diff --git a/extras/mk-enc-usb.nix b/extras/mk-enc-usb.nix index cc66f36..8fbe61f 100644 --- a/extras/mk-enc-usb.nix +++ b/extras/mk-enc-usb.nix @@ -5,7 +5,7 @@ writeShellApplication, }: let encryptedUSBData = import ../data/drives/encryptedUSB.nix; -in (writeShellApplication { +in writeShellApplication { name = "mk-enc-usb"; runtimeInputs = [ parted @@ -48,4 +48,4 @@ in (writeShellApplication { echo "Naming Partitions" parted "$USB_DEVICE" -- name 1 ${encryptedUSBData.encryptedPartLabel} ''; -}) +} diff --git a/extras/mk-encrypted-drive.nix b/extras/mk-encrypted-drive.nix index eb46758..b0d4f44 100644 --- a/extras/mk-encrypted-drive.nix +++ b/extras/mk-encrypted-drive.nix @@ -6,7 +6,7 @@ writeShellApplication, }: let driveData = import ../data/drives/encryptedDrive.nix; -in (writeShellApplication { +in writeShellApplication { name = "mk-encrypted-drive"; runtimeInputs = [ parted @@ -82,4 +82,4 @@ in (writeShellApplication { echo "mount /dev/mapper/mk_encrypted_drive to install" ''; -}) +} diff --git a/extras/mk-raspberry-ext-drive.nix b/extras/mk-raspberry-ext-drive.nix index fbe2c0f..36aa797 100644 --- a/extras/mk-raspberry-ext-drive.nix +++ b/extras/mk-raspberry-ext-drive.nix @@ -5,7 +5,7 @@ writeShellApplication, }: let externalDriveData = import ../data/drives/raspberryExternalDrive.nix; -in (writeShellApplication { +in writeShellApplication { name = "mk-raspberry-ext-drive"; runtimeInputs = [ util-linux @@ -64,4 +64,4 @@ in (writeShellApplication { echo "Closing mapper device" cryptsetup close "mk-raspberry-ext-drive" ''; -}) +} diff --git a/flake.nix b/flake.nix index afa517f..2d9e6c9 100644 --- a/flake.nix +++ b/flake.nix @@ -42,5 +42,5 @@ food-site.inputs.flake-compat.follows = "flake-compat"; }; - outputs = {...} @ inputs: import ./outputs.nix inputs; + outputs = inputs: import ./outputs.nix inputs; } diff --git a/home/musicLibrary.nix b/home/musicLibrary.nix index 8adab7f..edee5df 100644 --- a/home/musicLibrary.nix +++ b/home/musicLibrary.nix @@ -5,7 +5,7 @@ ... }: let # Requires secrets.{restic_music_env} - secrets = nixosConfig.services.secrets.secrets; + inherit (nixosConfig.services.secrets) secrets; in { imports = with tree; [ home.apps.rclone diff --git a/home/programming/languages/nix.nix b/home/programming/languages/nix.nix index b6f8712..276a6aa 100644 --- a/home/programming/languages/nix.nix +++ b/home/programming/languages/nix.nix @@ -1,5 +1,5 @@ {pkgs, ...}: { - home.packages = with pkgs; [alejandra deadnix]; + home.packages = with pkgs; [alejandra deadnix statix]; programs.vscode-mod.extensions = with pkgs; [ vscode-extensions.bbenoist.nix diff --git a/hosts/default.nix b/hosts/default.nix index 108304c..072c0b9 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -1,3 +1,3 @@ -{...} @ inputs: { +inputs: { nixosConfigurations = import ./nixos.nix inputs; } diff --git a/hosts/hetzner-arm/containers/caldav/profiles/radicale.nix b/hosts/hetzner-arm/containers/caldav/profiles/radicale.nix index 0428bd1..cbf6c71 100644 --- a/hosts/hetzner-arm/containers/caldav/profiles/radicale.nix +++ b/hosts/hetzner-arm/containers/caldav/profiles/radicale.nix @@ -1,5 +1,5 @@ {config, ...}: let - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; in { services.radicale = { enable = true; diff --git a/hosts/hetzner-arm/containers/caldav/profiles/restic.nix b/hosts/hetzner-arm/containers/caldav/profiles/restic.nix index 3a07647..9c24e78 100644 --- a/hosts/hetzner-arm/containers/caldav/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/caldav/profiles/restic.nix @@ -5,7 +5,7 @@ ... }: let backupSchedules = import "${self}/data/backupSchedules.nix"; - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; in { environment.systemPackages = with pkgs; [ restic diff --git a/hosts/hetzner-arm/containers/forgejo/profiles/restic.nix b/hosts/hetzner-arm/containers/forgejo/profiles/restic.nix index 70e7604..d777c14 100644 --- a/hosts/hetzner-arm/containers/forgejo/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/forgejo/profiles/restic.nix @@ -5,7 +5,7 @@ ... }: let backupSchedules = import "${self}/data/backupSchedules.nix"; - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; in { environment.systemPackages = with pkgs; [ restic diff --git a/hosts/hetzner-arm/containers/grocy/profiles/restic.nix b/hosts/hetzner-arm/containers/grocy/profiles/restic.nix index 2609d9e..dd17def 100644 --- a/hosts/hetzner-arm/containers/grocy/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/grocy/profiles/restic.nix @@ -4,7 +4,7 @@ config, ... }: let - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; backupSchedules = import "${self}/data/backupSchedules.nix"; in { environment.systemPackages = with pkgs; [ diff --git a/hosts/hetzner-arm/containers/jellyfin/profiles/mediaMount.nix b/hosts/hetzner-arm/containers/jellyfin/profiles/mediaMount.nix index 197eeb9..dc05ecb 100644 --- a/hosts/hetzner-arm/containers/jellyfin/profiles/mediaMount.nix +++ b/hosts/hetzner-arm/containers/jellyfin/profiles/mediaMount.nix @@ -3,7 +3,7 @@ pkgs, ... }: let - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; rcloneMedia = pkgs.writeShellScriptBin "rclone-media" '' ${pkgs.rclone}/bin/rclone --config ${secrets.rclone_config.path} "$@" ''; diff --git a/hosts/hetzner-arm/containers/jellyfin/profiles/restic.nix b/hosts/hetzner-arm/containers/jellyfin/profiles/restic.nix index 3a34329..d28b34a 100644 --- a/hosts/hetzner-arm/containers/jellyfin/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/jellyfin/profiles/restic.nix @@ -4,7 +4,7 @@ config, ... }: let - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; backupSchedules = import "${self}/data/backupSchedules.nix"; in { environment.systemPackages = with pkgs; [ diff --git a/hosts/hetzner-arm/containers/mail/modules/mailserver/dovecot.nix b/hosts/hetzner-arm/containers/mail/modules/mailserver/dovecot.nix index bc02a3b..7775cc5 100644 --- a/hosts/hetzner-arm/containers/mail/modules/mailserver/dovecot.nix +++ b/hosts/hetzner-arm/containers/mail/modules/mailserver/dovecot.nix @@ -36,7 +36,7 @@ EOF ''; in { - config = mkIf (mailConfig.enable) { + config = mkIf mailConfig.enable { services.dovecot2 = { enable = true; enableImap = true; diff --git a/hosts/hetzner-arm/containers/mail/modules/mailserver/opendkim.nix b/hosts/hetzner-arm/containers/mail/modules/mailserver/opendkim.nix index c87f3c3..f081572 100644 --- a/hosts/hetzner-arm/containers/mail/modules/mailserver/opendkim.nix +++ b/hosts/hetzner-arm/containers/mail/modules/mailserver/opendkim.nix @@ -19,7 +19,7 @@ keyDir = mailConfig.dkim.directory; selector = "mail"; - domains = mailConfig.domains; + inherit (mailConfig) domains; createDomainDkimCert = dom: let dkimKey = "${keyDir}/${dom}.${selector}.key"; @@ -51,7 +51,7 @@ in { config = mkIf (mailConfig.enable && mailConfig.dkim.enable) { services.opendkim = { enable = true; - selector = selector; + inherit selector; keyPath = keyDir; domains = "csl:${concatStringsSep "," domains}"; configFile = toFile "opendkim.conf" ('' diff --git a/hosts/hetzner-arm/containers/mail/modules/mailserver/postfix.nix b/hosts/hetzner-arm/containers/mail/modules/mailserver/postfix.nix index 3959dd4..57a8361 100644 --- a/hosts/hetzner-arm/containers/mail/modules/mailserver/postfix.nix +++ b/hosts/hetzner-arm/containers/mail/modules/mailserver/postfix.nix @@ -34,7 +34,7 @@ extraAliasesCombinedFilePath = "/run/postfix_sending_receiving_aliases"; in { - config = mkIf (mailConfig.enable) { + config = mkIf mailConfig.enable { systemd.tmpfiles.rules = mkIf (mailConfig.extraAliasesFile != null) [ "f ${extraAliasesCombinedFilePath} 660 root root" ]; @@ -111,7 +111,7 @@ in { "reject_unauth_destination" ]; - policy-spf_time_limit = mkIf (mailConfig.spf.enable) "3600s"; + policy-spf_time_limit = mkIf mailConfig.spf.enable "3600s"; smtpd_recipient_restrictions = flatten [ (optional mailConfig.spf.enable "check_policy_service unix:private/policy-spf") @@ -158,7 +158,7 @@ in { milter_mail_macros = "i {mail_addr} {client_addr} {client_name} {auth_type} {auth_authen} {auth_author} {mail_addr} {mail_host} {mail_mailer}"; }; - submissionOptions = submissionOptions; + inherit submissionOptions; submissionsOptions = submissionOptions; masterConfig = { @@ -167,7 +167,7 @@ in { # D => Delivered-To, O => X-Original-To, R => Return-Path args = ["flags=O"]; }; - "policy-spf" = mkIf (mailConfig.spf.enable) { + "policy-spf" = mkIf mailConfig.spf.enable { type = "unix"; privileged = true; chroot = false; diff --git a/hosts/hetzner-arm/containers/mail/modules/mailserver/ssl.nix b/hosts/hetzner-arm/containers/mail/modules/mailserver/ssl.nix index 575646a..b3a3b0a 100644 --- a/hosts/hetzner-arm/containers/mail/modules/mailserver/ssl.nix +++ b/hosts/hetzner-arm/containers/mail/modules/mailserver/ssl.nix @@ -16,7 +16,7 @@ in { serverAliases = mailConfig.domains; forceSSL = true; enableACME = true; - acmeRoot = acmeRoot; + inherit acmeRoot; }; }; diff --git a/hosts/hetzner-arm/containers/mail/modules/mailserver/vmail.nix b/hosts/hetzner-arm/containers/mail/modules/mailserver/vmail.nix index f0689a0..50439b3 100644 --- a/hosts/hetzner-arm/containers/mail/modules/mailserver/vmail.nix +++ b/hosts/hetzner-arm/containers/mail/modules/mailserver/vmail.nix @@ -10,11 +10,11 @@ mailConfig = config.services.mailserver; - vmail = mailConfig.vmail; + inherit (mailConfig) vmail; vmailUser = vmail.user; vmailGroup = vmail.group; - sieveDirectory = mailConfig.sieveDirectory; + inherit (mailConfig) sieveDirectory; scriptForUser = name: config: if builtins.isString config.sieveScript @@ -39,7 +39,7 @@ ${concatStringsSep "\n" (mapAttrsToList (name: config: scriptForUser name config) mailConfig.accounts)} ''; in { - config = mkIf (mailConfig.enable) { + config = mkIf mailConfig.enable { users.users."${vmailUser}" = { isSystemUser = true; diff --git a/hosts/hetzner-arm/containers/mail/profiles/mailserver.nix b/hosts/hetzner-arm/containers/mail/profiles/mailserver.nix index 22501e7..e53d7cd 100644 --- a/hosts/hetzner-arm/containers/mail/profiles/mailserver.nix +++ b/hosts/hetzner-arm/containers/mail/profiles/mailserver.nix @@ -1,5 +1,5 @@ {config, ...}: let - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; in { services.mailserver = { enable = true; diff --git a/hosts/hetzner-arm/containers/mail/profiles/restic.nix b/hosts/hetzner-arm/containers/mail/profiles/restic.nix index c5e2a81..6619592 100644 --- a/hosts/hetzner-arm/containers/mail/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/mail/profiles/restic.nix @@ -5,7 +5,7 @@ ... }: let backupSchedules = import "${self}/data/backupSchedules.nix"; - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; mailConfig = config.services.mailserver; in { diff --git a/hosts/hetzner-arm/containers/music/modules/mpd-fork.nix b/hosts/hetzner-arm/containers/music/modules/mpd-fork.nix index 3fd5721..4f74bb3 100644 --- a/hosts/hetzner-arm/containers/music/modules/mpd-fork.nix +++ b/hosts/hetzner-arm/containers/music/modules/mpd-fork.nix @@ -34,7 +34,7 @@ with lib; let ${optionalString (cfg.network.listenAddress != "any") ''bind_to_address "${cfg.network.listenAddress}"''} ${optionalString (cfg.network.port != 6600) ''port "${toString cfg.network.port}"''} - ${optionalString (cfg.fluidsynth) '' + ${optionalString cfg.fluidsynth '' decoder { plugin "fluidsynth" soundfont "${pkgs.soundfont-fluid}/share/soundfonts/FluidR3_GM2-2.sf2" @@ -245,8 +245,7 @@ in { ExecStart = ["" "${cfg.package}/bin/mpd --systemd /run/mpd/mpd.conf"]; RuntimeDirectory = "mpd"; StateDirectory = - [] - ++ optionals (cfg.dataDir == "/var/lib/${name}") [name] + optionals (cfg.dataDir == "/var/lib/${name}") [name] ++ optionals (cfg.playlistDirectory == "/var/lib/${name}/playlists") [name "${name}/playlists"] ++ optionals (cfg.musicDirectory == "/var/lib/${name}/music") [name "${name}/music"]; }; @@ -255,7 +254,7 @@ in { users.users = optionalAttrs (cfg.user == name) { "${name}" = { inherit uid; - group = cfg.group; + inherit (cfg) group; extraGroups = ["audio"]; description = "Music Player Daemon user"; home = "${cfg.dataDir}"; diff --git a/hosts/hetzner-arm/containers/music/profiles/mpd.nix b/hosts/hetzner-arm/containers/music/profiles/mpd.nix index e94a78e..5339928 100644 --- a/hosts/hetzner-arm/containers/music/profiles/mpd.nix +++ b/hosts/hetzner-arm/containers/music/profiles/mpd.nix @@ -8,7 +8,7 @@ inherit (lib.lists) forEach; ports = import ../data/ports.nix; - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; in { environment.systemPackages = with pkgs; [ mpc_cli diff --git a/hosts/hetzner-arm/containers/music/profiles/soulseek.nix b/hosts/hetzner-arm/containers/music/profiles/soulseek.nix index 4f66336..53fce9e 100644 --- a/hosts/hetzner-arm/containers/music/profiles/soulseek.nix +++ b/hosts/hetzner-arm/containers/music/profiles/soulseek.nix @@ -4,7 +4,7 @@ ... }: let ports = import ../data/ports.nix; - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; inherit (lib.modules) mkForce; in { diff --git a/hosts/hetzner-arm/containers/owncast/profiles/restic.nix b/hosts/hetzner-arm/containers/owncast/profiles/restic.nix index 7187f68..d24fe79 100644 --- a/hosts/hetzner-arm/containers/owncast/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/owncast/profiles/restic.nix @@ -5,7 +5,7 @@ ... }: let backupSchedules = import "${self}/data/backupSchedules.nix"; - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; in { environment.systemPackages = with pkgs; [ restic diff --git a/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix b/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix index a43ae95..710d4a8 100644 --- a/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/postgresql/profiles/restic.nix @@ -4,7 +4,7 @@ config, ... }: let - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; backupSchedules = import "${self}/data/backupSchedules.nix"; backupPrepareCommand = "${ diff --git a/hosts/hetzner-arm/containers/quassel/profiles/restic.nix b/hosts/hetzner-arm/containers/quassel/profiles/restic.nix index 7a18ea7..ec742f2 100644 --- a/hosts/hetzner-arm/containers/quassel/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/quassel/profiles/restic.nix @@ -5,7 +5,7 @@ ... }: let backupSchedules = import "${self}/data/backupSchedules.nix"; - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; in { environment.systemPackages = with pkgs; [ restic diff --git a/hosts/hetzner-arm/containers/social/profiles/gotosocial.nix b/hosts/hetzner-arm/containers/social/profiles/gotosocial.nix index ac6dcc5..7d1043f 100644 --- a/hosts/hetzner-arm/containers/social/profiles/gotosocial.nix +++ b/hosts/hetzner-arm/containers/social/profiles/gotosocial.nix @@ -7,7 +7,7 @@ hostIP = containerAddresses.host; containerIP = containerAddresses.containers.social; - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; in { services.gotosocial = { enable = true; diff --git a/hosts/hetzner-arm/containers/social/profiles/restic.nix b/hosts/hetzner-arm/containers/social/profiles/restic.nix index b0b7190..e6e6e40 100644 --- a/hosts/hetzner-arm/containers/social/profiles/restic.nix +++ b/hosts/hetzner-arm/containers/social/profiles/restic.nix @@ -4,7 +4,7 @@ config, ... }: let - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; backupSchedules = import "${self}/data/backupSchedules.nix"; # Because gotosocial-admin isn't a seporate package we need to generate a seperate config diff --git a/hosts/hetzner-arm/containers/storage/profiles/rcloneConfigs.nix b/hosts/hetzner-arm/containers/storage/profiles/rcloneConfigs.nix index c8f8438..1009d74 100644 --- a/hosts/hetzner-arm/containers/storage/profiles/rcloneConfigs.nix +++ b/hosts/hetzner-arm/containers/storage/profiles/rcloneConfigs.nix @@ -1,5 +1,5 @@ {config, ...}: let - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; in { systemd.tmpfiles.rules = [ "d /root/.config - root root" diff --git a/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix b/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix index 95ba82d..f75f0f4 100644 --- a/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix +++ b/hosts/hetzner-arm/containers/storage/profiles/rcloneServe.nix @@ -1,5 +1,5 @@ {config, ...}: let - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; ports = import ../data/ports.nix; in { systemd.tmpfiles.rules = [ diff --git a/hosts/hetzner-arm/containers/stream/profiles/mpd.nix b/hosts/hetzner-arm/containers/stream/profiles/mpd.nix index d8d949c..3c61d52 100644 --- a/hosts/hetzner-arm/containers/stream/profiles/mpd.nix +++ b/hosts/hetzner-arm/containers/stream/profiles/mpd.nix @@ -8,7 +8,7 @@ inherit (lib.lists) forEach; ports = import ../data/ports.nix; - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; in { environment.systemPackages = with pkgs; [ mpc_cli diff --git a/hosts/hetzner-arm/containers/stream/profiles/soulseek.nix b/hosts/hetzner-arm/containers/stream/profiles/soulseek.nix index 4f66336..53fce9e 100644 --- a/hosts/hetzner-arm/containers/stream/profiles/soulseek.nix +++ b/hosts/hetzner-arm/containers/stream/profiles/soulseek.nix @@ -4,7 +4,7 @@ ... }: let ports = import ../data/ports.nix; - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; inherit (lib.modules) mkForce; in { diff --git a/hosts/lappy-t495/profiles/restic.nix b/hosts/lappy-t495/profiles/restic.nix index b93bce8..443c4e2 100644 --- a/hosts/lappy-t495/profiles/restic.nix +++ b/hosts/lappy-t495/profiles/restic.nix @@ -1,5 +1,5 @@ {config, ...}: let - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; in { services.restic.backups.lappy-t495 = { user = "root"; diff --git a/hosts/vault/profiles/internalCA.nix b/hosts/vault/profiles/internalCA.nix index 13594d9..fca8042 100644 --- a/hosts/vault/profiles/internalCA.nix +++ b/hosts/vault/profiles/internalCA.nix @@ -3,7 +3,7 @@ config, ... }: let - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; in { environment.systemPackages = with pkgs; [ step-cli diff --git a/hosts/vault/profiles/restic.nix b/hosts/vault/profiles/restic.nix index 093ec89..aceb628 100644 --- a/hosts/vault/profiles/restic.nix +++ b/hosts/vault/profiles/restic.nix @@ -4,7 +4,7 @@ config, ... }: let - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; backupSchedules = import "${self}/data/backupSchedules.nix"; in { services.restic.backups.vault = { diff --git a/modules/home/vscode-mod-module.nix b/modules/home/vscode-mod-module.nix index 9f0a060..7b65edd 100644 --- a/modules/home/vscode-mod-module.nix +++ b/modules/home/vscode-mod-module.nix @@ -76,7 +76,7 @@ in { }; userSettings = mkOption { - type = jsonFormat.type; + inherit (jsonFormat) type; default = {}; example = literalExpression '' { @@ -91,7 +91,7 @@ in { }; userTasks = mkOption { - type = jsonFormat.type; + inherit (jsonFormat) type; default = {}; example = literalExpression '' { @@ -127,7 +127,7 @@ in { }; when = mkOption { - type = types.nullOr (types.str); + type = types.nullOr types.str; default = null; example = "textInputFocus"; description = "Optional context filter."; @@ -135,7 +135,7 @@ in { # https://code.visualstudio.com/docs/getstarted/keybindings#_command-arguments args = mkOption { - type = types.nullOr (jsonFormat.type); + type = types.nullOr jsonFormat.type; default = null; example = {direction = "up";}; description = "Optional arguments for a command."; diff --git a/modules/nixos/postgreSQLRemoteBackup.nix b/modules/nixos/postgreSQLRemoteBackup.nix index 7451346..3b9df8f 100644 --- a/modules/nixos/postgreSQLRemoteBackup.nix +++ b/modules/nixos/postgreSQLRemoteBackup.nix @@ -93,7 +93,7 @@ in { "d '${cfg.location}' 0700 ${cfg.backupUser} - - -" ]; }) - (mkIf (cfg.enable) { + (mkIf cfg.enable { systemd.services = listToAttrs (map (db: { name = "remotePostgreSQLBackup-${db}"; value = let @@ -118,7 +118,7 @@ in { description = "Backup of ${db} database(s)"; - requires = mkIf (config.services.postgresql.enable) [ + requires = mkIf config.services.postgresql.enable [ "postgresql.service" ]; @@ -137,7 +137,7 @@ in { umask 0077 # ensure backup is only readable by backup user - ${optionalString (cfg.keepPrev) '' + ${optionalString cfg.keepPrev '' if [ -e ${curFile} ]; then rm -f ${toString prevFiles} mv ${curFile} ${prevFile} @@ -156,7 +156,7 @@ in { User = cfg.backupUser; }; - startAt = cfg.startAt; + inherit (cfg) startAt; }; }) cfg.databases); diff --git a/modules/nixos/rcloneSync.nix b/modules/nixos/rcloneSync.nix index 92ad014..a3d95b0 100644 --- a/modules/nixos/rcloneSync.nix +++ b/modules/nixos/rcloneSync.nix @@ -120,7 +120,7 @@ in { value = { wantedBy = ["timers.target"]; partOf = ["${name}.service"]; - timerConfig = job.timerConfig; + inherit (job) timerConfig; }; }) cfg.syncJobs); diff --git a/modules/nixos/secrets.nix b/modules/nixos/secrets.nix index 832346b..2ba00af 100644 --- a/modules/nixos/secrets.nix +++ b/modules/nixos/secrets.nix @@ -69,7 +69,7 @@ in { autoSecrets = { enable = mkEnableOption "autoSecrets"; affectedSystemdServices = mkOption { - type = types.listOf (types.either (types.str) (types.submodule { + type = types.listOf (types.either types.str (types.submodule { options = { name = mkOption { type = types.str; @@ -251,7 +251,7 @@ in { ]; } // (mkMerge [ - (mkIf (cfg.enable) { + (mkIf cfg.enable { environment.systemPackages = [ (secretsLib.mkSecretsInitScript cfg) (secretsLib.mkSecretsCheckScript cfg) @@ -284,7 +284,7 @@ in { in { services = (listToAttrs (map (unitConfig: { - name = unitConfig.name; + inherit (unitConfig) name; value = { after = ["auto-secrets.service"]; wants = ["auto-secrets.service"]; diff --git a/modules/nixos/secretsLib/lib.nix b/modules/nixos/secretsLib/lib.nix index b1027e7..ea54a61 100644 --- a/modules/nixos/secretsLib/lib.nix +++ b/modules/nixos/secretsLib/lib.nix @@ -300,37 +300,32 @@ in rec { }; mkSecretsInitScript = cfg: mkSecretsInitScriptWithName cfg null; - mkSecretsInitScriptWithName = ( - cfg: name: let + mkSecretsInitScriptWithName = cfg: name: let scriptName = if name == null then "secrets-init" else "secrets-init-${name}"; scripts = genScripts cfg; - in (writeShellApplication { + in writeShellApplication { name = scriptName; runtimeInputs = defaultPackages ++ cfg.packages; text = scripts.initScript; - }) - ); + }; mkSecretsCheckScript = cfg: mkSecretsCheckScriptWithName cfg null; - mkSecretsCheckScriptWithName = ( - cfg: name: let + mkSecretsCheckScriptWithName = cfg: name: let scriptName = if name == null then "secrets-check" else "secrets-check-${name}"; scripts = genScripts cfg; - in (writeShellApplication { + in writeShellApplication { name = scriptName; runtimeInputs = defaultPackages ++ cfg.checkPackages; text = scripts.checkScript; - }) - ); + }; - genVaultPolicy = ( - cfg: name: let + genVaultPolicy = cfg: name: let inherit (cfg) requiredVaultPaths; policies = forEach requiredVaultPaths (policyConfig: let @@ -349,8 +344,7 @@ in rec { capabilities = [${concatStringsSep "," (forEach capabilities escapeString)}] } ''); - in (toFile "vault-policy-${name}.hcl" '' + in toFile "vault-policy-${name}.hcl" '' ${concatStringsSep "\n" policies} - '') - ); + ''; } diff --git a/outputs.nix b/outputs.nix index a0900ed..66a1e33 100644 --- a/outputs.nix +++ b/outputs.nix @@ -1,6 +1,6 @@ {self, ...} @ inputs: let nixpkgs = inputs.nixpkgs-unstable; - lib = nixpkgs.lib; + inherit (nixpkgs) lib; inherit (lib.attrsets) mergeAttrsList recursiveUpdate; inherit (lib.lists) foldl' forEach filter; @@ -8,7 +8,7 @@ hosts = import ./hosts inputs; in { - nixosConfigurations = hosts.nixosConfigurations; + inherit (hosts) nixosConfigurations; extras = { wsl-tarball-builder = hosts.nixosConfigurations.wsl.config.system.build.tarballBuilderExt; @@ -161,7 +161,7 @@ in }; machinesWithHostSecrets = filter ( - machine: (machines.${machine}.hasHostSecrets) + machine: machines.${machine}.hasHostSecrets ) (builtins.attrNames machines); machinesWithContainers = filter ( @@ -201,11 +201,11 @@ in (mergeAttrsList (forEach machinesWithContainers (machineName: let machine = machines.${machineName}; - containers = machine.containers; - in (mergeAttrsList (forEach containers (containerName: { + inherit (machine) containers; + in mergeAttrsList (forEach containers (containerName: { "secrets-init-${machineName}-container-${containerName}" = secretsInitScriptForContainer machineName containerName; "vault-policy-${machineName}-container-${containerName}" = vaultPolicyForContainer machineName containerName; - })))))) + }))))) ]; }) ] diff --git a/presets/nixos/serverEncryptedDrive.nix b/presets/nixos/serverEncryptedDrive.nix index 682490a..d38830d 100644 --- a/presets/nixos/serverEncryptedDrive.nix +++ b/presets/nixos/serverEncryptedDrive.nix @@ -9,7 +9,7 @@ inherit (lib.modules) mkForce; inherit (lib.lists) optionals; - system = pkgs.system; + inherit (pkgs) system; driveData = import "${self}/data/drives/encryptedDrive.nix"; in { diff --git a/presets/nixos/serverHetzner.nix b/presets/nixos/serverHetzner.nix index 3a21619..7b6ada3 100644 --- a/presets/nixos/serverHetzner.nix +++ b/presets/nixos/serverHetzner.nix @@ -9,11 +9,11 @@ inherit (lib.lists) optionals; inherit (lib.modules) mkForce; - system = pkgs.system; + inherit (pkgs) system; serverIPs = import "${self}/data/serverIPs.nix"; - hostName = config.networking.hostName; + inherit (config.networking) hostName; hostServerIPs = serverIPs.${hostName}; gateway = "172.31.1.1"; diff --git a/profiles/chaosInternalWireGuard/wireguard.nix b/profiles/chaosInternalWireGuard/wireguard.nix index 88c0012..2a252c0 100644 --- a/profiles/chaosInternalWireGuard/wireguard.nix +++ b/profiles/chaosInternalWireGuard/wireguard.nix @@ -9,7 +9,7 @@ inherit (builtins) hasAttr attrNames; # Assume this to be set - secrets = config.services.secrets.secrets; + inherit (config.services.secrets) secrets; wireguardData = import "${self}/data/wireguard/chaosInternalWireGuard.nix"; wireguardHosts = wireguardData.hosts; diff --git a/profiles/fingerprint.nix b/profiles/fingerprint.nix index 0e0275b..d7f6a26 100644 --- a/profiles/fingerprint.nix +++ b/profiles/fingerprint.nix @@ -14,7 +14,7 @@ in { sudo.fprintAuth = true; login.fprintAuth = true; - gdm-fingerprint = mkIf (config.services.xserver.displayManager.gdm.enable) { + gdm-fingerprint = mkIf config.services.xserver.displayManager.gdm.enable { text = '' auth required pam_shells.so auth requisite pam_nologin.so diff --git a/statix.toml b/statix.toml new file mode 100644 index 0000000..c6fd647 --- /dev/null +++ b/statix.toml @@ -0,0 +1,3 @@ +disabled = [ + "empty_pattern" +]