From ada004ff16dbdb61236a3337156edbc83f11fd57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= Date: Sat, 28 Sep 2024 16:15:00 +0200 Subject: [PATCH] switch to nixfmt --- checks/flake-module.nix | 13 +-- checks/lib.nix | 4 +- checks/linkcheck/pkgs/default.nix | 4 +- checks/linkcheck/pkgs/wikiextractor.nix | 10 +-- checks/test.nix | 49 ++++++----- flake.nix | 58 +++++++------ formatter.nix | 9 +-- modules/flake-module.nix | 3 +- modules/monitoring.nix | 1 - modules/nixos-wiki/backup.nix | 81 ++++++++++--------- modules/nixos-wiki/default.nix | 18 +++-- modules/nixos-wiki/extensions.nix | 28 +++++-- targets/flake-module.nix | 33 ++++---- .../nixos-wiki.nixos.org/configuration.nix | 7 +- 14 files changed, 188 insertions(+), 130 deletions(-) diff --git a/checks/flake-module.nix b/checks/flake-module.nix index 2068709..265c9a1 100644 --- a/checks/flake-module.nix +++ b/checks/flake-module.nix @@ -1,9 +1,12 @@ -{ self, ... }: { +{ self, ... }: +{ perSystem = - { pkgs - , lib - , ... - }: { + { + pkgs, + lib, + ... + }: + { checks = lib.optionalAttrs pkgs.stdenv.isLinux { test = import ./test.nix { inherit self pkgs; }; }; diff --git a/checks/lib.nix b/checks/lib.nix index f930aa7..6d591db 100644 --- a/checks/lib.nix +++ b/checks/lib.nix @@ -15,6 +15,8 @@ in # This makes `self` available in the NixOS configuration of our virtual machines. # This is useful for referencing modules or packages from your own flake # as well as importing from other flakes. - node.specialArgs = { inherit self; }; + node.specialArgs = { + inherit self; + }; imports = [ test ]; }).config.result diff --git a/checks/linkcheck/pkgs/default.nix b/checks/linkcheck/pkgs/default.nix index ec85a5c..d60de5f 100644 --- a/checks/linkcheck/pkgs/default.nix +++ b/checks/linkcheck/pkgs/default.nix @@ -1,4 +1,6 @@ -{ pkgs ? import { } }: +{ + pkgs ? import { }, +}: { wikiextractor = pkgs.callPackage ./wikiextractor.nix { }; } diff --git a/checks/linkcheck/pkgs/wikiextractor.nix b/checks/linkcheck/pkgs/wikiextractor.nix index ad58c0b..da9bf85 100644 --- a/checks/linkcheck/pkgs/wikiextractor.nix +++ b/checks/linkcheck/pkgs/wikiextractor.nix @@ -1,8 +1,8 @@ -{ lib -, python3 -, fetchpatch -, fetchFromGitHub -, +{ + lib, + python3, + fetchpatch, + fetchFromGitHub, }: python3.pkgs.buildPythonApplication rec { diff --git a/checks/test.nix b/checks/test.nix index aded957..a587775 100644 --- a/checks/test.nix +++ b/checks/test.nix @@ -2,28 +2,35 @@ name = "nixos-wiki"; nodes = { # `self` here is set by using specialArgs in `lib.nix` - wiki = { self, pkgs, config, ... }: { - imports = [ - self.nixosModules.nixos-wiki - ]; - networking.extraHosts = '' - 127.0.0.1 nixos-wiki.example.com - ''; - security.acme.defaults.email = "admin@example.com"; - services.nixos-wiki = { - hostname = "nixos-wiki.example.com"; - adminPasswordFile = pkgs.writeText "adminPasswordFile" "Creation-Fabric-Untrimmed3"; - githubClientId = "Iv1.95ed182c83df1d22"; - githubClientSecretFile = pkgs.writeText "githubClientSecretFile" "secret"; - emergencyContact = "nixos-wiki@thalheim.io"; - passwordSender = "nixos-wiki@thalheim.io"; - noReplyAddress = "nixos-wiki-no-reply@thalheim.io"; + wiki = + { + self, + pkgs, + config, + ... + }: + { + imports = [ + self.nixosModules.nixos-wiki + ]; + networking.extraHosts = '' + 127.0.0.1 nixos-wiki.example.com + ''; + security.acme.defaults.email = "admin@example.com"; + services.nixos-wiki = { + hostname = "nixos-wiki.example.com"; + adminPasswordFile = pkgs.writeText "adminPasswordFile" "Creation-Fabric-Untrimmed3"; + githubClientId = "Iv1.95ed182c83df1d22"; + githubClientSecretFile = pkgs.writeText "githubClientSecretFile" "secret"; + emergencyContact = "nixos-wiki@thalheim.io"; + passwordSender = "nixos-wiki@thalheim.io"; + noReplyAddress = "nixos-wiki-no-reply@thalheim.io"; + }; + services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = { + enableACME = false; + forceSSL = false; + }; }; - services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = { - enableACME = false; - forceSSL = false; - }; - }; }; # This is the test code that will check if our service is running correctly: testScript = '' diff --git a/flake.nix b/flake.nix index 4eed4ea..cef10a3 100644 --- a/flake.nix +++ b/flake.nix @@ -19,31 +19,39 @@ sops-nix.inputs.nixpkgs-stable.follows = ""; }; - outputs = inputs@{ flake-parts, ... }: - flake-parts.lib.mkFlake { inherit inputs; } ({ self, lib, ... }: { - systems = [ - "aarch64-linux" - "x86_64-linux" + outputs = + inputs@{ flake-parts, ... }: + flake-parts.lib.mkFlake { inherit inputs; } ( + { self, lib, ... }: + { + systems = [ + "aarch64-linux" + "x86_64-linux" - "x86_64-darwin" - "aarch64-darwin" - ]; - imports = [ - inputs.treefmt-nix.flakeModule - ./targets/flake-module.nix - ./modules/flake-module.nix - ./checks/flake-module.nix - ./formatter.nix - ]; - perSystem = { self', system, ... }: { + "x86_64-darwin" + "aarch64-darwin" + ]; + imports = [ + inputs.treefmt-nix.flakeModule + ./targets/flake-module.nix + ./modules/flake-module.nix + ./checks/flake-module.nix + ./formatter.nix + ]; + perSystem = + { self', system, ... }: + { - checks = - let - nixosMachines = lib.mapAttrs' (name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations); - packages = lib.mapAttrs' (n: lib.nameValuePair "package-${n}") self'.packages; - devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells; - in - nixosMachines // packages // devShells; - }; - }); + checks = + let + nixosMachines = lib.mapAttrs' ( + name: config: lib.nameValuePair "nixos-${name}" config.config.system.build.toplevel + ) ((lib.filterAttrs (_: config: config.pkgs.system == system)) self.nixosConfigurations); + packages = lib.mapAttrs' (n: lib.nameValuePair "package-${n}") self'.packages; + devShells = lib.mapAttrs' (n: lib.nameValuePair "devShell-${n}") self'.devShells; + in + nixosMachines // packages // devShells; + }; + } + ); } diff --git a/formatter.nix b/formatter.nix index 319e4e0..8147011 100644 --- a/formatter.nix +++ b/formatter.nix @@ -17,7 +17,8 @@ "targets/nixos-wiki.nixos.org/secrets/*" ]; programs.hclfmt.enable = true; - programs.nixpkgs-fmt.enable = true; + programs.nixfmt.enable = true; + programs.nixfmt.package = pkgs.nixfmt-rfc-style; programs.deadnix.enable = true; programs.ruff.format = true; programs.ruff.check = true; @@ -39,8 +40,7 @@ provider.override (prev: { homepage = builtins.replaceStrings [ "registry.terraform.io/providers" ] [ "registry.opentofu.org" - ] - prev.homepage; + ] prev.homepage; }); in [ @@ -57,8 +57,7 @@ )) ]; }; - } - // (import ./checks/linkcheck/pkgs { inherit pkgs; }); + } // (import ./checks/linkcheck/pkgs { inherit pkgs; }); devShells.linkcheck = pkgs.mkShell { packages = [ pkgs.lychee diff --git a/modules/flake-module.nix b/modules/flake-module.nix index 9da303d..77454c5 100644 --- a/modules/flake-module.nix +++ b/modules/flake-module.nix @@ -1,4 +1,5 @@ -{ inputs, ... }: { +{ inputs, ... }: +{ flake.nixosModules = { hcloud.imports = [ inputs.srvos.nixosModules.server diff --git a/modules/monitoring.nix b/modules/monitoring.nix index ef93490..922ca75 100644 --- a/modules/monitoring.nix +++ b/modules/monitoring.nix @@ -7,4 +7,3 @@ ip6tables -D nixos-fw -p tcp --source 2a03:4000:62:fdb::/128 --dport 9273 -j nixos-fw-accept || true ''; } - diff --git a/modules/nixos-wiki/backup.nix b/modules/nixos-wiki/backup.nix index a42de1f..0f1d30c 100644 --- a/modules/nixos-wiki/backup.nix +++ b/modules/nixos-wiki/backup.nix @@ -2,46 +2,49 @@ let wikiDump = "/var/lib/mediawiki/backup/wikidump.xml.zst"; - mediawiki-maintenance = pkgs.runCommand "mediawiki-maintenance" - { - nativeBuildInputs = [ pkgs.makeWrapper ]; - preferLocalBuild = true; - } '' - mkdir -p $out/bin - makeWrapper ${config.services.phpfpm.pools.mediawiki.phpPackage}/bin/php $out/bin/mediawiki-maintenance \ - --set MEDIAWIKI_CONFIG ${config.services.phpfpm.pools.mediawiki.phpEnv.MEDIAWIKI_CONFIG} \ - --add-flags ${config.services.mediawiki.finalPackage}/share/mediawiki/maintenance/run.php - ''; - - wiki-backup = pkgs.writeShellApplication - { - name = "wiki-backup"; - runtimeInputs = [ - config.services.postgresql.package - pkgs.util-linux - ]; - text = '' - mkdir -p /var/lib/mediawiki/backup/ - runuser -u postgres -- pg_dump --compress=zstd --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp - mv /var/lib/mediawiki/backup/{db.tmp,db} + mediawiki-maintenance = + pkgs.runCommand "mediawiki-maintenance" + { + nativeBuildInputs = [ pkgs.makeWrapper ]; + preferLocalBuild = true; + } + '' + mkdir -p $out/bin + makeWrapper ${config.services.phpfpm.pools.mediawiki.phpPackage}/bin/php $out/bin/mediawiki-maintenance \ + --set MEDIAWIKI_CONFIG ${config.services.phpfpm.pools.mediawiki.phpEnv.MEDIAWIKI_CONFIG} \ + --add-flags ${config.services.mediawiki.finalPackage}/share/mediawiki/maintenance/run.php ''; - }; + + wiki-backup = pkgs.writeShellApplication { + name = "wiki-backup"; + runtimeInputs = [ + config.services.postgresql.package + pkgs.util-linux + ]; + text = '' + mkdir -p /var/lib/mediawiki/backup/ + runuser -u postgres -- pg_dump --compress=zstd --format=custom mediawiki > /var/lib/mediawiki/backup/db.tmp + mv /var/lib/mediawiki/backup/{db.tmp,db} + ''; + }; # to restore: # $ runuser -u postgres -- pg_restore --format=custom -d mediawiki < /tmp/db - wiki-dump = pkgs.writeShellApplication - { - name = "wiki-dump"; - runtimeInputs = [ pkgs.util-linux pkgs.coreutils ]; - text = '' - mkdir -p /var/lib/mediawiki/backup/ - runuser -u mediawiki -- ${mediawiki-maintenance}/bin/mediawiki-maintenance dumpBackup.php \ - --full --include-files --uploads --quiet | \ - ${pkgs.zstd}/bin/zstd > ${wikiDump}.tmp - mv ${wikiDump}{.tmp,} - ''; - }; + wiki-dump = pkgs.writeShellApplication { + name = "wiki-dump"; + runtimeInputs = [ + pkgs.util-linux + pkgs.coreutils + ]; + text = '' + mkdir -p /var/lib/mediawiki/backup/ + runuser -u mediawiki -- ${mediawiki-maintenance}/bin/mediawiki-maintenance dumpBackup.php \ + --full --include-files --uploads --quiet | \ + ${pkgs.zstd}/bin/zstd > ${wikiDump}.tmp + mv ${wikiDump}{.tmp,} + ''; + }; in { environment.systemPackages = [ mediawiki-maintenance ]; @@ -74,7 +77,8 @@ in }; }; - services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName}.locations."=/wikidump.xml.zst".alias = wikiDump; + services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName}.locations."=/wikidump.xml.zst".alias = + wikiDump; sops.secrets.storagebox-ssh-key = { sopsFile = ../../targets/nixos-wiki.nixos.org/secrets/backup_share_ssh_key; @@ -113,7 +117,10 @@ in monthly = 3; }; - paths = [ "/var/lib/mediawiki-uploads" "/var/lib/mediawiki/backup" ]; + paths = [ + "/var/lib/mediawiki-uploads" + "/var/lib/mediawiki/backup" + ]; # Where to backup it to repo = "u391032-sub1@u391032.your-storagebox.de:wiki.nixos.org/repo"; diff --git a/modules/nixos-wiki/default.nix b/modules/nixos-wiki/default.nix index 3d49874..e61ccd2 100644 --- a/modules/nixos-wiki/default.nix +++ b/modules/nixos-wiki/default.nix @@ -1,4 +1,9 @@ -{ config, pkgs, lib, ... }: +{ + config, + pkgs, + lib, + ... +}: let cfg = config.services.nixos-wiki; in @@ -175,7 +180,9 @@ in # https://www.mediawiki.org/wiki/Help:Extension:Translate/Installation services.phpfpm.pools.mediawiki.phpOptions = let - phpVersion = builtins.replaceStrings [ "." ] [ "" ] (lib.versions.majorMinor config.services.phpfpm.pools.mediawiki.phpPackage.version); + phpVersion = builtins.replaceStrings [ "." ] [ "" ] ( + lib.versions.majorMinor config.services.phpfpm.pools.mediawiki.phpPackage.version + ); extensions = pkgs."php${phpVersion}Extensions"; in '' @@ -202,9 +209,10 @@ in ''; systemd.services.mediawiki-init.serviceConfig.RemainAfterExit = true; - - - networking.firewall.allowedTCPPorts = [ 443 80 ]; + networking.firewall.allowedTCPPorts = [ + 443 + 80 + ]; security.acme.acceptTerms = true; services.nginx.virtualHosts.${config.services.mediawiki.nginx.hostName} = { enableACME = lib.mkDefault true; diff --git a/modules/nixos-wiki/extensions.nix b/modules/nixos-wiki/extensions.nix index 181592e..7d07c48 100644 --- a/modules/nixos-wiki/extensions.nix +++ b/modules/nixos-wiki/extensions.nix @@ -1,7 +1,23 @@ -{ fetchzip }: { - "MobileFrontend" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/MobileFrontend-REL1_42-db1bbe7.tar.gz/MobileFrontend-REL1_42-db1bbe7.tar.gz"; hash = "sha256-jHeG1pr/YEdIsrCUPKLJ6DXdOW52sYjCXex3Ns9pi4A="; }; - "DarkMode" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/DarkMode-REL1_42-66aad97.tar.gz/DarkMode-REL1_42-66aad97.tar.gz"; hash = "sha256-xt7+yiD2oDsK0q7tsqAtYdiKcLqWr8DiWl+zAmoqQpg="; }; - "QuickInstantCommons" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/QuickInstantCommons-REL1_42-3e6a069.tar.gz/QuickInstantCommons-REL1_42-3e6a069.tar.gz"; hash = "sha256-U7mNjhr0kI46gWForiUBKXQEYSuvME8+YVwMOVpuhm0="; }; - "Translate" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/Translate-REL1_42-3531d86.tar.gz/Translate-REL1_42-3531d86.tar.gz"; hash = "sha256-t1fBccarl0wQTlrCM4UDJyGw8M9eCyUk7Wbk8AxRG7w="; }; - "UniversalLanguageSelector" = fetchzip { url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz"; hash = "sha256-XujlyG3K07XAzW+Vat8NZypKIpHwGCZt6bxmxH57e0M="; }; +{ fetchzip }: +{ + "MobileFrontend" = fetchzip { + url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/MobileFrontend-REL1_42-db1bbe7.tar.gz/MobileFrontend-REL1_42-db1bbe7.tar.gz"; + hash = "sha256-jHeG1pr/YEdIsrCUPKLJ6DXdOW52sYjCXex3Ns9pi4A="; + }; + "DarkMode" = fetchzip { + url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/DarkMode-REL1_42-66aad97.tar.gz/DarkMode-REL1_42-66aad97.tar.gz"; + hash = "sha256-xt7+yiD2oDsK0q7tsqAtYdiKcLqWr8DiWl+zAmoqQpg="; + }; + "QuickInstantCommons" = fetchzip { + url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/QuickInstantCommons-REL1_42-3e6a069.tar.gz/QuickInstantCommons-REL1_42-3e6a069.tar.gz"; + hash = "sha256-U7mNjhr0kI46gWForiUBKXQEYSuvME8+YVwMOVpuhm0="; + }; + "Translate" = fetchzip { + url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/Translate-REL1_42-3531d86.tar.gz/Translate-REL1_42-3531d86.tar.gz"; + hash = "sha256-t1fBccarl0wQTlrCM4UDJyGw8M9eCyUk7Wbk8AxRG7w="; + }; + "UniversalLanguageSelector" = fetchzip { + url = "https://github.com/NixOS/nixos-wiki-infra/releases/download/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz/UniversalLanguageSelector-REL1_42-17bbc88.tar.gz"; + hash = "sha256-XujlyG3K07XAzW+Vat8NZypKIpHwGCZt6bxmxH57e0M="; + }; } diff --git a/targets/flake-module.nix b/targets/flake-module.nix index 046dd1c..90bbca7 100644 --- a/targets/flake-module.nix +++ b/targets/flake-module.nix @@ -4,22 +4,23 @@ let configs = builtins.filter (dir: builtins.pathExists (./. + "/${dir}/configuration.nix")) entries; in { - flake.nixosConfigurations = lib.listToAttrs - (builtins.map - (name: - lib.nameValuePair - (builtins.replaceStrings [ "." ] [ "-" ] name) - (lib.nixosSystem { - system = "x86_64-linux"; - # Make flake available in modules - specialArgs = { - self = { - inputs = self.inputs; - nixosModules = self.nixosModules; - }; + flake.nixosConfigurations = lib.listToAttrs ( + builtins.map ( + name: + lib.nameValuePair (builtins.replaceStrings [ "." ] [ "-" ] name) ( + lib.nixosSystem { + system = "x86_64-linux"; + # Make flake available in modules + specialArgs = { + self = { + inputs = self.inputs; + nixosModules = self.nixosModules; }; + }; - modules = [ (./. + "/${name}/configuration.nix") ]; - })) - configs); + modules = [ (./. + "/${name}/configuration.nix") ]; + } + ) + ) configs + ); } diff --git a/targets/nixos-wiki.nixos.org/configuration.nix b/targets/nixos-wiki.nixos.org/configuration.nix index 19d402e..cc9b1f7 100644 --- a/targets/nixos-wiki.nixos.org/configuration.nix +++ b/targets/nixos-wiki.nixos.org/configuration.nix @@ -1,4 +1,9 @@ -{ self, lib, config, ... }: +{ + self, + lib, + config, + ... +}: let nixosVars = builtins.fromJSON (builtins.readFile ./nixos-vars.json); in