modules: use new hosts style

This commit is contained in:
Max Headroom 2023-03-07 01:25:57 +01:00
parent 004af67a0e
commit 25e7ba5c33
11 changed files with 32 additions and 34 deletions

View file

@ -1,8 +1,8 @@
{ config, hosts, lib, tools, ... }: { config, depot, lib, tools, ... }:
let let
orgDomain = tools.meta.domain; orgDomain = tools.meta.domain;
orgRealm = lib.toUpper orgDomain; orgRealm = lib.toUpper orgDomain;
host = hosts.${config.networking.hostName} or null; host = depot.reflection;
in { in {
krb5 = { krb5 = {
enable = true; enable = true;

View file

@ -1,4 +1,4 @@
{ config, hosts, ... }: { config, depot, ... }:
{ {
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
@ -10,7 +10,7 @@
''; '';
ignoreIP = [ ignoreIP = [
"10.0.0.0/8" "10.0.0.0/8"
hosts.${config.networking.hostName}.interfaces.primary.addr depot.reflection.interfaces.primary.addr
]; ];
bantime-increment = { bantime-increment = {
enable = true; enable = true;

View file

@ -1,23 +1,23 @@
{ pkgs, inputs, lib, hosts, config, ... }: { pkgs, depot, lib, config, ... }:
let let
inherit (config.networking) hostName; inherit (config.networking) hostName;
inherit (inputs.self.packages.${pkgs.system}) hyprspace; inherit (depot.packages) hyprspace;
hyprspaceCapableNodes = lib.filterAttrs (_: host: host ? hypr) hosts; hyprspaceCapableNodes = lib.filterAttrs (_: host: host.hyprspace.enable) depot.config.hours;
peersFormatted = builtins.mapAttrs (_: x: { peersFormatted = builtins.mapAttrs (_: x: {
inherit (x.hypr) id; inherit (x.hyprspace) id;
routes = map (net: { inherit net; }) ((x.hypr.routes or []) ++ [ "${x.hypr.addr}/32" ]); routes = map (net: { inherit net; }) ((x.hyprspace.routes or []) ++ [ "${x.hyprspace.addr}/32" ]);
}) hyprspaceCapableNodes; }) hyprspaceCapableNodes;
peersFiltered = lib.filterAttrs (name: _: name != hostName) peersFormatted; peersFiltered = lib.filterAttrs (name: _: name != hostName) peersFormatted;
peerList = builtins.attrValues peersFiltered; peerList = builtins.attrValues peersFiltered;
myNode = hosts.${hostName}; myNode = depot.reflection;
listenPort = myNode.hypr.listenPort or 8001; listenPort = myNode.hyprspace.listenPort or 8001;
interfaceConfig = pkgs.writeText "hyprspace.yml" (builtins.toJSON { interfaceConfig = pkgs.writeText "hyprspace.yml" (builtins.toJSON {
interface = { interface = {
name = "hyprspace"; name = "hyprspace";
listen_port = listenPort; listen_port = listenPort;
inherit (myNode.hypr) id; inherit (myNode.hyprspace) id;
address = "${myNode.hypr.addr}/24"; address = "${myNode.hyprspace.addr}/24";
private_key = "@HYPRSPACEPRIVATEKEY@"; private_key = "@HYPRSPACEPRIVATEKEY@";
}; };
peers = peerList; peers = peerList;
@ -26,7 +26,7 @@ let
privateKeyFile = config.age.secrets.hyprspace-key.path; privateKeyFile = config.age.secrets.hyprspace-key.path;
runConfig = "/run/hyprspace.yml"; runConfig = "/run/hyprspace.yml";
in { in {
networking.hosts = lib.mapAttrs' (k: v: lib.nameValuePair v.hypr.addr [k "${k}.hypr"]) hyprspaceCapableNodes; networking.hosts = lib.mapAttrs' (k: v: lib.nameValuePair v.hyprspace.addr [k "${k}.hypr"]) hyprspaceCapableNodes;
age.secrets.hyprspace-key = { age.secrets.hyprspace-key = {
file = ../../secrets/hyprspace-key- + "${hostName}.age"; file = ../../secrets/hyprspace-key- + "${hostName}.age";
mode = "0400"; mode = "0400";

View file

@ -1,5 +1,3 @@
{ inputs, pkgs, ... }:
{ {
systemd.targets.maintenance = { systemd.targets.maintenance = {
unitConfig.AllowIsolate = true; unitConfig.AllowIsolate = true;

View file

@ -1,4 +1,4 @@
{ config, inputs, pkgs, ... }: { config, depot, pkgs, ... }:
{ {
users.motd = builtins.readFile ./motd.txt; users.motd = builtins.readFile ./motd.txt;
environment.interactiveShellInit = let environment.interactiveShellInit = let
@ -40,7 +40,7 @@
echo -e " ''${BGREEN}()''${CO} ''${BWHITE}You are using a genuine Private Void system.''${CO}" echo -e " ''${BGREEN}()''${CO} ''${BWHITE}You are using a genuine Private Void system.''${CO}"
echo " " echo " "
echo -e " ''${BWHITE}OS Version....:''${CO} NixOS ''${CAB}${config.system.nixos.version}''${CO}" echo -e " ''${BWHITE}OS Version....:''${CO} NixOS ''${CAB}${config.system.nixos.version}''${CO}"
echo -e " ''${BWHITE}Configuration.:''${CO} ''${CAB}${inputs.self.rev or "\${BRED}()\${CO}\${BWHITE} Dirty"}''${CO}" echo -e " ''${BWHITE}Configuration.:''${CO} ''${CAB}${depot.rev or "\${BRED}()\${CO}\${BWHITE} Dirty"}''${CO}"
echo -e " ''${BWHITE}Uptime........:''${CO} $(${uptime} -p | ${util "cut"} -d ' ' -f2- | GREP_COLORS='mt=01;35' ${grep} --color=always '[0-9]*')" echo -e " ''${BWHITE}Uptime........:''${CO} $(${uptime} -p | ${util "cut"} -d ' ' -f2- | GREP_COLORS='mt=01;35' ${grep} --color=always '[0-9]*')"
echo -e " ''${BWHITE}SSH Logins....:''${CO} There are currently ''${CAB}$(${countUsers})''${CO} users logged in on ''${CAB}$(${countSessions})''${CO} sessions" echo -e " ''${BWHITE}SSH Logins....:''${CO} There are currently ''${CAB}$(${countUsers})''${CO} users logged in on ''${CAB}$(${countSessions})''${CO} sessions"
) )

View file

@ -1,8 +1,8 @@
{ pkgs, lib, config, inputs, tools, ... }: { pkgs, lib, config, depot, tools, ... }:
{ {
nix = { nix = {
package = inputs.nix-super.packages.${pkgs.system}.default; package = depot.inputs.nix-super.packages.default;
settings = { settings = {
trusted-users = [ "root" "@wheel" "@admins" ]; trusted-users = [ "root" "@wheel" "@admins" ];

View file

@ -1,6 +1,6 @@
{ inputs, ... }: { depot, ... }:
with inputs; with depot.inputs;
{ {
nix.nixPath = [ nix.nixPath = [
"repl=/etc/nixos/flake-channels/system/repl.nix" "repl=/etc/nixos/flake-channels/system/repl.nix"
@ -8,13 +8,13 @@ with inputs;
]; ];
nix.registry = { nix.registry = {
system.flake = self; system.flake = depot;
nixpkgs.flake = nixpkgs; nixpkgs.flake = nixpkgs;
default.flake = nixpkgs; default.flake = nixpkgs;
}; };
environment.etc = { environment.etc = {
"nixos/flake-channels/system".source = inputs.self; "nixos/flake-channels/system".source = depot;
"nixos/flake-channels/nixpkgs".source = nixpkgs; "nixos/flake-channels/nixpkgs".source = nixpkgs;
}; };
} }

View file

@ -1,8 +1,8 @@
{ hosts, lib, ... }: { depot, lib, ... }:
let let
filtered = lib.filterAttrs (_: host: host ? ssh) hosts; filtered = lib.filterAttrs (_: host: host.ssh.enable) depot.config.hours;
idCapable = lib.filterAttrs (_: host: host.ssh ? id) filtered; idCapable = lib.filterAttrs (_: host: host.ssh.id.publicKey != null) filtered;
configCapable = lib.filterAttrs (_: host: host.ssh ? extraConfig) filtered; configCapable = lib.filterAttrs (_: host: host.ssh.extraConfig != "") filtered;
sshHosts = lib.mapAttrs (_: host: host.ssh.id) idCapable; sshHosts = lib.mapAttrs (_: host: host.ssh.id) idCapable;
sshExtras = lib.mapAttrsToList (_: host: host.ssh.extraConfig) configCapable; sshExtras = lib.mapAttrsToList (_: host: host.ssh.extraConfig) configCapable;

View file

@ -1,9 +1,9 @@
{ config, lib, hosts, tools, utils, ... }: { config, lib, depot, tools, utils, ... }:
let let
inherit (tools.meta) domain; inherit (tools.meta) domain;
inherit (tools) identity; inherit (tools) identity;
inherit (config.networking) hostName; inherit (config.networking) hostName;
inherit (hosts.${hostName}) enterprise interfaces; inherit (depot.reflection) enterprise interfaces;
toINI = content: lib.generators.toINI {} (iniFilter content); toINI = content: lib.generators.toINI {} (iniFilter content);

View file

@ -1,5 +1,5 @@
{ inputs, ... }: { depot, ... }:
{ {
system.configurationRevision = inputs.self.rev or null; system.configurationRevision = depot.rev or null;
} }

View file

@ -1,4 +1,4 @@
{ config, inputs, lib, pkgs, ... }: { config, depot, lib, pkgs, ... }:
with lib; with lib;
{ {
@ -9,5 +9,5 @@ with lib;
default = []; default = [];
}; };
}; };
config.system.extraDependencies = map (name: inputs.self.checks.${pkgs.system}.${name}) config.tested.requiredChecks; config.system.extraDependencies = map (name: depot.checks.${name}) config.tested.requiredChecks;
} }