gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: system -> systemConfig

Browse source
This commit is contained in:
arcnmx 2024-06-23 10:06:36 -07:00
parent 512b1fc75b
commit 45705650bb
31 changed files with 127 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/extern/home/ssh.nix vendored
View file

@ -16,7 +16,7 @@ let
inherit (lib.strings) optionalString;
inherit (osConfig.gensokyo-zone) access;
cfg = gensokyo-zone.ssh.cfg;
system = gensokyo-zone.systems.${config.systemName}.config;
system = gensokyo-zone.systems.${config.systemName};
networks = let
fallbackNetwork =
if system.network.networks.local.enable or false && access.local.enable
@ -167,14 +167,14 @@ let
proxyJump = mkOptionDefault (
if config.hosts.hakurei.enable
then config.hosts.hakurei.name
else gensokyo-zone.systems.hakurei.config.access.fqdn
else gensokyo-zone.systems.hakurei.access.fqdn
);
networks = mkOptionDefault [
(mkIf access.local.enable "local")
(mkIf access.tail.enabled "tail")
];
hosts = mapAttrs (name: system: let
enabled = system.config.access.online.enable && system.config.exports.services.sshd.enable;
enabled = system.access.online.enable && system.exports.services.sshd.enable;
in
mkIf enabled {
systemName = mkOptionDefault name;

8
modules/extern/nixos/dns.nix vendored
View file

@ -71,13 +71,13 @@
mkMerge [
(mkOptionDefault [])
(mkIf access.local.enable [
(mkIf enableIPv6 utsuho.config.access.address6ForNetwork.local)
utsuho.config.access.address4ForNetwork.local
(mkIf enableIPv6 utsuho.access.address6ForNetwork.local)
utsuho.access.address4ForNetwork.local
])
# TODO: mirror or tunnel on hakurei or something .-.
(mkIf (access.tail.enabled && false) [
(mkIf enableIPv6 hakurei.config.access.address6ForNetwork.tail)
hakurei.config.access.address4ForNetwork.tail
(mkIf enableIPv6 hakurei.access.address6ForNetwork.tail)
hakurei.access.address4ForNetwork.tail
])
];
fallbackNameservers =

4
modules/extern/nixos/krb5.nix vendored
View file

@ -435,8 +435,8 @@ in {
# TODO: consider hakurei instead...
in
mkIf (cfg.enable && !config.gensokyo-zone.dns.enable or false && config.gensokyo-zone.access.local.enable) {
${freeipa.config.access.address6ForNetwork.local} = mkIf config.networking.enableIPv6 (mkBefore [cfg.host]);
${freeipa.config.access.address4ForNetwork.local} = mkBefore [cfg.host];
${freeipa.access.address6ForNetwork.local} = mkIf config.networking.enableIPv6 (mkBefore [cfg.host]);
${freeipa.access.address4ForNetwork.local} = mkBefore [cfg.host];
};
};
environment.etc = {

4
modules/nixos/monitoring/ingest/grafana.nix
View file

@ -1,12 +1,12 @@
{
config,
system,
systemConfig,
lib,
...
}: let
inherit (lib.modules) mkDefault;
cfg = config.services.grafana;
service = system.exports.services.grafana;
service = systemConfig.exports.services.grafana;
in {
services.grafana = {
settings.server = {

4
modules/nixos/monitoring/ingest/loki.nix
View file

@ -11,8 +11,8 @@
promtailSystems =
filterAttrs (
_: system:
system.config.access.online.enable
&& system.config.exports.services.promtail.enable
system.access.online.enable
&& system.exports.services.promtail.enable
)
systems;
cfg = config.services.loki;

12
modules/nixos/monitoring/ingest/prometheus.nix
View file

@ -12,8 +12,8 @@
nodeExporterSystems =
filter (
system:
system.config.exports.prometheus.exporter.enable
&& system.config.exports.prometheus.exporter.services != []
system.exports.prometheus.exporter.enable
&& system.exports.prometheus.exporter.services != []
)
(attrValues systems);
mkPortTarget = {
@ -22,17 +22,17 @@
portName,
}: let
port = service.ports.${portName};
in "${mkAddress6 (access.getAddressFor system.config.name "lan")}:${toString port.port}";
in "${mkAddress6 (access.getAddressFor system.name "lan")}:${toString port.port}";
mkServiceConfig = system: serviceName: let
inherit (service.prometheus) exporter;
service = system.config.exports.services.${serviceName};
service = system.exports.services.${serviceName};
targets = map (portName:
mkPortTarget {
inherit system service portName;
})
exporter.ports;
in {
job_name = "${system.config.name}-${service.id}";
job_name = "${system.name}-${service.id}";
static_configs = [
{
inherit targets;
@ -49,7 +49,7 @@
insecure_skip_verify = mkDefault true;
};
};
mapSystem = system: map (mkServiceConfig system) system.config.exports.prometheus.exporter.services;
mapSystem = system: map (mkServiceConfig system) system.exports.prometheus.exporter.services;
in {
services.prometheus = {
port = mkDefault 9090;

6
modules/nixos/monitoring/source/promtail.nix
View file

@ -1,6 +1,6 @@
{
config,
system,
systemConfig,
access,
lib,
...
@ -23,12 +23,12 @@ in {
];
scrape_configs = [
{
job_name = "${system.name}-journald";
job_name = "${systemConfig.name}-journald";
journal = {
max_age = "${toString (24 * 7)}h";
labels = {
job = "systemd-journald";
system = system.name;
system = systemConfig.name;
host = config.networking.fqdn;
};
};

4
modules/nixos/nginx/proxied.nix
View file

@ -158,7 +158,7 @@ let
in
{
config,
system,
systemConfig,
gensokyo-zone,
lib,
...
@ -196,7 +196,7 @@ in
nginx'proxied = mkIf (warnEnable cfg.enable) {
servers.local = {
accessService = {
system = system.name;
system = systemConfig.name;
name = "nginx";
port = "proxied";
};

4
modules/nixos/nginx/vouch.nix
View file

@ -1,6 +1,6 @@
{
config,
system,
systemConfig,
lib,
gensokyo-zone,
...
@ -348,7 +348,7 @@ in {
ssl.enable = mkAlmostOptionDefault true;
};
int = {upstream, ...}: {
enable = mkAlmostOptionDefault system.network.networks.int.enable or false;
enable = mkAlmostOptionDefault systemConfig.network.networks.int.enable or false;
addr = mkAlmostOptionDefault "login.int.${networking.domain}";
port = mkOptionDefault 9080;
};

29
modules/system/access.nix
View file

@ -15,11 +15,10 @@
inherit (lib.lists) findSingle;
inherit (lib.trivial) mapNullable;
cfg = config.access;
systemConfig = config;
systemAccess = access;
nixosModule = {
config,
system,
systemConfig,
access,
...
}: let
@ -28,16 +27,16 @@
if config.networking.enableIPv6
then "address6ForNetwork"
else "address4ForNetwork";
has'Int = system.network.networks.int.enable or false;
has'Local = system.network.networks.local.enable or false;
has'Tail' = system.network.networks.tail.enable or false;
has'Int = systemConfig.network.networks.int.enable or false;
has'Local = systemConfig.network.networks.local.enable or false;
has'Tail' = systemConfig.network.networks.tail.enable or false;
has'Tail = lib.warnIf (has'Tail' != config.services.tailscale.enable) "tailscale set incorrectly in system.access for ${config.networking.hostName}" has'Tail';
in {
options.networking.access = with lib.types; {
global.enable =
mkEnableOption "global access"
// {
default = system.access.global.enable;
default = systemConfig.access.global.enable;
};
moduleArgAttrs = mkOption {
type = lazyAttrsOf unspecified;
@ -61,7 +60,7 @@
in
{
lan =
if hostName == system.name
if hostName == systemConfig.name
then forSystem.access.${addressForAttr}.localhost
else if has'Int && forSystemHas "int"
then int
@ -124,7 +123,7 @@
in
{
lan =
if hostName == system.name
if hostName == systemConfig.name
then forSystem.access.hostnameForNetwork.localhost
else if has'Int && forSystem.access.hostnameForNetwork ? int
then forSystem.access.hostnameForNetwork.int
@ -207,7 +206,7 @@ in {
};
global.enable = mkEnableOption "globally routeable";
online = let
proxmoxNodeAccess = systems.${config.proxmox.node.name}.config.access;
proxmoxNodeAccess = systems.${config.proxmox.node.name}.access;
in {
enable =
mkEnableOption "a deployed machine"
@ -288,22 +287,22 @@ in {
_module.args.access = {
inherit (cfg) hostnameForNetwork address4ForNetwork address6ForNetwork;
systemFor = hostName: systems.${hostName}.config;
systemForOrNull = hostName: systems.${hostName}.config or null;
systemFor = hostName: systems.${hostName};
systemForOrNull = hostName: systems.${hostName} or null;
nixosFor = hostName: nixosConfigurations.${hostName}.config or (access.systemFor hostName).built.config;
nixosForOrNull = hostName: nixosConfigurations.${hostName}.config or (access.systemForOrNull hostName).built.config or null;
systemForService = service: let
hasService = system: system.config.exports.services.${service}.enable;
hasService = system: system.exports.services.${service}.enable;
notFound = throw "no system found serving ${service}";
multiple = throw "multiple systems found serving ${service}";
in
(findSingle hasService notFound multiple (attrValues systems)).config;
(findSingle hasService notFound multiple (attrValues systems));
systemForServiceId = serviceId: let
hasService = system: findSingle (service: service.id == serviceId && service.enable) null multiple (attrValues system.config.exports.services) != null;
hasService = system: findSingle (service: service.id == serviceId && service.enable) null multiple (attrValues system.exports.services) != null;
notFound = throw "no system found serving ${serviceId}";
multiple = throw "multiple systems found serving ${serviceId}";
in
(findSingle hasService notFound multiple (attrValues systems)).config;
(findSingle hasService notFound multiple (attrValues systems));
};
};
}

6
modules/system/exports/dnsmasq.nix
View file

@ -7,7 +7,7 @@
inherit (lib.modules) mkOptionDefault;
in {
config.exports.services.dnsmasq = {
system,
systemConfig,
config,
...
}: {
@ -28,10 +28,10 @@ in {
settings = {
dns = {
query-type = mkOptionDefault "A";
query-name = mkOptionDefault system.access.fqdn;
query-name = mkOptionDefault systemConfig.access.fqdn;
};
conditions = mkOptionDefault [
"[BODY] == ${system.network.networks.local.address4}"
"[BODY] == ${systemConfig.network.networks.local.address4}"
];
};
};

10
modules/system/exports/monitoring.nix
View file

@ -1,6 +1,6 @@
let
portModule = {
system,
systemConfig,
config,
gensokyo-zone,
lib,
@ -20,7 +20,7 @@ let
enable =
mkEnableOption "health check alerts"
// {
default = system.exports.status.alert.enable;
default = systemConfig.exports.status.alert.enable;
};
};
gatus = {
@ -127,7 +127,7 @@ let
};
};
serviceModule = {
system,
systemConfig,
config,
gensokyo-zone,
lib,
@ -185,8 +185,8 @@ let
labels = mapOptionDefaults {
gensokyo_exports_service = config.name;
gensokyo_exports_id = config.id;
gensokyo_system = system.name;
gensokyo_host = system.access.fqdn;
gensokyo_system = systemConfig.name;
gensokyo_host = systemConfig.access.fqdn;
};
};
status = {

4
modules/system/exports/nginx.nix
View file

@ -9,7 +9,7 @@
in {
config.exports.services.nginx = {
config,
system,
systemConfig,
...
}: let
mkAssertion = f: nixosConfig: let
@ -29,7 +29,7 @@ in {
message = "proxied.port mismatch";
};
in {
displayName = mkAlmostOptionDefault "NGINX/${system.name}";
displayName = mkAlmostOptionDefault "NGINX/${systemConfig.name}";
nixos = {
serviceAttr = "nginx";
assertions = mkIf config.enable (map mkAssertion [

9
modules/system/exports/services.nix
View file

@ -76,7 +76,7 @@
};
};
serviceModule = {
system,
systemConfig,
config,
name,
machine,
@ -101,7 +101,7 @@
type = attrsOf (submoduleWith {
modules = [portModule];
specialArgs = {
inherit gensokyo-zone machine system;
inherit gensokyo-zone machine systemConfig;
service = config;
};
});
@ -153,7 +153,7 @@
};
nixosModule = {
config,
system,
systemConfig,
...
}: let
mapAssertion = service: a: let
@ -163,7 +163,7 @@
// {
message = "system.exports.${service.name}: " + res.message or "assertion failed";
};
assertions = mapAttrsToList (_: service: map (mapAssertion service) service.nixos.assertions) system.exports.services;
assertions = mapAttrsToList (_: service: map (mapAssertion service) service.nixos.assertions) systemConfig.exports.services;
in {
config = {
assertions = mkMerge assertions;
@ -183,7 +183,6 @@ in {
specialArgs = {
inherit gensokyo-zone;
machine = name;
system = config;
systemConfig = config;
};
});

3
modules/system/host.nix
View file

@ -111,8 +111,7 @@ in {
specialArgs = {
inherit name inputs std Std meta;
inherit (inputs.self.lib) gensokyo-zone;
systemType = config.folder;
system = config;
systemConfig = config;
};
};
}

8
modules/system/network/networks.nix
View file

@ -11,7 +11,7 @@
networkModule = {
config,
name,
system,
systemConfig,
...
}: let
knownNetworks = {
@ -68,8 +68,8 @@
);
postfix = mkIf (config.macAddress != null) (mkOptionDefault (eui64 config.macAddress));
};
domain = mkOptionDefault "${config.name}.${system.access.domain}";
fqdn = mkOptionDefault (mapNullable (domain: "${system.access.hostName}.${domain}") config.domain);
domain = mkOptionDefault "${config.name}.${systemConfig.access.domain}";
fqdn = mkOptionDefault (mapNullable (domain: "${systemConfig.access.hostName}.${domain}") config.domain);
address6 = mkIf config.slaac.enable (mkOptionDefault "${config.slaac.prefix}:${config.slaac.postfix}");
};
};
@ -79,7 +79,7 @@ in {
type = attrsOf (submoduleWith {
modules = [networkModule];
specialArgs = {
system = config;
systemConfig = config;
};
});
default = {};

18
modules/system/proxmox/network.nix
View file

@ -18,7 +18,7 @@
networkInterfaceModule = {
config,
name,
system,
systemConfig,
...
}: {
options = with lib.types; {
@ -81,7 +81,7 @@
local = {
enable = mkOption {
type = bool;
default = system.proxmox.node.name == "reisen" && config.id == "net0" && config.bridge == "vmbr0";
default = systemConfig.proxmox.node.name == "reisen" && config.id == "net0" && config.bridge == "vmbr0";
};
address4 = mkOption {
type = nullOr str;
@ -125,12 +125,12 @@
);
};
name = mkMerge [
(mkIf (hasPrefix "net" config.id && system.proxmox.container.enable) (mkOptionDefault ("eth" + removePrefix "net" config.id)))
(mkIf (hasPrefix "net" config.id && systemConfig.proxmox.container.enable) (mkOptionDefault ("eth" + removePrefix "net" config.id)))
# VMs have names like `ens18` for net0...
];
slaac.postfix = mkOptionDefault (mapNullable eui64 config.macAddress);
gateway4 = mkMerge [
(mkIf (system.proxmox.node.name == "reisen" && config.bridge == "vmbr0" && config.address4 != null && config.address4 != "dhcp") (mkAlmostOptionDefault "10.1.1.1"))
(mkIf (systemConfig.proxmox.node.name == "reisen" && config.bridge == "vmbr0" && config.address4 != null && config.address4 != "dhcp") (mkAlmostOptionDefault "10.1.1.1"))
];
networkd.name = mkIf config.local.enable (
mkDefault "_00-local"
@ -176,14 +176,14 @@
};
};
confInternal = let
index = system.proxmox.vm.id - internalOffset;
index = systemConfig.proxmox.vm.id - internalOffset;
in {
name = mkIf system.proxmox.container.enable (mkAlmostOptionDefault "eth9");
name = mkIf systemConfig.proxmox.container.enable (mkAlmostOptionDefault "eth9");
bridge = mkAlmostOptionDefault "vmbr9";
address4 = mkAlmostOptionDefault "10.9.1.${toString index}/24";
address6 = mkAlmostOptionDefault "fd0c::${UInt.toHexLower index}/64";
macAddress = mkIf (system.proxmox.network.interfaces.net0.macAddress or null != null && hasPrefix "BC:24:11:" system.proxmox.network.interfaces.net0.macAddress) (mkAlmostOptionDefault (
replaceStrings ["BC:24:11:"] ["BC:24:19:"] system.proxmox.network.interfaces.net0.macAddress
macAddress = mkIf (systemConfig.proxmox.network.interfaces.net0.macAddress or null != null && hasPrefix "BC:24:11:" systemConfig.proxmox.network.interfaces.net0.macAddress) (mkAlmostOptionDefault (
replaceStrings ["BC:24:11:"] ["BC:24:19:"] systemConfig.proxmox.network.interfaces.net0.macAddress
));
networkd.name = mkDefault "_00-int";
networkd.networkSettings = {
@ -210,7 +210,7 @@ in {
type = attrsOf (submoduleWith {
modules = [networkInterfaceModule];
specialArgs = {
system = config;
systemConfig = config;
};
});
default = {};