refactor(services/selfhosts): adding the format to nix files

2026-02-28 16:45:00 +01:00 · 2026-02-28 16:45:00 +01:00 · 93d7fabef5
commit 93d7fabef5
parent 76eb961891
4 changed files with 89 additions and 71 deletions
--- a/services/self_host/git.nix
+++ b/services/self_host/git.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 let
  gitDomain = "git.enium.eu";
--- a/services/self_host/jellyfin.nix
+++ b/services/self_host/jellyfin.nix
@ -1,14 +1,14 @@
 {
-config,
+  config,
-pkgs,
+  pkgs,
-lib,
+  lib,
-...
+  ...
 }:
 let
  cfg = config.service.selfhost.jellyfin;
  wireguard-key = config.age.secrets."wireguard-secret".path;
 in
-  {
+{
  config = lib.mkIf cfg {
    virtualisation = {
      docker.enable = true;
--- a/services/self_host/mail.nix
+++ b/services/self_host/mail.nix
@ -22,7 +22,7 @@ in
      shell = "/run/current-system/sw/bin/nologin";
    };
    users.groups = {
-      vmail = {};
+      vmail = { };
    };
    systemd.tmpfiles.rules = [
      "d /run/dovecot 0755 dovecot dovecot - -"
@ -84,14 +84,22 @@ in
          chroot = false;
          command = "smtpd";
          args = [
-            "-o" "smtpd_recipient_restrictions=permit_sasl_authenticated,reject"
+            "-o"
-            "-o" "smtpd_sasl_auth_enable=yes"
+            "smtpd_recipient_restrictions=permit_sasl_authenticated,reject"
-            "-o" "smtpd_sasl_security_options=noanonymous"
+            "-o"
-            "-o" "smtpd_sender_login_maps=hash:/var/lib/postfix/sender_login"
+            "smtpd_sasl_auth_enable=yes"
-            "-o" "smtpd_sender_restrictions=reject_sender_login_mismatch"
+            "-o"
-            "-o" "smtpd_tls_auth_only=yes"
+            "smtpd_sasl_security_options=noanonymous"
-            "-o" "smtpd_tls_security_level=encrypt"
+            "-o"
-            "-o" "syslog_name=postfix/submission"
+            "smtpd_sender_login_maps=hash:/var/lib/postfix/sender_login"
            "-o"
            "smtpd_sender_restrictions=reject_sender_login_mismatch"
            "-o"
            "smtpd_tls_auth_only=yes"
            "-o"
            "smtpd_tls_security_level=encrypt"
            "-o"
            "syslog_name=postfix/submission"
          ];
        };
      };
@ -240,68 +248,68 @@ in
      enable = true;
      postfix.enable = true;
      extraConfig = ''
-        worker "controller" {
+                worker "controller" {
-          bind_socket = "127.0.0.1:11334";
+                  bind_socket = "127.0.0.1:11334";
-          password = "admin";
+                  password = "admin";
-        };
+                };
-        worker "normal" {
+                worker "normal" {
-          bind_socket = "127.0.0.1:11333";
+                  bind_socket = "127.0.0.1:11333";
-        };
+                };
-        worker "rspamd_proxy" {
+                worker "rspamd_proxy" {
-          bind_socket = "127.0.0.1:11332";
+                  bind_socket = "127.0.0.1:11332";
-          milter = yes;
+                  milter = yes;
-          timeout = 120s;
+                  timeout = 120s;
-          upstream "local" {
+                  upstream "local" {
-            self_scan = yes;
+                    self_scan = yes;
-          };
+                  };
-        };
+                };
-        actions {
+                actions {
-          reject = 12;
+                  reject = 12;
-          add_header = 6;
+                  add_header = 6;
-          greylist = 4;
+                  greylist = 4;
-        };
+                };
-        classifier "bayes" {
+                classifier "bayes" {
-          backend = "redis";
+                  backend = "redis";
-          servers = "127.0.0.1:6381";
+                  servers = "127.0.0.1:6381";
-          autolearn = true;
+                  autolearn = true;
-          min_learns = 200;
+                  min_learns = 200;
-          new_schema = true;
+                  new_schema = true;
-          cache = true;
+                  cache = true;
-          statfile {
+                  statfile {
-            symbol = "BAYES_HAM";
+                    symbol = "BAYES_HAM";
-            spam = false;
+                    spam = false;
-          };
+                  };
-          statfile {
+                  statfile {
-            symbol = "BAYES_SPAM";
+                    symbol = "BAYES_SPAM";
-            spam = true;
+                    spam = true;
-          };
+                  };
-        learn_condition = <<EOD
+                learn_condition = <<EOD
-return function(task)
+        return function(task)
-  return true
+          return true
-end
+        end
-EOD;
+        EOD;
-        };
+                };
-        rbl {
+                rbl {
-          enabled = true;
+                  enabled = true;
-          rbls = {
+                  rbls = {
-            spamhaus = {
+                    spamhaus = {
-              symbol = "RBL_SPAMHAUS";
+                      symbol = "RBL_SPAMHAUS";
-              rbl = "zen.spamhaus.org";
+                      rbl = "zen.spamhaus.org";
-            };
+                    };
-            barracuda = {
+                    barracuda = {
-              symbol = "RBL_BARRACUDA";
+                      symbol = "RBL_BARRACUDA";
-              rbl = "b.barracudacentral.org";
+                      rbl = "b.barracudacentral.org";
-            };
+                    };
-          };
+                  };
-        };
+                };
      '';
    };
    services.redis.servers.rspamd = {
--- a/services/self_host/nextcloud.nix
+++ b/services/self_host/nextcloud.nix
@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
  config,
  pkgs,
  lib,
  ...
 }:
 let
  cfg = config.service.selfhost.nextcloud;
@ -6,7 +11,7 @@ let
  nextcloud-database = config.age.secrets."nextcloud-database".path;
  dataDir = "/mnt/data/nextcloud";
 in
-  {
+{
  config = lib.mkIf cfg {
    environment.systemPackages = with pkgs; [
      php