nixfmt

common/lib/default.nix

@@ -1,4 +1,5 @@
-{ lib, config, ... }:{
+{ lib, config, ... }:
+{
   imports = [
     ./makeWrapper.nix
   ];

common/lib/makeWrapper.nix

@@ -4,40 +4,75 @@
   ...
 }:
 let
-  inherit (lib) optionals optional mapAttrsFlatten concatMap escapeShellArg escapeShellArgs;
+  inherit (lib)
+    optionals
+    optional
+    mapAttrsFlatten
+    concatMap
+    escapeShellArg
+    escapeShellArgs
+    ;
 in
 {
-  config.vacu.vaculib.makeWrapper = {
+  config.vacu.vaculib.makeWrapper =
+    {
       original,
       new,
       argv0 ? null,
       inherit_argv0 ? false,
       resolve_argv0 ? false,
-    set ? {},
-    set_default ? {},
-    unset ? [],
+      set ? { },
+      set_default ? { },
+      unset ? [ ],
       chdir ? null,
-    run ? [],
-    prepend_flags ? [],
-    add_flags ? [],
-    append_flags ? [],
-  }@args: let
+      run ? [ ],
+      prepend_flags ? [ ],
+      add_flags ? [ ],
+      append_flags ? [ ],
+    }@args:
+    let
       prependFlags = prepend_flags ++ add_flags;
       escapeFlags = flags: builtins.concatStringsSep " " (map escapeShellArg flags);
       originalBin = if lib.isDerivation original then lib.getExe original else original;
       makeWrapperFlags =
-      (optionals (argv0 != null) [ "--argv0" argv0]) ++
-      (optional inherit_argv0 "--inherit-argv0") ++
-      (optional resolve_argv0 "--resolve-argv0") ++
-      (mapAttrsFlatten (k: v: [ "--set" k v ] ) set) ++
-      (mapAttrsFlatten (k: v: [ "--set-default" k v ] ) set_default) ++
-      (concatMap (k: [ "--unset" k ]) unset) ++
-      (optionals (chdir != null) [ "--chdir" chdir ]) ++
-      (concatMap (k: [ "--run" k ]) run) ++
-      (optionals (prependFlags != []) [ "--add-flags" (escapeFlags prependFlags) ]) ++
-      (optionals (append_flags != []) [ "--append-flags" (escapeFlags append_flags) ])
-    ;
-  in pkgs.stdenvNoCC.mkDerivation {
+        (optionals (argv0 != null) [
+          "--argv0"
+          argv0
+        ])
+        ++ (optional inherit_argv0 "--inherit-argv0")
+        ++ (optional resolve_argv0 "--resolve-argv0")
+        ++ (mapAttrsFlatten (k: v: [
+          "--set"
+          k
+          v
+        ]) set)
+        ++ (mapAttrsFlatten (k: v: [
+          "--set-default"
+          k
+          v
+        ]) set_default)
+        ++ (concatMap (k: [
+          "--unset"
+          k
+        ]) unset)
+        ++ (optionals (chdir != null) [
+          "--chdir"
+          chdir
+        ])
+        ++ (concatMap (k: [
+          "--run"
+          k
+        ]) run)
+        ++ (optionals (prependFlags != [ ]) [
+          "--add-flags"
+          (escapeFlags prependFlags)
+        ])
+        ++ (optionals (append_flags != [ ]) [
+          "--append-flags"
+          (escapeFlags append_flags)
+        ]);
+    in
+    pkgs.stdenvNoCC.mkDerivation {
       name = new;
 
       nativeBuildInputs = [ pkgs.makeWrapper ];

common/shell/default.nix

@@ -26,7 +26,10 @@ let
   wrappedBashPkg = vaculib.makeWrapper {
     original = pkgs.bash;
     new = "vacuinit-bash";
-    prepend_flags = [ "--init-file" vacuInitFile ];
+    prepend_flags = [
+      "--init-file"
+      vacuInitFile
+    ];
   };
   wrappedBash = lib.getExe wrappedBashPkg;
 in

common/sops.nix

@@ -9,7 +9,9 @@ let
   userKeys = lib.attrValues config.vacu.ssh.authorizedKeys;
   liamKey = config.vacu.ssh.knownHosts.liam.publicKey;
   ssh-to-age = lib.getExe pkgs.ssh-to-age;
-  sopsConfig = pkgs.runCommand "sops.yaml" { env.sshUserKeys = lib.concatStringsSep "\n" userKeys; } ''
+  sopsConfig =
+    pkgs.runCommand "sops.yaml" { env.sshUserKeys = lib.concatStringsSep "\n" userKeys; }
+      ''
         set -xe
         liamKey="$(echo "${liamKey}" | ${ssh-to-age})"
         declare -a userKeys

common/ssh.nix

@@ -38,7 +38,7 @@ in
     #vacu.ssh.authorizedKeys = mkOption { type = types.listOf types.str; };
     vacu.ssh.authorizedKeys = mkOption {
       type = types.attrsOf types.str;
-      default = {};
+      default = { };
     };
     vacu.ssh.config = mkOption { type = types.lines; };
     # Straight copied from nixpkgs 

flake.nix

@@ -99,11 +99,15 @@
       x86 = "x86_64-linux";
       arm = "aarch64-linux";
       lib = import "${nixpkgs}/lib";
-      mkPkgs = arg:
+      mkPkgs =
+        arg:
         let
           argAttr = if builtins.isString arg then { system = arg; } else arg;
-          config = { allowUnfree = true; } // (argAttr.config or {});
-        in import nixpkgs (argAttr // { inherit config; });
+          config = {
+            allowUnfree = true;
+          } // (argAttr.config or { });
+        in
+        import nixpkgs (argAttr // { inherit config; });
       pkgs = mkPkgs x86;
       mkNixosConfig =
         {
@@ -349,7 +353,9 @@
           # snmpb = pkgs.libsForQt5.callPackage ./packages/snmpb/package.nix { };
           # snmp-mibs-downloader = pkgs.callPackage ./packages/snmp-mibs-downloader.nix { };
           authorizedKeys = pkgs.writeText "authorizedKeys" (
-            lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "${v} ${k}") plain.config.vacu.ssh.authorizedKeys)
+            lib.concatStringsSep "\n" (
+              lib.mapAttrsToList (k: v: "${v} ${k}") plain.config.vacu.ssh.authorizedKeys
+            )
           );
           sopsConfig = plain.config.vacu.sopsConfig;
           nixvim = inputs.nixvim.legacyPackages.${system}.makeNixvimWithModule {

liam/sieve.nix

@@ -4,7 +4,13 @@
   ...
 }:
 let
-  inherit (lib.strings) concatStringsSep splitString match replaceStrings concatStrings;
+  inherit (lib.strings)
+    concatStringsSep
+    splitString
+    match
+    replaceStrings
+    concatStrings
+    ;
   inherit (lib.lists) reverseList length elemAt;
   email_folders = [
     "24nm-domain@shelvacu.com"

scripts/update-gitea-keys.nix

@@ -3,7 +3,7 @@
   writers,
   curl,
   sops,
-  lib
+  lib,
 }:
 let
   sopsCommand = [
@@ -21,7 +21,7 @@ let
   ];
 in
 writers.writeScriptBin "update-gitea-keys" ''
-age_key=$(ssh-to-age -private-key -i $HOME/.ssh/id_ed25519)
-gitea_api_key="$(SOPS_AGE_KEY="$age_key" sops --config ${../.sops.yaml} --extract '["git.uninsane.org"]' -d ${../secrets/misc/git-keys.json})"
-curl 
+  age_key=$(ssh-to-age -private-key -i $HOME/.ssh/id_ed25519)
+  gitea_api_key="$(SOPS_AGE_KEY="$age_key" sops --config ${../.sops.yaml} --extract '["git.uninsane.org"]' -d ${../secrets/misc/git-keys.json})"
+  curl 
 ''

triple-dezert/proxied/frontproxy.nix

@@ -22,17 +22,17 @@ let
     (lib.filter (c: c.enable))
   ];
   serviceValidDomainAssertions = map (proxiedConfig: {
-    assertion = lib.any (availableDomain:
-      (lib.hasSuffix ("." + availableDomain) proxiedConfig.domain) ||
-      (proxiedConfig.domain == availableDomain)
+    assertion = lib.any (
+      availableDomain:
+      (lib.hasSuffix ("." + availableDomain) proxiedConfig.domain)
+      || (proxiedConfig.domain == availableDomain)
     ) domains;
     message = "proxiedService ${proxiedConfig.name}'s `domain` does not match any of the known domains";
   }) proxied;
   mapListToAttrs = f: list: lib.listToAttrs (map f list);
 in
 {
-  assertions = [ ]
-    ++ serviceValidDomainAssertions;
+  assertions = [ ] ++ serviceValidDomainAssertions;
   security.acme.acceptTerms = true;
   security.acme.defaults = {
     email = "nix-acme@shelvacu.com";
@@ -44,8 +44,8 @@ in
     postRun = "${pkgs.nixos-container}/bin/nixos-container run frontproxy -- systemctl reload haproxy";
   };
 
-  security.acme.certs = mapListToAttrs (domain:
-    lib.nameValuePair domain { extraDomainNames = [ "*.${domain}" ]; }
+  security.acme.certs = mapListToAttrs (
+    domain: lib.nameValuePair domain { extraDomainNames = [ "*.${domain}" ]; }
   ) domains;
 
   users.groups.acme.gid = 993;
@@ -69,10 +69,13 @@ in
       autoStart = true;
       restartIfChanged = true;
       ephemeral = true;
-      bindMounts = mapListToAttrs (d: lib.nameValuePair "/certs/${d}" {
+      bindMounts = mapListToAttrs (
+        d:
+        lib.nameValuePair "/certs/${d}" {
           hostPath = outer_config.security.acme.certs.${d}.directory;
           isReadOnly = true;
-      }) domains;
+        }
+      ) domains;
       config =
         { config, ... }:
         {

triple-dezert/proxied/haproxy-config.nix

@@ -6,22 +6,35 @@
 }:
 let
   enableKeylog = false;
-  cleanName = name: lib.replaceStrings ["-" " "] [ "_" "_" ] name;
+  cleanName =
+    name:
+    lib.replaceStrings
+      [
+        "-"
+        " "
+      ]
+      [
+        "_"
+        "_"
+      ]
+      name;
   aclName = config: "host_" + (cleanName config.name);
   backendName = config: "backend_" + (cleanName config.name);
-  concatMap = sep: f: list: lib.concatStringsSep sep (map f list);
+  concatMap =
+    sep: f: list:
+    lib.concatStringsSep sep (map f list);
   mapLines = f: list: concatMap "\n" f list;
   certs = concatMap " " (d: "crt /certs/${d}/full.pem") domains;
 in
 ''
-${lib.optionalString enableKeylog ''
+  ${lib.optionalString enableKeylog ''
     # ssl keylogging
     global
       tune.ssl.keylog on
       lua-load ${./sslkeylog.lua}
-''}
+  ''}
 
-global
+  global
     close-spread-time 1s
     hard-stop-after 3s
     description "triple-dezert frontproxy"
@@ -34,7 +47,7 @@ global
     log 127.0.0.1 syslog debug
 
 
-defaults
+  defaults
     # https://world.hey.com/goekesmi/haproxy-chrome-tcp-preconnect-and-error-408-a-post-preserved-from-the-past-2497d1f7
     timeout server 30s
     timeout client 10s
@@ -46,7 +59,7 @@ defaults
     mode http
     option httplog
 
-frontend main
+  frontend main
     bind :80
     bind :443 ssl ${certs}
 
@@ -59,9 +72,7 @@ frontend main
     # Check whether the client is attempting domain fronting.
     acl ssl_sni_http_host_match ssl_fc_sni,strcmp(req.host) eq 0
 
-  ${mapLines (c:
-    ''  acl ${aclName c} var(req.host) -m str "${c.domain}"''
-  ) proxied}
+    ${mapLines (c: ''acl ${aclName c} var(req.host) -m str "${c.domain}"'') proxied}
 
     http-after-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" if { ssl_fc }
 
@@ -72,27 +83,26 @@ frontend main
 
     # garunteed ssl-only from here on
 
-  ${mapLines (d:
-    ''  http-request redirect location "https://${d}%[capture.req.uri]" code 301 if { var(req.host) -m str "www.${d}" }''
-  ) domains}
+    ${
+      mapLines (
+        d:
+        ''http-request redirect location "https://${d}%[capture.req.uri]" code 301 if { var(req.host) -m str "www.${d}" }''
+      ) domains
+    }
     http-request return string "Shelvacu is awesome" content-type text/plain if { path / } { var(req.host) -m str "shelvacu.com" }
     http-request return string "Jean-luc is awesome" content-type text/plain if { path / } { var(req.host) -m str "jean-luc.org" }
 
-  ${mapLines (c:
-    '' http-request allow if ${aclName c}''
-  ) proxied}
+    ${mapLines (c: ''http-request allow if ${aclName c}'') proxied}
     http-request return status 404 string "not found" content-type text/plain
 
-  ${mapLines (c:
-    ''  use_backend ${backendName c} if ${aclName c}''
-  ) proxied}
+    ${mapLines (c: ''use_backend ${backendName c} if ${aclName c}'') proxied}
 
-${concatMap "\n\n" (c:
-''
+  ${concatMap "\n\n" (c: ''
     backend ${backendName c}
       mode http
       ${lib.optionalString c.forwardFor "option forwardfor"}
-    server main ${c.name}:${builtins.toString c.port} check maxconn ${builtins.toString c.maxConnections} ${if c.useSSL then "ssl verify none ssl-reuse" else "proto h1"}
-''
-) proxied}
+      server main ${c.name}:${builtins.toString c.port} check maxconn ${builtins.toString c.maxConnections} ${
+        if c.useSSL then "ssl verify none ssl-reuse" else "proto h1"
+      }
+  '') proxied}
 ''

triple-dezert/proxied/options.nix

@@ -3,12 +3,14 @@ let
   inherit (lib) mkOption types;
   outerConfig = config;
   ip4Segment = ''[0-9]{1,3}'';
-  ip4Address = types.addCheck
-    (types.strMatching (lib.concatStringsSep ''\.'' [ip4Segment ip4Segment ip4Segment ip4Segment]))
-    (s: 
-      lib.all (p: (lib.toInt p) < 255) (lib.splitString "." s)
-    )
-  ;
+  ip4Address = types.addCheck (types.strMatching (
+    lib.concatStringsSep ''\.'' [
+      ip4Segment
+      ip4Segment
+      ip4Segment
+      ip4Segment
+    ]
+  )) (s: lib.all (p: (lib.toInt p) < 255) (lib.splitString "." s));
   # Note: This accepts plenty of strings that aren't valid ipv6 addresses, this is just to catch when you accidentally put an ipv4 or something else in
   ip6Address = types.strMatching ''([a-fA-F0-9]{4}::?){1,7}[a-fA-F0-9]{4}'';
   ipAddress = types.either ip4Address ip6Address;
@@ -16,10 +18,16 @@ in
 {
   #       vacu.proxiedServices.habitat
   options.vacu.proxiedServices = mkOption {
-    default = {};
-    type = types.attrsOf (types.submodule ({name, config, ...}: {
+    default = { };
+    type = types.attrsOf (
+      types.submodule (
+        { name, config, ... }:
+        {
           options = {
-        enable = mkOption { type = types.bool; default = false; };
+            enable = mkOption {
+              type = types.bool;
+              default = false;
+            };
 
             name = mkOption {
               default = name;
@@ -39,11 +47,20 @@ in
 
             domain = mkOption { type = types.str; };
 
-        forwardFor = mkOption { type = types.bool; default = false; };
+            forwardFor = mkOption {
+              type = types.bool;
+              default = false;
+            };
 
-        maxConnections = mkOption { type = types.int; default = 500; };
+            maxConnections = mkOption {
+              type = types.int;
+              default = 500;
+            };
 
-        useSSL = mkOption { type = types.bool; default = false; };
+            useSSL = mkOption {
+              type = types.bool;
+              default = false;
+            };
           };
 
           config = lib.mkMerge [
@@ -51,6 +68,8 @@ in
               ipAddress = outerConfig.containers.${config.fromContainer}.localAddress;
             })
           ];
-    }));
+        }
+      )
+    );
   };
 }

triple-dezert/proxied/services/habitat-fwd.nix

@@ -1,4 +1,5 @@
-{ ... }: {
+{ ... }:
+{
   vacu.proxiedServices.habitat = {
     domain = "habitat.pwrhs.win";
     ipAddress = "10.78.79.114";

triple-dezert/proxied/services/llm.nix

@@ -1,5 +1,6 @@
 {
-  config, ...
+  config,
+  ...
 }:
 let
   contain = config.containers.llm;

triple-dezert/proxied/services/static-stuff.nix

@@ -25,8 +25,7 @@
       isReadOnly = true;
     };
 
-    config =
-      {
+    config = {
       system.stateVersion = "23.11";
       networking.firewall.enable = false;