Merge pull request 'editorconfig' (!55) from editorconfig into main

Reviewed-on: Drift/pvv-nixos-config#55
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>

.editorconfig

@@ -0,0 +1,10 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.nix]
+indent_style = space
+indent_size = 2

.git-blame-ignore-revs

@@ -0,0 +1 @@
+e00008da1afe0d760badd34bbeddff36bb08c475

.sops.yaml

@@ -30,7 +30,7 @@ creation_rules:
       - *user_oysteikt
 
   # Host specific secrets
-  
+
   - path_regex: secrets/bekkalokk/[^/]+\.yaml$
     key_groups:
     - age:
@@ -66,7 +66,7 @@ creation_rules:
       - *user_pederbs_bjarte
       pgp:
       - *user_oysteikt
-  
+
   - path_regex: secrets/bicep/[^/]+\.yaml$
     key_groups:
     - age:

hosts/bekkalokk/services/gitea/ci.nix

@@ -15,9 +15,9 @@ let
         enable = true;
         name = "git-runner-${name}"; url = "https://git.pvv.ntnu.no";
         labels = [
-	  "debian-latest:docker://node:18-bullseye"
-	  "ubuntu-latest:docker://node:18-bullseye"
-	];
+          "debian-latest:docker://node:18-bullseye"
+          "ubuntu-latest:docker://node:18-bullseye"
+        ];
         tokenFile = config.sops.secrets."gitea/runners/${name}".path;
       };
     };

hosts/bekkalokk/services/idp-simplesamlphp/authpwauth.php

@@ -112,7 +112,7 @@ class PwAuth extends \SimpleSAML\Module\core\Auth\UserPassBase
             array_shift($groups);
             array_shift($groups);
             array_pop($groups);
-	    
+
             $info = posix_getpwnam($uid);
             $group = $info['gid'];
             if (!in_array($group, $groups)) {

hosts/bekkalokk/services/idp-simplesamlphp/config.php

@@ -58,7 +58,7 @@ $config = [
     /*
      * The following settings are *filesystem paths* which define where
      * SimpleSAMLphp can find or write the following things:
-     * - 'cachedir': Where SimpleSAMLphp can write its cache. 
+     * - 'cachedir': Where SimpleSAMLphp can write its cache.
      * - 'loggingdir': Where to write logs. MUST be set to NULL when using a logging
      *                 handler other than `file`.
      * - 'datadir': Storage of general data.

hosts/bekkalokk/services/idp-simplesamlphp/default.nix

@@ -22,62 +22,62 @@ let
       # openssl req -newkey rsa:4096 -new -x509 -days 365 -nodes -out idp.crt -keyout idp.pem
       "metadata/saml20-idp-hosted.php" = pkgs.writeText "saml20-idp-remote.php" ''
         <?php
-	  $metadata['https://idp.pvv.ntnu.no/'] = array(
-	    'host' => '__DEFAULT__',
-	    'privatekey' => '${config.sops.secrets."idp/privatekey".path}',
-	    'certificate' => '${./idp.crt}',
-	    'auth' => 'pwauth',
-	  );
-	?>
+        $metadata['https://idp.pvv.ntnu.no/'] = array(
+          'host' => '__DEFAULT__',
+          'privatekey' => '${config.sops.secrets."idp/privatekey".path}',
+          'certificate' => '${./idp.crt}',
+          'auth' => 'pwauth',
+        );
+        ?>
       '';
 
       "metadata/saml20-sp-remote.php" = pkgs.writeText "saml20-sp-remote.php" ''
         <?php
-	  ${ lib.pipe config.services.idp.sp-remote-metadata [
-             (map (url: ''
-               $metadata['${url}'] = [
-                   'SingleLogoutService' => [
-                       [
-                           'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
-                           'Location' => '${url}module.php/saml/sp/saml2-logout.php/default-sp',
-                       ],
-                       [
-                           'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
-                           'Location' => '${url}module.php/saml/sp/saml2-logout.php/default-sp',
-                       ],
-                   ],
-                   'AssertionConsumerService' => [
-                       [
-                           'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
-                           'Location' => '${url}module.php/saml/sp/saml2-acs.php/default-sp',
-                           'index' => 0,
-                       ],
-                       [
-                           'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
-                           'Location' => '${url}module.php/saml/sp/saml2-acs.php/default-sp',
-                           'index' => 1,
-                       ],
-                   ],
-               ];
-	     ''))
-	     (lib.concatStringsSep "\n")
-	  ]}
-	?>
+          ${ lib.pipe config.services.idp.sp-remote-metadata [
+            (map (url: ''
+              $metadata['${url}'] = [
+                'SingleLogoutService' => [
+                  [
+                    'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect',
+                    'Location' => '${url}module.php/saml/sp/saml2-logout.php/default-sp',
+                  ],
+                  [
+                    'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:SOAP',
+                    'Location' => '${url}module.php/saml/sp/saml2-logout.php/default-sp',
+                  ],
+                ],
+                'AssertionConsumerService' => [
+                  [
+                    'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST',
+                    'Location' => '${url}module.php/saml/sp/saml2-acs.php/default-sp',
+                    'index' => 0,
+                  ],
+                  [
+                    'Binding' => 'urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact',
+                    'Location' => '${url}module.php/saml/sp/saml2-acs.php/default-sp',
+                    'index' => 1,
+                  ],
+                ],
+              ];
+            ''))
+            (lib.concatStringsSep "\n")
+          ]}
+        ?>
       '';
 
       "config/authsources.php" = pkgs.writeText "idp-authsources.php" ''
         <?php
           $config = array(
-	    'admin' => array(
-	      'core:AdminPassword'
-	    ),
+            'admin' => array(
+              'core:AdminPassword'
+            ),
             'pwauth' => array(
-               'authpwauth:PwAuth',
-               'pwauth_bin_path' => '${lib.getExe pwAuthScript}',
-               'mail_domain' => '@pvv.ntnu.no',
+              'authpwauth:PwAuth',
+              'pwauth_bin_path' => '${lib.getExe pwAuthScript}',
+              'mail_domain' => '@pvv.ntnu.no',
             ),
           );
-	?>
+        ?>
       '';
 
       "config/config.php" = pkgs.runCommandLocal "simplesamlphp-config.php" { } ''
@@ -108,7 +108,7 @@ in
       List of urls point to (simplesamlphp) service profiders, which the idp should trust.
 
       :::{.note}
-	Make sure the url ends with a `/`
+      Make sure the url ends with a `/`
       :::
     '';
   };
@@ -132,7 +132,7 @@ in
         owner = "idp";
         group = "idp";
       };
-    };  
+    };
 
     users.groups."idp" = { };
     users.users."idp" = {
@@ -199,9 +199,9 @@ in
           '';
         };
         "^~ /simplesaml/".extraConfig = ''
-	  rewrite ^/simplesaml/(.*)$ /$1 redirect;
-	  return 404;
-	'';
+          rewrite ^/simplesaml/(.*)$ /$1 redirect;
+          return 404;
+        '';
       };
     };
   };

hosts/bekkalokk/services/kerberos/pam.nix

@@ -885,9 +885,9 @@ let
   # Create a limits.conf(5) file.
   makeLimitsConf = limits:
     pkgs.writeText "limits.conf"
-       (concatMapStrings ({ domain, type, item, value }:
-         "${domain} ${type} ${item} ${toString value}\n")
-         limits);
+      (concatMapStrings ({ domain, type, item, value }:
+        "${domain} ${type} ${item} ${toString value}\n")
+        limits);
 
   limitsType = with lib.types; listOf (submodule ({ ... }: {
     options = {
@@ -935,8 +935,8 @@ let
   }));
 
   motd = if config.users.motdFile == null
-         then pkgs.writeText "motd" config.users.motd
-         else config.users.motdFile;
+    then pkgs.writeText "motd" config.users.motd
+    else config.users.motdFile;
 
   makePAMService = name: service:
     { name = "pam.d/${name}";
@@ -976,20 +976,20 @@ in
             item   = "maxlogins";
             value  = "4";
           }
-       ];
+        ];
 
-     description = lib.mdDoc ''
-       Define resource limits that should apply to users or groups.
-       Each item in the list should be an attribute set with a
-       {var}`domain`, {var}`type`,
-       {var}`item`, and {var}`value`
-       attribute.  The syntax and semantics of these attributes
-       must be that described in {manpage}`limits.conf(5)`.
+      description = lib.mdDoc ''
+        Define resource limits that should apply to users or groups.
+        Each item in the list should be an attribute set with a
+        {var}`domain`, {var}`type`,
+        {var}`item`, and {var}`value`
+        attribute.  The syntax and semantics of these attributes
+        must be that described in {manpage}`limits.conf(5)`.
 
-       Note that these limits do not apply to systemd services,
-       whose limits can be changed via {option}`systemd.extraConfig`
-       instead.
-     '';
+        Note that these limits do not apply to systemd services,
+        whose limits can be changed via {option}`systemd.extraConfig`
+        instead.
+      '';
     };
 
     security.pam.services = mkOption {
@@ -1507,8 +1507,8 @@ in
         runuser = { rootOK = true; unixAuth = false; setEnvironment = false; };
 
         /* FIXME: should runuser -l start a systemd session? Currently
-           it complains "Cannot create session: Already running in a
-           session". */
+            it complains "Cannot create session: Already running in a
+            session". */
         runuser-l = { rootOK = true; unixAuth = false; };
       } // optionalAttrs config.security.pam.enableFscrypt {
         # Allow fscrypt to verify login passphrase

hosts/bekkalokk/services/mediawiki/default.nix

@@ -199,7 +199,7 @@ in {
         extraConfig = ''
           location ~ ^/simplesaml/(?<phpfile>.+?\.php)(?<pathinfo>/.*)?$ {
             include ${pkgs.nginx}/conf/fastcgi_params;
-            fastcgi_pass unix:${config.services.phpfpm.pools.mediawiki.socket}; 
+            fastcgi_pass unix:${config.services.phpfpm.pools.mediawiki.socket};
             fastcgi_param SCRIPT_FILENAME ${simplesamlphp}/share/php/simplesamlphp/public/$phpfile;
 
             # Must be prepended with the baseurlpath

hosts/bekkalokk/services/mediawiki/simplesaml-config.php

@@ -58,7 +58,7 @@ $config = [
     /*
      * The following settings are *filesystem paths* which define where
      * SimpleSAMLphp can find or write the following things:
-     * - 'cachedir': Where SimpleSAMLphp can write its cache. 
+     * - 'cachedir': Where SimpleSAMLphp can write its cache.
      * - 'loggingdir': Where to write logs. MUST be set to NULL when using a logging
      *                 handler other than `file`.
      * - 'datadir': Storage of general data.

hosts/bekkalokk/services/webmail/roundcube.nix

@@ -4,7 +4,7 @@ with lib;
 let
   cfg = config.services.roundcube;
   domain = "webmail.pvv.ntnu.no";
-in 
+in
 {
   services.roundcube = {
     enable = true;

hosts/bekkalokk/services/website/default.nix

@@ -21,8 +21,8 @@ in {
   services.idp.sp-remote-metadata = [
     "https://www.pvv.ntnu.no/simplesaml/"
     "https://pvv.ntnu.no/simplesaml/"
-    "https://www.pvv.org/simplesaml/" 
-    "https://pvv.org/simplesaml/" 
+    "https://www.pvv.org/simplesaml/"
+    "https://pvv.org/simplesaml/"
   ];
 
   services.pvv-nettsiden = {
@@ -43,7 +43,7 @@ in {
                   'idp' => 'https://idp.pvv.ntnu.no/',
               ),
           );
-	'';
+        '';
       };
     };
 

hosts/bekkalokk/services/website/fetch-gallery.nix

@@ -46,7 +46,7 @@ in {
       while IFS= read fname; do
         # Skip this file if an up-to-date thumbnail already exists
         if [ -f ".thumbnails/$fname.png" ] && \
-           [ "$(date -R -r "$fname")" == "$(date -R -r ".thumbnails/$fname.png")" ]
+          [ "$(date -R -r "$fname")" == "$(date -R -r ".thumbnails/$fname.png")" ]
         then
           continue
         fi
@@ -54,7 +54,7 @@ in {
         echo "Creating thumbnail for $fname"
         mkdir -p $(dirname ".thumbnails/$fname")
         convert -define jpeg:size=200x200 "$fname" -thumbnail 300 -auto-orient ".thumbnails/$fname.png" ||:
-	touch -m -d "$(date -R -r "$fname")" ".thumbnails/$fname.png"
+        touch -m -d "$(date -R -r "$fname")" ".thumbnails/$fname.png"
       done <<< "$images"
     '';
 

hosts/bicep/services/matrix/coturn.nix

@@ -26,7 +26,7 @@
 
         "turns:turn.pvv.ntnu.no:5349?transport=tcp"
         "turns:turn.pvv.ntnu.no:5349?transport=udp"
-        
+
         "turns:turn.pvv.ntnu.no:3478?transport=udp"
         "turns:turn.pvv.ntnu.no:3478?transport=tcp"
         "turn:turn.pvv.ntnu.no:3478?transport=udp"
@@ -69,7 +69,7 @@
 
     tls-listening-port = 443;
     alt-tls-listening-port = 5349;
- 
+
     listening-port = 3478;
 
     min-port = 49000;
@@ -116,7 +116,7 @@
       #total-quota=1200
     '';
   };
-  
+
   networking.firewall = {
     interfaces.enp6s0f0 = let
       range = with config.services.coturn; [ {

hosts/bicep/services/matrix/default.nix

@@ -12,6 +12,6 @@
     ./discord.nix
   ];
 
-  
+
 
 }

hosts/bicep/services/matrix/synapse.nix

@@ -141,7 +141,7 @@ in {
 
 
   services.redis.servers."".enable = true;
-  
+
   services.nginx.virtualHosts."matrix.pvv.ntnu.no" = lib.mkMerge [
   {
     kTLS = true;

hosts/bicep/services/mysql.nix

@@ -15,12 +15,12 @@
       mysqld = {
         # PVV allows a lot of connections at the same time
         max_connect_errors = 10000;
-	bind-address = values.services.mysql.ipv4;
-	skip-networking = 0;
+        bind-address = values.services.mysql.ipv4;
+        skip-networking = 0;
 
-	# This was needed in order to be able to use all of the old users
-	# during migration from knakelibrak to bicep in Sep. 2023
-	secure_auth = 0;
+        # This was needed in order to be able to use all of the old users
+        # during migration from knakelibrak to bicep in Sep. 2023
+        secure_auth = 0;
       };
     };
 

hosts/bikkje/configuration.nix

@@ -35,10 +35,10 @@
         # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
         useHostResolvConf = mkForce false;
       };
-      
+
       system.stateVersion = "23.11";
       services.resolved.enable = true;
     };
   };
 
-};
+};

hosts/ildkule/services/monitoring/dashboards/node-exporter-full.json

@@ -23187,4 +23187,4 @@
   "uid": "rYdddlPWk",
   "version": 9,
   "weekStart": ""
-}
+}

hosts/ildkule/services/monitoring/dashboards/postgres.json

@@ -3164,4 +3164,4 @@
   "title": "PostgreSQL Database",
   "uid": "000000039",
   "version": 1
-}
+}

hosts/ildkule/services/monitoring/grafana.nix

@@ -35,7 +35,7 @@ in {
           name = "Ildkule Prometheus";
           type = "prometheus";
           url = "http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}";
-         isDefault = true;
+          isDefault = true;
         }
         {
           name = "Ildkule loki";
@@ -56,13 +56,13 @@ in {
           url = "https://raw.githubusercontent.com/matrix-org/synapse/develop/contrib/grafana/synapse.json";
           options.path = dashboards/synapse.json;
         }
-	# TODO: enable once https://github.com/NixOS/nixpkgs/pull/242365 gets merged
-	# {
-	#   name = "MySQL";
-	#   type = "file";
-	#   url = "https://raw.githubusercontent.com/prometheus/mysqld_exporter/main/mysqld-mixin/dashboards/mysql-overview.json";
-	#   options.path = dashboards/mysql.json;
-	# }
+        # TODO: enable once https://github.com/NixOS/nixpkgs/pull/242365 gets merged
+        # {
+        #   name = "MySQL";
+        #   type = "file";
+        #   url = "https://raw.githubusercontent.com/prometheus/mysqld_exporter/main/mysqld-mixin/dashboards/mysql-overview.json";
+        #   options.path = dashboards/mysql.json;
+        # }
         {
           name = "Postgresql";
           type = "file";

hosts/ildkule/services/monitoring/loki.nix

@@ -58,7 +58,7 @@ in {
       };
 
       limits_config = {
-	allow_structured_metadata = false;
+        allow_structured_metadata = false;
         reject_old_samples = true;
         reject_old_samples_max_age = "72h";
       };

hosts/ildkule/services/monitoring/prometheus/postgres.nix

@@ -38,7 +38,7 @@ in {
   };
 
   systemd.services.prometheus-postgres-exporter-knakelibrak.serviceConfig = let
-    localCfg = config.services.prometheus.exporters.postgres; 
+    localCfg = config.services.prometheus.exporters.postgres;
   in lib.recursiveUpdate config.systemd.services.prometheus-postgres-exporter.serviceConfig {
       EnvironmentFile = config.sops.secrets."keys/postgres/postgres_exporter_knakelibrak_env".path;
       ExecStart = ''

misc/rust-motd.nix

@@ -32,7 +32,7 @@
             color = "red";
             command = "hostname | ${pkgs.toilet}/bin/toilet -f mono9";
           };
-          
+
           service_status = {
             Accounts = "accounts-daemon";
             Cron = "cron";
@@ -40,16 +40,16 @@
             Matrix = "matrix-synapse";
             sshd = "sshd";
           };
-          
+
           uptime = {
             prefix = "Uptime: ";
           };
-          
+
           # Not relevant for server
           # user_service_status = {
           #   Gpg-agent = "gpg-agent";
           # };
-          
+
           filesystems = let
             inherit (lib.attrsets) attrNames listToAttrs nameValuePair;
             inherit (lib.lists) imap1;
@@ -61,7 +61,7 @@
             getName = i: v: if (v.label != null) then v.label else "<? ${toString i}>";
           in
             imap1Attrs' (i: n: v: nameValuePair (getName i v) n) fileSystems;
-          
+
           memory = {
             swap_pos = "beside"; # or "below" or "none"
           };
@@ -70,14 +70,14 @@
             inherit (lib.lists) imap1;
             inherit (lib.attrsets) filterAttrs nameValuePair attrValues listToAttrs;
             inherit (config.users) users;
-            
+
             normalUsers = filterAttrs (n: v: v.isNormalUser || n == "root") users;
             userNPVs = imap1 (index: user: nameValuePair user.name index) (attrValues normalUsers);
           in listToAttrs userNPVs;
 
           last_run = {};
         };
-      
+
         toml = pkgs.formats.toml {};
 
       in toml.generate "rust-motd.toml" cfg;

modules/snakeoil-certs.nix

@@ -36,10 +36,10 @@ in
           type = lib.types.str;
           default = "${name}.key";
         };
-	subject = lib.mkOption {
-	  type = lib.types.str;
-	  default = "/C=NO/O=Programvareverkstedet/CN=*.pvv.ntnu.no/emailAddress=drift@pvv.ntnu.no";
-	};
+        subject = lib.mkOption {
+          type = lib.types.str;
+          default = "/C=NO/O=Programvareverkstedet/CN=*.pvv.ntnu.no/emailAddress=drift@pvv.ntnu.no";
+        };
       };
     }));
   };
@@ -54,16 +54,16 @@ in
         mkdir -p $(dirname "${value.certificate}") $(dirname "${value.certificateKey}")
         if ! ${openssl} x509 -checkend 86400 -noout -in ${value.certificate}
         then
-           echo "Regenerating '${value.certificate}'"
-           ${openssl} req \
-             -newkey rsa:4096 \
-             -new -x509 \
-             -days "${toString value.daysValid}" \
-             -nodes \
-             -subj "${value.subject}" \
-             -out "${value.certificate}" \
-             -keyout "${value.certificateKey}" \
-             ${lib.escapeShellArgs value.extraOpenSSLArgs}
+          echo "Regenerating '${value.certificate}'"
+          ${openssl} req \
+            -newkey rsa:4096 \
+            -new -x509 \
+            -days "${toString value.daysValid}" \
+            -nodes \
+            -subj "${value.subject}" \
+            -out "${value.certificate}" \
+            -keyout "${value.certificateKey}" \
+            ${lib.escapeShellArgs value.extraOpenSSLArgs}
         fi
         chown "${value.owner}:${value.group}" "${value.certificate}"
         chown "${value.owner}:${value.group}" "${value.certificateKey}"

shell.nix

@@ -5,6 +5,7 @@ pkgs.mkShellNoCC {
     gnupg
     statix
     openstackclient
+    editorconfig-checker
   ];
 
   shellHook = ''

users/amalieem.nix

@@ -3,10 +3,10 @@
 {
   users.users.amalieem = {
     isNormalUser = true;
-    extraGroups = [ "wheel" ]; 
+    extraGroups = [ "wheel" ];
     shell = pkgs.zsh;
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsMtFIj4Dem/onwMoWYbosOcU4y7A5nTjVwqWaU33E1 amalieem@matey-aug22"
     ];
   };
-}
+}

users/jonmro.nix

@@ -3,7 +3,7 @@
 {
   users.users.jonmro = {
     isNormalUser = true;
-    extraGroups = [ "wheel" "drift" "nix-builder-users" ]; 
+    extraGroups = [ "wheel" "drift" "nix-builder-users" ];
     shell = pkgs.zsh;
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm5PfYmfl/0fnAP/3coVlvTw3/TYNLT6r/NwJHZbLAK jonrodtang@gmail.com"