gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Apparently, depot could be stopped. Who knew?

Browse source
This commit is contained in:
kat witch 2021-08-18 02:25:15 +01:00
parent c3fe9a355e
commit b383c70492
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
196 changed files with 21 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

15
config/modules/home/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ sources, ... }:
{
disabledModules = [ "programs/vim.nix" ];
imports = [
(import (sources.arcexprs + "/modules")).home-manager
(import (sources.katexprs + "/modules")).home
./vim.nix
./fvwm.nix
./deploy.nix
./theme.nix
./secrets.nix
(sources.tf-nix + "/modules/home/secrets.nix")
];
}

39
config/modules/home/deploy.nix Normal file
View file

@ -0,0 +1,39 @@
{ config, lib, ... }:
/*
This module:
* Provides in-scope TF config for home-manager.
*/
with lib;
let
cfg = config.deploy.tf;
unmergedValues = types.mkOptionType {
name = "unmergedValues";
merge = loc: defs: map (def: def.value) defs;
};
in
{
options.deploy.tf = mkOption {
type = types.submodule {
freeformType = types.attrsOf unmergedValues;
options = {
attrs = mkOption {
type = types.listOf types.str;
default = [ ];
};
out.set = mkOption { type = types.unspecified; };
};
};
};
config = {
deploy.tf = {
attrs = [ "out" "attrs" ];
out.set = removeAttrs cfg cfg.attrs;
};
};
}

9
config/modules/home/fvwm.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, lib, ... }:
with lib;
{
options.programs.fvwm = {
enable = mkEnableOption "Enable FVWM";
};
}

15
config/modules/home/secrets.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, lib, ... }:
with lib;
{
options.kw = {
secrets = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
};
};
config = mkIf (config.kw.secrets != null) {
deploy.tf.variables = genAttrs config.kw.secrets (n: { externalSecret = true; });
};
}

32
config/modules/home/theme.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, lib, ... }:
/*
This module:
* provides a central way to change the font my system uses.
*/
with lib;
let cfg = config.kw; in {
options.kw = {
wallpapers = mkOption {
type = types.nullOr (types.listOf types.path);
default = [ ../../users/kat/sway/wallpapers/left.jpg ../../users/kat/sway/wallpapers/main.png ../../users/kat/sway/wallpapers/right.jpg ];
};
font = {
name = mkOption {
type = types.str;
default = "Cozette";
};
size = mkOption {
type = types.float;
default = 9.0;
};
size_css = mkOption {
type = types.str;
default = "${toString (cfg.font.size + 3)}px";
};
};
};
}

201
config/modules/home/vim.nix Normal file
View file

@ -0,0 +1,201 @@
{ config, lib, pkgs, ... }:
/*
This module:
* is from an unmerged PR from home-manager.
See: https://github.com/nix-community/home-manager/pull/1745
*/
with lib;
let
cfg = config.programs.vim;
defaultPlugins = [ pkgs.vimPlugins.vim-sensible ];
knownSettings = {
background = types.enum [ "dark" "light" ];
backupdir = types.listOf types.str;
copyindent = types.bool;
directory = types.listOf types.str;
expandtab = types.bool;
hidden = types.bool;
history = types.int;
ignorecase = types.bool;
modeline = types.bool;
mouse = types.enum [ "n" "v" "i" "c" "h" "a" "r" ];
mousefocus = types.bool;
mousehide = types.bool;
mousemodel = types.enum [ "extend" "popup" "popup_setpos" ];
number = types.bool;
relativenumber = types.bool;
shiftwidth = types.int;
smartcase = types.bool;
tabstop = types.int;
undodir = types.listOf types.str;
undofile = types.bool;
};
vimSettingsType = types.submodule {
options =
let
opt = name: type:
mkOption {
type = types.nullOr type;
default = null;
visible = false;
};
in
mapAttrs opt knownSettings;
};
setExpr = name: value:
let
v =
if isBool value then
(if value then "" else "no") + name
else
"${name}=${
if isList value then concatStringsSep "," value else toString value
}";
in
optionalString (value != null) ("set " + v);
plugins =
let
vpkgs = pkgs.vimPlugins;
getPkg = p:
if isDerivation p then
[ p ]
else
optional (isString p && hasAttr p vpkgs) vpkgs.${p};
in
concatMap getPkg cfg.plugins;
in
{
options = {
programs.vim = {
enable = mkEnableOption "Vim";
package = mkOption {
type = types.package;
default = pkgs.vim_configurable;
defaultText = literalExample "pkgs.vim_configurable";
description = "The package to use for the vim binary.";
};
finalPackage = mkOption {
type = types.package;
visible = false;
readOnly = true;
description = "Resulting customized vim package.";
};
plugins = mkOption {
type = with types; listOf (either str package);
default = defaultPlugins;
example = literalExample "[ pkgs.vimPlugins.YankRing ]";
description = ''
List of vim plugins to install. To get a list of supported plugins run:
<command>nix-env -f '&lt;nixpkgs&gt;' -qaP -A vimPlugins</command>.
</para><para>
Note: String values are deprecated, please use actual packages.
'';
};
settings = mkOption {
type = vimSettingsType;
default = { };
example = literalExample ''
{
expandtab = true;
history = 1000;
background = "dark";
}
'';
description = ''
At attribute set of Vim settings. The attribute names and
corresponding values must be among the following supported
options.
<informaltable frame="none"><tgroup cols="1"><tbody>
${concatStringsSep "\n" (mapAttrsToList (n: v: ''
<row>
<entry><varname>${n}</varname></entry>
<entry>${v.description}</entry>
</row>
'') knownSettings)}
</tbody></tgroup></informaltable>
See the Vim documentation for detailed descriptions of these
options. Note, use <varname>extraConfig</varname> to
manually set any options not listed above.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
set nocompatible
set nobackup
'';
description = "Custom .vimrc lines";
};
};
};
config = (
let
customRC = ''
${concatStringsSep "\n" (filter (v: v != "") (mapAttrsToList setExpr
(builtins.intersectAttrs knownSettings cfg.settings)))}
${cfg.extraConfig}
'';
vim = cfg.package.customize {
name = "vim";
vimrcConfig = {
inherit customRC;
packages.home-manager.start = plugins;
};
};
in
mkIf cfg.enable {
assertions =
let
packagesNotFound =
filter (p: isString p && (!hasAttr p pkgs.vimPlugins)) cfg.plugins;
in
[{
assertion = packagesNotFound == [ ];
message = "Following VIM plugin not found in pkgs.vimPlugins: ${
concatMapStringsSep ", " (p: ''"${p}"'') packagesNotFound
}";
}];
warnings =
let stringPlugins = filter isString cfg.plugins;
in
optional (stringPlugins != [ ]) ''
Specifying VIM plugins using strings is deprecated, found ${
concatMapStringsSep ", " (p: ''"${p}"'') stringPlugins
} as strings.
'';
home.packages = [ cfg.finalPackage ];
programs.vim = {
finalPackage = vim;
plugins = defaultPlugins;
};
}
);
}

9
config/modules/meta/default.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
imports = [
./imports.nix
./deploy.nix
./network.nix
];
}

122
config/modules/meta/deploy.nix Normal file
View file

@ -0,0 +1,122 @@
{ sources, config, pkgs, lib, ... }:
/*
This module:
* makes tf-nix a part of the meta config
* handles the trusted import for tf-nix
* provides the target interface
* imports the per-host TF config for each target
*/
with lib;
let
cfg = config.deploy;
meta = config;
tfModule = { lib, ... }: with lib; {
config._module.args = {
pkgs = mkDefault pkgs;
};
};
tfType = types.submoduleWith {
modules = [
tfModule
"${toString sources.tf-nix}/modules"
./secrets.nix
];
};
in {
imports = [
(toString (sources.tf-nix + "/modules/run.nix"))
] ++ (optional (builtins.pathExists ../../trusted/tf/tf.nix) (../../trusted/tf/tf.nix));
options = {
deploy = {
dataDir = mkOption {
type = types.path;
};
local = {
isRoot = mkOption {
type = types.bool;
default = builtins.getEnv "HOME_UID" == "0";
};
hostName = mkOption {
type = types.nullOr types.str;
default = let
hostName = builtins.getEnv "HOME_HOSTNAME";
in if hostName == "" then null else hostName;
};
};
targets = let
type = types.submodule ({ config, name, ... }: {
options = {
enable = mkEnableOption "Enable the target" // { default = true; };
name = mkOption {
type = types.str;
default = name;
};
nodeNames = mkOption {
type = types.listOf types.str;
default = [ ];
};
tf = mkOption {
type = tfType;
default = { };
};
};
config.tf = mkMerge (singleton {
imports = [
../../targets/common
];
deps = {
select.allProviders = true;
enable = true;
};
terraform = {
version = "1.0";
logPath = cfg.dataDir + "/terraform-${config.name}.log";
dataDir = cfg.dataDir + "/tfdata/${config.name}";
environment.TF_CLI_ARGS_apply = "-backup=-";
environment.TF_CLI_ARGS_taint = "-backup=-";
};
state = {
file = cfg.dataDir + "/terraform-${config.name}.tfstate";
};
runners = {
lazy = {
inherit (meta.runners.lazy) file args;
attrPrefix = "deploy.targets.${name}.tf.runners.run.";
};
run = {
apply.name = "${name}-apply";
terraform.name = "${name}-tf";
};
};
continue.envVar = "TF_NIX_CONTINUE_${replaceStrings [ "-" ] [ "_" ] config.name}";
} ++ map (nodeName: mapAttrs (_: mkMerge) meta.network.nodes.${nodeName}.deploy.tf.out.set) config.nodeNames);
});
in mkOption {
type = types.attrsOf type;
default = { };
};
};
};
config = {
deploy.targets = let
nodeNames = attrNames config.network.nodes;
targets = config.deploy.targets;
explicitlyDefinedHosts = concatLists (mapAttrsToList (targetName: target: remove targetName target.nodeNames) config.deploy.targets);
in genAttrs nodeNames ( nodeName: {
enable = mkDefault (! elem nodeName explicitlyDefinedHosts);
nodeNames = singleton nodeName;
});
runners = {
run = mkMerge (mapAttrsToList (targetName: target: mapAttrs' (k: run:
nameValuePair run.name run.set
) target.tf.runners.run) (filterAttrs (_: v: v.enable) cfg.targets));
lazy.run = mkMerge (mapAttrsToList (targetName: target: mapAttrs' (k: run:
nameValuePair run.name run.set
) target.tf.runners.lazy.run) (filterAttrs (_: v: v.enable) cfg.targets));
};
};
}

41
config/modules/meta/imports.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, lib, profiles, root, ... }:
with lib;
{
options = {
lib = mkOption {
type = types.attrsOf (types.attrsOf types.unspecified);
};
network.importing = {
nixosImports = mkOption {
type = types.listOf types.str;
};
homeImports = mkOption {
type = types.listOf types.str;
};
users = mkOption {
type = types.listOf types.str;
};
};
};
config = {
network.importing = {
nixosImports = mkDefault (map (path: toString path) [
(root + "/config/hosts/HN/nixos.nix")
(root + "/config/trusted/hosts/HN/nixos.nix")
]);
homeImports = mkDefault (map (path: toString path) [
(root + "/config/hosts/HN/home.nix")
(root + "/config/trusted/hosts/HN/home.nix")
]);
users = mkDefault (singleton "kat");
};
lib.kw.nodeImport = hostName: lib.nodeImport {
inherit (config.network.importing) nixosImports homeImports users;
inherit profiles hostName;
};
_module.args = { inherit (config.lib) kw; };
};
}

66
config/modules/meta/network.nix Normal file
View file

@ -0,0 +1,66 @@
{ pkgs, sources, lib, meta, config, ... }:
/*
This module:
* Makes hosts nixosModules.
* Manages module imports and specialArgs.
* Builds network.nodes.
*/
with lib;
{
options.network = {
nixos = {
extraModules = mkOption {
type = types.listOf types.unspecified;
default = [ ];
};
specialArgs = mkOption {
type = types.attrsOf types.unspecified;
default = { };
};
modulesPath = mkOption {
type = types.path;
default = toString (pkgs.path + "/nixos/modules");
};
};
nodes = let
nixosModule = { name, config, meta, modulesPath, lib, ... }: with lib; {
config = {
nixpkgs = {
system = mkDefault pkgs.system;
pkgs = mkDefault pkgs;
};
};
};
nixosType = let
baseModules = import (config.network.nixos.modulesPath + "/module-list.nix");
in types.submoduleWith {
modules = baseModules
++ singleton nixosModule
++ config.network.nixos.extraModules;
specialArgs = {
inherit baseModules;
inherit (config.network.nixos) modulesPath;
} // config.network.nixos.specialArgs;
};
in mkOption {
type = types.attrsOf nixosType;
default = { };
};
};
config.network = {
nixos = {
extraModules = [
"${toString sources.home-manager}/nixos"
../../modules/nixos
];
specialArgs = {
inherit (config.network) nodes;
inherit sources meta;
};
};
};
}

30
config/modules/meta/secrets.nix Normal file
View file

@ -0,0 +1,30 @@
{ config, lib, ... }:
with lib;
{
options = let tf = config; in {
variables = mkOption {
type = types.attrsOf (types.submodule ({ name, config, ... }: {
options.externalSecret = mkEnableOption "Is ths secret to be templated into a command provided?";
config = mkIf config.externalSecret {
type = "string";
value.shellCommand = "${tf.commandPrefix} ${tf.folderPrefix}${tf.folderDivider}${escapeShellArg name}";
sensitive = true;
};
}));
};
commandPrefix = mkOption {
type = types.nullOr types.str;
default = null;
};
folderPrefix = mkOption {
type = types.str;
default = "";
};
folderDivider = mkOption {
type = types.str;
default = "";
};
};
}

25
config/modules/nixos/default.nix Normal file
View file

@ -0,0 +1,25 @@
{ meta, sources, lib, ... }:
{
imports =
[
(import (sources.arcexprs + "/modules")).nixos
(import (sources.katexprs + "/modules")).nixos
./deploy.nix
./dyndns.nix
./secrets.nix
(sources.tf-nix + "/modules/nixos/secrets.nix")
(sources.tf-nix + "/modules/nixos/secrets-users.nix")
(sources.hexchen + "/modules/network/yggdrasil")
];
options.hexchen.dns = lib.mkOption { };
options.hexchen.deploy = lib.mkOption { };
/*
This maps hosts to network.nodes from the meta config. This is required for hexchen's yggdrasil network module.
*/
config = {
_module.args.hosts = lib.mapAttrs (_: config: { inherit config; } ) meta.network.nodes;
};
}

83
config/modules/nixos/deploy.nix Normal file
View file

@ -0,0 +1,83 @@
{ tf, target, name, meta, config, lib, ... }:
/*
This module:
* aliases <hostname>.system.build.toplevel to <hostname>.deploy.system for ease of use.
* marries meta config to NixOS configs for each host.
* provides in-scope TF config in NixOS and home-manager, instead of only as a part of meta config.
*/
with lib;
let
cfg = config.deploy;
unmergedValues = types.mkOptionType {
name = "unmergedValues";
merge = loc: defs: map (def: def.value) defs;
};
in
{
options.deploy = {
targetName = mkOption {
type = types.nullOr types.str;
default = null;
};
system = mkOption {
type = types.unspecified;
readOnly = true;
};
};
options.deploy.tf = mkOption {
type = types.submodule {
freeformType = types.attrsOf unmergedValues;
options = {
import = mkOption {
type = types.attrsOf types.unspecified;
default = [ ];
};
imports = mkOption {
type = types.listOf types.str;
description = "Other targets to depend on";
default = [ ];
};
attrs = mkOption {
type = types.listOf types.str;
default = [ ];
};
out.set = mkOption { type = types.unspecified; };
};
};
};
config = {
deploy = {
system = config.system.build.toplevel;
targetName = let targetsList = attrNames ( filterAttrs (_: target: target.enable && elem name target.nodeNames) meta.deploy.targets ); in
if (builtins.length targetsList == 0) then null
else lib.warnIf (builtins.length targetsList > 1) "The host ${name} is assigned to several targets: ${concatMapStrings (x: "${x},") targetsList}." (head targetsList);
};
deploy.tf = mkMerge (singleton (lib.mkIf (config.deploy.targetName != null) {
attrs = [ "import" "imports" "out" "attrs" ];
import = genAttrs cfg.tf.imports (target: meta.deploy.targets.${target}.tf);
out.set = removeAttrs cfg.tf cfg.tf.attrs;
deploy.systems.${config.networking.hostName} =
with tf.resources; {
isRemote =
(config.networking.hostName != builtins.getEnv "HOME_HOSTNAME");
nixosConfig = config;
connection = tf.resources.${config.networking.hostName}.connection.set;
triggers.copy.${config.networking.hostName} =
tf.resources.${config.networking.hostName}.refAttr "id";
triggers.secrets.${config.networking.hostName} =
tf.resources.${config.networking.hostName}.refAttr "id";
};
}) ++ mapAttrsToList
(_: user:
mapAttrs (_: mkMerge) user.deploy.tf.out.set)
config.home-manager.users);
_module.args.target = mapNullable (targetName: meta.deploy.targets.${targetName}) cfg.targetName;
_module.args.tf = mapNullable (target: target.tf) target;
};
}

54
config/modules/nixos/dyndns.nix Normal file
View file

@ -0,0 +1,54 @@
{ config, pkgs, lib, tf, ... }:
with lib;
{
options = {
network.dns.dynamic = mkEnableOption "Enable Glauca Dynamic DNS Updater";
};
config = mkIf (config.network.dns.dynamic) {
kw.secrets = [
"hexdns-key"
"hexdns-secret"
"hexdns-host"
];
secrets.files.kat-glauca-dns = {
text = ''
user="${tf.variables.hexdns-key.ref}"
pass="${tf.variables.hexdns-secret.ref}"
hostname="${tf.variables.hexdns-host.ref}"
'';
};
systemd.services.kat-glauca-dns =
let updater = pkgs.writeShellScriptBin "glauca-dyndns" ''
#!/usr/bin/env bash
set -eu
ip4=$(${pkgs.curl}/bin/curl -s --ipv4 https://dns.glauca.digital/checkip)
ip6=$(${pkgs.curl}/bin/curl -s --ipv6 https://dns.glauca.digital/checkip)
source $passFile
echo "$ip4, $ip6"
${pkgs.curl}/bin/curl -u ''${user}:''${pass} --data-urlencode "hostname=''${hostname}" --data-urlencode "myip=''${ip4}" "https://dns.glauca.digital/nic/update"
echo ""
${pkgs.curl}/bin/curl -u ''${user}:''${pass} --data-urlencode "hostname=''${hostname}" --data-urlencode "myip=''${ip6}" "https://dns.glauca.digital/nic/update"
''; in {
serviceConfig = {
ExecStart = "${updater}/bin/glauca-dyndns";
};
environment = { passFile = config.secrets.files.kat-glauca-dns.path; };
wantedBy = [ "default.target" ];
};
systemd.timers.kat-glauca-dns = {
timerConfig = {
Unit = "kat-glauca-dns.service";
OnBootSec = "5m";
OnUnitActiveSec = "1h";
};
wantedBy = [ "default.target" ];
};
};
}

15
config/modules/nixos/secrets.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, lib, ... }:
with lib;
{
options.kw = {
secrets = mkOption {
type = types.nullOr (types.listOf types.str);
default = null;
};
};
config = mkIf (config.kw.secrets != null) {
deploy.tf.variables = genAttrs config.kw.secrets (n: { externalSecret = true; });
};
}