql.profiles; [
-        ./profiles/restic.nix
+          postgres
-      ];
+          restic
        ]);
      networking.firewall.allowedTCPPorts = [5432];
--- a/hosts/hetzner-arm/containers/quassel/default.nix
+++ b/hosts/hetzner-arm/containers/quassel/default.nix
@ -30,8 +30,6 @@ in {
      imports = with tree;
        [
          presets.nixos.containerBase
          profiles.sshd
          profiles.firewallAllow.ssh
          ./secrets.nix
        ]
--- a/hosts/hetzner-arm/containers/social/default.nix
+++ b/hosts/hetzner-arm/containers/social/default.nix
@ -30,9 +30,6 @@ in {
      imports = with tree;
        [
          presets.nixos.containerBase
          profiles.sshd
          profiles.firewallAllow.ssh
          ./secrets.nix
        ]
        ++ (with hosts.hetzner-arm.containers.social.profiles; [
--- a/hosts/hetzner-arm/containers/storage/default.nix
+++ b/hosts/hetzner-arm/containers/storage/default.nix
@ -37,10 +37,6 @@ in {
      imports = with tree;
        [
          presets.nixos.containerBase
          profiles.sshd
          profiles.firewallAllow.ssh
          ./secrets.nix
        ]
        ++ (with hosts.hetzner-arm.containers.storage.profiles; [
--- a/modules/nixos/wslBuildTarballExt.nix
+++ b/modules/nixos/wslBuildTarballExt.nix
@ -1,8 +1,12 @@
-{ config, pkgs, lib, ... }: let
+{
  config,
  pkgs,
  lib,
  ...
 }: let
  inherit (lib.modules) mkIf;
  cfg = config.wsl;
-in
+in {
 {
  config = mkIf cfg.enable {
    system.build.tarballBuilderExt = pkgs.writeShellApplication {
      name = "nixos-wsl-tarball-builder-ext";
--- a/profiles/remoteBuilders.nix
+++ b/profiles/remoteBuilders.nix
@ -17,7 +17,9 @@
        "tablet"
      ]
    then usbSSHKeyFile
-    else if builtins.elem currentHostname ["wsl"] then normalSSHKeyFile else throw "host isn't configured for remote-builders";
+    else if builtins.elem currentHostname ["wsl"]
    then normalSSHKeyFile
    else throw "host isn't configured for remote-builders";
  builderDefaults = {
    sshUser = "root";