gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: system -> systemConfig

Browse source
This commit is contained in:
arcnmx 2024-06-23 10:06:36 -07:00
parent 512b1fc75b
commit 45705650bb
31 changed files with 127 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

4
ci/nodes.nix
View file

@ -11,11 +11,11 @@ with lib; {
name = "nodes"; name = "nodes";
jobs = let jobs = let
enabledSystems = filterAttrs (_: system: system.config.ci.enable) channels.nixfiles.lib.systems; enabledSystems = filterAttrs (_: system: system.ci.enable) channels.nixfiles.lib.gensokyo-zone.systems;
mkSystemJob = name: system: nameValuePair "${name}" { mkSystemJob = name: system: nameValuePair "${name}" {
tasks.system = { tasks.system = {
inputs = channels.nixfiles.nixosConfigurations.${name}.config.system.build.toplevel; inputs = channels.nixfiles.nixosConfigurations.${name}.config.system.build.toplevel;
warn = system.config.ci.allowFailure; warn = system.ci.allowFailure;
}; };
}; };
systemJobs = mapAttrs' mkSystemJob enabledSystems; systemJobs = mapAttrs' mkSystemJob enabledSystems;

24
generate.nix
View file

@ -6,9 +6,9 @@
inherit (nixlib.attrsets) mapAttrs mapAttrs' nameValuePair filterAttrs mapAttrsToList; inherit (nixlib.attrsets) mapAttrs mapAttrs' nameValuePair filterAttrs mapAttrsToList;
inherit (nixlib.lists) sortOn; inherit (nixlib.lists) sortOn;
inherit (inputs.self.lib.lib) userIs; inherit (inputs.self.lib.lib) userIs;
inherit (inputs.self.lib) systems; inherit (inputs.self.lib.gensokyo-zone) systems;
templateSystem = inputs.self.nixosConfigurations.reimu; templateSystem = inputs.self.nixosConfigurations.reimu.config;
templateUsers = filterAttrs (_: userIs "peeps") templateSystem.config.users.users; templateUsers = filterAttrs (_: userIs "peeps") templateSystem.users.users;
mkNodeUsers = users: let mkNodeUsers = users: let
nodeUsers = mapAttrsToList (_: mkNodeUser) templateUsers; nodeUsers = mapAttrsToList (_: mkNodeUser) templateUsers;
in in
@ -18,13 +18,13 @@
authorizedKeys = user.openssh.authorizedKeys.keys; authorizedKeys = user.openssh.authorizedKeys.keys;
}; };
nodeSystems = let nodeSystems = let
matchesNode = nodeName: system: system.config.proxmox.enabled && system.config.proxmox.node.name == nodeName; matchesNode = nodeName: system: system.proxmox.enabled && system.proxmox.node.name == nodeName;
in in
nodeName: filterAttrs (_: matchesNode nodeName) systems; nodeName: filterAttrs (_: matchesNode nodeName) systems;
mkNodeSystem = system: { mkNodeSystem = system: {
inherit (system.config.access) hostName; inherit (system.access) hostName;
network = let network = let
inherit (system.config.network) networks; inherit (system.network) networks;
in { in {
networks = { networks = {
int = int =
@ -62,14 +62,14 @@
}; };
mkNode = system: { mkNode = system: {
users = mkNodeUsers templateUsers; users = mkNodeUsers templateUsers;
systems = mkNodeSystems (nodeSystems system.config.name); systems = mkNodeSystems (nodeSystems system.name);
extern = mkExtern system.config; extern = mkExtern system;
ssh.root.authorizedKeys = { ssh.root.authorizedKeys = {
inherit (templateSystem.config.environment.etc."ssh/authorized_keys.d/root".source) text; inherit (templateSystem.environment.etc."ssh/authorized_keys.d/root".source) text;
}; };
}; };
mkNetwork = system: { mkNetwork = system: {
inherit (system.config.access) hostName; inherit (system.access) hostName;
networks = networks =
{ {
int = null; int = null;
@ -80,14 +80,14 @@
nameValuePair network.name { nameValuePair network.name {
inherit (network) macAddress address4 address6; inherit (network) macAddress address4 address6;
}) })
system.config.network.networks; system.network.networks;
}; };
mkSystem = name: system: { mkSystem = name: system: {
network = mkNetwork system; network = mkNetwork system;
}; };
in { in {
nodes = let nodes = let
nodes = filterAttrs (_: node: node.config.proxmox.node.enable) systems; nodes = filterAttrs (_: node: node.proxmox.node.enable) systems;
in in
mapAttrs (_: mkNode) nodes; mapAttrs (_: mkNode) nodes;
systems = mapAttrs mkSystem systems; systems = mapAttrs mkSystem systems;

3
lib.nix
View file

@ -147,7 +147,8 @@ in {
inherit inputs; inherit inputs;
inherit (inputs) self; inherit (inputs) self;
inherit (inputs.self) overlays; inherit (inputs.self) overlays;
inherit (inputs.self.lib) tree meta lib systems std Std; inherit (inputs.self.lib) tree meta lib std Std;
systems = builtins.mapAttrs (_: system: system.config) systems;
}; };
generate = import ./generate.nix {inherit inputs tree;}; generate = import ./generate.nix {inherit inputs tree;};
} }

6
modules/extern/home/ssh.nix vendored
View file

@ -16,7 +16,7 @@ let
inherit (lib.strings) optionalString; inherit (lib.strings) optionalString;
inherit (osConfig.gensokyo-zone) access; inherit (osConfig.gensokyo-zone) access;
cfg = gensokyo-zone.ssh.cfg; cfg = gensokyo-zone.ssh.cfg;
system = gensokyo-zone.systems.${config.systemName}.config; system = gensokyo-zone.systems.${config.systemName};
networks = let networks = let
fallbackNetwork = fallbackNetwork =
if system.network.networks.local.enable or false && access.local.enable if system.network.networks.local.enable or false && access.local.enable
@ -167,14 +167,14 @@ let
proxyJump = mkOptionDefault ( proxyJump = mkOptionDefault (
if config.hosts.hakurei.enable if config.hosts.hakurei.enable
then config.hosts.hakurei.name then config.hosts.hakurei.name
else gensokyo-zone.systems.hakurei.config.access.fqdn else gensokyo-zone.systems.hakurei.access.fqdn
); );
networks = mkOptionDefault [ networks = mkOptionDefault [
(mkIf access.local.enable "local") (mkIf access.local.enable "local")
(mkIf access.tail.enabled "tail") (mkIf access.tail.enabled "tail")
]; ];
hosts = mapAttrs (name: system: let hosts = mapAttrs (name: system: let
enabled = system.config.access.online.enable && system.config.exports.services.sshd.enable; enabled = system.access.online.enable && system.exports.services.sshd.enable;
in in
mkIf enabled { mkIf enabled {
systemName = mkOptionDefault name; systemName = mkOptionDefault name;

8
modules/extern/nixos/dns.nix vendored
View file

@ -71,13 +71,13 @@
mkMerge [ mkMerge [
(mkOptionDefault []) (mkOptionDefault [])
(mkIf access.local.enable [ (mkIf access.local.enable [
(mkIf enableIPv6 utsuho.config.access.address6ForNetwork.local) (mkIf enableIPv6 utsuho.access.address6ForNetwork.local)
utsuho.config.access.address4ForNetwork.local utsuho.access.address4ForNetwork.local
]) ])
# TODO: mirror or tunnel on hakurei or something .-. # TODO: mirror or tunnel on hakurei or something .-.
(mkIf (access.tail.enabled && false) [ (mkIf (access.tail.enabled && false) [
(mkIf enableIPv6 hakurei.config.access.address6ForNetwork.tail) (mkIf enableIPv6 hakurei.access.address6ForNetwork.tail)
hakurei.config.access.address4ForNetwork.tail hakurei.access.address4ForNetwork.tail
]) ])
]; ];
fallbackNameservers = fallbackNameservers =

4
modules/extern/nixos/krb5.nix vendored
View file

@ -435,8 +435,8 @@ in {
# TODO: consider hakurei instead... # TODO: consider hakurei instead...
in in
mkIf (cfg.enable && !config.gensokyo-zone.dns.enable or false && config.gensokyo-zone.access.local.enable) { mkIf (cfg.enable && !config.gensokyo-zone.dns.enable or false && config.gensokyo-zone.access.local.enable) {
${freeipa.config.access.address6ForNetwork.local} = mkIf config.networking.enableIPv6 (mkBefore [cfg.host]); ${freeipa.access.address6ForNetwork.local} = mkIf config.networking.enableIPv6 (mkBefore [cfg.host]);
${freeipa.config.access.address4ForNetwork.local} = mkBefore [cfg.host]; ${freeipa.access.address4ForNetwork.local} = mkBefore [cfg.host];
}; };
}; };
environment.etc = { environment.etc = {

4
modules/nixos/monitoring/ingest/grafana.nix
View file

@ -1,12 +1,12 @@
{ {
config, config,
system, systemConfig,
lib, lib,
... ...
}: let }: let
inherit (lib.modules) mkDefault; inherit (lib.modules) mkDefault;
cfg = config.services.grafana; cfg = config.services.grafana;
service = system.exports.services.grafana; service = systemConfig.exports.services.grafana;
in { in {
services.grafana = { services.grafana = {
settings.server = { settings.server = {

4
modules/nixos/monitoring/ingest/loki.nix
View file

@ -11,8 +11,8 @@
promtailSystems = promtailSystems =
filterAttrs ( filterAttrs (
_: system: _: system:
system.config.access.online.enable system.access.online.enable
&& system.config.exports.services.promtail.enable && system.exports.services.promtail.enable
) )
systems; systems;
cfg = config.services.loki; cfg = config.services.loki;

12
modules/nixos/monitoring/ingest/prometheus.nix
View file

@ -12,8 +12,8 @@
nodeExporterSystems = nodeExporterSystems =
filter ( filter (
system: system:
system.config.exports.prometheus.exporter.enable system.exports.prometheus.exporter.enable
&& system.config.exports.prometheus.exporter.services != [] && system.exports.prometheus.exporter.services != []
) )
(attrValues systems); (attrValues systems);
mkPortTarget = { mkPortTarget = {
@ -22,17 +22,17 @@
portName, portName,
}: let }: let
port = service.ports.${portName}; port = service.ports.${portName};
in "${mkAddress6 (access.getAddressFor system.config.name "lan")}:${toString port.port}"; in "${mkAddress6 (access.getAddressFor system.name "lan")}:${toString port.port}";
mkServiceConfig = system: serviceName: let mkServiceConfig = system: serviceName: let
inherit (service.prometheus) exporter; inherit (service.prometheus) exporter;
service = system.config.exports.services.${serviceName}; service = system.exports.services.${serviceName};
targets = map (portName: targets = map (portName:
mkPortTarget { mkPortTarget {
inherit system service portName; inherit system service portName;
}) })
exporter.ports; exporter.ports;
in { in {
job_name = "${system.config.name}-${service.id}"; job_name = "${system.name}-${service.id}";
static_configs = [ static_configs = [
{ {
inherit targets; inherit targets;
@ -49,7 +49,7 @@
insecure_skip_verify = mkDefault true; insecure_skip_verify = mkDefault true;
}; };
}; };
mapSystem = system: map (mkServiceConfig system) system.config.exports.prometheus.exporter.services; mapSystem = system: map (mkServiceConfig system) system.exports.prometheus.exporter.services;
in { in {
services.prometheus = { services.prometheus = {
port = mkDefault 9090; port = mkDefault 9090;

6
modules/nixos/monitoring/source/promtail.nix
View file

@ -1,6 +1,6 @@
{ {
config, config,
system, systemConfig,
access, access,
lib, lib,
... ...
@ -23,12 +23,12 @@ in {
]; ];
scrape_configs = [ scrape_configs = [
{ {
job_name = "${system.name}-journald"; job_name = "${systemConfig.name}-journald";
journal = { journal = {
max_age = "${toString (24 * 7)}h"; max_age = "${toString (24 * 7)}h";
labels = { labels = {
job = "systemd-journald"; job = "systemd-journald";
system = system.name; system = systemConfig.name;
host = config.networking.fqdn; host = config.networking.fqdn;
}; };
}; };

4
modules/nixos/nginx/proxied.nix
View file

@ -158,7 +158,7 @@ let
in in
{ {
config, config,
system, systemConfig,
gensokyo-zone, gensokyo-zone,
lib, lib,
... ...
@ -196,7 +196,7 @@ in
nginx'proxied = mkIf (warnEnable cfg.enable) { nginx'proxied = mkIf (warnEnable cfg.enable) {
servers.local = { servers.local = {
accessService = { accessService = {
system = system.name; system = systemConfig.name;
name = "nginx"; name = "nginx";
port = "proxied"; port = "proxied";
}; };

4
modules/nixos/nginx/vouch.nix
View file

@ -1,6 +1,6 @@
{ {
config, config,
system, systemConfig,
lib, lib,
gensokyo-zone, gensokyo-zone,
... ...
@ -348,7 +348,7 @@ in {
ssl.enable = mkAlmostOptionDefault true; ssl.enable = mkAlmostOptionDefault true;
}; };
int = {upstream, ...}: { int = {upstream, ...}: {
enable = mkAlmostOptionDefault system.network.networks.int.enable or false; enable = mkAlmostOptionDefault systemConfig.network.networks.int.enable or false;
addr = mkAlmostOptionDefault "login.int.${networking.domain}"; addr = mkAlmostOptionDefault "login.int.${networking.domain}";
port = mkOptionDefault 9080; port = mkOptionDefault 9080;
}; };

29
modules/system/access.nix
View file

@ -15,11 +15,10 @@
inherit (lib.lists) findSingle; inherit (lib.lists) findSingle;
inherit (lib.trivial) mapNullable; inherit (lib.trivial) mapNullable;
cfg = config.access; cfg = config.access;
systemConfig = config;
systemAccess = access; systemAccess = access;
nixosModule = { nixosModule = {
config, config,
system, systemConfig,
access, access,
... ...
}: let }: let
@ -28,16 +27,16 @@
if config.networking.enableIPv6 if config.networking.enableIPv6
then "address6ForNetwork" then "address6ForNetwork"
else "address4ForNetwork"; else "address4ForNetwork";
has'Int = system.network.networks.int.enable or false; has'Int = systemConfig.network.networks.int.enable or false;
has'Local = system.network.networks.local.enable or false; has'Local = systemConfig.network.networks.local.enable or false;
has'Tail' = system.network.networks.tail.enable or false; has'Tail' = systemConfig.network.networks.tail.enable or false;
has'Tail = lib.warnIf (has'Tail' != config.services.tailscale.enable) "tailscale set incorrectly in system.access for ${config.networking.hostName}" has'Tail'; has'Tail = lib.warnIf (has'Tail' != config.services.tailscale.enable) "tailscale set incorrectly in system.access for ${config.networking.hostName}" has'Tail';
in { in {
options.networking.access = with lib.types; { options.networking.access = with lib.types; {
global.enable = global.enable =
mkEnableOption "global access" mkEnableOption "global access"
// { // {
default = system.access.global.enable; default = systemConfig.access.global.enable;
}; };
moduleArgAttrs = mkOption { moduleArgAttrs = mkOption {
type = lazyAttrsOf unspecified; type = lazyAttrsOf unspecified;
@ -61,7 +60,7 @@
in in
{ {
lan = lan =
if hostName == system.name if hostName == systemConfig.name
then forSystem.access.${addressForAttr}.localhost then forSystem.access.${addressForAttr}.localhost
else if has'Int && forSystemHas "int" else if has'Int && forSystemHas "int"
then int then int
@ -124,7 +123,7 @@
in in
{ {
lan = lan =
if hostName == system.name if hostName == systemConfig.name
then forSystem.access.hostnameForNetwork.localhost then forSystem.access.hostnameForNetwork.localhost
else if has'Int && forSystem.access.hostnameForNetwork ? int else if has'Int && forSystem.access.hostnameForNetwork ? int
then forSystem.access.hostnameForNetwork.int then forSystem.access.hostnameForNetwork.int
@ -207,7 +206,7 @@ in {
}; };
global.enable = mkEnableOption "globally routeable"; global.enable = mkEnableOption "globally routeable";
online = let online = let
proxmoxNodeAccess = systems.${config.proxmox.node.name}.config.access; proxmoxNodeAccess = systems.${config.proxmox.node.name}.access;
in { in {
enable = enable =
mkEnableOption "a deployed machine" mkEnableOption "a deployed machine"
@ -288,22 +287,22 @@ in {
_module.args.access = { _module.args.access = {
inherit (cfg) hostnameForNetwork address4ForNetwork address6ForNetwork; inherit (cfg) hostnameForNetwork address4ForNetwork address6ForNetwork;
systemFor = hostName: systems.${hostName}.config; systemFor = hostName: systems.${hostName};
systemForOrNull = hostName: systems.${hostName}.config or null; systemForOrNull = hostName: systems.${hostName} or null;
nixosFor = hostName: nixosConfigurations.${hostName}.config or (access.systemFor hostName).built.config; nixosFor = hostName: nixosConfigurations.${hostName}.config or (access.systemFor hostName).built.config;
nixosForOrNull = hostName: nixosConfigurations.${hostName}.config or (access.systemForOrNull hostName).built.config or null; nixosForOrNull = hostName: nixosConfigurations.${hostName}.config or (access.systemForOrNull hostName).built.config or null;
systemForService = service: let systemForService = service: let
hasService = system: system.config.exports.services.${service}.enable; hasService = system: system.exports.services.${service}.enable;
notFound = throw "no system found serving ${service}"; notFound = throw "no system found serving ${service}";
multiple = throw "multiple systems found serving ${service}"; multiple = throw "multiple systems found serving ${service}";
in in
(findSingle hasService notFound multiple (attrValues systems)).config; (findSingle hasService notFound multiple (attrValues systems));
systemForServiceId = serviceId: let systemForServiceId = serviceId: let
hasService = system: findSingle (service: service.id == serviceId && service.enable) null multiple (attrValues system.config.exports.services) != null; hasService = system: findSingle (service: service.id == serviceId && service.enable) null multiple (attrValues system.exports.services) != null;
notFound = throw "no system found serving ${serviceId}"; notFound = throw "no system found serving ${serviceId}";
multiple = throw "multiple systems found serving ${serviceId}"; multiple = throw "multiple systems found serving ${serviceId}";
in in
(findSingle hasService notFound multiple (attrValues systems)).config; (findSingle hasService notFound multiple (attrValues systems));
}; };
}; };
} }

6
modules/system/exports/dnsmasq.nix
View file

@ -7,7 +7,7 @@
inherit (lib.modules) mkOptionDefault; inherit (lib.modules) mkOptionDefault;
in { in {
config.exports.services.dnsmasq = { config.exports.services.dnsmasq = {
system, systemConfig,
config, config,
... ...
}: { }: {
@ -28,10 +28,10 @@ in {
settings = { settings = {
dns = { dns = {
query-type = mkOptionDefault "A"; query-type = mkOptionDefault "A";
query-name = mkOptionDefault system.access.fqdn; query-name = mkOptionDefault systemConfig.access.fqdn;
}; };
conditions = mkOptionDefault [ conditions = mkOptionDefault [
"[BODY] == ${system.network.networks.local.address4}" "[BODY] == ${systemConfig.network.networks.local.address4}"
]; ];
}; };
}; };

10
modules/system/exports/monitoring.nix
View file

@ -1,6 +1,6 @@
let let
portModule = { portModule = {
system, systemConfig,
config, config,
gensokyo-zone, gensokyo-zone,
lib, lib,
@ -20,7 +20,7 @@ let
enable = enable =
mkEnableOption "health check alerts" mkEnableOption "health check alerts"
// { // {
default = system.exports.status.alert.enable; default = systemConfig.exports.status.alert.enable;
}; };
}; };
gatus = { gatus = {
@ -127,7 +127,7 @@ let
}; };
}; };
serviceModule = { serviceModule = {
system, systemConfig,
config, config,
gensokyo-zone, gensokyo-zone,
lib, lib,
@ -185,8 +185,8 @@ let
labels = mapOptionDefaults { labels = mapOptionDefaults {
gensokyo_exports_service = config.name; gensokyo_exports_service = config.name;
gensokyo_exports_id = config.id; gensokyo_exports_id = config.id;
gensokyo_system = system.name; gensokyo_system = systemConfig.name;
gensokyo_host = system.access.fqdn; gensokyo_host = systemConfig.access.fqdn;
}; };
}; };
status = { status = {

4
modules/system/exports/nginx.nix
View file

@ -9,7 +9,7 @@
in { in {
config.exports.services.nginx = { config.exports.services.nginx = {
config, config,
system, systemConfig,
... ...
}: let }: let
mkAssertion = f: nixosConfig: let mkAssertion = f: nixosConfig: let
@ -29,7 +29,7 @@ in {
message = "proxied.port mismatch"; message = "proxied.port mismatch";
}; };
in { in {
displayName = mkAlmostOptionDefault "NGINX/${system.name}"; displayName = mkAlmostOptionDefault "NGINX/${systemConfig.name}";
nixos = { nixos = {
serviceAttr = "nginx"; serviceAttr = "nginx";
assertions = mkIf config.enable (map mkAssertion [ assertions = mkIf config.enable (map mkAssertion [

9
modules/system/exports/services.nix
View file

@ -76,7 +76,7 @@
}; };
}; };
serviceModule = { serviceModule = {
system, systemConfig,
config, config,
name, name,
machine, machine,
@ -101,7 +101,7 @@
type = attrsOf (submoduleWith { type = attrsOf (submoduleWith {
modules = [portModule]; modules = [portModule];
specialArgs = { specialArgs = {
inherit gensokyo-zone machine system; inherit gensokyo-zone machine systemConfig;
service = config; service = config;
}; };
}); });
@ -153,7 +153,7 @@
}; };
nixosModule = { nixosModule = {
config, config,
system, systemConfig,
... ...
}: let }: let
mapAssertion = service: a: let mapAssertion = service: a: let
@ -163,7 +163,7 @@
// { // {
message = "system.exports.${service.name}: " + res.message or "assertion failed"; message = "system.exports.${service.name}: " + res.message or "assertion failed";
}; };
assertions = mapAttrsToList (_: service: map (mapAssertion service) service.nixos.assertions) system.exports.services; assertions = mapAttrsToList (_: service: map (mapAssertion service) service.nixos.assertions) systemConfig.exports.services;
in { in {
config = { config = {
assertions = mkMerge assertions; assertions = mkMerge assertions;
@ -183,7 +183,6 @@ in {
specialArgs = { specialArgs = {
inherit gensokyo-zone; inherit gensokyo-zone;
machine = name; machine = name;
system = config;
systemConfig = config; systemConfig = config;
}; };
}); });

3
modules/system/host.nix
View file

@ -111,8 +111,7 @@ in {
specialArgs = { specialArgs = {
inherit name inputs std Std meta; inherit name inputs std Std meta;
inherit (inputs.self.lib) gensokyo-zone; inherit (inputs.self.lib) gensokyo-zone;
systemType = config.folder; systemConfig = config;
system = config;
}; };
}; };
} }

8
modules/system/network/networks.nix
View file

@ -11,7 +11,7 @@
networkModule = { networkModule = {
config, config,
name, name,
system, systemConfig,
... ...
}: let }: let
knownNetworks = { knownNetworks = {
@ -68,8 +68,8 @@
); );
postfix = mkIf (config.macAddress != null) (mkOptionDefault (eui64 config.macAddress)); postfix = mkIf (config.macAddress != null) (mkOptionDefault (eui64 config.macAddress));
}; };
domain = mkOptionDefault "${config.name}.${system.access.domain}"; domain = mkOptionDefault "${config.name}.${systemConfig.access.domain}";
fqdn = mkOptionDefault (mapNullable (domain: "${system.access.hostName}.${domain}") config.domain); fqdn = mkOptionDefault (mapNullable (domain: "${systemConfig.access.hostName}.${domain}") config.domain);
address6 = mkIf config.slaac.enable (mkOptionDefault "${config.slaac.prefix}:${config.slaac.postfix}"); address6 = mkIf config.slaac.enable (mkOptionDefault "${config.slaac.prefix}:${config.slaac.postfix}");
}; };
}; };
@ -79,7 +79,7 @@ in {
type = attrsOf (submoduleWith { type = attrsOf (submoduleWith {
modules = [networkModule]; modules = [networkModule];
specialArgs = { specialArgs = {
system = config; systemConfig = config;
}; };
}); });
default = {}; default = {};

18
modules/system/proxmox/network.nix
View file

@ -18,7 +18,7 @@
networkInterfaceModule = { networkInterfaceModule = {
config, config,
name, name,
system, systemConfig,
... ...
}: { }: {
options = with lib.types; { options = with lib.types; {
@ -81,7 +81,7 @@
local = { local = {
enable = mkOption { enable = mkOption {
type = bool; type = bool;
default = system.proxmox.node.name == "reisen" && config.id == "net0" && config.bridge == "vmbr0"; default = systemConfig.proxmox.node.name == "reisen" && config.id == "net0" && config.bridge == "vmbr0";
}; };
address4 = mkOption { address4 = mkOption {
type = nullOr str; type = nullOr str;
@ -125,12 +125,12 @@
); );
}; };
name = mkMerge [ name = mkMerge [
(mkIf (hasPrefix "net" config.id && system.proxmox.container.enable) (mkOptionDefault ("eth" + removePrefix "net" config.id))) (mkIf (hasPrefix "net" config.id && systemConfig.proxmox.container.enable) (mkOptionDefault ("eth" + removePrefix "net" config.id)))
# VMs have names like `ens18` for net0... # VMs have names like `ens18` for net0...
]; ];
slaac.postfix = mkOptionDefault (mapNullable eui64 config.macAddress); slaac.postfix = mkOptionDefault (mapNullable eui64 config.macAddress);
gateway4 = mkMerge [ gateway4 = mkMerge [
(mkIf (system.proxmox.node.name == "reisen" && config.bridge == "vmbr0" && config.address4 != null && config.address4 != "dhcp") (mkAlmostOptionDefault "10.1.1.1")) (mkIf (systemConfig.proxmox.node.name == "reisen" && config.bridge == "vmbr0" && config.address4 != null && config.address4 != "dhcp") (mkAlmostOptionDefault "10.1.1.1"))
]; ];
networkd.name = mkIf config.local.enable ( networkd.name = mkIf config.local.enable (
mkDefault "_00-local" mkDefault "_00-local"
@ -176,14 +176,14 @@
}; };
}; };
confInternal = let confInternal = let
index = system.proxmox.vm.id - internalOffset; index = systemConfig.proxmox.vm.id - internalOffset;
in { in {
name = mkIf system.proxmox.container.enable (mkAlmostOptionDefault "eth9"); name = mkIf systemConfig.proxmox.container.enable (mkAlmostOptionDefault "eth9");
bridge = mkAlmostOptionDefault "vmbr9"; bridge = mkAlmostOptionDefault "vmbr9";
address4 = mkAlmostOptionDefault "10.9.1.${toString index}/24"; address4 = mkAlmostOptionDefault "10.9.1.${toString index}/24";
address6 = mkAlmostOptionDefault "fd0c::${UInt.toHexLower index}/64"; address6 = mkAlmostOptionDefault "fd0c::${UInt.toHexLower index}/64";
macAddress = mkIf (system.proxmox.network.interfaces.net0.macAddress or null != null && hasPrefix "BC:24:11:" system.proxmox.network.interfaces.net0.macAddress) (mkAlmostOptionDefault ( macAddress = mkIf (systemConfig.proxmox.network.interfaces.net0.macAddress or null != null && hasPrefix "BC:24:11:" systemConfig.proxmox.network.interfaces.net0.macAddress) (mkAlmostOptionDefault (
replaceStrings ["BC:24:11:"] ["BC:24:19:"] system.proxmox.network.interfaces.net0.macAddress replaceStrings ["BC:24:11:"] ["BC:24:19:"] systemConfig.proxmox.network.interfaces.net0.macAddress
)); ));
networkd.name = mkDefault "_00-int"; networkd.name = mkDefault "_00-int";
networkd.networkSettings = { networkd.networkSettings = {
@ -210,7 +210,7 @@ in {
type = attrsOf (submoduleWith { type = attrsOf (submoduleWith {
modules = [networkInterfaceModule]; modules = [networkInterfaceModule];
specialArgs = { specialArgs = {
system = config; systemConfig = config;
}; };
}); });
default = {}; default = {};

1
nixos/access/invidious.nix
View file

@ -1,6 +1,5 @@
{ {
config, config,
system,
lib, lib,
... ...
}: let }: let

4
nixos/access/nfandroidtv.nix
View file

@ -1,12 +1,12 @@
{ {
config, config,
system, systemConfig,
lib, lib,
... ...
}: let }: let
inherit (lib.modules) mkIf mkDefault; inherit (lib.modules) mkIf mkDefault;
inherit (config.services) nginx; inherit (config.services) nginx;
inherit (system.exports.services) nfandroidtv; inherit (systemConfig.exports.services) nfandroidtv;
upstreamName = "nfandroidtv'bedroom"; upstreamName = "nfandroidtv'bedroom";
in { in {
config.services.nginx = { config.services.nginx = {

4
nixos/base/nixpkgs.nix
View file

@ -1,6 +1,6 @@
{ {
config, config,
system, systemConfig,
gensokyo-zone, gensokyo-zone,
lib, lib,
... ...
@ -12,7 +12,7 @@
inherit (gensokyo-zone.self) overlays; inherit (gensokyo-zone.self) overlays;
cfg = config.nixpkgs; cfg = config.nixpkgs;
hostPlatform = lib.systems.elaborate { hostPlatform = lib.systems.elaborate {
inherit (system) system; inherit (systemConfig) system;
}; };
in { in {
options.nixpkgs = with lib.types; { options.nixpkgs = with lib.types; {

16
nixos/dnsmasq.nix
View file

@ -16,7 +16,7 @@
localSystems = localSystems =
filterAttrs ( filterAttrs (
_: system: _: system:
system.config.access.online.enable && system.config.network.networks.local.enable or false system.access.online.enable && system.network.networks.local.enable or false
) )
systems; systems;
mkHostRecordPairs = _: system: [ mkHostRecordPairs = _: system: [
@ -27,12 +27,12 @@
mapDynamic4 = replaceStrings ["10.1.1."] ["0.0.0."]; mapDynamic4 = replaceStrings ["10.1.1."] ["0.0.0."];
mapDynamic6 = replaceStrings ["fd0a::"] ["2001::"]; mapDynamic6 = replaceStrings ["fd0a::"] ["2001::"];
mkDynamicHostRecord = _: system: let mkDynamicHostRecord = _: system: let
address4 = system.config.network.networks.local.address4 or null; address4 = system.network.networks.local.address4 or null;
address6 = system.config.network.networks.local.address6 or null; address6 = system.network.networks.local.address6 or null;
in in
concatStringsSep "," ( concatStringsSep "," (
[ [
system.config.access.fqdn system.access.fqdn
] ]
++ optional (address4 != null) ++ optional (address4 != null)
(toString (mapNullable mapDynamic4 address4)) (toString (mapNullable mapDynamic4 address4))
@ -42,15 +42,15 @@
cfg.dynamic.interface cfg.dynamic.interface
); );
mkHostRecordPair = network: system: let mkHostRecordPair = network: system: let
address4 = system.config.network.networks.${network}.address4 or null; address4 = system.network.networks.${network}.address4 or null;
address6 = system.config.network.networks.${network}.address6 or null; address6 = system.network.networks.${network}.address6 or null;
fqdn = system.config.network.networks.${network}.fqdn or null; fqdn = system.network.networks.${network}.fqdn or null;
in in
nameValuePair nameValuePair
( (
if fqdn != null if fqdn != null
then fqdn then fqdn
else "${network}.${system.config.access.fqdn}" else "${network}.${system.access.fqdn}"
) )
(concatStringsSep "," ( (concatStringsSep "," (
optional (address4 != null) optional (address4 != null)

8
nixos/home-assistant.nix
View file

@ -49,19 +49,19 @@ in {
}; };
auth_providers = let auth_providers = let
inherit (lib.attrsets) genAttrs; inherit (lib.attrsets) genAttrs;
shanghai = with gensokyo-zone.systems.shanghai.config.network.networks.local; [ shanghai = with gensokyo-zone.systems.shanghai.network.networks.local; [
address4 address4
address6 address6
]; ];
nue = with gensokyo-zone.systems.nue.config.network.networks.local; [ nue = with gensokyo-zone.systems.nue.network.networks.local; [
address4 address4
address6 address6
]; ];
logistics = with gensokyo-zone.systems.logistics.config.network.networks.local; [ logistics = with gensokyo-zone.systems.logistics.network.networks.local; [
address4 address4
address6 address6
]; ];
koishi = with gensokyo-zone.systems.koishi.config.network.networks.local; [ koishi = with gensokyo-zone.systems.koishi.network.networks.local; [
address4 address4
#address6 #address6
]; ];

4
nixos/keycloak.nix
View file

@ -1,5 +1,5 @@
{ {
system, systemConfig,
access, access,
config, config,
gensokyo-zone, gensokyo-zone,
@ -15,7 +15,7 @@
}; };
hostname = "sso.${config.networking.domain}"; hostname = "sso.${config.networking.domain}";
hostname-strict = false; hostname-strict = false;
inherit (gensokyo-zone.self.legacyPackages.${system.system}) patchedNixpkgs; inherit (gensokyo-zone.self.legacyPackages.${systemConfig.system}) patchedNixpkgs;
keycloakModulePath = "services/web-apps/keycloak.nix"; keycloakModulePath = "services/web-apps/keycloak.nix";
in { in {
# upstream keycloak makes an incorrect assumption in its assertions, so we patch it # upstream keycloak makes an incorrect assumption in its assertions, so we patch it

27
nixos/monitoring/gatus.nix
View file

@ -12,9 +12,9 @@
inherit (lib.lists) filter length optional concatMap; inherit (lib.lists) filter length optional concatMap;
inherit (lib.strings) hasPrefix hasInfix optionalString concatStringsSep match; inherit (lib.strings) hasPrefix hasInfix optionalString concatStringsSep match;
cfg = config.services.gatus; cfg = config.services.gatus;
statusSystems = filter (system: system.config.exports.status.enable) (attrValues systems); statusSystems = filter (system: system.exports.status.enable) (attrValues systems);
mapSystem = system: let mapSystem = system: let
statusServices = map (serviceName: system.config.exports.services.${serviceName}) system.config.exports.status.services; statusServices = map (serviceName: system.exports.services.${serviceName}) system.exports.status.services;
serviceEndpoints = concatMap (mkServiceEndpoint system) statusServices; serviceEndpoints = concatMap (mkServiceEndpoint system) statusServices;
systemEndpoint = mkSystemEndpoint system; systemEndpoint = mkSystemEndpoint system;
in in
@ -34,7 +34,7 @@
++ optional hasId service.id ++ optional hasId service.id
++ [ ++ [
port.name port.name
system.config.name system.name
]); ]);
#network = port.listen; #network = port.listen;
network = "lan"; network = "lan";
@ -43,12 +43,11 @@
# XXX: they're lying when they say "You may optionally prefix said DNS IPs with dns://" # XXX: they're lying when they say "You may optionally prefix said DNS IPs with dns://"
scheme = ""; scheme = "";
}; };
starttls.host = system.config.access.fqdn; starttls.host = system.access.fqdn;
}; };
urlConf = urlConf =
{ {
inherit service port network; inherit service port network system;
system = system.config;
scheme = gatus.protocol; scheme = gatus.protocol;
${ ${
if gatus.client.network != "ip" if gatus.client.network != "ip"
@ -97,21 +96,21 @@
}) })
gatusPorts; gatusPorts;
mkSystemEndpoint = system: let mkSystemEndpoint = system: let
inherit (system.config.exports) status; inherit (system.exports) status;
network = "lan"; network = "lan";
getAddressFor = getAddressFor =
if system.config.network.networks.local.address4 or null != null if system.network.networks.local.address4 or null != null
then "getAddress4For" then "getAddress4For"
else "getAddressFor"; else "getAddressFor";
addr = access.${getAddressFor} system.config.name network; addr = access.${getAddressFor} system.name network;
addrIs6 = hasInfix ":" addr; addrIs6 = hasInfix ":" addr;
in in
nameValuePair "ping-${system.config.name}" (_: { nameValuePair "ping-${system.name}" (_: {
imports = imports =
[alertingConfig] [alertingConfig]
++ optional status.alert.enable alertingConfigAlerts; ++ optional status.alert.enable alertingConfigAlerts;
config = { config = {
name = mkAlmostOptionDefault system.config.name; name = mkAlmostOptionDefault system.name;
# XXX: it can't seem to ping ipv6 for some reason..? :< # XXX: it can't seem to ping ipv6 for some reason..? :<
enabled = mkIf addrIs6 (mkAlmostOptionDefault false); enabled = mkIf addrIs6 (mkAlmostOptionDefault false);
client.network = mkIf addrIs6 (mkAlmostOptionDefault "ip6"); client.network = mkIf addrIs6 (mkAlmostOptionDefault "ip6");
@ -160,11 +159,11 @@
servers = "${groups.systems}/Servers"; servers = "${groups.systems}/Servers";
systems = "Systems"; systems = "Systems";
forSystem = system: let forSystem = system: let
node = systems.${system.config.proxmox.node.name}.config; node = systems.${system.proxmox.node.name};
in in
if system.config.proxmox.enabled if system.proxmox.enabled
then "${groups.servers}/${node.name}" then "${groups.servers}/${node.name}"
else if system.config.access.online.available else if system.access.online.available
then groups.servers then groups.servers
else groups.systems; else groups.systems;
}; };

4
nixos/reisen-ct/proxmox.nix
View file

@ -1,5 +1,5 @@
{ {
system, systemConfig,
gensokyo-zone, gensokyo-zone,
lib, lib,
modulesPath, modulesPath,
@ -8,7 +8,7 @@
inherit (gensokyo-zone.lib) unmerged; inherit (gensokyo-zone.lib) unmerged;
inherit (lib.modules) mkIf mkMerge mkDefault; inherit (lib.modules) mkIf mkMerge mkDefault;
inherit (lib.attrsets) mapAttrsToList; inherit (lib.attrsets) mapAttrsToList;
inherit (system) proxmox; inherit (systemConfig) proxmox;
in { in {
imports = [ imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix") (modulesPath + "/virtualisation/proxmox-lxc.nix")

12
nixos/samba.nix
View file

@ -1,6 +1,6 @@
{ {
config, config,
system, systemConfig,
access, access,
gensokyo-zone, gensokyo-zone,
lib, lib,
@ -25,9 +25,9 @@ in {
name = "GENSOKYO"; name = "GENSOKYO";
netbiosName = "reisen"; netbiosName = "reisen";
netbiosHostAddresses = { netbiosHostAddresses = {
${cfg.domain.netbiosName'} = mkIf system.network.networks.local.enable or false [ ${cfg.domain.netbiosName'} = mkIf systemConfig.network.networks.local.enable or false [
system.network.networks.local.address4 systemConfig.network.networks.local.address4
system.network.networks.local.address6 systemConfig.network.networks.local.address6
]; ];
}; };
}; };
@ -79,11 +79,11 @@ in {
config.networking.fqdn config.networking.fqdn
"smb.${domain}" "smb.${domain}"
] ]
(mkIf system.network.networks.local.enable or false [ (mkIf systemConfig.network.networks.local.enable or false [
"smb.local.${domain}" "smb.local.${domain}"
access.hostnameForNetwork.local access.hostnameForNetwork.local
]) ])
(mkIf system.network.networks.int.enable or false [ (mkIf systemConfig.network.networks.int.enable or false [
"smb.int.${domain}" "smb.int.${domain}"
access.hostnameForNetwork.int access.hostnameForNetwork.int
]) ])

2
nixos/wake-chen.nix
View file

@ -7,7 +7,7 @@
}: let }: let
inherit (gensokyo-zone.lib) mapOptionDefaults; inherit (gensokyo-zone.lib) mapOptionDefaults;
inherit (lib.meta) getExe; inherit (lib.meta) getExe;
chen = gensokyo-zone.systems.chen.config; inherit (gensokyo-zone.systems) chen;
service = "wake-chen"; service = "wake-chen";
in { in {
systemd.services.${service} = { systemd.services.${service} = {

6
packages/default.nix
View file

@ -21,9 +21,9 @@
NF_NIX_WHITELIST_FILES=(${string.concatMapSep " " string.escapeShellArg fmt.nix.whitelist}) NF_NIX_WHITELIST_FILES=(${string.concatMapSep " " string.escapeShellArg fmt.nix.whitelist})
''; '';
exportsSystems = let exportsSystems = let
inherit (inputs.self.lib) systems; inherit (inputs.self.lib.gensokyo-zone) systems;
nixosSystems = set.filter (_: system: system.config.ci.enable) systems; nixosSystems = set.filter (_: system: system.ci.enable) systems;
warnSystems = set.filter (_: system: system.config.ci.allowFailure) nixosSystems; warnSystems = set.filter (_: system: system.ci.allowFailure) nixosSystems;
toSystems = systems: string.concatMapSep " " string.escapeShellArg (set.keys systems); toSystems = systems: string.concatMapSep " " string.escapeShellArg (set.keys systems);
in '' in ''
NF_NIX_SYSTEMS=(${toSystems nixosSystems}) NF_NIX_SYSTEMS=(${toSystems nixosSystems})