From ae48e4807a5af7ca8bda761c433b85d5da74daa1 Mon Sep 17 00:00:00 2001 From: Max Date: Thu, 31 Aug 2023 00:55:45 +0200 Subject: [PATCH] treewide: massive refactor --- cluster/default.nix | 4 +- cluster/inject.nix | 15 ----- cluster/lib/inject-nixos-config.nix | 10 ++-- cluster/lib/service-module.nix | 9 +-- cluster/lib/services.nix | 15 +++-- cluster/part.nix | 11 ++++ cluster/services/attic/binary-cache.nix | 6 +- cluster/services/attic/nar-serve.nix | 4 +- cluster/services/attic/server.nix | 4 +- .../certificates/internal-wildcard.nix | 4 +- cluster/services/consul/agent.nix | 6 +- cluster/services/consul/remote-api.nix | 6 +- cluster/services/dns/admin.nix | 6 +- cluster/services/dns/authoritative.nix | 6 +- cluster/services/dns/coredns.nix | 7 +-- cluster/services/dns/default.nix | 2 +- cluster/services/forge/server.nix | 6 +- .../hercules-ci-multi-agent/default.nix | 2 +- cluster/services/idm/default.nix | 6 +- cluster/services/idm/server.nix | 6 +- cluster/services/ipfs/cluster.nix | 6 +- cluster/services/ipfs/default.nix | 8 +-- cluster/services/ipfs/gateway.nix | 6 +- cluster/services/ipfs/node.nix | 8 +-- cluster/services/ipfs/remote-api.nix | 6 +- cluster/services/irc/default.nix | 6 +- cluster/services/irc/irc-host.nix | 13 +++-- cluster/services/matrix/bridges/discord.nix | 4 +- cluster/services/matrix/coturn.nix | 4 +- cluster/services/matrix/default.nix | 4 +- cluster/services/matrix/federation.nix | 4 +- cluster/services/matrix/homeserver.nix | 8 +-- cluster/services/matrix/web-client.nix | 4 +- cluster/services/meet/default.nix | 4 +- cluster/services/meet/host.nix | 6 +- cluster/services/monitoring/blackbox.nix | 8 +-- cluster/services/monitoring/client.nix | 6 +- cluster/services/monitoring/grafana-ha.nix | 6 +- cluster/services/nextcloud/default.nix | 4 +- cluster/services/nextcloud/host.nix | 4 +- cluster/services/nginx/nginx.nix | 13 +---- cluster/services/object-storage/default.nix | 4 +- cluster/services/object-storage/host.nix | 4 +- cluster/services/patroni/metrics.nix | 4 +- cluster/services/patroni/worker.nix | 9 +-- cluster/services/search/default.nix | 4 +- cluster/services/search/host.nix | 4 +- cluster/services/soda/default.nix | 4 +- cluster/services/warehouse/host.nix | 8 +-- cluster/services/websites/default.nix | 22 +++---- cluster/services/wireguard/default.nix | 2 +- cluster/services/wireguard/mesh.nix | 2 +- flake.nix | 1 + hosts/VEGAS/modules/oauth2-proxy/default.nix | 4 +- hosts/VEGAS/services/api/default.nix | 6 +- .../backbone-routing/port-forward.nix | 2 +- hosts/VEGAS/services/bitwarden/default.nix | 4 +- hosts/VEGAS/services/cdn-shield/default.nix | 9 ++- hosts/VEGAS/services/fbi/default.nix | 4 +- hosts/VEGAS/services/gitlab/default.nix | 6 +- hosts/VEGAS/services/jokes/default.nix | 7 +-- hosts/VEGAS/services/mail/default.nix | 8 +-- hosts/VEGAS/services/mail/imap.nix | 6 +- hosts/VEGAS/services/mail/opendkim.nix | 4 +- hosts/VEGAS/services/mail/postfix.nix | 4 +- hosts/VEGAS/services/mail/saslauthd.nix | 4 +- hosts/VEGAS/services/reflex/default.nix | 6 +- hosts/VEGAS/services/sso/default.nix | 6 +- .../services/sso/identity-management.nix | 8 +-- hosts/VEGAS/services/vault/default.nix | 4 +- hosts/VEGAS/services/websites/default.nix | 10 ++-- hosts/VEGAS/services/websites/extra-sites.nix | 8 --- hosts/VEGAS/system.nix | 6 +- hosts/checkmate/system.nix | 2 +- hosts/nixos.nix | 18 ++---- hosts/prophet/system.nix | 2 +- hosts/soda/system.nix | 4 +- hosts/thunderskin/system.nix | 2 +- lib/hours.nix | 18 ++++++ lib/identity.nix | 37 ++++++++++++ lib/meta.nix | 8 +++ lib/nginx.nix | 50 ++++++++++++++++ lib/part.nix | 22 +++++++ lib/time-travel.nix | 17 +----- modules/enterprise/default.nix | 4 +- modules/hyprspace/default.nix | 2 +- modules/nix-config/server.nix | 6 +- modules/ssh/default.nix | 2 +- packages/checks/default.nix | 12 +--- packages/checks/jellyfin-stateless.nix | 4 +- tools/default.nix | 10 ---- tools/identity.nix | 40 ------------- tools/inject.nix | 4 -- tools/meta.nix | 4 -- tools/networks.nix | 20 ------- tools/nginx.nix | 58 ------------------- 96 files changed, 373 insertions(+), 424 deletions(-) delete mode 100644 cluster/inject.nix create mode 100644 cluster/part.nix delete mode 100644 hosts/VEGAS/services/websites/extra-sites.nix create mode 100644 lib/hours.nix create mode 100644 lib/identity.nix create mode 100644 lib/meta.nix create mode 100644 lib/nginx.nix delete mode 100644 tools/default.nix delete mode 100644 tools/identity.nix delete mode 100644 tools/inject.nix delete mode 100644 tools/meta.nix delete mode 100644 tools/networks.nix delete mode 100644 tools/nginx.nix diff --git a/cluster/default.nix b/cluster/default.nix index 6eaf70d..118341f 100644 --- a/cluster/default.nix +++ b/cluster/default.nix @@ -1,4 +1,4 @@ -{ lib, depot, hostName }: +{ lib, depot }: lib.evalModules { specialArgs = { @@ -7,12 +7,10 @@ lib.evalModules { modules = [ # Arbitrary variables to reference across multiple services ./lib/vars - { vars = { inherit hostName; }; } # Cluster-level port-magic ../modules/port-magic - ../tools/inject.nix ./lib/services.nix ./lib/inject-nixos-config.nix ./lib/port-magic-multi.nix diff --git a/cluster/inject.nix b/cluster/inject.nix deleted file mode 100644 index f9052a2..0000000 --- a/cluster/inject.nix +++ /dev/null @@ -1,15 +0,0 @@ -hostName: -{ depot, lib, ... }: - -let - cluster = import ./. { inherit lib depot hostName; }; -in - -{ - _module.args.cluster = { - inherit (cluster.config) vars; - inherit (cluster.config.vars) hosts; - inherit (cluster) config; - }; - imports = cluster.config.out.injectedNixosConfig; -} diff --git a/cluster/lib/inject-nixos-config.nix b/cluster/lib/inject-nixos-config.nix index 0355f97..6e5add1 100644 --- a/cluster/lib/inject-nixos-config.nix +++ b/cluster/lib/inject-nixos-config.nix @@ -1,10 +1,10 @@ -{ lib, ... }: +{ config, lib, ... }: with lib; { - options.out.injectedNixosConfig = mkOption { - description = "NixOS configuration modules to inject into the host."; - type = with types; listOf anything; - default = {}; + options.out.injectNixosConfig = mkOption { + description = "NixOS configuration to inject into the given host."; + type = with types; functionTo raw; + default = const []; }; } diff --git a/cluster/lib/service-module.nix b/cluster/lib/service-module.nix index 684ff44..4f15370 100644 --- a/cluster/lib/service-module.nix +++ b/cluster/lib/service-module.nix @@ -1,11 +1,8 @@ -vars: { config, lib, ... }: with lib; let - notSelf = x: x != vars.hostName; - - filterGroup = builtins.filter notSelf; + filterGroup = group: hostName: builtins.filter (x: x != hostName) group; in { @@ -26,7 +23,7 @@ in }; otherNodes = mkOption { description = "Other nodes in the group."; - type = with types; attrsOf (listOf str); + type = with types; attrsOf (functionTo (listOf str)); default = []; }; nixos = mkOption { @@ -35,5 +32,5 @@ in default = {}; }; }; - config.otherNodes = builtins.mapAttrs (_: filterGroup) config.nodes; + config.otherNodes = builtins.mapAttrs (const filterGroup) config.nodes; } diff --git a/cluster/lib/services.nix b/cluster/lib/services.nix index b97ce89..c9f20b6 100644 --- a/cluster/lib/services.nix +++ b/cluster/lib/services.nix @@ -2,18 +2,25 @@ with lib; let - getHostConfigurations = svcConfig: hostName: + getHostConfigurations = hostName: svcConfig: lib.mapAttrsToList (groupName: _: svcConfig.nixos.${groupName}) (lib.filterAttrs (_: lib.elem hostName) svcConfig.nodes); - getServiceConfigurations = svcConfig: getHostConfigurations svcConfig config.vars.hostName; + + introspectionModule._module.args.cluster = { + inherit (config) vars; + inherit config; + }; in { options.services = mkOption { description = "Cluster services."; - type = with types; attrsOf (submodule (import ./service-module.nix config.vars)); + type = with types; attrsOf (submodule ./service-module.nix); default = {}; }; - config.out.injectedNixosConfig = lib.flatten (lib.mapAttrsToList (_: getServiceConfigurations) config.services); + + config.out.injectNixosConfig = hostName: (lib.flatten (lib.mapAttrsToList (_: getHostConfigurations hostName) config.services)) ++ [ + introspectionModule + ]; } diff --git a/cluster/part.nix b/cluster/part.nix new file mode 100644 index 0000000..99452ac --- /dev/null +++ b/cluster/part.nix @@ -0,0 +1,11 @@ +{ depot, lib, ... }: + +{ + options.cluster = lib.mkOption { + type = lib.types.raw; + }; + + config.cluster = import ./. { + inherit depot lib; + }; +} diff --git a/cluster/services/attic/binary-cache.nix b/cluster/services/attic/binary-cache.nix index b4be382..b1e4ecf 100644 --- a/cluster/services/attic/binary-cache.nix +++ b/cluster/services/attic/binary-cache.nix @@ -1,5 +1,5 @@ -{ config, tools, ... }: -with tools.nginx; +{ config, depot, ... }: +with depot.lib.nginx; let addrSplit' = builtins.split ":" config.services.minio.listenAddress; addrSplit = builtins.filter builtins.isString addrSplit'; @@ -27,7 +27,7 @@ in services.nginx.appendHttpConfig = '' proxy_cache_path /var/cache/nginx/nixstore levels=1:2 keys_zone=nixstore:10m max_size=10g inactive=24h use_temp_path=off; ''; - services.nginx.virtualHosts."cache.${tools.meta.domain}" = vhosts.basic // { + services.nginx.virtualHosts."cache.${depot.lib.meta.domain}" = vhosts.basic // { locations = { "= /".return = "302 /404"; "/" = { diff --git a/cluster/services/attic/nar-serve.nix b/cluster/services/attic/nar-serve.nix index 88a37fa..4da4741 100644 --- a/cluster/services/attic/nar-serve.nix +++ b/cluster/services/attic/nar-serve.nix @@ -1,4 +1,4 @@ -{ config, depot, tools, ... }: +{ config, depot, ... }: let mkNarServe = NAR_CACHE_URL: PORT: { @@ -17,6 +17,6 @@ nar-serve-nixos-org.protocol = "http"; }; - systemd.services.nar-serve-self = mkNarServe "https://cache.${tools.meta.domain}" config.links.nar-serve-self.portStr; + systemd.services.nar-serve-self = mkNarServe "https://cache.${depot.lib.meta.domain}" config.links.nar-serve-self.portStr; systemd.services.nar-serve-nixos-org = mkNarServe "https://cache.nixos.org" config.links.nar-serve-nixos-org.portStr; } diff --git a/cluster/services/attic/server.nix b/cluster/services/attic/server.nix index e7dbfa2..64b4ae2 100644 --- a/cluster/services/attic/server.nix +++ b/cluster/services/attic/server.nix @@ -1,4 +1,4 @@ -{ config, depot, lib, tools, ... }: +{ config, depot, lib, ... }: let dataDir = "/srv/storage/private/attic"; @@ -52,7 +52,7 @@ in ReadWritePaths = [ dataDir ]; }; - services.nginx.virtualHosts."cache-api.${tools.meta.domain}" = tools.nginx.vhosts.proxy config.links.atticServer.url // { + services.nginx.virtualHosts."cache-api.${depot.lib.meta.domain}" = depot.lib.nginx.vhosts.proxy config.links.atticServer.url // { extraConfig = '' client_max_body_size 4G; ''; diff --git a/cluster/services/certificates/internal-wildcard.nix b/cluster/services/certificates/internal-wildcard.nix index 428b4b3..596bfff 100644 --- a/cluster/services/certificates/internal-wildcard.nix +++ b/cluster/services/certificates/internal-wildcard.nix @@ -1,7 +1,7 @@ -{ config, lib, pkgs, tools, ... }: +{ config, lib, pkgs, depot, ... }: let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; extraGroups = [ "nginx" ] ++ lib.optional config.services.kanidm.enableServer "kanidm"; diff --git a/cluster/services/consul/agent.nix b/cluster/services/consul/agent.nix index b15d712..b0b65bd 100644 --- a/cluster/services/consul/agent.nix +++ b/cluster/services/consul/agent.nix @@ -1,7 +1,7 @@ -{ config, cluster, lib, tools, ... }: +{ config, cluster, depot, ... }: let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; inherit (config.networking) hostName; inherit (cluster.config) hostLinks; cfg = cluster.config.services.consul; @@ -21,7 +21,7 @@ in node_name = config.networking.hostName; bind_addr = hl.ipv4; ports.serf_lan = hl.port; - retry_join = map (hostName: hostLinks.${hostName}.consul.tuple) cfg.otherNodes.agent; + retry_join = map (hostName: hostLinks.${hostName}.consul.tuple) (cfg.otherNodes.agent hostName); }; }; diff --git a/cluster/services/consul/remote-api.nix b/cluster/services/consul/remote-api.nix index d1a4671..87d24d0 100644 --- a/cluster/services/consul/remote-api.nix +++ b/cluster/services/consul/remote-api.nix @@ -1,13 +1,13 @@ -{ config, cluster, depot, lib, tools, ... }: +{ config, cluster, depot, lib, ... }: let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; inherit (depot.reflection) hyprspace; frontendDomain = "consul-remote.internal.${domain}"; in { - services.nginx.virtualHosts.${frontendDomain} = tools.nginx.vhosts.proxy "http://127.0.0.1:8500" // { + services.nginx.virtualHosts.${frontendDomain} = depot.lib.nginx.vhosts.proxy "http://127.0.0.1:8500" // { listenAddresses = lib.singleton hyprspace.addr; enableACME = false; useACMEHost = "internal.${domain}"; diff --git a/cluster/services/dns/admin.nix b/cluster/services/dns/admin.nix index 45bc7d4..ffd7afc 100644 --- a/cluster/services/dns/admin.nix +++ b/cluster/services/dns/admin.nix @@ -1,7 +1,7 @@ -{ cluster, config, lib, pkgs, tools, ... }: +{ cluster, config, lib, pkgs, depot, ... }: let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; inherit (config.links) pdnsAdmin; inherit (cluster.config) vars; @@ -96,7 +96,7 @@ in { }; services.nginx.virtualHosts."dnsadmin.${domain}" = lib.recursiveUpdate - (tools.nginx.vhosts.proxy pdnsAdmin.url) + (depot.lib.nginx.vhosts.proxy pdnsAdmin.url) # backend sends really big headers for some reason # increase buffer size accordingly { diff --git a/cluster/services/dns/authoritative.nix b/cluster/services/dns/authoritative.nix index 499be79..54a83c3 100644 --- a/cluster/services/dns/authoritative.nix +++ b/cluster/services/dns/authoritative.nix @@ -1,14 +1,14 @@ -{ cluster, config, depot, lib, tools, ... }: +{ cluster, config, depot, lib, ... }: let inherit (depot.reflection) interfaces; - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; inherit (config.networking) hostName; link = cluster.config.hostLinks.${hostName}.dnsAuthoritative; patroni = cluster.config.links.patroni-pg-access; - otherDnsServers = lib.pipe (with cluster.config.services.dns.otherNodes; master ++ slave) [ + otherDnsServers = lib.pipe (with cluster.config.services.dns.otherNodes; (master hostName) ++ (slave hostName)) [ (map (node: cluster.config.hostLinks.${node}.dnsAuthoritative.tuple)) (lib.concatStringsSep " ") ]; diff --git a/cluster/services/dns/coredns.nix b/cluster/services/dns/coredns.nix index 310d2ce..a3500c1 100644 --- a/cluster/services/dns/coredns.nix +++ b/cluster/services/dns/coredns.nix @@ -1,15 +1,14 @@ -{ cluster, config, depot, lib, pkgs, tools, ... }: +{ cluster, config, depot, lib, ... }: let inherit (depot.reflection) interfaces hyprspace; - inherit (tools.meta) domain; - inherit (config.links) localRecursor; + inherit (depot.lib.meta) domain; inherit (config.networking) hostName; link = cluster.config.hostLinks.${hostName}.dnsResolver; backend = cluster.config.hostLinks.${hostName}.dnsResolverBackend; - otherRecursors = lib.pipe (cluster.config.services.dns.otherNodes.coredns) [ + otherRecursors = lib.pipe (cluster.config.services.dns.otherNodes.coredns hostName) [ (map (node: cluster.config.hostLinks.${node}.dnsResolverBackend.tuple)) (lib.concatStringsSep " ") ]; diff --git a/cluster/services/dns/default.nix b/cluster/services/dns/default.nix index 53989b2..00be511 100644 --- a/cluster/services/dns/default.nix +++ b/cluster/services/dns/default.nix @@ -1,7 +1,7 @@ { config, depot, lib, ... }: let - inherit (depot.config) hours; + inherit (depot) hours; cfg = config.services.dns; in { diff --git a/cluster/services/forge/server.nix b/cluster/services/forge/server.nix index 2b68420..234235c 100644 --- a/cluster/services/forge/server.nix +++ b/cluster/services/forge/server.nix @@ -1,8 +1,8 @@ -{ cluster, config, depot, lib, pkgs, tools, ... }: +{ cluster, config, depot, lib, pkgs, ... }: let - inherit (tools.meta) domain; - inherit (tools.nginx) vhosts; + inherit (depot.lib.meta) domain; + inherit (depot.lib.nginx) vhosts; inherit (config.age) secrets; patroni = cluster.config.links.patroni-pg-access; diff --git a/cluster/services/hercules-ci-multi-agent/default.nix b/cluster/services/hercules-ci-multi-agent/default.nix index a75a24f..def9c2a 100644 --- a/cluster/services/hercules-ci-multi-agent/default.nix +++ b/cluster/services/hercules-ci-multi-agent/default.nix @@ -1,4 +1,4 @@ -{ config, lib, tools, ... }: +{ config, lib, depot, ... }: { services.hercules-ci-multi-agent = { diff --git a/cluster/services/idm/default.nix b/cluster/services/idm/default.nix index ea57ffc..8fe1a23 100644 --- a/cluster/services/idm/default.nix +++ b/cluster/services/idm/default.nix @@ -1,14 +1,14 @@ -{ config, tools, ... }: +{ config, depot, ... }: { links = { idm = { - ipv4 = "idm.${tools.meta.domain}"; + ipv4 = "idm.${depot.lib.meta.domain}"; port = 443; protocol = "https"; }; ldap = { - hostname = "idm-ldap.internal.${tools.meta.domain}"; + hostname = "idm-ldap.internal.${depot.lib.meta.domain}"; ipv4 = config.vars.mesh.VEGAS.meshIp; port = 636; protocol = "ldaps"; diff --git a/cluster/services/idm/server.nix b/cluster/services/idm/server.nix index 7a34f71..9630e0a 100644 --- a/cluster/services/idm/server.nix +++ b/cluster/services/idm/server.nix @@ -1,7 +1,7 @@ -{ cluster, config, lib, tools, ... }: +{ cluster, config, lib, depot, ... }: let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; frontendLink = cluster.config.links.idm; @@ -38,7 +38,7 @@ in systemd.services.kanidm.after = [ "acme-selfsigned-internal.${domain}.service" ]; - services.nginx.virtualHosts."idm.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy backendLink.url) { + services.nginx.virtualHosts."idm.${domain}" = lib.recursiveUpdate (depot.lib.nginx.vhosts.proxy backendLink.url) { locations."/".extraConfig = '' proxy_ssl_name idm-backend.internal.${domain}; proxy_ssl_trusted_certificate ${certDir}/chain.pem; diff --git a/cluster/services/ipfs/cluster.nix b/cluster/services/ipfs/cluster.nix index 2a8f1b1..0ed9fb4 100644 --- a/cluster/services/ipfs/cluster.nix +++ b/cluster/services/ipfs/cluster.nix @@ -1,8 +1,8 @@ -{ config, depot, lib, pkgs, tools, ... }: +{ config, depot, lib, pkgs, ... }: let - inherit (tools.meta) domain; - inherit (tools.nginx) vhosts; + inherit (depot.lib.meta) domain; + inherit (depot.lib.nginx) vhosts; cfg = config.services.ipfs-cluster; ipfsCfg = config.services.ipfs; diff --git a/cluster/services/ipfs/default.nix b/cluster/services/ipfs/default.nix index 38f11b8..3c96249 100644 --- a/cluster/services/ipfs/default.nix +++ b/cluster/services/ipfs/default.nix @@ -1,7 +1,7 @@ -{ config, depot, lib, tools, ... }: +{ config, depot, lib, ... }: { - hostLinks = lib.genAttrs config.services.ipfs.nodes.node (name: let + hostLinks = lib.genAttrs config.services.ipfs.nodes.node (name: depot.lib.summon name ({ depot, ... }: let host = depot.reflection; intf = host.interfaces.primary; self = config.hostLinks.${name}.ipfs; @@ -20,7 +20,7 @@ ]; }; }; - }); + })); services.ipfs = { nodes = { node = [ "VEGAS" "prophet" ]; @@ -46,7 +46,7 @@ }; monitoring.blackbox.targets.ipfs-gateway = { - address = "https://bafybeiczsscdsbs7ffqz55asqdf3smv6klcw3gofszvwlyarci47bgf354.ipfs.${tools.meta.domain}/"; + address = "https://bafybeiczsscdsbs7ffqz55asqdf3smv6klcw3gofszvwlyarci47bgf354.ipfs.${depot.lib.meta.domain}/"; module = "https2xx"; }; } diff --git a/cluster/services/ipfs/gateway.nix b/cluster/services/ipfs/gateway.nix index eed9c0e..420ee42 100644 --- a/cluster/services/ipfs/gateway.nix +++ b/cluster/services/ipfs/gateway.nix @@ -1,7 +1,7 @@ -{ config, depot, lib, tools, ... }: -with tools.nginx; +{ config, depot, lib, ... }: +with depot.lib.nginx; let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; gw = config.links.ipfsGateway; cfg = config.services.ipfs; metrics = config.links.ipfsMetrics; diff --git a/cluster/services/ipfs/node.nix b/cluster/services/ipfs/node.nix index dcfd897..88e4481 100644 --- a/cluster/services/ipfs/node.nix +++ b/cluster/services/ipfs/node.nix @@ -1,6 +1,6 @@ -{ cluster, config, depot, lib, pkgs, tools, ... }: +{ cluster, config, depot, lib, pkgs, ... }: let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; cfg = config.services.ipfs; apiAddress = "/unix/run/ipfs/ipfs-api.sock"; ipfsApi = pkgs.writeTextDir "api" apiAddress; @@ -41,7 +41,7 @@ in extraFlags = [ "--migrate" ]; extraConfig = { Bootstrap = [ - "/ip4/${depot.config.hours.VEGAS.interfaces.primary.addr}/tcp/${toString ipfsPort}/p2p/Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo" + "/ip4/${depot.hours.VEGAS.interfaces.primary.addr}/tcp/${toString ipfsPort}/p2p/Qmd7QHZU8UjfYdwmjmq1SBh9pvER9AwHpfwQvnvNo3HBBo" "/dnsaddr/bootstrap.libp2p.io/p2p/QmQCU2EcMqAqQPR2i9bChDtGNJchTbq5TbXJJ16u19uLTa" "/dnsaddr/bootstrap.libp2p.io/p2p/QmbLHAnMoJPWSCR5Zhtx6BHJX9KiKNN6tpvbUcqanj75Nb" "/dnsaddr/bootstrap.libp2p.io/p2p/QmNnooDu7bfjPFoTZYxMNLWUQJyrVwtbZg5gBMjTezGAJN" @@ -62,7 +62,7 @@ in ID = extra.peerId; Addrs = extra.multiaddrs; }) - cluster.config.services.ipfs.otherNodes.node; + (cluster.config.services.ipfs.otherNodes.node config.networking.hostName); Gateway = { Writable = false; APICommands = []; diff --git a/cluster/services/ipfs/remote-api.nix b/cluster/services/ipfs/remote-api.nix index 9b4458c..378392c 100644 --- a/cluster/services/ipfs/remote-api.nix +++ b/cluster/services/ipfs/remote-api.nix @@ -1,7 +1,7 @@ -{ config, tools, ... }: -with tools.nginx; +{ config, depot, ... }: +with depot.lib.nginx; let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; cfg = config.services.ipfs; gw = config.links.ipfsGateway; in diff --git a/cluster/services/irc/default.nix b/cluster/services/irc/default.nix index 075d52e..ff02b6c 100644 --- a/cluster/services/irc/default.nix +++ b/cluster/services/irc/default.nix @@ -1,9 +1,9 @@ -{ config, depot, lib, tools, ... }: +{ config, depot, lib, ... }: let - inherit (depot.config) hours; + inherit (depot) hours; - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; subDomains = { VEGAS = "eu1"; diff --git a/cluster/services/irc/irc-host.nix b/cluster/services/irc/irc-host.nix index c2c544b..42e1c47 100644 --- a/cluster/services/irc/irc-host.nix +++ b/cluster/services/irc/irc-host.nix @@ -1,13 +1,14 @@ -{ cluster, config, lib, pkgs, tools, ... }: +{ cluster, config, lib, pkgs, depot, ... }: let - inherit (tools.meta) adminEmail; + inherit (depot.lib.meta) adminEmail; inherit (cluster) vars; + inherit (config.networking) hostName; linkGlobalSecure = cluster.config.links.ircSecure; - link = cluster.config.hostLinks.${vars.hostName}.irc; - linkSecure = cluster.config.hostLinks.${vars.hostName}.ircSecure; - otherServers = map mkServer cluster.config.services.irc.otherNodes.host; + link = cluster.config.hostLinks.${hostName}.irc; + linkSecure = cluster.config.hostLinks.${hostName}.ircSecure; + otherServers = map mkServer (cluster.config.services.irc.otherNodes.host hostName); otherServerFiles = map (builtins.toFile "ngircd-peer.conf") otherServers; opers = map mkOper vars.ircOpers; @@ -41,7 +42,7 @@ in { config = '' [Global] Name = ${serverName} - Info = Private Void IRC - ${vars.hostName} + Info = Private Void IRC - ${hostName} Network = PrivateVoidIRC AdminInfo1 = Private Void Administrators AdminInfo2 = Contact for help diff --git a/cluster/services/matrix/bridges/discord.nix b/cluster/services/matrix/bridges/discord.nix index 0e105a7..82a8b98 100644 --- a/cluster/services/matrix/bridges/discord.nix +++ b/cluster/services/matrix/bridges/discord.nix @@ -1,6 +1,6 @@ -{ config, tools, ... }: +{ config, depot, ... }: let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; in { age.secrets = { diff --git a/cluster/services/matrix/coturn.nix b/cluster/services/matrix/coturn.nix index 0f2cb13..d2ba596 100644 --- a/cluster/services/matrix/coturn.nix +++ b/cluster/services/matrix/coturn.nix @@ -1,4 +1,4 @@ -{ config, tools, ... }: +{ config, depot, ... }: { age.secrets = { coturn-static-auth = { @@ -11,7 +11,7 @@ services.coturn = { enable = true; no-cli = true; - realm = tools.meta.domain; + realm = depot.lib.meta.domain; no-tcp-relay = true; min-port = 64000; diff --git a/cluster/services/matrix/default.nix b/cluster/services/matrix/default.nix index 967f4e0..cf6e9d2 100644 --- a/cluster/services/matrix/default.nix +++ b/cluster/services/matrix/default.nix @@ -1,4 +1,4 @@ -{ tools, ... }: +{ depot, ... }: { services.matrix = { @@ -13,7 +13,7 @@ }; monitoring.blackbox.targets.matrix = { - address = "https://matrix.${tools.meta.domain}/_matrix/federation/v1/version"; + address = "https://matrix.${depot.lib.meta.domain}/_matrix/federation/v1/version"; module = "https2xx"; }; } diff --git a/cluster/services/matrix/federation.nix b/cluster/services/matrix/federation.nix index b7ef330..da5ea82 100644 --- a/cluster/services/matrix/federation.nix +++ b/cluster/services/matrix/federation.nix @@ -1,6 +1,6 @@ -{ config, pkgs, tools, ... }: +{ config, pkgs, depot, ... }: let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; federation = pkgs.writeText "matrix-federation.json" (builtins.toJSON { "m.server" = "matrix.${domain}:443"; }); diff --git a/cluster/services/matrix/homeserver.nix b/cluster/services/matrix/homeserver.nix index 8d45f7c..062cb69 100644 --- a/cluster/services/matrix/homeserver.nix +++ b/cluster/services/matrix/homeserver.nix @@ -1,6 +1,6 @@ -{ cluster, config, lib, pkgs, tools, ... }: +{ cluster, config, lib, pkgs, depot, ... }: let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; patroni = cluster.config.links.patroni-pg-access; @@ -121,8 +121,8 @@ in { ]) ++ [ dbConfigOut ]; }; - services.nginx.virtualHosts = tools.nginx.mappers.mapSubdomains { - matrix = tools.nginx.vhosts.basic // { + services.nginx.virtualHosts = depot.lib.nginx.mappers.mapSubdomains { + matrix = depot.lib.nginx.vhosts.basic // { locations."/".return = "204"; locations."/_matrix" = { proxyPass = "http://127.0.0.1:8008"; diff --git a/cluster/services/matrix/web-client.nix b/cluster/services/matrix/web-client.nix index 817099f..6eef520 100644 --- a/cluster/services/matrix/web-client.nix +++ b/cluster/services/matrix/web-client.nix @@ -1,6 +1,6 @@ -{ depot, lib, pkgs, tools, ... }: +{ depot, lib, pkgs, ... }: let - inherit (tools.nginx) domain vhosts; + inherit (depot.lib.nginx) domain vhosts; inherit (depot.packages) cinny; in { diff --git a/cluster/services/meet/default.nix b/cluster/services/meet/default.nix index 7cbee4e..782da4d 100644 --- a/cluster/services/meet/default.nix +++ b/cluster/services/meet/default.nix @@ -1,4 +1,4 @@ -{ tools, ... }: +{ depot, ... }: { services.meet = { @@ -7,7 +7,7 @@ }; monitoring.blackbox.targets.jitsi-videobridge = { - address = "meet.${tools.meta.domain}:7777"; + address = "meet.${depot.lib.meta.domain}:7777"; module = "tcpConnect"; }; } diff --git a/cluster/services/meet/host.nix b/cluster/services/meet/host.nix index 3a51afd..2071a4b 100644 --- a/cluster/services/meet/host.nix +++ b/cluster/services/meet/host.nix @@ -1,4 +1,4 @@ -{ config, lib, depot, tools, ... }: +{ config, lib, depot, ... }: let inherit (config) links; @@ -11,7 +11,7 @@ in services.jitsi-meet = { enable = true; - hostName = "meet.${tools.meta.domain}"; + hostName = "meet.${depot.lib.meta.domain}"; nginx.enable = true; jicofo.enable = true; videobridge.enable = true; @@ -38,7 +38,7 @@ in publicAddress = interfaces.primary.addrPublic; }; }; - services.nginx.virtualHosts."meet.${tools.meta.domain}" = { + services.nginx.virtualHosts."meet.${depot.lib.meta.domain}" = { enableACME = true; forceSSL = true; locations."=/images/watermark.svg" = { diff --git a/cluster/services/monitoring/blackbox.nix b/cluster/services/monitoring/blackbox.nix index badb862..ac0cddb 100644 --- a/cluster/services/monitoring/blackbox.nix +++ b/cluster/services/monitoring/blackbox.nix @@ -1,9 +1,9 @@ -{ config, cluster, lib, tools, ... }: +{ cluster, config, lib, depot, ... }: let inherit (lib) flip pipe mapAttrsToList range recursiveUpdate substring; - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; inherit (cluster.config) vars; mapTargets = mapAttrsToList (name: value: value // { name = "default/${name}"; }); @@ -19,7 +19,7 @@ let }) ]) (range 1 1); - probeId = pipe "blackbox-probe-${domain}-${vars.hostName}" [ + probeId = pipe "blackbox-probe-${domain}-${config.networking.hostName}" [ (builtins.hashString "md5") (substring 0 8) ]; @@ -39,7 +39,7 @@ in { services.grafana-agent.settings.integrations.blackbox = { enabled = true; - instance = vars.hostName; + instance = config.networking.hostName; scrape_interval = "600s"; relabel_configs = [ (relabel "__param_module" "module") diff --git a/cluster/services/monitoring/client.nix b/cluster/services/monitoring/client.nix index 5edfbc0..e205abf 100644 --- a/cluster/services/monitoring/client.nix +++ b/cluster/services/monitoring/client.nix @@ -1,4 +1,4 @@ -{ cluster, lib, ... }: +{ cluster, config, lib, ... }: let inherit (lib) singleton; @@ -17,7 +17,7 @@ in { }; integrations.node_exporter = { enabled = true; - instance = cluster.config.vars.hostName; + instance = config.networking.hostName; enable_collectors = [ "systemd" ]; @@ -32,7 +32,7 @@ in { job_name = "journal"; journal = { max_age = "12h"; - labels.host = cluster.config.vars.hostName; + labels.host = config.networking.hostName; }; relabel_configs = [ (relabel "__journal__systemd_unit" "systemd_unit") diff --git a/cluster/services/monitoring/grafana-ha.nix b/cluster/services/monitoring/grafana-ha.nix index 8d8f9a6..af10b4e 100644 --- a/cluster/services/monitoring/grafana-ha.nix +++ b/cluster/services/monitoring/grafana-ha.nix @@ -1,6 +1,6 @@ -{ cluster, config, depot, lib, pkgs, tools, ... }: +{ cluster, config, depot, lib, pkgs, ... }: let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; inherit (cluster.config.links) loki-ingest prometheus-ingest; @@ -97,7 +97,7 @@ in services.nginx = { upstreams.grafana-ha.servers = lib.mapAttrs' (_: links: lib.nameValuePair links.grafana.tuple {}) (lib.getAttrs (svc.nodes.grafana) hostLinks); - virtualHosts."monitoring.${domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy "http://grafana-ha") { + virtualHosts."monitoring.${domain}" = lib.recursiveUpdate (depot.lib.nginx.vhosts.proxy "http://grafana-ha") { locations."/".proxyWebsockets = true; }; }; diff --git a/cluster/services/nextcloud/default.nix b/cluster/services/nextcloud/default.nix index 92551c0..f349432 100644 --- a/cluster/services/nextcloud/default.nix +++ b/cluster/services/nextcloud/default.nix @@ -1,4 +1,4 @@ -{ tools, ... }: +{ depot, ... }: { services.nextcloud = { @@ -7,7 +7,7 @@ }; monitoring.blackbox.targets.nextcloud = { - address = "https://storage.${tools.meta.domain}/status.php"; + address = "https://storage.${depot.lib.meta.domain}/status.php"; module = "nextcloudStatus"; }; } diff --git a/cluster/services/nextcloud/host.nix b/cluster/services/nextcloud/host.nix index f1b8487..2e4cd2e 100644 --- a/cluster/services/nextcloud/host.nix +++ b/cluster/services/nextcloud/host.nix @@ -1,4 +1,4 @@ -{ cluster, config, lib, pkgs, tools, ... }: +{ cluster, config, lib, pkgs, depot, ... }: let patroni = cluster.config.links.patroni-pg-access; in @@ -22,7 +22,7 @@ in enableBrokenCiphersForSSE = false; enable = true; https = true; - hostName = "storage.${tools.meta.domain}"; + hostName = "storage.${depot.lib.meta.domain}"; home = "/srv/storage/www-app/nextcloud"; maxUploadSize = "4G"; enableImagemagick = true; diff --git a/cluster/services/nginx/nginx.nix b/cluster/services/nginx/nginx.nix index f3a9566..5fd980b 100644 --- a/cluster/services/nginx/nginx.nix +++ b/cluster/services/nginx/nginx.nix @@ -1,7 +1,7 @@ -{ config, tools, ... }: +{ depot, ... }: let - inherit (tools.meta) adminEmail; + inherit (depot.lib.meta) adminEmail; in { security.acme.defaults.email = adminEmail; security.acme.acceptTerms = true; @@ -24,15 +24,6 @@ in { access_log syslog:server=unix:/dev/log,tag=nginx_access,nohostname fmt_loki; ''; }; - services.phpfpm.pools.www = { - inherit (config.services.nginx) user group; - settings = { - pm = "ondemand"; - "pm.max_children" = 16; - "listen.owner" = config.services.nginx.user; - "listen.group" = config.services.nginx.group; - }; - }; networking.firewall.allowedTCPPorts = [ 80 443 ]; systemd.services.nginx.after = [ "network-online.target" ]; } diff --git a/cluster/services/object-storage/default.nix b/cluster/services/object-storage/default.nix index c08ff6c..bc7d54e 100644 --- a/cluster/services/object-storage/default.nix +++ b/cluster/services/object-storage/default.nix @@ -1,4 +1,4 @@ -{ tools, ... }: +{ depot, ... }: { services.object-storage = { @@ -7,7 +7,7 @@ }; monitoring.blackbox.targets.object-storage = { - address = "https://object-storage.${tools.meta.domain}/minio/health/live"; + address = "https://object-storage.${depot.lib.meta.domain}/minio/health/live"; module = "https2xx"; }; } diff --git a/cluster/services/object-storage/host.nix b/cluster/services/object-storage/host.nix index 006215e..336cd76 100644 --- a/cluster/services/object-storage/host.nix +++ b/cluster/services/object-storage/host.nix @@ -1,5 +1,5 @@ -{ config, lib, tools, ... }: -with tools.nginx; +{ config, lib, depot, ... }: +with depot.lib.nginx; let inherit (config) links; diff --git a/cluster/services/patroni/metrics.nix b/cluster/services/patroni/metrics.nix index e5bf79f..e20a1fa 100644 --- a/cluster/services/patroni/metrics.nix +++ b/cluster/services/patroni/metrics.nix @@ -12,9 +12,9 @@ in services.grafana-agent = { settings.integrations.postgres_exporter = { enabled = true; - instance = vars.hostName; + instance = config.networking.hostName; data_source_names = [ - "postgresql://metrics:\${PG_METRICS_DB_PASSWORD}@${getMeshIp vars.hostName}:${links.patroni-pg-internal.portStr}/postgres?sslmode=disable" + "postgresql://metrics:\${PG_METRICS_DB_PASSWORD}@${getMeshIp config.networking.hostName}:${links.patroni-pg-internal.portStr}/postgres?sslmode=disable" ]; autodiscover_databases = true; }; diff --git a/cluster/services/patroni/worker.nix b/cluster/services/patroni/worker.nix index ae38131..753ab7c 100644 --- a/cluster/services/patroni/worker.nix +++ b/cluster/services/patroni/worker.nix @@ -2,6 +2,7 @@ let inherit (cluster.config) vars; + inherit (config.networking) hostName; getMeshIp = name: vars.mesh.${name}.meshIp; @@ -32,7 +33,7 @@ in ]; services.patroni = { enable = true; - name = vars.hostName; + name = hostName; postgresqlPackage = pg; postgresqlDataDir ="${baseDir}/${pg.psqlSchema}"; postgresqlPort = cluster.config.links.patroni-pg-internal.port; @@ -40,8 +41,8 @@ in scope = "poseidon"; namespace = "/patroni"; - nodeIp = getMeshIp vars.hostName; - otherNodesIps = map getMeshIp cluster.config.services.patroni.otherNodes.worker; + nodeIp = getMeshIp hostName; + otherNodesIps = map getMeshIp (cluster.config.services.patroni.otherNodes.worker hostName); raft = false; softwareWatchdog = true; settings = { @@ -68,7 +69,7 @@ in superuser.username = "postgres"; }; parameters = { - listen_addresses = getMeshIp vars.hostName; + listen_addresses = getMeshIp hostName; wal_level = "replica"; hot_standby_feedback = "on"; unix_socket_directories = "/tmp"; diff --git a/cluster/services/search/default.nix b/cluster/services/search/default.nix index 67886fc..ab0b4c2 100644 --- a/cluster/services/search/default.nix +++ b/cluster/services/search/default.nix @@ -1,4 +1,4 @@ -{ tools, ... }: +{ depot, ... }: { services.search = { @@ -7,7 +7,7 @@ }; monitoring.blackbox.targets.search = { - address = "https://search.${tools.meta.domain}/healthz"; + address = "https://search.${depot.lib.meta.domain}/healthz"; module = "https2xx"; }; } diff --git a/cluster/services/search/host.nix b/cluster/services/search/host.nix index 623bfce..d9678f4 100644 --- a/cluster/services/search/host.nix +++ b/cluster/services/search/host.nix @@ -1,4 +1,4 @@ -{ config, depot, lib, tools, ... }: +{ config, depot, lib, ... }: let inherit (config) links; in @@ -56,7 +56,7 @@ in disable-logging = true; }; }; - services.nginx.virtualHosts."search.${tools.meta.domain}" = lib.recursiveUpdate (tools.nginx.vhosts.proxy links.searxng.url) { + services.nginx.virtualHosts."search.${depot.lib.meta.domain}" = lib.recursiveUpdate (depot.lib.nginx.vhosts.proxy links.searxng.url) { extraConfig = "access_log off;"; }; systemd.services.uwsgi.after = [ "wireguard-wgmv.service" "network-addresses-wgmv.service" ]; diff --git a/cluster/services/soda/default.nix b/cluster/services/soda/default.nix index ea3cdbe..dd74dfe 100644 --- a/cluster/services/soda/default.nix +++ b/cluster/services/soda/default.nix @@ -1,8 +1,8 @@ -{ tools, ... }: +{ depot, ... }: { monitoring.blackbox.targets.soda-machine = { - address = "soda.int.${tools.meta.domain}:22"; + address = "soda.int.${depot.lib.meta.domain}:22"; module = "sshConnect"; }; } diff --git a/cluster/services/warehouse/host.nix b/cluster/services/warehouse/host.nix index 91dcd7a..246abde 100644 --- a/cluster/services/warehouse/host.nix +++ b/cluster/services/warehouse/host.nix @@ -1,19 +1,19 @@ -{ config, depot, lib, pkgs, tools, ... }: -with tools.nginx; +{ config, depot, lib, pkgs, ... }: +with depot.lib.nginx; { # TODO: not a whole lot to configure, maybe add some autoconfig stuff services.jellyfin = { enable = true; package = depot.packages.jellyfin; }; - services.nginx.virtualHosts."warehouse.${tools.meta.domain}" = lib.mkMerge [ + services.nginx.virtualHosts."warehouse.${depot.lib.meta.domain}" = lib.mkMerge [ (vhosts.proxy "http://127.0.0.1:8096") { locations."/".extraConfig = '' proxy_buffering off; ''; locations."/socket" = { - inherit (config.services.nginx.virtualHosts."warehouse.${tools.meta.domain}".locations."/") proxyPass; + inherit (config.services.nginx.virtualHosts."warehouse.${depot.lib.meta.domain}".locations."/") proxyPass; proxyWebsockets = true; }; # TODO: video cache diff --git a/cluster/services/websites/default.nix b/cluster/services/websites/default.nix index f91bdfd..ec7c48a 100644 --- a/cluster/services/websites/default.nix +++ b/cluster/services/websites/default.nix @@ -1,14 +1,7 @@ -{ depot, lib, tools, ... }: +{ depot, lib, ... }: let - inherit (tools.meta) domain; - - importWebsites = expr: import expr { - tools = tools.nginx; - inherit (depot) packages; - }; - - websites = tools.nginx.mappers.mapSubdomains (importWebsites ./websites.nix); + inherit (depot.lib.meta) domain; acmeUseDNS = name: conf: { name = conf.useACMEHost or conf.serverName or name; @@ -24,7 +17,16 @@ in { services.websites = { nodes.host = [ "checkmate" "thunderskin" "VEGAS" "prophet" ]; - nixos.host = { + nixos.host = { config, depot, ... }: let + + importWebsites = expr: import expr { + tools = depot.lib.nginx; + inherit (depot) packages; + }; + + websites = depot.lib.nginx.mappers.mapSubdomains (importWebsites ./websites.nix); + + in { services.nginx.virtualHosts = websites; security.acme.certs = lib.mapAttrs' acmeUseDNS (lib.filterAttrs isACME websites); consul.services.nginx = { diff --git a/cluster/services/wireguard/default.nix b/cluster/services/wireguard/default.nix index 780cf8b..545bd99 100644 --- a/cluster/services/wireguard/default.nix +++ b/cluster/services/wireguard/default.nix @@ -1,7 +1,7 @@ { config, depot, lib, ... }: let - inherit (depot.config) hours; + inherit (depot) hours; meshNet = rec { netAddr = "10.1.1.0"; diff --git a/cluster/services/wireguard/mesh.nix b/cluster/services/wireguard/mesh.nix index 004a587..2aa5258 100644 --- a/cluster/services/wireguard/mesh.nix +++ b/cluster/services/wireguard/mesh.nix @@ -30,7 +30,7 @@ in ips = [ "${link.extra.meshIp}/24" ]; listenPort = link.port; privateKeyFile = config.age.secrets.wireguard-key-core.path; - peers = map mkPeer cluster.config.services.wireguard.otherNodes.mesh; + peers = map mkPeer (cluster.config.services.wireguard.otherNodes.mesh hostName); }; }; }; diff --git a/flake.nix b/flake.nix index a4e5a48..656083a 100644 --- a/flake.nix +++ b/flake.nix @@ -19,6 +19,7 @@ ./packages/part.nix ./jobs/part.nix ./lib/part.nix + ./cluster/part.nix ]; }; diff --git a/hosts/VEGAS/modules/oauth2-proxy/default.nix b/hosts/VEGAS/modules/oauth2-proxy/default.nix index cada4a9..5db4f39 100644 --- a/hosts/VEGAS/modules/oauth2-proxy/default.nix +++ b/hosts/VEGAS/modules/oauth2-proxy/default.nix @@ -1,6 +1,6 @@ -{ config, lib, tools, ... }: +{ config, lib, depot, ... }: let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; login = x: "https://login.${domain}/auth/realms/master/protocol/openid-connect/${x}"; cfg = config.services.oauth2_proxy; in diff --git a/hosts/VEGAS/services/api/default.nix b/hosts/VEGAS/services/api/default.nix index ad30b04..fec66bb 100644 --- a/hosts/VEGAS/services/api/default.nix +++ b/hosts/VEGAS/services/api/default.nix @@ -1,9 +1,9 @@ -{ config, lib, tools, ... }: +{ config, lib, depot, ... }: let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; apiAddr = "api.${domain}"; proxyTarget = config.links.api.url; - proxy = tools.nginx.vhosts.proxy proxyTarget; + proxy = depot.lib.nginx.vhosts.proxy proxyTarget; in { # n8n uses "Sustainable Use License" diff --git a/hosts/VEGAS/services/backbone-routing/port-forward.nix b/hosts/VEGAS/services/backbone-routing/port-forward.nix index e13cadb..ad8057e 100644 --- a/hosts/VEGAS/services/backbone-routing/port-forward.nix +++ b/hosts/VEGAS/services/backbone-routing/port-forward.nix @@ -4,7 +4,7 @@ networking.nat.forwardPorts = [ { sourcePort = 52222; - destination = "${depot.config.hours.soda.interfaces.primary.addr}:22"; + destination = "${depot.hours.soda.interfaces.primary.addr}:22"; proto = "tcp"; } ]; diff --git a/hosts/VEGAS/services/bitwarden/default.nix b/hosts/VEGAS/services/bitwarden/default.nix index d329e2c..0653605 100644 --- a/hosts/VEGAS/services/bitwarden/default.nix +++ b/hosts/VEGAS/services/bitwarden/default.nix @@ -1,5 +1,5 @@ -{ config, lib, tools, ... }: -with tools.nginx; +{ config, lib, depot, ... }: +with depot.lib.nginx; { links.bitwarden.protocol = "http"; diff --git a/hosts/VEGAS/services/cdn-shield/default.nix b/hosts/VEGAS/services/cdn-shield/default.nix index 98c271c..f85aaf2 100644 --- a/hosts/VEGAS/services/cdn-shield/default.nix +++ b/hosts/VEGAS/services/cdn-shield/default.nix @@ -1,10 +1,9 @@ -{ config, lib, toolsets, ... }: +{ depot, lib, ... }: let - tools = toolsets.nginx { - inherit lib config; - domain = "cdn-shield.privatevoid.net"; - }; + tools = (depot.lib.override { + meta.domain = lib.mkForce "cdn-shield.privatevoid.net"; + }).nginx; in { services.nginx.virtualHosts = tools.mappers.mapSubdomains (import ./shields.nix { inherit tools; }); diff --git a/hosts/VEGAS/services/fbi/default.nix b/hosts/VEGAS/services/fbi/default.nix index ce9626e..6e8ad6b 100644 --- a/hosts/VEGAS/services/fbi/default.nix +++ b/hosts/VEGAS/services/fbi/default.nix @@ -1,5 +1,5 @@ -{ config, tools, ... }: -with tools.nginx; +{ config, depot, ... }: +with depot.lib.nginx; { links = { ombi.protocol = "http"; diff --git a/hosts/VEGAS/services/gitlab/default.nix b/hosts/VEGAS/services/gitlab/default.nix index 518c3dd..c045cb9 100644 --- a/hosts/VEGAS/services/gitlab/default.nix +++ b/hosts/VEGAS/services/gitlab/default.nix @@ -1,7 +1,7 @@ -{ cluster, config, lib, tools, ... }: +{ cluster, config, lib, depot, ... }: let - inherit (tools.meta) domain adminEmail; + inherit (depot.lib.meta) domain adminEmail; patroni = cluster.config.links.patroni-pg-access; @@ -106,5 +106,5 @@ in }; }; - services.nginx.virtualHosts."${cfg.host}" = tools.nginx.vhosts.proxy "http://unix:/run/gitlab/gitlab-workhorse.socket"; + services.nginx.virtualHosts."${cfg.host}" = depot.lib.nginx.vhosts.proxy "http://unix:/run/gitlab/gitlab-workhorse.socket"; } diff --git a/hosts/VEGAS/services/jokes/default.nix b/hosts/VEGAS/services/jokes/default.nix index 3a545c4..68a95f0 100644 --- a/hosts/VEGAS/services/jokes/default.nix +++ b/hosts/VEGAS/services/jokes/default.nix @@ -1,10 +1,9 @@ -{ tools, ... }: -with tools.nginx.mappers; -with tools.nginx.vhosts; +{ depot, ... }: +with depot.lib.nginx.mappers; +with depot.lib.nginx.vhosts; { services.nginx.virtualHosts = mapSubdomains { "bone-ds-dc.com-ldap" = static "/srv/storage/www/bone-meme/dist"; - "get" = simplePHP "/srv/storage/www/dietldb"; "rzentrale" = static "/srv/storage/www/rzentrale"; "wunschnachricht" = static "/srv/storage/www/wunschnachricht"; }; diff --git a/hosts/VEGAS/services/mail/default.nix b/hosts/VEGAS/services/mail/default.nix index 9c4e0de..1a899d8 100644 --- a/hosts/VEGAS/services/mail/default.nix +++ b/hosts/VEGAS/services/mail/default.nix @@ -1,4 +1,4 @@ -{ tools, ... }: +{ depot, ... }: { imports = [ ./imap.nix @@ -6,12 +6,12 @@ ./postfix.nix ./saslauthd.nix ]; - services.nginx.virtualHosts."mail.${tools.meta.domain}" = { + services.nginx.virtualHosts."mail.${depot.lib.meta.domain}" = { enableACME = true; locations."/".return = "204"; }; - security.acme.certs."mail.${tools.meta.domain}".extraDomainNames = map - (x: "${x}.${tools.meta.domain}") [ + security.acme.certs."mail.${depot.lib.meta.domain}".extraDomainNames = map + (x: "${x}.${depot.lib.meta.domain}") [ "mx" "imap" "smtp" diff --git a/hosts/VEGAS/services/mail/imap.nix b/hosts/VEGAS/services/mail/imap.nix index bfdd544..76bfff2 100644 --- a/hosts/VEGAS/services/mail/imap.nix +++ b/hosts/VEGAS/services/mail/imap.nix @@ -1,7 +1,7 @@ -{ config, pkgs, tools, ... }: +{ config, pkgs, depot, ... }: let - inherit (tools.identity) ldap; - inherit (tools.meta) domain; + inherit (depot.lib.identity) ldap; + inherit (depot.lib.meta) domain; postfixCfg = config.services.postfix; diff --git a/hosts/VEGAS/services/mail/opendkim.nix b/hosts/VEGAS/services/mail/opendkim.nix index 82075ac..a7acbce 100644 --- a/hosts/VEGAS/services/mail/opendkim.nix +++ b/hosts/VEGAS/services/mail/opendkim.nix @@ -1,6 +1,6 @@ -{ lib, tools, ... }: +{ lib, depot, ... }: let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; in { services.opendkim = { diff --git a/hosts/VEGAS/services/mail/postfix.nix b/hosts/VEGAS/services/mail/postfix.nix index 2272280..5d679ff 100644 --- a/hosts/VEGAS/services/mail/postfix.nix +++ b/hosts/VEGAS/services/mail/postfix.nix @@ -1,6 +1,6 @@ -{ config, depot, tools, ... }: +{ config, depot, ... }: let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; certDir = config.security.acme.certs."mail.${domain}".directory; receivePolicy = [ "permit_sasl_authenticated" "permit_mynetworks" "reject_unauth_destination" ]; diff --git a/hosts/VEGAS/services/mail/saslauthd.nix b/hosts/VEGAS/services/mail/saslauthd.nix index 0418816..67bc1c5 100644 --- a/hosts/VEGAS/services/mail/saslauthd.nix +++ b/hosts/VEGAS/services/mail/saslauthd.nix @@ -1,6 +1,6 @@ -{ pkgs, tools, ... }: +{ pkgs, depot, ... }: let - inherit (tools.identity) ldap; + inherit (depot.lib.identity) ldap; in { services.saslauthd = { diff --git a/hosts/VEGAS/services/reflex/default.nix b/hosts/VEGAS/services/reflex/default.nix index 952baa5..9ac1509 100644 --- a/hosts/VEGAS/services/reflex/default.nix +++ b/hosts/VEGAS/services/reflex/default.nix @@ -1,4 +1,4 @@ -{ config, depot, tools, ... }: +{ config, depot, ... }: { links.nixIpfs.protocol = "http"; @@ -17,11 +17,11 @@ IPFS_CLUSTER_API = config.services.ipfs-cluster.settings.api.restapi.http_listen_multiaddress; NIX_CACHES = toString [ "https://cache.nixos.org" - "https://cache.${tools.meta.domain}" + "https://cache.${depot.lib.meta.domain}" "https://max.cachix.org" ]; }; }; - services.nginx.virtualHosts."reflex.${tools.meta.domain}" = tools.nginx.vhosts.proxy config.links.nixIpfs.url; + services.nginx.virtualHosts."reflex.${depot.lib.meta.domain}" = depot.lib.nginx.vhosts.proxy config.links.nixIpfs.url; } diff --git a/hosts/VEGAS/services/sso/default.nix b/hosts/VEGAS/services/sso/default.nix index 7a33b4c..7ef586f 100644 --- a/hosts/VEGAS/services/sso/default.nix +++ b/hosts/VEGAS/services/sso/default.nix @@ -1,7 +1,7 @@ -{ cluster, config, depot, lib, tools, ... }: -with tools.nginx; +{ cluster, config, depot, lib, ... }: +with depot.lib.nginx; let - login = "login.${tools.meta.domain}"; + login = "login.${depot.lib.meta.domain}"; kc = config.links.keycloak; patroni = cluster.config.links.patroni-pg-access; in diff --git a/hosts/VEGAS/services/sso/identity-management.nix b/hosts/VEGAS/services/sso/identity-management.nix index 554256b..b05f2ae 100644 --- a/hosts/VEGAS/services/sso/identity-management.nix +++ b/hosts/VEGAS/services/sso/identity-management.nix @@ -1,9 +1,9 @@ -{ tools, ... }: -with tools.nginx.vhosts; +{ depot, ... }: +with depot.lib.nginx.vhosts; let - inherit (tools.meta) domain; + inherit (depot.lib.meta) domain; front = "ident.${domain}"; - back = tools.identity.ldap.server.hostname; + back = depot.lib.identity.ldap.server.hostname; in { services.nginx.virtualHosts."${front}" = basic // { diff --git a/hosts/VEGAS/services/vault/default.nix b/hosts/VEGAS/services/vault/default.nix index 4cae186..7432b4c 100644 --- a/hosts/VEGAS/services/vault/default.nix +++ b/hosts/VEGAS/services/vault/default.nix @@ -1,4 +1,4 @@ -{ config, pkgs, tools, ... }: +{ config, pkgs, depot, ... }: { services.vault = { @@ -8,5 +8,5 @@ extraConfig = "ui = true"; package = pkgs.vault-bin; }; - services.nginx.virtualHosts."vault.${tools.meta.domain}" = tools.nginx.vhosts.proxy "http://${config.services.vault.address}"; + services.nginx.virtualHosts."vault.${depot.lib.meta.domain}" = depot.lib.nginx.vhosts.proxy "http://${config.services.vault.address}"; } diff --git a/hosts/VEGAS/services/websites/default.nix b/hosts/VEGAS/services/websites/default.nix index 18d6b2e..1e4b10b 100644 --- a/hosts/VEGAS/services/websites/default.nix +++ b/hosts/VEGAS/services/websites/default.nix @@ -1,14 +1,12 @@ -{ depot, tools, ... }: +{ depot, ... }: let importWebsites = expr: import expr { - tools = tools.nginx; + tools = depot.lib.nginx; inherit (depot) packages; }; - websites = tools.nginx.mappers.mapSubdomains (importWebsites ./websites.nix); - - extraWebsites = importWebsites ./extra-sites.nix; + websites = depot.lib.nginx.mappers.mapSubdomains (importWebsites ./websites.nix); in { - services.nginx.virtualHosts = websites // extraWebsites; + services.nginx.virtualHosts = websites; } diff --git a/hosts/VEGAS/services/websites/extra-sites.nix b/hosts/VEGAS/services/websites/extra-sites.nix deleted file mode 100644 index 4e80c46..0000000 --- a/hosts/VEGAS/services/websites/extra-sites.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ tools, ... }: -with tools.vhosts; -let - noSSL = { enableACME = false; forceSSL = false; }; -in -{ - "ky.rip" = simplePHP "/srv/storage/www/ky.rip" // noSSL; -} diff --git a/hosts/VEGAS/system.nix b/hosts/VEGAS/system.nix index 2d59211..d94f7a4 100644 --- a/hosts/VEGAS/system.nix +++ b/hosts/VEGAS/system.nix @@ -1,4 +1,4 @@ -{ config, depot, tools, ... }: +{ config, depot, ... }: { imports = @@ -43,7 +43,7 @@ networking.hostName = "VEGAS"; - networking.domain = "backbone.${tools.meta.domain}"; + networking.domain = "backbone.${depot.lib.meta.domain}"; time.timeZone = "Europe/Helsinki"; @@ -94,7 +94,7 @@ path = depot.nixosConfigurations.soda.config.system.build.toplevel; privateNetwork = true; hostBridge = "vmdefault"; - localAddress = "${depot.config.hours.soda.interfaces.primary.addr}/24"; + localAddress = "${depot.hours.soda.interfaces.primary.addr}/24"; autoStart = true; bindMounts.sodaDir = { hostPath = "/srv/storage/www/soda"; diff --git a/hosts/checkmate/system.nix b/hosts/checkmate/system.nix index 7b7e4ca..0300754 100644 --- a/hosts/checkmate/system.nix +++ b/hosts/checkmate/system.nix @@ -17,7 +17,7 @@ boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "checkmate"; - networking.nameservers = [ depot.config.hours.VEGAS.interfaces.vstub.addr ]; + networking.nameservers = [ depot.hours.VEGAS.interfaces.vstub.addr ]; time.timeZone = "Europe/Zurich"; diff --git a/hosts/nixos.nix b/hosts/nixos.nix index fe88d67..410a661 100644 --- a/hosts/nixos.nix +++ b/hosts/nixos.nix @@ -1,23 +1,13 @@ -{ config, inputs, lib, self, withSystem, ... }: +{ config, lib, ... }: let - inherit (lib) const mapAttrs nixosSystem; + inherit (lib) mapAttrs nixosSystem; inherit (config) gods; - mkSpecialArgs = system: hostName: withSystem system ({ inputs', self', ... }: { - depot = self // self' // { - inputs = mapAttrs (name: const (inputs.${name} // inputs'.${name})) inputs; - inherit config; - # peer into the Watchman's Glass - reflection = config.hours.${hostName}; - }; - toolsets = import ../tools; - }); - mkNixOS = name: host: nixosSystem { - specialArgs = mkSpecialArgs host.system name; + specialArgs = config.lib.summon name lib.id; inherit (host) system; - modules = [ host.nixos ../tools/inject.nix (import ../cluster/inject.nix name) ]; + modules = [ host.nixos ] ++ config.cluster.config.out.injectNixosConfig name; }; in { flake.nixosConfigurations = mapAttrs mkNixOS (gods.fromLight // gods.fromFlesh); diff --git a/hosts/prophet/system.nix b/hosts/prophet/system.nix index 3716b34..13e8726 100644 --- a/hosts/prophet/system.nix +++ b/hosts/prophet/system.nix @@ -19,7 +19,7 @@ boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "prophet"; - networking.nameservers = [ depot.config.hours.VEGAS.interfaces.vstub.addr ]; + networking.nameservers = [ depot.hours.VEGAS.interfaces.vstub.addr ]; time.timeZone = "Europe/Zurich"; diff --git a/hosts/soda/system.nix b/hosts/soda/system.nix index 89fc1da..cbed136 100644 --- a/hosts/soda/system.nix +++ b/hosts/soda/system.nix @@ -14,9 +14,9 @@ networking.interfaces.eth0.useDHCP = true; - networking.nameservers = [ depot.config.hours.VEGAS.interfaces.vstub.addr ]; + networking.nameservers = [ depot.hours.VEGAS.interfaces.vstub.addr ]; - networking.resolvconf.extraConfig = "local_nameservers='${depot.config.hours.VEGAS.interfaces.vstub.addr}'"; + networking.resolvconf.extraConfig = "local_nameservers='${depot.hours.VEGAS.interfaces.vstub.addr}'"; networking.hostName = "soda"; diff --git a/hosts/thunderskin/system.nix b/hosts/thunderskin/system.nix index 872b732..22351bc 100644 --- a/hosts/thunderskin/system.nix +++ b/hosts/thunderskin/system.nix @@ -17,7 +17,7 @@ boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "thunderskin"; - networking.nameservers = [ depot.config.hours.VEGAS.interfaces.vstub.addr ]; + networking.nameservers = [ depot.hours.VEGAS.interfaces.vstub.addr ]; time.timeZone = "Europe/Zurich"; diff --git a/lib/hours.nix b/lib/hours.nix new file mode 100644 index 0000000..3dc1a8e --- /dev/null +++ b/lib/hours.nix @@ -0,0 +1,18 @@ +{ config, inputs, lib, self, withSystem, ... }: + +let + inherit (lib) const mapAttrs; +in + +{ + lib.summon = name: f: let + lift = config; + hour = config.hours.${name}; + in withSystem hour.system ({ config, inputs', self', ... }: f { + depot = self // self' // lift // config // { + inputs = mapAttrs (name: const (inputs.${name} // inputs'.${name})) inputs; + # peer into the Watchman's Glass + reflection = hour; + }; + }); +} diff --git a/lib/identity.nix b/lib/identity.nix new file mode 100644 index 0000000..608a266 --- /dev/null +++ b/lib/identity.nix @@ -0,0 +1,37 @@ +{ lib, ... }: + +{ + lib = { config, ... }: with config.identity; { + identity = { + + inherit (config.meta) domain; + + autoDomain = name: "${builtins.hashString "md5" name}.dev.${domain}"; + + ldap = { + server = with ldap.server; { + # TODO: unhardcode everything here + protocol = "ldaps"; + hostname = "authsys.virtual-machines.${domain}"; + port = 636; + url = "${protocol}://${connectionString}"; + connectionString = "${hostname}:${builtins.toString port}"; + }; + accounts = with ldap.accounts; { + domainComponents = ldap.lib.convertDomain domain; + uidAttribute = "uid"; + uidFilter = "(${uidAttribute}=%u)"; + userSearchBase = "cn=users,cn=accounts,${domainComponents}"; + }; + lib = { + convertDomain = domain: with builtins; lib.pipe domain [ + (split "\\.") + (filter isString) + (map (x: "dc=${x}")) + (concatStringsSep ",") + ]; + }; + }; + }; + }; +} diff --git a/lib/meta.nix b/lib/meta.nix new file mode 100644 index 0000000..e45ae40 --- /dev/null +++ b/lib/meta.nix @@ -0,0 +1,8 @@ +{ + lib = { config, ... }: with config.meta; { + meta = { + domain = "privatevoid.net"; + adminEmail = "admins@${domain}"; + }; + }; +} diff --git a/lib/nginx.nix b/lib/nginx.nix new file mode 100644 index 0000000..4f0f72b --- /dev/null +++ b/lib/nginx.nix @@ -0,0 +1,50 @@ +{ lib, ... }: + +{ + lib = { config, ... }: with config.nginx; { + nginx = { + inherit (config.meta) domain; + + mappers = { + + mapSubdomains = with lib; mapAttrs' (k: nameValuePair "${k}.${domain}"); + + }; + + vhosts = with vhosts; { + + basic = { + forceSSL = true; + enableACME = true; + }; + + redirect = target: basic // { + locations."/".return = "301 ${target}"; + }; + + proxy = target: basic // { + locations."/".proxyPass = target; + }; + + static = root: basic // { + inherit root; + }; + + indexedStatic = root: (static root) // { + extraConfig = "autoindex on;"; + }; + + proxyGhost = scheme: target: basic // { + locations."/".extraConfig = '' + proxy_pass ${scheme}://${target}; + proxy_set_header Host ${target}; + proxy_set_header Referer ${scheme}://${target}; + proxy_cookie_domain ${target} domain.invalid; + proxy_set_header Cookie ""; + ''; + }; + }; + }; + }; +} + diff --git a/lib/part.nix b/lib/part.nix index 64ecaf4..e152399 100644 --- a/lib/part.nix +++ b/lib/part.nix @@ -1,5 +1,27 @@ +{ config, lib, ... }: + { imports = [ ./time-travel.nix + ./hours.nix + ./meta.nix + ./nginx.nix + ./identity.nix ]; + + options.lib = lib.mkOption { + default = {}; + type = with lib.types; submodule ({ extendModules, ... }: { + freeformType = let + t = either (lazyAttrsOf t) raw; + in t; + config.override = conf: let + overridden = extendModules { + modules = [ conf ]; + }; + in overridden.config; + }); + }; + + config._module.args.depot = config; } diff --git a/lib/time-travel.nix b/lib/time-travel.nix index 5761977..9275427 100644 --- a/lib/time-travel.nix +++ b/lib/time-travel.nix @@ -1,18 +1,3 @@ -{ config, lib, ... }: - -let - timeTravel = rev: builtins.getFlake "github:privatevoid-net/depot/${rev}"; - -in - { - _module.args = { inherit timeTravel; }; - perSystem = { system, ... }: { - _module.args.timeTravel' = rev: let - flake = timeTravel rev; - flake' = config.perInput system flake; - in flake' // { - inputs = lib.mapAttrs (_: input: config.perInput system input) flake.inputs; - }; - }; + lib.timeTravel = rev: builtins.getFlake "github:privatevoid-net/depot/${rev}"; } diff --git a/modules/enterprise/default.nix b/modules/enterprise/default.nix index 0f018ab..5a6de20 100644 --- a/modules/enterprise/default.nix +++ b/modules/enterprise/default.nix @@ -1,6 +1,6 @@ -{ config, depot, lib, tools, ... }: +{ config, depot, lib, ... }: let - orgDomain = tools.meta.domain; + orgDomain = depot.lib.meta.domain; host = depot.reflection; in { networking.domain = lib.mkDefault "${host.enterprise.subdomain or "services"}.${orgDomain}"; diff --git a/modules/hyprspace/default.nix b/modules/hyprspace/default.nix index 48c5809..d4cfd57 100644 --- a/modules/hyprspace/default.nix +++ b/modules/hyprspace/default.nix @@ -2,7 +2,7 @@ let inherit (config.networking) hostName; inherit (depot.packages) hyprspace; - hyprspaceCapableNodes = lib.filterAttrs (_: host: host.hyprspace.enable) depot.config.hours; + hyprspaceCapableNodes = lib.filterAttrs (_: host: host.hyprspace.enable) depot.hours; peersFormatted = builtins.mapAttrs (_: x: { inherit (x.hyprspace) id; routes = map (net: { inherit net; }) ((x.hyprspace.routes or []) ++ [ "${x.hyprspace.addr}/32" ]); diff --git a/modules/nix-config/server.nix b/modules/nix-config/server.nix index 38b9f72..0b31616 100644 --- a/modules/nix-config/server.nix +++ b/modules/nix-config/server.nix @@ -1,4 +1,4 @@ -{ depot, tools, ... }: +{ depot, ... }: { nix = { @@ -6,7 +6,7 @@ settings = { trusted-users = [ "root" "@wheel" "@admins" ]; - substituters = [ "https://cache.${tools.meta.domain}" ]; + substituters = [ "https://cache.${depot.lib.meta.domain}" ]; trusted-public-keys = [ "cache.privatevoid.net:SErQ8bvNWANeAvtsOESUwVYr2VJynfuc9JRwlzTTkVg=" ]; }; @@ -14,7 +14,7 @@ experimental-features = nix-command flakes cgroups use-cgroups = true builders-use-substitutes = true - flake-registry = https://git.${tools.meta.domain}/private-void/registry/-/raw/master/registry.json + flake-registry = https://git.${depot.lib.meta.domain}/private-void/registry/-/raw/master/registry.json # For Hercules CI agent narinfo-cache-negative-ttl = 0 diff --git a/modules/ssh/default.nix b/modules/ssh/default.nix index 161237b..e37a3b9 100644 --- a/modules/ssh/default.nix +++ b/modules/ssh/default.nix @@ -1,6 +1,6 @@ { depot, lib, ... }: let - filtered = lib.filterAttrs (_: host: host.ssh.enable) depot.config.hours; + filtered = lib.filterAttrs (_: host: host.ssh.enable) depot.hours; idCapable = lib.filterAttrs (_: host: host.ssh.id.publicKey != null) filtered; configCapable = lib.filterAttrs (_: host: host.ssh.extraConfig != "") filtered; diff --git a/packages/checks/default.nix b/packages/checks/default.nix index 9d29bf2..b51b4c7 100644 --- a/packages/checks/default.nix +++ b/packages/checks/default.nix @@ -1,17 +1,11 @@ -{ lib, self, ... }: +{ config, self, ... }: { - perSystem = { filters, pkgs, self', ... }: let - fakeCluster = import ../../cluster { - inherit lib; - hostName = throw "not available in test environment"; - depot = throw "not available in test environment"; - }; - in { + perSystem = { filters, pkgs, self', ... }: { checks = filters.doFilter filters.checks { jellyfin-stateless = pkgs.callPackage ./jellyfin-stateless.nix { inherit (self'.packages) jellyfin; - inherit fakeCluster; + inherit (config) cluster; }; keycloak = pkgs.callPackage ./keycloak-custom-jre.nix { diff --git a/packages/checks/jellyfin-stateless.nix b/packages/checks/jellyfin-stateless.nix index c22e66e..d0930f8 100644 --- a/packages/checks/jellyfin-stateless.nix +++ b/packages/checks/jellyfin-stateless.nix @@ -1,10 +1,10 @@ -{ nixosTest, fakeCluster, jellyfin }: +{ nixosTest, cluster, jellyfin }: nixosTest { name = "jellyfin-stateless"; nodes = { machine = { - imports = fakeCluster.config.services.warehouse.nixos.host; + imports = cluster.config.services.warehouse.nixos.host; _module.args.depot.packages.jellyfin = jellyfin; }; diff --git a/tools/default.nix b/tools/default.nix deleted file mode 100644 index 097c069..0000000 --- a/tools/default.nix +++ /dev/null @@ -1,10 +0,0 @@ -let toolsets = { - meta = import ./meta.nix; - - identity = import ./identity.nix { inherit toolsets; }; - networks = import ./networks.nix { inherit toolsets; }; - nginx = import ./nginx.nix { inherit toolsets; }; - }; -in toolsets // { - all = args: (builtins.mapAttrs (_: x: x args) toolsets) // { inherit (toolsets) meta; }; -} diff --git a/tools/identity.nix b/tools/identity.nix deleted file mode 100644 index 04cc0b8..0000000 --- a/tools/identity.nix +++ /dev/null @@ -1,40 +0,0 @@ -# internal interface -{ toolsets }: -# external interface -{ lib ? null, domain ? toolsets.meta.domain, ... }: -let - tools = (self: { - - inherit domain; - - autoDomain = name: "${builtins.hashString "md5" name}.dev.${domain}"; - - ldap = { - server = with self.ldap.server; { - # TODO: unhardcode everything here - protocol = "ldaps"; - hostname = "authsys.virtual-machines.${domain}"; - port = 636; - url = "${protocol}://${connectionString}"; - connectionString = "${hostname}:${builtins.toString port}"; - }; - accounts = with self.ldap.accounts; { - domainComponents = self.ldap.lib.convertDomain domain; - uidAttribute = "uid"; - uidFilter = "(${uidAttribute}=%u)"; - userSearchBase = "cn=users,cn=accounts,${domainComponents}"; - }; - lib = { - convertDomain = domain: with builtins; lib.pipe domain [ - (split "\\.") - (filter isString) - (map (x: "dc=${x}")) - (concatStringsSep ",") - ]; - }; - }; - dns.master.addr = "10.10.0.11"; - kerberos.kdc = "authsys.virtual-machines.${domain}"; - - }) tools; -in tools diff --git a/tools/inject.nix b/tools/inject.nix deleted file mode 100644 index 764520d..0000000 --- a/tools/inject.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, lib, config, ... }: -{ - _module.args.tools = (import ./.).all { inherit pkgs lib config; }; -} diff --git a/tools/meta.nix b/tools/meta.nix deleted file mode 100644 index 4b65da7..0000000 --- a/tools/meta.nix +++ /dev/null @@ -1,4 +0,0 @@ -rec { - domain = "privatevoid.net"; - adminEmail = "admins@${domain}"; -} diff --git a/tools/networks.nix b/tools/networks.nix deleted file mode 100644 index ffd84bd..0000000 --- a/tools/networks.nix +++ /dev/null @@ -1,20 +0,0 @@ -# internal interface -{ toolsets }: -# external interface -{ lib ? null, ... }: -let - tools = (self: { - - all = {}; - - ipv4.all = {}; - - ipv4.internal = { - addr = "10.0.0.0/8"; - vpn = { - addr = "10.100.0.0/16"; - }; - }; - - }) tools; -in tools diff --git a/tools/nginx.nix b/tools/nginx.nix deleted file mode 100644 index 57c803a..0000000 --- a/tools/nginx.nix +++ /dev/null @@ -1,58 +0,0 @@ -# internal interface -{ toolsets }: -# external interface -{ config ? null, lib ? null, domain ? toolsets.meta.domain, ... }: -let - tools = (self: { - - inherit domain; - - mappers = { - - mapSubdomains = with lib; mapAttrs' (k: nameValuePair "${k}.${domain}"); - - }; - - vhosts = with self.vhosts; { - - basic = { - forceSSL = true; - enableACME = true; - }; - - redirect = target: basic // { - locations."/".return = "301 ${target}"; - }; - - proxy = target: basic // { - locations."/".proxyPass = target; - }; - - static = root: basic // { - inherit root; - }; - - indexedStatic = root: (static root) // { - extraConfig = "autoindex on;"; - }; - - simplePHP = root: (static root) // { - locations."~ \.php$".extraConfig = '' - fastcgi_pass unix:${config.services.phpfpm.pools.www.socket}; - fastcgi_index index.php; - ''; - }; - - proxyGhost = scheme: target: basic // { - locations."/".extraConfig = '' - proxy_pass ${scheme}://${target}; - proxy_set_header Host ${target}; - proxy_set_header Referer ${scheme}://${target}; - proxy_cookie_domain ${target} domain.invalid; - proxy_set_header Cookie ""; - ''; - }; - - }; - }) tools; -in tools -- 2.47.0