modules: use new hosts style
This commit is contained in:
parent
004af67a0e
commit
25e7ba5c33
11 changed files with 32 additions and 34 deletions
|
@ -1,8 +1,8 @@
|
||||||
{ config, hosts, lib, tools, ... }:
|
{ config, depot, lib, tools, ... }:
|
||||||
let
|
let
|
||||||
orgDomain = tools.meta.domain;
|
orgDomain = tools.meta.domain;
|
||||||
orgRealm = lib.toUpper orgDomain;
|
orgRealm = lib.toUpper orgDomain;
|
||||||
host = hosts.${config.networking.hostName} or null;
|
host = depot.reflection;
|
||||||
in {
|
in {
|
||||||
krb5 = {
|
krb5 = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, hosts, ... }:
|
{ config, depot, ... }:
|
||||||
{
|
{
|
||||||
services.fail2ban = {
|
services.fail2ban = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -10,7 +10,7 @@
|
||||||
'';
|
'';
|
||||||
ignoreIP = [
|
ignoreIP = [
|
||||||
"10.0.0.0/8"
|
"10.0.0.0/8"
|
||||||
hosts.${config.networking.hostName}.interfaces.primary.addr
|
depot.reflection.interfaces.primary.addr
|
||||||
];
|
];
|
||||||
bantime-increment = {
|
bantime-increment = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,23 +1,23 @@
|
||||||
{ pkgs, inputs, lib, hosts, config, ... }:
|
{ pkgs, depot, lib, config, ... }:
|
||||||
let
|
let
|
||||||
inherit (config.networking) hostName;
|
inherit (config.networking) hostName;
|
||||||
inherit (inputs.self.packages.${pkgs.system}) hyprspace;
|
inherit (depot.packages) hyprspace;
|
||||||
hyprspaceCapableNodes = lib.filterAttrs (_: host: host ? hypr) hosts;
|
hyprspaceCapableNodes = lib.filterAttrs (_: host: host.hyprspace.enable) depot.config.hours;
|
||||||
peersFormatted = builtins.mapAttrs (_: x: {
|
peersFormatted = builtins.mapAttrs (_: x: {
|
||||||
inherit (x.hypr) id;
|
inherit (x.hyprspace) id;
|
||||||
routes = map (net: { inherit net; }) ((x.hypr.routes or []) ++ [ "${x.hypr.addr}/32" ]);
|
routes = map (net: { inherit net; }) ((x.hyprspace.routes or []) ++ [ "${x.hyprspace.addr}/32" ]);
|
||||||
}) hyprspaceCapableNodes;
|
}) hyprspaceCapableNodes;
|
||||||
peersFiltered = lib.filterAttrs (name: _: name != hostName) peersFormatted;
|
peersFiltered = lib.filterAttrs (name: _: name != hostName) peersFormatted;
|
||||||
peerList = builtins.attrValues peersFiltered;
|
peerList = builtins.attrValues peersFiltered;
|
||||||
myNode = hosts.${hostName};
|
myNode = depot.reflection;
|
||||||
listenPort = myNode.hypr.listenPort or 8001;
|
listenPort = myNode.hyprspace.listenPort or 8001;
|
||||||
|
|
||||||
interfaceConfig = pkgs.writeText "hyprspace.yml" (builtins.toJSON {
|
interfaceConfig = pkgs.writeText "hyprspace.yml" (builtins.toJSON {
|
||||||
interface = {
|
interface = {
|
||||||
name = "hyprspace";
|
name = "hyprspace";
|
||||||
listen_port = listenPort;
|
listen_port = listenPort;
|
||||||
inherit (myNode.hypr) id;
|
inherit (myNode.hyprspace) id;
|
||||||
address = "${myNode.hypr.addr}/24";
|
address = "${myNode.hyprspace.addr}/24";
|
||||||
private_key = "@HYPRSPACEPRIVATEKEY@";
|
private_key = "@HYPRSPACEPRIVATEKEY@";
|
||||||
};
|
};
|
||||||
peers = peerList;
|
peers = peerList;
|
||||||
|
@ -26,7 +26,7 @@ let
|
||||||
privateKeyFile = config.age.secrets.hyprspace-key.path;
|
privateKeyFile = config.age.secrets.hyprspace-key.path;
|
||||||
runConfig = "/run/hyprspace.yml";
|
runConfig = "/run/hyprspace.yml";
|
||||||
in {
|
in {
|
||||||
networking.hosts = lib.mapAttrs' (k: v: lib.nameValuePair v.hypr.addr [k "${k}.hypr"]) hyprspaceCapableNodes;
|
networking.hosts = lib.mapAttrs' (k: v: lib.nameValuePair v.hyprspace.addr [k "${k}.hypr"]) hyprspaceCapableNodes;
|
||||||
age.secrets.hyprspace-key = {
|
age.secrets.hyprspace-key = {
|
||||||
file = ../../secrets/hyprspace-key- + "${hostName}.age";
|
file = ../../secrets/hyprspace-key- + "${hostName}.age";
|
||||||
mode = "0400";
|
mode = "0400";
|
||||||
|
|
|
@ -1,5 +1,3 @@
|
||||||
{ inputs, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
{
|
||||||
systemd.targets.maintenance = {
|
systemd.targets.maintenance = {
|
||||||
unitConfig.AllowIsolate = true;
|
unitConfig.AllowIsolate = true;
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, inputs, pkgs, ... }:
|
{ config, depot, pkgs, ... }:
|
||||||
{
|
{
|
||||||
users.motd = builtins.readFile ./motd.txt;
|
users.motd = builtins.readFile ./motd.txt;
|
||||||
environment.interactiveShellInit = let
|
environment.interactiveShellInit = let
|
||||||
|
@ -40,7 +40,7 @@
|
||||||
echo -e " █ ''${BGREEN}(✓)''${CO} ''${BWHITE}You are using a genuine Private Void™ system.''${CO}"
|
echo -e " █ ''${BGREEN}(✓)''${CO} ''${BWHITE}You are using a genuine Private Void™ system.''${CO}"
|
||||||
echo " █"
|
echo " █"
|
||||||
echo -e " █ ''${BWHITE}OS Version....:''${CO} NixOS ''${CAB}${config.system.nixos.version}''${CO}"
|
echo -e " █ ''${BWHITE}OS Version....:''${CO} NixOS ''${CAB}${config.system.nixos.version}''${CO}"
|
||||||
echo -e " █ ''${BWHITE}Configuration.:''${CO} ''${CAB}${inputs.self.rev or "\${BRED}(✘)\${CO}\${BWHITE} Dirty"}''${CO}"
|
echo -e " █ ''${BWHITE}Configuration.:''${CO} ''${CAB}${depot.rev or "\${BRED}(✘)\${CO}\${BWHITE} Dirty"}''${CO}"
|
||||||
echo -e " █ ''${BWHITE}Uptime........:''${CO} $(${uptime} -p | ${util "cut"} -d ' ' -f2- | GREP_COLORS='mt=01;35' ${grep} --color=always '[0-9]*')"
|
echo -e " █ ''${BWHITE}Uptime........:''${CO} $(${uptime} -p | ${util "cut"} -d ' ' -f2- | GREP_COLORS='mt=01;35' ${grep} --color=always '[0-9]*')"
|
||||||
echo -e " █ ''${BWHITE}SSH Logins....:''${CO} There are currently ''${CAB}$(${countUsers})''${CO} users logged in on ''${CAB}$(${countSessions})''${CO} sessions"
|
echo -e " █ ''${BWHITE}SSH Logins....:''${CO} There are currently ''${CAB}$(${countUsers})''${CO} users logged in on ''${CAB}$(${countSessions})''${CO} sessions"
|
||||||
)
|
)
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
{ pkgs, lib, config, inputs, tools, ... }:
|
{ pkgs, lib, config, depot, tools, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
nix = {
|
nix = {
|
||||||
package = inputs.nix-super.packages.${pkgs.system}.default;
|
package = depot.inputs.nix-super.packages.default;
|
||||||
|
|
||||||
settings = {
|
settings = {
|
||||||
trusted-users = [ "root" "@wheel" "@admins" ];
|
trusted-users = [ "root" "@wheel" "@admins" ];
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ inputs, ... }:
|
{ depot, ... }:
|
||||||
|
|
||||||
with inputs;
|
with depot.inputs;
|
||||||
{
|
{
|
||||||
nix.nixPath = [
|
nix.nixPath = [
|
||||||
"repl=/etc/nixos/flake-channels/system/repl.nix"
|
"repl=/etc/nixos/flake-channels/system/repl.nix"
|
||||||
|
@ -8,13 +8,13 @@ with inputs;
|
||||||
];
|
];
|
||||||
|
|
||||||
nix.registry = {
|
nix.registry = {
|
||||||
system.flake = self;
|
system.flake = depot;
|
||||||
nixpkgs.flake = nixpkgs;
|
nixpkgs.flake = nixpkgs;
|
||||||
default.flake = nixpkgs;
|
default.flake = nixpkgs;
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.etc = {
|
environment.etc = {
|
||||||
"nixos/flake-channels/system".source = inputs.self;
|
"nixos/flake-channels/system".source = depot;
|
||||||
"nixos/flake-channels/nixpkgs".source = nixpkgs;
|
"nixos/flake-channels/nixpkgs".source = nixpkgs;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
{ hosts, lib, ... }:
|
{ depot, lib, ... }:
|
||||||
let
|
let
|
||||||
filtered = lib.filterAttrs (_: host: host ? ssh) hosts;
|
filtered = lib.filterAttrs (_: host: host.ssh.enable) depot.config.hours;
|
||||||
idCapable = lib.filterAttrs (_: host: host.ssh ? id) filtered;
|
idCapable = lib.filterAttrs (_: host: host.ssh.id.publicKey != null) filtered;
|
||||||
configCapable = lib.filterAttrs (_: host: host.ssh ? extraConfig) filtered;
|
configCapable = lib.filterAttrs (_: host: host.ssh.extraConfig != "") filtered;
|
||||||
|
|
||||||
sshHosts = lib.mapAttrs (_: host: host.ssh.id) idCapable;
|
sshHosts = lib.mapAttrs (_: host: host.ssh.id) idCapable;
|
||||||
sshExtras = lib.mapAttrsToList (_: host: host.ssh.extraConfig) configCapable;
|
sshExtras = lib.mapAttrsToList (_: host: host.ssh.extraConfig) configCapable;
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
{ config, lib, hosts, tools, utils, ... }:
|
{ config, lib, depot, tools, utils, ... }:
|
||||||
let
|
let
|
||||||
inherit (tools.meta) domain;
|
inherit (tools.meta) domain;
|
||||||
inherit (tools) identity;
|
inherit (tools) identity;
|
||||||
inherit (config.networking) hostName;
|
inherit (config.networking) hostName;
|
||||||
inherit (hosts.${hostName}) enterprise interfaces;
|
inherit (depot.reflection) enterprise interfaces;
|
||||||
|
|
||||||
toINI = content: lib.generators.toINI {} (iniFilter content);
|
toINI = content: lib.generators.toINI {} (iniFilter content);
|
||||||
|
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
{ inputs, ... }:
|
{ depot, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
system.configurationRevision = inputs.self.rev or null;
|
system.configurationRevision = depot.rev or null;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, inputs, lib, pkgs, ... }:
|
{ config, depot, lib, pkgs, ... }:
|
||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
{
|
{
|
||||||
|
@ -9,5 +9,5 @@ with lib;
|
||||||
default = [];
|
default = [];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
config.system.extraDependencies = map (name: inputs.self.checks.${pkgs.system}.${name}) config.tested.requiredChecks;
|
config.system.extraDependencies = map (name: depot.checks.${name}) config.tested.requiredChecks;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue