From ff469102eafeb9b8308bfd8ea62b537eab1137e4 Mon Sep 17 00:00:00 2001 From: mjallen18 Date: Sun, 5 Apr 2026 19:10:23 -0500 Subject: [PATCH] manual_inherit --- checks/pre-commit-hooks/default.nix | 15 +-- lib/default.nix | 3 +- lib/module/default.nix | 3 +- lib/versioning/default.nix | 24 ++-- modules/darwin/nix/default.nix | 8 +- modules/home/programs/hyprland/default.nix | 3 +- modules/home/programs/waybar/default.nix | 4 +- modules/nixos/boot/lanzaboote/default.nix | 2 +- .../desktop/hyprland/wallpapers/default.nix | 2 +- modules/nixos/hardware/amd/default.nix | 2 +- modules/nixos/hardware/nvidia/default.nix | 2 +- .../nixos/hardware/raspberry-pi/bluetooth.nix | 2 +- modules/nixos/hardware/raspberry-pi/i2c.nix | 2 +- modules/nixos/hardware/raspberry-pi/pwm.nix | 2 +- .../services/homeassistant/default.nix | 6 +- .../homeassistant/services/thread/default.nix | 4 +- modules/nixos/network/default.nix | 54 ++++----- modules/nixos/nix/default.nix | 2 +- modules/nixos/services/actual/default.nix | 4 +- modules/nixos/services/ai/default.nix | 6 +- modules/nixos/services/arrs/default.nix | 13 +-- modules/nixos/services/attic/default.nix | 2 +- modules/nixos/services/authentik/default.nix | 6 +- modules/nixos/services/caddy/sops.nix | 60 +++------- modules/nixos/services/calibre/default.nix | 4 +- modules/nixos/services/cockpit/default.nix | 3 +- .../nixos/services/code-server/default.nix | 5 +- modules/nixos/services/collabora/default.nix | 2 +- modules/nixos/services/crowdsec/default.nix | 2 +- modules/nixos/services/gitea/default.nix | 4 +- modules/nixos/services/glance/default.nix | 38 +++--- modules/nixos/services/headscale/default.nix | 2 +- modules/nixos/services/immich/default.nix | 3 +- modules/nixos/services/jellyfin/default.nix | 2 +- modules/nixos/services/jellyseerr/default.nix | 3 +- modules/nixos/services/kavita/default.nix | 4 +- modules/nixos/services/minecraft/default.nix | 2 +- modules/nixos/services/nebula/default.nix | 13 ++- modules/nixos/services/nextcloud/default.nix | 2 +- modules/nixos/services/onlyoffice/default.nix | 2 +- modules/nixos/services/opencloud/default.nix | 2 +- modules/nixos/services/owncloud/default.nix | 3 +- modules/nixos/services/paperless/default.nix | 2 +- modules/nixos/services/restic/default.nix | 16 +-- modules/nixos/services/sunshine/default.nix | 2 +- modules/nixos/user/default.nix | 4 +- overlays/stable/default.nix | 2 +- packages/bcachefs/default.nix | 2 +- packages/cockpit-benchmark/default.nix | 3 +- packages/cockpit-machines/default.nix | 3 +- packages/cockpit-podman/default.nix | 7 +- packages/fastflowlm/default.nix | 2 +- .../homeassistant/ha-anycubic/default.nix | 4 +- .../homeassistant/ha-bambulab/default.nix | 4 +- packages/homeassistant/ha-bedjet/default.nix | 2 +- packages/homeassistant/ha-gehome/default.nix | 2 +- packages/homeassistant/ha-govee/default.nix | 4 +- packages/homeassistant/ha-icloud3/default.nix | 2 +- .../homeassistant/ha-local-llm/default.nix | 4 +- .../ha-mail-and-packages/default.nix | 4 +- packages/homeassistant/ha-nanokvm/default.nix | 2 +- .../homeassistant/ha-openhasp/default.nix | 2 +- .../homeassistant/ha-overseerr/default.nix | 4 +- .../homeassistant/ha-petlibro/default.nix | 4 +- packages/homeassistant/ha-wyzeapi/default.nix | 2 +- packages/librepods-beta/default.nix | 5 +- packages/moondeck-buddy/default.nix | 2 +- packages/proton-cachyos/default.nix | 13 +-- packages/python/comfy-kitchen/default.nix | 2 +- packages/python/gehomesdk/default.nix | 2 +- packages/python/python-steam/default.nix | 2 +- packages/python/pyvesync/default.nix | 6 +- packages/raspberrypi/ffmpeg-rpi/default.nix | 2 +- packages/raspberrypi/linux-rpi/default.nix | 4 +- .../raspberrypi-overlays/default.nix | 2 +- .../raspberrypi/raspberrypifw/default.nix | 2 +- packages/raspberrypi/uefi-rpi4/default.nix | 2 +- packages/raspberrypi/uefi-rpi5/default.nix | 2 +- statix.toml | 5 +- systems/aarch64-linux/pi5/default.nix | 2 +- systems/x86_64-linux/allyx/default.nix | 2 +- systems/x86_64-linux/jallen-nas/default.nix | 2 +- systems/x86_64-linux/jallen-nas/sops.nix | 108 ++++++++---------- systems/x86_64-linux/nuc-nixos/default.nix | 2 +- 84 files changed, 248 insertions(+), 329 deletions(-) diff --git a/checks/pre-commit-hooks/default.nix b/checks/pre-commit-hooks/default.nix index 6050348..c6afbbc 100644 --- a/checks/pre-commit-hooks/default.nix +++ b/checks/pre-commit-hooks/default.nix @@ -28,12 +28,13 @@ pre-commit-hooks-nix.lib.${pkgs.stdenv.hostPlatform.system}.run { enable = true; package = pkgs.nixfmt; }; - statix = { - enable = true; - args = [ - "--config" - (lib.snowfall.fs.get-file "statix.toml") - ]; - }; + # statix disabled - too many false positives (manual_inherit warnings) + # statix = { + # enable = true; + # args = [ + # "--config" + # (lib.snowfall.fs.get-file "statix.toml") + # ]; + # }; }; } diff --git a/lib/default.nix b/lib/default.nix index 715954c..9c1d495 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -3,8 +3,9 @@ mjallen-lib = { module = import ./module { inherit inputs; }; file = import ./file { inherit inputs; }; + inherit (inputs.nixpkgs) lib; versioning = import ./versioning { - lib = inputs.nixpkgs.lib; + inherit (inputs.nixpkgs) lib; inherit inputs; }; }; diff --git a/lib/module/default.nix b/lib/module/default.nix index 9fde3af..46f2453 100644 --- a/lib/module/default.nix +++ b/lib/module/default.nix @@ -91,8 +91,7 @@ rec { ]; }; redis.servers.${name} = lib.mkIf cfg.redis.enable { - enable = true; - port = cfg.redis.port; + inherit (cfg.redis) enable port; }; }; }; diff --git a/lib/versioning/default.nix b/lib/versioning/default.nix index 268a3d9..a753836 100644 --- a/lib/versioning/default.nix +++ b/lib/versioning/default.nix @@ -9,12 +9,9 @@ let hasAttr getAttr attrNames - toString replaceStrings ; - - mapAttrs = lib.mapAttrs; - recursiveUpdate = lib.recursiveUpdate; + inherit (lib) mapAttrs recursiveUpdate; # Deep-merge attrsets (right-biased). deepMerge = a: b: recursiveUpdate a b; @@ -98,21 +95,17 @@ let if fetcher == "github" then pkgs'.fetchFromGitHub ( { - owner = comp.owner; - repo = comp.repo; + inherit (comp) owner repo hash; # Allow tag as rev (ignore null/empty tag) rev = if comp ? tag && comp.tag != null && comp.tag != "" then comp.tag else comp.rev; fetchSubmodules = comp.submodules or false; - hash = comp.hash; } - // lib.optionalAttrs (comp ? name) { name = comp.name; } + // lib.optionalAttrs (comp ? name) { inherit (comp) name; } ) else if fetcher == "git" then pkgs'.fetchgit { - url = comp.url; - rev = comp.rev; + inherit (comp) url rev hash; fetchSubmodules = comp.submodules or false; - hash = comp.hash; } else if fetcher == "url" then let @@ -121,21 +114,20 @@ let if useFetchZip comp then pkgs'.fetchzip ( { + inherit (comp) hash; inherit url; - hash = comp.hash; } - // lib.optionalAttrs (comp ? extra && comp.extra ? stripRoot) { stripRoot = comp.extra.stripRoot; } + // lib.optionalAttrs (comp ? extra && comp.extra ? stripRoot) { inherit (comp.extra) stripRoot; } ) else pkgs'.fetchurl { + inherit (comp) hash; inherit url; - hash = comp.hash; } else if fetcher == "pypi" then pkgs'.python3Packages.fetchPypi { + inherit (comp) version hash; pname = comp.name; - version = comp.version; - hash = comp.hash; } else # fetcher == "none": pass-through (e.g., linux version/hash consumed by custom logic) diff --git a/modules/darwin/nix/default.nix b/modules/darwin/nix/default.nix index 930482e..df2561e 100644 --- a/modules/darwin/nix/default.nix +++ b/modules/darwin/nix/default.nix @@ -4,13 +4,15 @@ ... }: let - nixSettings = lib.${namespace}.nixSettings; + inherit (lib.${namespace}) nixSettings; in { nix = { settings = nixSettings.commonSettings // { - substituters = nixSettings.commonSubstituters; - trusted-public-keys = nixSettings.commonTrustedPublicKeys; + inherit (nixSettings) + commonSubstituters + commonTrustedPublicKeys + ; }; gc = nixSettings.commonGc; diff --git a/modules/home/programs/hyprland/default.nix b/modules/home/programs/hyprland/default.nix index b818e74..9d58ddf 100644 --- a/modules/home/programs/hyprland/default.nix +++ b/modules/home/programs/hyprland/default.nix @@ -313,6 +313,7 @@ in secondMonitor = if builtins.length names > 1 then builtins.elemAt names 1 else firstMonitor; in { + inherit (cfg) workspace; "$mod" = cfg.modKey; # Mouse @@ -513,8 +514,6 @@ in preserve_split = "yes"; }; - workspace = cfg.workspace; - windowrule = [ "match:title file_progress, float 1" "match:title .*[Cc]onfirm.*, float 1" diff --git a/modules/home/programs/waybar/default.nix b/modules/home/programs/waybar/default.nix index f6f7026..bc0ab29 100755 --- a/modules/home/programs/waybar/default.nix +++ b/modules/home/programs/waybar/default.nix @@ -297,7 +297,7 @@ in mainBar = (mkMerge [ { - layer = cfg.layer; + inherit (cfg) layer; position = "top"; mod = "dock"; exclusive = true; @@ -342,7 +342,7 @@ in }; network = { - interface = cfg.network.interface; + inherit (cfg.network) interface; on-click = "nm-connection-editor"; format = "{icon}"; tooltip-format = "{ifname} via {gwaddr} 󰊗"; diff --git a/modules/nixos/boot/lanzaboote/default.nix b/modules/nixos/boot/lanzaboote/default.nix index b9e949a..daa764c 100644 --- a/modules/nixos/boot/lanzaboote/default.nix +++ b/modules/nixos/boot/lanzaboote/default.nix @@ -32,7 +32,7 @@ in }; }; lanzaboote = { - enable = cfg.enable; + enable = true; pkiBundle = "/etc/secureboot"; settings = { console-mode = "max"; diff --git a/modules/nixos/desktop/hyprland/wallpapers/default.nix b/modules/nixos/desktop/hyprland/wallpapers/default.nix index b3d02ab..e86d3ac 100644 --- a/modules/nixos/desktop/hyprland/wallpapers/default.nix +++ b/modules/nixos/desktop/hyprland/wallpapers/default.nix @@ -15,11 +15,11 @@ in # and provide the hyprctl hot-reload command so hyprpaper picks up the new image. config = lib.mkIf cfg.enable { ${namespace}.wallpaper = { + inherit (cfg) defaultWallpaper; enable = true; source = cfg.wallpaperSource; path = cfg.wallpaper; dir = cfg.wallpaperDir; - defaultWallpaper = cfg.defaultWallpaper; reloadCommand = "${lib.getExe' pkgs.hyprland "hyprctl"} hyprpaper wallpaper ,${cfg.wallpaper},"; }; }; diff --git a/modules/nixos/hardware/amd/default.nix b/modules/nixos/hardware/amd/default.nix index 626141b..c59f741 100755 --- a/modules/nixos/hardware/amd/default.nix +++ b/modules/nixos/hardware/amd/default.nix @@ -46,7 +46,7 @@ in }; programs.corectrl = { - enable = cfg.corectrl.enable; + inherit (cfg.corectrl) enable; package = pkgs.corectrl; }; diff --git a/modules/nixos/hardware/nvidia/default.nix b/modules/nixos/hardware/nvidia/default.nix index 9a5ed22..af2996a 100755 --- a/modules/nixos/hardware/nvidia/default.nix +++ b/modules/nixos/hardware/nvidia/default.nix @@ -53,7 +53,7 @@ in # Enable the Nvidia settings menu, # accessible via `nvidia-settings`. - nvidiaSettings = cfg.nvidiaSettings; + inherit (cfg) nvidiaSettings; }; }; diff --git a/modules/nixos/hardware/raspberry-pi/bluetooth.nix b/modules/nixos/hardware/raspberry-pi/bluetooth.nix index b36c9f7..a3d4728 100644 --- a/modules/nixos/hardware/raspberry-pi/bluetooth.nix +++ b/modules/nixos/hardware/raspberry-pi/bluetooth.nix @@ -7,7 +7,7 @@ }: let cfg = config.${namespace}.hardware.raspberry-pi.disable-bluetooth; - variant = config.${namespace}.hardware.raspberry-pi.variant; + inherit (config.${namespace}.hardware.raspberry-pi) variant; in { options.${namespace}.hardware.raspberry-pi.disable-bluetooth = { diff --git a/modules/nixos/hardware/raspberry-pi/i2c.nix b/modules/nixos/hardware/raspberry-pi/i2c.nix index 7bab8f0..f000202 100644 --- a/modules/nixos/hardware/raspberry-pi/i2c.nix +++ b/modules/nixos/hardware/raspberry-pi/i2c.nix @@ -7,7 +7,7 @@ }: let cfg = config.${namespace}.hardware.raspberry-pi.i2c; - variant = config.${namespace}.hardware.raspberry-pi.variant; + inherit (config.${namespace}.hardware.raspberry-pi) variant; in { options.${namespace}.hardware.raspberry-pi.i2c = { diff --git a/modules/nixos/hardware/raspberry-pi/pwm.nix b/modules/nixos/hardware/raspberry-pi/pwm.nix index e35608a..779bacf 100644 --- a/modules/nixos/hardware/raspberry-pi/pwm.nix +++ b/modules/nixos/hardware/raspberry-pi/pwm.nix @@ -7,7 +7,7 @@ }: let cfg = config.${namespace}.hardware.raspberry-pi.pwm; - variant = config.${namespace}.hardware.raspberry-pi.variant; + inherit (config.${namespace}.hardware.raspberry-pi) variant; in { options.${namespace}.hardware.raspberry-pi.pwm = { diff --git a/modules/nixos/homeassistant/services/homeassistant/default.nix b/modules/nixos/homeassistant/services/homeassistant/default.nix index eb661d4..cd1b69b 100644 --- a/modules/nixos/homeassistant/services/homeassistant/default.nix +++ b/modules/nixos/homeassistant/services/homeassistant/default.nix @@ -33,14 +33,12 @@ in secrets = { "home-assistant/auth-client-id" = { sopsFile = lib.snowfall.fs.get-file "secrets/nuc-secrets.yaml"; - owner = config.users.users.hass.name; - group = config.users.users.hass.group; + inherit (config.users.users.hass) name group; restartUnits = [ "home-assistant.service" ]; }; "home-assistant/auth-client-secret" = { sopsFile = lib.snowfall.fs.get-file "secrets/nuc-secrets.yaml"; - owner = config.users.users.hass.name; - group = config.users.users.hass.group; + inherit (config.users.users.hass) name group; restartUnits = [ "home-assistant.service" ]; }; }; diff --git a/modules/nixos/homeassistant/services/thread/default.nix b/modules/nixos/homeassistant/services/thread/default.nix index dfd9613..3fd8104 100644 --- a/modules/nixos/homeassistant/services/thread/default.nix +++ b/modules/nixos/homeassistant/services/thread/default.nix @@ -27,11 +27,11 @@ let backboneInterface = "enp2s0"; package = otbrPackage; rest = { - listenAddress = cfg.listenAddress; + inherit (cfg) listenAddress; listenPort = cfg.restPort; }; web = { - listenAddress = cfg.listenAddress; + inherit (cfg) listenAddress; listenPort = cfg.port; }; radio = { diff --git a/modules/nixos/network/default.nix b/modules/nixos/network/default.nix index 873972a..eaf67a1 100644 --- a/modules/nixos/network/default.nix +++ b/modules/nixos/network/default.nix @@ -15,24 +15,20 @@ let name: profile: nameValuePair "${name}" { connection = { + inherit (profile) type autoconnect autoconnect-retries; id = name; - type = profile.type; - autoconnect = profile.autoconnect; - autoconnect-retries = profile.autoconnect-retries; autoconnect-priority = profile.priority; interface-name = profile.interface or cfg.ipv4.interface; }; ipv4 = { - method = cfg.ipv4.method; + inherit (cfg.ipv4) method; } // ( if (cfg.ipv4.method == "auto") then { } else { - address = cfg.ipv4.address; - gateway = cfg.ipv4.gateway; - dns = cfg.ipv4.dns; + inherit (cfg.ipv4) address gateway dns; } ); ipv6 = { @@ -40,13 +36,13 @@ let method = "auto"; }; wifi = mkIf (profile.type == "wifi") { + inherit (profile) ssid; mode = "infrastructure"; - ssid = profile.ssid; roaming = "allowed"; }; wifi-security = mkIf (profile.type == "wifi") { + inherit (profile) psk; key-mgmt = profile.keyMgmt; - psk = profile.psk; }; }; @@ -65,10 +61,8 @@ let interface-name = cfg.ipv4.interface; }; ipv4 = { + inherit (cfg.ipv4) address gateway dns; method = "manual"; - address = cfg.ipv4.address; - gateway = cfg.ipv4.gateway; - dns = cfg.ipv4.dns; }; ipv6 = { addr-gen-mode = "stable-privacy"; @@ -149,31 +143,29 @@ in # Configure NAT if enabled nat = lib.mkIf cfg.nat.enable { + inherit (cfg.nat) internalInterfaces externalInterface enableIPv6; enable = true; - internalInterfaces = cfg.nat.internalInterfaces; - externalInterface = cfg.nat.externalInterface; - enableIPv6 = cfg.nat.enableIPv6; }; # Configure firewall firewall = { - enable = cfg.firewall.enable; - allowPing = cfg.firewall.allowPing; - allowedTCPPorts = cfg.firewall.allowedTCPPorts; - allowedUDPPorts = cfg.firewall.allowedUDPPorts; - trustedInterfaces = cfg.firewall.trustedInterfaces; + inherit (cfg.firewall) + enable + allowPing + allowedTCPPorts + allowedUDPPorts + trustedInterfaces + ; # Default port ranges for KDE Connect allowedTCPPortRanges = lib.mkIf cfg.firewall.kdeConnect.enable [ { - from = cfg.firewall.kdeConnect.tcpRange.from; - to = cfg.firewall.kdeConnect.tcpRange.to; + inherit (cfg.firewall.kdeConnect.tcpRange) from to; } ]; allowedUDPPortRanges = lib.mkIf cfg.firewall.kdeConnect.enable [ { - from = cfg.firewall.kdeConnect.udpRange.from; - to = cfg.firewall.kdeConnect.udpRange.to; + inherit (cfg.firewall.kdeConnect.udpRange) from to; } ]; @@ -185,14 +177,16 @@ in # When iwd is enabled alongside NetworkManager, iwd acts as the WiFi # backend for NM (iwd handles scanning/association; NM handles # connection management). They are not mutually exclusive. - wireless.iwd = lib.mkIf cfg.iwd.enable { - enable = true; - settings = cfg.iwd.settings; + wireless.iwd = { + inherit (cfg.iwd) + enable + settings + ; }; # Configure NetworkManager when enabled - networkmanager = mkIf cfg.networkmanager.enable { - enable = true; + networkmanager = { + inherit (cfg.networkmanager) enable; # Use iwd as the WiFi backend when iwd is also enabled wifi.backend = mkIf cfg.iwd.enable "iwd"; wifi.powersave = cfg.networkmanager.powersave; @@ -211,7 +205,7 @@ in # Configure profiles if any are defined ensureProfiles = mkIf (profiles != { }) { environmentFiles = lib.optional (config.sops.secrets ? wifi) config.sops.secrets.wifi.path; - profiles = profiles; + inherit profiles; }; }; }; diff --git a/modules/nixos/nix/default.nix b/modules/nixos/nix/default.nix index 7f9f3ee..8c7b4d8 100644 --- a/modules/nixos/nix/default.nix +++ b/modules/nixos/nix/default.nix @@ -5,7 +5,7 @@ ... }: let - nixSettings = lib.${namespace}.nixSettings; + inherit (lib.${namespace}) nixSettings; in { nix = { diff --git a/modules/nixos/services/actual/default.nix b/modules/nixos/services/actual/default.nix index 980fe38..0e8b6b8 100644 --- a/modules/nixos/services/actual/default.nix +++ b/modules/nixos/services/actual/default.nix @@ -16,11 +16,11 @@ let options = { }; moduleConfig = { services.actual = { + inherit (cfg) openFirewall; enable = true; - openFirewall = cfg.openFirewall; settings = { + inherit (cfg) port; trustedProxies = [ config.${namespace}.network.ipv4.address ]; - port = cfg.port; serverFiles = "${cfg.configDir}/${name}/server-files"; userFiles = "${cfg.configDir}/${name}/user-files"; dataDir = "${cfg.configDir}/${name}"; diff --git a/modules/nixos/services/ai/default.nix b/modules/nixos/services/ai/default.nix index 176c948..d143690 100755 --- a/modules/nixos/services/ai/default.nix +++ b/modules/nixos/services/ai/default.nix @@ -39,23 +39,23 @@ let moduleConfig = { services = { ollama = { + inherit (cfg) openFirewall; enable = true; package = pkgs.ollama-rocm; port = 11434; host = "0.0.0.0"; user = "nix-apps"; group = "jallen-nas"; - openFirewall = cfg.openFirewall; rocmOverrideGfx = "11.0.2"; loadModels = [ ]; home = "${cfg.configDir}/ollama"; }; llama-cpp = { + inherit (cfg) openFirewall; enable = true; port = 8127; host = "0.0.0.0"; - openFirewall = cfg.openFirewall; model = "${cfg.configDir}/llama-cpp/models/${cfg.llama-cpp.model}.gguf"; package = inputs.llama-cpp.packages.${system}.rocm; extraFlags = [ @@ -87,11 +87,11 @@ let }; open-webui = { + inherit (cfg) openFirewall; enable = true; package = pkgs.open-webui; host = "0.0.0.0"; port = 8888; - openFirewall = cfg.openFirewall; environmentFile = config.sops.secrets."jallen-nas/open-webui".path; environment = { OPENID_PROVIDER_URL = "https://authentik.mjallen.dev/application/o/chat/.well-known/openid-configuration"; diff --git a/modules/nixos/services/arrs/default.nix b/modules/nixos/services/arrs/default.nix index 96acff3..b67069a 100644 --- a/modules/nixos/services/arrs/default.nix +++ b/modules/nixos/services/arrs/default.nix @@ -56,8 +56,8 @@ let # Enable radarr service services = { radarr = { + inherit (cfg) openFirewall; enable = true; - openFirewall = cfg.openFirewall; user = "nix-apps"; group = "jallen-nas"; dataDir = "${cfg.configDir}/radarr"; @@ -65,8 +65,8 @@ let # Enable Sonarr service sonarr = { + inherit (cfg) openFirewall; enable = true; - openFirewall = cfg.openFirewall; user = "nix-apps"; group = "jallen-nas"; dataDir = "${cfg.configDir}/sonarr"; @@ -74,8 +74,8 @@ let }; lidarr = { + inherit (cfg) openFirewall; enable = true; - openFirewall = cfg.openFirewall; user = "nix-apps"; group = "jallen-nas"; dataDir = "${cfg.configDir}/lidarr"; @@ -172,23 +172,22 @@ let }; deluge = { + inherit (cfg) openFirewall dataDir; enable = false; user = "nix-apps"; group = "jallen-nas"; - openFirewall = cfg.openFirewall; - dataDir = cfg.dataDir; web = { + inherit (cfg) openFirewall; enable = true; port = 8112; - openFirewall = cfg.openFirewall; }; }; jackett = { + inherit (cfg) openFirewall; enable = false; user = "nix-apps"; group = "jallen-nas"; - openFirewall = cfg.openFirewall; }; }; }; diff --git a/modules/nixos/services/attic/default.nix b/modules/nixos/services/attic/default.nix index 7a61746..7c1539f 100644 --- a/modules/nixos/services/attic/default.nix +++ b/modules/nixos/services/attic/default.nix @@ -27,8 +27,8 @@ let options = { }; moduleConfig = { services.atticd = { + inherit (cfg) environmentFile; enable = true; - environmentFile = cfg.environmentFile; settings = { listen = "${cfg.listenAddress}:${toString cfg.port}"; storage = { diff --git a/modules/nixos/services/authentik/default.nix b/modules/nixos/services/authentik/default.nix index e7879c5..05f27e2 100644 --- a/modules/nixos/services/authentik/default.nix +++ b/modules/nixos/services/authentik/default.nix @@ -18,9 +18,11 @@ let options = { }; moduleConfig = { services.authentik = { + inherit (cfg) environmentFile; enable = true; - environmentFile = cfg.environmentFile; - settings.port = cfg.port; + settings = { + inherit (cfg) port; + }; }; }; }; diff --git a/modules/nixos/services/caddy/sops.nix b/modules/nixos/services/caddy/sops.nix index faac277..0e44bf1 100644 --- a/modules/nixos/services/caddy/sops.nix +++ b/modules/nixos/services/caddy/sops.nix @@ -6,55 +6,24 @@ }: let cfg = config.${namespace}.services.caddy; + + caddySecret = { + inherit (config.users.users.caddy) name group; + sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; + restartUnits = [ "caddy.service" ]; + }; in { config = lib.mkIf cfg.enable { sops = { secrets = { - "jallen-nas/traefik/crowdsec/lapi-key" = { - sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; - restartUnits = [ "caddy.service" ]; - }; - - "jallen-nas/traefik/crowdsec/capi-machine-id" = { - sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; - restartUnits = [ "caddy.service" ]; - }; - - "jallen-nas/traefik/crowdsec/capi-password" = { - sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; - restartUnits = [ "caddy.service" ]; - }; - "jallen-nas/traefik/cloudflare-dns-api-token" = { - sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; - restartUnits = [ "caddy.service" ]; - }; - "jallen-nas/traefik/cloudflare-zone-api-token" = { - sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; - restartUnits = [ "caddy.service" ]; - }; - "jallen-nas/traefik/cloudflare-api-key" = { - sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; - restartUnits = [ "caddy.service" ]; - }; - "jallen-nas/traefik/cloudflare-email" = { - sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; - restartUnits = [ "caddy.service" ]; - }; + "jallen-nas/traefik/crowdsec/lapi-key" = caddySecret; + "jallen-nas/traefik/crowdsec/capi-machine-id" = caddySecret; + "jallen-nas/traefik/crowdsec/capi-password" = caddySecret; + "jallen-nas/traefik/cloudflare-dns-api-token" = caddySecret; + "jallen-nas/traefik/cloudflare-zone-api-token" = caddySecret; + "jallen-nas/traefik/cloudflare-api-key" = caddySecret; + "jallen-nas/traefik/cloudflare-email" = caddySecret; }; templates = { "caddy.env" = { @@ -64,8 +33,7 @@ in CLOUDFLARE_API_KEY=${config.sops.placeholder."jallen-nas/traefik/cloudflare-api-key"} CLOUDFLARE_EMAIL=${config.sops.placeholder."jallen-nas/traefik/cloudflare-email"} ''; - owner = config.users.users.caddy.name; - group = config.users.users.caddy.group; + inherit (config.users.users.caddy) name group; restartUnits = [ "caddy.service" ]; }; }; diff --git a/modules/nixos/services/calibre/default.nix b/modules/nixos/services/calibre/default.nix index 242b58e..6b5da63 100644 --- a/modules/nixos/services/calibre/default.nix +++ b/modules/nixos/services/calibre/default.nix @@ -17,9 +17,9 @@ let options = { }; moduleConfig = { services.calibre-server = { + inherit (cfg) port; enable = false; openFirewall = true; - port = cfg.port; libraries = [ "${cfg.dataDir}/books" ]; }; }; @@ -37,8 +37,8 @@ let package = pkgs.stable.calibre-web; dataDir = "${cfgWeb.configDir}/calibre-web"; listen = { + inherit (cfgWeb) port; ip = "0.0.0.0"; - port = cfgWeb.port; }; options = { enableBookUploading = true; diff --git a/modules/nixos/services/cockpit/default.nix b/modules/nixos/services/cockpit/default.nix index efb78b9..a90bb5d 100644 --- a/modules/nixos/services/cockpit/default.nix +++ b/modules/nixos/services/cockpit/default.nix @@ -15,9 +15,8 @@ let description = "Cockpit web-based server management UI"; moduleConfig = { services.cockpit = { + inherit (cfg) port openFirewall; enable = true; - port = cfg.port; - openFirewall = cfg.openFirewall; allowed-origins = [ "https://${net.hosts.nas.lan}:${toString cfg.port}" "https://${net.hosts.nas.hostname}:${toString cfg.port}" diff --git a/modules/nixos/services/code-server/default.nix b/modules/nixos/services/code-server/default.nix index fa45acb..70cc0b6 100644 --- a/modules/nixos/services/code-server/default.nix +++ b/modules/nixos/services/code-server/default.nix @@ -16,22 +16,21 @@ let moduleConfig = { # Configure the standard NixOS code-server service services.code-server = { + inherit (cfg) port extraEnvironment; enable = true; - port = cfg.port; user = "admin"; group = "jallen-nas"; host = cfg.listenAddress; auth = "none"; # "password" disableTelemetry = true; disableUpdateCheck = true; - extraEnvironment = cfg.extraEnvironment; extraGroups = [ "admin" "wheel" ]; } // optionalAttrs (cfg.hashedPassword != null) { - hashedPassword = cfg.hashedPassword; + inherit (cfg) hashedPassword; }; }; }; diff --git a/modules/nixos/services/collabora/default.nix b/modules/nixos/services/collabora/default.nix index 2e3afbf..b302d27 100644 --- a/modules/nixos/services/collabora/default.nix +++ b/modules/nixos/services/collabora/default.nix @@ -17,7 +17,7 @@ let moduleConfig = { services.collabora-online = { enable = true; - port = cfg.port; + inherit (cfg) port; settings = { # Rely on reverse proxy for SSL ssl = { diff --git a/modules/nixos/services/crowdsec/default.nix b/modules/nixos/services/crowdsec/default.nix index 5021917..37bfca3 100755 --- a/modules/nixos/services/crowdsec/default.nix +++ b/modules/nixos/services/crowdsec/default.nix @@ -39,7 +39,7 @@ let services = { crowdsec = { enable = true; - openFirewall = cfg.openFirewall; + inherit (cfg) openFirewall; hub = { appSecConfigs = [ "crowdsecurity/appsec-default" diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix index a0d8243..53012a7 100644 --- a/modules/nixos/services/gitea/default.nix +++ b/modules/nixos/services/gitea/default.nix @@ -22,8 +22,8 @@ let stateDir = "${cfg.configDir}/gitea"; user = "nix-apps"; group = "jallen-nas"; - mailerPasswordFile = mailerPasswordFile; - metricsTokenFile = metricsTokenFile; + inherit mailerPasswordFile; + inherit metricsTokenFile; settings = { server = { DOMAIN = "jallen-nas"; diff --git a/modules/nixos/services/glance/default.nix b/modules/nixos/services/glance/default.nix index 8553da9..6ae3d2f 100644 --- a/modules/nixos/services/glance/default.nix +++ b/modules/nixos/services/glance/default.nix @@ -12,9 +12,9 @@ let hostedServiceSites = let servicesCfg = config.${namespace}.services; - serviceNames = builtins.attrNames servicesCfg; + serviceNames = attrNames servicesCfg; in - builtins.concatMap ( + concatMap ( serviceName: let serviceCfg = servicesCfg.${serviceName}; @@ -24,9 +24,7 @@ let [ ( { - title = hosted.title; - url = hosted.url; - icon = hosted.icon; + inherit (hosted) title url icon; } // optionalAttrs hosted.basicAuth { basic-auth = { @@ -40,9 +38,9 @@ let [ ] ) serviceNames; - hostedServicesByGroup = builtins.groupBy (svc: svc.hostedService.group) ( - builtins.filter (svc: svc.hostedService != null && svc.hostedService.enable) ( - builtins.map ( + hostedServicesByGroup = groupBy (svc: svc.hostedService.group) ( + filter (svc: svc.hostedService != null && svc.hostedService.enable) ( + map ( serviceName: let serviceCfg = config.${namespace}.services.${serviceName}; @@ -50,7 +48,7 @@ let { hostedService = serviceCfg.hostedService or null; } - ) (builtins.attrNames config.${namespace}.services) + ) (attrNames config.${namespace}.services) ) ); @@ -332,7 +330,7 @@ let settings = { server = { host = "0.0.0.0"; - port = cfg.port; + inherit (cfg) port; }; pages = [ { @@ -371,31 +369,27 @@ let } ] ++ lib.optionals cfg.hostedServiceGroups ( - builtins.map ( + map ( groupName: makeMonitorWidget groupName ( - builtins.map (svc: { - title = svc.hostedService.title; - url = svc.hostedService.url; - icon = svc.hostedService.icon; + map (svc: { + inherit (svc.hostedService) title url icon; }) (hostedServicesByGroup.${groupName} or [ ]) ) - ) (builtins.attrNames hostedServicesByGroup) + ) (attrNames hostedServicesByGroup) ) ++ lib.optionals (!cfg.hostedServiceGroups && cfg.enableHostedServices) [ (makeMonitorWidget "Services" hostedServiceSites) ] ++ lib.optionals (cfg.extraSites != [ ]) ( - builtins.map (site: { + map (site: { type = "monitor"; cache = "1m"; - title = site.title; + inherit (site) title; sites = [ ( { - title = site.title; - url = site.url; - icon = site.icon; + inherit (site) title url icon; } // optionalAttrs site.allow-insecure { allow-insecure = true; } ) @@ -407,7 +401,7 @@ let groups = cfg.bookmarks; } ++ lib.optionals (cfg.reddit != [ ]) ( - builtins.map (subreddit: { + map (subreddit: { type = "reddit"; inherit subreddit; }) cfg.reddit diff --git a/modules/nixos/services/headscale/default.nix b/modules/nixos/services/headscale/default.nix index 8a27465..77ed101 100644 --- a/modules/nixos/services/headscale/default.nix +++ b/modules/nixos/services/headscale/default.nix @@ -17,7 +17,7 @@ let services.headscale = { enable = true; address = cfg.listenAddress; - port = cfg.port; + inherit (cfg) port; settings = { server_url = "https://headscale.mjallen.dev:443"; database.sqlite.path = "${cfg.configDir}/headscale/db.sqlite"; diff --git a/modules/nixos/services/immich/default.nix b/modules/nixos/services/immich/default.nix index b37c79d..46aaa70 100755 --- a/modules/nixos/services/immich/default.nix +++ b/modules/nixos/services/immich/default.nix @@ -19,9 +19,8 @@ let moduleConfig = { # Enable immich service services.immich = { + inherit (cfg) port openFirewall; enable = true; - port = cfg.port; - openFirewall = true; secretsFile = dbPassword; mediaLocation = "${cfg.dataDir}/photos"; diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index 74ed670..16b2983 100755 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -16,7 +16,7 @@ let moduleConfig = { services.jellyfin = { enable = true; - openFirewall = cfg.openFirewall; + inherit (cfg) openFirewall; user = "nix-apps"; group = "jallen-nas"; dataDir = "${cfg.configDir}/jellyfin"; diff --git a/modules/nixos/services/jellyseerr/default.nix b/modules/nixos/services/jellyseerr/default.nix index 099536d..9d08b2d 100644 --- a/modules/nixos/services/jellyseerr/default.nix +++ b/modules/nixos/services/jellyseerr/default.nix @@ -16,9 +16,8 @@ let moduleConfig = { # Enable seerr service services.seerr = { + inherit (cfg) port openFirewall; enable = true; - port = cfg.port; - openFirewall = cfg.openFirewall; configDir = "${cfg.configDir}/jellyseerr"; }; diff --git a/modules/nixos/services/kavita/default.nix b/modules/nixos/services/kavita/default.nix index b9a0b94..709132f 100644 --- a/modules/nixos/services/kavita/default.nix +++ b/modules/nixos/services/kavita/default.nix @@ -18,7 +18,7 @@ let "jallen-nas/kavita/token" = { sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; owner = config.users.users.kavita.name; - group = config.users.users.kavita.group; + inherit (config.users.users.kavita) group; restartUnits = [ "kavita.service" ]; }; }; @@ -28,7 +28,7 @@ let dataDir = "${cfg.configDir}/kavita"; tokenKeyFile = config.sops.secrets."jallen-nas/kavita/token".path; settings = { - Port = cfg.port; + inherit (cfg) port; }; }; }; diff --git a/modules/nixos/services/minecraft/default.nix b/modules/nixos/services/minecraft/default.nix index 3cbde70..2186ee7 100644 --- a/modules/nixos/services/minecraft/default.nix +++ b/modules/nixos/services/minecraft/default.nix @@ -14,10 +14,10 @@ let options = { }; moduleConfig = { services.minecraft-server = { + inherit (cfg) openFirewall; enable = true; eula = true; declarative = true; - openFirewall = cfg.openFirewall; dataDir = "${cfg.configDir}/minecraft"; # todo serverProperties = { enforce-whitelist = true; diff --git a/modules/nixos/services/nebula/default.nix b/modules/nixos/services/nebula/default.nix index 0c7c0a4..e44ef3d 100644 --- a/modules/nixos/services/nebula/default.nix +++ b/modules/nixos/services/nebula/default.nix @@ -115,20 +115,21 @@ let ''; services.nebula.networks.${cfg.networkName} = { + inherit (cfg) + isLighthouse + isRelay + lighthouses + staticHostMap + ; enable = true; enableReload = true; - isLighthouse = cfg.isLighthouse; - isRelay = cfg.isRelay; inherit ca cert key; - lighthouses = cfg.lighthouses; - staticHostMap = cfg.staticHostMap; - tun.device = if cfg.tunDevice != null then cfg.tunDevice else "nebula0"; listen = { host = cfg.listenAddress; - port = cfg.port; + inherit (cfg) port; }; settings.firewall = { diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index 18e45a9..83db13d 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -115,8 +115,8 @@ let virtualHosts.${config.services.nextcloud.hostName} = { listen = [ { + inherit (cfg) port; addr = "0.0.0.0"; - port = cfg.port; ssl = false; } ]; diff --git a/modules/nixos/services/onlyoffice/default.nix b/modules/nixos/services/onlyoffice/default.nix index 01ba98c..cd6d364 100644 --- a/modules/nixos/services/onlyoffice/default.nix +++ b/modules/nixos/services/onlyoffice/default.nix @@ -17,7 +17,7 @@ let moduleConfig = { services.onlyoffice = { enable = true; - port = cfg.port; + inherit (cfg) port; wopi = true; hostname = "office.mjallen.dev"; jwtSecretFile = jwtSecretFile; diff --git a/modules/nixos/services/opencloud/default.nix b/modules/nixos/services/opencloud/default.nix index 7419e7c..39b0694 100644 --- a/modules/nixos/services/opencloud/default.nix +++ b/modules/nixos/services/opencloud/default.nix @@ -21,7 +21,7 @@ let enable = true; url = "https://cloud.mjallen.dev"; address = cfg.listenAddress; - port = cfg.port; + inherit (cfg) port; stateDir = "${cfg.configDir}/opencloud"; environment = { PROXY_TLS = "false"; # disable https when behind reverse-proxy diff --git a/modules/nixos/services/owncloud/default.nix b/modules/nixos/services/owncloud/default.nix index 539882b..809226b 100755 --- a/modules/nixos/services/owncloud/default.nix +++ b/modules/nixos/services/owncloud/default.nix @@ -61,8 +61,7 @@ in config = mkIf cfg.enable { virtualisation.oci-containers.containers."${cfg.name}" = { - autoStart = cfg.autoStart; - image = cfg.image; + inherit (cfg) autoStart image; ports = [ "${cfg.httpPort}:9200" ]; volumes = [ "${cfg.configPath}:/etc/ocis" diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index 62f5277..e1345ac 100755 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -18,9 +18,9 @@ let moduleConfig = { # Enable paperless service services.paperless = { + inherit (cfg) port; enable = true; package = pkgs.paperless-ngx; - port = cfg.port; # user = "nix-apps"; address = cfg.listenAddress; dataDir = "${cfg.configDir}/paperless"; diff --git a/modules/nixos/services/restic/default.nix b/modules/nixos/services/restic/default.nix index 90d6223..30affce 100644 --- a/modules/nixos/services/restic/default.nix +++ b/modules/nixos/services/restic/default.nix @@ -202,14 +202,16 @@ in services.restic.backups = mapAttrs ( _name: jobCfg: { - initialize = jobCfg.initialize; - createWrapper = jobCfg.createWrapper; - inhibitsSleep = jobCfg.inhibitsSleep; - paths = jobCfg.paths; + inherit (jobCfg) + initialize + createWrapper + inhibitsSleep + paths + timerConfig + pruneOpts + extraBackupArgs + ; exclude = jobCfg.exclude ++ cfg.defaultExcludes; - timerConfig = jobCfg.timerConfig; - pruneOpts = jobCfg.pruneOpts; - extraBackupArgs = jobCfg.extraBackupArgs; } // optionalAttrs (jobCfg.passwordFile != null) { inherit (jobCfg) passwordFile; } // optionalAttrs (jobCfg.repository != null) { inherit (jobCfg) repository; } diff --git a/modules/nixos/services/sunshine/default.nix b/modules/nixos/services/sunshine/default.nix index 956bf96..ad6c88b 100644 --- a/modules/nixos/services/sunshine/default.nix +++ b/modules/nixos/services/sunshine/default.nix @@ -17,7 +17,7 @@ let moduleConfig = { services.sunshine = { enable = true; - openFirewall = cfg.openFirewall; + inherit (cfg) openFirewall; autoStart = true; capSysAdmin = true; applications.apps = with pkgs; [ diff --git a/modules/nixos/user/default.nix b/modules/nixos/user/default.nix index d86e504..7b22d74 100644 --- a/modules/nixos/user/default.nix +++ b/modules/nixos/user/default.nix @@ -88,7 +88,7 @@ in config = { users = { - mutableUsers = cfg.mutableUsers; + inherit (cfg) mutableUsers; groups.${cfg.group}.gid = lib.mkForce (if cfg.group != "wheel" then cfg.gid else 1); users = { root = { @@ -99,6 +99,7 @@ in ${cfg.name} = { inherit (cfg) name + group uid linger packages @@ -133,7 +134,6 @@ in ] ++ cfg.extraGroups; - group = cfg.group; home = "/home/${cfg.name}"; isNormalUser = true; shell = lib.mkForce pkgs.zsh; diff --git a/overlays/stable/default.nix b/overlays/stable/default.nix index fc3b46d..2c976d4 100755 --- a/overlays/stable/default.nix +++ b/overlays/stable/default.nix @@ -1,7 +1,7 @@ { inputs, ... }: final: _prev: { stable = import inputs.nixpkgs-stable { - system = final.stdenv.hostPlatform.system; + inherit (final.stdenv.hostPlatform) system; config.allowUnfree = true; }; } diff --git a/packages/bcachefs/default.nix b/packages/bcachefs/default.nix index 13dd1c9..5c26ded 100644 --- a/packages/bcachefs/default.nix +++ b/packages/bcachefs/default.nix @@ -42,7 +42,7 @@ stdenv.mkDerivation (finalAttrs: { cargoDeps = rustPlatform.fetchCargoVendor { inherit (finalAttrs) src; - hash = sources.cargoDeps.hash; + inherit (sources.cargoDeps) hash; }; postPatch = '' diff --git a/packages/cockpit-benchmark/default.nix b/packages/cockpit-benchmark/default.nix index 6adf83c..5ba7e29 100644 --- a/packages/cockpit-benchmark/default.nix +++ b/packages/cockpit-benchmark/default.nix @@ -102,10 +102,9 @@ let in stdenv.mkDerivation (finalAttrs: { pname = "cockpit-benchmark"; + inherit (sources) src; inherit version; - src = sources.src; - npmDeps = fetchNpmDeps { src = "${finalAttrs.src}/benchmark"; packageLock = patchedPackageLock; diff --git a/packages/cockpit-machines/default.nix b/packages/cockpit-machines/default.nix index 0531f2e..b585612 100644 --- a/packages/cockpit-machines/default.nix +++ b/packages/cockpit-machines/default.nix @@ -16,10 +16,9 @@ let in stdenv.mkDerivation { pname = "cockpit-machines"; + inherit (sources) src; inherit version; - src = sources.src; - # Pre-vendored node_modules from cockpit-project/node-cache, pinned via the # node_modules submodule reference in the source tree. inherit (sources) nodeModules; diff --git a/packages/cockpit-podman/default.nix b/packages/cockpit-podman/default.nix index 105faca..254cf1c 100644 --- a/packages/cockpit-podman/default.nix +++ b/packages/cockpit-podman/default.nix @@ -8,6 +8,7 @@ let inherit (lib.trivial) importJSON; inherit (lib.${namespace}) mkAllSources selectVariant; + inherit lib; versionSpec = importJSON ./version.json; selected = selectVariant versionSpec null null; @@ -18,11 +19,7 @@ stdenv.mkDerivation { pname = "cockpit-podman"; inherit version; - src = sources.src; - - # Pre-vendored node_modules from cockpit-project/node-cache, pinned via the - # node_modules submodule reference in the source tree. - inherit (sources) nodeModules; + inherit (sources) src nodeModules; # pkg/lib checked out from the main cockpit repo at the commit pinned in # the Makefile (COCKPIT_REPO_COMMIT). diff --git a/packages/fastflowlm/default.nix b/packages/fastflowlm/default.nix index 27b639f..d758d85 100644 --- a/packages/fastflowlm/default.nix +++ b/packages/fastflowlm/default.nix @@ -66,7 +66,7 @@ let version = "0.9.36"; # XRT userspace runtime — built from packages/xrt in this flake. - xrt = pkgs.${namespace}.xrt; + inherit (pkgs.${namespace}) xrt; # ── tokenizers-cpp submodule ────────────────────────────────────────────── # Pinned to the commit referenced in FastFlowLM v0.9.36 .gitmodules. diff --git a/packages/homeassistant/ha-anycubic/default.nix b/packages/homeassistant/ha-anycubic/default.nix index 32ea75f..d96eeea 100644 --- a/packages/homeassistant/ha-anycubic/default.nix +++ b/packages/homeassistant/ha-anycubic/default.nix @@ -16,9 +16,9 @@ let version = src-meta.tag or src-meta.rev; in buildHomeAssistantComponent { - owner = src-meta.owner; - domain = "anycubic_wifi"; + inherit (src-meta) owner; inherit version; + domain = "anycubic_wifi"; src = sources.anycubic; diff --git a/packages/homeassistant/ha-bambulab/default.nix b/packages/homeassistant/ha-bambulab/default.nix index 1812e65..3cdcb95 100644 --- a/packages/homeassistant/ha-bambulab/default.nix +++ b/packages/homeassistant/ha-bambulab/default.nix @@ -17,9 +17,9 @@ let version = src-meta.tag or src-meta.rev; in buildHomeAssistantComponent { - owner = src-meta.owner; - domain = "bambu_lab"; + inherit (src-meta) owner; inherit version; + domain = "bambu_lab"; src = sources.bambu_lab; diff --git a/packages/homeassistant/ha-bedjet/default.nix b/packages/homeassistant/ha-bedjet/default.nix index e7a5230..c2255d9 100644 --- a/packages/homeassistant/ha-bedjet/default.nix +++ b/packages/homeassistant/ha-bedjet/default.nix @@ -17,7 +17,7 @@ let version = src-meta.tag or src-meta.rev; in buildHomeAssistantComponent { - owner = src-meta.owner; + inherit (src-meta) owner; domain = "bedjet"; inherit version; diff --git a/packages/homeassistant/ha-gehome/default.nix b/packages/homeassistant/ha-gehome/default.nix index 7dc126a..0b77e4d 100644 --- a/packages/homeassistant/ha-gehome/default.nix +++ b/packages/homeassistant/ha-gehome/default.nix @@ -17,7 +17,7 @@ let version = src-meta.tag or src-meta.rev; in buildHomeAssistantComponent { - owner = src-meta.owner; + inherit (src-meta) owner; domain = "ge_home"; inherit version; diff --git a/packages/homeassistant/ha-govee/default.nix b/packages/homeassistant/ha-govee/default.nix index 34939cc..f6fd7e4 100644 --- a/packages/homeassistant/ha-govee/default.nix +++ b/packages/homeassistant/ha-govee/default.nix @@ -17,9 +17,9 @@ let version = src-meta.tag or src-meta.rev; in buildHomeAssistantComponent { - owner = src-meta.owner; - domain = "govee"; + inherit (src-meta) owner; inherit version; + domain = "govee"; src = sources.govee; diff --git a/packages/homeassistant/ha-icloud3/default.nix b/packages/homeassistant/ha-icloud3/default.nix index cc52813..282a289 100644 --- a/packages/homeassistant/ha-icloud3/default.nix +++ b/packages/homeassistant/ha-icloud3/default.nix @@ -17,7 +17,7 @@ let version = src-meta.tag or src-meta.rev; in buildHomeAssistantComponent { - owner = src-meta.owner; + inherit (src-meta) owner; domain = "icloud3"; inherit version; diff --git a/packages/homeassistant/ha-local-llm/default.nix b/packages/homeassistant/ha-local-llm/default.nix index 0960d56..768f346 100644 --- a/packages/homeassistant/ha-local-llm/default.nix +++ b/packages/homeassistant/ha-local-llm/default.nix @@ -17,9 +17,9 @@ let version = src-meta.tag or src-meta.rev; in buildHomeAssistantComponent { - owner = src-meta.owner; - domain = "llama_conversation"; + inherit (src-meta) owner; inherit version; + domain = "llama_conversation"; src = sources.llama_conversation; diff --git a/packages/homeassistant/ha-mail-and-packages/default.nix b/packages/homeassistant/ha-mail-and-packages/default.nix index 6af386e..223135b 100644 --- a/packages/homeassistant/ha-mail-and-packages/default.nix +++ b/packages/homeassistant/ha-mail-and-packages/default.nix @@ -17,9 +17,9 @@ let version = src-meta.tag or src-meta.rev; in buildHomeAssistantComponent { - owner = src-meta.owner; - domain = "mail_and_packages"; + inherit (src-meta) owner; inherit version; + domain = "mail_and_packages"; src = sources.mail_and_packages; diff --git a/packages/homeassistant/ha-nanokvm/default.nix b/packages/homeassistant/ha-nanokvm/default.nix index 478963d..927f837 100644 --- a/packages/homeassistant/ha-nanokvm/default.nix +++ b/packages/homeassistant/ha-nanokvm/default.nix @@ -78,7 +78,7 @@ let }; in buildHomeAssistantComponent { - owner = src-meta.owner; + inherit (src-meta) owner; domain = "nanokvm"; inherit version; diff --git a/packages/homeassistant/ha-openhasp/default.nix b/packages/homeassistant/ha-openhasp/default.nix index fad1828..6a42af6 100644 --- a/packages/homeassistant/ha-openhasp/default.nix +++ b/packages/homeassistant/ha-openhasp/default.nix @@ -17,7 +17,7 @@ let version = src-meta.tag or src-meta.rev; in buildHomeAssistantComponent { - owner = src-meta.owner; + inherit (src-meta) owner; domain = "openhasp"; inherit version; diff --git a/packages/homeassistant/ha-overseerr/default.nix b/packages/homeassistant/ha-overseerr/default.nix index 7ff8fe2..ed0aa0e 100644 --- a/packages/homeassistant/ha-overseerr/default.nix +++ b/packages/homeassistant/ha-overseerr/default.nix @@ -16,9 +16,9 @@ let version = src-meta.tag or src-meta.rev; in buildHomeAssistantComponent { - owner = src-meta.owner; - domain = "overseerr"; + inherit (src-meta) owner; inherit version; + domain = "overseerr"; src = sources.overseerr; diff --git a/packages/homeassistant/ha-petlibro/default.nix b/packages/homeassistant/ha-petlibro/default.nix index 7a9e1ac..695a590 100644 --- a/packages/homeassistant/ha-petlibro/default.nix +++ b/packages/homeassistant/ha-petlibro/default.nix @@ -16,9 +16,9 @@ let version = src-meta.tag or src-meta.rev; in buildHomeAssistantComponent { - owner = src-meta.owner; - domain = "petlibro"; + inherit (src-meta) owner; inherit version; + domain = "petlibro"; src = sources.petlibro; diff --git a/packages/homeassistant/ha-wyzeapi/default.nix b/packages/homeassistant/ha-wyzeapi/default.nix index 52155a1..22dae30 100644 --- a/packages/homeassistant/ha-wyzeapi/default.nix +++ b/packages/homeassistant/ha-wyzeapi/default.nix @@ -16,7 +16,7 @@ let version = src-meta.tag or src-meta.rev; in buildHomeAssistantComponent { - owner = src-meta.owner; + inherit (src-meta) owner; domain = "wyzeapi"; inherit version; diff --git a/packages/librepods-beta/default.nix b/packages/librepods-beta/default.nix index 808592d..db5b9da 100644 --- a/packages/librepods-beta/default.nix +++ b/packages/librepods-beta/default.nix @@ -21,14 +21,13 @@ let inherit (lib.trivial) importJSON; inherit (lib.${namespace}) selectVariant mkAllSources; + inherit lib; versionSpec = importJSON ./version.json; selected = selectVariant versionSpec null null; sources = mkAllSources pkgs selected; - # cargoHash is stored alongside the source in version.json so the TUI can update it + inherit (stdenv.hostPlatform) system; cargoHash = selected.sources.librepods.cargoHash; - - system = stdenv.hostPlatform.system; in rustPlatform.buildRustPackage rec { pname = "librepods"; diff --git a/packages/moondeck-buddy/default.nix b/packages/moondeck-buddy/default.nix index 951b559..5b2a8aa 100644 --- a/packages/moondeck-buddy/default.nix +++ b/packages/moondeck-buddy/default.nix @@ -12,7 +12,7 @@ let versionSpec = importJSON ./version.json; selected = selectVariant versionSpec null null; sources = mkAllSources pkgs selected; - moondeck-buddy = selected.sources.moondeck-buddy; + inherit (selected.sources) moondeck-buddy; in appimageTools.wrapType2 { pname = "moondeck-buddy"; diff --git a/packages/proton-cachyos/default.nix b/packages/proton-cachyos/default.nix index a86e7e4..b83e5b5 100644 --- a/packages/proton-cachyos/default.nix +++ b/packages/proton-cachyos/default.nix @@ -23,19 +23,16 @@ let versionSpec = importJSON ./version.json; selected = selectVariant versionSpec variant null; vars = selected.variables or { }; - base = vars.base; - release = vars.release; toolTitle = "proton-${variant}-latest"; - # Derived values for the current variant - releaseVersion = "${releasePrefix}${base}-${release}${releaseSuffix}"; - homepage = "https://github.com/${owner}/${repo}"; + releaseVersion = "${releasePrefix}${vars.base}-${vars.release}${releaseSuffix}"; + homepage = "https://${owner}/${repo}"; url = "${homepage}/releases/download/${releaseVersion}/${tarballPrefix}${releaseVersion}${tarballSuffix}"; # Choose fetcher based on file type intake = - if lib.strings.hasSuffix ".zip" url then + if lib.hasSuffix ".zip" url then { fetcher = fetchzip; input = "$src/*.tar.xz"; @@ -48,7 +45,7 @@ let in stdenvNoCC.mkDerivation { name = repo; - version = "${base}.${release}"; + version = "${vars.base}.${vars.release}"; src = intake.fetcher { inherit url; @@ -60,7 +57,7 @@ stdenvNoCC.mkDerivation { tar -C $out/bin --strip=1 -x -f ${intake.input} '' # Allow to keep the same name between updates - + lib.strings.optionalString (toolTitle != null) '' + + lib.optionalString (toolTitle != null) '' sed -i -r 's|"${toolPattern}"|"${toolTitle}"|' $out/bin/compatibilitytool.vdf ''; diff --git a/packages/python/comfy-kitchen/default.nix b/packages/python/comfy-kitchen/default.nix index ab4a1c8..bf99235 100644 --- a/packages/python/comfy-kitchen/default.nix +++ b/packages/python/comfy-kitchen/default.nix @@ -12,7 +12,7 @@ let versionSpec = importJSON ./version.json; selected = selectVariant versionSpec null null; sources = mkAllSources pkgs selected; - version = selected.variables.version; + inherit (selected.variables) version; in python3Packages.buildPythonPackage { pname = "comfy-kitchen"; diff --git a/packages/python/gehomesdk/default.nix b/packages/python/gehomesdk/default.nix index 0af4055..6d7f9fa 100644 --- a/packages/python/gehomesdk/default.nix +++ b/packages/python/gehomesdk/default.nix @@ -12,7 +12,7 @@ let versionSpec = importJSON ./version.json; selected = selectVariant versionSpec null null; sources = mkAllSources pkgs selected; - version = selected.variables.version; + inherit (selected.variables) version; in home-assistant.python.pkgs.buildPythonPackage { pname = "gehomesdk"; diff --git a/packages/python/python-steam/default.nix b/packages/python/python-steam/default.nix index c4f1bbd..c70e0bb 100644 --- a/packages/python/python-steam/default.nix +++ b/packages/python/python-steam/default.nix @@ -12,7 +12,7 @@ let versionSpec = importJSON ./version.json; selected = selectVariant versionSpec null null; sources = mkAllSources pkgs selected; - version = selected.variables.version; + inherit (selected.variables) version; in python3Packages.buildPythonPackage { pname = "steam"; diff --git a/packages/python/pyvesync/default.nix b/packages/python/pyvesync/default.nix index 8ae77ab..a207109 100644 --- a/packages/python/pyvesync/default.nix +++ b/packages/python/pyvesync/default.nix @@ -12,8 +12,8 @@ let versionSpec = importJSON ./version.json; selected = selectVariant versionSpec null null; sources = mkAllSources pkgs selected; - src-meta = selected.sources.pyvesync; - version = selected.variables.version; + inherit (selected.sources) pyvesync; + inherit (selected.variables) version; in python3Packages.buildPythonPackage { pname = "pyvesync"; @@ -37,7 +37,7 @@ python3Packages.buildPythonPackage { meta = with lib; { description = "Python library to manage Etekcity Devices and Levoit Air Purifier"; homepage = "https://github.com/webdjoe/pyvesync"; - changelog = "https://github.com/webdjoe/pyvesync/releases/tag/${src-meta.tag}"; + changelog = "https://github.com/webdjoe/pyvesync/releases/tag/${pyvesync.tag}"; license = with licenses; [ mit ]; maintainers = with maintainers; [ fab ]; }; diff --git a/packages/raspberrypi/ffmpeg-rpi/default.nix b/packages/raspberrypi/ffmpeg-rpi/default.nix index 15d8f2c..e8e4ef5 100644 --- a/packages/raspberrypi/ffmpeg-rpi/default.nix +++ b/packages/raspberrypi/ffmpeg-rpi/default.nix @@ -71,9 +71,9 @@ in ]; })).override { + inherit (rpiFfmpegSrc) hash; version = ffmpegVersion; source = rpiFfmpegSrc; - hash = rpiFfmpegSrc.hash; # version = ffmpegVersion + "-rpi"; # source = rpiFfmpegSrc; diff --git a/packages/raspberrypi/linux-rpi/default.nix b/packages/raspberrypi/linux-rpi/default.nix index 1dabbb0..0255a46 100644 --- a/packages/raspberrypi/linux-rpi/default.nix +++ b/packages/raspberrypi/linux-rpi/default.nix @@ -19,8 +19,8 @@ let selected = selectVariant versionSpec kernelVersion null; sources = mkAllSources pkgs selected; - modDirVersion = selected.variables.modDirVersion; - tag = kernelVersion; # sources.tag; + inherit (selected.variables) modDirVersion; + tag = kernelVersion; # NOTE: raspberrypifw & raspberryPiWirelessFirmware should be updated with this # all of these fail for various reasons diff --git a/packages/raspberrypi/raspberrypi-overlays/default.nix b/packages/raspberrypi/raspberrypi-overlays/default.nix index 9ff3663..8d2bb60 100644 --- a/packages/raspberrypi/raspberrypi-overlays/default.nix +++ b/packages/raspberrypi/raspberrypi-overlays/default.nix @@ -17,7 +17,7 @@ in stdenvNoCC.mkDerivation { # NOTE: this should be updated with linux_rpi pname = "raspberrypi-dtoverlays"; - version = vars.version; + inherit (vars) version; src = sources.linux; diff --git a/packages/raspberrypi/raspberrypifw/default.nix b/packages/raspberrypi/raspberrypifw/default.nix index 522a7b0..d38da5b 100644 --- a/packages/raspberrypi/raspberrypifw/default.nix +++ b/packages/raspberrypi/raspberrypifw/default.nix @@ -16,7 +16,7 @@ in stdenvNoCC.mkDerivation { # NOTE: this should be updated with linux_rpi pname = "raspberrypi-firmware"; - version = vars.version; + inherit (vars) version; src = sources.firmware-next; diff --git a/packages/raspberrypi/uefi-rpi4/default.nix b/packages/raspberrypi/uefi-rpi4/default.nix index ce1a326..25b7aa0 100644 --- a/packages/raspberrypi/uefi-rpi4/default.nix +++ b/packages/raspberrypi/uefi-rpi4/default.nix @@ -14,8 +14,8 @@ let sources = mkAllSources pkgs selected; in stdenvNoCC.mkDerivation rec { + inherit (vars) version; pname = "uefi-rpi4"; - version = vars.version; src = sources.firmware; diff --git a/packages/raspberrypi/uefi-rpi5/default.nix b/packages/raspberrypi/uefi-rpi5/default.nix index 6dd2c76..9df0295 100644 --- a/packages/raspberrypi/uefi-rpi5/default.nix +++ b/packages/raspberrypi/uefi-rpi5/default.nix @@ -50,7 +50,7 @@ let in stdenvNoCC.mkDerivation rec { pname = "uefi-rpi5"; - version = vars.version; + inherit (vars) version; src = sources.firmware; diff --git a/statix.toml b/statix.toml index 96a6834..56cd9d4 100644 --- a/statix.toml +++ b/statix.toml @@ -1,11 +1,8 @@ # Disable lint rules that generate excessive false-positives or noise. # -# manual_inherit / manual_inherit_from: very high volume of style suggestions. # empty_pattern: { ... }: is a valid and readable no-arg pattern. disabled = [ - "manual_inherit", - "manual_inherit_from", - "empty_pattern", # needed for some overlays + "empty_pattern", ] # Exclude files where statix's parser fails on complex shell-in-Nix content. diff --git a/systems/aarch64-linux/pi5/default.nix b/systems/aarch64-linux/pi5/default.nix index a2b98c3..18903e9 100644 --- a/systems/aarch64-linux/pi5/default.nix +++ b/systems/aarch64-linux/pi5/default.nix @@ -124,9 +124,9 @@ in network = { hostName = net.hosts.pi5.hostname; ipv4 = { + inherit (net.hosts.pi5) gateway; method = "manual"; address = net.hosts.pi5.lan4; - gateway = net.hosts.pi5.gateway; dns = "1.1.1.1"; interface = "end0"; }; diff --git a/systems/x86_64-linux/allyx/default.nix b/systems/x86_64-linux/allyx/default.nix index 872ae5b..11e773f 100644 --- a/systems/x86_64-linux/allyx/default.nix +++ b/systems/x86_64-linux/allyx/default.nix @@ -55,8 +55,8 @@ enable = true; extraDirectories = [ { + inherit (config.jovian.decky-loader) user; directory = config.jovian.decky-loader.stateDir; - user = config.jovian.decky-loader.user; group = config.jovian.decky-loader.user; mode = "u=rwx,g=rwx,o=rx"; } diff --git a/systems/x86_64-linux/jallen-nas/default.nix b/systems/x86_64-linux/jallen-nas/default.nix index 4ed4787..50e8383 100755 --- a/systems/x86_64-linux/jallen-nas/default.nix +++ b/systems/x86_64-linux/jallen-nas/default.nix @@ -127,7 +127,7 @@ in ipv4 = { address = net.hosts.nas.lan; method = "manual"; - gateway = net.hosts.nas.gateway; + inherit (net.hosts.nas) gateway; dns = "1.1.1.1"; interface = "enp197s0"; }; diff --git a/systems/x86_64-linux/jallen-nas/sops.nix b/systems/x86_64-linux/jallen-nas/sops.nix index d696675..b2b5430 100755 --- a/systems/x86_64-linux/jallen-nas/sops.nix +++ b/systems/x86_64-linux/jallen-nas/sops.nix @@ -1,7 +1,13 @@ { config, lib, ... }: let - user = "nix-apps"; - defaultSops = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; + owner = config.users.users."nix-apps".name; + inherit (config.users.users."${owner}") group; + sopsFile = lib.snowfall.fs.get-file "secrets/nas-secrets.yaml"; + + sopsSettings = { + inherit owner group sopsFile; + mode = "0600"; + }; in { # Permission modes are in octal representation (same as chmod), @@ -25,27 +31,18 @@ in # Secrets # ------------------------------ secrets = { - "jallen-nas/admin_password" = { - sopsFile = defaultSops; + "jallen-nas/admin_password" = sopsSettings // { neededForUsers = true; - mode = "0600"; - owner = config.users.users."${user}".name; - group = config.users.users."${user}".group; }; - "jallen-nas/nas_pool" = { - sopsFile = defaultSops; - mode = "0600"; - owner = config.users.users."${user}".name; - group = config.users.users."${user}".group; - }; + "jallen-nas/nas_pool" = sopsSettings; # ------------------------------ # ups # ------------------------------ "jallen-nas/ups_password" = { - sopsFile = defaultSops; + inherit sopsFile; mode = "0777"; restartUnits = [ "upsdrv.service" @@ -73,7 +70,7 @@ in # ------------------------------ "jallen-nas/authentik-env" = { - sopsFile = defaultSops; + inherit sopsFile; restartUnits = [ "authentik.service" ]; }; @@ -81,7 +78,7 @@ in # attic # ------------------------------ "jallen-nas/attic-key" = { - sopsFile = defaultSops; + inherit sopsFile; restartUnits = [ "atticd.service" ]; }; @@ -90,7 +87,7 @@ in # ------------------------------ "jallen-nas/collabora" = { - sopsFile = defaultSops; + inherit sopsFile; restartUnits = [ "coolwsd.service" ]; }; @@ -103,7 +100,7 @@ in # }; # "jallen-nas/crowdsec-capi" = { - # sopsFile = defaultSops; + # inherit sopsFile; # owner = "crowdsec"; # group = "crowdsec"; # restartUnits = [ "crowdsec.service" ]; @@ -114,11 +111,11 @@ in # ------------------------------ "jallen-nas/mariadb/db_pass" = { - sopsFile = defaultSops; + inherit sopsFile; restartUnits = [ "mysql.service" ]; }; "jallen-nas/mariadb/root_pass" = { - sopsFile = defaultSops; + inherit sopsFile; restartUnits = [ "mysql.service" ]; }; @@ -126,28 +123,20 @@ in # nextcloud # ------------------------------ - "jallen-nas/nextcloud/dbpassword" = { - sopsFile = defaultSops; + "jallen-nas/nextcloud/dbpassword" = sopsSettings // { mode = "0650"; - owner = config.users.users."${user}".name; - group = config.users.users."${user}".group; restartUnits = [ "nextcloud.service" ]; }; - "jallen-nas/nextcloud/adminpassword" = { - sopsFile = defaultSops; + "jallen-nas/nextcloud/adminpassword" = sopsSettings // { mode = "0440"; - owner = config.users.users."${user}".name; group = "keys"; restartUnits = [ "nextcloud.service" "prometheus-nextcloud-exporter.service" # actual systemd unit name ]; }; - "jallen-nas/nextcloud/smtp_settings" = { - sopsFile = defaultSops; + "jallen-nas/nextcloud/smtp_settings" = sopsSettings // { mode = "0650"; - owner = config.users.users."${user}".name; - group = config.users.users."${user}".group; restartUnits = [ "nextcloud.service" ]; }; @@ -155,11 +144,8 @@ in # onlyoffice # ------------------------------ - "jallen-nas/onlyoffice-key" = { - sopsFile = defaultSops; + "jallen-nas/onlyoffice-key" = sopsSettings // { mode = "0655"; - owner = config.users.users."${user}".name; - group = config.users.users."${user}".group; restartUnits = [ "nextcloud.service" ]; }; @@ -168,7 +154,7 @@ in # ------------------------------ "jallen-nas/manyfold/secretkeybase" = { - sopsFile = defaultSops; + inherit sopsFile; restartUnits = [ "podman-manyfold.service" ]; }; @@ -177,7 +163,7 @@ in # ------------------------------ "jallen-nas/immich/db-password" = { - sopsFile = defaultSops; + inherit sopsFile; mode = "0440"; group = "keys"; restartUnits = [ "immich.service" ]; @@ -188,7 +174,7 @@ in # ------------------------------ "jallen-nas/open-webui" = { - sopsFile = defaultSops; + inherit sopsFile; restartUnits = [ "open-webui.service" ]; }; @@ -197,15 +183,15 @@ in # ------------------------------ "jallen-nas/paperless/secret" = { - sopsFile = defaultSops; + inherit sopsFile; restartUnits = [ "paperless.service" ]; }; "jallen-nas/paperless/authentik-client-id" = { - sopsFile = defaultSops; + inherit sopsFile; restartUnits = [ "paperless.service" ]; }; "jallen-nas/paperless/authentik-client-secret" = { - sopsFile = defaultSops; + inherit sopsFile; restartUnits = [ "paperless.service" ]; }; @@ -214,14 +200,14 @@ in # ------------------------------ "jallen-nas/gitea/mail-key" = { - sopsFile = defaultSops; + inherit sopsFile; owner = "root"; group = "keys"; mode = "0440"; restartUnits = [ "gitea.service" ]; }; "jallen-nas/gitea/metrics-key" = { - sopsFile = defaultSops; + inherit sopsFile; owner = "root"; group = "keys"; mode = "0440"; @@ -232,36 +218,36 @@ in # free-games-claimer # ------------------------------ "jallen-nas/free-games/eg-email" = { - sopsFile = defaultSops; + inherit sopsFile; }; "jallen-nas/free-games/eg-pass" = { - sopsFile = defaultSops; + inherit sopsFile; }; "jallen-nas/free-games/eg-otp" = { - sopsFile = defaultSops; + inherit sopsFile; }; "jallen-nas/free-games/pg-email" = { - sopsFile = defaultSops; + inherit sopsFile; }; "jallen-nas/free-games/pg-pass" = { - sopsFile = defaultSops; + inherit sopsFile; }; "jallen-nas/free-games/gog-email" = { - sopsFile = defaultSops; + inherit sopsFile; }; "jallen-nas/free-games/gog-pass" = { - sopsFile = defaultSops; + inherit sopsFile; }; # ------------------------------ # ntfy # ------------------------------ "jallen-nas/ntfy/auth-users" = { - sopsFile = defaultSops; + inherit sopsFile; }; "jallen-nas/ntfy/user" = { - sopsFile = defaultSops; + inherit sopsFile; mode = "0440"; group = "keys"; restartUnits = [ @@ -271,7 +257,7 @@ in ]; }; "jallen-nas/ntfy/password" = { - sopsFile = defaultSops; + inherit sopsFile; mode = "0440"; group = "keys"; restartUnits = [ @@ -285,15 +271,15 @@ in # sparky-fitness # ------------------------------ "jallen-nas/sparky-fitness/db-password" = { - sopsFile = defaultSops; + inherit sopsFile; restartUnits = [ "podman-sparky-fitness-server.service" ]; }; "jallen-nas/sparky-fitness/api-encryption-key" = { - sopsFile = defaultSops; + inherit sopsFile; restartUnits = [ "podman-sparky-fitness-server.service" ]; }; "jallen-nas/sparky-fitness/auth-secret" = { - sopsFile = defaultSops; + inherit sopsFile; restartUnits = [ "podman-sparky-fitness-server.service" ]; }; @@ -303,7 +289,7 @@ in # jallen-nas/authentik-rac/token: # ------------------------------ "jallen-nas/authentik-rac/token" = { - sopsFile = defaultSops; + inherit sopsFile; restartUnits = [ "podman-authenticRac.service" ]; }; @@ -315,7 +301,7 @@ in # embedding it in the world-readable Nix store. # To rotate: use https://github.com/erooke/grafana-secretkey-rotation-tool "jallen-nas/grafana/secret-key" = { - sopsFile = defaultSops; + inherit sopsFile; owner = "grafana"; group = "grafana"; mode = "0400"; @@ -328,6 +314,7 @@ in # ------------------------------ templates = { "fgc.env" = { + inherit owner group; content = '' EG_EMAIL = ${config.sops.placeholder."jallen-nas/free-games/eg-email"} EG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/eg-pass"} @@ -338,8 +325,6 @@ in GOG_PASSWORD = ${config.sops.placeholder."jallen-nas/free-games/gog-pass"} ''; mode = "0650"; - owner = config.users.users."${user}".name; - group = config.users.users."${user}".group; restartUnits = [ "podman-free-games-claimer.service" ]; }; @@ -407,6 +392,7 @@ in }; "paperless.env" = { + inherit owner group; content = '' PAPERLESS_ADMIN_USER = "mjallen" PAPERLESS_ADMIN_PASSWORD = ${config.sops.placeholder."matt_password"} @@ -421,8 +407,6 @@ in }","settings":{"server_url":"https://authentik.mjallen.dev/application/o/paperless/.well-known/openid-configuration"}}]}} ''; mode = "0650"; - owner = config.users.users."${user}".name; - group = config.users.users."${user}".group; restartUnits = [ "paperless-web.service" ]; }; }; diff --git a/systems/x86_64-linux/nuc-nixos/default.nix b/systems/x86_64-linux/nuc-nixos/default.nix index e1b869d..d2563de 100644 --- a/systems/x86_64-linux/nuc-nixos/default.nix +++ b/systems/x86_64-linux/nuc-nixos/default.nix @@ -36,9 +36,9 @@ in network = { hostName = net.hosts.nuc.hostname; ipv4 = { + inherit (net.hosts.nuc) gateway; method = "manual"; address = net.hosts.nuc.lan4; - gateway = net.hosts.nuc.gateway; dns = net.hosts.router.lan; interface = "enp2s0"; };