Auto lint/format
This commit is contained in:
parent
ec825124dd
commit
ebb1aac136
21 changed files with 35 additions and 38 deletions
|
@ -3,7 +3,7 @@
|
|||
with lib;
|
||||
rec {
|
||||
|
||||
firstOrDefault = first: default: if !isNull first then first else default;
|
||||
firstOrDefault = first: default: if first != null then first else default;
|
||||
|
||||
existsOrDefault = x: set: default: if builtins.hasAttr x set then builtins.getAttr x set else default;
|
||||
|
||||
|
@ -36,8 +36,7 @@ rec {
|
|||
# so here i try to get a robust list of security options for containers
|
||||
# because everyone needs more tinfoild hat right? RIGHT?
|
||||
|
||||
containerExtraOptions = [ ]
|
||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "privileged" ] false options) [ "--privileged" ]
|
||||
containerExtraOptions = lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "privileged" ] false options) [ "--privileged" ]
|
||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "readOnly" ] false options) [ "--read-only" ]
|
||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "tmpfs" ] false options) [ (map (folders: "--tmpfs=${folders}") tmpfsFolders) ]
|
||||
++ lib.optionals (lib.attrsets.attrByPath [ "container" "caps" "noNewPrivileges" ] false options) [ "--security-opt=no-new-privileges" ]
|
||||
|
@ -53,8 +52,7 @@ rec {
|
|||
environment = {
|
||||
TZ = options.timeZone;
|
||||
} // options.container.env;
|
||||
environmentFiles = [ ]
|
||||
++ lib.attrsets.attrByPath [ "container" "envFiles" ] [ ] options;
|
||||
environmentFiles = lib.attrsets.attrByPath [ "container" "envFiles" ] [ ] options;
|
||||
volumes = [ "/etc/localtime:/etc/localtime:ro" ]
|
||||
++ lib.optionals (lib.attrsets.hasAttrByPath [ "container" "persistentFolderMount" ] options) [
|
||||
"${options.persistence.folder}:${options.container.persistentFolderMount}:rw"
|
||||
|
@ -64,16 +62,15 @@ rec {
|
|||
|
||||
labels = mkIf addTraefikLabels (mkTraefikLabels {
|
||||
name = subdomain;
|
||||
port = options.port;
|
||||
domain = options.domain;
|
||||
inherit (options) port;
|
||||
inherit (options) domain;
|
||||
url = host;
|
||||
});
|
||||
|
||||
extraOptions = containerExtraOptions;
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [ ]
|
||||
++ lib.optionals (lib.attrsets.hasAttrByPath [ "persistence" "folder" ] options) [ "d ${options.persistence.folder} 0755 ${user} ${group} -" ]
|
||||
systemd.tmpfiles.rules = lib.optionals (lib.attrsets.hasAttrByPath [ "persistence" "folder" ] options) [ "d ${options.persistence.folder} 0755 ${user} ${group} -" ]
|
||||
;
|
||||
|
||||
# built a entry for homepage
|
||||
|
@ -82,8 +79,8 @@ rec {
|
|||
${options.app} = {
|
||||
icon = homepageIcon;
|
||||
href = "https://${ host }";
|
||||
host = host;
|
||||
description = options.description;
|
||||
inherit host;
|
||||
inherit (options) description;
|
||||
};
|
||||
}
|
||||
];
|
||||
|
|
|
@ -55,7 +55,7 @@ in
|
|||
];
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
|
||||
inherit port;
|
||||
};
|
||||
|
|
|
@ -53,7 +53,7 @@ in
|
|||
];
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
|
||||
inherit port;
|
||||
};
|
||||
|
|
|
@ -55,7 +55,7 @@ in
|
|||
];
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
|
||||
inherit port;
|
||||
};
|
||||
|
|
|
@ -54,7 +54,7 @@ in
|
|||
];
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
|
||||
inherit port;
|
||||
};
|
||||
|
|
|
@ -57,7 +57,7 @@ in
|
|||
];
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
|
||||
inherit port;
|
||||
};
|
||||
|
|
|
@ -47,7 +47,7 @@ in
|
|||
];
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
|
||||
inherit port;
|
||||
};
|
||||
|
|
|
@ -105,7 +105,7 @@ in
|
|||
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
|
||||
inherit port;
|
||||
};
|
||||
|
|
|
@ -26,7 +26,7 @@ in
|
|||
sops.secrets."services/${app}/env" = {
|
||||
sopsFile = ./secrets.sops.yaml;
|
||||
owner = user;
|
||||
group = group;
|
||||
inherit group;
|
||||
restartUnits = [ "podman-${app}.service" ];
|
||||
};
|
||||
}
|
||||
|
@ -36,9 +36,9 @@ in
|
|||
inherit app user group;
|
||||
description = "Home Automation";
|
||||
port = 8123;
|
||||
timeZone = config.time.timeZone;
|
||||
inherit (config.time) timeZone;
|
||||
# subdomainOverride = "hass";
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
persistence = {
|
||||
folder = persistentFolder;
|
||||
backup = true;
|
||||
|
|
|
@ -49,7 +49,7 @@ in
|
|||
];
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
|
||||
inherit port;
|
||||
};
|
||||
|
|
|
@ -284,7 +284,7 @@ in
|
|||
# };
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
|
||||
inherit port;
|
||||
};
|
||||
|
|
|
@ -9,8 +9,8 @@ let
|
|||
app = "node-red";
|
||||
persistentFolder = "${config.mySystem.persistentFolder}/${appFolder}";
|
||||
appFolder = "apps/${app}";
|
||||
user = config.services.node-red.user;
|
||||
group = config.services.node-red.group;
|
||||
inherit (config.services.node-red) user;
|
||||
inherit (config.services.node-red) group;
|
||||
url = "code-${config.networking.hostName}.${config.networking.domain}";
|
||||
|
||||
in
|
||||
|
|
|
@ -46,7 +46,7 @@ in
|
|||
ports = [ "${builtins.toString port}:${builtins.toString port}" ]; # expose port
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
|
||||
inherit port;
|
||||
};
|
||||
|
|
|
@ -46,7 +46,7 @@ in
|
|||
];
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
|
||||
inherit port;
|
||||
};
|
||||
|
|
|
@ -20,8 +20,8 @@ in
|
|||
port = 8080;
|
||||
user = "nobody";
|
||||
group = "nobody";
|
||||
timeZone = config.time.timeZone;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.time) timeZone;
|
||||
inherit (config.networking) domain;
|
||||
homepage = {
|
||||
icon = "libreddit.svg";
|
||||
category = "home";
|
||||
|
|
|
@ -40,7 +40,7 @@ in
|
|||
];
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
|
||||
inherit port;
|
||||
};
|
||||
|
|
|
@ -39,7 +39,7 @@ in
|
|||
};
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
|
||||
inherit port;
|
||||
};
|
||||
|
|
|
@ -38,7 +38,7 @@ in
|
|||
];
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
|
||||
inherit port;
|
||||
};
|
||||
|
|
|
@ -50,7 +50,7 @@ in
|
|||
|
||||
labels = lib.myLib.mkTraefikLabels {
|
||||
name = app;
|
||||
domain = config.networking.domain;
|
||||
inherit (config.networking) domain;
|
||||
|
||||
inherit port;
|
||||
};
|
||||
|
|
|
@ -126,13 +126,13 @@ in
|
|||
|
||||
buildList = id: url: {
|
||||
enabled = true;
|
||||
id = id;
|
||||
name = url.name;
|
||||
url = url.url;
|
||||
inherit id;
|
||||
inherit (url) name;
|
||||
inherit (url) url;
|
||||
};
|
||||
in
|
||||
|
||||
(lib.imap1 buildList urls);
|
||||
lib.imap1 buildList urls;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@ in
|
|||
sops.secrets."services/mosquitto/mq/plainPassword.yaml" = {
|
||||
sopsFile = ../mosquitto/secrets.sops.yaml;
|
||||
owner = config.users.users.zigbee2mqtt.name;
|
||||
group = config.users.users.zigbee2mqtt.group;
|
||||
inherit (config.users.users.zigbee2mqtt) group;
|
||||
restartUnits = [ "${app}.service" ];
|
||||
};
|
||||
|
||||
|
|
Reference in a new issue