diff options
| -rw-r--r-- | modules/apps/filebackup.nix | 16 | ||||
| -rw-r--r-- | modules/apps/logrotate.nix | 6 | ||||
| -rw-r--r-- | modules/apps/memcached/instance.nix | 4 | ||||
| -rw-r--r-- | modules/apps/mysqlbackup.nix | 18 | ||||
| -rw-r--r-- | modules/apps/nginx.nix | 2 | ||||
| -rw-r--r-- | modules/apps/pgbackup.nix | 20 | ||||
| -rw-r--r-- | modules/apps/php-fpm.nix | 2 | ||||
| -rw-r--r-- | modules/apps/strongswan/options/conn.nix | 16 | ||||
| -rw-r--r-- | modules/system/firewall.nix | 10 |
9 files changed, 47 insertions, 47 deletions
diff --git a/modules/apps/filebackup.nix b/modules/apps/filebackup.nix index badc707..55412a1 100644 --- a/modules/apps/filebackup.nix +++ b/modules/apps/filebackup.nix @@ -2,20 +2,20 @@ let inherit (builtins) - isBool isList isString toString ; + isBool isList isString ; inherit (lib) concatMapStringsSep concatStringsSep filterAttrs - flatten hasPrefix mapAttrsToList mkIf + hasPrefix mapAttrsToList mkIf mkOption optionalString removeSuffix ; inherit (lib.types) - attrsOf bool either enum int listOf nullOr path str submodule ; + attrsOf bool enum int listOf nullOr path str submodule ; cfg = config.nixsap.apps.filebackup; privateDir = "/run/filebackup"; s3cmd = "${pkgs.s3cmd}/bin/s3cmd ${optionalString (cfg.s3cfg != null) "-c '${cfg.s3cfg}'"}"; - gpgPubKeys = flatten [ cfg.encrypt ]; + gpgPubKeys = cfg.encrypt; gpg = "${pkgs.gpg}/bin/gpg2"; pubring = pkgs.runCommand "pubring.kbx" {} '' ${gpg} --homedir . --import ${toString gpgPubKeys} @@ -31,7 +31,7 @@ let command = sub { absolute-names = optional bool; - exclude = optional (either str (listOf str)); + exclude = optional (listOf str); exclude-from = optional path; exclude-vcs = optional bool; exclude-vcs-ignores = optional bool; @@ -39,7 +39,7 @@ let ignore-case = optional bool; mode = optional str; owner = optional str; - path = mandatory (either path (listOf path)); + path = mandatory (listOf path); }; job = name: o: @@ -75,7 +75,7 @@ let } if ! [ -r "$aim" ]; then - ${tar} ${concatMapStringsSep " " (p: "'${p}'") (flatten [o.path])} \ + ${tar} ${concatMapStringsSep " " (p: "'${p}'") o.path} \ | ${pkgs.pxz}/bin/pxz -2 -T2 > "$tarball.tmp" mv "$tarball".tmp "$tarball" @@ -238,7 +238,7 @@ in { encrypt = mkOption { description = "Public GPG key(s) for encrypting the dumps"; default = [ ]; - type = either path (listOf path); + type = listOf path; }; s3cfg = mkOption { diff --git a/modules/apps/logrotate.nix b/modules/apps/logrotate.nix index e7e360a..ba4ca5b 100644 --- a/modules/apps/logrotate.nix +++ b/modules/apps/logrotate.nix @@ -6,7 +6,7 @@ let elem isBool isString ; inherit (lib) - concatMapStringsSep concatStringsSep filter filterAttrs flatten + concatMapStringsSep concatStringsSep filter filterAttrs mapAttrsToList mkIf mkOption optionalString ; inherit (lib.types) @@ -21,7 +21,7 @@ let mkConf = name: opts: let - files = concatMapStringsSep " " (f: ''"${f}"'') (flatten [opts.files]); + files = concatMapStringsSep " " (f: ''"${f}"'') opts.files; show = k: v: if elem k ["postrotate" "preremove" "prerotate"] then " ${k}\n ${v}\n endscript" @@ -48,7 +48,7 @@ let entry = { options = { - files = mandatory (either path (listOf path)); + files = mandatory (listOf path); directives = { compress = optional bool; compresscmd = optional path; diff --git a/modules/apps/memcached/instance.nix b/modules/apps/memcached/instance.nix index 102a287..ca6dc3f 100644 --- a/modules/apps/memcached/instance.nix +++ b/modules/apps/memcached/instance.nix @@ -9,7 +9,7 @@ let mkOption mkOptionType ; inherit (lib.types) - bool either enum int listOf nullOr package path str submodule ; + bool enum int listOf nullOr package path str submodule ; default = v: type: mkOption { type = type; default = v; }; optional = type: mkOption { type = nullOr type; default = null; }; @@ -46,7 +46,7 @@ in { B = optional (enum ["auto" "ascii" "binary"]); I = optional int; L = optional bool; - l = default "127.0.0.1" (either str (listOf str)); + l = default ["127.0.0.1"] (listOf str); b = optional int; c = optional int; f = optional float; diff --git a/modules/apps/mysqlbackup.nix b/modules/apps/mysqlbackup.nix index 113d176..811e930 100644 --- a/modules/apps/mysqlbackup.nix +++ b/modules/apps/mysqlbackup.nix @@ -13,7 +13,7 @@ let mysqldump = "${pkgs.mariadb.client.bin}/bin/mysqldump"; s3cmd = "${pkgs.s3cmd}/bin/s3cmd ${optionalString (cfg.s3cfg != null) "-c '${cfg.s3cfg}'"}"; - gpgPubKeys = flatten [ cfg.encrypt ]; + gpgPubKeys = cfg.encrypt; gpg = "${pkgs.gpg}/bin/gpg2"; pubring = pkgs.runCommand "pubring.kbx" {} '' ${gpg} --homedir . --import ${toString gpgPubKeys} @@ -53,8 +53,8 @@ let Databases to dump. MySQL wildcards (_ and %) are supported. Logical OR is applied to all entries. ''; - type = either str (listOf str); - default = "%"; + type = listOf str; + default = [ "%" ]; example = [ "%\\_live\\_%" ]; }; not-like = mkOption { @@ -63,7 +63,7 @@ let You don't need to specify `performance_schema` or `information_schema` here, they are always ignored. Logical AND is applied to all entries. ''; - type = either str (listOf str); + type = listOf str; default = []; example = [ "tmp\\_%" "snap\\_%" ]; }; @@ -74,7 +74,7 @@ let Each table template can be prefixed with a database template. In that case it will be applied to matching databases only, instead of all databases''; - type = either str (listOf str); + type = listOf str; default = []; example = [ "bob%.alice\\_message" ]; }; @@ -84,7 +84,7 @@ let Each table template can be prefixed with a database template. In that case it will be applied to matching databases only, instead of all databases''; - type = either str (listOf str); + type = listOf str; default = []; example = [ "tmp%" "%\\_backup" ]; }; @@ -103,8 +103,8 @@ let showDatabases = name: server: pkgs.writeText "show-databases-${name}.sql" '' SHOW DATABASES WHERE `Database` NOT IN ('information_schema', 'performance_schema', 'tmp', 'innodb') - AND (${concatMapStringsSep " OR " (e: "`Database` LIKE '${e}'") (flatten [server.databases.like])}) - ${concatMapStringsSep " " (e: "AND `Database` NOT LIKE '${e}'") (flatten [server.databases.not-like])} + AND (${concatMapStringsSep " OR " (e: "`Database` LIKE '${e}'") server.databases.like}) + ${concatMapStringsSep " " (e: "AND `Database` NOT LIKE '${e}'") server.databases.not-like} ; ''; @@ -378,7 +378,7 @@ in { encrypt = mkOption { description = "Public GPG key(s) for encrypting the dumps"; default = [ ]; - type = either path (listOf path); + type = listOf path; }; servers = mkOption { diff --git a/modules/apps/nginx.nix b/modules/apps/nginx.nix index f43216e..0709f71 100644 --- a/modules/apps/nginx.nix +++ b/modules/apps/nginx.nix @@ -156,7 +156,7 @@ in { nixsap.system.users.daemons = mkIf enabled [ cfg.user ]; nixsap.apps.logrotate.conf.nginx = mkIf enabled { - files = "${cfg.logDir}/*.log"; + files = [ "${cfg.logDir}/*.log" ]; directives = { delaycompress = mkDefault true; missingok = mkDefault true; diff --git a/modules/apps/pgbackup.nix b/modules/apps/pgbackup.nix index 099fe35..2cde338 100644 --- a/modules/apps/pgbackup.nix +++ b/modules/apps/pgbackup.nix @@ -2,20 +2,20 @@ let inherit (builtins) - elem isBool isList isString toString ; + elem isBool isList isString ; inherit (lib) concatMapStringsSep concatStringsSep filterAttrs - findFirst flatten hasPrefix mapAttrsToList mkIf + findFirst hasPrefix mapAttrsToList mkIf mkOption optionalString removeSuffix ; inherit (lib.types) - bool either enum int listOf nullOr path str submodule ; + bool enum int listOf nullOr path str submodule ; cfg = config.nixsap.apps.pgbackup; privateDir = "/run/pgbackup"; s3cmd = "${pkgs.s3cmd}/bin/s3cmd ${optionalString (cfg.s3cfg != null) "-c '${cfg.s3cfg}'"}"; - gpgPubKeys = flatten [ cfg.encrypt ]; + gpgPubKeys = cfg.encrypt; gpg = "${pkgs.gpg}/bin/gpg2"; pubring = pkgs.runCommand "pubring.kbx" {} '' ${gpg} --homedir . --import ${toString gpgPubKeys} @@ -35,9 +35,9 @@ let create = optional bool; data-only = optional bool; dbname = optional str; - exclude-schema = optional (either str (listOf str)); - exclude-table = optional (either str (listOf str)); - exclude-table-data = optional (either str (listOf str)); + exclude-schema = optional (listOf str); + exclude-table = optional (listOf str); + exclude-table-data = optional (listOf str); format = default "plain" (enum ["plain" "custom" "directory" "tar"]); host = optional str; if-exists = optional bool; @@ -47,10 +47,10 @@ let port = optional int; quote-all-identifiers = optional bool; role = optional str; - schema = optional (either str (listOf str)); + schema = optional (listOf str); schema-only = optional bool; serializable-deferrable = optional bool; - table = optional (either str (listOf str)); + table = optional (listOf str); username = optional str; }; @@ -289,7 +289,7 @@ in { encrypt = mkOption { description = "Public GPG key(s) for encrypting the dumps"; default = [ ]; - type = either path (listOf path); + type = listOf path; }; s3cfg = mkOption { diff --git a/modules/apps/php-fpm.nix b/modules/apps/php-fpm.nix index 8501208..98628b9 100644 --- a/modules/apps/php-fpm.nix +++ b/modules/apps/php-fpm.nix @@ -30,7 +30,7 @@ let in { name = instance; value = { - files = "${cfg.logDir}/*.log"; + files = [ "${cfg.logDir}/*.log" ]; directives = { delaycompress = mkDefault true; missingok = mkDefault true; diff --git a/modules/apps/strongswan/options/conn.nix b/modules/apps/strongswan/options/conn.nix index ac1d88c..4b20475 100644 --- a/modules/apps/strongswan/options/conn.nix +++ b/modules/apps/strongswan/options/conn.nix @@ -20,24 +20,24 @@ let { ca2 = optional str; } { cert = optional path; } { cert2 = optional path; } - { dns = optional (either str (listOf str)); } + { dns = optional (listOf str); } { firewall = optional boolean; } - { groups = optional (either str (listOf str)); } + { groups = optional (listOf str); } { hostaccess = optional boolean; } { id = optional str; } { id2 = optional str; } - { policy = optional (either str (listOf str)); } + { policy = optional (listOf str); } { sendcert = optional (boolOr [ "never" "always" "ifasked" ]); } - { sigkey = optional (either str path); } + { sigkey = optional str; } { sourceip = optional str; } - { subnet = optional (either str (listOf str)); } + { subnet = optional (listOf str); } { updown = optional path; } ]; conn = leftright ++ [ { aaa_identity = optional str; } { aggressive = optional boolean; } - { ah = optional (either str (listOf str)); } + { ah = optional (listOf str); } { also = optional str; } { authby = optional (enum [ "pubkey" "rsasig" "ecdsasig" "psk" "secret" "xauthrsasig" "xauthpsk" "never" ]); } { auto = optional (enum [ "ignore" "add" "route" "start" ]); } @@ -47,10 +47,10 @@ let { dpddelay = optional int; } { dpdtimeout = optional int; } { eap_identity = optional str; } - { esp = optional (either str (listOf str)); } + { esp = optional (listOf str); } { forceencaps = optional boolean; } { fragmentation = optional (boolOr [ "force" ]); } - { ike = optional (either str (listOf str)); } + { ike = optional (listOf str); } { ikedscp = optional str; } { ikelifetime = optional int; } { inactivity = optional int; } diff --git a/modules/system/firewall.nix b/modules/system/firewall.nix index 289f635..ccd5750 100644 --- a/modules/system/firewall.nix +++ b/modules/system/firewall.nix @@ -2,14 +2,14 @@ let inherit (builtins) length toString replaceStrings; - inherit (lib) flatten concatMapStringsSep optionalString splitString mkOption; - inherit (lib.types) listOf int either submodule enum str; + inherit (lib) concatMapStringsSep optionalString splitString mkOption; + inherit (lib.types) listOf int submodule enum str; inherit (config.nixsap.system.firewall) whitelist; iptablesAllow = { dport, protocol, source, comment, ... }: let - ports = concatMapStringsSep "," toString (flatten [dport]); + ports = concatMapStringsSep "," toString dport; iptables = if 1 < length (splitString ":" source) then "ip6tables" else "iptables"; in "${iptables} -w -A nixos-fw -m multiport " @@ -24,8 +24,8 @@ in { type = listOf (submodule { options = { dport = mkOption { - description = "Destination port or list of ports"; - type = either int (listOf int); + description = "Destination ports"; + type = listOf int; }; source = mkOption { description = "Source specification: a network IP address (with optional /mask)"; |