Refactoring

2025-04-09 21:45:49 +02:00 · 2025-04-09 21:45:49 +02:00 · 8e8041e423
commit 8e8041e423
parent 209526d7c0
51 changed files with 1414 additions and 1368 deletions
--- a/modules/bluetooth.nix
+++ b/modules/bluetooth.nix
@ -9,9 +9,11 @@ in
  };
  config = lib.mkIf cfg.bluetooth.enable {
    hardware.bluetooth.enable = true;
-    services.blueman.enable = true;
-    services.ofono.enable = true;
-    services.upower.enable = true;
+    services = {
+      blueman.enable = true;
+      ofono.enable = true;
+      upower.enable = true;
+    };
    hardware.bluetooth.settings.General.Experimental = true; # to show battery state
  };
 }
--- a/modules/luksusb.nix
+++ b/modules/luksusb.nix
@ -45,20 +45,19 @@ in
      });
    };
  };
-  config = lib.mkIf cfg.enable
-    (
-      let
-        makeUsbDevPath = usbDevice: "/dev/disk/" + usbDevice;
-        makeMountPath = usbDevice: "/key/" + (builtins.hashString "md5" usbDevice);
-        usbFsType = "vfat";
+  config = lib.mkIf cfg.enable (
+    let
+      makeUsbDevPath = usbDevice: "/dev/disk/" + usbDevice;
+      makeMountPath = usbDevice: "/key/" + (builtins.hashString "md5" usbDevice);
+      usbFsType = "vfat";

-        mapAttrsNameValue = f: set:
-          lib.listToAttrs (map f (lib.attrsToList set));
-      in
-      {
-        boot.initrd.kernelModules = [ "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" ];
-
-        boot.initrd.systemd.services =
+      mapAttrsNameValue = f: set:
+        lib.listToAttrs (map f (lib.attrsToList set));
+    in
+    {
+      boot.initrd = {
+        kernelModules = [ "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" ];
+        systemd.services =
          let
            makeService = name: { keyPath, usbDevice, waitForDevice }:
              let
@ -89,7 +88,12 @@ in

                  if [ -e ${lib.escapeShellArg usbDevPath} ]; then
                    mkdir -m0500 -p ${lib.escapeShellArg usbMountPath}
-                    mount -n -t ${lib.escapeShellArg usbFsType} -o ro,fmask=0137,dmask=0027 ${lib.escapeShellArg usbDevPath} ${lib.escapeShellArg usbMountPath}
+                    mount \
+                      -n \
+                      -t ${lib.escapeShellArg usbFsType} \
+                      -o ro,fmask=0137,dmask=0027 \
+                      ${lib.escapeShellArg usbDevPath} \
+                      ${lib.escapeShellArg usbMountPath}
                  fi
                '';
              };
@ -101,7 +105,7 @@ in
            })
            cfg.devices;

-        boot.initrd.luks.devices = builtins.mapAttrs
+        luks.devices = builtins.mapAttrs
          (name: { keyPath, usbDevice, ... }:
            let
              usbMountPath = makeMountPath usbDevice;
@ -111,6 +115,7 @@ in
              keyFileTimeout = 1;
            })
          cfg.devices;
-      }
-    );
+      };
+    }
+  );
 }
--- a/modules/mailserver/postfix.nix
+++ b/modules/mailserver/postfix.nix
@ -5,26 +5,26 @@ let
  listToString = lib.concatStringsSep ",";

  # List of attribute sets with single key-value pair
-  plainAliases = (lib.flatten
+  plainAliases = lib.flatten
    (map
      ({ address, aliases, ... }:
        map
          (alias: { "${alias}" = address; })
          (aliases ++ lib.singleton address))
-      cfg.users));
+      cfg.users);

  # Attribute set with every alias mapped to a list of receivers
-  mergedAliases = (lib.attrsets.foldAttrs
+  mergedAliases = lib.attrsets.foldAttrs
    (val: col: lib.singleton val ++ col)
    [ ]
-    plainAliases);
+    plainAliases;

  # Contents of the aliases file
-  aliasesString = (lib.concatStringsSep
+  aliasesString = lib.concatStringsSep
    "\n"
    (lib.mapAttrsToList
      (alias: addresses: "${alias} ${listToString addresses}")
-      mergedAliases));
+      mergedAliases);

  valiases = pkgs.writeText "valiases" aliasesString;

@ -38,7 +38,7 @@ lib.mkIf cfg.enable {
  services.postfix = {
    enable = true;

-    relayPort = cfg.relayPort;
+    inherit (cfg) relayPort;

    enableSubmission = false; # plain/STARTTLS (latter is forced in submissionOptions)
    enableSubmissions = true; # submission with implicit TLS (TCP/465)
--- a/modules/mailserver/rspamd.nix
+++ b/modules/mailserver/rspamd.nix
@ -6,7 +6,7 @@ let
  # nix shell nixpkgs#rspamd -c \
  #   rspamadm dkim_keygen -s default -d example.com -b 4096 -k /dev/shm/dkim.key > dkim.txt

-  dkimEnabledDomains = (lib.filter (d: d.enableDKIM) cfg.domains);
+  dkimEnabledDomains = lib.filter (d: d.enableDKIM) cfg.domains;
  dkimSignatureDir = pkgs.stdenvNoCC.mkDerivation {
    name = "dkim-signatures";
    dontUnpack = true;
--- a/modules/matrix/default.nix
+++ b/modules/matrix/default.nix
@ -65,7 +65,7 @@ in
        type = port;
      };
      settings = mkOption {
-        type = (pkgs.formats.json { }).type;
+        inherit ((pkgs.formats.json { })) type;
      };
    };
    mautrix-whatsapp = {
@ -75,7 +75,7 @@ in
        type = port;
      };
      settings = mkOption {
-        type = (pkgs.formats.json { }).type;
+        inherit ((pkgs.formats.json { })) type;
      };
    };
  };
--- a/modules/matrix/mautrix-signal.nix
+++ b/modules/matrix/mautrix-signal.nix
@ -16,7 +16,7 @@ lib.mkIf cfg.mautrix-signal.enable {
      };
      appservice = rec {
        hostname = "127.0.0.1";
-        port = cfg.mautrix-signal.port;
+        inherit (cfg.mautrix-signal) port;
        address = "http://${hostname}:${toString port}";
        provisioning.shared_secret = "disable";
        database = "sqlite:///${dataDir}/mautrix-signal.db";
--- a/modules/matrix/mautrix-whatsapp.nix
+++ b/modules/matrix/mautrix-whatsapp.nix
@ -15,7 +15,7 @@ lib.mkIf cfg.mautrix-whatsapp.enable {
      };
      appservice = rec {
        hostname = "127.0.0.1";
-        port = cfg.mautrix-whatsapp.port;
+        inherit (cfg.mautrix-whatsapp) port;
        address = "http://${hostname}:${toString port}";
        provisioning.shared_secret = "disable";
        database = {
--- a/modules/matrix/synapse.nix
+++ b/modules/matrix/synapse.nix
@ -4,84 +4,107 @@ let
  cfg = config.jalr.matrix;
 in
 lib.mkIf cfg.enable {
-  services.matrix-synapse = {
-    enable = true;
+  services = {
+    matrix-synapse = {
+      enable = true;

-    settings = {
-      server_name = cfg.domain;
-      public_baseurl = "https://${cfg.fqdn}";
+      settings = {
+        server_name = cfg.domain;
+        public_baseurl = "https://${cfg.fqdn}";

-      database.name = "sqlite3";
+        database.name = "sqlite3";

-      listeners = lib.singleton {
-        port = cfg.synapse.port;
-        bind_addresses = [ "127.0.0.1" "::1" ];
-        type = "http";
-        tls = false;
-        x_forwarded = true;
-        resources = lib.singleton {
-          names = [ "client" "federation" "metrics" ];
-          compress = false;
+        listeners = lib.singleton {
+          inherit (cfg.synapse) port;
+          bind_addresses = [ "127.0.0.1" "::1" ];
+          type = "http";
+          tls = false;
+          x_forwarded = true;
+          resources = lib.singleton {
+            names = [ "client" "federation" "metrics" ];
+            compress = false;
+          };
        };
+
+        turn_uris = [
+          "turns:${cfg.turn.host}:5349?transport=udp"
+          "turns:${cfg.turn.host}:5349?transport=tcp"
+          "turn:${cfg.turn.host}:3478?transport=udp"
+          "turn:${cfg.turn.host}:3478?transport=tcp"
+        ];
+        turn_user_lifetime = "1h";
+
+        enable_metrics = true;
+
+        # adapted from https://github.com/NixOS/nixpkgs/blob/7e10bf4327491a6ebccbe1aaa8e6c6c0aca4663a/nixos/modules/services/misc/matrix-synapse-log_config.yaml
+        #  - set root.level to WARNING instead of INFO
+        log_config = pkgs.writeText "log_config.yaml" (builtins.toJSON {
+          version = 1;
+
+          formatters.journal_fmt.format = "%(name)s: [%(request)s] %(message)s";
+
+          filters.context = {
+            "()" = "synapse.util.logcontext.LoggingContextFilter";
+            request = "";
+          };
+
+          handlers.journal = {
+            class = "systemd.journal.JournalHandler";
+            formatter = "journal_fmt";
+            filters = [ "context" ];
+            SYSLOG_IDENTIFIER = "synapse";
+          };
+
+          root = {
+            level = "WARNING";
+            handlers = [ "journal" ];
+          };
+
+          disable_existing_loggers = false;
+        });
+
+        max_upload_size = "50M";
+
+        # I’m okay with using matrix.org as trusted key server
+        suppress_key_server_warning = true;
+
+        # For mautrix-whatsapp backfilling
+        experimental_features.msc2716_enabled = true;
      };

-      turn_uris = [
-        "turns:${cfg.turn.host}:5349?transport=udp"
-        "turns:${cfg.turn.host}:5349?transport=tcp"
-        "turn:${cfg.turn.host}:3478?transport=udp"
-        "turn:${cfg.turn.host}:3478?transport=tcp"
+      extraConfigFiles = [
+        cfg.turn.sharedSecretFile
      ];
-      turn_user_lifetime = "1h";
-
-      enable_metrics = true;
-
-      # adapted from https://github.com/NixOS/nixpkgs/blob/7e10bf4327491a6ebccbe1aaa8e6c6c0aca4663a/nixos/modules/services/misc/matrix-synapse-log_config.yaml
-      #  - set root.level to WARNING instead of INFO
-      log_config = pkgs.writeText "log_config.yaml" (builtins.toJSON {
-        version = 1;
-
-        formatters.journal_fmt.format = "%(name)s: [%(request)s] %(message)s";
-
-        filters.context = {
-          "()" = "synapse.util.logcontext.LoggingContextFilter";
-          request = "";
-        };
-
-        handlers.journal = {
-          class = "systemd.journal.JournalHandler";
-          formatter = "journal_fmt";
-          filters = [ "context" ];
-          SYSLOG_IDENTIFIER = "synapse";
-        };
-
-        root = {
-          level = "WARNING";
-          handlers = [ "journal" ];
-        };
-
-        disable_existing_loggers = false;
-      });
-
-      max_upload_size = "50M";
-
-      # I’m okay with using matrix.org as trusted key server
-      suppress_key_server_warning = true;
-
-      # For mautrix-whatsapp backfilling
-      experimental_features.msc2716_enabled = true;
    };

-    extraConfigFiles = [
-      cfg.turn.sharedSecretFile
-    ];
+    matrix-synapse.settings.app_service_config_files = lib.attrsets.mapAttrsToList
+      (
+        name: value:
+          "/run/matrix-synapse/app_service_config/${name}.yaml"
+      )
+      cfg.synapse.app_service_config;
+
+    nginx.virtualHosts = {
+      "${cfg.fqdn}" = {
+        enableACME = true;
+        forceSSL = true;
+
+        locations."/_matrix" =
+          let
+            listenerCfg = lib.elemAt config.services.matrix-synapse.settings.listeners 0;
+          in
+          {
+            proxyPass = "http://${lib.elemAt listenerCfg.bind_addresses 0}:${toString listenerCfg.port}";
+
+            extraConfig = ''
+              client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size};
+            '';
+          };
+      };
+
+    };
  };

-  services.matrix-synapse.settings.app_service_config_files = lib.attrsets.mapAttrsToList
-    (
-      name: value:
-        "/run/matrix-synapse/app_service_config/${name}.yaml"
-    )
-    cfg.synapse.app_service_config;
  systemd.services.matrix-synapse = {
    restartTriggers = lib.attrsets.mapAttrsToList
      (
@ -109,24 +132,4 @@ lib.mkIf cfg.enable {
        cfg.synapse.app_service_config;
    };
  };
-
-  services.nginx.virtualHosts = {
-    "${cfg.fqdn}" = {
-      enableACME = true;
-      forceSSL = true;
-
-      locations."/_matrix" =
-        let
-          listenerCfg = (lib.elemAt config.services.matrix-synapse.settings.listeners 0);
-        in
-        {
-          proxyPass = "http://${lib.elemAt listenerCfg.bind_addresses 0}:${toString listenerCfg.port}";
-
-          extraConfig = ''
-            client_max_body_size ${config.services.matrix-synapse.settings.max_upload_size};
-          '';
-        };
-    };
-
-  };
 }
--- a/modules/nix.nix
+++ b/modules/nix.nix
@ -45,7 +45,7 @@
    (final: prev: {
      master = import inputs.nixpkgsMaster {
        inherit system;
-        config = prev.config;
+        inherit (prev) config;
      };
    })
  ];
--- a/modules/providers/hetzner-cloud.nix
+++ b/modules/providers/hetzner-cloud.nix
@ -67,7 +67,7 @@ in
                  extraArgs = [ "-f" ];
                  postCreateHook =
                    let
-                      device = cfg.devices.disk.virt.content.partitions.linux.device;
+                      inherit (cfg.devices.disk.virt.content.partitions.linux) device;
                    in
                    ''
                      mountpoint="$(mktemp -d)"
--- a/modules/qbittorrent/default.nix
+++ b/modules/qbittorrent/default.nix
@ -49,7 +49,7 @@ in
      ];

      sops.secrets.sturzbach-htpasswd = {
-        sopsFile = cfg.sopsFile;
+        inherit (cfg) sopsFile;
        owner = "nginx";
      };

--- a/modules/sway.nix
+++ b/modules/sway.nix
@ -1,10 +1,14 @@
 { config, lib, pkgs, ... }:

 lib.mkIf (config.jalr.gui.enable && config.jalr.gui.desktop == "sway") {
-  programs.sway = {
-    enable = true;
-    xwayland.enable = true;
-    wrapperFeatures.gtk = true;
+  programs = {
+    wshowkeys.enable = true;
+    dconf.enable = true;
+    sway = {
+      enable = true;
+      xwayland.enable = true;
+      wrapperFeatures.gtk = true;
+    };
  };

  hardware.graphics.enable = true;
@ -19,6 +23,7 @@ lib.mkIf (config.jalr.gui.enable && config.jalr.gui.desktop == "sway") {
  }];

  xdg = {
+    icons.enable = true;
    portal = {
      enable = true;
      extraPortals = with pkgs; [
@ -27,13 +32,8 @@ lib.mkIf (config.jalr.gui.enable && config.jalr.gui.desktop == "sway") {
      ];
      xdgOpenUsePortal = true;
    };
-    icons.enable = true;
  };

-  programs.wshowkeys.enable = true;
-
-  programs.dconf.enable = true;
-
  environment.systemPackages = with pkgs; [
    adwaita-icon-theme
  ];
--- a/modules/unfree.nix
+++ b/modules/unfree.nix
@ -1,8 +1,8 @@
 { lib, ... }:

 {
-  nixpkgs.config.allowUnfreePredicate = (pkg: lib.elem (lib.getName pkg) [
+  nixpkgs.config.allowUnfreePredicate = pkg: lib.elem (lib.getName pkg) [
    "unifi-controller"
    "mongodb"
-  ]);
+  ];
 }