M hosts/cloud/default.nix => hosts/cloud/default.nix +1 -1
@@ 2,7 2,7 @@
sops.secrets.rootPwd.neededForUsers = true;
sops.secrets.liljamoPwd.neededForUsers = true;
- # Outline is under BSL1.1
+ # Outline is under BSL1.1.
arta.unfree.allow = ["outline"];
roles.base = {
M roles/docker.nix => roles/docker.nix +1 -1
@@ 16,7 16,7 @@ in {
enableNvidia = cfg.enableNvidia;
};
- # FIXME: make configurable
+ # FIXME: Make configurable.
roles.base.primaryUser.extraGroups = ["docker"];
};
}
M roles/gaming/steam.nix => roles/gaming/steam.nix +2 -2
@@ 16,7 16,7 @@ in {
steam = pkgs.steam.override {
extraPkgs = pkgs:
with pkgs; [
- # for gamescope
+ # For gamescope to work properly:
# https://github.com/NixOS/nixpkgs/issues/162562#issuecomment-1523177264
xorg.libXcursor
xorg.libXi
@@ 29,7 29,7 @@ in {
libkrb5
keyutils
- # fallback fonts (e.g. for Don't Get Lost)
+ # Fallback fonts (e.g. for Don't Get Lost).
liberation_ttf
];
};
M roles/shell/direnv.elv => roles/shell/direnv.elv +1 -1
@@ 1,4 1,4 @@
-## hook for direnv as of direnv 2.34.0
+## Hook for direnv as of direnv 2.34.0
set @edit:before-readline = $@edit:before-readline {
try {
var m = [("direnv" export elvish | from-json)]
M roles/tailscale.nix => roles/tailscale.nix +1 -2
@@ 25,10 25,9 @@ in {
services.tailscale = {
enable = true;
authKeyFile = lib.mkIf (cfg.authKeyFile != null) cfg.authKeyFile;
- extraUpFlags = lib.mkIf (cfg.enableSSH) ["--ssh"]; # TODO: Make modular for multiple possible flags
+ extraUpFlags = lib.mkIf (cfg.enableSSH) ["--ssh"]; # TODO: Make modular for multiple possible flags.
interfaceName = cfg.interfaceName;
openFirewall = false;
- #port = 41641;
useRoutingFeatures = "none";
};
};
M roles/zellij.nix => roles/zellij.nix +1 -1
@@ 7,7 7,7 @@
}: let
cfg = config.roles.zellij;
- # hard light
+ # Hard light:
# https://github.com/sainnhe/everforest/blob/master/palette.md#light
# https://github.com/sainnhe/everforest/blob/e5b9e2fb676a9ded3e86ae51924f7962fa4fb0ac/autoload/everforest.vim#L51
everforest = {
M systems/hosts/auth/authelia-main.nix => systems/hosts/auth/authelia-main.nix +1 -1
@@ 119,7 119,7 @@ in {
};
log = {
level = "info";
- format = "text"; # json, text
+ format = "text";
};
telemetry.metrics.enabled = false;
totp = {
M systems/hosts/cloud/default.nix => systems/hosts/cloud/default.nix +3 -3
@@ 68,13 68,13 @@ in {
default_phone_region = "FI";
loglevel = 2;
log_type = "file";
- maintenance_window_start = 0; # Maintenance window from UTC 0000 to 0400
+ maintenance_window_start = 0; # Maintenance window from UTC 0000 to 0400.
redis = {
host = "/run/redis-nextcloud/redis.sock";
};
trusted_domains = ["nextcloud.rustylily.home.arpa"];
trusted_proxies = ["10.1.2.10"];
- opcache.interned_strings_buffer = 64; # Megabytes of memory to use
+ opcache.interned_strings_buffer = 64; # Megabytes of memory to use.
overwriteprotocol = "https";
# Programs needed for... stuff.
@@ 133,7 133,7 @@ in {
ensureDatabases = ["outline" "nextcloud"];
ensureUsers = [
{
- name = "outline"; # needs to match the user that's running outline
+ name = "outline";
ensureDBOwnership = true;
}
{
M systems/hosts/cloud/miniflux.nix => systems/hosts/cloud/miniflux.nix +2 -2
@@ 24,13 24,13 @@ in {
LISTEN_ADDR = "0.0.0.0:${toString port}";
BASE_URL = "https://rss.liljamo.com/";
DISABLE_LOCAL_AUTH = 1;
- #METRICS_COLLECTOR = 1; # TODO: metrics, disable /metrics path on haproxy like jellyfin
+ #METRICS_COLLECTOR = 1; # TODO: Metrics, disable /metrics path on haproxy like jellyfin.
OAUTH2_PROVIDER = "oidc";
OAUTH2_CLIENT_ID = "miniflux";
OAUTH2_CLIENT_SECRET_FILE = config.sops.secrets."miniflux/oidcSecret".path;
OAUTH2_REDIRECT_URL = "https://rss.liljamo.com/oauth2/oidc/callback";
- # .well-known/openid-configuration is appended to this by the oidc library used by miniflux
+ # .well-known/openid-configuration is appended to this by the oidc library used by miniflux.
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.liljamo.com";
OAUTH2_USER_CREATION = 1;
M systems/hosts/dns/default.nix => systems/hosts/dns/default.nix +4 -4
@@ 57,11 57,11 @@ in {
clientGroupsBlock = {
default = ["ads"];
};
- # 'zeroIp' is default, and returns 0.0.0.0
- # 'nxDomain' would return a NXDOMAIN code
+ # 'zeroIp' is default and returns 0.0.0.0
+ # 'nxDomain' would return a NXDOMAIN code.
blockType = "zeroIp";
blockTTL = "6h";
- # how often to refresh lists
+ # How often to refresh lists.
loading = {
downloads = {
timeout = "5m";
@@ 77,7 77,7 @@ in {
maxTime = "60m";
maxItemsCount = 10000;
prefetching = false;
- # cache NXDOMAIN results for only a short time
+ # Cache NXDOMAIN results for only a short time.
cacheTimeNegative = "5m";
};
prometheus = {
M systems/hosts/proxy/default.nix => systems/hosts/proxy/default.nix +0 -1
@@ 66,7 66,6 @@ in {
};
caddy = {
enable = true;
- #email = "";
logFormat = "level ERROR";
globalConfig = ''
http_port 8080
M systems/hosts/social/default.nix => systems/hosts/social/default.nix +2 -2
@@ 30,7 30,7 @@ in {
":pleroma" = {
":instance" = {
description = "Personal instance";
- email = "jonni@liljamo.com"; # FIXME: maybe abuse@liljamo.com?
+ email = "jonni@liljamo.com"; # FIXME: maybe abuse@lothlorien.social?
name = "Lothlórien";
registrations_open = false;
};
@@ 42,7 42,7 @@ in {
database = "akkoma";
};
- # FIXME: different subdomain as recommended
+ # FIXME: different subdomain as recommended.
"Pleroma.Upload".base_url = "https://lothlorien.social/media/";
"Pleroma.Web.Endpoint".http.ip = "0.0.0.0";