Commit c590b2c36a69
Changed files (18)
home
common
services
shell
systems
home/common/services/syncthing.nix
@@ -1,6 +1,7 @@
{
globals,
hostname,
+ libx,
...
}:
{
@@ -9,15 +10,15 @@
enable = true;
extraOptions = [ "--no-default-folder" ];
overrideFolders = false; # Just in case, will probably set to true later
- guiAddress = globals.fn.syncthingGuiAddress globals.machines."${hostname}";
+ guiAddress = libx.syncthingGuiAddress globals.machines."${hostname}";
settings = {
# FIXME this doesn't work, I wish it did.
# defaults = {
# ignores = { lines = [ "(?d).DS_Store" "**" ]; };
# };
- devices = globals.fn.generateSyncthingDevices globals.machines;
+ devices = libx.generateSyncthingDevices hostname globals.machines;
folders =
- globals.fn.generateSyncthingFolders globals.machines."${hostname}" globals.machines
+ libx.generateSyncthingFolders hostname globals.machines."${hostname}" globals.machines
globals.syncthingFolders;
};
};
home/common/shell/openssh.nix
@@ -2,6 +2,7 @@
pkgs,
config,
globals,
+ libx,
...
}:
{
@@ -64,7 +65,7 @@
# identityAgent = "empty";
};
}
- // globals.fn.sshConfigs globals.machines;
+ // libx.sshConfigs globals.machines;
extraConfig = ''
# IdentityAgent /run/user/1000/yubikey-agent/yubikey-agent.sock
GlobalKnownHostsFile ~/.ssh/ssh_known_hosts ~/.ssh/ssh_known_hosts.redhat ~/.ssh/ssh_known_hosts.mutable
@@ -75,7 +76,7 @@
IdentityFile ~/.ssh/id_ed25519
'';
};
- home.file.".ssh/ssh_known_hosts".text = globals.fn.sshKnownHosts globals.machines;
+ home.file.".ssh/ssh_known_hosts".text = libx.sshKnownHosts globals.machines;
home.file.".ssh/ssh_known_hosts.redhat".text = ''
# Red Hat
gitlab.cee.redhat.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBgflBIyju1LV/29PmFDw0GLdB9h0JUXglNrvWjBQ2u
home/default.nix
@@ -8,6 +8,7 @@
username,
inputs,
globals,
+ libx,
...
}:
{
@@ -19,7 +20,7 @@
++ lib.optional (builtins.pathExists (./. + "/common/users/${username}")) ./common/users/${username}
++ lib.optional (
builtins.hasAttr "${hostname}" globals.machines
- && globals.fn.hasSyncthingFolders globals.machines."${hostname}"
+ && libx.hasSyncthingFolders globals.machines."${hostname}"
) ./common/services/syncthing.nix
++ lib.optional (builtins.pathExists (
../systems/. + "/${hostname}/home.nix"
lib/default.nix
@@ -5,7 +5,9 @@
stateVersion,
...
}:
+in
{
+ libx = import ./functions.nix { inherit (inputs.nixpkgs) lib; };
# Function for generating home-manage configs
mkHome =
{
@@ -33,6 +35,7 @@
globals
;
username = user;
+ libx = import ./functions.nix { inherit (inputs.nixpkgs) lib; };
};
modules = [
../home
@@ -66,6 +69,7 @@
system
globals
;
+ libx = import ./functions.nix { inherit (pkgsInput) lib; };
};
in
pkgsInput.lib.nixosSystem {
@@ -113,6 +117,7 @@
globals
nixos-raspberrypi
;
+ libx = import ./functions.nix { inherit (pkgsInput) lib; };
};
in
inputs.nixos-raspberrypi.lib.nixosSystemFull {
@@ -164,6 +169,7 @@
desktop
globals
;
+ libx = import ./functions.nix { inherit (pkgsInput) lib; };
};
in
inputs.system-manager.lib.makeSystemConfig {
lib/functions.nix
@@ -0,0 +1,189 @@
+{ lib }:
+let
+ isCurrentHost = hostname: n: n == hostname;
+ hasVPNPublicKey = host: (lib.attrsets.attrByPath [ "net" "vpn" "pubkey" ] "" host) != "";
+ hasVPNips = host: (builtins.length (lib.attrsets.attrByPath [ "net" "vpn" "ips" ] [ ] host)) > 0;
+
+ /**
+ Return true if the given host has a list of Syncthing folder configured.
+ *
+ */
+ hasSyncthingFolders =
+ host:
+ builtins.hasAttr "syncthing" host
+ && builtins.hasAttr "folders" host.syncthing
+ && (builtins.length (lib.attrsets.attrValues host.syncthing.folders)) > 0;
+
+ hasSSHHostKeys = host: builtins.hasAttr "ssh" host && builtins.hasAttr "hostKey" host.ssh;
+
+ # Get the path for the given folder, either using the host specified path or the default one
+ syncthingFolderPath =
+ name: folder: folders:
+ lib.attrsets.attrByPath [ "path" ] folders."${name}".path folder;
+
+ # Filter machine with the given syncthing folder
+ syncthingMachinesWithFolder =
+ hostname: folderName: machines:
+ lib.attrsets.filterAttrs (
+ name: value:
+ hasSyncthingFolders value
+ && !(isCurrentHost hostname name)
+ && (builtins.hasAttr folderName value.syncthing.folders)
+ ) machines;
+
+ generateSyncthingAdresses =
+ machine:
+ builtins.map (x: "tcp://${x}") (
+ lib.attrsets.attrByPath [ "net" "ips" ] [ ] machine
+ ++ lib.attrsets.attrByPath [ "net" "vpn" "ips" ] [ ] machine
+ ++ lib.attrsets.attrByPath [ "net" "names" ] [ ] machine
+ );
+
+ sshHostIdentifier =
+ machine:
+ lib.attrsets.attrByPath [ "net" "names" ] [ ] machine
+ ++ lib.attrsets.attrByPath [ "net" "ips" ] [ ] machine
+ ++ lib.attrsets.attrByPath [ "net" "vpn" "ips" ] [ ] machine;
+
+ hostConfig =
+ machine:
+ builtins.listToAttrs (
+ map
+ (x: {
+ name = x;
+ value =
+ if (lib.strings.hasPrefix "10.100" x) then
+ builtins.filter (n: lib.strings.hasSuffix ".vpn" n) machine.net.names
+ else if (lib.strings.hasPrefix "192.168" x) then
+ builtins.filter (n: lib.strings.hasSuffix ".home" n) machine.net.names
+ else
+ [ ];
+ })
+ (
+ lib.attrsets.attrByPath [ "net" "ips" ] [ ] machine
+ ++ lib.attrsets.attrByPath [ "net" "vpn" "ips" ] [ ] machine
+ )
+ );
+
+ sshConfig =
+ machine:
+ builtins.listToAttrs (
+ map
+ (x: {
+ name = x;
+ value = {
+ hostname =
+ if (lib.strings.hasSuffix ".vpn" x) then
+ builtins.head machine.net.vpn.ips
+ else if (lib.strings.hasSuffix ".home" x) then
+ builtins.head machine.net.ips
+ else
+ x;
+ forwardAgent = true;
+ identityFile = "~/.ssh/kyushu";
+ identityAgent = "empty";
+ };
+ })
+ (
+ builtins.filter (x: (lib.strings.hasSuffix ".home" x) || (lib.strings.hasSuffix ".vpn" x)) (
+ sshHostIdentifier machine
+ )
+ )
+ );
+
+ /**
+ Return a list of wireguard ips from a list of ips.
+
+ Essentially, it will append /32 to the each element of the list.
+ *
+ */
+ wg-ips = ips: builtins.map (x: "${x}/32") ips;
+
+ # WIREGUARD
+ generateWireguardPeers =
+ machines:
+ lib.attrsets.attrValues (
+ lib.attrsets.mapAttrs
+ (_name: value: {
+ allowedIPs = value.net.vpn.ips;
+ publicKey = value.net.vpn.pubkey;
+ })
+ (
+ lib.attrsets.filterAttrs (
+ name: value: name != "kerkouane" && (hasVPNPublicKey value) && (hasVPNips value)
+ ) machines
+ )
+ );
+
+ # SYNCTHING
+ generateSyncthingFolders =
+ hostname: machine: machines: folders:
+ lib.attrsets.mapAttrs' (
+ name: value:
+ lib.attrsets.nameValuePair (syncthingFolderPath name value folders) {
+ inherit (folders."${name}") id;
+ label = name;
+ devices = lib.attrsets.mapAttrsToList (n: _v: n) (syncthingMachinesWithFolder hostname name machines);
+ rescanIntervalS = 3600 * 6; # TODO: make it configurable
+ }
+ ) (lib.attrsets.attrByPath [ "syncthing" "folders" ] { } machine);
+
+ generateSyncthingDevices =
+ hostname: machines:
+ lib.attrsets.mapAttrs
+ (_name: value: {
+ inherit (value.syncthing) id;
+ addresses = generateSyncthingAdresses value;
+ })
+ (
+ lib.attrsets.filterAttrs (name: value: hasSyncthingFolders value && !(isCurrentHost hostname name)) machines
+ );
+
+ syncthingGuiAddress =
+ machine:
+ (builtins.head (lib.attrsets.attrByPath [ "net" "vpn" "ips" ] [ "127.0.0.1" ] machine)) + ":8384";
+
+ # SSH
+
+ sshKnownHosts =
+ machines:
+ lib.strings.concatStringsSep "\n" (
+ lib.attrsets.mapAttrsToList (
+ _name: value: "${lib.strings.concatStringsSep "," (sshHostIdentifier value)} ${value.ssh.hostKey}"
+ ) (lib.attrsets.filterAttrs (_name: hasSSHHostKeys) machines)
+ );
+
+ hostConfigs =
+ machines: lib.attrsets.mergeAttrsList (lib.attrsets.mapAttrsToList (_name: hostConfig) machines);
+
+ sshConfigs =
+ machines:
+ lib.attrsets.mergeAttrsList (
+ lib.attrsets.mapAttrsToList (_name: sshConfig) (
+ lib.attrsets.filterAttrs (_name: _value: true) machines
+ )
+ );
+in
+{
+ inherit
+ syncthingFolderPath
+ hasSyncthingFolders
+ syncthingMachinesWithFolder
+ generateSyncthingAdresses
+ isCurrentHost
+ hasVPNPublicKey
+ hasVPNips
+ hasSSHHostKeys
+ sshHostIdentifier
+ sshConfig
+ hostConfig
+ wg-ips
+ generateWireguardPeers
+ generateSyncthingFolders
+ generateSyncthingDevices
+ syncthingGuiAddress
+ sshKnownHosts
+ hostConfigs
+ sshConfigs
+ ;
+}
\ No newline at end of file
systems/aix/extra.nix
@@ -1,4 +1,5 @@
-{ globals, ... }:
+{
+ libx, globals, ... }:
{
imports = [
../common/services/samba.nix
@@ -26,7 +27,7 @@
};
wireguard = {
enable = true;
- ips = globals.fn.wg-ips globals.machines.aix.net.vpn.ips;
+ ips = libx.wg-ips globals.machines.aix.net.vpn.ips;
endpoint = "${globals.net.vpn.endpoint}";
endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
};
systems/aomi/extra.nix
@@ -1,5 +1,6 @@
{
globals,
+ libx,
pkgs,
...
}:
@@ -39,7 +40,7 @@
'';
wireguard = {
enable = true;
- ips = globals.fn.wg-ips globals.machines.aomi.net.vpn.ips;
+ ips = libx.wg-ips globals.machines.aomi.net.vpn.ips;
endpoint = "${globals.net.vpn.endpoint}";
endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
};
systems/athena/extra.nix
@@ -1,4 +1,5 @@
-{ globals, ... }:
+{
+ libx, globals, ... }:
{
imports = [
../common/services/bind.nix
@@ -14,7 +15,7 @@
services = {
wireguard = {
enable = true;
- ips = globals.fn.wg-ips globals.machines.athena.net.vpn.ips;
+ ips = libx.wg-ips globals.machines.athena.net.vpn.ips;
endpoint = "${globals.net.vpn.endpoint}";
endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
};
systems/common/base/network.nix
@@ -1,9 +1,9 @@
-{ globals, ... }:
+{ globals, libx, ... }:
{
# networking.extraHosts = ''
# 10.100.0.80 nagoya.vpn
# '';
- networking.hosts = globals.fn.hostConfigs globals.machines;
+ networking.hosts = libx.hostConfigs globals.machines;
# networking.hosts = {
# "192.168.1.80" = [ "nagoya.home" ];
# "10.100.0.80" = [ "nagoya.vpn" ];
systems/common/services/syncthing.nix
@@ -1,6 +1,7 @@
{
globals,
hostname,
+ libx,
...
}:
{
@@ -10,16 +11,16 @@
# FIXME: change this
dataDir = "/home/vincent/.syncthing";
configDir = "/home/vincent/.syncthing";
- guiAddress = globals.fn.syncthingGuiAddress globals.machines."${hostname}";
+ guiAddress = libx.syncthingGuiAddress globals.machines."${hostname}";
overrideFolders = false; # Just in case, will probably set to true later
settings = {
# FIXME this doesn't work, I wish it did.
# defaults = {
# ignores = { lines = [ "(?d).DS_Store" "**" ]; };
# };
- devices = globals.fn.generateSyncthingDevices globals.machines;
+ devices = libx.generateSyncthingDevices hostname globals.machines;
folders =
- globals.fn.generateSyncthingFolders globals.machines."${hostname}" globals.machines
+ libx.generateSyncthingFolders hostname globals.machines."${hostname}" globals.machines
globals.syncthingFolders;
};
};
systems/demeter/extra.nix
@@ -1,4 +1,5 @@
-{ globals, ... }:
+{
+ libx, globals, ... }:
{
imports = [
../common/services/bind.nix
@@ -13,7 +14,7 @@
services = {
wireguard = {
enable = true;
- ips = globals.fn.wg-ips globals.machines.demeter.net.vpn.ips;
+ ips = libx.wg-ips globals.machines.demeter.net.vpn.ips;
endpoint = "${globals.net.vpn.endpoint}";
endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
};
systems/kerkouane/extra.nix
@@ -1,6 +1,7 @@
{
globals,
lib,
+ libx,
pkgs,
...
}:
@@ -72,8 +73,8 @@ in
services.wireguard.server = {
enable = true;
- ips = globals.fn.wg-ips globals.machines.kerkouane.net.vpn.ips;
- peers = globals.fn.generateWireguardPeers globals.machines;
+ ips = libx.wg-ips globals.machines.kerkouane.net.vpn.ips;
+ peers = libx.generateWireguardPeers globals.machines;
};
services.gosmee = {
systems/kobe/extra.nix
@@ -1,4 +1,5 @@
{
+ libx,
globals,
pkgs,
lib,
@@ -28,7 +29,7 @@
'';
wireguard = {
enable = true;
- ips = globals.fn.wg-ips globals.machines.kobe.net.vpn.ips;
+ ips = libx.wg-ips globals.machines.kobe.net.vpn.ips;
endpoint = "${globals.net.vpn.endpoint}";
endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
};
systems/kyushu/extra.nix
@@ -1,4 +1,5 @@
{
+ libx,
pkgs,
lib,
globals,
@@ -50,7 +51,7 @@
};
wireguard = {
enable = true;
- ips = globals.fn.wg-ips globals.machines.kyushu.net.vpn.ips;
+ ips = libx.wg-ips globals.machines.kyushu.net.vpn.ips;
endpoint = "${globals.net.vpn.endpoint}";
endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
};
systems/nagoya/extra.nix
@@ -1,6 +1,7 @@
{
globals,
lib,
+ libx,
pkgs,
...
}:
@@ -13,7 +14,7 @@
services = {
wireguard = {
enable = true;
- ips = globals.fn.wg-ips globals.machines.nagoya.net.vpn.ips;
+ ips = libx.wg-ips globals.machines.nagoya.net.vpn.ips;
endpoint = "${globals.net.vpn.endpoint}";
endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
};
@@ -36,7 +37,7 @@
proxyPass = "http://${builtins.head value.net.vpn.ips}:8384/";
recommendedProxySettings = true;
}
- ) (lib.attrsets.filterAttrs (_name: value: (globals.fn.hasVPNips value)) globals.machines);
+ ) (lib.attrsets.filterAttrs (_name: value: (libx.hasVPNips value)) globals.machines);
# // {
# "/n8n/" = {
# proxyPass = "http://127.0.0.1:5678/";
@@ -51,7 +52,7 @@
proxyPass = "http://${builtins.head value.net.vpn.ips}:8384/";
recommendedProxySettings = true;
}
- ) (lib.attrsets.filterAttrs (_name: value: (globals.fn.hasVPNips value)) globals.machines);
+ ) (lib.attrsets.filterAttrs (_name: value: (libx.hasVPNips value)) globals.machines);
};
};
systems/sakhalin/extra.nix
@@ -1,4 +1,5 @@
{
+ libx,
globals,
pkgs,
...
@@ -122,7 +123,7 @@
};
wireguard = {
enable = true;
- ips = globals.fn.wg-ips globals.machines.sakhalin.net.vpn.ips;
+ ips = libx.wg-ips globals.machines.sakhalin.net.vpn.ips;
endpoint = "${globals.net.vpn.endpoint}";
endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
};
systems/shikoku/extra.nix
@@ -1,5 +1,6 @@
{
globals,
+ libx,
pkgs,
...
}:
@@ -29,7 +30,7 @@
services = {
wireguard = {
enable = true;
- ips = globals.fn.wg-ips globals.machines.shikoku.net.vpn.ips;
+ ips = libx.wg-ips globals.machines.shikoku.net.vpn.ips;
endpoint = "${globals.net.vpn.endpoint}";
endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
};
globals.nix
@@ -1,96 +1,4 @@
{ hostname, lib, ... }:
-let
-
- isCurrentHost = n: n == hostname;
- hasVPNPublicKey = host: (lib.attrsets.attrByPath [ "net" "vpn" "pubkey" ] "" host) != "";
- hasVPNips = host: (builtins.length (lib.attrsets.attrByPath [ "net" "vpn" "ips" ] [ ] host)) > 0;
- /**
- Return true if the given host has a list of Syncthing folder configured.
- *
- */
- hasSyncthingFolders =
- host:
- builtins.hasAttr "syncthing" host
- && builtins.hasAttr "folders" host.syncthing
- && (builtins.length (lib.attrsets.attrValues host.syncthing.folders)) > 0;
-
- hasSSHHostKeys = host: builtins.hasAttr "ssh" host && builtins.hasAttr "hostKey" host.ssh;
-
- # Get the path for the given folder, either using the host specified path or the default one
- syncthingFolderPath =
- name: folder: folders:
- lib.attrsets.attrByPath [ "path" ] folders."${name}".path folder;
-
- # Filter machine with the given syncthing folder
- syncthingMachinesWithFolder =
- folderName: machines:
- lib.attrsets.filterAttrs (
- name: value:
- hasSyncthingFolders value
- && !(isCurrentHost name)
- && (builtins.hasAttr folderName value.syncthing.folders)
- ) machines;
-
- generateSyncthingAdresses =
- machine:
- builtins.map (x: "tcp://${x}") (
- lib.attrsets.attrByPath [ "net" "ips" ] [ ] machine
- ++ lib.attrsets.attrByPath [ "net" "vpn" "ips" ] [ ] machine
- ++ lib.attrsets.attrByPath [ "net" "names" ] [ ] machine
- );
-
- sshHostIdentifier =
- machine:
- lib.attrsets.attrByPath [ "net" "names" ] [ ] machine
- ++ lib.attrsets.attrByPath [ "net" "ips" ] [ ] machine
- ++ lib.attrsets.attrByPath [ "net" "vpn" "ips" ] [ ] machine;
-
- hostConfig =
- machine:
- builtins.listToAttrs (
- map
- (x: {
- name = x;
- value =
- if (lib.strings.hasPrefix "10.100" x) then
- builtins.filter (n: lib.strings.hasSuffix ".vpn" n) machine.net.names
- else if (lib.strings.hasPrefix "192.168" x) then
- builtins.filter (n: lib.strings.hasSuffix ".home" n) machine.net.names
- else
- [ ];
- })
- (
- lib.attrsets.attrByPath [ "net" "ips" ] [ ] machine
- ++ lib.attrsets.attrByPath [ "net" "vpn" "ips" ] [ ] machine
- )
- );
-
- sshConfig =
- machine:
- builtins.listToAttrs (
- map
- (x: {
- name = x;
- value = {
- hostname =
- if (lib.strings.hasSuffix ".vpn" x) then
- builtins.head machine.net.vpn.ips
- else if (lib.strings.hasSuffix ".home" x) then
- builtins.head machine.net.ips
- else
- x;
- forwardAgent = true;
- identityFile = "~/.ssh/kyushu";
- identityAgent = "empty";
- };
- })
- (
- builtins.filter (x: (lib.strings.hasSuffix ".home" x) || (lib.strings.hasSuffix ".vpn" x)) (
- sshHostIdentifier machine
- )
- )
- );
-in
{
ssh = {
vincent = [
@@ -587,93 +495,4 @@ in
};
};
};
-
- # FIXME Maybe I should move this elsewhere, in ./lib maybe ?
- fn = {
- inherit
- syncthingFolderPath
- hasSyncthingFolders
- syncthingMachinesWithFolder
- generateSyncthingAdresses
- isCurrentHost
- hasVPNPublicKey
- hasVPNips
- hasSSHHostKeys
- sshHostIdentifier
- sshConfig
- hostConfig
- ;
- /**
- Return a list of wireguard ips from a list of ips.
-
- Essentially, it will append /32 to the each element of the list.
- *
- */
- wg-ips = ips: builtins.map (x: "${x}/32") ips;
-
- # WIREGUARD
- generateWireguardPeers =
- machines:
- lib.attrsets.attrValues (
- lib.attrsets.mapAttrs
- (_name: value: {
- allowedIPs = value.net.vpn.ips;
- publicKey = value.net.vpn.pubkey;
- })
- (
- lib.attrsets.filterAttrs (
- name: value: name != "kerkouane" && (hasVPNPublicKey value) && (hasVPNips value)
- ) machines
- )
- );
-
- # SYNCTHING
- generateSyncthingFolders =
- machine: machines: folders:
- lib.attrsets.mapAttrs' (
- name: value:
- lib.attrsets.nameValuePair (syncthingFolderPath name value folders) {
- inherit (folders."${name}") id;
- label = name;
- devices = lib.attrsets.mapAttrsToList (n: _v: n) (syncthingMachinesWithFolder name machines);
- rescanIntervalS = 3600 * 6; # TODO: make it configurable
- }
- ) (lib.attrsets.attrByPath [ "syncthing" "folders" ] { } machine);
-
- generateSyncthingDevices =
- machines:
- lib.attrsets.mapAttrs
- (_name: value: {
- inherit (value.syncthing) id;
- addresses = generateSyncthingAdresses value;
- })
- (
- lib.attrsets.filterAttrs (name: value: hasSyncthingFolders value && !(isCurrentHost name)) machines
- );
-
- syncthingGuiAddress =
- machine:
- (builtins.head (lib.attrsets.attrByPath [ "net" "vpn" "ips" ] [ "127.0.0.1" ] machine)) + ":8384";
-
- # SSH
-
- sshKnownHosts =
- machines:
- lib.strings.concatStringsSep "\n" (
- lib.attrsets.mapAttrsToList (
- _name: value: "${lib.strings.concatStringsSep "," (sshHostIdentifier value)} ${value.ssh.hostKey}"
- ) (lib.attrsets.filterAttrs (_name: hasSSHHostKeys) machines)
- );
-
- hostConfigs =
- machines: lib.attrsets.mergeAttrsList (lib.attrsets.mapAttrsToList (_name: hostConfig) machines);
-
- sshConfigs =
- machines:
- lib.attrsets.mergeAttrsList (
- lib.attrsets.mapAttrsToList (_name: sshConfig) (
- lib.attrsets.filterAttrs (_name: _value: true) machines
- )
- );
- };
}