diff --git a/modules/home/disables.nix b/modules/home/disables.nix deleted file mode 100644 index 23f65dde..00000000 --- a/modules/home/disables.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: { - disabledModules = [ - ]; -} diff --git a/modules/nixos/bird.nix b/modules/nixos/bird.nix deleted file mode 100644 index f77cf902..00000000 --- a/modules/nixos/bird.nix +++ /dev/null @@ -1,176 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - bcfg = config.network.bird; - cfg = config.network.bird.ospf; -in -{ - options.network.bird = { - routerId = mkOption { - type = types.nullOr types.str; - default = null; - description = "Router ID to use. Must be an IPv4 address."; - }; - kernel4Config = mkOption { - type = types.lines; - default = '' - ipv4 { - import none; - export filter { - if source = RTS_STATIC then reject; - accept; - }; - }; - scan time 15; - ''; - }; - kernel6Config = mkOption { - type = types.lines; - default = '' - ipv6 { - import none; - export filter { - if source = RTS_STATIC then reject; - accept; - }; - }; - scan time 15; - ''; - }; - staticRoutes4 = mkOption { - type = types.listOf types.str; - default = [ ]; - }; - extraStatic4 = mkOption { - type = types.lines; - default = ""; - }; - staticRoutes6 = mkOption { - type = types.listOf types.str; - default = [ ]; - }; - extraStatic6 = mkOption { - type = types.lines; - default = ""; - }; - }; - options.network.bird.ospf = { - enable = mkEnableOption "OSPF-based network routing"; - protocols = mkOption { - default = { }; - type = types.attrsOf (types.submodule { - options = { - version = mkOption { type = types.enum [ 2 3 ]; default = 2; }; - extra = mkOption { type = types.lines; default = ""; }; - areas = mkOption { - description = "areas to configure in bird"; - default = { }; - type = types.attrsOf (types.submodule { - options = { - extra = mkOption { type = types.lines; default = ""; }; - networks = mkOption { - description = "Definition of area IP ranges. This is used in summary LSA origination."; - type = types.listOf types.str; - default = [ ]; - }; - external = mkOption { - description = "Definition of external area IP ranges for NSSAs. This is used for NSSA-LSA translation."; - type = types.listOf types.str; - default = [ ]; - }; - interfaces = mkOption { - description = "Interfaces to assign to the area"; - type = types.attrsOf (types.submodule { - options = { - cost = mkOption { type = types.int; default = 10; }; - poll = mkOption { type = types.int; default = 20; }; - retransmit = mkOption { type = types.int; default = 5; }; - priority = mkOption { type = types.int; default = 1; }; - deadCount = mkOption { type = types.int; default = 4; }; - type = mkOption { - type = types.enum [ - null - "broadcast" - "bcast" - "pointopoint" - "ptp" - "nonbroadcast" - "nbma" - "pointomultipoint" - "ptmp" - ]; - default = null; - }; - extra = mkOption { type = types.lines; default = ""; }; - }; - }); - }; - }; - }); - }; - }; - }); - }; - }; - - config = mkIf cfg.enable { - services.bird2 = { - enable = true; - config = '' - ${optionalString (bcfg.routerId != null) "router id ${bcfg.routerId};"} - - protocol device { - scan time 10; - } - - protocol kernel kernel4 { - ${bcfg.kernel4Config} - } - protocol kernel kernel6 { - ${bcfg.kernel6Config} - } - - protocol static static4 { - ipv4 { import all; export none; }; - ${concatMapStringsSep "\n" (x: "route ${x};") bcfg.staticRoutes4} - ${bcfg.extraStatic4} - } - protocol static static6 { - ipv6 { import all; export none; }; - ${concatMapStringsSep "\n" (x: "route ${x};") bcfg.staticRoutes6} - ${bcfg.extraStatic6} - } - - ${concatStringsSep "\n" (mapAttrsToList (protoName: proto: '' - protocol ospf v${toString proto.version} ${protoName} { - ${concatStringsSep "\n" (mapAttrsToList (areaName: area: '' - area ${areaName} { - ${optionalString - (area.networks != []) - "networks { ${concatStringsSep "\n" (map (x: "${x};") area.networks)} };"} - ${optionalString - (area.external != []) - "external { ${concatStringsSep "\n" (map (x: "${x};") area.external)} };"} - ${concatStringsSep "\n" (mapAttrsToList (ifacePattern: iface: '' - interface "${ifacePattern}" { - cost ${toString iface.cost}; - poll ${toString iface.poll}; - retransmit ${toString iface.retransmit}; - priority ${toString iface.priority}; - dead count ${toString iface.deadCount}; - ${optionalString (iface.type != null) "type ${iface.type};"} - ${iface.extra} - }; - '') area.interfaces)} - ${area.extra} - }; - '') proto.areas)} - ${proto.extra} - } - '') cfg.protocols)} - ''; - }; - }; -} diff --git a/modules/nixos/disables.nix b/modules/nixos/disables.nix deleted file mode 100644 index 78ca9f26..00000000 --- a/modules/nixos/disables.nix +++ /dev/null @@ -1,2 +0,0 @@ -{ inputs, ... }: { -} diff --git a/modules/nixos/secrets.nix b/modules/nixos/secrets.nix index cc35f80b..9e6b9a9f 100644 --- a/modules/nixos/secrets.nix +++ b/modules/nixos/secrets.nix @@ -3,46 +3,11 @@ with lib; let - secretType = types.submodule ({ name, ... }: { - options = { - path = mkOption { type = types.str; }; - field = mkOption { - type = types.str; - default = ""; - }; - }; - }); - repoSecretType = types.submodule ({ name, ... }: { - options = { - source = mkOption { - type = types.path; - }; - text = mkOption { - type = types.str; - }; - }; - }); mcfg = meta.kw.secrets; cfg = config.kw.secrets; in { - options.kw = { - secrets = { - variables = mkOption { - type = types.attrsOf secretType; - default = { }; - }; - repo = mkOption { - type = types.attrsOf repoSecretType; - default = { }; - }; - }; - }; - config = lib.mkMerge [ - { - kw.secrets.variables = lib.mkMerge (mapAttrsToList (username: user: user.kw.secrets.variables) config.home-manager.users); - } - (mkIf (cfg.variables != { }) { + config = mkIf (cfg.variables != { }) { deploy.tf.variables = mapAttrs' (name: content: nameValuePair name ({ @@ -52,6 +17,5 @@ in }) ) cfg.variables; - }) - ]; + }; } diff --git a/modules/system/secrets.nix b/modules/system/secrets.nix new file mode 100644 index 00000000..7ac3e7a3 --- /dev/null +++ b/modules/system/secrets.nix @@ -0,0 +1,44 @@ +{ config, lib, meta, ... }: + +with lib; + +let + secretType = types.submodule ({ name, ... }: { + options = { + path = mkOption { type = types.str; }; + field = mkOption { + type = types.str; + default = ""; + }; + }; + }); + repoSecretType = types.submodule ({ name, ... }: { + options = { + source = mkOption { + type = types.path; + }; + text = mkOption { + type = types.str; + }; + }; + }); + mcfg = meta.kw.secrets; + cfg = config.kw.secrets; +in +{ + options.kw = { + secrets = { + variables = mkOption { + type = types.attrsOf secretType; + default = { }; + }; + repo = mkOption { + type = types.attrsOf repoSecretType; + default = { }; + }; + }; + }; + config = { + kw.secrets.variables = lib.mkMerge (mapAttrsToList (username: user: user.kw.secrets.variables) config.home-manager.users); + }; +} diff --git a/nixos/base/secrets.nix b/nixos/base/tf.nix similarity index 51% rename from nixos/base/secrets.nix rename to nixos/base/tf.nix index 5e529deb..aff75d63 100644 --- a/nixos/base/secrets.nix +++ b/nixos/base/tf.nix @@ -1,8 +1,4 @@ -{ config, meta, inputs, lib, pkgs, ... }: - -{ - imports = lib.optional (meta.trusted ? secrets) meta.trusted.secrets; - +{ config, ... }: { secrets = { root = "/var/lib/kat/secrets"; persistentRoot = "/var/lib/kat/secrets";