diff options
author | Vincent Ambo <mail@tazj.in> | 2022-01-30T16·06+0300 |
---|---|---|
committer | tazjin <tazjin@tvl.su> | 2022-01-31T16·11+0000 |
commit | aa122cbae78ce97d60c0c98ba14df753d97e40b1 (patch) | |
tree | 12b98d85c4b18fe870feb26de70db9ba61837bd7 /ops/machines | |
parent | 2d10d60fac0fd00a71b65cfdcb9fba0477b2086c (diff) |
style: format entire depot with nixpkgs-fmt r/3723
This CL can be used to compare the style of nixpkgs-fmt against other formatters (nixpkgs, alejandra). Change-Id: I87c6abff6bcb546b02ead15ad0405f81e01b6d9e Reviewed-on: https://cl.tvl.fyi/c/depot/+/4397 Tested-by: BuildkiteCI Reviewed-by: sterni <sternenseemann@systemli.org> Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: wpcarro <wpcarro@gmail.com> Reviewed-by: Profpatsch <mail@profpatsch.de> Reviewed-by: kanepyork <rikingcoding@gmail.com> Reviewed-by: tazjin <tazjin@tvl.su> Reviewed-by: cynthia <cynthia@tvl.fyi> Reviewed-by: edef <edef@edef.eu> Reviewed-by: eta <tvl@eta.st> Reviewed-by: grfn <grfn@gws.fyi>
Diffstat (limited to 'ops/machines')
-rw-r--r-- | ops/machines/whitby/default.nix | 141 |
1 files changed, 77 insertions, 64 deletions
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index a6a5a763177a..0aa61fda80cf 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -4,7 +4,8 @@ let inherit (builtins) listToAttrs; inherit (lib) range; -in { +in +{ imports = [ "${depot.path}/ops/modules/atward.nix" "${depot.path}/ops/modules/clbot.nix" @@ -55,7 +56,13 @@ in { initrd = { availableKernelModules = [ - "igb" "xhci_pci" "nvme" "ahci" "usbhid" "usb_storage" "sr_mod" + "igb" + "xhci_pci" + "nvme" + "ahci" + "usbhid" + "usb_storage" + "sr_mod" ]; # Enable SSH in the initrd so that we can enter disk encryption @@ -189,7 +196,7 @@ in { ++ lukegb.keys.all ++ [ grfn.keys.whitby ] ++ sterni.keys.all - ; + ; }; }; @@ -205,7 +212,8 @@ in { age.secrets = let secretFile = name: depot.ops.secrets."${name}.age"; - in { + in + { clbot.file = secretFile "clbot"; gerrit-queue.file = secretFile "gerrit-queue"; grafana.file = secretFile "grafana"; @@ -509,15 +517,16 @@ in { job_name = "node"; scrape_interval = "5s"; static_configs = [{ - targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }]; - } { - job_name = "nginx"; - scrape_interval = "5s"; - static_configs = [{ - targets = ["localhost:${toString config.services.prometheus.exporters.nginx.port}"]; + } + { + job_name = "nginx"; + scrape_interval = "5s"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ]; + }]; }]; - }]; }; services.grafana = { @@ -526,58 +535,62 @@ in { domain = "status.tvl.su"; rootUrl = "https://status.tvl.su"; analytics.reporting.enable = false; - extraOptions = let - options = { - auth = { - generic_oauth = { - enabled = true; - client_id = "grafana"; - scopes = "openid profile email"; - name = "TVL"; - email_attribute_path = "mail"; - login_attribute_path = "sub"; - name_attribute_path = "displayName"; - auth_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/auth"; - token_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/token"; - api_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/userinfo"; - - # Give lukegb, grfn, tazjin "Admin" rights. - role_attribute_path = "((sub == 'lukegb' || sub == 'grfn' || sub == 'tazjin') && 'Admin') || 'Editor'"; - - # Allow creating new Grafana accounts from OAuth accounts. - allow_sign_up = true; - }; - - anonymous = { - enabled = true; - org_name = "The Virus Lounge"; - org_role = "Viewer"; + extraOptions = + let + options = { + auth = { + generic_oauth = { + enabled = true; + client_id = "grafana"; + scopes = "openid profile email"; + name = "TVL"; + email_attribute_path = "mail"; + login_attribute_path = "sub"; + name_attribute_path = "displayName"; + auth_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/auth"; + token_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/token"; + api_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/userinfo"; + + # Give lukegb, grfn, tazjin "Admin" rights. + role_attribute_path = "((sub == 'lukegb' || sub == 'grfn' || sub == 'tazjin') && 'Admin') || 'Editor'"; + + # Allow creating new Grafana accounts from OAuth accounts. + allow_sign_up = true; + }; + + anonymous = { + enabled = true; + org_name = "The Virus Lounge"; + org_role = "Viewer"; + }; + + basic.enabled = false; + oauth_auto_login = true; + disable_login_form = true; }; - - basic.enabled = false; - oauth_auto_login = true; - disable_login_form = true; }; - }; - inherit (builtins) typeOf replaceStrings listToAttrs concatLists; - inherit (lib) toUpper mapAttrsToList nameValuePair concatStringsSep; - - # Take ["auth" "generic_oauth" "enabled"] and turn it into OPTIONS_GENERIC_OAUTH_ENABLED. - encodeName = raw: replaceStrings ["."] ["_"] (toUpper (concatStringsSep "_" raw)); - - # Turn an option value into a string, but we want bools to be sensible strings and not "1" or "". - optionToString = value: - if (typeOf value) == "bool" then - if value then "true" else "false" - else builtins.toString value; - - # Turn an nested options attrset into a flat listToAttrs-compatible list. - encodeOptions = prefix: inp: concatLists (mapAttrsToList (name: value: - if (typeOf value) == "set" - then encodeOptions (prefix ++ [name]) value - else [ (nameValuePair (encodeName (prefix ++ [name])) (optionToString value)) ] - ) inp); - in listToAttrs (encodeOptions [] options); + inherit (builtins) typeOf replaceStrings listToAttrs concatLists; + inherit (lib) toUpper mapAttrsToList nameValuePair concatStringsSep; + + # Take ["auth" "generic_oauth" "enabled"] and turn it into OPTIONS_GENERIC_OAUTH_ENABLED. + encodeName = raw: replaceStrings [ "." ] [ "_" ] (toUpper (concatStringsSep "_" raw)); + + # Turn an option value into a string, but we want bools to be sensible strings and not "1" or "". + optionToString = value: + if (typeOf value) == "bool" then + if value then "true" else "false" + else builtins.toString value; + + # Turn an nested options attrset into a flat listToAttrs-compatible list. + encodeOptions = prefix: inp: concatLists (mapAttrsToList + (name: value: + if (typeOf value) == "set" + then encodeOptions (prefix ++ [ name ]) value + else [ (nameValuePair (encodeName (prefix ++ [ name ])) (optionToString value)) ] + ) + inp); + in + listToAttrs (encodeOptions [ ] options); provision = { enable = true; @@ -623,8 +636,8 @@ in { security.sudo.extraRules = [ { - groups = ["wheel"]; - commands = [{ command = "ALL"; options = ["NOPASSWD"]; }]; + groups = [ "wheel" ]; + commands = [{ command = "ALL"; options = [ "NOPASSWD" ]; }]; } ]; @@ -705,7 +718,7 @@ in { }; # Set up a user & group for git shenanigans - groups.git = {}; + groups.git = { }; users.git = { group = "git"; isSystemUser = true; |