about summary refs log tree commit diff
path: root/lib
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2024-03-31 21:29:27 +0300
committerAzat Bahawi <azat@bahawi.net>2024-03-31 21:29:27 +0300
commit9a5427e3a0c0ccf2a82dc503149a26b23fbd6004 (patch)
treef28beec29deeea36038615a8fb98a810891940b5 /lib
parent2024-03-19 (diff)
2024-03-31
Diffstat (limited to '')
-rw-r--r--lib/default.nix63
-rw-r--r--lib/dns.nix42
-rw-r--r--lib/my.nix526
3 files changed, 341 insertions, 290 deletions
diff --git a/lib/default.nix b/lib/default.nix
index 7fbaeec..ab4ca0d 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -3,44 +3,57 @@ lib: _: rec {
 
   dns = import ./dns.nix;
 
-  isEven = number:
+  isEven =
+    number:
     assert (builtins.isInt number) || (builtins.isFloat number);
-      builtins.div number 2 == 0;
+    builtins.div number 2 == 0;
 
   isOdd = !isEven;
 
-  pow = base: exponent:
+  pow =
+    base: exponent:
     assert (builtins.isInt base) && (builtins.isInt exponent);
     assert exponent > 0;
-      builtins.foldl' (x: _: x * base) 1 (builtins.genList (_: _) exponent);
+    builtins.foldl' (x: _: x * base) 1 (builtins.genList (_: _) exponent);
 
-  mapListToAttrs = f: attrs:
-    builtins.listToAttrs (map (name: {
-        name =
-          if builtins.isList name
-          then builtins.elemAt name (builtins.length name - 1)
-          else name;
+  mapListToAttrs =
+    f: attrs:
+    builtins.listToAttrs (
+      map (name: {
+        name = if builtins.isList name then builtins.elemAt name (builtins.length name - 1) else name;
         value = f name;
-      })
-      attrs);
+      }) attrs
+    );
 
-  mkTcpMem = min: ini: max:
+  mkTcpMem =
+    min: ini: max:
     assert min <= ini && ini <= max;
-      lib.concatMapStrings (x: toString x + " ") (map (pow 2) [min ini max]);
+    lib.concatMapStrings (x: toString x + " ") (
+      map (pow 2) [
+        min
+        ini
+        max
+      ]
+    );
 
   moduleFromRef = module: ref: sha256: {
-    disabledModules = [module];
+    disabledModules = [ module ];
     imports = [
-      (let
-        src = builtins.fetchTarball {
-          url = let
-            cons = lib.splitString ":" ref;
-            owner = lib.head cons;
-            branch = lib.last cons;
-          in "https://github.com/${owner}/nixpkgs/archive/refs/heads/${branch}.tar.gz";
-          inherit sha256;
-        };
-      in "${src}/nixos/modules/${module}")
+      (
+        let
+          src = builtins.fetchTarball {
+            url =
+              let
+                cons = lib.splitString ":" ref;
+                owner = lib.head cons;
+                branch = lib.last cons;
+              in
+              "https://github.com/${owner}/nixpkgs/archive/refs/heads/${branch}.tar.gz";
+            inherit sha256;
+          };
+        in
+        "${src}/nixos/modules/${module}"
+      )
     ];
   };
 }
diff --git a/lib/dns.nix b/lib/dns.nix
index 5e1d767..e1f6b7a 100644
--- a/lib/dns.nix
+++ b/lib/dns.nix
@@ -1,14 +1,44 @@
 {
   const = {
     quad9 = {
-      default = ["9.9.9.9" "149.112.112.112" "2620:fe::fe" "2620:fe::9"];
-      unsecured = ["9.9.9.10" "149.112.112.10" "2620:fe::10" "2620:fe::fe:10"];
-      ecs = ["9.9.9.11" "149.112.112.11" "2620:fe::11" "2620:fe::fe:11"];
+      default = [
+        "9.9.9.9"
+        "149.112.112.112"
+        "2620:fe::fe"
+        "2620:fe::9"
+      ];
+      unsecured = [
+        "9.9.9.10"
+        "149.112.112.10"
+        "2620:fe::10"
+        "2620:fe::fe:10"
+      ];
+      ecs = [
+        "9.9.9.11"
+        "149.112.112.11"
+        "2620:fe::11"
+        "2620:fe::fe:11"
+      ];
     };
     cloudflare = {
-      default = ["1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001"];
-      blocking = ["1.1.1.2" "1.0.0.2" "2606:4700:4700::1112" "2606:4700:4700::1002"];
-      blockingPlus = ["1.1.1.3" "1.0.0.3" "2606:4700:4700::1113" "2606:4700:4700::1003"];
+      default = [
+        "1.1.1.1"
+        "1.0.0.1"
+        "2606:4700:4700::1111"
+        "2606:4700:4700::1001"
+      ];
+      blocking = [
+        "1.1.1.2"
+        "1.0.0.2"
+        "2606:4700:4700::1112"
+        "2606:4700:4700::1002"
+      ];
+      blockingPlus = [
+        "1.1.1.3"
+        "1.0.0.3"
+        "2606:4700:4700::1113"
+        "2606:4700:4700::1003"
+      ];
     };
   };
 }
diff --git a/lib/my.nix b/lib/my.nix
index 1044211..391d0ee 100644
--- a/lib/my.nix
+++ b/lib/my.nix
@@ -1,289 +1,297 @@
 lib:
 with lib;
-  (evalModules {
-    modules = [
-      {
-        options.configurations = mkOption {
-          description = "My configurations.";
-          type = with types;
-            attrsOf (submodule ({name, ...}: {
-              freeformType = attrs;
-              options = let
-                mkConfigurationTypeOption = type:
-                  mkOption {
-                    description = "Whether the machine's functional type is a ${type} one.";
-                    type = bool;
-                    default = false;
-                  };
-              in {
-                hostname = mkOption {
-                  description = "The machine's hostname.";
-                  type = str;
-                  default = name;
-                  readOnly = true;
-                };
+(evalModules {
+  modules = [
+    {
+      options.configurations = mkOption {
+        description = "My configurations.";
+        type =
+          with types;
+          attrsOf (
+            submodule (
+              { name, ... }:
+              {
+                freeformType = attrs;
+                options =
+                  let
+                    mkConfigurationTypeOption =
+                      type:
+                      mkOption {
+                        description = "Whether the machine's functional type is a ${type} one.";
+                        type = bool;
+                        default = false;
+                      };
+                  in
+                  {
+                    hostname = mkOption {
+                      description = "The machine's hostname.";
+                      type = str;
+                      default = name;
+                      readOnly = true;
+                    };
 
-                system = mkOption {
-                  description = "The machine's system.";
-                  type = nullOr (enum platforms.all);
-                  default = null;
-                };
+                    system = mkOption {
+                      description = "The machine's system.";
+                      type = nullOr (enum platforms.all);
+                      default = null;
+                    };
 
-                isHeadless = mkConfigurationTypeOption "headless";
-                isHeadful = mkConfigurationTypeOption "headful";
-                isOther = mkConfigurationTypeOption "other";
+                    isHeadless = mkConfigurationTypeOption "headless";
+                    isHeadful = mkConfigurationTypeOption "headful";
+                    isOther = mkConfigurationTypeOption "other";
 
-                ipv4 = {
-                  address = mkOption {
-                    description = "The machine's public IPv4 address.";
-                    type = nullOr str;
-                    default = null;
-                  };
-                  prefixLength = mkOption {
-                    description = "The machine's public IPv4 prefix length.";
-                    type = nullOr int;
-                    default = null;
-                  };
-                  gatewayAddress = mkOption {
-                    description = "The machine's public IPv4 gateway address.";
-                    type = nullOr str;
-                    default = null;
-                  };
-                };
-                ipv6 = {
-                  address = mkOption {
-                    description = "The machine's public IPv6 address.";
-                    type = nullOr str;
-                    default = null;
-                  };
-                  prefixLength = mkOption {
-                    description = "The machine's public IPv6 prefix length.";
-                    type = nullOr int;
-                    default = null;
-                  };
-                  gatewayAddress = mkOption {
-                    description = "The machine's public IPv6 gateway address.";
-                    type = nullOr str;
-                    default = null;
-                  };
-                };
+                    ipv4 = {
+                      address = mkOption {
+                        description = "The machine's public IPv4 address.";
+                        type = nullOr str;
+                        default = null;
+                      };
+                      prefixLength = mkOption {
+                        description = "The machine's public IPv4 prefix length.";
+                        type = nullOr int;
+                        default = null;
+                      };
+                      gatewayAddress = mkOption {
+                        description = "The machine's public IPv4 gateway address.";
+                        type = nullOr str;
+                        default = null;
+                      };
+                    };
+                    ipv6 = {
+                      address = mkOption {
+                        description = "The machine's public IPv6 address.";
+                        type = nullOr str;
+                        default = null;
+                      };
+                      prefixLength = mkOption {
+                        description = "The machine's public IPv6 prefix length.";
+                        type = nullOr int;
+                        default = null;
+                      };
+                      gatewayAddress = mkOption {
+                        description = "The machine's public IPv6 gateway address.";
+                        type = nullOr str;
+                        default = null;
+                      };
+                    };
 
-                wireguard = {
-                  ipv4.address = mkOption {
-                    description = "The machine's internal IPv4 addresses.";
-                    type = nullOr str;
-                    default = null;
-                  };
-                  ipv6.address = mkOption {
-                    description = "The machine's internal IPv6 addresses.";
-                    type = nullOr str;
-                    default = null;
-                  };
-                  publicKey = mkOption {
-                    description = "The machine's public key.";
-                    type = nullOr str;
-                    default = null;
+                    wireguard = {
+                      ipv4.address = mkOption {
+                        description = "The machine's internal IPv4 addresses.";
+                        type = nullOr str;
+                        default = null;
+                      };
+                      ipv6.address = mkOption {
+                        description = "The machine's internal IPv6 addresses.";
+                        type = nullOr str;
+                        default = null;
+                      };
+                      publicKey = mkOption {
+                        description = "The machine's public key.";
+                        type = nullOr str;
+                        default = null;
+                      };
+                    };
+
+                    # TODO Automate filling of this from the NSD service module.
+                    # Right now I need to copy domain definitions from there to here
+                    # manually.
+                    #
+                    # Something like taking `config.services.nsd.zones[$domain]` and
+                    # filtering for actual subdomains. We can remove this option
+                    # altogether then.
+                    domains = mkOption {
+                      description = "External domains that resolve to this address.";
+                      type = listOf str;
+                      default = [ ];
+                    };
+
+                    syncthing.id = mkOption {
+                      description = "Syncthing ID.";
+                      type = nullOr str;
+                      default = null;
+                    };
                   };
-                };
+              }
+            )
+          );
 
-                # TODO Automate filling of this from the NSD service module.
-                # Right now I need to copy domain definitions from there to here
-                # manually.
-                #
-                # Something like taking `config.services.nsd.zones[$domain]` and
-                # filtering for actual subdomains. We can remove this option
-                # altogether then.
-                domains = mkOption {
-                  description = "External domains that resolve to this address.";
-                  type = listOf str;
-                  default = [];
-                };
+        default = { };
+      };
 
-                syncthing.id = mkOption {
-                  description = "Syncthing ID.";
-                  type = nullOr str;
-                  default = null;
-                };
-              };
-            }));
+      config = {
+        _module.freeformType = types.attrs;
 
-          default = {};
+        fullname = "Azat Bahawi";
+        username = "azahi";
+        domain = {
+          azahi = "azahi.cc";
+          rohan = "rohan.net";
+          gondor = "gondor.net";
+          shire = "shire.net";
         };
+        email = "frodo@${my.domain.gondor}";
+        pgp = {
+          key = "@PGP_KEY@";
+          fingerprint = "@PGP_FINGERPRINT@";
+          grip = "@PGP_GRIP@";
+        };
+        ssh = rec {
+          type = "ed25519";
+          id = my.email;
+          key = "ssh-${type} @PUBLIC_KEY@ ${id}";
+        };
+        hashedPassword = "@HASHED_PASSWORD@";
 
-        config = {
-          _module.freeformType = types.attrs;
-
-          fullname = "Azat Bahawi";
-          username = "azahi";
-          domain = {
-            azahi = "azahi.cc";
-            rohan = "rohan.net";
-            gondor = "gondor.net";
-            shire = "shire.net";
-          };
-          email = "frodo@${my.domain.gondor}";
-          pgp = {
-            key = "@PGP_KEY@";
-            fingerprint = "@PGP_FINGERPRINT@";
-            grip = "@PGP_GRIP@";
-          };
-          ssh = rec {
-            type = "ed25519";
-            id = my.email;
-            key = "ssh-${type} @PUBLIC_KEY@ ${id}";
+        configurations = {
+          # VPS in Germany.
+          manwe = {
+            system = "x86_64-linux";
+            isHeadless = true;
+            ipv4 = {
+              gatewayAddress = "@IPV4_ADDRESS@";
+              address = "@IPV4_ADDRESS@";
+              prefixLength = 22;
+            };
+            ipv6 = {
+              gatewayAddress = "@IPV6_ADDRESS@";
+              address = "@IPV6_ADDRESS@]";
+              prefixLength = 64;
+            };
+            wireguard = {
+              ipv4.address = "10.69.0.1";
+              ipv6.address = "fd69::0:1";
+              publicKey = "@PUBLIC_KEY@";
+            };
+            domains = with my.domain; [
+              "alertmanager.${shire}"
+              "frodo.${rohan}"
+              "frodo.${gondor}"
+              "bitwarden.${shire}"
+              "git.${azahi}"
+              "git.${shire}"
+              "grafana.${shire}"
+              "loki.${shire}"
+              "ntfy.${shire}"
+              "plausible.${shire}"
+              "prometheus.${shire}"
+              "radicale.${shire}"
+              "rss-bridge.${shire}"
+              "start.local"
+              "vaultwarden.${shire}"
+              azahi
+              rohan
+              gondor
+              shire
+            ];
           };
-          hashedPassword = "@HASHED_PASSWORD@";
 
-          configurations = {
-            # VPS in Germany.
-            manwe = {
-              system = "x86_64-linux";
-              isHeadless = true;
-              ipv4 = {
-                gatewayAddress = "@IPV4_ADDRESS@";
-                address = "@IPV4_ADDRESS@";
-                prefixLength = 22;
-              };
-              ipv6 = {
-                gatewayAddress = "@IPV6_ADDRESS@";
-                address = "@IPV6_ADDRESS@]";
-                prefixLength = 64;
-              };
-              wireguard = {
-                ipv4.address = "10.69.0.1";
-                ipv6.address = "fd69::0:1";
-                publicKey = "@PUBLIC_KEY@";
-              };
-              domains = with my.domain; [
-                "alertmanager.${shire}"
-                "frodo.${rohan}"
-                "frodo.${gondor}"
-                "bitwarden.${shire}"
-                "git.${azahi}"
-                "git.${shire}"
-                "grafana.${shire}"
-                "loki.${shire}"
-                "ntfy.${shire}"
-                "plausible.${shire}"
-                "prometheus.${shire}"
-                "radicale.${shire}"
-                "rss-bridge.${shire}"
-                "start.local"
-                "vaultwarden.${shire}"
-                azahi
-                rohan
-                gondor
-                shire
-              ];
+          # VPS in Germany.
+          varda = {
+            system = "x86_64-linux";
+            isHeadless = true;
+            ipv4 = {
+              gatewayAddress = "@IPV4_ADDRESS@";
+              address = "@IPV4_ADDRESS@";
+              prefixLength = 22;
             };
-
-            # VPS in Germany.
-            varda = {
-              system = "x86_64-linux";
-              isHeadless = true;
-              ipv4 = {
-                gatewayAddress = "@IPV4_ADDRESS@";
-                address = "@IPV4_ADDRESS@";
-                prefixLength = 22;
-              };
-              ipv6 = {
-                gatewayAddress = "@IPV6_ADDRESS@";
-                address = "@IPV6_ADDRESS@";
-                prefixLength = 64;
-              };
-              wireguard = {
-                ipv4.address = "10.69.1.1";
-                ipv6.address = "fd69::1:1";
-                publicKey = "@PUBLIC_KEY@";
-              };
+            ipv6 = {
+              gatewayAddress = "@IPV6_ADDRESS@";
+              address = "@IPV6_ADDRESS@";
+              prefixLength = 64;
+            };
+            wireguard = {
+              ipv4.address = "10.69.1.1";
+              ipv6.address = "fd69::1:1";
+              publicKey = "@PUBLIC_KEY@";
             };
+          };
 
-            # VPS in France.
-            yavanna = {
-              system = "x86_64-linux";
-              isHeadless = true;
-              ipv4 = {
-                gatewayAddress = "@IPV4_ADDRESS@";
-                address = "@IPV4_ADDRESS@";
-                prefixLength = 24;
-              };
-              ipv6 = {
-                gatewayAddress = "@IPV6_ADDRESS@";
-                address = "@IPV6_ADDRESS@";
-                prefixLength = 128;
-              };
-              wireguard = {
-                ipv4.address = "10.69.1.2";
-                ipv6.address = "fd69::1:2";
-                publicKey = "@PUBLIC_KEY@";
-              };
-              domains = with my.domain; [
-                "flood.${shire}"
-                "jackett.${shire}"
-                "lidarr.${shire}"
-              ];
-              syncthing.id = "@SYNCTHING_ID@";
+          # VPS in France.
+          yavanna = {
+            system = "x86_64-linux";
+            isHeadless = true;
+            ipv4 = {
+              gatewayAddress = "@IPV4_ADDRESS@";
+              address = "@IPV4_ADDRESS@";
+              prefixLength = 24;
             };
+            ipv6 = {
+              gatewayAddress = "@IPV6_ADDRESS@";
+              address = "@IPV6_ADDRESS@";
+              prefixLength = 128;
+            };
+            wireguard = {
+              ipv4.address = "10.69.1.2";
+              ipv6.address = "fd69::1:2";
+              publicKey = "@PUBLIC_KEY@";
+            };
+            domains = with my.domain; [
+              "flood.${shire}"
+              "jackett.${shire}"
+              "lidarr.${shire}"
+            ];
+            syncthing.id = "@SYNCTHING_ID@";
+          };
 
-            # A beefy desktop: 7950x/rx6750xt/128GB.
-            eonwe = {
-              system = "x86_64-linux";
-              isHeadful = true;
-              wireguard = {
-                ipv4.address = "10.69.3.1";
-                ipv6.address = "fd69::3:1";
-                publicKey = "@PUBLIC_KEY@";
-              };
-              syncthing.id = "@SYNCTHING_ID@";
+          # A beefy desktop: 7950x/rx6750xt/128GB.
+          eonwe = {
+            system = "x86_64-linux";
+            isHeadful = true;
+            wireguard = {
+              ipv4.address = "10.69.3.1";
+              ipv6.address = "fd69::3:1";
+              publicKey = "@PUBLIC_KEY@";
             };
+            syncthing.id = "@SYNCTHING_ID@";
+          };
 
-            # ThinkPad T480.
-            melian = {
-              system = "x86_64-linux";
-              isHeadful = true;
-              wireguard = {
-                ipv4.address = "10.69.4.1";
-                ipv6.address = "fd69::4:1";
-                publicKey = "@PUBLIC_KEY@";
-              };
-              syncthing.id = "@SYNCTHING_ID@";
+          # ThinkPad T480.
+          melian = {
+            system = "x86_64-linux";
+            isHeadful = true;
+            wireguard = {
+              ipv4.address = "10.69.4.1";
+              ipv6.address = "fd69::4:1";
+              publicKey = "@PUBLIC_KEY@";
             };
+            syncthing.id = "@SYNCTHING_ID@";
+          };
 
-            # Macbook Air M1.
-            mairon = {
-              system = "aarch64-darwin";
-              isHeadful = true;
-              wireguard = {
-                ipv4.address = "10.69.4.2";
-                ipv6.address = "fd69::4:2";
-                publicKey = "@PUBLIC_KEY@";
-              };
+          # Macbook Air M1.
+          mairon = {
+            system = "aarch64-darwin";
+            isHeadful = true;
+            wireguard = {
+              ipv4.address = "10.69.4.2";
+              ipv6.address = "fd69::4:2";
+              publicKey = "@PUBLIC_KEY@";
             };
+          };
 
-            # Google Pixel 4a w/ GrapheneOS.
-            gothmog = {
-              isOther = true;
-              wireguard = {
-                ipv4.address = "10.69.5.1";
-                ipv6.address = "fd69::5:1";
-                publicKey = "@PUBLIC_KEY@";
-              };
-              syncthing.id = "@SYNCTHING_ID@";
+          # Google Pixel 4a w/ GrapheneOS.
+          gothmog = {
+            isOther = true;
+            wireguard = {
+              ipv4.address = "10.69.5.1";
+              ipv6.address = "fd69::5:1";
+              publicKey = "@PUBLIC_KEY@";
             };
+            syncthing.id = "@SYNCTHING_ID@";
+          };
 
-            # Google Pixel 7a w/ GrapheneOS.
-            lungorthin = {
-              isOther = true;
-              wireguard = {
-                ipv4.address = "10.69.5.2";
-                ipv6.address = "fd69::5:2";
-                publicKey = "@PUBLIC_KEY@";
-              };
-              syncthing.id = "@SYNCTHING_ID@";
+          # Google Pixel 7a w/ GrapheneOS.
+          lungorthin = {
+            isOther = true;
+            wireguard = {
+              ipv4.address = "10.69.5.2";
+              ipv6.address = "fd69::5:2";
+              publicKey = "@PUBLIC_KEY@";
             };
+            syncthing.id = "@SYNCTHING_ID@";
           };
         };
-      }
-    ];
-  })
-  .config
+      };
+    }
+  ];
+}).config

Consider giving Nix/NixOS a try! <3