servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

chore(fmt): Run alejandra fmt

Browse Source
This commit is contained in:
uttarayan21
2025-10-28 20:07:33 +05:30
parent 4c54d131af
commit c0c6de8a45
4 changed files with 137 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

213
modules/nixos/caddy/default.nix
View File

@@ -4,10 +4,7 @@
pkgs, pkgs,
... ...
}: }:
with lib; let
with lib;
let
cfg = config.services.caddy; cfg = config.services.caddy;
certs = config.security.acme.certs; certs = config.security.acme.certs;
@@ -17,67 +14,63 @@ let
dependentCertNames = filter (cert: certs.${cert}.dnsProvider == null) vhostCertNames; # those that might depend on the HTTP server dependentCertNames = filter (cert: certs.${cert}.dnsProvider == null) vhostCertNames; # those that might depend on the HTTP server
independentCertNames = filter (cert: certs.${cert}.dnsProvider != null) vhostCertNames; # those that don't depend on the HTTP server independentCertNames = filter (cert: certs.${cert}.dnsProvider != null) vhostCertNames; # those that don't depend on the HTTP server
mkVHostConf = mkVHostConf = hostOpts: let
hostOpts: sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory;
let in ''
sslCertDir = config.security.acme.certs.${hostOpts.useACMEHost}.directory; ${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} {
in ${optionalString (
'' hostOpts.listenAddresses != []
${hostOpts.hostName} ${concatStringsSep " " hostOpts.serverAliases} { ) "bind ${concatStringsSep " " hostOpts.listenAddresses}"}
${optionalString ( ${optionalString (
hostOpts.listenAddresses != [ ] hostOpts.useACMEHost != null
) "bind ${concatStringsSep " " hostOpts.listenAddresses}"} ) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"}
${optionalString ( log {
hostOpts.useACMEHost != null ${hostOpts.logFormat}
) "tls ${sslCertDir}/cert.pem ${sslCertDir}/key.pem"}
log {
${hostOpts.logFormat}
}
${hostOpts.extraConfig}
} }
'';
settingsFormat = pkgs.formats.json { }; ${hostOpts.extraConfig}
}
'';
settingsFormat = pkgs.formats.json {};
configFile = configFile =
if cfg.settings != { } then if cfg.settings != {}
settingsFormat.generate "caddy.json" cfg.settings then settingsFormat.generate "caddy.json" cfg.settings
else else let
let Caddyfile = pkgs.writeTextDir "Caddyfile" ''
Caddyfile = pkgs.writeTextDir "Caddyfile" '' {
{ ${cfg.globalConfig}
${cfg.globalConfig} }
} ${cfg.extraConfig}
${cfg.extraConfig} ${concatMapStringsSep "\n" mkVHostConf virtualHosts}
${concatMapStringsSep "\n" mkVHostConf virtualHosts} '';
'';
Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" { } '' Caddyfile-formatted = pkgs.runCommand "Caddyfile-formatted" {} ''
mkdir -p $out mkdir -p $out
cp --no-preserve=mode ${Caddyfile}/Caddyfile $out/Caddyfile cp --no-preserve=mode ${Caddyfile}/Caddyfile $out/Caddyfile
${lib.getExe cfg.package} fmt --overwrite $out/Caddyfile ${lib.getExe cfg.package} fmt --overwrite $out/Caddyfile
''; '';
in in "${
"${ if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform
if pkgs.stdenv.buildPlatform == pkgs.stdenv.hostPlatform then Caddyfile-formatted else Caddyfile then Caddyfile-formatted
}/Caddyfile"; else Caddyfile
}/Caddyfile";
etcConfigFile = "caddy/caddy_config"; etcConfigFile = "caddy/caddy_config";
configPath = "/etc/${etcConfigFile}"; configPath = "/etc/${etcConfigFile}";
mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix lib; mkCertOwnershipAssertion = import ../../../security/acme/mk-cert-ownership-assertion.nix lib;
in in {
{
imports = [ imports = [
(mkRemovedOptionModule [ (mkRemovedOptionModule [
"services" "services"
"caddy" "caddy"
"agree" "agree"
] "this option is no longer necessary for Caddy 2") ] "this option is no longer necessary for Caddy 2")
(mkRenamedOptionModule [ "services" "caddy" "ca" ] [ "services" "caddy" "acmeCA" ]) (mkRenamedOptionModule ["services" "caddy" "ca"] ["services" "caddy" "acmeCA"])
(mkRenamedOptionModule [ "services" "caddy" "config" ] [ "services" "caddy" "extraConfig" ]) (mkRenamedOptionModule ["services" "caddy" "config"] ["services" "caddy" "extraConfig"])
]; ];
# interface # interface
@@ -112,7 +105,7 @@ in
''; '';
}; };
package = mkPackageOption pkgs "caddy" { }; package = mkPackageOption pkgs "caddy" {};
dataDir = mkOption { dataDir = mkOption {
type = types.path; type = types.path;
@@ -183,10 +176,9 @@ in
adapter = mkOption { adapter = mkOption {
default = default =
if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile") then if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile")
"caddyfile" then "caddyfile"
else else null;
null;
defaultText = literalExpression '' defaultText = literalExpression ''
if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile") then "caddyfile" else null if ((cfg.configFile != configFile) || (builtins.baseNameOf cfg.configFile) == "Caddyfile") then "caddyfile" else null
''; '';
@@ -256,8 +248,8 @@ in
}; };
virtualHosts = mkOption { virtualHosts = mkOption {
type = with types; attrsOf (submodule (import ./vhost-options.nix { inherit cfg; })); type = with types; attrsOf (submodule (import ./vhost-options.nix {inherit cfg;}));
default = { }; default = {};
example = literalExpression '' example = literalExpression ''
{ {
"hydra.example.com" = { "hydra.example.com" = {
@@ -323,7 +315,7 @@ in
settings = mkOption { settings = mkOption {
type = settingsFormat.type; type = settingsFormat.type;
default = { }; default = {};
description = '' description = ''
Structured configuration for Caddy to generate a Caddy JSON configuration file. Structured configuration for Caddy to generate a Caddy JSON configuration file.
See <https://caddyserver.com/docs/json/> for available options. See <https://caddyserver.com/docs/json/> for available options.
@@ -380,21 +372,22 @@ in
# implementation # implementation
config = mkIf cfg.enable { config = mkIf cfg.enable {
assertions =
assertions = [ [
{ {
assertion = cfg.configFile == configFile -> cfg.adapter == "caddyfile" || cfg.adapter == null; assertion = cfg.configFile == configFile -> cfg.adapter == "caddyfile" || cfg.adapter == null;
message = "To specify an adapter other than 'caddyfile' please provide your own configuration via `services.caddy.configFile`"; message = "To specify an adapter other than 'caddyfile' please provide your own configuration via `services.caddy.configFile`";
} }
] ]
++ map ( ++ map (
name: name:
mkCertOwnershipAssertion { mkCertOwnershipAssertion {
cert = config.security.acme.certs.${name}; cert = config.security.acme.certs.${name};
groups = config.users.groups; groups = config.users.groups;
services = [ config.systemd.services.caddy ]; services = [config.systemd.services.caddy];
} }
) vhostCertNames; )
vhostCertNames;
services.caddy.globalConfig = '' services.caddy.globalConfig = ''
${optionalString (cfg.email != null) "email ${cfg.email}"} ${optionalString (cfg.email != null) "email ${cfg.email}"}
@@ -408,7 +401,7 @@ in
boot.kernel.sysctl."net.core.rmem_max" = mkDefault 2500000; boot.kernel.sysctl."net.core.rmem_max" = mkDefault 2500000;
boot.kernel.sysctl."net.core.wmem_max" = mkDefault 2500000; boot.kernel.sysctl."net.core.wmem_max" = mkDefault 2500000;
systemd.packages = [ cfg.package ]; systemd.packages = [cfg.package];
systemd.services.caddy = { systemd.services.caddy = {
wants = map (certName: "acme-finished-${certName}.target") vhostCertNames; wants = map (certName: "acme-finished-${certName}.target") vhostCertNames;
after = after =
@@ -416,46 +409,45 @@ in
++ map (certName: "acme-${certName}.service") independentCertNames; # avoid loading self-signed key w/ real cert, or vice-versa ++ map (certName: "acme-${certName}.service") independentCertNames; # avoid loading self-signed key w/ real cert, or vice-versa
before = map (certName: "acme-${certName}.service") dependentCertNames; before = map (certName: "acme-${certName}.service") dependentCertNames;
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
startLimitIntervalSec = 14400; startLimitIntervalSec = 14400;
startLimitBurst = 10; startLimitBurst = 10;
reloadTriggers = optional cfg.enableReload cfg.configFile; reloadTriggers = optional cfg.enableReload cfg.configFile;
restartTriggers = optional (!cfg.enableReload) cfg.configFile; restartTriggers = optional (!cfg.enableReload) cfg.configFile;
serviceConfig = serviceConfig = let
let runOptions = ''--config ${configPath} ${
runOptions = ''--config ${configPath} ${
optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}" optionalString (cfg.adapter != null) "--adapter ${cfg.adapter}"
}''; }'';
in in {
{ # Override the `ExecStart` line from upstream's systemd unit file by our own:
# Override the `ExecStart` line from upstream's systemd unit file by our own: # https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart=
# https://www.freedesktop.org/software/systemd/man/systemd.service.html#ExecStart= # If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect.
# If the empty string is assigned to this option, the list of commands to start is reset, prior assignments of this option will have no effect. ExecStart = [
ExecStart = [ ""
"" ''${lib.getExe cfg.package} run ${runOptions} ${optionalString cfg.resume "--resume"}''
''${lib.getExe cfg.package} run ${runOptions} ${optionalString cfg.resume "--resume"}'' ];
]; # Validating the configuration before applying it ensures well get a proper error that will be reported when switching to the configuration
# Validating the configuration before applying it ensures well get a proper error that will be reported when switching to the configuration ExecReload =
ExecReload = [ [
"" ""
] ]
++ lib.optional cfg.enableReload "${lib.getExe cfg.package} reload ${runOptions} --force"; ++ lib.optional cfg.enableReload "${lib.getExe cfg.package} reload ${runOptions} --force";
User = cfg.user; User = cfg.user;
Group = cfg.group; Group = cfg.group;
ReadWritePaths = [ cfg.dataDir ]; ReadWritePaths = [cfg.dataDir];
StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") [ "caddy" ]; StateDirectory = mkIf (cfg.dataDir == "/var/lib/caddy") ["caddy"];
LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") [ "caddy" ]; LogsDirectory = mkIf (cfg.logDir == "/var/log/caddy") ["caddy"];
Restart = "on-failure"; Restart = "on-failure";
RestartPreventExitStatus = 1; RestartPreventExitStatus = 1;
RestartSec = "5s"; RestartSec = "5s";
EnvironmentFile = optional (cfg.environmentFile != null) cfg.environmentFile; EnvironmentFile = optional (cfg.environmentFile != null) cfg.environmentFile;
# TODO: attempt to upstream these options # TODO: attempt to upstream these options
NoNewPrivileges = true; NoNewPrivileges = true;
PrivateDevices = true; PrivateDevices = true;
ProtectHome = true; ProtectHome = true;
}; };
}; };
users.users = optionalAttrs (cfg.user == "caddy") { users.users = optionalAttrs (cfg.user == "caddy") {
@@ -470,16 +462,17 @@ in
caddy.gid = config.ids.gids.caddy; caddy.gid = config.ids.gids.caddy;
}; };
security.acme.certs = security.acme.certs = let
let certCfg =
certCfg = map ( map (
certName: certName:
nameValuePair certName { nameValuePair certName {
group = mkDefault cfg.group; group = mkDefault cfg.group;
reloadServices = [ "caddy.service" ]; reloadServices = ["caddy.service"];
} }
) vhostCertNames; )
in vhostCertNames;
in
listToAttrs certCfg; listToAttrs certCfg;
environment.etc.${etcConfigFile}.source = cfg.configFile; environment.etc.${etcConfigFile}.source = cfg.configFile;

17
modules/nixos/caddy/vhost-options.nix
View File

@@ -1,16 +1,12 @@
{ cfg }: {cfg}: {
{
config, config,
lib, lib,
name, name,
... ...
}: }: let
let
inherit (lib) literalExpression mkOption types; inherit (lib) literalExpression mkOption types;
in in {
{
options = { options = {
hostName = mkOption { hostName = mkOption {
type = types.str; type = types.str;
default = name; default = name;
@@ -19,7 +15,7 @@ in
serverAliases = mkOption { serverAliases = mkOption {
type = with types; listOf str; type = with types; listOf str;
default = [ ]; default = [];
example = [ example = [
"www.example.org" "www.example.org"
"example.org" "example.org"
@@ -34,7 +30,7 @@ in
description = '' description = ''
A list of host interfaces to bind to for this virtual host. A list of host interfaces to bind to for this virtual host.
''; '';
default = [ ]; default = [];
example = [ example = [
"127.0.0.1" "127.0.0.1"
"::1" "::1"
@@ -58,7 +54,7 @@ in
logFormat = mkOption { logFormat = mkOption {
type = types.lines; type = types.lines;
default = '' default = ''
output file ${cfg.logDir}/access-${lib.replaceStrings [ "/" " " ] [ "_" "_" ] config.hostName}.log output file ${cfg.logDir}/access-${lib.replaceStrings ["/" " "] ["_" "_"] config.hostName}.log
''; '';
defaultText = '' defaultText = ''
output file ''${config.services.caddy.logDir}/access-''${hostName}.log output file ''${config.services.caddy.logDir}/access-''${hostName}.log
@@ -83,6 +79,5 @@ in
automatically generated `Caddyfile`. automatically generated `Caddyfile`.
''; '';
}; };
}; };
} }

40
modules/nixos/satisfactory.nix
View File

@@ -1,13 +1,16 @@
{config, pkgs, lib, ...}:
let
cfg = config.services.satisfactory;
in
{ {
config,
pkgs,
lib,
...
}: let
cfg = config.services.satisfactory;
in {
options.services.satisfactory = { options.services.satisfactory = {
enable = lib.mkEnableOption "Enable Satisfactory Dedicated Server"; enable = lib.mkEnableOption "Enable Satisfactory Dedicated Server";
beta = lib.mkOption { beta = lib.mkOption {
type = lib.types.enum [ "public" "experimental" ]; type = lib.types.enum ["public" "experimental"];
default = "public"; default = "public";
description = "Beta channel to follow"; description = "Beta channel to follow";
}; };
@@ -55,14 +58,19 @@ in
networking = { networking = {
firewall = { firewall = {
allowedUDPPorts = [ 15777 15000 7777 27015 ]; allowedUDPPorts = [15777 15000 7777 27015];
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ]; allowedUDPPortRanges = [
allowedTCPPorts = [ 27015 27036 ]; {
from = 27031;
to = 27036;
}
];
allowedTCPPorts = [27015 27036];
}; };
}; };
systemd.services.satisfactory = { systemd.services.satisfactory = {
wantedBy = [ "multi-user.target" ]; wantedBy = ["multi-user.target"];
preStart = '' preStart = ''
${pkgs.steamcmd}/bin/steamcmd \ ${pkgs.steamcmd}/bin/steamcmd \
+force_install_dir /var/lib/satisfactory/SatisfactoryDedicatedServer \ +force_install_dir /var/lib/satisfactory/SatisfactoryDedicatedServer \
@@ -76,8 +84,16 @@ in
ln -sfv /var/lib/satisfactory/.steam/steam/linux64 /var/lib/satisfactory/.steam/sdk64 ln -sfv /var/lib/satisfactory/.steam/steam/linux64 /var/lib/satisfactory/.steam/sdk64
mkdir -p /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer mkdir -p /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer
${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/Game.ini '/Script/Engine.GameSession' MaxPlayers ${toString cfg.maxPlayers} ${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/Game.ini '/Script/Engine.GameSession' MaxPlayers ${toString cfg.maxPlayers}
${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/ServerSettings.ini '/Script/FactoryGame.FGServerSubsystem' mAutoPause ${if cfg.autoPause then "True" else "False"} ${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/ServerSettings.ini '/Script/FactoryGame.FGServerSubsystem' mAutoPause ${
${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/ServerSettings.ini '/Script/FactoryGame.FGServerSubsystem' mAutoSaveOnDisconnect ${if cfg.autoSaveOnDisconnect then "True" else "False"} if cfg.autoPause
then "True"
else "False"
}
${pkgs.crudini}/bin/crudini --set /var/lib/satisfactory/SatisfactoryDedicatedServer/FactoryGame/Saved/Config/LinuxServer/ServerSettings.ini '/Script/FactoryGame.FGServerSubsystem' mAutoSaveOnDisconnect ${
if cfg.autoSaveOnDisconnect
then "True"
else "False"
}
''; '';
script = '' script = ''
/var/lib/satisfactory/SatisfactoryDedicatedServer/Engine/Binaries/Linux/UnrealServer-Linux-Shipping FactoryGame -multihome=${cfg.address} /var/lib/satisfactory/SatisfactoryDedicatedServer/Engine/Binaries/Linux/UnrealServer-Linux-Shipping FactoryGame -multihome=${cfg.address}
@@ -89,7 +105,7 @@ in
WorkingDirectory = "/var/lib/satisfactory"; WorkingDirectory = "/var/lib/satisfactory";
}; };
environment = { environment = {
LD_LIBRARY_PATH="SatisfactoryDedicatedServer/linux64:SatisfactoryDedicatedServer/Engine/Binaries/Linux:SatisfactoryDedicatedServer/Engine/Binaries/ThirdParty/PhysX3/Linux/x86_64-unknown-linux-gnu"; LD_LIBRARY_PATH = "SatisfactoryDedicatedServer/linux64:SatisfactoryDedicatedServer/Engine/Binaries/Linux:SatisfactoryDedicatedServer/Engine/Binaries/ThirdParty/PhysX3/Linux/x86_64-unknown-linux-gnu";
}; };
}; };
}; };

6
nixos/ryu/configuration.nix
View File

@@ -12,12 +12,6 @@
./apps ./apps
]; ];
# sops = {
# defaultSopsFile = ../../secrets/secrets.yaml;
# defaultSopsFormat = "yaml";
# age.keyFile = "/home/${device.user}/.config/sops/age/keys.txt";
# };
security.tpm2 = { security.tpm2 = {
enable = true; enable = true;
pkcs11.enable = true; pkcs11.enable = true;