muon/flake
1
0
Fork 0
mirror of https://codeberg.org/muon/home.git synced 2026-03-08 03:25:16 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add embedded syntax hl

Browse source
This commit is contained in:
muon 2025-12-26 10:48:31 +00:00
parent 5bdf9e3a2c
commit fc14a394aa
5 changed files with 284 additions and 250 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -25,7 +25,7 @@ sudo cp {/mnt,/mnt/persist}/etc/machine-id
## Erasure ## Erasure
```nix ```nix
boot.initrd.postResumeCommands = lib.mkAfter '' boot.initrd.postResumeCommands = lib.mkAfter /* bash */ ''
mkdir /btrfs_tmp mkdir /btrfs_tmp
mount /dev/mapper/crypted /btrfs_tmp mount /dev/mapper/crypted /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then if [[ -e /btrfs_tmp/root ]]; then

102
modules/home/desktop/development.nix
View file

@ -12,46 +12,48 @@
programs.nyxt = { programs.nyxt = {
enable = false; enable = false;
config = '' config =
(in-package #:nyxt-user) # lisp
''
(in-package #:nyxt-user)
(defvar *my-search-engines* (defvar *my-search-engines*
(list (list
(make-instance 'search-engine (make-instance 'search-engine
:name "Searx" :name "Searx"
:shortcut "s" :shortcut "s"
#+nyxt-4 :control-url #+nyxt-3 :search-url #+nyxt-4 :control-url #+nyxt-3 :search-url
""https://search.muon.host/?q=~a";") ""https://search.muon.host/?q=~a";")
(make-instance 'search-engine (make-instance 'search-engine
:name "nixpkgs" :name "nixpkgs"
:shortcut "np" :shortcut "np"
#+nyxt-4 :control-url #+nyxt-3 :search-url #+nyxt-4 :control-url #+nyxt-3 :search-url
"https://search.nixos.org/packages?channel=unstable&query=~a"))) "https://search.nixos.org/packages?channel=unstable&query=~a")))
(make-instance 'search-engine (make-instance 'search-engine
:name "nix options" :name "nix options"
:shortcut "np" :shortcut "np"
#+nyxt-4 :control-url #+nyxt-3 :search-url #+nyxt-4 :control-url #+nyxt-3 :search-url
"https://search.nixos.org/options?channel=unstable&query=~a"))) "https://search.nixos.org/options?channel=unstable&query=~a")))
(make-instance 'search-engine (make-instance 'search-engine
:name "home-manager" :name "home-manager"
:shortcut "hm" :shortcut "hm"
#+nyxt-4 :control-url #+nyxt-3 :search-url #+nyxt-4 :control-url #+nyxt-3 :search-url
"https://home-manager-options.extranix.com/?release=master&query=~a"))) "https://home-manager-options.extranix.com/?release=master&query=~a")))
(define-configuration browser (define-configuration browser
((restore-session-on-startup-p nil) ((restore-session-on-startup-p nil)
(default-new-buffer-url (quri:uri "https://online.bonjourr.fr/")) (default-new-buffer-url (quri:uri "https://online.bonjourr.fr/"))
(external-editor-program ("alacritty -e hx") (external-editor-program ("alacritty -e hx")
#+nyxt-4 #+nyxt-4
(search-engine-suggestions-p nil) (search-engine-suggestions-p nil)
#+nyxt-4 #+nyxt-4
(search-engines (append %slot-default% *my-search-engines*)) (search-engines (append %slot-default% *my-search-engines*))
)) ))
''; '';
}; };
programs.qutebrowser = { programs.qutebrowser = {
@ -73,23 +75,25 @@
hm = "https://home-manager-options.extranix.com/?release=master&query={}"; hm = "https://home-manager-options.extranix.com/?release=master&query={}";
}; };
extraConfig = '' extraConfig =
host = c.content.blocking.hosts.lists.append # py
host("https://www.github.developerdan.com/hosts/lists/facebook-extended.txt") ''
host = c.content.blocking.hosts.lists.append
host("https://www.github.developerdan.com/hosts/lists/facebook-extended.txt")
abp = c.content.blocking.adblock.lists.append abp = c.content.blocking.adblock.lists.append
abp("https://fanboy.co.nz/r/fanboy-ultimate.txt") abp("https://fanboy.co.nz/r/fanboy-ultimate.txt")
abp("https://fanboy.co.nz/fanboy-antifacebook.txt") abp("https://fanboy.co.nz/fanboy-antifacebook.txt")
abp("https://fanboy.co.nz/fanboy-annoyance.txt") abp("https://fanboy.co.nz/fanboy-annoyance.txt")
abp("https://fanboy.co.nz/fanboy-cookiemonster.txt") abp("https://fanboy.co.nz/fanboy-cookiemonster.txt")
abp("https://easylist-downloads.adblockplus.org/antiadblockfilters.txt") abp("https://easylist-downloads.adblockplus.org/antiadblockfilters.txt")
abp("https://easylist-downloads.adblockplus.org/abp-filters-anti-cv.txt") abp("https://easylist-downloads.adblockplus.org/abp-filters-anti-cv.txt")
abp("https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt") abp("https://github.com/DandelionSprout/adfilt/raw/master/LegitimateURLShortener.txt")
abp("https://github.com/DandelionSprout/adfilt/raw/master/AnnoyancesList") abp("https://github.com/DandelionSprout/adfilt/raw/master/AnnoyancesList")
abp("https://github.com/DandelionSprout/adfilt/raw/master/SocialShareList.txt") abp("https://github.com/DandelionSprout/adfilt/raw/master/SocialShareList.txt")
abp("https://github.com/DandelionSprout/adfilt/raw/master/ExtremelyCondensedList.txt") abp("https://github.com/DandelionSprout/adfilt/raw/master/ExtremelyCondensedList.txt")
''; '';
}; };
}; };
} }

56
modules/nixos/impermanence.nix
View file

@ -1,36 +1,44 @@
{ pkgs, lib, config, ... }: {
pkgs,
lib,
config,
...
}:
with lib; { with lib; {
options.mods.impermanence.enable = mkEnableOption "enables impermanence"; options.mods.impermanence.enable = mkEnableOption "enables impermanence";
config = mkIf config.mods.impermanence.enable { config = mkIf config.mods.impermanence.enable {
environment.persistence."/persist" = { environment.persistence."/persist" = {
directories = [ "/var/lib/nixos" "/var/lib/systemd/coredump" ]; directories = ["/var/lib/nixos" "/var/lib/systemd/coredump"];
files = [ "/var/lib/sops-nix/key.txt" "/etc/machine-id" ]; files = ["/var/lib/sops-nix/key.txt" "/etc/machine-id"];
}; };
boot.initrd.postResumeCommands = lib.mkAfter '' boot.initrd.postResumeCommands =
mkdir /btrfs_tmp lib.mkAfter # sh
mount /dev/mapper/crypted /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() { ''
IFS=$'\n' mkdir /btrfs_tmp
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do mount /dev/mapper/crypted /btrfs_tmp
delete_subvolume_recursively "/btrfs_tmp/$i" if [[ -e /btrfs_tmp/root ]]; then
done mkdir -p /btrfs_tmp/old_roots
btrfs subvolume delete "$1" timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
} mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do delete_subvolume_recursively() {
delete_subvolume_recursively "$i" IFS=$'\n'
done for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
btrfs subvolume create /btrfs_tmp/root for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
umount /btrfs_tmp delete_subvolume_recursively "$i"
''; done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
}; };
} }

197
modules/nixos/server/grav/service.nix
View file

@ -1,10 +1,20 @@
{ config, lib, pkgs, ... }: {
config,
let lib,
pkgs,
inherit (lib) ...
generators mapAttrs mkDefault mkEnableOption mkIf mkPackageOption mkOption }: let
types; inherit
(lib)
generators
mapAttrs
mkDefault
mkEnableOption
mkIf
mkPackageOption
mkOption
types
;
cfg = config.mods.services.grav; cfg = config.mods.services.grav;
@ -12,9 +22,9 @@ let
poolName = "grav"; poolName = "grav";
pkgs_grav = pkgs.callPackage ./package.nix { }; pkgs_grav = pkgs.callPackage ./package.nix {};
servedRoot = pkgs.runCommand "grav-served-root" { } '' servedRoot = pkgs.runCommand "grav-served-root" {} ''
cp --reflink=auto --no-preserve=mode -r ${pkgs_grav} $out cp --reflink=auto --no-preserve=mode -r ${pkgs_grav} $out
for p in assets images user system/config; do for p in assets images user system/config; do
@ -22,10 +32,8 @@ let
ln -sf /var/lib/grav/$p $out/$p ln -sf /var/lib/grav/$p $out/$p
done done
''; '';
# systemSettingsYaml = # systemSettingsYaml =
# yamlFormat.generate "grav-settings.yaml" cfg.systemSettings; # yamlFormat.generate "grav-settings.yaml" cfg.systemSettings;
in { in {
options.mods.services.grav = { options.mods.services.grav = {
enable = mkEnableOption "grav"; enable = mkEnableOption "grav";
@ -70,7 +78,7 @@ in {
default = 3000; default = 3000;
}; };
phpPackage = mkPackageOption pkgs "php" { }; phpPackage = mkPackageOption pkgs "php" {};
maxUploadSize = mkOption { maxUploadSize = mkOption {
type = types.str; type = types.str;
@ -97,7 +105,10 @@ in {
group = "grav"; group = "grav";
phpPackage = cfg.phpPackage.buildEnv { phpPackage = cfg.phpPackage.buildEnv {
extensions = { all, enabled }: extensions = {
all,
enabled,
}:
with all; [ with all; [
apcu apcu
ctype ctype
@ -115,27 +126,28 @@ in {
zip zip
]; ];
extraConfig = generators.toKeyValue { extraConfig =
mkKeyValue = generators.mkKeyValueDefault { } " = "; generators.toKeyValue {
} { mkKeyValue = generators.mkKeyValueDefault {} " = ";
output_buffering = "0"; } {
short_open_tag = "Off"; output_buffering = "0";
expose_php = "Off"; short_open_tag = "Off";
error_reporting = "E_ALL"; expose_php = "Off";
display_errors = "stderr"; error_reporting = "E_ALL";
"opcache.interned_strings_buffer" = "8"; display_errors = "stderr";
"opcache.max_accelerated_files" = "10000"; "opcache.interned_strings_buffer" = "8";
"opcache.memory_consumption" = "128"; "opcache.max_accelerated_files" = "10000";
"opcache.revalidate_freq" = "1"; "opcache.memory_consumption" = "128";
"opcache.fast_shutdown" = "1"; "opcache.revalidate_freq" = "1";
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt"; "opcache.fast_shutdown" = "1";
catch_workers_output = "yes"; "openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
catch_workers_output = "yes";
upload_max_filesize = cfg.maxUploadSize; upload_max_filesize = cfg.maxUploadSize;
post_max_size = cfg.maxUploadSize; post_max_size = cfg.maxUploadSize;
memory_limit = cfg.maxUploadSize; memory_limit = cfg.maxUploadSize;
"apc.enable_cli" = "1"; "apc.enable_cli" = "1";
}; };
}; };
phpEnv = { phpEnv = {
@ -169,10 +181,12 @@ in {
${cfg.virtualHost} = { ${cfg.virtualHost} = {
root = "${servedRoot}"; root = "${servedRoot}";
listen = [{ listen = [
addr = cfg.addr; {
port = cfg.port; addr = cfg.addr;
}]; port = cfg.port;
}
];
locations = { locations = {
"= /robots.txt" = { "= /robots.txt" = {
@ -202,31 +216,28 @@ in {
}; };
# deny running scripts inside core system folders # deny running scripts inside core system folders
"~* /(system|vendor)/.*\\.(txt|xml|md|html|htm|shtml|shtm|json|yaml|yml|php|php2|php3|php4|php5|phar|phtml|pl|py|cgi|twig|sh|bat)$" = "~* /(system|vendor)/.*\\.(txt|xml|md|html|htm|shtml|shtm|json|yaml|yml|php|php2|php3|php4|php5|phar|phtml|pl|py|cgi|twig|sh|bat)$" = {
{ priority = 300;
priority = 300; extraConfig = ''
extraConfig = '' return 403;
return 403; '';
''; };
};
# deny running scripts inside user folder # deny running scripts inside user folder
"~* /user/.*\\.(txt|md|json|yaml|yml|php|php2|php3|php4|php5|phar|phtml|pl|py|cgi|twig|sh|bat)$" = "~* /user/.*\\.(txt|md|json|yaml|yml|php|php2|php3|php4|php5|phar|phtml|pl|py|cgi|twig|sh|bat)$" = {
{ priority = 300;
priority = 300; extraConfig = ''
extraConfig = '' return 403;
return 403; '';
''; };
};
# deny access to specific files in the root folder # deny access to specific files in the root folder
"~ /(LICENSE\\.txt|composer\\.lock|composer\\.json|nginx\\.conf|web\\.config|htaccess\\.txt|\\.htaccess)" = "~ /(LICENSE\\.txt|composer\\.lock|composer\\.json|nginx\\.conf|web\\.config|htaccess\\.txt|\\.htaccess)" = {
{ priority = 300;
priority = 300; extraConfig = ''
extraConfig = '' return 403;
return 403; '';
''; };
};
# deny all files and folder beginning with a dot (hidden files & folders) # deny all files and folder beginning with a dot (hidden files & folders)
"~ (^|/)\\." = { "~ (^|/)\\." = {
@ -245,41 +256,45 @@ in {
}; };
}; };
extraConfig = '' extraConfig =
index index.php index.html /index.php$request_uri; # sh
add_header X-Content-Type-Options nosniff; ''
add_header X-XSS-Protection "1; mode=block"; index index.php index.html /index.php$request_uri;
add_header X-Robots-Tag "noindex, nofollow"; add_header X-Content-Type-Options nosniff;
add_header X-Download-Options noopen; add_header X-XSS-Protection "1; mode=block";
add_header X-Permitted-Cross-Domain-Policies none; add_header X-Robots-Tag "noindex, nofollow";
add_header X-Frame-Options sameorigin; add_header X-Download-Options noopen;
add_header Referrer-Policy no-referrer; add_header X-Permitted-Cross-Domain-Policies none;
client_max_body_size ${cfg.maxUploadSize}; add_header X-Frame-Options sameorigin;
fastcgi_buffers 64 4K; add_header Referrer-Policy no-referrer;
fastcgi_hide_header X-Powered-By; client_max_body_size ${cfg.maxUploadSize};
gzip on; fastcgi_buffers 64 4K;
gzip_vary on; fastcgi_hide_header X-Powered-By;
gzip_comp_level 4; gzip on;
gzip_min_length 256; gzip_vary on;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth; gzip_comp_level 4;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy; gzip_min_length 256;
''; gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
'';
}; };
}; };
}; };
systemd.tmpfiles.rules = let datadir = "/var/lib/grav"; systemd.tmpfiles.rules = let
in map (dir: "d '${dir}' 0750 grav grav - -") [ datadir = "/var/lib/grav";
"/var/cache/grav" in
"${datadir}/assets" map (dir: "d '${dir}' 0750 grav grav - -") [
"${datadir}/backup" "/var/cache/grav"
"${datadir}/images" "${datadir}/assets"
"${datadir}/system/config" "${datadir}/backup"
"${datadir}/user/accounts" "${datadir}/images"
"${datadir}/user/config" "${datadir}/system/config"
"${datadir}/user/data" "${datadir}/user/accounts"
"/var/log/grav" "${datadir}/user/config"
]; "${datadir}/user/data"
"/var/log/grav"
];
# ++ [ # ++ [
# "L+ ${datadir}/user/config/system.yaml - - - - ${systemSettingsYaml}" # "L+ ${datadir}/user/config/system.yaml - - - - ${systemSettingsYaml}"
# ]; # ];
@ -287,7 +302,7 @@ in {
systemd.services = { systemd.services = {
"phpfpm-${poolName}" = mkIf (cfg.pool == "${poolName}") { "phpfpm-${poolName}" = mkIf (cfg.pool == "${poolName}") {
# restartTriggers = [ servedRoot systemSettingsYaml ]; # restartTriggers = [ servedRoot systemSettingsYaml ];
restartTriggers = [ servedRoot ]; restartTriggers = [servedRoot];
serviceConfig = { serviceConfig = {
ExecStartPre = pkgs.writeShellScript "grav-pre-start" '' ExecStartPre = pkgs.writeShellScript "grav-pre-start" ''
@ -329,6 +344,6 @@ in {
group = "grav"; group = "grav";
}; };
users.groups.grav = { members = [ config.services.nginx.user ]; }; users.groups.grav = {members = [config.services.nginx.user];};
}; };
} }

177
modules/nixos/server/nginx.nix
View file

@ -1,105 +1,112 @@
{ pkgs, lib, config, ... }: {
let pkgs,
lib,
config,
...
}: let
cfg = config.mods.server.nginx; cfg = config.mods.server.nginx;
in
with lib; {
options.mods.server.nginx = {
enable = mkEnableOption {
default = false;
description = "enables nginx reverse proxy";
};
in with lib; { ip = mkOption {
options.mods.server.nginx = { type = types.str;
enable = mkEnableOption { default = "10.0.0.3";
default = false; };
description = "enables nginx reverse proxy";
domain = mkOption {
type = types.str;
default = "muon.host";
};
ports = mkOption {
type = types.attrsOf (types.ints.u16);
default = {};
};
}; };
ip = mkOption { config = mkIf cfg.enable {
type = types.str; # ACME won't be able to authenticate your domain
default = "10.0.0.3"; # if ports 80 & 443 aren't open in your firewall.
}; networking.firewall = {allowedTCPPorts = [443 80];};
security.acme.defaults.email = "acme@muon.host";
security.acme.acceptTerms = true;
domain = mkOption { services.nginx = {
type = types.str; enable = true;
default = "muon.host";
};
ports = mkOption { recommendedGzipSettings = true;
type = types.attrsOf (types.ints.u16); recommendedOptimisation = true;
default = { }; recommendedProxySettings = true;
}; recommendedTlsSettings = true;
};
config = mkIf cfg.enable { # Only allow PFS-enabled ciphers with AES256
# ACME won't be able to authenticate your domain # sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL";
# if ports 80 & 443 aren't open in your firewall.
networking.firewall = { allowedTCPPorts = [ 443 80 ]; };
security.acme.defaults.email = "acme@muon.host";
security.acme.acceptTerms = true;
services.nginx = { appendHttpConfig =
enable = true; # sh
''
# Add HSTS header with preloading to HTTPS requests.
# Adding this header to HTTP requests is discouraged
# map $scheme $hsts_header {
# https "max-age=31536000; includeSubdomains; preload";
# }
# add_header Strict-Transport-Security $hsts_header;
recommendedGzipSettings = true; # Enable CSP for your services.
recommendedOptimisation = true; # add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# Only allow PFS-enabled ciphers with AES256 # Minimize information leaked to other domains
# sslCiphers = "AES256+EECDH:AES256+EDH:!aNULL"; # add_header 'Referrer-Policy' 'origin-when-cross-origin';
appendHttpConfig = '' # Disable embedding as a frame
# Add HSTS header with preloading to HTTPS requests. add_header X-Frame-Options DENY;
# Adding this header to HTTP requests is discouraged
# map $scheme $hsts_header {
# https "max-age=31536000; includeSubdomains; preload";
# }
# add_header Strict-Transport-Security $hsts_header;
# Enable CSP for your services. # Prevent injection of code in other mime types (XSS Attacks)
# add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always; # add_header X-Content-Type-Options nosniff;
# Minimize information leaked to other domains # This might create errors
# add_header 'Referrer-Policy' 'origin-when-cross-origin'; # proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
# Disable embedding as a frame # required when the server wants to use HTTP Authentication
add_header X-Frame-Options DENY; proxy_pass_header Authorization;
# Prevent injection of code in other mime types (XSS Attacks) # This is necessary to pass the correct IP to be hashed
# add_header X-Content-Type-Options nosniff; real_ip_header X-Real-IP;
# This might create errors # security
# proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict"; add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
# required when the server wants to use HTTP Authentication virtualHosts = let
proxy_pass_header Authorization; base = locations: {
inherit locations;
# This is necessary to pass the correct IP to be hashed forceSSL = true;
real_ip_header X-Real-IP; enableACME = true;
# security
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src 'self' http: https: ws: wss: data: blob: 'unsafe-inline'; frame-ancestors 'self';" always;
add_header Permissions-Policy "interest-cohort=()" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
virtualHosts = let
base = locations: {
inherit locations;
forceSSL = true;
enableACME = true;
};
proxy = port:
base {
"/" = {
proxyPass = "http://${cfg.ip}:${toString port}/";
proxyWebsockets = true;
};
}; };
in mapAttrs' (name: port: proxy = port:
nameValuePair ("${name}.${cfg.domain}") base {
# (proxy port // { default = true; })) cfg.ports; "/" = {
(proxy port)) cfg.ports; proxyPass = "http://${cfg.ip}:${toString port}/";
proxyWebsockets = true;
};
};
in
mapAttrs' (name: port:
nameValuePair "${name}.${cfg.domain}"
# (proxy port // { default = true; })) cfg.ports;
(proxy port))
cfg.ports;
};
}; };
}; }
}